Implementation of Nginx load balancing/SSL configuration

What is load balancing?

When a domain name points to multiple web servers, add an nginx load balancing server. Through nginx load balancing, requests from clients can be sent to each web server in a balanced manner, avoiding the imbalance of a single server being overloaded while the other servers are relatively idle.

Configure nginx load balancing:

Create a new configuration file on the nginx machine:

[root@centos02 ~]# vi /etc/nginx/conf.d/test.conf

Add the following content:

upstream test
 {
  ip_hash; 
  server 192.168.0.10:80 weight=100; 
  server 192.168.0.20:80 weight=50;
 }
 server
 {
  listen 80;
  server_name www.test.com;
  location /
  {
   proxy_pass http://test;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
 }

Upstream: Load balancing configuration
test: custom name, used for proxy_pass reference in server{}
ip_hash: Send all requests from the same client to the same server (if not, the client may just log in to the website and then click on another subpage and be prompted to log in again)
server: web server address
weight: defines the weight (range 0-100), the load balancing server will give priority to sending requests to the web server with a larger weight (in the above example, if there are 150 requests coming in, 192.168.0.10 will be allocated 100, and 192.168.0.20 will be allocated 50)
server_name: The domain name of the website being accessed
proxy_pass: refers to the name defined upstream

Verify the nginx configuration and reload:

[root@centos02 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@centos02 ~]# nginx -s reload

Next, modify the client hosts file to point the test domain name www.test.com to the IP of the tested nginx load balancing machine to access the www.test.com website.

Load balancing configuration example supplement

1. According to the requested file configuration:

upstream aa {   
    server 192.168.0.10;
    server 192.168.0.20; 
  }
upstream bb { 
    server 192.168.0.100;
    server 192.168.0.101;
 }
 server {
  listen 80;
  server_name www.test.com;
  location ~ aa.php
  {
   proxy_pass http://aa/;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  location ~ bb.php
  {
    proxy_pass http://bb/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  location /
  {
    proxy_pass http://bb/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

Requests to aa.php will go to group aa, requests to bb.php will go to group bb, and all other requests will go to group bb. You must have location / {}, otherwise the URL cannot be matched correctly.

2. Configure according to the requested directory:

upstream aa {   
    server 192.168.0.10;
    server 192.168.0.20; 
  }
upstream bb { 
    server 192.168.0.100;
    server 192.168.0.101;
 }
 server {
  listen 80;
  server_name www.test.com;
  location /dir1/
  {
   proxy_pass http://aa/dir1/;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  location /dir2/
  {
    proxy_pass http://bb/dir2/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  location /
  {
    proxy_pass http://bb/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

#When the request uri matches /dir1/, proxy to aa/dir1/, match /dir2/ or others, proxy to bb/dir2/

Nginx configures SSL certificate to access the website through https protocol:

SSL certificate application website:

1. https://www.wosign.com/
2. https://freessl.cn/ (free)

#After generating through the browser, you need to create a certificate file on the server

Create the certificate files:

[root@linux ~]# mkdir /etc/nginx/ssl
[root@linux ~]# cd !$
cd /etc/nginx/ssl
[root@linux ssl]# touch ca
[root@linux ssl]# touch test.crt
[root@linux ssl]# touch test.key

#Add the content of the corresponding certificate provided by the certificate application website to the ca/.crt/.key file

Edit the nginx configuration file:

[root@linux ~]# vi /etc/nginx/conf.d/bbs.conf

Add the following content:

listen 443 ssl;
server_name test.bbs.com;
ssl on;
ssl_certificate /etc/nginx/ssl/test.crt; #define .crt file path ssl_certificate_key /etc/nginx/ssl/test.key; #define .key file path ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Verify the configuration and reload nginx:

[root@linux ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@linux ~]# nginx -s reload

#Next, visit the website address bar to display HTTPS

Curl verification method:

curl -k -H "host:test.bbs.com" https://192.168.234.128/index.php

#host: domain name, https:// webserver IP, the output result is the website page tag information, which means success

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:

Nginx domain name SSL certificate configuration (website http upgraded to https)
Steps to configure nginx ssl to implement https access (suitable for novices)
How to configure Nginx with SSL certificate to deploy HTTPS website (issuing certificate)
Introduction to SSL certificate installation and deployment steps under Nginx

<<: The difference between MySQL database stored procedures and transactions

>>: Summary of the understanding of virtual DOM in Vue