Nginx forward and reverse proxy and load balancing functions configuration code example

Nginx forward and reverse proxy and load balancing functions configuration code example

This article mainly introduces the configuration code examples of Nginx forward and reverse proxy and load balancing functions. The example code is introduced in great detail in this article, which has a certain reference value for everyone's study or work. Friends in need can refer to it.

System environment:

VirtualBox Manager

Centos6.4

nginx1.10.0

Machine name corresponding to IP:

IP Machine Name Role Name

10.0.0.139 [elk] client

10.0.0.136 [lvs-master] nginx server

10.0.0.137 [kvm] web server 1

10.0.0.111 [lvs-backup] web server 2

1. Forward Proxy

1.1 Environment Introduction

1.2 Configuration Introduction

Nginx server: (Intranet address: 10.0.0.136, External network address: 172.16.27.64)

Use VirtualBox Manager to virtualize dual network cards.

[root@lvs-master conf.d]# ifconfig 
eth0 Link encap:Ethernet HWaddr 08:00:27:30:56:99 
     inet addr:10.0.0.136 Bcast:10.255.255.255 Mask:255.0.0.0 
     inet6 addr: fe80::a00:27ff:fe30:5699/64 Scope:Link 
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 
     RX packets:891978 errors:0 dropped:0 overruns:0 frame:0 
     TX packets:9509 errors:0 dropped:0 overruns:0 carrier:0 
     collisions:0 txqueuelen:1000 
     RX bytes:81841095 (78.0 MiB) TX bytes:13339058 (12.7 MiB) 
 
eth1 Link encap:Ethernet HWaddr 08:00:27:55:4C:72 
     inet addr:172.16.27.64 Bcast:172.16.27.255 Mask:255.255.255.0 
     inet6 addr: fe80::a00:27ff:fe55:4c72/64 Scope:Link 
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 
     RX packets:913671 errors:0 dropped:0 overruns:0 frame:0 
     TX packets:22712 errors:0 dropped:0 overruns:0 carrier:0 
     collisions:0 txqueuelen:1000 
     RX bytes:109369858 (104.3 MiB) TX bytes:1903855 (1.8 MiB) 
 
lo Link encap:Local Loopback 
     inet addr:127.0.0.1 Mask:255.0.0.0 
     inet6 addr: ::1/128 Scope:Host 
     UP LOOPBACK RUNNING MTU:16436 Metric:1 
     RX packets:36222 errors:0 dropped:0 overruns:0 frame:0 
     TX packets:36222 errors:0 dropped:0 overruns:0 carrier:0 
     collisions:0 txqueuelen:0 
     RX bytes:3899937 (3.7 MiB) TX bytes:3899937 (3.7 MiB)
[root@lvs-master conf.d]# cat zxproxy.conf 
server { 
  listen 80; #Listening port server_name 10.0.0.136; #Server content address, which needs network communication with client resolver 172.16.5.1; #DNS, this is DNS, access to external network location / { 
      proxy_pass http://$http_host$request_uri; #$http_host and $request_uri are nginx system variables, no need to replace, keep them as they are}

Nginx client:

There is only one intranet network card, and the internet is accessed by accessing the Nginx server. In fact, the common names such as "climbing the wall" and "zombie chicken" are based on this principle.

[root@kvm ~]# ifconfig 
eth0 Link encap:Ethernet HWaddr 08:00:27:72:8C:3B 
     inet addr:10.0.0.137 Bcast:10.255.255.255 Mask:255.0.0.0 
     inet6 addr: fe80::a00:27ff:fe72:8c3b/64 Scope:Link 
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 
     RX packets:1462448 errors:0 dropped:0 overruns:0 frame:0 
     TX packets:21130 errors:0 dropped:0 overruns:0 carrier:0 
     collisions:0 txqueuelen:1000 
     RX bytes:145119904 (138.3 MiB) TX bytes:2814635 (2.6 MiB) 
 
lo Link encap:Local Loopback 
     inet addr:127.0.0.1 Mask:255.0.0.0 
     inet6 addr: ::1/128 Scope:Host 
     UP LOOPBACK RUNNING MTU:16436 Metric:1 
     RX packets:60800 errors:0 dropped:0 overruns:0 frame:0 
     TX packets:60800 errors:0 dropped:0 overruns:0 carrier:0 
     collisions:0 txqueuelen:0 
     RX bytes:4831102 (4.6 MiB) TX bytes:4831102 (4.6 MiB) 
 
