Linux學習之路-Nginx(4)模塊簡要介紹篇【27】---20180228
一、ngx_http_proxy_module模塊
ngx_http_proxy_module
轉發請求至另一臺主機
1、proxy_pass URL;
Context:location, if in location, limit_except
註意:proxy_pass後面路徑不帶uri時,會將location的uri傳遞(附加)給後端主機
server {
...
server_name HOSTNAME;
location /uri/ {
proxy_pass http://host[:port]; 最後沒有/
}
...
}
上面示例:http://HOSTNAME/uri --> http://host/uri
如果上面示例中有 /,即:http://host[:port]/
意味著:http://HOSTNAME/uri --> http://host/ 即置換
proxy_pass後面的路徑是一個uri時,其會將location的uri替換為proxy_pass的uri
server {
...
server_name HOSTNAME;
location /uri/ {
proxy_pass http://host/new_uri/;
}
...
}
http://HOSTNAME/uri/ --> http://host/new_uri/
如果location定義其uri時使用了正則表達式的模式,則proxy_pass之後必須不能使用uri; 用戶請求時傳遞的uri將直接附加至後端服務器之後
server {
...
server_name HOSTNAME;
location ~|~* /uri/ {
proxy_pass http://host; 不能加/
}
...
}
http://HOSTNAME/uri/ --> http://host/uri/
#實現Nginx 代理 [root@VSserver~]#vim /etc/nginx/conf.d/vhosts.conf server { listen 80; server_name www.a.com; root /data/413/; #如果是代理,這個路徑的服務,就失效了 location / { proxy_pass http://172.18.68.103/; #可以增加8080自定的端口號,後端服務器需要修改端口號即可 } } [root@RS1~]#echo Lan server1 > /var/www/html/index.html [root@Router~]#curl www.a.com Lan server1 [root@Router~]#curl 192.168.1.100 Lan server1 [root@RS1~]#tail /var/log/httpd/access_log 172.18.68.100 - - [17/Mar/2018:14:28:41 +0800] "GET / HTTP/1.0" 200 12 "-" "curl/7.29.0" [root@VSserver~]#cat /var/log/nginx/access.log 192.168.1.66 - - [09/Mar/2018:03:39:25 +0800] "GET / HTTP/1.1" 200 12 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2" "-" #如果這時後端服務器停止服務了,就會出現502錯誤 [root@RS1~]#systemctl stop httpd.service [root@Router~]#curl 192.168.1.100 <html> <head><title>502 Bad Gateway</title></head>
#如果proxy_pass http://host[:port];後面沒有 /
[root@VSserver~]#vim /etc/nginx/conf.d/vhosts.conf server { listen 80; server_name www.a.com; location /bbs { proxy_pass http://172.18.68.103; #如果後面沒有/ ,相當於在訪問172.18.68.103/bbs } #如果加上/ ,就是相當於訪問172.18.68.103 } [root@Centos6-mini~]#curl www.a.com/bbs <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> [root@RS1~]#tail /var/log/httpd/access_log 172.18.68.100 - - [17/Mar/2018:14:47:05 +0800] "GET /bbs HTTP/1.0" 404 201 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2" [root@RS1~]#mkdir /var/www/html/bbs [root@RS1~]#echo /var/www/html/bbs > /var/www/html/bbs/index.html [root@Centos6-mini~]#curl www.a.com/bbs <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> [root@Centos6-mini~]#curl -L www.a.com/bbs /var/www/html/bbs [root@VSserver~]#vim /etc/nginx/conf.d/vhosts.conf server { listen 80; server_name www.a.com; location /bbs { proxy_pass http://172.18.68.103/forum; } } [root@RS1~]#mkdir /var/www/html/forum [root@RS1~]#echo /var/www/html/forum > /var/www/html/forum/index.html [root@Centos6-mini~]#curl -L www.a.com/bbs /var/www/html/forum [root@RS1~]#tail /var/log/httpd/access_log 172.18.68.100 - - [17/Mar/2018:15:07:26 +0800] "GET /forum/ HTTP/1.0" 200 20 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2"
#實驗:實現基礎的動靜分離
