本次实验后端为 geoserver
如下就可以实现基础的http反向代理
server {
listen 80;
server_name 192.168.144.100;
location / {
proxy_pass http://192.168.144.101:8080;
add_header backendIP $upstream_addr;
add_header backendCode $upstream_status;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $Server_name;
proxy_connect_timeout 30s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
proxy_buffering off;
}
通过页面访问192.168.144.100/geoserver
后端两个geoserver 服务器
配置:
upstream geoserver {
ip_hash;
server 192.168.144.101:8080;
server 192.168.144.103:8080;
}
server {
listen 80;
server_name 192.168.144.100;
location / {
proxy_pass http://geoserver;
client_max_body_size 500m;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header backendIP $upstream_addr;
add_header backendCode $upstream_status;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $Server_name;
proxy_connect_timeout 30s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
proxy_buffering off;
}
}
https 由Nginx 中-with-http_ssl_module 模块提供
检查nginx 安装的模块信息可以执行 nginx 脚本-V 选项查看
[root@localhost sbin]# ./nginx -V
创建自建证书
在nginx 安装目录下创建一个ssl目录
[root@localhost ~]# mkdir /usr/local/nginx/ssl
在ssl目录里执行下面命令创建自签名证书
[root@localhost ssl]#openssl genrsa -out ca.key 2048
[root@localhost ssl]#openssl req -new -x509 -key ca.key -out server.crt -days 3650
添加相关代码如下
server {
listen 443 ssl;
server_name 192.168.144.102;
ssl_certificate /usr/local/nginx/ssl/server.crt;
ssl_certificate_key /usr/local/nginx/ssl/ca.key;
location / {
proxy_pass https://192.168.144.101:443;
client_max_body_size 500m;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header backendIP $upstream_addr;
add_header backendCode $upstream_status;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $Server_name;
proxy_connect_timeout 30s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
proxy_buffering off;
}
}
TCP 代理由–with-stream模块提供,使用tcpd代理需安装此模块
查看是否安装此模块
[root@localhost sbin]# ./nginx -V
没有的话,需要手动添加:按照下面平滑升级方式中的前6各步骤操作
详细配置如下
stream{
upstream mysql{
#这里代理mysql,其端口是3306
server 10.0.0.7:3306;
}
server {
#监听3306端口
listen 3306;
proxy_pass mysql;
}
#####################################
upstream oracle{
#这里代理oracle,其端口是1521
server 10.0.0.7:1521;
}
server {
#监听1521端口
listen 1521;
proxy_pass oracle;
}
}
1,当前版本查看
[root@localhost sbin]# ./nginx -V
2,解压新版本安装包
tar -zxvf nginx-1.20.2.tar.gz
3,进入新版安装包文件
cd nginx-1.20.2/
4,初始化 (若是添加新模块,可在后面追加模块名称)
./configure --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --error-log-path=/usr/local/nginx/tmp/error.log --http-log-path=/usr/local/nginx/tmp/access.log --pid-path=/usr/local/nginx/tmp/nginx.pid --lock-path=/usr/local/nginx/tmp/nginx.lock --with-http_ssl_module
5,编译,不要make install
make
6,进入objs 目录
cd objs/
./nginx -V
7 拷贝启动文件到老版本nginx的sbin目录下(将老版本的启动文件提前备份下)
mv nginx /usr/local/nginx/sbin/
8 ,#检测一下有没有问题
[root@localhost sbin]# ./nginx -t
#USR2 平滑升级可执行程序,将存储有旧版本主进程ID的文件重命名为nginx.pid.oldbin,跟着启动新的
nginx
#此时两个master的进程都在运行,只是旧的master不在监听,由新的master监听80
#此时Nginx开启一个新的master进程,这个master进程会生成新的worker进程,这就是升级后的Nginx进程,此时老的进程不会自动退出,但是当接收到新的请求不作处理而是交给新的进程处理。
kill -USR2 `cat /usr/local/nginx/tmp/nginx.pid`
ps -auxf | grep nginx
#先关闭旧nginx的worker进程,而不关闭nginx主进程方便回滚
#向原Nginx主进程发送WINCH信号,它会逐步关闭旗下的工作进程(主进程不退出),这时所有请求都会由新版Nginx处理
kill -WINCH `cat /usr/local/nginx/tmp/nginx.pid.oldbin`
ps -auxf | grep nginx
查看当前版本是否完成升级
curl -I 127.0.0.1
#经过一段时间测试,新版本服务没问题,最后退出老的master
kill -QUIT `cat /usr/local/nginx/tmp/nginx.pid.oldbin`
ps -auxf | grep nginx