Reverse proxy and load balancing
nginx is usually used as the reverse proxy of the back-end server, which can easily realize dynamic and static separation and load balancing, so as to greatly improve the processing capacity of the server.
Nginx realizes dynamic and static separation. In fact, when reverse proxy is used, if it is static resources, it will be read directly from the path published by nginx, rather than from the background server.
However, it should be noted that in this case, it is necessary to ensure that the back-end and front-end programs are consistent. Rsync can be used for server-side automatic synchronization or NFS and MFS distributed shared storage.
Http Proxy`Modules, many functions, the most commonly used is`proxy_pass`and`proxy_cache
If you want to use proxy_cache needs to integrate the NGX of the third party_ cache_ Purge module, used to clear the specified URL cache. This integration needs to be done when installing nginx, such as:
./configure --add-module=../ngx_cache_purge-1.0 ......
nginx implements simple load balancing through the upstream module, which needs to be defined in the http segment
In the upstream segment, define a server list. The default method is polling. If you want to make sure that the requests sent by the same visitor are always processed by the same back-end server, you can set ip_hash, such as:
upstream idfsoft.com { ip_hash; server 127.0.0.1:9080 weight=5; server 127.0.0.1:8080 weight=5; server 127.0.0.1:1111;}
Note: the essence of this method is polling, and because the ip of the client may change constantly, such as dynamic ip, proxy, wall climbing, etc_ Hash does not fully guarantee that the same client is always processed by the same server.
After defining upstream, you need to add the following contents in the server section:
server { location / { proxy_pass http://idfsoft.com; }}
Experimental environment
| host name | ip | service |
|---|---|---|
| nginx | 192.168.11.120 | nginx |
| httpd | 192.168.11.121 | httpd |
| lnmp | 192.168.11.122 | lnmp |
Deploy nginx
Create nginx system user
[root@nginx ~]# useradd -r -M -s /sbin/nologin nginx
Installation dependent environment
[root@nginx ~]# yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ wget make [root@nginx ~]# yum -y groups mark install 'Development Tools'
Create log storage directory
[root@nginx ~]# mkdir -p /var/log/nginx[root@nginx ~]# chown -R nginx.nginx /var/log/nginx
Download nginx
[root@nginx ~]# wget https://nginx.org/download/nginx-1.20.1.tar.gz
Compile and install
[root@nginx ~]# tar xf nginx-1.20.1.tar.gz [root@nginx ~]# cd nginx-1.20.1/ [root@nginx nginx-1.20.1]# ./configure \ --prefix=/usr/local/nginx \ --user=nginx \ --group=nginx \ --with-debug \ --with-http_ssl_module \ --with-http_realip_module \ --with-http_image_filter_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_stub_status_module \ --http-log-path=/var/log/nginx/access.log \ --error-log-path=/var/log/nginx/error.log [root@nginx nginx-1.20.1]# make && make install
Configure environment variables
[root@nginx nginx-1.20.1]# echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh [root@nginx nginx-1.20.1]# . /etc/profile.d/nginx.sh
start-up
[root@nginx ~]# nginx [root@nginx ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 [::]:22
Deploy httpd
Installation environment
[root@httpd ~]# yum -y install openssl-devel pcre-devel expat-devel libtool gcc-c++ libstdc++-devel make
Compiling and installing apache
[root@httpd ~]# cd /usr/src/
[root@httpd src]# ls
] apr-1.7.0.tar.bz2 apr-util-1.6.1.tar.bz2 debug httpd-2.4.43.tar.bz2 kernels
[root@httpd src]# tar xf apr-1.7.0.tar.bz2
[root@httpd src]# tar xf apr-util-1.6.1.tar.bz2
[root@httpd src]# ls
] apr-1.7.0 apr-1.7.0.tar.bz2 apr-util-1.6.1 apr-util-1.6.1.tar.bz2 debug httpd-2.4.43.tar.bz2 kernels
[root@httpd src]# cd apr-1.7.0/
[root@httpd apr-1.7.0]# vim configure
cfgfile=${ofile}T
trap "$RM \"$cfgfile\"; exit 1" 1 2 15
# $RM "$cfgfile" //Delete or add # comments here
[root@httpd apr-1.7.0]# ./configure --prefix=/usr/local/apr
[root@httpd apr-1.7.0]# make && make install
[root@httpd apr-1.7.0]# cd /usr/src/apr-util-1.6.1/
[root@httpd apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[root@httpd apr-util-1.6.1]# make && make install
//Now start installing apache
[root@httpd src]# tar xf httpd-2.4.43.tar.bz2
[root@httpd src]# cd httpd-2.4.43/
[root@httpd httpd-2.4.43]# ./configure --prefix=/usr/local/apache \
sysconfdir=/etc/httpd24 \
enable-ssl \
enable-cgi \
enable-rewrite \
with-zlib \
with-pcre \
with-apr=/usr/local/apr \
with-apr-util=/usr/local/apr-util/ \
enable-modules=most \
enable-mpms-shared=all \
with-mpm=prefork
[root@httpd httpd-2.4.43]# make && make install
//Start apache
[root@httpd httpd-2.4.43]# /usr/local/apache/bin/apachectl start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
[root@httpd httpd-2.4.43]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80
Deploy lnmp
Installing and deploying nginx
