一、ngx_http_proxy_module模块
ngx_http_proxy_module
转发请求至另一台主机
1、proxy_pass URL;
Context:location, if in location, limit_except
注意:proxy_pass后面路径不带uri时,会将location的uri传递(附加)给后端主机
server {
...
server_name HOSTNAME;
location /uri/ {
proxy_pass http://host[:port]; 最后没有/
}
...
}
上面示例:http://HOSTNAME/uri --> http://host/uri
如果上面示例中有 /,即:http://host[:port]/
意味着:http://HOSTNAME/uri --> http://host/ 即置换
proxy_pass后面的路径是一个uri时,其会将location的uri替换为proxy_pass的uri
server {
...
server_name HOSTNAME;
location /uri/ {
proxy_pass http://host/new_uri/;
}
...
}
http://HOSTNAME/uri/ --> http://host/new_uri/
如果location定义其uri时使用了正则表达式的模式,则proxy_pass之后必须不能使用uri; 用户请求时传递的uri将直接附加至后端服务器之后
server {
...
server_name HOSTNAME;
location ~|~* /uri/ {
proxy_pass http://host; 不能加/
}
...
}
http://HOSTNAME/uri/ --> http://host/uri/
#实现Nginx 代理[root@VSserver~]#vim /etc/nginx/conf.d/vhosts.conf server { listen 80; server_name www.a.com; root /data/413/; #如果是代理,这个路径的服务,就失效了 location / { proxy_pass http://172.18.68.103/; #可以增加8080自定的端口号,后端服务器需要修改端口号即可 }}[root@RS1~]#echo Lan server1 > /var/www/html/index.html[root@Router~]#curl www.a.comLan server1[root@Router~]#curl 192.168.1.100Lan server1[root@RS1~]#tail /var/log/httpd/access_log172.18.68.100 - - [17/Mar/2018:14:28:41 +0800] "GET / HTTP/1.0" 200 12 "-" "curl/7.29.0"[root@VSserver~]#cat /var/log/nginx/access.log192.168.1.66 - - [09/Mar/2018:03:39:25 +0800] "GET / HTTP/1.1" 200 12 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2" "-"#如果这时后端服务器停止服务了,就会出现502错误[root@RS1~]#systemctl stop httpd.service [root@Router~]#curl 192.168.1.100502 Bad Gateway
#如果proxy_pass http://host[:port];后面没有 /
[root@VSserver~]#vim /etc/nginx/conf.d/vhosts.conf server { listen 80; server_name www.a.com; location /bbs { proxy_pass http://172.18.68.103; #如果后面没有/ ,相当于在访问172.18.68.103/bbs } #如果加上/ ,就是相当于访问172.18.68.103}[root@Centos6-mini~]#curl www.a.com/bbs404 Not Found [root@RS1~]#tail /var/log/httpd/access_log172.18.68.100 - - [17/Mar/2018:14:47:05 +0800] "GET /bbs HTTP/1.0" 404 201 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2"[root@RS1~]#mkdir /var/www/html/bbs[root@RS1~]#echo /var/www/html/bbs > /var/www/html/bbs/index.html[root@Centos6-mini~]#curl www.a.com/bbs301 Moved Permanently [root@Centos6-mini~]#curl -L www.a.com/bbs/var/www/html/bbs[root@VSserver~]#vim /etc/nginx/conf.d/vhosts.conf server { listen 80; server_name www.a.com; location /bbs { proxy_pass http://172.18.68.103/forum; } }[root@RS1~]#mkdir /var/www/html/forum[root@RS1~]#echo /var/www/html/forum > /var/www/html/forum/index.html [root@Centos6-mini~]#curl -L www.a.com/bbs/var/www/html/forum[root@RS1~]#tail /var/log/httpd/access_log 172.18.68.100 - - [17/Mar/2018:15:07:26 +0800] "GET /forum/ HTTP/1.0" 200 20 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2"
#实验:实现基础的动静分离
