CentOS nginx实现七层负载

Nginx实现七层负载均衡为什么要使用负载均衡解决web服务器的单点故障，让web服务器做成一个集群将请求平均下发给后端的web服务器

负载均衡的叫法LB：Load BalanceSLB：Server Load Balance公有云中的叫法阿里云：SLB腾讯云：CLB青云：QLB(LB)ucloud：ULBAWS：ELB负载均衡产品软件NginxHAproxyLVS硬件F5四层负载均衡和七层负载均衡的区别一个是四层：传输层；一个是七层：应用层四层传输速度要比七层快四层无法识别域名，七层可以识别域名负载均衡实现场景

Nginx要实现负载均衡需要用到proxy_pass代理模块配置

Nginx负载均衡与Nginx代理不同地方在于，Nginx的一个location仅能代理一台服务器，而Nginx负载均衡则是将客户端请求代理转发至一组upstream虚拟服务池

负载均衡配置语法Syntax:upstream name { … }Default:—Context:httpupstream name { server xxx;server xxx;}官方案例配置## upstream模块配置模块名 后端主机池：名字（根据网站域名来起名）upstream backend { server backend1.example.com weight=5; server backend2.example.com:8080; server unix:/tmp/backend3; server backup1.example.com:8080 backup; server backup2.example.com:8080 backup;}server { location / { proxy_pass http://backend; }}配置负载均衡环境准备主机名WanIPLanIP角色应用

lb0110.0.0.5172.16.1.5负载均衡nginxweb0110.0.0.7172.16.1.7web网站nginx、phpweb0210.0.0.8172.16.1.8web网站nginx、php

编辑nginx配置文件## 1.先把之前的配置文件打包[root@web01 conf.d]# gzip *.conf[root@web02 conf.d]# gzip *.conf[root@lb01 conf.d]# gzip *.conf## 2.重新编写配置文件[root@web01 conf.d]# vim lb.zls.com.confserver{listen 9999;server_name lb.zls.com;root /code/lb;index index.html;}[root@web02 conf.d]# vim lb.zls.com.confserver{listen 9999;server_name lb.zls.com;root /code/lb;index index.html;}## 3.创建目录[root@web01 ~]# mkdir -p /code/lb[root@web02 ~]# mkdir -p /code/lb## 4.编写网站主页[root@web01 ~]# echo ‘web01’ > /code/lb/index.html[root@web02 ~]# echo ‘web02’ > /code/lb/index.html## 5.检测nginx语法是否正确[root@web01 conf.d]# nginx -tnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful[root@web02 conf.d]# nginx -tnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful## 6.重启nginx[root@web01 ~]# systemctl restart nginx[root@web02 ~]# systemctl restart nginx## 7.域名解析10.0.0.7 lb.zls.com10.0.0.8 lb.zls.com

配置负载均衡[root@lb01 conf.d]# vim lb.zls.com.confupstream lb.zls.com{server 172.16.1.7:9999;server 172.16.1.8:9999;}server {listen 80;server_name lb.zls.com;location /{proxy_pass http://lb.zls.com;include proxy_wsh;}}## 域名解析10.0.0.5 lb.zls.com#10.0.0.7 lb.zls.com#10.0.0.8 lb.zls.com

负载均衡常见典型故障

如果后台服务连接超时，Nginx是本身有机制的，如果出现一个节点down掉的时候，nginx会根据你具体负载均衡的设置，将请求转移到其他的节点上，但是，如果后台服务连接没有down掉，但是返回错误异常码如：504、502、500，这个时候需要加一个负载均衡的设置，如下：proxy_next_upstream http_504 http502 http500；这些意思是，当其中一台返回错误504、502…等错误时，可以分配到下一台服务器程序继续处理，提高平台访问成功率。

## 解决方案### 遇到如下状态码的机器，跳过请求的下发，直接下发到其他正常的服务器proxy_next_upstream error timeout http_500 http_502 http_503 http_504;upstream lb.zls.com { server 172.16.1.7:9999; server 172.16.1.8:9999; server 172.16.1.9:9999;}server { listen 80; server_name lb.zls.com; location /{ proxy_pass http://lb.zls.com; proxy_next_upstream error timeout http_500 http_502 http_503 http_504; include proxy_params; }}负载均衡调度算法调度算法概述

