Of Stack

Implementation of Nginx load balancing and SSL configuration

  • 2020-05-17 07:53:20
  • OfStack

What is load balancing?

When one domain name points to multiple web servers, add one nginx load balancing server. Through nginx load balancing, requests from clients can be sent to each web server in a balanced manner, so as to avoid the imbalance that a single server has too much load and other servers are idle

Configure nginx load balancing:

Create a new profile on the nginx machine: 


[root@centos02 ~]# vi /etc/nginx/conf.d/test.conf

Add the following: 


upstream test
 {
  ip_hash; 
  server 192.168.0.10:80 weight=100; 
  server 192.168.0.20:80 weight=50;
 }
 server
 {
  listen 80;
  server_name www.test.com;
  location /
  {
   proxy_pass http://test;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
 }
upstream: load balancing configuration test: custom name for the proxy_pass reference in server{} ip_hash: send all requests from the same client to the same server (if it is not sent to the same server, it may appear that the client has just logged in the website, and then click on other sub-pages to prompt login) server: web server address weight: define weights (range 0-100) where the load balancing server sends requests first to the heavily weighted web server (if 150 requests come in, 192.168.0.10 will be allocated 100 and 192.168.0.20 will be allocated 50) server_name: visit the domain name of the website proxy_pass: refers to the name defined by upstream

Verify nginx configuration and reload: 


[root@centos02 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@centos02 ~]# nginx -s reload

Next, modify the client hosts file to point the domain name www.test.com to the IP of the nginx load balancing machine under test to access the www.test.com website.

Additional load balancing configuration example

1. According to the requested file configuration: 


upstream aa {   
    server 192.168.0.10;
    server 192.168.0.20; 
  }
upstream bb { 
    server 192.168.0.100;
    server 192.168.0.101;
 }
 server {
  listen  80;
  server_name www.test.com;
  location ~ aa.php
  {
   proxy_pass http://aa/;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP  $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  location ~ bb.php
  {
    proxy_pass http://bb/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  location /
  {
    proxy_pass http://bb/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

If you request aa.php, you will go to aa group; if you request bb.php, you will go to bb group; if you request bb group, you must have location / {}; otherwise, you cannot match url correctly

2. Configuration according to the requested directory: 


upstream aa {   
    server 192.168.0.10;
    server 192.168.0.20; 
  }
upstream bb { 
    server 192.168.0.100;
    server 192.168.0.101;
 }
 server {
  listen  80;
  server_name www.test.com;
  location /dir1/
  {
   proxy_pass http://aa/dir1/;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP  $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  location /dir2/
  {
    proxy_pass http://bb/dir2/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  location /
  {
    proxy_pass http://bb/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

When requesting a match /dir1/ in uri, proxy to aa/dir1/, match /dir2/ or otherwise, proxy to bb/dir2/

nginx configure SSL certificate implementation to access the website through https protocol:

SSL certificate application website:

1.https://www.wosign.com/
2. https: / / freessl cn/(free)

After # is generated by the browser, you need to create the certificate file on the server

Create the certificate file: 


[root@linux ~]# mkdir /etc/nginx/ssl
[root@linux ~]# cd !$
cd /etc/nginx/ssl
[root@linux ssl]# touch ca
[root@linux ssl]# touch test.crt
[root@linux ssl]# touch test.key

Add the content of the corresponding certificate provided by the certificate application website to the ca/.crt /.key file

Edit nginx profile: 


[root@linux ~]# vi /etc/nginx/conf.d/bbs.conf

Add the following: 


listen    443 ssl;
server_name test.bbs.com;
ssl on;
ssl_certificate /etc/nginx/ssl/test.crt;   # define .crt The file path 
ssl_certificate_key /etc/nginx/ssl/test.key;  # define .key The file path 
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Verify configuration and overload nginx: 


[root@linux ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@linux ~]# nginx -s reload

Next visit the site's address bar to see HTTPS

curl verification method: 


curl -k -H "host:test.bbs.com" https://192.168.234.128/index.php

#host: domain name, https:// webserver IP

Related articles: