[toc]

Nginx 常用架构

LB Cluster

1
2
3
4
5
6
7
8
9
10
提升系统容量的方式:
scale up:
scale out:

session保持方法:
session绑定:sh
session复制:
session服务器: memchached redis (key-value,kv store)
对url 做hash 计算后,做为key
对url 对应的内容做为value

I/O:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
同步/异步:被调用者,在收到调用请求后,是否立即返回。还是得到最终结果后才返回; 
阻塞/非阻塞:调用者发起调用之后,在收到响应结果之前,是否会被挂起,被挂起,被称为阻塞,非挂起为非阻塞;
I/O网络编程模型中,常用网络模型有5种;
1、同步阻塞
2、同步非阻塞
3、复用型I/O
4、(Event Driver) 事件驱动
5、异步I/O

libevent: 项目
epoll()
可以对nginx进程对CPU的核心数来进行绑定;
LRU:最近最少缓存条目算法;
平滑升级,平滑故障处理,或者灰度发布;
对于web服务器来说,日志至关重要,需要对日志进行分析;
CacheManager: 缓存的失效,过期检验及清理操作;

Nginx 配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
main, event, http 基于c语言风格;

httpd{
drective
server{
listen
server_name
location{
if {
}
}
}
server {
}
}

nginx 的安装包

1
2
3
4
5
6
7
8
9
10
11
# 这里采用的采用的是阿里云的epel源
# cd /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
enabled=1
failovermethod=priority
baseurl=http://mirrors.cloud.aliyuncs.com/epel/7/$basearch
gpgcheck=0
gpgkey=http://mirrors.cloud.aliyuncs.com/epel/RPM-GPG-KEY-EPEL-7
# yum -y install nginx
# rpm -q --scripts nginx # 查看nginx 的安装前脚本,卸载后脚本;

ngx_http_proxy_module 模块

1
2
3
4
5
6
7
8
9
10
11
12
13
14
server {
listen
server_name
location /{
proxy_pass http://172.16.55.180:80/
proxy_set_header Host $host # 设定请求报文的,Host首部,一般apache基于主机名解析的重要首部信息;
proxy_set_header X-Real-IP $remote_addr;
}
}
# 请求到代理服务器的过程,Ningx把报文拆除,了解请求的内容是什么;
# 于是Nginx需要重新构建请求报文 ,来送到的后端服务器;
# cip(客户端 ip) --> pip(代理ip) --> lip(本地ip) --> uip(后端服务器ip);
http://www.ssjinyao.com
http://mysql.ssjinyao.com
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# 在node1中配置一台httpd服务
# echo "<h1>node1</h1>" > /var/www/html/index.html
# systemctl start httpd
# 在node2中 配置一台httpd 服务
echo "<h1>node2</h1>" > /var/www/html/index.html
# systemctl start httpd

格式:
localtion /uri {
proxy_pass http://back_server:port/newuri;
}
# 这样的配置 uri 将补到newuri的后面
location /uri {
rewrite http://back_server:port/newuri
# proxy_pass http://back_server:port/newuri
}
# 这样的配置 uri 将重写到newuri
/uri --> /newuri
# cd /etc/nginx/conf.d/
# cp defalt.conf{,.bak}
# vim default.conf

server_name www.ssjinyao.com;
location /
{
proxy_ass http://172.16.55.128/;
index index.htm index.html ;
}

# systemctl restart nginx
# tial -f /var/log/nginx/access.log
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# 在node2 apache 端进行编辑
# mkdir /var/www/html/bbs
# echo "<h1> bbs on node2 </h1>" /var/www/html/bbs/index.html

# 对应的在nginx 端

location /bbs/ {
proxy_pass http://172.16.55.128/bbs/;
}
# nginx -t or # sevice nginx configtest
# systemctl rsload nginx

# 或者可以使用forum
location /forum/ {
proxy_cache mycache;
proxy_cache_valid 200 1h;
proxy_cache_valid 301 302 10m;
proxy_cache_valid any 1m;
proxy_cache_use_statle error timeout invalid_header http_500 http_502 http_503 http504; # 什么情况下使用过期缓存
proxy_pass http://172.16.55.128/bbs/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# nginx -t
# systemctl reload nginx

location ~* \.(jpg|png|gif)$ {
proxy_pass http://172.16.55.128;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# nginx -t
# systemctl reload nginx


# 注意 在location 进行正则匹配的模式匹配时
# proxy_pass 加http://172.16.55.128; 这个位置这后什么都不能带的,/ 也不能带的,否则会报语法错误;
# apache 记录客户端请求的日志,向后端发送特定首部;
需要在Logformat中加入 将第一个值 %h 换成%{X-Real-IP}i
# systemctl restart httpd

