需求
最近需要遷移Node線上服務,於是新申請了兩臺線上服務器;
部署服務器後,需要驗證服務是否正常,辦公環境與線上環境網絡是隔離的,無法直接訪問;但是,線上服務器可通過部署服務器訪問,而辦公網絡是可以訪問部署機的;
所以,可通過在部署機上配置代理的方式,辦公環境請求部署機,然後把請求代理到線上服務的方式驗證服務是否正常。
整個網絡結構如下圖所示:
Nginx安裝
下載
下載頁面: http://nginx.org/en/download.html 選擇版本鼠標右鍵拷貝鏈接地址
# 下載
[work@40-10-14 opt]$ wget http://nginx.org/download/nginx-1.18.0.tar.gz
# 解壓文件
[work@40-10-14 opt]$ tar -xvf nginx-1.18.0.tar.gz
安裝
# 1. 默認安裝:root權限進入解壓後的目錄,執行如下命令安裝
[root@40-10-14 nginx-1.18.0]# ./configure && make && make install
# 2.指定目錄:安裝到指定的/opt/nginx目錄
[work@40-10-14 opt]$ mkdir /opt/nginx
[work@40-10-14 nginx-1.18.0]$ ./configure --prefix=/opt/nginx && make && mae install
默認安裝,非root權限會報如下錯誤
mkdir: cannot create directory `/usr/local/nginx': Permission denied
make[1]: *** [install] Error 1
make[1]: Leaving directory `/opt/nginx-1.18.0'
make: *** [install] Error 2
默認安裝後,查看nginx的安裝目錄,可以看到安裝在/usr/local/nginx目錄下
[root@40-10-14 opt]# whereis nginx
nginx: /usr/local/nginx
1.建議使用指定目錄方式安裝。如果切換爲root權限去安裝,後續修改config文件也需要root權限
2.或者root安裝後,修改權限爲普通用戶可操作也行
添加軟鏈
添加軟鏈,使得nginx命令全局能訪問,每次運行就不用切換到安裝目錄中了
# 添加軟鏈
[root@40-10-14 sbin]# ln -s /opt/nginx/sbin/nginx /usr/local/bin/
# 查看版本
[root@40-10-14 sbin]# nginx -v
nginx version: nginx/1.18.0
常用命令
- 啓動:
nginx - 停止:
nginx -s stop - 重啓:
nginx -s reload - 幫助命令:
nginx -h
強制停止:
# 查看linux進程id
[root@40-10-14 ~]# ps -ef | grep nginx
nobody 45198 1 0 16:12 ? 00:00:00 nginx: worker process
root 51261 50692 0 17:00 pts/0 00:00:00 grep nginx
# 關閉進程
[root@40-10-14 ~]# kill 45198
# 之前的進程已被關閉
[root@40-10-14 ~]# ps -ef | grep nginx
root 51277 50692 0 17:00 pts/0 00:00:00 grep nginx
配置代理
配置兩臺機器的請求轉發,編輯nginx安裝目錄下的nginx/conf/nginx.conf文件即可
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
# 請求需要轉發到如下兩臺機器上,流量平分;指定IP和端口
upstream zpserver {
server xx.xx.xx.22:10001;
server xx.xx.xx.23:10001;
}
server {
# nginx服務端口爲80
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
# /user根路徑的請求才轉發
location /user {
root html;
index index.html index.htm;
proxy_pass http://zpserver;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
注意:修改完nginx的配置文件後,需要運行
nginx -s reload才能生效
驗證
由於線上服務很多都是需要登錄的,所以訪問時需要使用域名訪問,而不能使用IP訪問,因爲cookie都是跟域名綁定的
解決這個問題很簡單,配置本機host即可
# IP爲Nginx服務器IP
xx.xx.xx.14 edu.daojia.com
通過上述配置,在本機瀏覽器上請求edu.daojia.com即可間接通過部署機上的Nginx訪問到線上服務,以此在內網測試服務是否正確;待服務無異常後,把線上流量切過來即可。
