0%

Nginx实现反向代理

Nginx实现反向代理

1)在web01和web02上安装nginx和php

2)创建www用户

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@web01 php]# groupadd www -g 666
[root@web01 php]# useradd www -u 666 -g 666 -s /sbin/nologin -M

[root@web02 php]# groupadd www -g 666
[root@web02 php]# useradd www -u 666 -g 666 -s /sbin/nologin -M

[root@nfs ~]# groupadd www -g 666
[root@nfs ~]# useradd www -u 666 -g 666 -s /sbin/nologin -M

[root@db01 ~]# groupadd www -g 666
[root@db01 ~]# useradd www -u 666 -g 666 -s /sbin/nologin -M

[root@backup ~]# groupadd www -g 666
[root@backup ~]# useradd www -u 666 -g 666 -s /sbin/nologin -M

3)修改nginx和PHP启动用户

1
2
3
4
5
6
7
8
9
10
11
12
[root@web01 php]# vim /etc/nginx/nginx.conf 
user www;
[root@web01 php]# vim /etc/php-fpm.d/www.conf
user = www
group = www


[root@web02 php]# vim /etc/nginx/nginx.conf
user www;
[root@web02 php]# vim /etc/php-fpm.d/www.conf
user = www
group = www

4)编辑nginx配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
[root@web01 php]# vim /etc/nginx/conf.d/blog.drz.com.conf
server {
listen 80;
server_name blog.drz.com;
root /code/wordpress;
index index.php index.html;
access_log /var/log/nginx/blog.drz.com_access.log main;

location ~\.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

}

[root@web01 php]# vim /etc/nginx/conf.d/zh.drz.com.conf
server {
listen 80;
server_name zh.drz.com;
root /code/zh;
index index.php index.html;
access_log /var/log/nginx/zh.drz.com_access.log main;

location ~\.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

}

5)创建站点目录并授权

1
[root@web01 php]# mkdir -p /code/{wordpress,zh}

6)代码上线

1
2
[root@web01 code]# tar xf wordpress-5.0.3-zh_CN.tar.gz
[root@web01 code]# unzip WeCenter_3-3-3.zip

7)创建出用户上传目录

1
2
[root@web01 code]# mkdir /code/wordpress/wp-content/uploads
[root@web01 php]# chown -R www.www /code/

8)启动nginx和php并加入开机自启

1
2
[root@web01 code]# systemctl start nginx php-fpm
[root@web01 code]# systemctl enable nginx php-fpm

9)安装数据库

1
[root@db01 ~]# yum install -y mariadb-server

10)启动数据库

1
[root@db01 ~]# systemctl start mariadb

11)设置数据库root用户的密码

1
[root@db01 ~]# mysqladmin -uroot password '123'

12)免交互创建数据库

1
2
3
4
5
#创建数据库
[root@db01 ~]# mysqladmin -uroot -p123 create wordpress
[root@db01 ~]# mysql -uroot -p123 -e 'create database zh'
#查看数据库
[root@db01 ~]# mysql -uroot -p123 -e 'show databases'

13)免交互创建程序连接MySQL用户

1
2
[root@db01 ~]# mysql -uroot -p123 -e "grant all on wordpress.* to wp@'172.16.1.%' identified by '1'"
[root@db01 ~]# mysql -uroot -p123 -e "grant all on zh.* to zh@'172.16.1.%' identified by '1'"

1566436371652

1566436380746

1566436415252

14)部署第二台web

1
2
3
4
5
6
7
8
9
10
11
12
#推送代码
[root@web01 code]# scp -r /code 172.16.1.8:/
#推送配置文件
[root@web01 ~]# scp /etc/nginx/conf.d/* 172.16.1.8:/etc/nginx/conf.d/
#授权
[root@web02 php]# chown -R www.www /code/
#删除默认虚拟主机配置文件
[root@web01 ~]# rm -f /etc/nginx/conf.d/default.conf
[root@web02 php]# rm -f /etc/nginx/conf.d/default.conf
#启动nginx和php并加入开机自启
[root@web02 php]# systemctl start nginx php-fpm
[root@web02 php]# systemctl enable nginx php-fpm

15)共享静态资源

  • 安装nfs服务端
1
2
[root@nfs ~]# yum install -y nfs-utils
[root@backup ~]# yum install -y nfs-utils
  • 修改配置文件
1
2
3
4
5
6
7
[root@nfs ~]# vim /etc/exports
/data/wordpress 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/zh 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)

[root@backup ~]# vim /etc/exports
/data/wordpress 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/zh 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
  • 创建共享目录
1
2
3
4
5
[root@nfs ~]# mkdir -p /data/{wordpress,zh}
[root@nfs ~]# chown -R www.www /data

[root@backup ~]# mkdir -p /data/{wordpress,zh}
[root@backup ~]# chown -R www.www /data
  • 启动nfs和rpcbind
1
2
3
4
5
[root@nfs ~]# systemctl start nfs-server
[root@nfs ~]# systemctl enable nfs-server

[root@backup ~]# systemctl start nfs-server
[root@backup ~]# systemctl enable nfs-server
  • 安装nfs客户端
1
2
[root@web01 code]#  yum install -y nfs-utils
[root@web02 php]# yum install -y nfs-utils
  • 查看挂载点
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[root@web01 code]# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/data/zh 172.16.1.0/24
/data/wordpress 172.16.1.0/24
[root@web01 code]# showmount -e 172.16.1.41
Export list for 172.16.1.41:
/data/zh 172.16.1.0/24
/data/wordpress 172.16.1.0/24


