Nginx4大模块——proxy、headers、upstream、stream模块

Nginx

应用程序发布:

灰度模型:

         (1) 如果存在用户会话;

             从服务器上拆除会话;

         (2) 新版本应用程序存在bug;

             回滚;

ngx_http_proxy_module模块:

1、proxy_pass URL;

Context: location, if in location, limit_except

    

注意:proxy_pass后面的路径不带uri时,其会将location的uri传递给后端主机

         server {

                

                 server_name HOSTNAME;

                 location /uri/ {

                      proxy http://hos[:port];

                 }

                

         }

        

         http://HOSTNAME/uri –> http://host/uri

    

proxy_pass后面的路径是一个uri时,其会将location的uri替换为proxy_pass的uri

         server {

                

                 server_name HOSTNAME;

                 location /uri/ {

                      proxy http://host/new_uri/;

                 }

                

         }

        

         http://HOSTNAME/uri/ –> http://host/new_uri/

    

如果location定义其uri时使用了正则表达式的模式,则proxy_pass之后必须不能使用uri; 用户请求时传递的uri将直接附加代理到的服务的之后

         server {

                

                 server_name HOSTNAME;

                 location ~|~* /uri/ {

                      proxy http://host;

                 }

                

         }

        

         http://HOSTNAME/uri/ –> http://host/uri/

2、proxy_set_header field value;

设定发往后端主机的请求报文的请求首部的值;Context: http, server, location

    

proxy_set_header X-Real-IP  $remote_addr;

    $remote_addr:记录的是上一台主机的IP,而上一台主机有可能也是代理服务器

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    $proxy_add_x_forwarded_for:记录的是源IP地址

    

在http客户端还有修改/etc/httpd/conf/httpd.conf文件

    LogFormat "%{X-Real-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

    

    通过上述方法则可以在后端主机上记录真实的httpd资源请求者,而不再是只记录前端代理服务器的IP地址

3、proxy_cache_path

定义可用于proxy功能的缓存;Context: http

    

proxy_cache_path path [levels=levels] [use_temp_path=on|off] keys_zone=name:size [inactive=time] [max_size=size] [manager_files=number] [manager_sleep=time] [manager_threshold=time] [loader_files=number] [loader_sleep=time] [loader_threshold=time] [purger=on|off] [purger_files=number] [purger_sleep=time] [purger_threshold=time];

    

proxy_cache_path /var/cache/nginx/proxy_cache levels=1:2:1 keys_zone=gmtest:20M max_size=1G;

4、proxy_cache zone | off;

指明要调用的缓存,或关闭缓存机制;Context: http, server, location

    

proxy_cache gmtest;

5、 proxy_cache_key string;

缓存中用于“键”的内容;

    

默认值:proxy_cache_key $scheme$proxy_host$request_uri;

    建议定义成方法和url

6、proxy_cache_valid [code …] time;

定义对特定响应码的响应内容的缓存时长;

    

定义在http{…}中;

    proxy_cache_path /var/cache/nginx/proxy_cache levels=1:1:1 keys_zone=gmtest:20m max_size=1g;

    

定义在需要调用缓存功能的配置段,例如server{…},或者location中;

    proxy_cache gmtest;

    proxy_cache_key $request_uri;

    proxy_cache_valid 200 302 301 1h;

    proxy_cache_valid any 1m;

7、proxy_cache_use_stale

proxy_cache_use_stale error | timeout | invalid_header | updating | http_500 | http_502 | http_503 | http_504 | http_403 | http_404 | off …;

    

Determines in which cases a stale cached response can be used when an error occurs during communication with the proxied server.

    

后端服务器的故障在那种情况下,就使用缓存的功能对客户的进行返回

8、proxy_cache_methods GET | HEAD | POST …;

If the client request method is listed in this directive then the response will be cached. “GET” and “HEAD” methods are always added to the list, though it is recommended to specify them explicitly.

    

默认方法就是GET HEAD方法

9、proxy_hide_header field;

By default, nginx does not pass the header fields “Date”, “Server”, “X-Pad”, and “X-Accel-…” from the response of a proxied server to a client. The proxy_hide_header directive sets additional fields that will not be passed.

10、proxy_connect_timeout time;

Defines a timeout for establishing a connection with a proxied server. It should be noted that this timeout cannot usually exceed 75 seconds.

    

默认为60s

11、buffer相关的配置

a:proxy_buffer_size size;

Sets the size of the buffer used for reading the first part of the response received from the proxied server. This part usually contains a small response header. By default, the buffer size is equal to one memory page.

    

默认为4k|8k

b:proxy_buffering on | off;

Enables or disables buffering of responses from the proxied server.

    

默认为on

c:proxy_buffers number size;

Sets the number and size of the buffers used for reading a response from the proxied server, for a single connection. By default, the buffer size is equal to one memory page.

    

默认为8 4k|8k

d:proxy_busy_buffers_size size;

When buffering of responses from the proxied server is enabled, limits the total size of buffers that can be busy sending a response to the client while the response is not yet fully read.

    

默认为8k|16k

ngx_http_headers_module模块

The ngx_http_headers_module module allows adding the “Expires” and “Cache-Control” header fields, and arbitrary fields, to a response header.