# 定义proxy缓存
# 在nginx httpd 段中配置cache path;
# vim /etc/nginx/nginx.conf
proxy_cache_path /cache/nginx/ level=1:1:1 keys_zone=mycache:32m;
# mkdir -pv /cache/nginx
# chown -R nginx.nginx /cache/nginx


proxy_connect_timeout: nginx proxy 请求连接到后端连接请求的超时时长;
proxy_hide_header: 设定响应到客户端时需要隐藏的首部信息;‘
proxy_buffers 8k; 指定缓冲大小

upstream(负载均衡) 模块

upstream 模块只能使用在http段中

例子

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# 注 启用负载均衡时要把缓存关了
upstream backend {
server www.ssjinyao.com weight=5
server 127.0.0.1:8080 max_fails=3 fail_timeout=30s;
server unix:/tmp/backend3;
server backup1.ssjinyao.com backup;
}

upstream upservers {
ip hash;
server 172.16.55.127 max_fail=2 fail_timeout=2 # 自带健康状态检测功能;
# server 172.16.55.128 weight=2;
server 172.16.55.129 bakup;
}

server_name www.ssjinyao.com;

location / {
proxy_pass http://upservers/;
}

# nginx -t
# systemctl reload nginx

SNAT模式的大量的Client

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
基于sticky实现session绑定:
cookie 而我们一般常用的是基于cookie的绑定;
route
learn() 需要Nginx 在 1.8 版本以上;

example:

upstream backend {
server backend1.example.com;
server backend2.example.com;

sticky cookie srv_id expires=1h domain=.example.com path=/;
}

least_conn:调度方法,最少连接;

upstream memcached_backend {
server 127.0.0.1:11211;
server 172.16.55.121:11211;

keepavlie 32;
}

server {
...
location /memcached/ {
set $memcached_key $uri;
memcached_pass memcached_backend;
}
}

location / {
proxy_pass http://backend;
health_check;
}
helth_check; 即健康状态检查;
建议: 关闭访问日志;

http {
server {
...
location / {
proxy_pass http://backend;
health_check match=welcome; # 做字符串匹配;
}
}

metch welcome {
status 200;
header Content-Type = text/html;
body ~ "Welcome to nginx";
}
}

Nginx 自定义首部给客户端

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

# 代理服务器响应给客户端时,如何自定义响应首部;
listen 443;
server_name www.ssjinyao.com;
add_header SSJinYao-Server 'Next-SSJinYao';
add_header SSJinYao-IP $server_addr;
add_header X-Cache $upstream_cache_status;
add_header Name 'ssjinyao';

# curl -I https://www.ssjinyao.com # 定义完响应首部后,进行验证;
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Apr 2018 07:24:37 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 39777
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 19 Apr 2018 09:14:18 GMT
ETag: "9b61-56a2fff0c14a1"
SSJinYao-Server: Next-SSJinYao
SSJinYao-IP: 172.31.253.156
X-Cache: HIT
Name: ssjinyao
Accept-Ranges: bytes

fast-cgi 使用

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
LNMP
# yum -y install php-fpm
# rpm -ql php-fpm
# vim /etc/php-fpm.d/www.conf
# systemctl start php-fpm
# vim /etc/nginx.conf.d/default.conf

location / {
root /usr/share/nginx/html;
index index.php index.html index.htm;
}

location ~\.php$ {
fastcgi_cache fcgicache;
fastcgi_cache_valid 200 10m;
fastcgi_cache_valid 302 3m;
fastcgi_cache_valid any 1m;
root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index indexphp;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi-script_naame;
indclude fastcgi_paramgs;
}
# systemctl restart nginx
# 若调用fastcgi 失败
# 编辑/etc/nginx/fastcgi_params,将其内容更改为如下内容:
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# nginx -s reload
# yum -y install php-mysql mariadb maraidb-server
# cd /usr/share/nginx/html
# vim index.php
<?php
$conn = mysql_connect('127.0.0.1','root','');
if ($conn)
echo succ
else
echo fail;
mysql_close();
?>
# 当LNMP 环境跑起来时,可以通匹配反像代理来实现动静分离;
(1) root为同一路径;
(2) root为不同路径;
location \.php${
root /web/app/wp;
}
location / {
root /web/htdocs;
}

(3) fpm server 为另一主机 ;

location \.php${
fastcgi_pass fastcgi://172.16.55.129:9000;
}
location / {
root /web/htdocs;
}
# 注: 如果动态内容能过缓存来进行加速的话,加速效果是非常明显示的;

评论