[root@kvm ~]# wget www.baidu.com 
--2016-06-08 13:02:08-- http://www.baidu.com/ 
Resolving host www.baidu.com... Failed: Domain name resolution temporarily failed. #Unable to access Baidu wget: Unable to resolve the host address "www.baidu.com" 
 
[root@kvm ~]# export http_proxy=http://10.0.0.136:80 #Set environment variables, specify the proxy server's IP and port [root@kvm ~]# wget www.baidu.com #Can successfully access Baidu--2016-06-08 13:08:15-- http://www.baidu.com/ 
Connecting to 10.0.0.136:80... Connected. 
Proxy request has been sent, waiting for response... 200 OK 
Length: Unspecified [text/html] 
Saving to: "index.html.1" 
 
  [ <=> ] 99,762 --.-K/s in 0.07s 
 
2016-06-08 13:08:16 (1.36 MB/s) - "index.html.1" saved [99762]

2. Reverse Proxy

Introduction article with forward proxy

2.1 Environment Introduction

1. Let's take a look at the test page:

[root@kvm ~]# yum install httpd 
[root@kvm ~]# echo "<html>10.0.0.137</html>" > /var/www/html/index.html 
[root@lvs-backup ~]# yum install httpd 
[root@lvs-backup~]# echo "<html>10.0.0.111</html>" > /var/www/html/index.html

2. Look at the effect:

[root@lvs-backup html]# curl 10.0.0.111 
<html> 
10.0.0.111 
</html> 
[root@lvs-backup html]# curl 10.0.0.137 
<html> 
10.0.0.137 
</html>  
##All successful, let's proceed to the next step.

2.2 Configuration Introduction

[root@lvs-master conf.d]# ls #Configuration file zxproxy.conf in the nginx directory 
[root@lvs-master conf.d]# cp zxproxy.conf fxproxy.conf #Make a copy. It was a forward proxy before, but now it is a reverse proxy [root@lvs-master conf.d]# mv zxproxy.conf zxproxy.conf.bak
[root@lvs-master conf.d]# cat fxproxy.conf  
server { 
  listen 80; 
  server_name 10.0.0.136; #According to the environment introduction, nginx server ip 
 
  location / { 
      proxy_pass http://10.0.0.137; #The server IP being proxied 
        } 
 
#proxy_pass: proxy_pass URL 
#Default value: NO 
#Use fields: location, if field in location #This parameter sets the address of the proxied server and the mapped URL. The address can be a host name, domain name, IP plus port mode, such as: 
#proxy_pass http://192.168.1.6:8099/linuxtone/; 
 
[root@lvs-master conf.d]# service nginx restart #Restart and load configuration

Look at the results:

#First log in to the clinet machine in the experimental environment, the ip is as follows: 
[root@elk ~]# ifconfig              
eth0 Link encap:Ethernet HWaddr 08:00:27:3D:40:40 
     inet addr:10.0.0.139 Bcast:10.255.255.255 Mask:255.0.0.0 
     inet6 addr: fe80::a00:27ff:fe3d:4040/64 Scope:Link 
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 
     RX packets:2618345 errors:0 dropped:0 overruns:0 frame:0 
     TX packets:247926 errors:0 dropped:0 overruns:0 carrier:0 
     collisions:0 txqueuelen:1000 
     RX bytes:336182790 (320.6 MiB) TX bytes:35145157 (33.5 MiB) 
 
lo Link encap:Local Loopback 
     inet addr:127.0.0.1 Mask:255.0.0.0 
     inet6 addr: ::1/128 Scope:Host 
     UP LOOPBACK RUNNING MTU:16436 Metric:1 
     RX packets:177352 errors:0 dropped:0 overruns:0 frame:0 
     TX packets:177352 errors:0 dropped:0 overruns:0 carrier:0 
     collisions:0 txqueuelen:0 
     RX bytes:26547640 (25.3 MiB) TX bytes:26547640 (25.3 MiB) 
 
[root@elk ~]# curl 10.0.0.136 #Access the reverse proxy server <html> 
10.0.0.137          
</html> 
#We can see that the proxy server is accessed and the result is forwarded to web server1. 
 
