The premise to prepare
The first is for the Installation of Linux environment (local machine is Windows version, we can use Vmware, but need to configure network connection, etc., here will not show the virtual machine demonstration. Here, the personal Aliyun cloud server is used with XFTP and Xshell for file uploading and command line input.)
Note: the following commands are used by CentOS7.
Let’s start with a series of dependencies:
GCC installation:
Yum -y install GCC automake autoconf libtool make yum install GCC GCC GCC c++
Pcre installation
CD/usr/local/SRC wget tar ZXVF - Pcl-8.40.tar. gz CD pcl-8.40./configuremake && make install
Zlib installation
CD /usr/local/src wget wget -zxvf Zlib-1.2.11.tar. gz CD zlib-1.2.11. /configuremake && make installyum install -y zlib zlib-devel
Openssl installation
CD/user/local/SCR wget tar - ZXVF openssl - t.t ar 1.0.1. Gz
Nginx installation
CD/user/local/SCR wget ZXVF nginx - 1.1.10. Tar. GZCD Nginx - 1.1.10. / configuremake && make install to start the nginx/usr/local/nginx/sbin/nginx - c/usr/local/nginx/conf/nginx. Conf
After completion, you can first check your own server to open what ports:
Firewall-cmd --list-all
If the port is not developed, you can run the following command to open the port:
Firewall-cmd --zone=public --add-port=80/ TCP --permanent #
Firewall Settings
Service # stop firewald. service # Stop firewald. service # Stop firewald. service # Enable firewall
Nginx basic commands
- After completing the basic preparation above, you have started nginx, check the current situation of nginx:
Ps - ef | grep nginx
- Start, stop, and restart nginx.
CD /usr/local/sbin /usr/local/sbin /nginx # indicates to start nginx./nginx -s stop # indicates to stop nginx. /nginx -s reload # indicates a restart, usually used after the configuration file has been modified.
Nginx starts on port 80 by default, so you can access the IP address directly.
Configuration file explanation:
First is the address configuration file: / usr/local/nginx/conf/nginx. Conf.
Nginx configuration files are divided into three main blocks:
The global fast
The contents from the configuration file to the Events block will mainly set some configuration instructions affecting the overall operation of the Nginx server, including the configuration of users (groups) running the Nginx server, the number of worker processes allowed to be generated, Process PID storage path, log storage path and type, and configuration file import.
For example, as configured in the first line below:
worker_processes 1;
This is a key configuration for Nginx server concurrent processing service. The larger worker_processes value is, the more concurrent processing it can support is limited by hardware, software, and other devices
The events of
events { worker_connections 1024; }
The instructions involved in the Events block mainly affect the network connection between the Nginx server and the user. The commonly used Settings include whether to enable serialization of network connections under the multi-work process, whether to allow multiple network connections to be received at the same time, and which event-driven model to process connection requests. Maximum number of connections that each Word process can support at the same time, etc.
The above example indicates that each work process supports a maximum of 1024 connections. This part of the configuration has a great impact on Nginx performance, and should be flexibly configured in practice.
HTTP block
http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; }................................................
This is the most frequent part of the Nginx server configuration, where most functions such as proxies, caching, and logging definitions are configured, as well as third-party modules.
Note that HTTP blocks can also include HTTP global blocks, server blocks
HTTP global block
HTTP global block configuration instructions include file import, MIME-Type definition, log customization, connection timeout, maximum number of single link requests, and so on.
The server block
This and virtual host has a close relationship, virtual host from the user’s point of view, and an independent hardware host is exactly the same, the technology is produced in order to save the cost of Internet server hardware.
Each HTTP block can contain multiple Server blocks, and each server block is equivalent to a virtual host.
Each Server block is also divided into global Server blocks and can contain multiple Locaton blocks simultaneously.
1. Global server block
The most common configuration is the listening configuration of the host and the name or IP configuration of the host.
2, the location
A server block can be configured with multiple Location blocks.
The main purpose of this block is to process a specific request based on the request string received by the Nginx server (e.g. Server_name/URI-string), matching any string other than the virtual host name (or IP alias) (e.g. / URI-string). Address targeting, data caching and response control, as well as many third-party modules are configured here.
The reverse proxy
What is a reverse proxy?
Before you look at reverse proxies, look at forward proxies:
Forward proxy: If the Internet outside the LAN is regarded as a huge resource library, clients on the LAN need to access the Internet through a proxy server. This proxy service is called forward proxy. In short, it plays a role in helping to reach the target network.
Reverse proxy: Reverse proxy, in fact, the client’s agent is no perception, because the client does not require any configuration can access, we only need to send the request to the reverse proxy server, the reverse proxy server to select the target server to get data, and then returned to the client, the reverse proxy server and the target server is a server, The proxy server address is exposed and the real server IP address is hidden.
