第51课 nginx反向代理模块的运用 2019-06-13
2019-06-13 本文已影响0人
苏水的北
第十二周day4 负载均衡.png
一、实验环境搭建:准备web01、web02、lb01三台虚拟机
1、先在web01和web02上面创建nginx主配置文件:
[root@web01 /etc/nginx/conf.d]# cat 01-www.conf
server {
listen 80; //监听端口
server_name www.oldboy.com; //域名
access_log /var/log/nginx/access_www.log main ; //访问日志
root /app/www; //站点目录
location / {
index index.html index.htm; //首页文件
}
}
[root@web01 /etc/nginx/conf.d]# cat 02-blog.conf
server {
listen 80;
server_name blog.oldboy.com;
access_log /var/log/nginx/access_blog.log main;
root /app/blog;
location / {
index index.php index.html index.htm;
}
location ~* \.(php|php5)$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
nginx配置修改完后,重启nginx服务
[root@web01 ~]# systemctl reload nginx
注:web02的文件配置和wen01相同,直接把web01的文件传给web02服务器就行。
2、创建站点目录和首页文件:
[root@web01 /etc/nginx/conf.d]# mkdir -p /app/{www,blog}
[root@web01 /etc/nginx/conf.d]# for n in www blog ; do echo `hostname` $n.oldboy.com >/app/$n/index.html ;done
[root@web01 /etc/nginx/conf.d]# tree /app/
/app/
├── blog
│ └── index.html
└── www
└── index.html
2 directories, 2 files
注:web02的站点目录常见和web01相同。
3、curl命令检查web01、web02访问ip是否能出现首页文件:
查看www.oldboy.com
[root@lb01 ~]# curl -H Host:www.oldboy.com 10.0.0.[7-8]
[1/2]: 10.0.0.7 --> <stdout>
--_curl_--10.0.0.7
web01 www.oldboy.com
[2/2]: 10.0.0.8 --> <stdout>
--_curl_--10.0.0.8
web02 www.oldboy.com
查看blog.oldboy.com
[root@lb01 ~]# curl -H Host:blog.oldboy.com 10.0.0.[7-8]
[1/2]: 10.0.0.7 --> <stdout>
--_curl_--10.0.0.7
web01 blog.oldboy.com
[2/2]: 10.0.0.8 --> <stdout>
--_curl_--10.0.0.8
web02 blog.oldboy.com
二、抓包验证nginx反向代理:
1、先给lb01反向代理服务器搭建环境:
[root@lb01 ~]# cat /etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream web_pools {
server 10.0.0.7:80;
server 10.0.0.8:80;
}
# include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name www.oldboy.com;
location / {
proxy_pass http://web_pools;
}
}
}
2、curl命令验证:查看是否在屏幕循环出现2台web服务器的站点目录www.oldboy.com:
[root@lb01 ~]# for n in {1..1000};do curl 10.0.0.5/index.html ;sleep 1 ;done
web01 www.oldboy.com
web02 www.oldboy.com
web01 www.oldboy.com
web02 www.oldboy.com
web01 www.oldboy.com
web02 www.oldboy.com
web01 www.oldboy.com
web02 www.oldboy.com
web01 www.oldboy.com
web02 www.oldboy.com
web01 www.oldboy.com
3、抓包查看反向代理的2次请求和2次接收:
负载均衡web01和web02的2次请求和2次接收.png
4、反向代理示意图:
负载均衡和反向代理区别.png
三、nginx反向代理服务器处理多个虚拟主机(以及用到模块的含义说明):
1、搭建lb01负载均衡服务器环境:
[root@lb01 ~]# cat /etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream web_pools {
server 10.0.0.7:80 weight=1 max_fails=3 fail_timeout=10s;
server 10.0.0.8:80 weight=1 max_fails=3 fail_timeout=10s;
}
# include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name www.oldboy.com;
location / {
proxy_pass http://web_pools;
}
}
server {
listen 80;
server_name blog.oldboy.com;
location / {
proxy_pass http://web_pools;
}
}
}
2、实验
现象:在浏览器网页中不管输入www.oldboy.com还是blog.oldboy.com后,页面均显示的是www.oldboy.com(conf.d下第一个虚拟主机文件配置信息)
如图:
web01.png
web02.png
原因:1、负载均衡向web服务器发出请求的时候,其实请求头Host域名是池塘名字(web_pools);
2、web_pools(池塘)里面配置的是IP地址,实则就相当于用ip地址访问web客户端服务器,这个时候就默认优先匹配conf.d目录下的第一个server虚拟主机。
解决办法:在负载均衡服务器的nginx配置文件中给blog.oldboy.com虚拟主机模块下面加入:proxy_set_header Host $host(可以解决优先访问第一个虚拟主机模块的问题);
server {
listen 80;
server_name blog.oldboy.com;
location / {
proxy_pass http://web_pools;
proxy_set_header Host $host;