#Next, let's look at the logs of nginx-server and web-server1 respectively: 
nginx-server: 
[root@lvs-master ~]# tail /var/log/nginx/access.log 
10.0.0.139- - [08/Jun/2016:15:35:43 +0800] "GET / HTTP/1.1" 200 26 "-" "curl/7.19.7  
(x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2" "-" 
 
web-server: 
[root@kvm httpd]# tail /var/log/httpd/access_log 
10.0.0.136 - - [08/Jun/2016:15:21:12 +0800] "GET / HTTP/1.0" 200 26 "-" "curl/7.19.7  
(x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 
 
##We see the nginx log on nginx-server, showing that the accessed user is 10.0.0.139, which is the clinet in our environment. 
#The IP displayed on the web-server is 10.0.0.136, which is nginx-server. 
#To put it simply, reverse proxy means that nginx-server is the real server for customers. In fact, when users access nginx-server, the request will be forwarded to #web-server1, and then web-server1 will send the result of the request to nginx-server, and then ngin small-server will forward the result of the request to the user. 
 
#On the web-server, all you see are the proxy IPs. Can you also see the real user IPs? 
 
[root@lvs-master conf.d]# cat fxproxy.conf         
server { 
  listen 80; 
  server_name 10.0.0.136; #According to the environment introduction, nginx server ip 
 
  location / { 
      proxy_pass http://10.0.0.137; #The server IP being proxied 
      proxy_set_header X-Real-IP $remote_addr; #This line is added}
[root@lvs-master conf.d]# service nginx restart 
[root@kvm ~]# tail /var/log/httpd/access_log 
10.0.0.136 - - [08/Jun/2016:16:10:53 +0800] "GET / HTTP/1.0" 200 26 "-" "curl/7.19.7 
(x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 
 
#After the change, the proxy server's IP address is still displayed. Let's modify the configuration on the web-server [root@kvm ~]# vim /etc/httpd/conf/httpd.conf 
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 
LogFormat "%h %l %u %t \"%r\" %>s %b" common 
LogFormat "%{Referer}i -> %U" referer 
LogFormat "%{User-agent}i" agent 
 
#Modified to: (%h refers to the host being accessed, now it is changed to the real host IP being accessed) 
LogFormat "%{X-Real-IP}i</span> %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 
LogFormat "%h %l %u %t \"%r\" %>s %b" common 
LogFormat "%{Referer}i -> %U" referer 
LogFormat "%{User-agent}i" agent
[root@kvm ~]# service httpd restart 
Stopping httpd: [ OK ] 
Starting httpd: [ OK ] 
 
[root@kvm ~]# tail /var/log/httpd/access_log 
10.0.0.136 - - [08/Jun/2016:16:10:53 +0800] "GET / HTTP/1.0" 200 26 "-" "curl/7.19.7 
(x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 
<span style="color:#FF0000;">10.0.0.139</span> - - [08/Jun/2016:16:16:01 +0800] "GET / HTTP/1.0" 200 26 "-" "curl/7.19.7 
(x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 
#It has become the real access address

Proxy multiple web servers:

[root@lvs-master conf.d]# cat fxproxy.conf 
server { 
  listen 80; 
  server_name 10.0.0.136; 
 
  location / { 
      proxy_pass http://10.0.0.137; 
      proxy_set_header X-Real-IP $remote_addr; 
        } 
  location /web2 { #Add another location 
      proxy_pass http://10.0.0.111; 
      proxy_set_header X-Real-IP $remote_addr;   
        } 
 
[root@lvs-backup ~]# cd /var/www/html/ #Enter the web-server2 at 10.0.0.111 
[root@lvs-backup html]# mkdir web 
[root@lvs-backup html]# echo "<html>10.0.0.111</html>" > index.html 
# Let's try accessing it on the client: 
[root@elk ~]# curl 10.0.0.136/web2/ 
<html> 
10.0.0.111 
</html> 
#Access successful

3. Load Balancing

There are many ways to implement load balancing. The commonly used LVS is a four-layer load balancing, and nginx is a seven-layer load balancing. You can search for relevant information online.

