Nginx基础详解

作者：我家自动化 | 2024-06-07 10:21:29

踩

Nginx基础详解

nginx introduction


NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. NGINX is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption.
 
	NGINX is one of a handful of servers written to address the C10K problem. Unlike traditional servers, NGINX doesn’t rely on threads to handle requests. Instead it uses a much more scalable event-driven (asynchronous) architecture. This architecture uses small, but more importantly, predictable amounts of memory under load. Even if you don’t expect to handle thousands of simultaneous requests, you can still benefit from NGINX’s high-performance and small memory footprint. NGINX scales in all directions: from the smallest VPS all the way up to large clusters of servers.
 
	NGINX powers several high-visibility sites, such as Netflix, Hulu, Pinterest, CloudFlare, Airbnb, WordPress.com, GitHub, SoundCloud, Zynga, Eventbrite, Zappos, Media Temple, Heroku, RightScale, Engine Yard, MaxCDN and many others.

master功能：一个master进程负责加载和分析配置文件、管理worker进程、平滑升级。
worker功能：1.响应客户端多个请求
2.基于http协议反向代理后端web，
3.基于fastCGI把用户动态请求反向代理给application server，实现动态资源的解析，
4.基于memcache协议把用户的请求交给后端的KV缓存服务器
5.每个worker内部都有各种模块worker通过kevent epoll/select机制响应给客户端的，
proxy cache功能：nginx作为代理服务器时，客户端请求的连接支持代理缓冲功能。缓存相关的进程：
cache loader：载入缓存对象
cache manager：管理缓存对象
支持mmap：数据由磁盘直接以页面形式映射进行内存中；

一、详细描述常见nginx常用模块和模块的使用示例

实验环境：

nginx服务器：192.168.170.8

客户端：192.168.170.9


yum安装nginx
[root@node1 ~]# yum -y install nginx
 
查看nginx生成的配置文件
[root@node1 ~]# rpm -ql nginx
 
配置文件的组成部分：
	主配置文件：nginx.conf
		include conf.d/*.conf nginx.conf配置文件包含conf.d/*.conf所有文件
		fastcgi， uwsgi，scgi等协议相关的配置文件
		mime.types：支持的mime类型
	主程序文件：/usr/sbin/nginx
	Unit File：nginx.service
 
创建nginx目录，并在目录下创建nginx测试页
[root@node1 ~]# cd /etc/nginx/conf.d/
[root@node1 conf.d]#mkdir /data/nginx/vhost -pv
[root@node1 conf.d]#vi /data/nginx/vhost/index.html
<h1>vhost</h1>
 
编辑nginx配置文件
[root@node1 conf.d]#vi /vhost.conf
server {
        listen 80;
        server_name www.node1.com;  
        root /data/nginx/vhost;   #根目录指向所创建的nginx目录
}
[root@node1 conf.d]#nginx -t  开启nginx服务功能
[root@node1 conf.d]#nginx -s reload   重新加载nginx服务
 
客户端测试
[root@node2 ~]# curl http://192.168.170.8
<h1>vhost</h1>，
 
注意：测试时建议注释nginx.conf下server段的所有配置项，避免测试无法进行。
 
示例2：
[root@node1 conf.d]# vi vhost.conf 
server {
        listen 80;
        server_name www.node1.com;
        root /data/nginx/vhost;
        location / {
                deny 192.168.170.9;
                allow all;
        }
}
[root@node1 conf.d]#nginx -t  开启nginx服务功能
[root@node1 conf.d]#nginx -s reload   重新加载nginx服务
 
客户端node2测试禁止访问
[root@node2 ~]# curl http://192.168.170.8
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
[root@node2 ~]# 
 
其它客户端访问正常
[root@node3 ~]# curl http://192.168.170.8
<h1>vhost</h1>
[root@node3 ~]# 
 
 
示例3：
[root@node1 conf.d]# cat /data/nginx/vhost/
admin/         blue.jpg       images/        nginx.html     sea.jpg        
autumn.jpg     forest.jpg     index.html     nightfall.jpg  
[root@node1 conf.d]# cat /data/nginx/vhost/
[root@node1 conf.d]# vi vhost.conf 
server {
        listen 80;
        server_name www.node1.com;
        root /data/nginx/vhost;
        location ~*\.(jpg|png)$ {         对URI做正则表达式模式匹配，不区分字符大小写；匹配jpg或png结尾的所有文件类型
                deny 192.168.170.9;
                allow all;
        }
}
 
[root@node1 conf.d]#nginx -t  开启nginx服务功能
[root@node1 conf.d]#nginx -s reload   重新加载nginx服务
node2测试正常
[root@node2 ~]# curl http://192.168.170.8
<h1>vhost</h1>
 
