ngx_http_upstream_module模块 #分流
The ngx_http_upstream_module module is used to define groups of servers that can be referenced by the proxy_pass, fastcgi_pass, uwsgi_pass, scgi_pass, and memcached_pass directives.
ngx_http_upstream_module模块
The ngx_http_upstream_module module is used to define groups of servers that can be referenced by the proxy_pass, fastcgi_pass, uwsgi_pass, scgi_pass, and memcached_pass directives.
1、upstream name { … }
定义后端服务器组,会引入一个新的上下文;Context: http
upstream httpdsrvs {
server …
server…
…
}
2、server address [parameters];
在upstream上下文中server成员,以及相关的参数;Context: upstream
address的表示格式:
unix:/PATH/TO/SOME_SOCK_FILE
IP[:PORT]
HOSTNAME[:PORT]
parameters:
weight=number
权重,默认为1;
max_fails=number
失败尝试最大次数;超出此处指定的次数时,server将被标记为不可用;
fail_timeout=time
设置将服务器标记为不可用状态的超时时长;
max_conns
当前的服务器的最大并发连接数;
backup
将服务器标记为“备用”,即所有服务器均不可用时此服务器才启用;
down
标记为“不可用”;
3、least_conn;
最少连接调度算法,当server拥有不同的权重时其为wlc;
4、 ip_hash;
源地址hash调度方法;
5、hash key [consistent];
基于指定的key的hash表来实现对请求的调度,此处的key可以直接文本、变量或二者的组合;
作用:将请求分类,同一类请求将发往同一个upstream server;
If the consistent parameter is specified the ketama consistent hashing method will be used instead.
示例:
hash $request_uri consistent;
hash $remote_addr;
6、keepalive connections;
为每个worker进程保留的空闲的长连接数量;
nginx的其它的二次发行版:
tengine
OpenResty
ngx_stream_core_module模块
模拟反代基于tcp或udp的服务连接,即工作于传输层的反代或调度器;
1、stream { … }
定义stream相关的服务;Context:main
stream {
upstream sshsrvs {
server 192.168.22.2:22;
server 192.168.22.3:22;
least_conn;
}
server {
listen 10.1.0.6:22022;
proxy_pass sshsrvs;
}
}
2、listen
listen address:port [ssl] [udp] [proxy_protocol] [backlog=number] [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
博客作业:以上所有内容;
思考:
(1) 动态资源存储一组服务器、图片资源存在一组服务器、静态的文本类资源存储在一组服务器;如何分别调度?
(2) 动态资源基于fastcgi或http协议(ap)?
lnamp
memcached:
memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.
缓存服务器:
缓存:cache,无持久存储功能;
bypass缓存
k/v cache,仅支持存储流式化数据;
LiveJournal旗下的Danga Interactive研发,
特性:
k/v cache:仅可序列化数据;存储项:k/v;
智能性一半依赖于客户端(调用memcached的API开发程序),一半依赖于服务端;
分布式缓存:互不通信的分布式集群;
分布式系统请求路由方法:取模法,一致性哈希算法;
算法复杂度:O(1)
清理过期缓存项:
缓存耗尽:LRU
缓存项过期:惰性清理机制
安装配置:
由CentOS 7 base仓库直接提供:
监听的端口:
11211/tcp, 11211/udp
主程序:/usr/bin/memcached
配置文件:/etc/sysconfig/memcached
Unit File:memcached.service
协议格式:memcached协议
文本格式
二进制格式
命令:
统计类:stats, stats items, stats slabs, stats sizes
存储类:set, add, replace, append, prepend
命令格式:<command name> <key> <flags> <exptime> <bytes>
<cas unique>
检索类:get, delete, incr/decr
清空:flush_all
示例:
telnet> add KEY <flags> <expiretime> <bytes> \r
telnet> VALUE
memcached程序的常用选项:
-m <num>:Use <num> MB memory max to use for object storage; the default is 64 megabytes.
-c <num>:Use <num> max simultaneous connections; the default is 1024.
-u <username>:以指定的用户身份来运行进程;
-l <ip_addr>:监听的IP地址,默认为本机所有地址;
-p <num>:监听的TCP端口, the default is port 11211.
-U <num>:Listen on UDP port <num>, the default is port 11211, 0 is off.