#简单的LNMP#先搞定php php-mysql[root@RS1~]#yum install php php-mysql [root@RS1html]#vim index.php$conn = mysql_connect('172.18.68.104','lampuser','centos');if ($conn)echo "OK";elseecho "Failure";#echo mysql_error();mysql_close();phpinfo();?>[root@RS1html]#systemctl restart httpd.service [root@RS2~]#curl -I 172.18.68.103/index.php HTTP/1.1 200 OKDate: Sat, 17 Mar 2018 13:22:03 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16X-Powered-By: PHP/5.4.16Content-Type: text/html; charset=UTF-8#配置Nginx 调度设置[root@VSserver~]#vim /etc/nginx/conf.d/vhosts.conf server { listen 80; server_name www.a.com; root /data/413/; location / { proxy_pass http://172.18.68.104; } location ~* \.php$ { #优先匹配 proxy_pass http://172.18.68.103; }} [root@Router~]#curl -I 172.18.68.100/index.htmlHTTP/1.1 200 OKServer: nginx/1.12.2Date: Fri, 09 Mar 2018 03:03:30 GMTContent-Type: text/html; charset=UTF-8Content-Length: 13Connection: keep-aliveLast-Modified: Fri, 09 Mar 2018 02:08:25 GMTETag: "e044b-d-566f1447c52b6"Accept-Ranges: bytes[root@Router~]#curl -I 172.18.68.100/index.phpHTTP/1.1 200 OKServer: nginx/1.12.2Date: Fri, 09 Mar 2018 03:03:33 GMTContent-Type: text/html; charset=UTF-8Connection: keep-aliveX-Powered-By: PHP/5.4.16[root@RS1~]#tail /var/log/httpd/access_log172.18.68.104 - - [17/Mar/2018:21:22:03 +0800] "HEAD /index.php HTTP/1.1" 200 - "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2"[root@RS2~]#tail /var/log/httpd/access_log 172.18.68.100 - - [09/Mar/2018:10:15:50 +0800] "HEAD /index.html HTTP/1.0" 200 - "-" "curl/7.29.0"
2、proxy_set_header field value;
设定发往后端主机的请求报文的请求首部的值
Context: http, server, location
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #不仅可以记录客户端的地址,也可以追加代理服务器的地址
请求报文的标准格式如下:
X-Forwarded-For: client1, proxy1, proxy2 #可以追加记录多个代理服务器
#实现后端服务器记录客户端ip信息#1在nginx调度端设置[root@VSserver~]#vim /etc/nginx/conf.d/vhosts.conf listen 80; server_name www.a.com; root /data/413/; location / { proxy_pass http://172.18.68.104; proxy_set_header X-Real-IP $remote_addr; } location ~* \.php$ { proxy_pass http://172.18.68.103; }}#2、在服务器端修改日志选项[root@RS1~]#vim /etc/httpd/conf/httpd.conf LogFormat "%{X-Real-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined[root@RS1~]#systemctl reload httpd.service [root@Router~]#curl 172.18.68.100/index.html RS2-html|jpg[root@RS1~]#tail /var/log/httpd/access_log -f172.18.68.104 - - [17/Mar/2018:21:22:03 +0800] "HEAD /index.php HTTP/1.1" 200 - "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2"
3、proxy_cache_path;
定义可用于proxy功能的缓存
Context:http
proxy_cache_path path [levels=levels] [use_temp_path=on|off] keys_zone=name:size [inactive=time] [max_size=size] [manager_files=number] [manager_sleep=time] [manager_threshold=time] [loader_files=number] [loader_sleep=time] [loader_threshold=time] [purger=on|off] [purger_files=number] [purger_sleep=time] [purger_threshold=time];
4、proxy_cache zone | off; 默认off
指明调用的缓存,或关闭缓存机制;Context:http, server, location
5、proxy_cache_key string;
缓存中用于“键”的内容
默认值:proxy_cache_key $scheme$proxy_host$request_uri;
6、proxy_cache_valid [code ...] time;
定义对特定响应码的响应内容的缓存时长
定义在http{...}中
示例:
proxy_cache_valid 200 302 10m;
proxy_cache_valid 404 1m;
示例:
在http配置定义缓存信
proxy_cache_path /var/cache/nginx/proxy_cache
levels=1:1:1 keys_zone=proxycache:20m
inactive=120s max_size=1g;
调用缓存功能,需要定义在相应的配置段,如server{...};
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 1h;
proxy_cache_valid any 1m;
7、proxy_cache_use_stale;
proxy_cache_use_stale error | timeout | invalid_header | updating | http_500 | http_502 | http_503 | http_504 | http_403 | http_404 | off ...
