Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about the implementation of Nginx load balancer / SSL configuration, which may not be well understood by many people. In order to make you understand better, the editor summarizes the following contents. I hope you can get something from this article.

What is load balancing?

When a domain name refers to multiple web servers, add a nginx load balancing server to send requests from the client to each web server through nginx load balancing, avoiding the imbalance in which the load of a single server is too high and the rest of the servers are idle.

Configure nginx load balancing:

Create a new profile on the nginx machine:

[root@centos02 ~] # vi / etc/nginx/conf.d/test.conf

Add the following:

Upstream test {ip_hash; server 192.168.0.10 weight=100; server 192.168.0.20 weight=50;} server {listen 80; server_name www.test.com; location / {proxy_pass http://test; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}}

Upstream: load balancing configuration

Test: custom name for proxy_pass references in server {}

Ip_hash: send all requests from the same client to the same server (if it is not sent to the same server, it is possible that the client has just logged in to the website, click on other sub-pages and prompt to log in)

Server:web server address

Weight: define the weight (range: 0-100). The load balancer server gives priority to sending requests to the heavily weighted web server (in the above example, if there are 150 requests coming in, 192.168.0.10 will be assigned 100, 192.168.0.20 will be assigned 50)

Server_name: the domain name that accesses the website

Proxy_pass: the name that references the upstream definition

Verify the nginx configuration and reload:

[root@centos02 ~] # nginx-tnginx: the configuration file / etc/nginx/nginx.conf syntax is oknginx: configuration file / etc/nginx/nginx.conf test is successful [root@centos02 ~] # nginx-s reload

Next, modify the client hosts file to point the tested domain name www.test.com to the IP of the tested nginx load balancer machine to access the www.test.com website.

Supplement to the load balancing configuration example

1. Based on the requested file configuration:

Upstream aa {server 192.168.0.10; server 192.168.0.20;} upstream bb {server 192.168.0.100; server 192.168.0.101;} server {listen 80; server_name www.test.com; location ~ aa.php {proxy_pass http://aa/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;} location ~ bb.php {proxy_pass http://bb/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;} location / {proxy_pass http://bb/; proxy_set_header Host $host Proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}}

Those who request aa.php will go to the aa group, those who request bb.php will go to the bb group, and all other requests will go to the bb group. There must be location / {}, otherwise the url cannot be matched correctly.

two。 Configure according to the requested directory:

Upstream aa {server 192.168.0.10; server 192.168.0.20;} upstream bb {server 192.168.0.100; server 192.168.0.101;} server {listen 80; server_name www.test.com; location / dir1/ {proxy_pass http://aa/dir1/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;} location / dir2/ {proxy_pass http://bb/dir2/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;} location / {proxy_pass http://bb/; proxy_set_header Host $host Proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}}

# proxy to bb/dir2/ when request uri match / dir1/, proxy to aa/dir1/, match / dir2/ or other

Nginx configures SSL certificate to access the website through https protocol:

SSL Certificate Application website:

1. Https://www.wosign.com/

2. Https://freessl.cn/( is free)

# after generating through the browser, you need to create a certificate file on the server

Create a certificate file:

[root@linux ~] # mkdir / etc/nginx/ssl [root@linux ~] # cd! $cd / etc/nginx/ssl [root@linux ssl] # touch ca [root@linux ssl] # touch test.crt [root@linux ssl] # touch test.key

# add the contents of the corresponding certificate provided by the certificate application website to the ca/ .crt / .key file

Edit the nginx configuration file:

[root@linux ~] # vi / etc/nginx/conf.d/bbs.conf

Add the following:

Listen 443 ssl;server_name test.bbs.com;ssl on;ssl_certificate / etc/nginx/ssl/test.crt; # definition .crt file path ssl_certificate_key / etc/nginx/ssl/test.key; # definition .key file path ssl_protocols TLSv1 TLSv1.1 TLSv1.2

Verify the configuration and reload nginx:

[root@linux ~] # nginx-tnginx: the configuration file / etc/nginx/nginx.conf syntax is oknginx: configuration file / etc/nginx/nginx.conf test is successful [root@linux ~] # nginx-s reload

# then visit the address bar of the website to display HTTPS

Curl authentication method:

Curl-k-H "host:test.bbs.com" https://192.168.234.128/index.php

# host: domain name, https:// webserver IP. If the output result is the page tag information of the website, it means success.

After reading the above, do you have any further understanding of the implementation of Nginx load balancing / SSL configuration? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.