[root@lnmp ~]# useradd -r -M -s /sbin/nologin nginx [root@lnmp ~]# yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ wget make [root@lnmp ~]# yum -y groups mark install 'Development Tools' [root@lnmp ~]# mkdir -p /var/log/nginx[root@lnmp ~]# chown -R nginx.nginx /var/log/nginx [root@lnmp ~]# wget https://nginx.org/download/nginx-1.20.1.tar.gz [root@lnmp ~]# tar xf nginx-1.20.1.tar.gz [root@lnmp nginx-1.20.1]# ./configure \ --prefix=/usr/local/nginx \ --user=nginx \ --group=nginx \ --with-debug \ --with-http_ssl_module \ --with-http_realip_module \ --with-http_image_filter_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_stub_status_module \ --http-log-path=/var/log/nginx/access.log \ --error-log-path=/var/log/nginx/error.log [root@lnmp nginx-1.20.1]# make && make install [root@lnmp nginx-1.20.1]# echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh [root@lnmp nginx-1.20.1]# . /etc/profile.d/nginx.sh [root@lnmp ~]# nginx [root@lnmp ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 [::]:22
Install mysql
[root@lnmp ~]# dnf -y install ncurses-devel openssl-devel openssl cmake mariadb-devel
[root@lnmp ~]# useradd -r -M -s /sbin/nologin mysql
[root@lnmp ~]# wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.33-linux-glibc2.12-x86_64.tar.gz
[root@lnmp ~]# tar xf mysql-5.7.33-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
[root@lnmp ~]# cd /usr/local/
[root@lnmp local]# ls
apache apr apr-util bin etc games include lib lib64 libexec mysql-5.7.33-linux-glibc2.12-x86_64 sbin share src
[root@lnmp local]# mv mysql-5.7.33-linux-glibc2.12-x86_64/ mysql
[root@lnmp local]# ls
apache apr apr-util bin etc games include lib lib64 libexec mysql sbin share src
[root@lnmp local]# chown -R mysql.mysql mysql/
[root@lnmp ~]# echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@lnmp ~]# source /etc/profile.d/mysql.sh
[root@lnmp ~]# ln -s /usr/local/mysql/include /usr/include/mysql
[root@lnmp ~]# vim /etc/ld.so.conf.d/mysql.conf
/usr/local/mysql/lib #Add this
[root@lnmp ~]# ldconfig
[root@lnmp ~]# vim /etc/man_db.conf
MANDATORY_MANPATH /usr/man
MANDATORY_MANPATH /usr/share/man
MANDATORY_MANPATH /usr/local/share/man
MANDATORY_MANPATH /usr/local/apache/man
MANDATORY_MANPATH /usr/local/mysql/man
[root@lnmp ~]# mkdir /opt/data
[root@lnmp ~]# chown -R mysql.mysql /opt/data
#Initialize database
root@lnmp ~]# mysqld --initialize --user=mysql --datadir=/opt/data/
2021-05-12T14:25:38.875806Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2021-05-12T14:25:39.516844Z 0 [Warning] InnoDB: New log files created, LSN=45790
2021-05-12T14:25:39.602382Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2021-05-12T14:25:39.658834Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: ed087633-b32d-11eb-b3ef-000c29a3d1ed.
2021-05-12T14:25:39.666061Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2021-05-12T14:25:40.418925Z 0 [Warning] CA certificate ca.pem is self signed.
2021-05-12T14:25:40.521392Z 1 [Note] A temporary password is generated for root@localhost: D!;GR)Q%o8Cs #Remember, this password will be used later
[root@lnmp ~]# cat > /etc/my.cnf <<EOF
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
EOF
[root@lnmp ~]# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@lnmp ~]# vim /etc/init.d/mysqldbasedir=/usr/local/mysqldatadir=/opt/data
[root@lnmp ~]# service mysqld start Starting MySQL.Logging to '/opt/data/localhost.localdomain.err'. SUCCESS!
[root@lnmp ~]# ss -antlState Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 80 *:3306 *:* LISTEN 0 128 *:80 *:* LISTEN 0 128 [::]:22 [::]:*
[root@lnmp ~]# dnf -y install ncurses-compat-libs
[root@lnmp ~]# mysql -uroot -p'D!;GR)Q%o8Cs'
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.33
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> set password = password('root');
Query OK, 0 rows affected, 1 warning (0.00 sec)
[root@lnmp ~]# chkconfig --add mysqld
[root@lnmp ~]# chkconfig --list
Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.
If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.
mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Install php
#Install dependent packages [root@lnmp ~]# dnf -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel pcre-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel [root@lnmp ~]# dnf -y install php* [root@lnmp ~]# dnf -y remove httpd [root@lnmp ~]# service php-fpm start [root@lnmp ~]# systemctl enable php-fpm Created symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service → /usr/lib/systemd/system/php-fpm.service. [root@lnmp ~]# vim /etc/php-fpm.d/www.conf; Note: This value is mandatory.;listen = /run/php-fpm/www.socklisten = 0.0.0.0:9000 [root@localhost ~]# systemctl restart php-fpm [root@localhost ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:9000 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 80 *:3306 *:* LISTEN 0 128 *:80 *:* LISTEN 0 128 [::]:22
Configure nginx
[root@lnmp ~]# vim /usr/local/nginx/conf/nginx.conf
location / {
root html;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /usr/local/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
Configure the nginx configuration file of the nginx host
[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf
location / {
root html; #Delete these two lines
index index.html index.htm;
}
stay server Add above
upstream html {
server 192.168.11.121;
}
upstream php {
server 192.168.11.122;
}
stay location lower
location / {
proxy_pass http://html; # Change to this
}
Put the bottom\.php Uncomment for
location ~ \.php$ {
proxy_pass http://php; # Add this line
}
Add static resource
[root@httpd ~]# cd /usr/local/apache/htdocs/ [root@httpd htdocs]# echo '1234' > index.html
Add dynamic resources
[root@lnmp html]# vim index.php <?php phpinfo(); ?>
effect
