Nginx因為很少用到,所以我對它很不熟悉,這次想學習之外,也想測試自己做一個load balance環境。負載平衡在中大型的網路環境裡是滿常見的設計,其實也是proxy的概念,目的除了讓流量分散、讓網站loading減輕以外,也可以做到failover,也就是其中一台主機當掉,網站仍然可以維持運作,最後則是proxy的設計也能有效保護上游的主機,上游主機不需要開放對外的網路,所有流量都必須先透過proxy節點,如果設計良好,至少遭到攻擊的時候不會影響到上游。
網站流量的基本環境:
1.用戶必須用https進入網站
2.proxy透過內網的http聯繫上游兩台nodes
3.nodes用內網,僅允許proxy透過80port訪問
一.兩台node安裝與配置Apache
1.安裝apache並配置config
[root@web1 ~]# dnf -yinstall httpd php
[root@web2 ~]# dnf -yinstall httpd php
[root@web1 ~]# systemctl start httpd
[root@web2 ~]# systemctl start httpd
[root@web2 ~]# dnf -yinstall httpd php
[root@web1 ~]# systemctl start httpd
[root@web2 ~]# systemctl start httpd
[root@web1 ~]# vim /etc/httpd/conf/httpd.conf
[root@web2 ~]# vim /etc/httpd/conf/httpd.conf
[root@web1 ~]# vim /etc/httpd/conf/httpd.conf
[root@web1 ~]# mkdir /var/www/html/glpi
[root@web2 ~]# mkdir /var/www/html/glpi
2.建立網站首頁
[root@web1 ~]# vim /var/www/html/glpi/index.php
<!DOCTYPE html>
<html>
<head>
<title>PHP Test</title>
</head>
<body>
<?php echo '<h1>This is WEB1</h1>'; ?>
</body>
</html>
[root@web2 ~]# vim /var/www/html/glpi/index.php
<!DOCTYPE html>
<html>
<head>
<title>PHP Test</title>
</head>
<body>
<?php echo '<h1>This is WEB2</h1>'; ?>
</body>
</html>
[root@web1 ~]# systemctl restart httpd
[root@web2 ~]# systemctl restart httpd
[root@web2 ~]# systemctl restart httpd
二.配置load balancer
[root@LB ~]# dnf -yinstall nginx
[root@LB ~]# vim /etc/nginx/nginx.conf \\大致上照抄就好,只有部分內容要做修改
[root@LB ~]# vim /etc/nginx/nginx.conf \\大致上照抄就好,只有部分內容要做修改
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
upstream backend {
server 10.100.12.15 weight=3; \\設定node1的內網ip,並選三次點擊切換到node2
server 10.100.12.16 max_fails=3 fail_timeout=10s; \\設定node2的ip,以及連線失敗的斷線時間
}
server {
listen 80;
listen [::]:80;
server_name glpi.lab-iankuo-web.com; \\聽80 port的doamin設定
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://backend/glpi; \\上游主機的轉發方式,有更完整路徑的話後面也要設定資料夾路徑
}
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 443 ssl;
server_name glpi.lab-iankuo-web.com; \\聽443 port的domain設定
ssl_certificate /etc/pki/tls/certs/fullchain.pem; \\SSL憑證
ssl_certificate_key /etc/pki/tls/private/privkey.pem; \\SSL金鑰
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256';
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
三.測試load balance功能與failover
1.load balance測試
點擊或刷新網站三次就會切換到另一台主機
2.failover測試
測試的方式也很容易,只要將node1的Apache關閉,然後繼續刷新網頁,若還能正常使用,且畫面是停留於WEB2,就表示網站的HA是成功的。
沒有留言:
張貼留言