#簡單的LNMP #先搞定php php-mysql [root@RS1~]#yum install php php-mysql [root@RS1html]#vim index.php $conn = mysql_connect('172.18.68.104','lampuser','centos'); if ($conn) echo "OK"; else echo "Failure"; #echo mysql_error(); mysql_close(); phpinfo(); ?> [root@RS1html]#systemctl restart httpd.service [root@RS2~]#curl -I 172.18.68.103/index.php HTTP/1.1 200 OK Date: Sat, 17 Mar 2018 13:22:03 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 X-Powered-By: PHP/5.4.16 Content-Type: text/html; charset=UTF-8 #配置Nginx 調度設置 [root@VSserver~]#vim /etc/nginx/conf.d/vhosts.conf server { listen 80; server_name www.a.com; root /data/413/; location / { proxy_pass http://172.18.68.104; } location ~* \.php$ { #優先匹配 proxy_pass http://172.18.68.103; } } [root@Router~]#curl -I 172.18.68.100/index.html HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Fri, 09 Mar 2018 03:03:30 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 13 Connection: keep-alive Last-Modified: Fri, 09 Mar 2018 02:08:25 GMT ETag: "e044b-d-566f1447c52b6" Accept-Ranges: bytes [root@Router~]#curl -I 172.18.68.100/index.php HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Fri, 09 Mar 2018 03:03:33 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.4.16 [root@RS1~]#tail /var/log/httpd/access_log 172.18.68.104 - - [17/Mar/2018:21:22:03 +0800] "HEAD /index.php HTTP/1.1" 200 - "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2" [root@RS2~]#tail /var/log/httpd/access_log 172.18.68.100 - - [09/Mar/2018:10:15:50 +0800] "HEAD /index.html HTTP/1.0" 200 - "-" "curl/7.29.0"
2、proxy_set_header field value;
設定發往後端主機的請求報文的請求首部的值
Context: http, server, location
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #不僅可以記錄客戶端的地址,也可以追加代理服務器的地址
請求報文的標準格式如下:
X-Forwarded-For: client1, proxy1, proxy2 #可以追加記錄多個代理服務器
#實現後端服務器記錄客戶端ip信息 #1在nginx調度端設置 [root@VSserver~]#vim /etc/nginx/conf.d/vhosts.conf listen 80; server_name www.a.com; root /data/413/; location / { proxy_pass http://172.18.68.104; proxy_set_header X-Real-IP $remote_addr; } location ~* \.php$ { proxy_pass http://172.18.68.103; } } #2、在服務器端修改日誌選項 [root@RS1~]#vim /etc/httpd/conf/httpd.conf LogFormat "%{X-Real-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined [root@RS1~]#systemctl reload httpd.service [root@Router~]#curl 172.18.68.100/index.html RS2-html|jpg [root@RS1~]#tail /var/log/httpd/access_log -f 172.18.68.104 - - [17/Mar/2018:21:22:03 +0800] "HEAD /index.php HTTP/1.1" 200 - "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2"
3、proxy_cache_path;
定義可用於proxy功能的緩存
Context:http
proxy_cache_path path [levels=levels] [use_temp_path=on|off] keys_zone=name:size [inactive=time] [max_size=size] [manager_files=number] [manager_sleep=time] [manager_threshold=time] [loader_files=number] [loader_sleep=time] [loader_threshold=time] [purger=on|off] [purger_files=number] [purger_sleep=time] [purger_threshold=time];
4、proxy_cache zone | off; 默認off
指明調用的緩存,或關閉緩存機制;Context:http, server, location
5、proxy_cache_key string;
緩存中用於“鍵”的內容
默認值:proxy_cache_key $scheme$proxy_host$request_uri;
6、proxy_cache_valid [code ...] time;
定義對特定響應碼的響應內容的緩存時長
定義在http{...}中
示例:
proxy_cache_valid 200 302 10m;
proxy_cache_valid 404 1m;
示例:
在http配置定義緩存信
proxy_cache_path /var/cache/nginx/proxy_cache
levels=1:1:1 keys_zone=proxycache:20m
inactive=120s max_size=1g;
調用緩存功能,需要定義在相應的配置段,如server{...};
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 1h;
proxy_cache_valid any 1m;
7、proxy_cache_use_stale;
proxy_cache_use_stale error | timeout | invalid_header | updating | http_500 | http_502 | http_503 | http_504 | http_403 | http_404 | off ...
