二、NGINX反向代理

正向代理是一个位于客户端和原始服务器(origin server)之间的服务器，为了从原始服务器取得内容，客户端向代理发送一个请求并指定目标(原始服务器)，然后代理向原始服务器转交请求并将获得的内容返回给客户端。客户端必须要进行一些特别的设置才能使用正向代理。

正向代理的典型用途是为在防火墙内的局域网客户端提供访问Internet的途径。

反向代理正好相反，对于客户端而言它就像是原始服务器，并且客户端不需要进行任何特别的设置。客户端向反向代理的命名空间(name-space)中的内容发送普通请求，接着反向代理将判断向何处(原始服务器)转交请求，并将获得的内容返回给客户端，就像这些内容原本就是它自己的一样。

反向代理的典型用途是将防火墙后面的服务器提供给Internet用户访问。反向代理还可以为后端的多台服务器提供负载平衡，或为后端较慢的服务器提供缓冲服务。另外，还可以启用高级URL策略和管理技术，从而使处于不同web服务器系统的web页面同时存在于同一个URL空间下。

一、环境准备：

# dmidecode|grep "System Information" -A9|egrep "Manufacturer|Product"

Manufacturer: Dell Inc.

Product Name: PowerEdge R630

# uname -a

Linux linux-node2 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

# cat /etc/redhat-release

CentOS Linux release 7.4.1708 (Core)

关闭firewalld,selinux

#yum install -y prce-devel openssl-devel (安装依赖包）

#yum install -y gcc glibc gcc-c++ make screen tree lrzsz wget curl vim

Configuration summary(可单独编译)

+ using system PCRE library

+ using system OpenSSL library

+ using system zlib library

#useradd -s /sbin/nologin -M www

#cd /usr/local/src

#wget http://nginx.org/download/nginx-1.14.0.tar.gz

#tar -zxf nginx-1.14.0.tar.gz

#cd /nginx-1.14.0

编译安装

#mkdir /usr/local/nginx-1.14.0

./configure --prefix=/usr/local/nginx-1.14.0 --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-file-aio

#make && make install

#ln -s /usr/local/nginx-1.14.0 /usr/local/nginx

检查配置语法，成功如下

#/usr/local/nginx-1.14.0/sbin/nginx -t

＃/usr/local/nginx-1.14.0/sbin/nginx -s reload(相当于graceful)

nginx: the configuration file /usr/local/nginx-1.14.0/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx-1.14.0/conf/nginx.conf test is successful

如出现以下报错

[root@ms02 nginx-1.14.0]# /usr/local/nginx-1.14.0/sbin/nginx -t

nginx: the configuration file /usr/local/nginx-1.14.0/conf/nginx.conf syntax is ok

nginx: [emerg] getpwnam("www") failed

nginx: configuration file /usr/local/nginx-1.14.0/conf/nginx.conf test failed

处理方法一：

解决方案一

在nginx.conf中 把user nobody的注释去掉既可

解决方案二

错误的原因是没有创建www这个用户，应该在服务器系统中添加www用户组和用户www，如下命令：

1 2	/usr/sbin/groupadd -f www /usr/sbin/useradd -g www www

详细配置：

[root@ms01 conf]# vi /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.119.110 ms01.unicom.com loadblance.unicom.com

192.168.119.111 ms02.unicom.com

 

#[root@ms01 conf]# cat nginx.conf

 

#user nobody;

worker_processes 1;

 

#error_log logs/error.log;

#error_log logs/error.log notice;

#error_log logs/error.log info;

 

#pid logs/nginx.pid;

 

 

events {

worker_connections 1024;

}

 

 

http {

include mime.types;

default_type application/octet-stream;

 

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '

# '$status $body_bytes_sent "$http_referer" '

# '"$http_user_agent" "$http_x_forwarded_for"';

 

#access_log logs/access.log main;

 

sendfile on;

#tcp_nopush on;

 

#keepalive_timeout 0;

keepalive_timeout 65;

 

#gzip on;

 

upstream backend {

server 192.168.119.110:8080 weight=1;

server 192.168.119.111:8080 weight=2;

#server unix:/tmp/backend3;

 

#server backup1.example.com:8080 backup;

#server backup2.example.com:8080 backup;

}

server {

listen 80;

server_name ms01.unicom.com;

 

#charset koi8-r;

 

#access_log logs/host.access.log main;

 

location / {

root html;

index index.html index.htm;

proxy_pass http://backend;

}

 

#error_page 404 /404.html;

 

# redirect server error pages to the static page /50x.html

#

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

 

# proxy the PHP scripts to Apache listening on 127.0.0.1:80

#

#location ~ .php$ {

# proxy_pass http://127.0.0.1;

#}

 

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

#

#location ~ .php$ {

# root html;

# fastcgi_pass 127.0.0.1:9000;

# fastcgi_index index.php;

# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;

# include fastcgi_params;

#}

 

# deny access to .htaccess files, if Apache's document root

# concurs with nginx's one

#

#location ~ /.ht {

# deny all;

#}

}

 

 

# another virtual host using mix of IP-, name-, and port-based configuration

#

#server {

# listen 8000;

# listen somename:8080;

# server_name somename alias another.alias;

 

# location / {

# root html;

# index index.html index.htm;

# }

#}

 

 

# HTTPS server

#

#server {

# listen 443 ssl;

# server_name localhost;

 

# ssl_certificate cert.pem;

# ssl_certificate_key cert.key;

 

# ssl_session_cache shared:SSL:1m;

# ssl_session_timeout 5m;

 

# ssl_ciphers HIGH:!aNULL:!MD5;

# ssl_prefer_server_ciphers on;

 

# location / {

# root html;

# index index.html index.htm;

# }

#}

 

}

测试机器HOSTS文件添加上服务器的HOST

192.168.119.110 ms01.unicom.com loadbalance.unicom.com

192.168.119.111 ms02.unicom.com