Nginx 负载均衡配置

现在有4台服务器，x.x.x.211、x.x.x.212、x.x.x.213、x.x.x.214，其中使用211做负载均衡，212和213为应用服务器，214为数据存储服务器，平台端、店铺端和接口上传文件走214服务器。

服务器统一用lnmp集成一键安装。

212、213和124的nginx配置文件内容为

nginx.conf 或 vhost/**.conf

server
{
    listen 80;
    server_name _;
    index index.html index.htm index.php;
    root  /data/www/project/public;

    include enable-php-pathinfo.conf;

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
    }

    location ~ .*\.(js|css)?$
    {
        expires      12h;
    }

    location ~ /.well-known {
        allow all;
    }

    location ~ /\.
    {
        deny all;
    }

    access_log  off;
}

211服务器nginx配置文件

http
{
    upstream backend {
        ip_hash;
        server 192.16.18.212;
        server 192.16.18.213;
    }
    upstream admin_seller {
        server 192.16.18.214;
    }
}

# 监听80端口，对所有域名进行https重定向
server
{
    listen 80; #监听端口
    server_name peak.xin; #请求域名
    client_max_body_size 1024M; #文件大小限制，默认1M

    return 301 https://$host$request_uri; #重定向至https访问。	
}
	
server
{
    listen 443 ssl; #监听端口
    server_name peak.xin; #请求域名
    #ssl on; #开启ssl(1.15之后的版本都是推荐listen … ssl)
    client_max_body_size 1024M; #文件大小限制，默认1M
	
    # 加强xss的过滤
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";
    
    # 证书配置
    ssl_certificate   ../cert/4322799_www.qtvnews.com.pem; #pem证书路径
    ssl_certificate_key  ../cert/4322799_www.qtvnews.com.key; #pem证书key路径
    ssl_session_timeout 5m; #会话超时时间
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #SSL协议
    ssl_prefer_server_ciphers on; # 是否由服务器决定采用哪种加密算法

    location ~ /(admin|seller|storage)/ {
        proxy_http_version 1.1; #代理使用的http协议
        proxy_pass http://admin_seller; #代理转发
        proxy_set_header Host $host; #header添加请求host信息
        proxy_set_header X-Real-IP $remote_addr; #header增加请求来源IP信息
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #增加代理记录
        proxy_set_header X-Forwarded-Proto $scheme;# 使用https协议时用到

        # 响应头部添加实际响应服务器信息
        add_header backendIP $upstream_addr;
        add_header backendCode $upstream_status;
        # 解决后端服务传输数据过多
        proxy_buffer_size 64k;
        proxy_buffers 32 32k;
        proxy_busy_buffers_size 128k;

        proxy_redirect off;
    }

    location ^~ /api/v4/user/material {
        proxy_pass http://admin_seller;
        proxy_set_header Host $host;
        #proxy_set_header X-Real-IP $remote_addr;
        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        add_header backendIP $upstream_addr;
        add_header backendCode $upstream_status;
    }
    
    # 拦截所有请求
    location / {
        proxy_pass http://backend;
        proxy_set_header Host $host;
        #proxy_set_header X-Real-IP $remote_addr;
        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        add_header backendIP $upstream_addr;
        add_header backendCode $upstream_status;
    }

    # 拦截websocket请求
    location /socket
    {
        proxy_pass http://192.16.18.214:2347;
        proxy_read_timeout 60;
        proxy_connect_timeout 60;
        proxy_redirect off;

        # Allow the use of websockets
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_cache_bypass $http_upgrade;
    }
     
    access_log  /data/wwwlogs/peak.xin.access.log;
    error_log  /data/wwwlogs/peak.xin.error.log;
}