在被代理的后端服务器出现哪种情况下,可以真接使用过期的缓存响应客户端
8、proxy_cache_methods GET | HEAD | POST ...;
对哪些客户端请求方法对应的响应进行缓存,GET和HEAD方法总是被缓存
9、proxy_hide_header field;
默认nginx在响应报文不传递后端服务器的首部字段Date, Server, X-Pad, X-Accel-等,用于隐藏后端服务器特定的响应首部
10、proxy_connect_timeout time;
定义与后端服务器建立连接的超时时长,如超时会出现502错误,默认为60s,一般不建议超出75s,
11、proxy_send_timeout time;
将请求发送给后端服务器的超时时长;默认为60s
12、proxy_read_timeout time;
等待后端服务器发送响应报文的超时时长,默认为60s
#实验:设置代理服务器缓存功能
#只能在http 中设置[root@VSserver~]#vim /etc/nginx/nginx.confhttp { include /etc/nginx/mime.types; default_type application/octet-stream; proxy_cache_path /var/cache/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g;[root@VSserver~]#mkdir /var/cache/nginx/[root@VSserver~]#vim /etc/nginx/conf.d/vhosts.conf server { listen 80; server_name www.a.com; root /data/413/; proxy_cache proxycache; proxy_cache_key $request_url; proxy_cache_valid 200 302 301 1h; proxy_cache_valid any 1m; location / { proxy_pass http://172.18.68.104; proxy_set_header X-Real-IP $remote_addr; } location ~* \.php$ { proxy_pass http://172.18.68.103; }}[root@VSserverproxy_cache]#tree .├──7│ └──fd│ └──7e│ └── 23dcf7c2b96327ee9899fc28a847efd7└──b └──82 └──a4 └── d1546d731a9f30cc80127d57142a482b
二、ngx_http_headers_module模块
向由代理服务器响应给客户端的响应报文添加自定义首部,或修改指定首部的值
1、add_header name value [always];
添加自定义首部
add_header X-Via $server_addr;
add_header X-Cache $upstream_cache_status; #添加缓存是否命中的状态信息
add_header X-Accel $server_name;
2、add_trailer name value [always];
添加自定义响应信息的尾部
[root@VSserverproxy_cache]#vim /etc/nginx/conf.d/vhosts.conf server { listen 80; server_name www.a.com; root /data/413/; proxy_cache proxycache; proxy_cache_key $request_uri; proxy_cache_valid 200 302 301 1h; proxy_cache_valid any 1m; add_header X-Via $server_addr; add_header X-Cache $upstream_cache_status; add_header X-Accel $server_name; location / { proxy_pass http://172.18.68.104; proxy_set_header X-Real-IP $remote_addr; } location ~* \.php$ { proxy_pass http://172.18.68.103; }}[root@Router~]#curl -I www.a.com/index.htmlHTTP/1.1 200 OKServer: nginx/1.12.2Date: Fri, 09 Mar 2018 04:34:35 GMTContent-Type: text/html; charset=UTF-8Content-Length: 13Connection: keep-aliveLast-Modified: Fri, 09 Mar 2018 02:08:25 GMTETag: "e044b-d-566f1447c52b6"X-Via: 192.168.1.100X-Cache: MISSX-Accel: www.a.comAccept-Ranges: bytes[root@Router~]#curl -I www.a.com/index.htmlX-Via: 192.168.1.100X-Cache: HIT #第二次就是命中的状态信息X-Accel: www.a.comAccept-Ranges: bytes
三、ngx_http_fastcgi_module模块
ngx_http_fastcgi_module
转发请求到FastCGI服务器,不支持php模块方式
1、fastcgi_pass address;
address为后端的fastcgi server的地址
可用位置:location, if in location
2、fastcgi_index name;
fastcgi默认的主页资源
示例:fastcgi_index index.php;
[root@FastCgi~]#yum install php-fpm[root@FastCgi~]#vim /etc/php-fpm.d/www.conf listen = 9000#listen.allowed_clients = 127.0.0.1[root@FastCgi~]#ss -ntlState Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:9000 *:* [root@FastCgi~]#mkdir /data/php -pvmkdir: created directory ‘/data’mkdir: created directory ‘/data/php’[root@FastCgi~]#vim /data/php/index.php [root@VSserver~]#vim /etc/nginx/conf.d/vhosts.conf location ~* \.php$ { proxy_pass http://172.18.68.103; }}[root@VSserver~]#ip a2: eth0:mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:14:fe:3c brd ff:ff:ff:ff:ff:ff inet 192.168.1.100/24 brd 192.168.1.255 