Appearance
Nginx 负载均衡
负载均衡是Nginx的重要功能之一,可以将客户端请求分发到多个后端服务器,提高应用的可用性和性能。
负载均衡算法
轮询(Round Robin)
默认算法,按时间顺序逐一分配请求:
upstream backend {
server backend1.example.com;
server backend2.example.com;
server backend3.example.com;
}
加权轮询(Weighted Round Robin)
根据权重分配请求,权重高的服务器处理更多请求:
upstream backend {
server backend1.example.com weight=3;
server backend2.example.com weight=1;
server backend3.example.com weight=1;
}
IP哈希(IP Hash)
根据客户端IP地址的哈希值分配请求,确保同一IP的请求总是发送到同一服务器:
upstream backend {
ip_hash;
server backend1.example.com;
server backend2.example.com;
server backend3.example.com;
}
最少连接(Least Connections)
将请求分配给当前连接数最少的服务器:
upstream backend {
least_conn;
server backend1.example.com;
server backend2.example.com;
server backend3.example.com;
}
法定URL哈希(Consistent Hash)
根据URL的哈希值分配请求:
upstream backend {
hash $request_uri consistent;
server backend1.example.com;
server backend2.example.com;
server backend3.example.com;
}
健康检查配置
基本健康检查参数
upstream backend {
server backend1.example.com max_fails=3 fail_timeout=30s;
server backend2.example.com max_fails=3 fail_timeout=30s;
server backend3.example.com max_fails=3 fail_timeout=30s;
}
参数说明:
max_fails: 在fail_timeout时间内允许的最大失败次数fail_timeout: 服务器被标记为失败后的等待时间
备用服务器配置
upstream backend {
server backend1.example.com;
server backend2.example.com;
server backup.example.com backup;
}
高级负载均衡配置
服务器权重调整
upstream backend {
server backend1.example.com weight=5;
server backend2.example.com weight=3;
server backend3.example.com weight=2;
}
服务器最大连接数限制
upstream backend {
server backend1.example.com max_conns=1000;
server backend2.example.com max_conns=1000;
}
连接池配置
upstream backend {
server backend1.example.com;
server backend2.example.com;
# 保持到上游服务器的连接
keepalive 32;
keepalive_requests 100;
keepalive_timeout 60s;
}
HTTP负载均衡完整示例
upstream app_servers {
# 使用最少连接算法
least_conn;
# 配置后端服务器
server app1.example.com:8080 weight=3 max_fails=2 fail_timeout=30s;
server app2.example.com:8080 weight=2 max_fails=2 fail_timeout=30s;
server app3.example.com:8080 weight=1 max_fails=2 fail_timeout=30s;
# 备用服务器
server backup.example.com:8080 backup;
# 保持连接
keepalive 16;
}
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://app_servers;
# 代理设置
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 连接超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# 健康检查端点
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
}
TCP/UDP负载均衡
TCP负载均衡
stream {
upstream mysql_backend {
server mysql1.example.com:3306 max_fails=2 fail_timeout=30s;
server mysql2.example.com:3306 max_fails=2 fail_timeout=30s;
}
server {
listen 3306;
proxy_pass mysql_backend;
proxy_timeout 1s;
proxy_responses 1;
proxy_connect_timeout 1s;
}
}
UDP负载均衡
stream {
upstream dns_backend {
server dns1.example.com:53 max_fails=2 fail_timeout=30s;
server dns2.example.com:53 max_fails=2 fail_timeout=30s;
}
server {
listen 53 udp;
proxy_pass dns_backend;
proxy_timeout 1s;
proxy_responses 1;
proxy_connect_timeout 1s;
}
}
会话持久化
基于Cookie的会话持久化
upstream backend {
ip_hash; # 确保同一客户端请求发送到同一服务器
server backend1.example.com;
server backend2.example.com;
}
server {
location / {
proxy_pass http://backend;
# 传递会话信息
proxy_pass_header Set-Cookie;
proxy_set_header Cookie $http_cookie;
}
}
使用sticky模块(需要第三方模块)
upstream backend {
server backend1.example.com;
server backend2.example.com;
sticky cookie affinity:serverid maxage=30000 httponly;
}
负载均衡监控
启用状态监控
upstream backend {
server backend1.example.com;
server backend2.example.com;
server backend3.example.com;
# 启用状态监控
zone backend_zone 64k;
}
server {
listen 80;
# 状态页面
location /status {
upstream_conf;
}
}
使用第三方监控模块
# 需要安装nginx-module-vts模块
vhost_traffic_status_zone;
server {
listen 80;
server_name example.com;
location /status {
vhost_traffic_status_display;
vhost_traffic_status_display_format html;
}
}
故障转移配置
主备模式
upstream primary_backup {
server primary.example.com max_fails=2 fail_timeout=10s;
server backup.example.com backup;
}
多级故障转移
upstream multi_tier {
server tier1a.example.com max_fails=1 fail_timeout=10s;
server tier1b.example.com max_fails=1 fail_timeout=10s;
server tier2.example.com backup max_fails=1 fail_timeout=10s;
server emergency.example.com backup;
}
性能优化
连接优化
upstream backend {
server backend1.example.com:8080;
server backend2.example.com:8080;
# 保持连接到后端服务器
keepalive 32;
keepalive_requests 100;
keepalive_timeout 60s;
# 负载均衡算法
least_time last_byte;
}
响应头处理
location / {
proxy_pass http://backend;
# 移除后端服务器的Server头
proxy_hide_header Server;
# 添加负载均衡标识
add_header X-Upstream-Server $upstream_addr always;
add_header X-Proxy-Server $hostname always;
}
完整生产环境负载均衡配置
# HTTP负载均衡
upstream app_cluster {
# 使用最少连接算法
least_conn;
# 主服务器组
server app1.example.com:8080 weight=4 max_fails=2 fail_timeout=30s max_conns=1000;
server app2.example.com:8080 weight=4 max_fails=2 fail_timeout=30s max_conns=1000;
server app3.example.com:8080 weight=2 max_fails=2 fail_timeout=30s max_conns=1000;
# 备用服务器
server app4.example.com:8080 backup;
# 保持连接
keepalive 32;
keepalive_requests 1000;
keepalive_timeout 60s;
# 共享内存区用于状态统计
zone app_cluster 256k;
}
# SSL终止负载均衡器
server {
listen 443 ssl http2;
server_name example.com;
# SSL配置
ssl_certificate /path/to/certificate.crt;
ssl_certificate_key /path/to/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
# 安全头
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
location / {
proxy_pass http://app_cluster;
# 代理头设置
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Original-URI $request_uri;
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# 缓冲设置
proxy_buffer_size 4k;
proxy_buffers 8 4k;
proxy_busy_buffers_size 8k;
}
# 健康检查
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
# 状态监控
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
allow 10.0.0.0/8;
deny all;
}
}
通过合理配置负载均衡,可以有效提高应用的可用性、性能和可扩展性。