}
}
验证如图:
web01-1.png
web01-2.png
实验结果可以发现,此时访问blog.oldboy.com时,可以显示web01和web02服务器上面的blog.oldboy.com首页文件,不用受默认ip地址访问web客户端服务器,优先匹配conf.d目录下的第一个server虚拟主机的影响。
四、web服务器上面访问日志,如何记录用户ip:
1、搭建lb01负载均衡服务器环境:
[root@lb01 ~]# cat /etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream web_pools {
server 10.0.0.7:80 weight=1 max_fails=3 fail_timeout=10s;
server 10.0.0.8:80 weight=1 max_fails=3 fail_timeout=10s;
}
# include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name www.oldboy.com;
location / {
proxy_pass http://web_pools;
}
}
server {
listen 80;
server_name blog.oldboy.com;
location / {
proxy_pass http://web_pools;
proxy_set_header Host $host;
}
}
}
2、在web01或web02上面查看日志:
[root@web01 app]# tail -f /var/log/nginx/access_blog.log
10.0.0.5 - - [13/Jun/2019:11:44:39 +0800] "GET / HTTP/1.0" 200 23 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "-"
10.0.0.5 - - [13/Jun/2019:11:48:57 +0800] "GET / HTTP/1.0" 200 23 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "-"
10.0.0.5 - - [13/Jun/2019:11:48:58 +0800] "GET / HTTP/1.0" 200 23 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "-"
10.0.0.5 - - [13/Jun/2019:11:49:32 +0800] "GET / HTTP/1.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "-"
10.0.0.5 - - [13/Jun/2019:11:49:33 +0800] "GET / HTTP/1.0" 200 23 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "-"
10.0.0.5 - - [13/Jun/2019:11:56:05 +0800] "GET / HTTP/1.0" 200 23 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "-"
10.0.0.5 - - [13/Jun/2019:11:56:06 +0800] "GET / HTTP/1.0" 200 23 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "-"
10.0.0.5 - - [13/Jun/2019:11:56:06 +0800] "GET / HTTP/1.0" 200 23 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "-"
10.0.0.5 - - [13/Jun/2019:12:01:08 +0800] "GET / HTTP/1.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "-"
10.0.0.5 - - [13/Jun/2019:12:01:09 +0800] "GET / HTTP/1.0" 200 23 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "-"
由上图可以看出,页面访问日志只能显示由10.0.0.5的负载均衡访问,但是并不能显示具体哪个客户端访问的问题。
3、解决可以在日志中查看哪个ip访问的问题:(在nginx配置模块中加入: proxy_set_header X-Forwarded-For $remote_addr;)
# include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name www.oldboy.com;
location /{
proxy_pass http://web_pools;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
server {
listen 80;
server_name blog.oldboy.com;
location /{
proxy_pass http://web_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
4、检测日志,发现可以追寻出ip访问的源头:
[root@web01 app]# tail -f /var/log/nginx/access_blog.log
10.0.0.5 - - [13/Jun/2019:12:11:44 +0800] "GET / HTTP/1.0" 200 23 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "10.0.0.1"
10.0.0.5 - - [13/Jun/2019:12:11:45 +0800] "GET / HTTP/1.0" 200 23 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "10.0.0.1"
10.0.0.5 - - [13/Jun/2019:12:11:44 +0800] "GET / HTTP/1.0" 200 23 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "10.0.0.1"
10.0.0.5 - - [13/Jun/2019:12:11:45 +0800] "GET / HTTP/1.0" 200 23 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "10.0.0.1"
10.0.0.5 - - [13/Jun/2019:12:11:44 +0800] "GET / HTTP/1.0" 200 23 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "10.0.0.1"
10.0.0.5 - - [13/Jun/2019:12:11:45 +0800] "GET / HTTP/1.0" 200 23 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "10.0.0.1"