-M:内存耗尽时,不执行LRU清理缓存,而是拒绝存入新的缓存项,直到有多余的空间可用时为止;
-f <factor>:增长因子;默认是1.25;
-t <threads>:启动的用于响应用户请求的线程数;
memcached默认没有认证机制,可借用于SASL进行认证;
SASL:Simple Authentication Secure Layer
API:
php-pecl-memcache
php-pecl-memcached
python-memcached
libmemcached
libmemcached-devel
命令行工具:
memcached-tool SERVER:PORT COMMAND
Nginx(4)
LB Cluster:
传输层:lvs、nginx、haproxy
应用层:nginx(http, https, smtp, pop, imap), haproxy(http), httpd(http/https), ats, perlbal, pound, …
nginx load balancer:
tcp/udp
nginx proxy:
reverse proxy:
应用程序发布:
灰度模型:
(1) 如果存在用户会话;
从服务器上拆除会话;
(2) 新版本应用程序存在bug;
回滚;
ngx_http_proxy_module
(1) proxy_pass URL;
location, if in location, limit_except
注意:proxy_pass后面的路径不带uri时,其会将location的uri传递给后端主机;
location /uri/ {
proxy_pass http://HOST;
}
proxy_pass后面的路径是一个uri时,其会将location的uri替换为proxy_pass的uri;
location /uri/ {
proxy_pass http://HOST/new_uri/;
}
如果location定义其uri时使用正则表达式的模式,则proxy_pass之后必须不能使用uri;
location ~|~* PATTERN {
proxy_pass http://HOST;
}
(2) proxy_set_header field value;
设定发往后端主机的请求报文的请求首部的值;
示例:
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for
(3) proxy_cache_path
proxy_cache_path path [levels=levels] [use_temp_path=on|off] keys_zone=name:size [inactive=time] [max_size=size] [loader_files=number] [loader_sleep=time] [loader_threshold=time] [purger=on|off] [purger_files=number] [purger_sleep=time] [purger_threshold=time];
(4) proxy_cache zone | off;
调用的缓存的名称,或禁用缓存;
(5) proxy_cache_key string;
缓存条目的键;
(6) proxy_cache_valid [code …] time;
对各类响应码的缓存时长;
使用示例:
定义在http{}中:
proxy_cache_path /var/cache/nginx/proxy_cache levels=1:2:1 keys_zone=pcache:10m max_size=1g;
定义在server{}及其内部的组件中:
proxy_cache pcache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 301 1h;
proxy_cache_valid any 1m;
(7) proxy_cache_use_stale error | timeout | invalid_header | updating | http_500 | http_502 | http_503 | http_504 | http_403 | http_404 | off …;
(8) proxy_connect_timeout
proxy_read_timeout
proxy_send_timeout
(9) proxy_buffer_size
proxy_buffering
proxy_buffers
ngx_http_headers_module
The ngx_http_headers_module module allows adding the “Expires” and “Cache-Control” header fields, and arbitrary fields, to a response header.
(1) add_header name value [always];
向响应报文中添加自定义首部;
可用上下文:http, server, location, if in location
add_header X-Via $server_addr;
add_header X-Accel $server_name;
(2) expires [modified] time;
expires epoch | max | off;
用于定义Expire或Cache-Control首部的值,或添加其它自定义首部;
回顾:
LB Cluster:
传输层:lvs, nginx(stream), haproxy(mode tcp)
应用层:
http/https:nginx(upstream), haproxy(mode http), httpd, ats, perlbal, pound, …
lvs:
类型:nat/dr/tun/fullnat
算法:
静态:rr, wrr, sh, dh
动态:lc, wlc, sed, nq, lblc, lblcr
session保持:
session sticky(SourceIP/Cookie)
session replication cluster
session server(redis/…)
Nginx:
web:web server, web reverse proxy
mail:mail reverse proxy
tcp/udp:stream module
ngx_http_proxy_module
proxy_path
proxy_cache_path
proxy_cache
proxy_cache_key
proxy_cache_valid
proxy_cache_methods
Nginx(4)
ngx_http_upstream_module
The ngx_http_upstream_module module is used to define groups of servers that can be referenced by the proxy_pass, fastcgi_pass, uwsgi_pass, scgi_pass, and memcached_pass directives.
