Nginx4大模塊——proxy、headers、upstream、stream模塊

Nginx

應用程序發布：

灰度模型：

         (1) 如果存在用戶會話；

             從服務器上拆除會話；

         (2) 新版本應用程序存在bug；

             回滾；

ngx_http_proxy_module模塊：

1、proxy_pass URL;

Context: location, if in location, limit_except

    

注意：proxy_pass后面的路徑不帶uri時，其會將location的uri傳遞給后端主機

         server {

                 …

                 server_name HOSTNAME;

                 location /uri/ {

                      proxy http://hos[:port];

                 }

                 …

         }

        

         http://HOSTNAME/uri –> http://host/uri

    

proxy_pass后面的路徑是一個uri時，其會將location的uri替換為proxy_pass的uri

         server {

                 …

                 server_name HOSTNAME;

                 location /uri/ {

                      proxy http://host/new_uri/;

                 }

                 …

         }

        

         http://HOSTNAME/uri/ –> http://host/new_uri/

    

如果location定義其uri時使用了正則表達式的模式，則proxy_pass之后必須不能使用uri; 用戶請求時傳遞的uri將直接附加代理到的服務的之后

         server {

                 …

                 server_name HOSTNAME;

                 location ~|~* /uri/ {

                      proxy http://host;

                 }

                 …

         }

        

         http://HOSTNAME/uri/ –> http://host/uri/

2、proxy_set_header field value;

設定發往后端主機的請求報文的請求首部的值；Context: http, server, location

    

proxy_set_header X-Real-IP  $remote_addr;

    $remote_addr：記錄的是上一臺主機的IP，而上一臺主機有可能也是代理服務器

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    $proxy_add_x_forwarded_for：記錄的是源IP地址

    

在http客戶端還有修改/etc/httpd/conf/httpd.conf文件

    LogFormat "%{X-Real-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

    

    通過上述方法則可以在后端主機上記錄真實的httpd資源請求者，而不再是只記錄前端代理服務器的IP地址

3、proxy_cache_path

定義可用于proxy功能的緩存；Context: http

    

proxy_cache_path path [levels=levels] [use_temp_path=on|off] keys_zone=name:size [inactive=time] [max_size=size] [manager_files=number] [manager_sleep=time] [manager_threshold=time] [loader_files=number] [loader_sleep=time] [loader_threshold=time] [purger=on|off] [purger_files=number] [purger_sleep=time] [purger_threshold=time];

    

proxy_cache_path /var/cache/nginx/proxy_cache levels=1:2:1 keys_zone=gmtest:20M max_size=1G;

4、proxy_cache zone | off;

指明要調用的緩存，或關閉緩存機制；Context: http, server, location

    

proxy_cache gmtest;

5、 proxy_cache_key string;

緩存中用于“鍵”的內容；

    

默認值：proxy_cache_key $scheme$proxy_host$request_uri;

    建議定義成方法和url

6、proxy_cache_valid [code …] time;

定義對特定響應碼的響應內容的緩存時長；

    

定義在http{…}中；

    proxy_cache_path /var/cache/nginx/proxy_cache levels=1:1:1 keys_zone=gmtest:20m max_size=1g;

    

定義在需要調用緩存功能的配置段，例如server{…}，或者location中；

    proxy_cache gmtest;

    proxy_cache_key $request_uri;

    proxy_cache_valid 200 302 301 1h;

    proxy_cache_valid any 1m;

7、proxy_cache_use_stale

proxy_cache_use_stale error | timeout | invalid_header | updating | http_500 | http_502 | http_503 | http_504 | http_403 | http_404 | off …;

    

Determines in which cases a stale cached response can be used when an error occurs during communication with the proxied server.

    

后端服務器的故障在那種情況下，就使用緩存的功能對客戶的進行返回

8、proxy_cache_methods GET | HEAD | POST …;

If the client request method is listed in this directive then the response will be cached. “GET” and “HEAD” methods are always added to the list, though it is recommended to specify them explicitly.

    

默認方法就是GET HEAD方法

9、proxy_hide_header field;

By default, nginx does not pass the header fields “Date”, “Server”, “X-Pad”, and “X-Accel-…” from the response of a proxied server to a client. The proxy_hide_header directive sets additional fields that will not be passed.

