Nginx : Load Balancing2024/11/08 |
Configure Nginx as a Load Balancing Server. -----------+---------------------------+----- | | |10.0.0.30 | +----------+-----------+ | | [ www.srv.world ] | | | Nginx | | +----------------------+ | | ------------+--------------------------+--------------------------+------------ | | | |10.0.0.51 |10.0.0.52 |10.0.0.53 +-----------+----------+ +-----------+----------+ +-----------+----------+ | [ node01.srv.world ] | | [ node02.srv.world ] | | [ node03.srv.world ] | | Web Server#1 | | Web Server#2 | | Web Server#3 | +----------------------+ +----------------------+ +----------------------+ |
[1] | |
[2] | Configure Nginx. |
[root@www ~]#
vi /etc/nginx/nginx.conf # add into [http] section # [backup] means this server is balanced only when other servers are down # [weight=*] means balancing weight http { upstream backends { server node01.srv.world:80 weight=2; server node02.srv.world:80; server node03.srv.world:80 backup; } log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # for HTTP # change like follows in [server] section server { listen 80 default_server; listen [::]:80 default_server; server_name www.srv.world; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; location / { proxy_pass http://backends; } } # create new # replace certificates to your own one server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name www.srv.world; ssl_certificate "/etc/letsencrypt/live/www.srv.world/fullchain.pem"; ssl_certificate_key "/etc/letsencrypt/live/www.srv.world/privkey.pem"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers PROFILE=SYSTEM; ssl_prefer_server_ciphers on; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; location / { proxy_pass http://backends; } } systemctl reload nginx |
[3] | If SELinux is enabled, change boolean setting. |
[root@www ~]# setsebool -P httpd_can_network_connect on
|
[4] | Configure backend Nginx server to log X-Forwarded-For header. |
[root@node01 ~]#
vi /etc/nginx/nginx.conf # make sure settings [log_format] in [http] section # OK if set [http_x_forwarded_for] http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; # add into [server] section # specify your local network for [set_real_ip_from]
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name node01.srv.world;
root /usr/share/nginx/html;
set_real_ip_from 10.0.0.0/24;
real_ip_header X-Forwarded-For;
[root@node01 ~]# systemctl reload nginx |
[5] | Verify it works fine to access to frontend Nginx Server from any Client Computer. |
Sponsored Link |
|