向由代理服务器响应给客户端的响应报文添加自定义首部,或修改指定首部的值;

1、add_header name value [always];

添加自定义首部;

    

add_header X-Via  $server_addr;

    经由的代理服务器地址

add_header X-Accel $server_name;

2、expires [modified] time;

expires epoch | max | off;

    

用于定义Expire或Cache-Control首部的值;

可以把服务器定义的缓存时长修改了;

ngx_http_upstream_module模块

The ngx_http_upstream_module module is used to define groups of servers that can be referenced by the proxy_pass, fastcgi_pass, uwsgi_pass, scgi_pass, and memcached_pass directives.

1、upstream name { … }

定义后端服务器组,会引入一个新的上下文;Context: http

    

upstream httpdsrvs {

         server …

         server…

        

}

2、server address [parameters];

在upstream上下文中server成员,以及相关的参数;Context: upstream

    

address的表示格式:

    unix:/PATH/TO/SOME_SOCK_FILE

    IP[:PORT]

    HOSTNAME[:PORT]

    

parameters:

         weight=number

             权重,默认为1;默认算法是wrr

         max_fails=number

             失败尝试最大次数;超出此处指定的次数时,server将被标记为不可用

         fail_timeout=time

             设置将服务器标记为不可用状态的超时时长

         max_conns

             当前的服务器的最大并发连接数

         backup

             将服务器标记为“备用”,即所有服务器均不可用时此服务器才启用

         down

             标记为“不可用”

             先在nginx前端配置down,然后在下架后端服务器,上架新的web程序,然后上架,在修改配置文件立马的down

3、least_conn;

最少连接调度算法,当server拥有不同的权重时其为wlc

要在后端服务器是长连接时,效果才好,比如mysql

4、ip_hash;

源地址hash调度方法

5、hash key [consistent];

基于指定的key的hash表来实现对请求的调度,此处的key可以直接文本、变量或二者的组合

    

作用:将请求分类,同一类请求将发往同一个upstream server

    

If the consistent parameter is specified the ketama consistent hashing method will be used instead.

    

示例:

    hash $request_uri consistent;

    hash $remote_addr;

    hash $cookie_name; 对同一浏览器的请求,发往同一个upstream server

6、keepalive connections;

为每个worker进程保留的空闲的长连接数量

    

nginx的其它的二次发行版:

    tengine

    OpenResty

    

1.9版本之后可以反代tcp/udp的协议,基于stream模块,工作与传输层

ngx_stream_core_module模块

模拟反代基于tcp或udp的服务连接,即工作于传输层的反代或调度器

1、stream { … }

定义stream相关的服务;Context: main

    

stream {

         upstream sshsrvs {

                 server 192.168.22.2:22;

                 server 192.168.22.3:22;

                 least_conn;

         }

        

         server {

                 listen 10.1.0.6:22022;

                 proxy_pass sshsrvs;

         }

}

    

stream模块中管的upstream模块的用法同上

2、listen

listen address:port [ssl] [udp] [proxy_protocol] [backlog=number] [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];

原创文章,作者:megedugao,如若转载,请注明出处:http://www.178linux.com/55357

(26)
megedugaomegedugao
上一篇 2016-10-29
下一篇 2016-10-29

相关推荐

  • Yellow Dog! COMMAND && source

    linux程序包管理之yum        yum:之前命名为:yellow dog ,后来因为及其好用,很多发行版都以此为默认rpm程序前端管理工具,故此更名为:yellowdog update modifier,更牛的还有一个基于redhat的二次发行版也叫yellow dog 功能:…

    Linux干货 2016-08-21
  • 我与Linux的第一次亲密接触

        作为一个新手,经过一周的学习,我对Linux目前有了些许的了解,从Linux的发展史中,开源共享精神深深的感染了我,也使得我对Linux的兴趣更加浓厚。对于一个一直翘计算机课的我来说,入门和基础是一项非常艰巨的任务,初期为了搭建学习的环境,也是费了不小的功夫,相信许多萌也对此有很大的感触,在这里,我来和大家分享一下如何去构建环境。…

    Linux干货 2017-03-26
  • Tomcat详解

    Tomcat详解 1、tomcat安装 tomcat的组件:<Server> <Service> <connector/> <connector/> <Engine> <Host /> <Host> <Context/> … </Host> &lt…

    2017-04-27
  • PXE批量部署linux操作系统

       前言    在实际生产环境中,有时候我们会碰到为几十上百甚至上千台服务器安装Linux操作系统的需求,如果我们还是常规的去使用移动介质逐台安装,显然是一件低效又令人抓狂的事情,那要安装到何年何月啊?这对于我们追求高逼格形象的技术人员来讲当然是不可以接受的,为此,pxe模式批量部署系统应运而生。   &n…

    Linux干货 2015-05-23
  • linux特殊权限管理

    特殊权限:SUID, SGID, STICKY 正常情况下:  1、进程以某用户的身份运行; 进程是发起此进程用户的代理,因此以此用户的身份和权限完成所有操作; 2、权限匹配模型: (1) 判断进程的属主,是否为被访问的文件属主;如果是,则应用属主的权限;否则进入第2步; (2) 判断进程的属主,是…

    Linux干货 2015-12-19
  • OpenSSL

    三个组件: openssl: 多用途的命令行工具; libcrypto: 加密解密库; libssl:ssl协议的实现; PKI:Public Key Infrastructure CA RA CRL 证书存取库  建立私有CA: OpenCA openssl  证书申请及签署步骤: 1、生成申请请求; 2、RA核验; 3、CA签署; 4…

    Linux干货 2015-03-21