反向代理
模块和功能
- ngx_http_proxy_module: 将客户端的请求以http协议转发至指定服务器进行处理。
- ngx_stream_proxy_module:将客户端的请求以tcp协议转发至指定服务器处理。
- ngx_http_fastcgi_module:将客户端对php的请求以fastcgi协议转发至指定服务器助理。
- ngx_http_uwsgi_module:将客户端对Python的请求以uwsgi协议转发至指定服务器处理
逻辑调用关系
生产部署结构
实现http反向代理
访问逻辑图
部署apache服务器
web1
yum install -y httpd
echo "web2 192.168.33.171" > /var/www/html/index.html
systemctl enable --now httpd
web2
yum install -y httpd
echo "web2 192.168.33.149" > /var/www/html/index.html
systemctl enable --now httpd
nginx反向代理参数
Module ngx_http_proxy_module
server {
listen 80;
listen 443 ssl;
ssl_certificate /apps/nginx/certs/www.fxq.com.crt;
ssl_certificate_key /apps/nginx/certs/www.fxq.com.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
server_name www.fxq.com;
location / {
root /data/nginx/html/pc;
index index.html;
}
location = /favicon.ico {
root /data/nginx/html/pc;
}
location /web1{
proxy_pass http://192.168.33.149:80/;带斜线,等于访问后端服务器器的http://http://192.168.33.149:80/index.html 内容返回给客户端
index index.html;
}
location /web2{
proxy_pass http://192.168.33.171:80;不带斜线将访问的/web,等于访问后端服务器http://http://192.168.33.171:80/web/index.html,即后端服务器配置的站点根目录要有web目录才可以被访问
index index.html;}
}
location /web2{
proxy_pass http://192.168.33.171:80/;
index index.html;
proxy_hide_header Etag;
}
}
nginx缓存功能
参数详解
案例
非缓存场景压测
web配置
ab命令使用
参考:https://www.cnblogs.com/niuben/p/18139837
命令格式: ab [选项] [URL]
选项包括:
-n 请求总数:指定要发送的请求数量。
-c 并发数:指定同时发送请求的并发数量。
-t 测试时间:指定测试的时间长度。
-p POST文件:使用POST方法时,指定包含POST数据的文件。
-T POST内容类型:指定POST数据的内容类型。
-k 保持连接:启用HTTP KeepAlive功能,允许单个连接发送多个请求。
-v 显示详细输出:显示每个请求的详细结果。
-i 忽略不可用的输出:在输出中忽略无效的请求。
-x 提供代理服务器信息:使用代理服务器进行测试。
-X 代理认证类型:指定代理服务器的认证类型。
-C 提供Cookie信息:发送Cookie到服务器。
-H 添加请求头:添加自定义的HTTP请求头。
-A 添加认证信息:添加认证信息到请求头中。
-m HTTP方法:指定HTTP方法,如GET、POST等。
-s 超时时间:指定每个请求的超时时间。
-g 生成gnuplot格式的输出:将结果保存为gnuplot格式的文件。
-e 输出CSV格式:将结果保存为CSV格式的文件。
-f HTML输出:将结果保存为HTML格式的文件。
URL:测试的目标URL,[http[s]://]hostname[:port]/path。
Server Software: Apache #服务器软件
Server Hostname: json.im #域名
Server Port: 80 #请求端口号
Document Path: / #文件路径
Document Length: 40888 bytes #页面字节数
Concurrency Level: 10 #请求的并发数
Time taken for tests: 27.300 seconds #总访问时间
Complete requests: 1000 #请求成功数量
Failed requests: 0 #请求失败数量
Write errors: 0
Total transferred: 41054242 bytes #请求总数据大小(包括header头信息)
HTML transferred: 40888000 bytes #html页面实际总字节数
Requests per second: 36.63 [#/sec] (mean) #每秒多少请求,这个是非常重要的参数数值,服务器的吞吐量
Time per request: 272.998 [ms] (mean) #用户平均请求等待时间
Time per request: 27.300 [ms] (mean, across all concurrent requests)
# 服务器平均处理时间,也就是服务器吞吐量的倒数
Transfer rate: 1468.58 [Kbytes/sec] received #每秒获取的数据长度
Connection Times (ms)
min mean[+/-sd] median max
Connect: 43 47 2.4 47 53
Processing: 189 224 40.7 215 895
Waiting: 102 128 38.6 118 794
Total: 233 270 41.3 263 945
Percentage of the requests served within a certain time (ms)
50% 263 #50%用户请求在263ms内返回
66% 271 #66%用户请求在271ms内返回
75% 279 #75%用户请求在279ms内返回
80% 285 #80%用户请求在285ms内返回
90% 303 #90%用户请求在303ms内返回
95% 320 #95%用户请求在320ms内返回
98% 341 #98%用户请求在341ms内返回
99% 373 #99%用户请求在373ms内返回
100% 945 (longest request)
配置缓存设置
vim /apps/nginx/conf/nginx.conf
···
http {
include mime.types;
default_type application/octet-stream;
proxy_cache_path /data/nginx/proxycache levels=1:1:1 keys_zone=proxycache:20m inactive=120s max_size=1g;
···
[root@localhost ~]# cat /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
listen 443 ssl;
ssl_certificate /apps/nginx/certs/www.fxq.com.crt;
ssl_certificate_key /apps/nginx/certs/www.fxq.com.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
server_name www.fxq.com;
location / {
root /data/nginx/html/pc;
index index.html;
}
location = /favicon.ico {
root /data/nginx/html/pc;
}
location /web1{
proxy_pass http://192.168.33.149:80/;