轮询(rr)nginx做负载均衡默认使用轮询调度算法：将请求平均下发到后端的web服务器加权轮询(wrr)增加权重，根据服务器的配置，给轮询加上权重源IP(ip_hash)根据用户的IP，将同一IP地址的请求，下发到同一台服务器上源url(url_hash)根据用户访问的URL，将同一URL的请求，下发到同一台服务器上最小连接数(least_conn)哪台服务器的连接数最少，就将请求下发到该服务器上

调度算法配置## 1.加权轮询upstream lb.zls.com { server 172.16.1.7:9999 weight=5; server 172.16.1.8:9999; server 172.16.1.9:9999;}server { listen 80; server_name lb.zls.com; location /{ proxy_pass http://lb.zls.com; include proxy_wsh; }}# 2.ip_hashupstream lb.zls.com { ip_hash; server 172.16.1.7:9999; server 172.16.1.8:9999; server 172.16.1.9:9999;}server { listen 80; server_name lb.zls.com; location /{ proxy_pass http://lb.zls.com; include proxy_wsh; }}负载均衡后端状态## 1.down状态:只是负载均衡不对该标识的服务器下发请求,后端的服务器并没有宕机upstream lb.zls.com { server 172.16.1.7:9999; server 172.16.1.8:9999 down; server 172.16.1.9:9999;}server { listen 80; server_name lb.zls.com; location /{ proxy_pass http://lb.zls.com; include proxy_wsh; }}## 2.backup状态:备份,当前其他没有backup标识机器都宕机时,才会给该服务器下发请求upstream lb.zls.com { server 172.16.1.7:9999; server 172.16.1.8:9999 backup; server 172.16.1.9:9999;}server { listen 80; server_name lb.zls.com; location /{ proxy_pass http://lb.zls.com; include proxy_wsh; }}## 3.额外参数max_fails:负载均衡访问后端,最大错误次数,到该指定次数后,不给该服务器发送请求fail_timeout:配合max_fails使用,规定不发请求的时间段[root@lb01 ~]# vim /etc/nginx/conf.d/lb.zls.com.conf upstream lb.zls.com { server 172.16.1.7:9999 max_fails=3 fail_timeout=10s; server 172.16.1.8:9999 max_fails=3 fail_timeout=10s; server 172.16.1.9:9999 max_fails=3 fail_timeout=10s;}server { listen 80; server_name lb.zls.com; location /{ proxy_pass http://lb.zls.com; include proxy_params; }}## 4.max_conn:限制该后端web服务器最大连接数为1024个upstream lb.zls.com { server 172.16.1.7:9999 max_fails=3 fail_timeout=10s; server 172.16.1.8:9999 max_fails=3 fail_timeout=10s; server 172.16.1.9:9999 max_fails=3 fail_timeout=10s max_conns=1024;}server { listen 80; server_name lb.zls.com; location /{ proxy_pass http://lb.zls.com; include proxy_wsh; }}nginx负载均衡健康检查模块

