0
点赞
收藏
分享

微信扫一扫

第十二周-day51-负载均衡服务

云上笔记 2021-09-29 阅读 109
第二阶段-集群架构 笔记框架建设收集

一、准备环境工作

1.配置nginx安装源然后安装

[oot@lb01 ~]# vim /etc/yum.repos.d/nginx.repo 
▽
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

2.修改web01 web02配置文件

[root@web01 /etc/nginx/conf.d]# cat  01-www.conf
server   {
    listen      80;
    server_name  www.oldboy.com;
    access_log  /var/log/nginx/access_www.log  main  ;
    root   /app/www;
    location / {
    index  index.html index.htm;
    }
}
[root@web01 /etc/nginx/conf.d]# cat  02-blog.conf 
server   {
    listen       80;
    server_name  blog.oldboy.com;
    access_log  /var/log/nginx/access_blog.log  main;
    root   /app/blog;
    location / {
    index index.php index.html index.htm;
    }
   location ~* \.(php|php5)$ {
       fastcgi_pass   127.0.0.1:9000;
       fastcgi_index  index.php;
       fastcgi_buffers 16 16k;
       fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
       include        fastcgi_params;
   }
}

3.web01 web02 创建站点目录与首页文件

[root@web01 /etc/nginx/conf.d]# mkdir -p /app/{www,blog}
[root@web01 /etc/nginx/conf.d]# for n  in  www blog  ; do echo  $n.oldboy.com >/app/$n/index.html ;done 
[root@web01 /etc/nginx/conf.d]# tree /app/
/app/
├── blog
│   └── index.html
└── www
    └── index.html

2 directories, 2 files

[root@web02 conf.d]# tree /app
/app
├── blog
│   └── index.html
└── www
    └── index.html

2 directories, 2 files

4.去db01上curl一下

二、编写nginx反向代理服务配置文件(lb01)

[root@lb01 ~]# vim /etc/nginx/nginx.conf 
...
     upstream  web_pools {
     server 10.0.0.7:80;
     server 10.0.0.8:80;
     }
#    include /etc/nginx/conf.d/*.conf;
     server {
     listen 80;
     server_name www.oldboy.com;
     location / {
         proxy_pass http://web_pools;
        }
}
}
[root@lb01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb01 ~]# systemctl restart nginx

2.为web01 web02首页文件追加内容让容易区分

for n  in  www blog  ; do echo  `hostname` $n.oldboy.com >/app/$n/index.html ;done 


[root@web01 conf.d]# cat /app/www/index.html 
web01 www.oldboy.com

[root@web02 conf.d]# cat /app/blog/index.html 
web02 blog.oldboy.com

3.在lb01上curl一下

[root@lb01 ~]# curl 10.0.0.7
web01 www.oldboy.com
[root@lb01 ~]# curl 10.0.0.8
web02 www.oldboy.com
[root@lb01 ~]# 
[root@lb01 ~]# 
[root@lb01 ~]# curl 10.0.0.5
web02 www.oldboy.com
[root@lb01 ~]# curl 10.0.0.5
web01 www.oldboy.com
[root@lb01 ~]# curl 10.0.0.5
web02 www.oldboy.com
[root@lb01 ~]# curl 10.0.0.5
web01 www.oldboy.com

三、抓包

四、upstream模块参数:

五、配置权重

     upstream  web_pools {
     server 10.0.0.7:80 weight=2;
     server 10.0.0.8:80 weight=1;
     }

[root@lb01 ~]# curl 10.0.0.5
web01 www.oldboy.com
[root@lb01 ~]# curl 10.0.0.5
web01 www.oldboy.com
[root@lb01 ~]# curl 10.0.0.5
web02 www.oldboy.com
[root@lb01 ~]# curl 10.0.0.5
web01 www.oldboy.com
[root@lb01 ~]# curl 10.0.0.5
web01 www.oldboy.com
[root@lb01 ~]# curl 10.0.0.5
web02 www.oldboy.com

六、CND加速缓存

七、配置文件中添加server模块的参数(lb01)

weight        权重;
max_fails     健康检查,失败次数;
fail_timeout  多久后在检查一遍

upstream  web_pools {
server 10.0.0.7:80 weight=2 max_fails=3 fail_timeout=10s;
server 10.0.0.8:80 weight=1 max_fails=3 fail_timeout=10s;
}

八、请求访问第二个站点blog.oldboy.com

2.修改 请求头

     server {
     listen 80;
     server_name www.oldboy.com;
     location / {
         proxy_pass http://web_pools;
        }
     }
     server {
     listen 80;
     server_name blog.oldboy.com;
     location / {
         proxy_pass http://web_pools;
         proxy_set_header Host $host;
        }
     }
[root@lb01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb01 ~]# systemctl restart nginx
3.再访问就成功了

九、显示客户端的地址,并记录到日志中

     server {
     listen 80;
     server_name www.oldboy.com;
     location / {
         proxy_pass http://web_pools;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-For $remote_addr;
        }
     }
     server {
     listen 80;
     server_name blog.oldboy.com;
     location / {
         proxy_pass http://web_pools;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-For $remote_addr;
        }
     }

十、添加访问控制

server {
listen 80;
server_name www.oldboy.com;
location / {
   if ($remote_addr ~ "^192.168.22.") {   \\指定禁止访问的网段
   return 403 "别捣乱";  \\定义的是指定网段中,客户访问后返回的内容
   }
   proxy_pass http://web_pools;
   proxy_set_header Host $host;
   proxy_set_header X-Forwarded-For $remote_addr;
}

十一、防火墙规则—iptables

iptables -A INPUT -p tcp -s 192.168.22.0/24 -j DROP

-A:向规则链中添加条目;
-P:定义规则链中的默认目标;
-s:指定要匹配的数据包源ip地址;
-j<目标>:指定要跳转的目标;

未完待续...

举报

相关推荐

冲刺第十二周

git自动构建piplinejenkinsLinux系统/运维

软件工程第十二周

webrtcmysql数据库

第十二周学习作业

mysqlsqlcentosLinux系统/运维

运维小白成长记——第十二周

主从复制mysql读写分离Linux系统/运维

【LeetCode】Day51-打家劫舍 I&II

leetcode算法动态规划

第十二天

c语言数码管最大公因数单片机/工控嵌入式

第十二次作业

java

第十二周 运算符重载阅读程序

对象C++阅读class运算符重载云平台云计算

java第十二次作业

eclipse

web第十二天

前端html
0 条评论