[root@web02 php]# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/data/zh 172.16.1.0/24
/data/wordpress 172.16.1.0/24
[root@web02 php]# showmount -e 172.16.1.41
Export list for 172.16.1.41:
/data/zh 172.16.1.0/24
/data/wordpress 172.16.1.0/24
  • 挂载
1
2
3
4
5
6
[root@web01 code]# mount -t nfs 172.16.1.31:/data/wordpress /code/wordpress/wp-content/uploads/
[root@web01 code]# mount -t nfs 172.16.1.31:/data/zh /code/zh/uploads/


[root@web02 php]# mount -t nfs 172.16.1.31:/data/wordpress /code/wordpress/wp-content/uploads/
[root@web02 php]# mount -t nfs 172.16.1.31:/data/zh /code/zh/uploads/

16)部署rsync和sersync

  • 安装rsync服务端
1
[root@backup ~]# yum install -y rsync
  • 修改配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[root@backup ~]# vim /etc/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rc
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[nfs]
comment = welcome to oldboyedu backup!
path = /data
  • 创建密码文件并授权
1
2
[root@backup ~]# echo 'rc:123' > /etc/rsync.passwd
[root@backup ~]# chmod 600 /etc/rsync.passwd
  • 启动rsyncd
1
[root@backup ~]# systemctl start rsyncd

17)客户端部署sersync

  • 安装rsync和inotify-tools
1
[root@nfs ~]# yum install -y rsync inotify-tools
  • 安装sersync
1
2
[root@nfs ~]# tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz 
[root@nfs ~]# mv GNU-Linux-x86/ /usr/local/sersync
  • 修改配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[root@nfs ~]# vim /usr/local/sersync/confxml.xml
<sersync>
<localpath watch="/data">
<remote ip="172.16.1.41" name="nfs"/>
<!--<remote ip="192.168.8.39" name="tongbu"/>-->
<!--<remote ip="192.168.8.40" name="tongbu"/>-->
</localpath>
<rsync>
<commonParams params="-az"/>
<auth start="true" users="rc" passwordfile="/etc/rsync.pass"/>
<userDefinedPort start="false" port="874"/><!-- port=874 -->
<timeout start="true" time="100"/><!-- timeout=100 -->
<ssh start="false"/>
</rsync>
<failLog path="/tmp/rsync_fail_log.sh" timeToExecute="60"/><!--default every 60mins execute once-->
<crontab start="false" schedule="600"><!--600mins-->
<crontabfilter start="false">
<exclude expression="*.php"></exclude>
<exclude expression="info/*"></exclude>
</crontabfilter>
</crontab>
<plugin start="false" name="command"/>
</sersync>
  • 创建密码文件并授权
1
2
[root@nfs ~]# echo 123 > /etc/rsync.pass
[root@nfs ~]# chmod 600 /etc/rsync.pass
  • 启动sersync
1
[root@nfs ~]# /usr/local/sersync/sersync2 -rdo /usr/local/sersync/confxml.xml

Nginx实现反向代理

Nginx服务支持的代理协议

1566439704173

反向代理使用的模块

img

ngx_http_uwsgi_module 代理python项目模块

重点:http_proxy_module

模块总结

反向代理模式与Nginx代理模块总结如表格所示

反向代理模式 Nginx配置模块
http、websocket、https、tomcat、Java程序 ngx_http_proxy_module
fastcgi(php程序) ngx_http_fastcgi_module
uwsgi(python程序) ngx_http_uwsgi_module
grpc(Golang程序) ngx_http_v2_module

环境准备

外网IP 内网IP 主机名
10.0.0.5 172.16.1.5 lb01
10.0.0.7 172.16.1.7 web01
10.0.0.8 172.16.1.8 web02

1)web01部署网站

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#准备配置文件
[root@web01 ~]# vim /etc/nginx/conf.d/proxy.conf
server {
listen 80;
server_name proxy.drz.com;

location / {
root /code/proxy;
index index.html;
}
}

#创建站点目录
[root@web01 ~]# mkdir /code/proxy
#部署代码
[root@web01 ~]# echo 'web01...' > /code/proxy/index.html
#重启nginx
[root@web01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 ~]# nginx -s reload

在lb01上安装nginx

1
[root@lb01 php]# rpm -ivh nginx-1.16.1-1.el7.ngx.x86_64.rpm

1)配置代理

1
2
3
4
5
6
7
8
9
[root@lb01 ~]# vim /etc/nginx/conf.d/daili.conf
server {
listen 80;
server_name proxy.drz.com;

location / {
proxy_pass http://10.0.0.7;
}
}

2)创建www用户

3)修改启动用户

4)启动nginx

1
2
3
4
[root@lb01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb01 ~]# nginx

解决问题

1
2
3
4
5
6
7
8
9
10
11
[root@lb01 ~]# vim /etc/nginx/conf.d/daili.conf
server {
listen 80;
server_name proxy.drz.com;

location / {
proxy_pass http://10.0.0.7;
proxy_set_header HOST $http_host;
proxy_http_version 1.1;
}
}