在被代理的後端服務器出現哪種情況下,可以真接使用過期的緩存響應客戶端
8、proxy_cache_methods GET | HEAD | POST ...;
對哪些客戶端請求方法對應的響應進行緩存,GET和HEAD方法總是被緩存
9、proxy_hide_header field;
默認nginx在響應報文不傳遞後端服務器的首部字段Date, Server, X-Pad, X-Accel-等,用於隱藏後端服務器特定的響應首部
10、proxy_connect_timeout time;
定義與後端服務器建立連接的超時時長,如超時會出現502錯誤,默認為60s,一般不建議超出75s,
11、proxy_send_timeout time;
將請求發送給後端服務器的超時時長;默認為60s
12、proxy_read_timeout time;
等待後端服務器發送響應報文的超時時長,默認為60s
#實驗:設置代理服務器緩存功能
#只能在http 中設置 [root@VSserver~]#vim /etc/nginx/nginx.conf http { include /etc/nginx/mime.types; default_type application/octet-stream; proxy_cache_path /var/cache/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g; [root@VSserver~]#mkdir /var/cache/nginx/ [root@VSserver~]#vim /etc/nginx/conf.d/vhosts.conf server { listen 80; server_name www.a.com; root /data/413/; proxy_cache proxycache; proxy_cache_key $request_url; proxy_cache_valid 200 302 301 1h; proxy_cache_valid any 1m; location / { proxy_pass http://172.18.68.104; proxy_set_header X-Real-IP $remote_addr; } location ~* \.php$ { proxy_pass http://172.18.68.103; } } [root@VSserverproxy_cache]#tree . ├──7 │ └──fd │ └──7e │ └── 23dcf7c2b96327ee9899fc28a847efd7 └──b └──82 └──a4 └── d1546d731a9f30cc80127d57142a482b
二、ngx_http_headers_module模塊
向由代理服務器響應給客戶端的響應報文添加自定義首部,或修改指定首部的值
1、add_header name value [always];
添加自定義首部
add_header X-Via $server_addr;
add_header X-Cache $upstream_cache_status; #添加緩存是否命中的狀態信息
add_header X-Accel $server_name;
2、add_trailer name value [always];
添加自定義響應信息的尾部
[root@VSserverproxy_cache]#vim /etc/nginx/conf.d/vhosts.conf server { listen 80; server_name www.a.com; root /data/413/; proxy_cache proxycache; proxy_cache_key $request_uri; proxy_cache_valid 200 302 301 1h; proxy_cache_valid any 1m; add_header X-Via $server_addr; add_header X-Cache $upstream_cache_status; add_header X-Accel $server_name; location / { proxy_pass http://172.18.68.104; proxy_set_header X-Real-IP $remote_addr; } location ~* \.php$ { proxy_pass http://172.18.68.103; } } [root@Router~]#curl -I www.a.com/index.html HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Fri, 09 Mar 2018 04:34:35 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 13 Connection: keep-alive Last-Modified: Fri, 09 Mar 2018 02:08:25 GMT ETag: "e044b-d-566f1447c52b6" X-Via: 192.168.1.100 X-Cache: MISS X-Accel: www.a.com Accept-Ranges: bytes [root@Router~]#curl -I www.a.com/index.html X-Via: 192.168.1.100 X-Cache: HIT #第二次就是命中的狀態信息 X-Accel: www.a.com Accept-Ranges: bytes
三、ngx_http_fastcgi_module模塊
ngx_http_fastcgi_module
轉發請求到FastCGI服務器,不支持php模塊方式
1、fastcgi_pass address;
address為後端的fastcgi server的地址
可用位置:location, if in location
2、fastcgi_index name;
fastcgi默認的主頁資源
示例:fastcgi_index index.php;
[root@FastCgi~]#yum install php-fpm [root@FastCgi~]#vim /etc/php-fpm.d/www.conf listen = 9000 #listen.allowed_clients = 127.0.0.1 [root@FastCgi~]#ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:9000 *:* [root@FastCgi~]#mkdir /data/php -pv mkdir: created directory ‘/data’ mkdir: created directory ‘/data/php’ [root@FastCgi~]#vim /data/php/index.php <?php phpinfo(); ?