10、proxy_connect_timeout time;

Defines a timeout for establishing a connection with a proxied server. It should be noted that this timeout cannot usually exceed 75 seconds.

    

默認為60s

11、buffer相關的配置

a：proxy_buffer_size size;

Sets the size of the buffer used for reading the first part of the response received from the proxied server. This part usually contains a small response header. By default, the buffer size is equal to one memory page.

    

默認為4k|8k

b：proxy_buffering on | off;

Enables or disables buffering of responses from the proxied server.

    

默認為on

c：proxy_buffers number size;

Sets the number and size of the buffers used for reading a response from the proxied server, for a single connection. By default, the buffer size is equal to one memory page.

    

默認為8 4k|8k

d：proxy_busy_buffers_size size;

When buffering of responses from the proxied server is enabled, limits the total size of buffers that can be busy sending a response to the client while the response is not yet fully read.

    

默認為8k|16k

ngx_http_headers_module模塊

The ngx_http_headers_module module allows adding the “Expires” and “Cache-Control” header fields, and arbitrary fields, to a response header.

向由代理服務器響應給客戶端的響應報文添加自定義首部，或修改指定首部的值；

1、add_header name value [always];

添加自定義首部；

    

add_header X-Via  $server_addr;

    經由的代理服務器地址

add_header X-Accel $server_name;

2、expires [modified] time;

expires epoch | max | off;

    

用于定義Expire或Cache-Control首部的值；

可以把服務器定義的緩存時長修改了；

ngx_http_upstream_module模塊

The ngx_http_upstream_module module is used to define groups of servers that can be referenced by the proxy_pass, fastcgi_pass, uwsgi_pass, scgi_pass, and memcached_pass directives.

1、upstream name { … }

定義后端服務器組，會引入一個新的上下文；Context: http

    

upstream httpdsrvs {

         server …

         server…

         …

}

2、server address [parameters];

在upstream上下文中server成員，以及相關的參數；Context: upstream

    

address的表示格式：

    unix:/PATH/TO/SOME_SOCK_FILE

    IP[:PORT]

    HOSTNAME[:PORT]

    

parameters：

         weight=number

             權重，默認為1；默認算法是wrr

         max_fails=number

             失敗嘗試最大次數；超出此處指定的次數時，server將被標記為不可用

         fail_timeout=time

             設置將服務器標記為不可用狀態的超時時長

         max_conns

             當前的服務器的最大并發連接數

         backup

             將服務器標記為“備用”，即所有服務器均不可用時此服務器才啟用

         down

             標記為“不可用”

             先在nginx前端配置down，然后在下架后端服務器，上架新的web程序，然后上架，在修改配置文件立馬的down

3、least_conn;

最少連接調度算法，當server擁有不同的權重時其為wlc

要在后端服務器是長連接時，效果才好，比如mysql

4、ip_hash;

源地址hash調度方法

5、hash key [consistent];

基于指定的key的hash表來實現對請求的調度，此處的key可以直接文本、變量或二者的組合

    

作用：將請求分類，同一類請求將發往同一個upstream server

    

If the consistent parameter is specified the ketama consistent hashing method will be used instead.

    

示例：

    hash $request_uri consistent;

    hash $remote_addr;

    hash $cookie_name; 對同一瀏覽器的請求，發往同一個upstream server

6、keepalive connections;

為每個worker進程保留的空閑的長連接數量

    

nginx的其它的二次發行版：

    tengine

    OpenResty

    

1.9版本之后可以反代tcp／udp的協議，基于stream模塊，工作與傳輸層

ngx_stream_core_module模塊

模擬反代基于tcp或udp的服務連接，即工作于傳輸層的反代或調度器

1、stream { … }

定義stream相關的服務；Context: main

    

stream {

         upstream sshsrvs {

                 server 192.168.22.2:22;

                 server 192.168.22.3:22;

                 least_conn;

         }

        

         server {

                 listen 10.1.0.6:22022;

                 proxy_pass sshsrvs;

         }

}

    

stream模塊中管的upstream模塊的用法同上

2、listen

listen address:port [ssl] [udp] [proxy_protocol] [backlog=number] [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];