(1) upstream name { … }
定义后端服务器组;引入一个新的上下文;只能用于http{}上下文中;
默认的调度方法是wrr;
(2) server address [parameters];
定义服务器地址和相关的参数;
地址格式:
IP[:PORT]
HOSTNAME[:PORT]
unix:/PATH/TO/SOME_SOCK_FILE
参数:
weight=number
权重,默认为1;
max_fails=number
失败尝试的最大次数;
fail_timeout=time
设置服务器为不可用状态的超时时长;
backup
把服务器标记为“备用”状态;
down
手动标记其为不可用;
(3) least_conn;
最少连接调度算法; 当server拥有不同的权重时为wlc;当所有后端主机的连接数相同时,则使用wrr进行调度;
(4) least_time header | last_byte;
最短平均响应时长和最少连接;
header:response_header;
last_byte: full_response;
仅Nginx Plus有效;
(5) ip_hash;
源地址hash算法;能够将来自同一个源IP地址的请求始终发往同一个upstream server;
(6) hash key [consistent];
基于指定的key的hash表实现请求调度,此处的key可以文本、变量或二者的组合;
consistent:参数,指定使用一致性hash算法;
示例:
hash $request_uri consistent
hash $remote_addr
hash $cookie_name
(7) keepalive connections;
可使用长连接的连接数量;
(8) health_check [parameters];
定义对后端主机的健康状态检测机制;只能用于location上下文;
可用参数:
interval=time:检测频率,默认为每隔5秒钟;
fails=number:判断服务器状态转为失败需要检测的次数;
passes=number:判断服务器状态转为成功需要检测的次数;
uri=uri:判断其健康与否时使用的uri;
match=name:基于指定的match来衡量检测结果的成败;
port=number:使用独立的端口进行检测;
仅Nginx Plus有效;
(9) match name { … }
Defines the named test set used to verify responses to health check requests.
定义衡量某检测结果是否为成功的衡量机制;
专用指令:
status:期望的响应码;
status CODE
status ! CODE
…
header:基于响应报文的首部进行判断
header HEADER=VALUE
header HEADER ~ VALUE
…
body:基于响应报文的内容进行判断
body ~ “PATTERN”
body !~ “PATTERN”
仅Nginx Plus有效;
博客作业:以上所有内容;
课外实践:实践tengine和Openresty;
ngx_stream_core_module
The ngx_stream_core_module module is available since version 1.9.0. This module is not built by default, it should be enabled with the –with-stream configuration parameter.
(1) listen address:port [ssl] [udp] [backlog=number] [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
监听的端口;
默认为tcp协议;
udp: 监听udp协议的端口;
ngx_stream_proxy_module
The ngx_stream_proxy_module module (1.9.0) allows proxying data streams over TCP, UDP (1.9.13), and UNIX-domain sockets.
(1) proxy_pass address;
Sets the address of a proxied server. The address can be specified as a domain name or IP address, and a port or as a UNIX-domain socket path.
(2) proxy_timeout timeout;
Sets the timeout between two successive read or write operations on client or proxied server connections. If no data is transmitted within this time, the connection is closed.
默认为10m;
(3) proxy_connect_timeout time;
Defines a timeout for establishing a connection with a proxied server.
设置nginx与被代理的服务器尝试建立连接的超时时长;默认为60s;
示例:
stream {
upstream sshsrvs {
server 192.168.10.130:22;
server 192.168.10.131:22;
hash $remote_addr consistent;
}
server {
listen 172.16.100.6:22202;
proxy_pass sshsrvs;
proxy_timeout 60s;
proxy_connect_timeout 10s;
}
}
编译安装:
前提:开发环境,包括nginx编译要启用的功能依赖到的开发库;
yum groupinstall “Development Tools” “Server Platform Development”
yum -y pcre-devel openssl-devel
编译过程:
./configure –prefix=/usr/local/nginx –sbin-path=/usr/sbin/nginx –conf-path=/etc/nginx/nginx.conf –error-log-path=/var/log/nginx/error.log –http-log-path=/var/log/nginx/access.log –user=nginx –group=nginx –with-http_ssl_module –with-http_stub_status_module –with-http_flv_module –with-http_mp4_module –with-threads –with-file-aio
make && make install
课程实践:
nginx–> AMPs(wordpress)
nginx–> FPMs(wordpress)
nginx–> images servers ( imgs.magedu.com)
location ~* .(jpg|png|gif|jpeg)$ {
…
}
dynamic content servers (shop.magedu.com)
location ~* .php$ {
…
}
location / {
…
}
自定义错误404和5xx错误页,文本静态内容传输压缩;