Nignx反向代理负载均衡

Nignx反向代理负载均衡

   1.web1和web2配置安装

   
   
yum install httpd -y #安装httpd
echo 192.168.1.188 >/var/www/html/index.html #输入网站显示各自IP
systemctl restart httpd
firewall-cmd --permanent --add-port=80/tcp #开启防火墙80端口
firewall-cmd --reload
#测试，浏览器登录IP查看，是否正常启动。

   2.Nginx负载均衡器配置安装

       1.nginx编译安装

   
   
#添加不可登录的nginx用户
useradd -s /sbin/nologin nginx
#安装nginx编译工具和必要的库
yum -y install gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel gcc-c++
#下载nginx源码包，并解压
wget http://nginx.org/download/nginx-1.10.3.tar.gz
tar -zxvf nginx-1.10.3.tar.gz
cd nginx-1.10.3

#取消debug模式（优化）
vim auto/cc/gcc
#注释以下内容
# debug
#CFLAGS="$CFLAGS -g"

#设置参数 参数具体参考《Nginx编译参数》
./configure \
--prefix=/usr/local/nginx \
--with-http_ssl_module 
#编译并安装 
make && make install

       2.利用TCMalloc优化Nginx性能（可选）

           1.安装libunwind

   
   
wget http://ftp.twaren.net/Unix/NonGNU//libunwind/libunwind-1.1.tar.gz
tar -zxf libunwind-1.1.tar.gz
cd libunwind-1.1
./configure CFLAGS=-fPIC
make CFLAGS=-fPIC
make CFLAGS=-fPIC install 

           2.安装gperftools

    
    

wget https://github.com/gperftools/gperftools/releases/download/gperftools-2.1.90/gperftools-2.1.90.tar.gz
tar -zxf gperftools-2.1.90.tar.gz
cd gperftools-2.1.90
./configure #提前安装gcc+（yum install gcc-c++ -y）
make && make install
echo "/usr/local/lib" > /etc/ld.so.conf.d/usr_local_lib.conf
ldconfig

           3.编译nginx从而加载google_perftools_module

   
   
./configure \
--prefix=/usr/local/nginx \
--with-http_ssl_module \
--with-google_perftools_module 
make 
#替换二进制文件
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
cp ./objs/nginx /usr/local/nginx/sbin

           4.为 google_perftools创建线程目录

    
    
mkdir /tmp/tcmalloc
chmod 777 /tmp/tcmalloc/

           5.nginx配置文件加入后启动

   
   
vim /usr/local/nginx/conf/nginx.conf

google_perftools_profiles /tmp/tcmalloc;

           6.查看安装是否成功（yum install lsof -y）

   
   
 lsof -n | grep tcmalloc

       3.编辑nginx配置文件

   
   
vim /usr/local/nginx/conf/nginx.conf
#参数意思参考《nginx简介与配置》
user  nginx nginx;
worker_processes  4;
worker_cpu_affinity 0001 0010 0100 1000;
error_log  logs/error.log  info;
pid        logs/nginx.pid;
google_perftools_profiles /tmp/tcmalloc;
worker_rlimit_nofile 65535;
events {
    use epoll;
    worker_connections  65535;    
}
http {
    include mime.types;
    default_type application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  logs/access.log  main;
    error_log logs/error.log crit;
    
    charset utf-8;
    server_names_hash_bucket_size 128; 
    client_max_body_size 8m;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 64k;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;    
    keepalive_timeout 60;
    client_header_timeout 10;
    client_body_timeout 10;
    send_timeout 10;
    
    gzip on; 
    gzip_min_length 1k; 
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types text/plain application/x-javascript text/css application/xml;
    gzip_vary on;
     
    proxy_buffering on;
    proxy_connect_timeout      5;
    proxy_send_timeout         5;
    proxy_read_timeout         60;
    proxy_buffer_size          16k;
    proxy_buffers              4 32k;
    proxy_busy_buffers_size    64k;
    proxy_temp_file_write_size 64k;
    proxy_cache_path /data/proxy/cache levels=1:2 keys_zone=cache_one:500m inactive=1d max_size=1g;
    proxy_temp_path /data/proxy/temp;
        
    upstream my_server_pool {
        ip_hash;
        server 192.168.1.186:80 weight=2 max_fails=2 fail_timeout=30;
        server 192.168.1.188:80 weight=2 max_fails=2 fail_timeout=30;
    }
    server {
    listen       80;
    server_name  localhost;
    location / {
        proxy_cache cache_one;
        proxy_cache_valid 200 304 12h;
        proxy_cache_key $host$uri$is_args$args;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr; 
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  
        proxy_pass  http://my_server_pool;
        expires    1d;
    }

    location ~.*\.(jsp|php|jspx)?$ { 
        proxy_set_header Host $host; 
        proxy_set_header X-Real-IP $remote_addr; 
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;   
        proxy_pass http://my_server_pool;
    }
    }
}

    
    
#创建缓存目录
mkdir -p /data/proxy/cache
mkdir -p /data/proxy/temp
chown -R nginx:nginx /data/

       4.启动nginx

     
     
/usr/local/nginx/sbin/nginx

       5.开启防火墙

      
      
firewall-cmd --permanent --add-port=80/tcp #开启防火墙80端口
firewall-cmd --reload

   3.系统优化

       
       
#内核优化
vim /etc/sysctl.conf

net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30

sysctl -p #立即生效

        
        
#nginx配置改后，但系统默认进程最大打开文件1024，所以需要改变
#立即生效
ulimit -n 65535 
ulimit -u 65535
#永久生效
#一个nginx进程打开的最多文件描述符数目，理论值应该是最多打开文件数（ulimit -n）与nginx进程数相除，但是nginx分配请求并不是那么均匀，所以最好与ulimit -n的值保持一致。
vim /etc/security/limits.conf
*                soft    nproc          65535
*                hard    nproc          65535
*                soft    nofile         65535
*                hard    nofile         65535

   4.测试(访问192.168.1.166)