3.1 Environment Introduction

3.2 Configuration Introduction

1. upstream is the HTTP Upstream module of Nginx. This module uses a simple scheduling algorithm to achieve load balancing from client IP to backend server. In the above settings, a load balancer name 1.2.3.4 is specified through the upstream directive. This name can be specified arbitrarily and can be directly called where it is needed later.

2. Nginx's load balancing module currently supports four scheduling algorithms, which are introduced below. The last two are third-party scheduling algorithms.

  • Polling (default). Each request is assigned to a different backend server one by one in chronological order. If a backend server goes down, the faulty system is automatically eliminated so that user access is not affected. Weight specifies the polling weight. The larger the Weight value, the higher the probability of access. It is mainly used when the performance of each backend server is uneven.
  • ip_hash. Each request is assigned according to the hash result of the access IP, so that visitors from the same IP address access a fixed backend server, which effectively solves the session sharing problem of dynamic web pages.
  • fair. This is a smarter load balancing algorithm than the above two. This algorithm can intelligently perform load balancing based on page size and loading time, that is, it distributes requests based on the response time of the backend server, with requests with shorter response times given priority. Nginx itself does not support fair. If you need to use this scheduling algorithm, you must download the upstream_fair module of Nginx.
  • url_hash. This method distributes requests according to the hash result of the accessed URL, so that each URL is directed to the same backend server, which can further improve the efficiency of the backend cache server. Nginx itself does not support url_hash. If you need to use this scheduling algorithm, you must install the Nginx hash software package.

3. Status parameters supported by upstream

In the HTTP Upstream module, you can specify the IP address and port of the backend server through the server directive, and you can also set the status of each backend server in the load balancing scheduling. Commonly used states are:

  • down: indicates that the current server is not participating in load balancing temporarily.
  • backup, a reserved backup machine. The backup machine is requested only when all other non-backup machines fail or are busy, so the pressure on this machine is the lightest.
  • max_fails, the number of request failures allowed, the default is 1. When the maximum number of times is exceeded, an error defined by the proxy_next_upstream module is returned.
  • fail_timeout, the time to suspend service after max_fails failures. max_fails can be used together with fail_timeout.

Note: When the load scheduling algorithm is ip_hash, the status of the backend server in the load balancing scheduling cannot be weight or backup.
Let's take a look at the specific configuration:

[root@lvs-master conf.d]# cat ../nginx.conf 
http { 
  include /etc/nginx/mime.types; 
  default_type application/octet-stream; 
 
  log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 
           '$status $body_bytes_sent "$http_referer" ' 
           '"$http_user_agent" "$http_x_forwarded_for"'; 
 
  access_log /var/log/nginx/access.log main; 
 
  sendfile on; 
  #tcp_nopush on; 
 
  keepalive_timeout 65; 
 
  #gzip on; 
upstream 1.2.3.4 { 
  server 10.0.0.111:80; 
  server 10.0.0.137:80; 
  } 
  include /etc/nginx/conf.d/*.conf; 
} 
 
[root@lvs-master conf.d]# cat slb.confserver  
{  
location / {  
   proxy_pass http://1.2.3.4; proxy_set_header X-Real-IP $remote_addr;  
      } 
#Note: upstream is defined outside of server{ } and cannot be defined inside server{ }. After defining the upstream, just reference it using proxy_pass.

4. Test Results

[root@elk ~]# curl 10.0.0.136 
<html> 
10.0.0.111 
</html> 
[root@elk ~]# curl 10.0.0.136 
<html> 
10.0.0.137 
</html> 
[root@elk ~]# curl 10.0.0.136 
<html> 
10.0.0.111 
</html> 
#The result is that server1 and 2 appear alternately, indicating that the default load balancing method is polling.

5. Health Check

Generally, health checks require keepalived, but nginx also has corresponding parameters that can be set.

max_fails, the number of request failures allowed, the default is 1. When the maximum number of times is exceeded, an error defined by the proxy_next_upstream module is returned.

fail_timeout, the time to suspend service after max_fails failures. max_fails can be used together with fail_timeout for health checks.