**作用：**为了检测后端web的健康状态

**项目地址：**https://github.com/yaoweibin/nginx_upstream_check_module

# 1.停掉yum安装的nginx[root@lb01 ~]# systemctl stop nginx## 2.下载nginx源码包[root@lb01 ~]# wget https://nginx.org/download/nginx-1.22.0.tar.gz## 3.下载nginx健康检查第三方模块[root@lb01 ~]# wget https://github.com/yaoweibin/nginx_upstream_check_module/archive/master.zip## 4.解压nginx源码包和第三方模块包[root@lb01 ~]# mkdir /app[root@lb01 ~]# tar xf nginx-1.22.0.tar.gz[root@lb01 ~]# unzip master.zip## 5.打补丁[root@lb01 ~]# cd nginx-1.22.0/[root@lb01 nginx-1.22.0]# patch -p1 </root/nginx_upstream_check_module-master/check_1.20.1+.patch## 6.生成[root@lb01 nginx-1.22.0]# ./configure –prefix=/app/nginx-1.22.0 –with-compat –with-file-aio –with-threads –with-http_addition_module –with-http_auth_request_module –with-http_dav_module –with-http_flv_module –with-http_gunzip_module –with-http_gzip_static_module –with-http_mp4_module –with-http_random_index_module –with-http_realip_module –with-http_secure_link_module –with-http_slice_module –with-http_ssl_module –with-http_stub_status_module –with-http_sub_module –with-http_v2_module –with-mail –with-mail_ssl_module –with-stream –with-stream_realip_module –with-stream_ssl_module –with-stream_ssl_preread_module –with-cc-opt=’-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong –param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC’ –with-ld-opt=’-Wl,-z,relro -Wl,-z,now -pie’ –add-module=/root/nginx_upstream_check_module-master# 如出现报错，安装依赖## 7.安装依赖[root@lb01 nginx-1.22.0]# yum install -y pcre-devel openssl-devel## 8.再次生成[root@lb01 nginx-1.22.0]# ./configure –prefix=/app/nginx-1.22.0 –with-compat –with-file-aio –with-threads –with-http_addition_module –with-http_auth_request_module –with-http_dav_module –with-http_flv_module –with-http_gunzip_module –with-http_gzip_static_module –with-http_mp4_module –with-http_random_index_module –with-http_realip_module –with-http_secure_link_module –with-http_slice_module –with-http_ssl_module –with-http_stub_status_module –with-http_sub_module –with-http_v2_module –with-mail –with-mail_ssl_module –with-stream –with-stream_realip_module –with-stream_ssl_module –with-stream_ssl_preread_module –with-cc-opt=’-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong –param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC’ –with-ld-opt=’-Wl,-z,relro -Wl,-z,now -pie’ –add-module=/root/nginx_upstream_check_module-master## 9.编译 && 安装[root@lb01 nginx-1.22.0]# make && make install## 10.nginx主配置文件，添加conf.d[root@lb01 conf]# vim /app/nginx-1.22.0/conf/nginx.conf#user nobody;worker_processes 1;#error_log logs/error.log;#error_log logs/error.log notice;#error_log logs/error.log info;#pid logs/nginx.pid;events { worker_connections 1024;}http { include mime.types; default_type application/octet-stream; #log_format main ‘$remote_addr – $remote_user [$time_local] "$request" ‘ # ‘$status $body_bytes_sent "$http_referer" ‘ # ‘"$http_user_agent" "$http_x_forwarded_for"’; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; include /app/nginx-1.22.0/conf/conf.d/*.conf;}## 11.创建虚拟主机配置文件存放目录[root@lb01 conf]# mkdir /app/nginx-1.22.0/conf/conf.d## 12.编写负载均衡配置文件，添加location[root@lb01 conf]# vim /app/nginx-1.22.0/conf/conf.d/lb.zls.com.confupstream lb.zls.com { server 172.16.1.7:9999 max_fails=3 fail_timeout=10s; server 172.16.1.8:9999 max_fails=3 fail_timeout=10s; server 172.16.1.9:9999 max_fails=3 fail_timeout=10s max_conns=1024; check interval=3000 rise=2 fall=3 timeout=1000 type=tcp; #interval 检测间隔时间，单位为毫秒 #rise 表示请求2次正常，标记此后端的状态为up #fall 表示请求3次失败，标记此后端的状态为down #type 类型为tcp #timeout 超时时间，单位为毫秒}server { listen 80; server_name lb.zls.com; location /{ proxy_pass http://lb.zls.com; include proxy_params; } location /check_www{ check_status; }}## 13.语法检测[root@lb01 conf]# /app/nginx-1.22.0/sbin/nginx -t## 14.启动nginx[root@lb01 conf]# /app/nginx-1.22.0/sbin/nginx