Here’s an example: For Tomact, the default access is port 8080, but we don’t want to enter port 80 to access directly, so we need to directly access port 80 to access the nginx server, and then configure the configuration file. Forward the request to our Tomcat server.
We can perform the following configuration:
Perform the following configuration in the HTTP module:
server { listen 80; # server_name localhost; server_name 121.*.*.34; Location / {root HTML; Proxy_pass; Tomact = tomact = tomact = tomact = tomact }}
After the configuration is complete, restart the service. The following information is displayed: Indicates that port 80 is switched to port 8080
Example 2
In the example above, we are still accessing the default port 80. What if we want to access the default port 80? What if we want to access another port, or access information with a path? Here we can create another server and select the port information that we’re listening to. Do this in location.
server { listen 3308; Server_name localhost; Webpage under tomcat, add an index.html page. Proxy_pass; }}
At this time, we can access the following website: you can find the following 3308 (please enable the port in advance when testing yourself) port with the edu path and the corresponding index.html can access the corresponding page information under our Tomact server.
Load balancing
Load balancing is to allocate load to different service units to ensure service availability and fast response, providing users with good experience. The rapid growth of visitors and data traffic has led to the birth of a variety of load balancing products. Many professional load balancing hardware provide good functions but are expensive, which makes load balancing software popular. Nginx is one of them. Nginx, LVS, Haproxy and other services provide load balancing services under Linux, and Nginx provides several allocation methods (strategies) :
- Polling (default) Each request is allocated to a different backend server one by one in chronological order. If the backend server goes down, it is automatically removed.
- Weight Indicates the weight. The default value is 1. The higher the weight is, the more clients will be allocated. Upstream server_pool {server weight = 10; Server weight = 10; }
- Ip_hash Each request is allocated according to the hash result of the access IP address. In this way, each visitor accesses the same back-end server, which can solve the session problem. upstream server_pool{ ip_hash; Server weight = 10; Server weight = 10; }
- Fair (Third Party)
Requests are allocated based on the response time of the back-end server, with priority given to those with short response times.
upstream server_pool{ fair; Server weight = 10; Server weight = 10; }
The instance
Add upstream to HTTP:
HTTP {... Fair # indicates which service is allocated at the appropriate time to respond to the current request. Server; Server; Tomcat server; tomcat server; Server; }server{ listen 80; Server_name; ... Location /{proxy_pass http://myserver # myserver }}
In this way, data can be forwarded when accessing port 80 of the machine, and a specific host can be selected to receive the corresponding service
High availability
Introduction to the
About this part of knowledge, I used Docker to build back-end Nginx load balancing when I learned load balancing based on Mysql and Redis cluster projects. Meanwhile, the specific information of this part is also reflected in my personal GithubGithub project address account.
Both the creation of nginx cluster and the completion of load balancing provide great convenience for Docker. At that time, docker configuration was mixed with some other configurations, which may be separated or need some time to understand, so I will analyze and study this part separately.
The instance
For specific logical information, the project load balancing on my Mysql and Redis cluster above is basically saying: In order to prevent the problem of only one Nginx causing the problem, we add two nginx polling, but this polling work does not need to be done by ourselves, but a third-party tool Keepalived to help us complete the series of work, as shown below: Using heartbeat detection, to specifically detect the failure of the machine, and IP virtualization, only need to record an IP information, and then the following operations
- The first is that there are two servers, Yum install keepalived -y # install RPM -q -a keepalived # install keepalived vi /etc/keepalived vi Keepalive.conf
- Then modify the configuration information of the files in both Keepalived:
global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } Notification_email_from Alexandre.Cassen@firewall.loc smtp_server smtp_connect_timeout 30 Router_id LVS_DEVEL # only}vrrp_script chk_http_port {script "/usr/local/src/" interval 2 # # Script setup weight increased by 2. }vrrp_instance VI_1 {state BACKUP # ens33 # virtual_Router_id 51 # Virtual_router_id must be the same priority 100 # Set different priorities for the active and standby hosts. Advert_int 1 # Perform a heartbeat check. Send a check message every second to check for survival. Authentication {auth_type PASS auth_pass 1111} virtual_ipaddress { # virtual address}}
- The preparation of script files is different from the way of using Docker. The following is the solution using DCOker and the different configuration files.
Below we write specific information to see if nginx survives. The directory is /usr/local/src/.
#! / bin/bash A = ` ps - C nginx - no - the header | wc -l ` if [$A - eq 0]; Then/usr/local/nginx/sbin/nginx sleep 2 # see if nginx is still alive if [` ps - C nginx - no - the header | wc -l ` - eq 0]; Then killall Keepalived Fi Fi
- Keepalived start command: systemctl start keepalived
We visit the virtual address, and two Keepalived servers preempt the virtual IP and send service requests to different nginx servers, ensuring that if one server fails, the other will still work.