index index.html;
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 1h;
proxy_cache_valid any 3m;
}
location /web2{
proxy_pass http://192.168.33.171:80/;
index index.html;
proxy_hide_header Etag;
}
}
添加头部报文信息
Module ngx_http_headers_module
参数
添加自定义首部
添加自定义响应尾部
案例
location /web1{
proxy_pass http://192.168.33.149:80/;
index index.html;
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 1h;
proxy_cache_valid any 3m;
add_header X-Via $server_addr;
add_header X-Cache $upstream_cache_status; MISS没有命中 HIT命中缓存
add_header X-Accel $server_name;
}
nginx高级反向代理
Nginx可以基ngx_http_upstream_module模块提供服务器分组转发、权重分配、状态监测、调度算法等高级功能
Module ngx_http_upstream_module
参数配置
案例
多台web服务器
权重不一样
upstream webserver {
server 192.168.33.171:80 weight=1 fail_timeout=15s max_fails=3;
server 192.168.33.149:80 weight=2 fail_timeout=15s max_fails=3;
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /apps/nginx/certs/www.fxq.com.crt;
ssl_certificate_key /apps/nginx/certs/www.fxq.com.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
server_name www.fxq.com;
location / {
root /data/nginx/html/pc;
index index.html;
}
location = /favicon.ico {
root /data/nginx/html/pc;
}
location /web {
index index.html;
proxy_pass http://webserver/;
}
}
加入hash KEY consistent
upstream webserver {
server 192.168.33.171:80 weight=1 fail_timeout=15s max_fails=3;
server 192.168.33.149:80 weight=2 fail_timeout=15s max_fails=3;
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /apps/nginx/certs/www.fxq.com.crt;
ssl_certificate_key /apps/nginx/certs/www.fxq.com.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
server_name www.fxq.com;
location / {
root /data/nginx/html/pc;
index index.html;
}
location = /favicon.ico {
root /data/nginx/html/pc;
}
location /web {
index index.html;
proxy_pass http://webserver/;
}
}
加入 ip_hash
upstream webserver {
#hash $request consistent;
ip_hash;
server 192.168.33.171:80 weight=1 fail_timeout=15s max_fails=3;
server 192.168.33.149:80 weight=2 fail_timeout=15s max_fails=3;
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /apps/nginx/certs/www.fxq.com.crt;
ssl_certificate_key /apps/nginx/certs/www.fxq.com.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
server_name www.fxq.com;
location / {
root /data/nginx/html/pc;
index index.html;
}
location = /favicon.ico {
root /data/nginx/html/pc;
}
location /web {
index index.html;
proxy_pass http://webserver/;
}
}
加入least_conn
upstream webserver {
least_conn;
server 192.168.33.171:80 weight=1 fail_timeout=15s max_fails=3;
server 192.168.33.149:80 weight=2 fail_timeout=15s max_fails=3;
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /apps/nginx/certs/www.fxq.com.crt;
ssl_certificate_key /apps/nginx/certs/www.fxq.com.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
server_name www.fxq.com;
location / {
root /data/nginx/html/pc;
index index.html;
}
location = /favicon.ico {
root /data/nginx/html/pc;
}
location /web {
index index.html;
proxy_pass http://webserver/;
}
}
客户端IP透传
nginx
upstream webserver {
server 192.168.33.171:80 weight=1 fail_timeout=15s max_fails=3;
server 192.168.33.149:80 weight=2 fail_timeout=15s max_fails=3;
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /apps/nginx/certs/www.fxq.com.crt;
ssl_certificate_key /apps/nginx/certs/www.fxq.com.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
server_name www.fxq.com;
location / {
root /data/nginx/html/pc;
index index.html;
}
location = /favicon.ico {
root /data/nginx/html/pc;
}
location /web {
index index.html;
proxy_pass http://webserver/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
apache
vim /etc/httpd/conf/httpd.conf
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{X-Forwarded-For}i\"" combined
结果