大并发 简单转发 用LVS (四层)
大并发 功能要求URI转发 lvs+nginx (四层+七层)
并发不大 nginx/haproxy (七层)
1000万--2000万PV的网站可以使用nginx负载均衡,高于2000万使用LVS
测试环境:
测试域名: (在本机hosts文件做解析:23.247.76.253
A服务器:23.247.76.253 (主)
B服务器:107.179.101.254
C服务器:23.247.78.253
主服务器配置(负载均衡器):
[root@nagios_client1 ~]# cat /usr/local/nginx/conf/nginx.conf
user www www;
worker_processes auto;
error_log /home/wwwroot/index/log/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
}
http
{
#limit_req_zone $binary_remote_addr zone=my_req_zone:1000m rate=100r/m;
#limit_conn_zone $binary_remote_addr zone=default:1000m;
#limit_conn default 100;
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 4k;
large_client_header_buffers 4 4k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60 60;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 16k;
fastcgi_buffers 16 16k;
fastcgi_busy_buffers_size 16k;
fastcgi_temp_file_write_size 16k;
fastcgi_intercept_errors on;
proxy_cache_valid 200 304 12h;
proxy_cache_key $scheme://$host$request_uri;
proxy_temp_path /home/amproxy_cache_tmp;
proxy_cache_path /home/amproxy_cache levels=1:2 keys_zone=amproxy:20m inactive=10d max_size=2g;
tcp_nodelay on;
server_tokens off;
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml application/rss+xml application/xhtml+xml application/atom_xml;
gzip_disable "MSIE [1-6].(?!.*SV1)";
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
# footer_types text/css;
# footer "<!-- $hostname, $year/$month/$day $hour:$minute:$second, $request -->";
ssl_buffer_size 4k;
add_header Anycast $hostname;
include vhost/*.conf;
include vhost/ssl/*.conf;
include vhost/http/*.conf;
include proxy/http/*.conf;
include proxy/ssl/*.conf;
#add_header X-S-NODE $hostname;
upstream servers.mydomain.com {
server 23.247.78.254:80;
server 107.179.101.254:8080;
server 23.247.76.253:8080;
# ip_hash;
}
server{
listen 80;
server_name www.mydomain.com;
location / {
proxy_pass http://servers.mydomain.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
HTTP/HTTPS 配置
server { # HTTP
# 对于特定请求 http://host:port/path
# (1)host 匹配于 server.server_name
# (2)port 匹配于 server.listen
# (3)path 匹配于 server.location, 而且优先采用精确匹配项
listen 80; # HTTP
listen 443 ssl; # HTTPS
server_name www.mydomain.com; # 通配符、正则
if ($scheme != https) { # 强制 HTTP 跳转至 HTTPS
# host 与 server_name 等价, redirect/permanent 分别为临时跳转/永久跳转
rewrite ^(.*)$ https://$host$1 permanent;
}
# 重定向错误页
error_page 404 /static/error/404.html;
error_page 500 502 503 504 /static/error/50x.html;
# 静态页面,直接指向目录 /usr/share/nginx
location ^~ /static/ { # 首部匹配
root /usr/share/nginx; # 其下有 static 目录
index index.html index.htm;
# 以下指令都适用于 http, server, location
add_header X-Header-Name value;
chunked_transfer_encoding on;
expires 1d;
gzip on; # 开启压缩(默认关闭)
}
# 动态数据,转给三个Nginx实例负载均衡
location / {
proxy_pass http://servers.mydomain.com;
proxy_set_header Host $host;
proxy_set_header Connection close;
proxy_connect_timeout 100ms; # 代理机器连接超时时长(默认的60s太长了)
expires 30d;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; allow all; }
# HTTPS 专用配置
# http://nginx.org/en/docs/http/configuring_https_servers.html
ssl_certificate /etc/nginx/ssl/nginx.crt; # 证书文件
ssl_certificate_key /etc/nginx/ssl/nginx.key; # 密钥对文件(包含公钥和私钥, 私钥不会发给客户端)
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # SSL(包括 v3)都有漏洞,应该用 TLS(TLS1.0 = SSL 3.1)
ssl_ciphers HIGH:!aNULL:!MD5;
}
B、C服务器配置:
server
{
listen 8080;
server_name www.mydomain.com;
index index.html index.htm index.php;
root /home/wwwroot/index/web;
fastcgi_buffer_size 4k;
fastcgi_buffers 8 4k;
fastcgi_busy_buffers_size 4k;
gzip off;
location /cr_status
{
stub_status on;
access_log off;
# allow 127.0.0.1;
}
location ~ .*\.php$
{
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
access_log /home/wwwroot/index/log/access.log combined;
error_log /home/wwwroot/index/log/error.log crit;
}
}
测试:用浏览器访问
详解:
1、轮询(默认)
每个请求按时间顺序逐一分配到不同的后端服务器,如果后端服务器down掉,能自动剔除。
2、weight
指定轮询几率,weight和访问比率成正比,用于后端服务器性能不均的情况。
例如:
upstream bakend {
server 23.247.78.254:80 weight=10;
server 107.179.101.254:8080 weight=10;
}
3、ip_hash
每个请求按访问ip的hash结果分配,这样每个访客固定访问一个后端服务器,可以解决session的问题。
当负载调度算法为ip_hash时,后端服务器在负载均衡调度中的状态不能是weight和backup。
例如:
upstream resinserver{
ip_hash;
server 23.247.78.254:80;
server 107.179.101.254:8080;
}
4、fair(第三方)
按后端服务器的响应时间来分配请求,响应时间短的优先分配。
upstream resinserver{
server server1;
server server2;
fair;
}
5、url_hash(第三方)
按访问url的hash结果来分配请求,使每个url定向到同一个后端服务器,后端服务器为缓存时比较有效。
例:在upstream中加入hash语句,server语句中不能写入weight等其他的参数,hash_method是使用的hash算法
upstream resinserver{
server squid1:3128;
server squid2:3128;
hash $request_uri;
hash_method crc32;
}
tips:
upstream resinserver{#定义负载均衡设备的Ip及设备状态
ip_hash;
server 127.0.0.1:8000 down;
server 127.0.0.1:8080 weight=2;
server 127.0.0.1:6801;
server 127.0.0.1:6802 backup;
}
在需要使用负载均衡的server中增加
proxy_pass http://resinserver/;
每个设备的状态设置为:
1.down 表示单前的server暂时不参与负载
2.weight 默认为1.weight越大,负载的权重就越大。
3.max_fails :允许请求失败的次数默认为1.当超过最大次数时,返回proxy_next_upstream 模块定义的错误
4.fail_timeout:max_fails次失败后,暂停的时间。
5.backup: 其它所有的非backup机器down或者忙的时候,请求backup机器。所以这台机器压力会最轻。
nginx支持同时设置多组的负载均衡,用来给不用的server来使用。
client_body_in_file_only 设置为On 可以讲client post过来的数据记录到文件中用来做debug
client_body_temp_path 设置记录文件的目录 可以设置最多3层目录
location 对URL进行匹配.可以进行重定向或者进行新的代理 负载均衡