> [root@VSserver~]#vim /etc/nginx/conf.d/vhosts.conf location ~* \.php$ { proxy_pass http://172.18.68.103; } } [root@VSserver~]#ip a 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:14:fe:3c brd ff:ff:ff:ff:ff:ff inet 192.168.1.100/24 brd 192.168.1.255 scope global eth0 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:14:fe:46 brd ff:ff:ff:ff:ff:ff inet 172.18.68.100/16 brd 172.18.255.255 scope global eth1 [root@RS1~]#vim /etc/nginx/nginx.conf server { listen 80 default_server; root /data/php/; location / { fastcgi_pass 172.18.68.200:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/php$fastcgi_script_name; include fastcgi_params; } } [root@Client~]#curl -I 192.168.1.100/index.php HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Fri, 09 Mar 2018 14:09:42 GMT Content-Type: text/html Connection: keep-alive X-Powered-By: PHP/5.4.16 X-Via: 192.168.1.100 X-Accel: www.a.com
3、fastcgi_param parameter value [if_not_empty];
設置傳遞給 FastCGI服務器的參數值,可以是文本,變量或組合
示例1:
1)在後端服務器先配置fpm server和mariadb-server
2)在前端nginx服務上做以下配置:
location ~* \.php$ {
fastcgi_pass #後端fpm服務器IP:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
include fastcgi_params;
…
}
示例2:通過/pm_status和/ping來獲取fpm server狀態信息
location ~* ^/(status|ping)$ {
include fastcgi_params;
fastcgi_pass #後端fpm服務器IP:9000;
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
}
[root@FastCgi~]#vim /etc/php-fpm.d/www.conf pm.status_path = /status ping.path = /ping [root@VSserver~]#vim /etc/nginx/conf.d/vhosts.conf location ~* (\.php)|status|ping$ { proxy_pass http://172.18.68.103; } } [root@RS1~]#vim /etc/nginx/nginx.conf server { listen 80 default_server; root /data/php/; location / { fastcgi_pass 172.18.68.200:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/php$fastcgi_script_name; include fastcgi_params; } location ~* ^/(status|ping)$ { fastcgi_pass 172.18.68.200:9000; fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; include fastcgi_params; } } [root@Client~]#curl 192.168.1.100/status pool: www process manager: dynamic start time: 18/Mar/2018:21:07:39 +0800 start since: 517 accepted conn: 6 listen queue: 0 max listen queue: 0 listen queue len: 128 idle processes: 4 active processes: 1 total processes: 5 max active processes: 1 max children reached: 0 slow requests: 0 [root@Client~]#curl 192.168.1.100/ping pong
4、fastcgi_cache_path
path [levels=levels] [use_temp_path=on|off] keys_zone=name:size [inactive=time] [max_size=size] [manager_files=number] [manager_sleep=time] [manager_threshold=time] [loader_files=number] [loader_sleep=time] [loader_threshold=time] [purger=on|off] [purger_files=number] [purger_sleep=time] [purger_threshold=time];
定義fastcgi的緩存;
path
緩存位置為磁盤上的文件系統
max_size=size
磁盤path路徑中用於緩存數據的緩存空間上限
levels=levels:緩存目錄的層級數量,以及每一級的目錄數量
levels=ONE:TWO:THREE
示例:leves=1:2:2
keys_zone=name:size
k/v映射的內存空間的名稱及大小
inactive=time
非活動時長
5、fastcgi_cache zone | off;
調用指定的緩存空間來緩存數據
可用位置:http, server, location
6、fastcgi_cache_key string;
定義用作緩存項的key的字符串
示例:fastcgi_cache_key $request_rui;
7、fastcgi_cache_methods GET | HEAD | POST ...;
為哪些請求方法使用緩存
8、fastcgi_cache_min_uses number;
緩存空間中的緩存項在inactive定義的非活動時間內至少要被訪問到此處所指定的次數方可被認作活動項
9、fastcgi_keep_conn on | off;
收到後端服務器響應後,fastcgi服務器是否關閉連接,建議啟用長連接
10、fastcgi_cache_valid [code ...] time;
不同的響應碼各自的緩存時長
示例:
http {
fastcgi_cache_path /var
/cache/nginx/fcgi_cache levels=1:2:1 keys_zone=fcgicache:20m inactive=120s;
...
server {
location ~* \.php$ {
...
fastcgi_cache fcgicache;
fastcgi_cache_key $request_uri;
fastcgi_cache_valid 200 302 10m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
...
}
}
Linux學習之路-Nginx(4)模塊簡要介紹篇【27】---20180228