浏览器输入http://192.168.170.8/autumn.jpg
正常
 
 
 
示例4：
 
[root@node1 conf.d]# vi vhost.conf 
server {
        listen 80;
        server_name www.node1.com;
        root /data/nginx/vhost;
        location / {
                #root /data/nignx/vhost2;
                allow all;
        }
        location ~*\.(jpg|png)$ {
                deny 192.168.170.9;
                allow all;
        }
        location ^~ /images/ {  对URI的左半部分做匹配检查，不区分字符大小写；
                root /data/pictures/;
        }
 
}
 
创建images目录，并移动.jpg图片到该目录下提供测试页
[root@node1 conf.d]# mkdir /data/nginx/vhost/images
[root@node1 conf.d]# mv /data/nginx/vhost/green.jpg /data/nginx/vhost/images
[root@node1 conf.d]# cd /data/nginx/vhost/images
[root@node1 images]# ls
green.jpg
[root@node1 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node1 conf.d]]# nginx -s reload
浏览器测试，无法访问到。
[root@node1 conf.d]# curl http://192.168.170.8/images/green.ipg
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
[root@node1 conf.d]#
 
创建data/pictures/images目录，上传图片到该目录作为测试页。
[root@node1 conf.d]# mkdir /data/pictures/images
[root@node1 conf.d]# cd /data/pictures/images
[root@node1 images]# ls
Cloud.jpg  peach blossom.jpg
 
浏览器http://192.168.170.8/images/Cloud.jpg
正常
说明：
    location中使用root指令和alias指令的意义不同；
    root，给定的路径对应于location中的/uri/左侧的/；
 
[root@node1 conf.d]# cd /data/pictures/
[root@node1 pictures]# ls
images  landscape.jpg
[root@node1 conf.d]# vi vhost.conf 
server {
        listen 80;
        server_name www.node1.com;
        root /data/nginx/vhost;
        location / {
                #root /data/nignx/vhost2;
                allow all;
        }
        location ~*\.(jpg|png)$ {
                deny 192.168.170.9;
                allow all;
        }
        #location ^~ /images/ {
        #        root /data/pictures/;
        #}
 
        location ^~ /images/ {
                alias /data/pictures/; 
        }
}
[root@node1 conf.d]# nginx -s reload
浏览器输入http://192.168.170.8/images/landscape.jpg
正常
 
示例5：
 
自定义错误页面
[root@node1 conf.d]# vi vhost.conf 
server {
        listen 80;
        server_name www.node1.com;
        root /data/nginx/vhost;
        location / {
                #root /data/nignx/vhost2;
                allow all;
        }
        location ~*\.(jpg|png)$ {
                deny 192.168.170.9;
                allow all;
        }
        #location ^~ /images/ {
        #        root /data/pictures/;
        #}
 
        location ^~ /images/ {
                alias /data/pictures/;
        }
 
        error_page 404 =202 /notfound.html; 指定404响应码转成202返回给客户端
        location = /notfound.html {    对URI做精确匹配/notfound.html
                root /data/nginx/error_pages; 指定root目录
        }
}
 
编辑错误提示信息
[root@node1 conf.d]# vi /data/nginx/error_pages/notfound.html
<h1>error page</h1>
[root@node1 conf.d]# nginx -s reload
[root@node1 conf.d]# 
 
客户端测试访问正常
[root@node2 ~]# curl http://192.168.170.8/test.html
<h1>error page</h1>
[root@node2 ~]# 
 
 
 
示例6
基于basic认证的nginx服务
 
[root@node1 ~]# yum -y install httpd-tools  
密码生成工具是通过https-tools来实现，所以必须先安装好。
[root@node1 ~]# htpasswd -c -m /etc/nginx/.ngxpasswd tom
New password: 
Re-type new password: 
Adding password for user tom
[root@node1 ~]# htpasswd -m /etc/nginx/.ngxpasswd jerry
New password: 
Re-type new password: 
Adding password for user jerry
[root@node1 ~]# cat /etc/nginx/.ngxpasswd 
tom:$apr1$PYy15HQl$DZGQU0ATbeDsVOsaHK6sC/
jerry:$apr1$oyQFem.h$mw0PyHSb9.H46khELlc9O1
[root@node1 ~]# cd /etc/nginx/conf.d/
[root@node1 conf.d]# vi vhost.conf 
server {
        listen 80;
        server_name www.node1.com;
        root /data/nginx/vhost;
        location / {
                #root /data/nignx/vhost2;
                allow all;
        }
        location ~*\.(jpg|png)$ {
                deny 192.168.170.9;
                allow all;
        }
        location ~* ^/(admin|login) {  配置url路径 对URI的左半部分做匹配检查，匹配admin或login目录所在的测试页
                auth_basic "admin area";   指定认证提示符
                auth_basic_user_file /etc/nginx/.ngxpasswd;  指定认证用户和密码所在文件
        }
        #location ^~ /images/ {
        #       root /data/pictures/;
        #}
 
        location ^~ /images/ {
                alias /data/pictures/;
        }
 
        error_page 404 =202 /notfound.html;
        location = /notfound.html {
                root /data/nginx/error_pages;
        }
}
 
