Implementation of nginx load balancing / SSL configuration

Time:2021-4-8

What is load balancing?

When a domain name points to multiple web servers, a nginx load balancing server is added. Through nginx load balancing, the requests from clients can be sent to each web server in a balanced way, so as to avoid the unbalanced situation that the load of a single server is too high and other servers are idle

Configure nginx load balancing:

Create a new configuration file on nginx machine:


[[email protected] ~]# vi /etc/nginx/conf.d/test.conf

Add the following:


upstream test
 {
  ip_hash; 
  server 192.168.0.10:80 weight=100; 
  server 192.168.0.20:80 weight=50;
 }
 server
 {
  listen 80;
  server_name www.test.com;
  location /
  {
   proxy_pass http://test;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
 }
  • Upstream: load balancing configuration
  • Test: user defined name, used for proxy in server {}_ Pass reference
  • ip_ Hash: send all the requests of the same client to the same server (if not sent to the same server, it may appear that the client has just logged in to the website, and then click other sub pages to prompt to log in again)
  • Server: Web server address
  • Weight: define the weight (range: 0-100), and the load balancing server will give priority to sending requests to the web server with significant weight (in the above example, if there are 150 requests coming in, 192.168.0.10 will be allocated 100, 192.168.0.20 will be allocated 50)
  • server_ Name: the domain name of the website
  • proxy_ Pass: refers to the name of the upstream definition

Verify nginx configuration and reload:


[[email protected] ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[[email protected] ~]# nginx -s reload

Next, modify the client hosts file to test the domain name www.test.com The IP to the nginx load balancing machine under test is accessible www.test.com Website.

Load balancing configuration example supplement

1. According to the requested file configuration:


upstream aa {   
    server 192.168.0.10;
    server 192.168.0.20; 
  }
upstream bb { 
    server 192.168.0.100;
    server 192.168.0.101;
 }
 server {
  listen  80;
  server_name www.test.com;
  location ~ aa.php
  {
   proxy_pass http://aa/;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP  $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  location ~ bb.php
  {
    proxy_pass http://bb/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  location /
  {
    proxy_pass http://bb/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

request aa.php Yes, I will go to group AA and request bb.php All other requests will go to the BB group. You must have location / {}, otherwise you can’t match the URL correctly

2. According to the requested directory configuration:


upstream aa {   
    server 192.168.0.10;
    server 192.168.0.20; 
  }
upstream bb { 
    server 192.168.0.100;
    server 192.168.0.101;
 }
 server {
  listen  80;
  server_name www.test.com;
  location /dir1/
  {
   proxy_pass http://aa/dir1/;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP  $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  location /dir2/
  {
    proxy_pass http://bb/dir2/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  location /
  {
    proxy_pass http://bb/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

#When the request URI matches / dir1 /, proxy to AA / dir1 /, match / dir2 / or other, proxy to BB / dir2/

Nginx configures SSL certificate to access website through HTTPS protocol

SSL certificate application website:

1.https://www.wosign.com/
two https://freessl.cn/ (free)

#After generated by browser, the certificate file needs to be created on the server

To create a certificate file:


[[email protected] ~]# mkdir /etc/nginx/ssl
[[email protected] ~]# cd !$
cd /etc/nginx/ssl
[[email protected] ssl]# touch ca
[[email protected] ssl]# touch test.crt
[[email protected] ssl]# touch test.key

#Add the content of the corresponding certificate provided by the certificate application website to the Ca /. CRT /. Key file

Edit the nginx configuration file:


[[email protected] ~]# vi /etc/nginx/conf.d/bbs.conf 

Add the following:

listen    443 ssl;
server_name test.bbs.com;
ssl on;
ssl_ certificate /etc/nginx/ssl/ test.crt ; # define. CRT file path
ssl_ certificate_ key /etc/nginx/ssl/ test.key ; # define the. Key file path
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Verify the configuration and reload nginx:


[[email protected] ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[[email protected] ~]# nginx -s reload

#Next, visit the address bar of the website to display HTTPS

Curl verification method:


curl -k -H "host:test.bbs.com" https://192.168.234.128/index.php

#Host: domain name, HTTPS: / / webserver IP, the output result is the website page label information, which means success

The above is the whole content of this article, I hope to help you learn, and I hope you can support developer more.

Recommended Today

Third party calls wechat payment interface

Step one: preparation 1. Wechat payment interface can only be called if the developer qualification has been authenticated on wechat open platform, so the first thing is to authenticate. It’s very simple, but wechat will charge 300 yuan for audit 2. Set payment directory Login wechat payment merchant platform( pay.weixin.qq . com) — > Product […]