[root@lvs-master conf.d]# cat ../nginx.conf 
http {   
  include /etc/nginx/mime.types; 
  default_type application/octet-stream; 
 
  log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 
           '$status $body_bytes_sent "$http_referer" ' 
           '"$http_user_agent" "$http_x_forwarded_for"'; 
 
  access_log /var/log/nginx/access.log main; 
 
  sendfile on; 
  #tcp_nopush on; 
 
  keepalive_timeout 65; 
 
  #gzip on; 
  upstream 1.2.3.4 { 
  server 10.0.0.111:80 weight=1 max_fails=2 fail_timeout=2; 
  server 10.0.0.137:80 weight=1 max_fails=2 fail_timeout=2; 
  } 
  include /etc/nginx/conf.d/*.conf; 
  } 
[root@lvs-master conf.d]# service nginx restart

6. Test the results

[root@kvm httpd]# service httpd stop #Shut down web-server1 service [root@elk ~]# curl 10.0.0.136 
<html> 
10.0.0.111 
</html> 
[root@elk ~]# curl 10.0.0.136 
<html> 
10.0.0.111 
</html> 
#Now only web-server2 can be accessed. 
 
[root@kvm httpd]# service httpd start #Open web-server1 service [root@elk ~]# curl 10.0.0.136       
<html> 
10.0.0.111 
</html> 
[root@elk ~]# curl 10.0.0.136 
<html> 
10.0.0.137 
</html> 
[root@elk ~]# curl 10.0.0.136 
<html> 
10.0.0.111 
</html>

7. Load balancing of ip_hash

[root@lvs-master conf.d]# cat ../nginx.conf 
upstream 1.2.3.4 { 
  ip_hash; 
  server 10.0.0.111:80 weight=1 max_fails=2 fail_timeout=2; 
  server 10.0.0.137:80 weight=1 max_fails=2 fail_timeout=2; 
  } 
[root@lvs-master conf.d]# service nginx restart 
Stop nginx: [OK] 
Starting nginx: [OK] 
 
[root@elk ~]# curl 10.0.0.136 
<html> 
10.0.0.137 
</html> 
[root@elk ~]# curl 10.0.0.136 
<html> 
10.0.0.137 
</html> 
#After configuring this load balancing, >each request is distributed according to the hash result of the access IP, so that visitors from the same IP address will access a fixed backend server. 
#Effectively solves the session sharing problem of dynamic web pages. (Generally, e-commerce websites use it more)

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:
  • Full process record of Nginx reverse proxy configuration
  • Detailed explanation of Nginx configuration parameters in Chinese (load balancing and reverse proxy)
  • Simple steps to configure Nginx reverse proxy with SSL
  • Nginx reverse proxy configuration removes prefix
  • Detailed steps for yum configuration of nginx reverse proxy
  • Detailed explanation of nginx reverse proxy webSocket configuration
  • A universal nginx interface to implement reverse proxy configuration
  • Nginx reverse proxy configuration to remove prefix case tutorial

<<:  Record the steps of using mqtt server to realize instant communication in vue

>>:  Mycli is a must-have tool for MySQL command line enthusiasts

Recommend

MySQL query syntax summary

Preface: This article mainly introduces the query...

Summary of several commonly used string methods in JavaScript (must-read for beginners)

Several commonly used string methods in JavaScrip...

js to achieve simple drag effect

This article shares the specific code of js to ac...

Detailed tutorial on installing ElasticSearch 6.4.1 on CentOS7

1. Download the ElasticSearch 6.4.1 installation ...

Detailed explanation of the use of Vue3 state management

Table of contents background Provide / Inject Ext...

Detailed process of Vue front-end packaging

Table of contents 1. Add packaging command 2. Run...

Use of Linux cal command

1. Command Introduction The cal (calendar) comman...

What are the differences between var let const in JavaScript

Table of contents 1. Repeated declaration 1.1 var...

Detailed explanation of basic data types in mysql8.0.19

mysql basic data types Overview of common MySQL d...

CSS style control to achieve IE submission form record history click return information is still there

It is mainly a CSS style control and a META tag; C...

MySQL 8.0 WITH query details

Table of contents Learning about WITH queries in ...

JavaScript implements fireworks effects with sound effects

It took me half an hour to write the code, and th...

Docker cross-server communication overlay solution (Part 1) Consul single instance

Table of contents Scenario Task idea analyze Conc...

Write a React-like framework from scratch

Recently I saw the article Build your own React o...

There is an extra blank line after the html page uses include to import the php file

The method found on the Internet works The footer ...