会话共享会话保持相关信息存储cookie前端开发人员将用户登录的信息，保存到浏览器中(开发者工具->Application->Cookies)如果仅将用户的登录信息记录在Cookie中，随时可以在浏览器中篡改session后端开发人员，将用户登录信息记录在 服务器上(共享存储，某一个文件夹下的某个文件、数据库中、缓存数据库中….)，session是对cookie做的加密，保存在服务器上部署phpMyadmin环境准备主机名WanIPLanIP角色应用

lb0110.0.0.5172.16.1.5负载均衡nginxweb0110.0.0.7172.16.1.7phpmyadmin网站nginx、phpweb0210.0.0.8172.16.1.8phpmyadmin网站nginx、phpdb0110.0.0.51172.16.1.51数据库MariaDB

部署## 1.下载phpmyadmin代码[root@web01 code]# wget http://test.driverzeng.com/Nginx_Code/phpMyAdmin-4.9.0.1-all-languages.zip## 2.解压代码[root@web01 code]# unzip phpMyAdmin-4.9.0.1-all-languages.zip## 3.将解压后的文件改名[root@web01 code]# mv /php/phpMyAdmin-4.9.0.1-all-languages phpmyadmin## 4.添加nginx虚拟主机配置文件[root@web01 code]# vim /etc/nginx/conf.d/php.zls.com.confserver{ listen 80; server_name php.zls.com; root /code/phpmyadmin; index index.php index.html; location ~ \.php$ { fastcgi_pass unix:/dev/shm/php.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; }}[root@web02 code]# vim /etc/nginx/conf.d/php.zls.com.confserver{ listen 80; server_name php.zls.com; root /code/phpmyadmin; index index.php index.html; location ~ \.php$ { fastcgi_pass unix:/dev/shm/php.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; }}## 5.修改代码连接数据库的配置文件将站点目录下的案例配置文件改名[root@web01 phpmyadmin]# cp config.sample.inc.php config.inc.php[root@web01 phpmyadmin]# vim config.inc.php将第31行的localhost改成自己数据库的ip地址$cfg[‘Servers’][$i][‘host’] = ‘172.16.1.51’;## 6.web01上的代码发送到web02站点目录下[root@web01 phpmyadmin]# scp -r /code/phpmyadmin 172.16.1.8:/code/## 7.授权session的目录[root@web01 phpmyadmin]# chown www.www /var/lib/php/session/[root@web02 phpmyadmin]# chown www.www /var/lib/php/session/## 8.nginx重启[root@web01 phpmyadmin]# systemctl restart nginx[root@web02 phpmyadmin]# systemctl restart nginx

使用数据库的用户名和密码登录：之前的wordpress用户名和密码就可以使用

制作session共享## 1.在db01上安装redis数据库[root@db01 ~]# yum install -y redis## 注意:rdis端口是6379## 2.修改redis配置文件[root@db01 ~]# vim /etc/redis.conf在# bind 192.168.1.100 10.0.0.1,# bind 127.0.0.1 ::1后面添加bind 0.0.0.0## 3.启动服务[root@db01 ~]# systemctl start redis## 4.修改php程序配置文件[root@web01 phpmyadmin]# vim /etc/php.ini将 session.save_handler = files 改成 session.save_handler = redis在 ;session.save_path = "/tmp" 下面一行添加 session.save_path = "tcp://172.21.16.1.51:6379"将 session.auto_start = 0 改成 session.auto_start = 1## 5.修改php启动程序配置文件[root@web01 phpmyadmin]# vim /etc/php-fpm.d/www.conf将;php_value[session.save_handler] = files;php_value[session.save_path] = /var/lib/php/session这两行注释掉## 6.重启php[root@web01 phpmyadmin]# systemctl restart php-fpm## 7.将改好的配置文件拷贝到web02[root@web01 phpmyadmin]# scp /etc/php.ini 172.16.1.8:/etc/[root@web01 phpmyadmin]# scp /etc/php-fpm.d/www.conf 172.16.1.8:/etc/php-fpm.d/## 8.重启web02上的php[root@web02 phpmyadmin]# systemctl restart php-fpm## 9.登录可以用之前创建好的数据库账号密码登录

【文章转自迪拜服务器 dibai.html处的文章,转载请说明出处】这个社会是存在不公平的，不要抱怨，因为没有用！人总是在反省中进步的！