[root@node1 conf.d]# mkdir /data/nginx/vhost/admin
创建admin目录下用户认证登录成功后的测试页
[root@node1 conf.d]# vi /data/nginx/vhost/admin/index.html
<h1>Admin Area</h1>
[root@node1 conf.d]# 
[root@node1 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node1 conf.d]# nginx -s reload
浏览器输入http://192.168.170.8/admin/  输入用户名：admin 密码：123456 登录成功
正常
 
示例7：
nginx状态信息页
 
[root@node1 conf.d]# vi vhost.conf 
server {
        listen 80;
        server_name www.node1.com;
        root /data/nginx/vhost;
        location / {
                #root /data/nignx/vhost2;
                allow all;
        }
        location ~*\.(jpg|png)$ {
                deny 192.168.170.9;
                allow all;
        }
        location ~* ^/(admin|login) {
                auth_basic "admin area";
                auth_basic_user_file /etc/nginx/.ngxpasswd;
        }
        #location ^~ /images/ {
        #       root /data/pictures/;
        #}
 
        location ^~ /images/ {
                alias /data/pictures/;
        }
 
        error_page 404 =202 /notfound.html;
        location = /notfound.html {
                root /data/nginx/error_pages;
        }
        location /ngxstatus {
                stub_status;
        }
} 
[root@node1 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node1 conf.d]# nginx -s reload
 
浏览器输入http://192.168.170.8/ngxstatus
Active connections: 2 
server accepts handled requests
 57 57 45 
Reading: 0 Writing: 1 Waiting: 1 
各个状态参数说明：
	Active connections: 活动状态的连接数；
	accepts：已经接受的客户端请求的总数；
	handled：已经处理完成的客户端请求的总数；
	requests：客户端发来的总的请求数；
	Reading：处于读取客户端请求报文首部的连接的连接数；
	Writing：处于向客户端发送响应报文过程中的连接数；
	Waiting：处于等待客户端发出请求的空闲连接数；
 
 
示例8：
访问日志信息
 
[root@node1 conf.d]# vi vhost.conf 
server {
        listen 80;
        server_name www.node1.com;
        root /data/nginx/vhost;
        access_log /var/log/nginx/vhost_access.log main;
        location / {
                #root /data/nignx/vhost2;
                allow all;
        }
        location ~*\.(jpg|png)$ {
                deny 192.168.170.9;
                allow all;
        }
        location ~* ^/(admin|login) {
                auth_basic "admin area";
                auth_basic_user_file /etc/nginx/.ngxpasswd;
        }
        #location ^~ /images/ {
         #       root /data/pictures/;
        #}
 
        location ^~ /images/ {
                alias /data/pictures/;
        }
 
        error_page 404 =202 /notfound.html;
        location = /notfound.html {
                root /data/nginx/error_pages;
        }
        location /ngxstatus {
                stub_status;
        }
}
 
[root@node1 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node1 conf.d]# nginx -s reload
查看访问信息记录日志
[root@node1 conf.d]# tail /var/log/nginx/
access.log        error.log         vhost_access.log  
[root@node1 conf.d]# tail /var/log/nginx/vhost_access.log 
172.17.1.29 - - [10/Nov/2018:16:03:41 +0800] "GET /images/Cloud.jpg HTTP/1.1" 202 20 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"
172.17.1.29 - tom [10/Nov/2018:16:03:47 +0800] "GET /admin/ HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"
[root@node1 conf.d]# 
 
 
 
 
示例9
 
压缩功能
 
[root@node1 nginx]# vi nginx.conf
http {   
    gzip  on;
    gzip_comp_level 6;
    gzip_min_length 64;
    gzip_proxied any;           
    gzip_types text/xml text/css  application/javascript;
}
 
[root@node1 nginx]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node1 nginx]# nginx -s reload
[root@node1 nginx]# cp nginx.conf /data/nginx/vhost/nginx.html
 
浏览器输入http://192.168.170.8/nginx.html  F12看到确实是通过gzip压缩的文本
正常
 
 
 
cp /etc/nginx/conf.d/vhost.conf /etc/nginx/conf.d/vhost.conf.bak
vi /etc/nginx/conf.d/vhost.conf 
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_protocols sslv3 tlsv1 tlsv1.1 tlsv1.2;
ssl_session_cache shared:SSL:10m;
 