scope global eth03: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:14:fe:46 brd ff:ff:ff:ff:ff:ff inet 172.18.68.100/16 brd 172.18.255.255 scope global eth1[root@RS1~]#vim /etc/nginx/nginx.conf server { listen 80 default_server; root /data/php/; location / { fastcgi_pass 172.18.68.200:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/php$fastcgi_script_name; include fastcgi_params; } }[root@Client~]#curl -I 192.168.1.100/index.php HTTP/1.1 200 OKServer: nginx/1.12.2Date: Fri, 09 Mar 2018 14:09:42 GMTContent-Type: text/htmlConnection: keep-aliveX-Powered-By: PHP/5.4.16X-Via: 192.168.1.100X-Accel: www.a.com
3、fastcgi_param parameter value [if_not_empty];
设置传递给 FastCGI服务器的参数值,可以是文本,变量或组合
示例1:
1)在后端服务器先配置fpm server和mariadb-server
2)在前端nginx服务上做以下配置:
location ~* \.php$ {
fastcgi_pass #后端fpm服务器IP:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
include fastcgi_params;
…
}
示例2:通过/pm_status和/ping来获取fpm server状态信息
location ~* ^/(status|ping)$ {
include fastcgi_params;
fastcgi_pass #后端fpm服务器IP:9000;
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
}
[root@FastCgi~]#vim /etc/php-fpm.d/www.confpm.status_path = /statusping.path = /ping [root@VSserver~]#vim /etc/nginx/conf.d/vhosts.conf location ~* (\.php)|status|ping$ { proxy_pass http://172.18.68.103; }}[root@RS1~]#vim /etc/nginx/nginx.conf server { listen 80 default_server; root /data/php/; location / { fastcgi_pass 172.18.68.200:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/php$fastcgi_script_name; include fastcgi_params; } location ~* ^/(status|ping)$ { fastcgi_pass 172.18.68.200:9000; fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; include fastcgi_params; } } [root@Client~]#curl 192.168.1.100/statuspool: wwwprocess manager: dynamicstart time: 18/Mar/2018:21:07:39 +0800start since: 517accepted conn: 6listen queue: 0max listen queue: 0listen queue len: 128idle processes: 4active processes: 1total processes: 5max active processes: 1max children reached: 0slow requests: 0[root@Client~]#curl 192.168.1.100/pingpong
4、fastcgi_cache_path
path [levels=levels] [use_temp_path=on|off] keys_zone=name:size [inactive=time] [max_size=size] [manager_files=number] [manager_sleep=time] [manager_threshold=time] [loader_files=number] [loader_sleep=time] [loader_threshold=time] [purger=on|off] [purger_files=number] [purger_sleep=time] [purger_threshold=time];
定义fastcgi的缓存;
path
缓存位置为磁盘上的文件系统
max_size=size
磁盘path路径中用于缓存数据的缓存空间上限
levels=levels:缓存目录的层级数量,以及每一级的目录数量
levels=ONE:TWO:THREE
示例:leves=1:2:2
keys_zone=name:size
k/v映射的内存空间的名称及大小
inactive=time
非活动时长
5、fastcgi_cache zone | off;
调用指定的缓存空间来缓存数据
可用位置:http, server, location
6、fastcgi_cache_key string;
定义用作缓存项的key的字符串
示例:fastcgi_cache_key $request_rui;
7、fastcgi_cache_methods GET | HEAD | POST ...;
为哪些请求方法使用缓存
8、fastcgi_cache_min_uses number;
缓存空间中的缓存项在inactive定义的非活动时间内至少要被访问到此处所指定的次数方可被认作活动项
9、fastcgi_keep_conn on | off;
收到后端服务器响应后,fastcgi服务器是否关闭连接,建议启用长连接
10、fastcgi_cache_valid [code ...] time;
不同的响应码各自的缓存时长
示例:
http {
fastcgi_cache_path /var
/cache/nginx/fcgi_cache levels=1:2:1 keys_zone=fcgicache:20m inactive=120s;
...
server {
location ~* \.php$ {
...
fastcgi_cache fcgicache;
fastcgi_cache_key $request_uri;
fastcgi_cache_valid 200 302 10m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
...
}
}