 
 
node2 
 
基于ssl安全的网页
 
node2 192.168.170.9 作为发证者
node1 192.168.170.8 作为
[root@node2 ~]#cd /etc/pki/CA/
[root@node2 CA]# ls
certs  crl  newcerts  private
[root@node2 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)   生成私钥；
Generating RSA private key, 2048 bit long modulus
.......+++
..+++
e is 65537 (0x10001)
[root@node2 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 
生成自签证书；
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:magedu
Organizational Unit Name (eg, section) []:devops
Common Name (eg, your name or your server's hostname) []:www.magedu.com
Email Address []:admin@magedu.com
为CA提供所需的目录及文件；
[root@node2 CA]#touch index.txt
[root@node2 CA]#echo 01 > serial
[root@node2 CA]# ls
cacert.pem  crl certs  index.txt  newcerts  private  serial
用到证书的主机生成私钥；
[root@node1 nginx]# mkdir /etc/nginx/ssl
[root@node1 nginx]# cd /etc/nginx/ssl
[root@node1 ssl]# ll
total 0
[root@node1 ssl]# (umask 077;openssl genrsa -out nginx.key 2048)
Generating RSA private key, 2048 bit long modulus
.....................................................................................................................................................+++
.....+++
e is 65537 (0x10001)
生成证书签署请求
[root@node1 ssl]# openssl req -new -key nginx.key -out ngingx.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:magedu
Organizational Unit Name (eg, section) []:devops
Common Name (eg, your name or your server's hostname) []:www.magedu.com
Email Address []:admin@magedu.com
 
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@node1 ssl]# ll
total 8
-rw-r--r--. 1 root root 1058 Nov 10 17:05 ngingx.csr
-rw-------. 1 root root 1679 Nov 10 17:02 nginx.key
[root@node1 ssl]# 
将请求通过可靠方式发送给CA主机；
[root@node1 ssl]# scp ngingx.csr 192.168.170.9:/tmp/
root@192.168.170.9's password: 
ngingx.csr                                    100% 1058    61.9KB/s   00:00    
[root@node1 ssl]# 
在CA主机上签署证书；
[root@node2 CA]# openssl ca -in /tmp/nginx.csr -out /etc/pki/CA/certs/nginx.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Nov 10 09:24:59 2018 GMT
            Not After : Nov 10 09:24:59 2019 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = Beijing
            organizationName          = magedu
            organizationalUnitName    = devops
            commonName                = www.magedu.com
            emailAddress              = tom@magedu.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                4E:FB:76:35:75:55:17:84:C8:1A:58:5A:05:FE:42:9A:8F:A0:FE:97
            X509v3 Authority Key Identifier: 
                keyid:C7:0A:BF:A0:F0:D3:BE:29:53:6E:96:8F:ED:6A:77:6D:D6:56:19:6F
Certificate is to be certified until Nov 10 09:24:59 2019 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
把签署好的证书发给请求者
[root@node2 CA]# scp certs/nginx.crt 192.168.170.8:/etc/nginx/ssl
The authenticity of host '192.168.170.8 (192.168.170.8)' can't be established.
ECDSA key fingerprint is SHA256:ph7qUGHxmdPtYkXCbxolOLOERtICqxvsn5vNVWo/tGg.
ECDSA key fingerprint is MD5:5a:80:04:d4:8e:6d:f5:15:2f:da:18:4e:45:9a:f4:2f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.170.8' (ECDSA) to the list of known hosts.
root@192.168.170.8's password: 
nginx.crt                                               100% 4621     2.7MB/s   00:00
做文件备份
[root@node1 ssl]# cp /etc/nginx/conf.d/vhost.conf /etc/nginx/conf.d/vhost.conf.bak
配置nginx启用ssl功能
[root@node1 ssl]# vi /etc/nginx/conf.d/vhost.conf
server {
        listen 443 ssl;
        server_name www.node1.com;
        root /data/nginx/vhost;
        access_log /var/log/nginx/vhost_access.log main;
        
        ssl on;
        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;
        ssl_protocols sslv3 tlsv1 tlsv1.1 tlsv1.2;
        ssl_session_cache shared:SSL:10m;
        location / {
                #root /data/nignx/vhost2;
                allow all;
        }
        location ~*\.(jpg|png)$ {
                deny 192.168.170.9;
                allow all;
        }
        location ~* ^/(admin|login) {
                auth_basic "admin area";
                auth_basic_user_file /etc/nginx/.ngxpasswd;
        }
        #location ^~ /images/ {
         #       root /data/pictures/;
        #}
        location ^~ /images/ {
                alias /data/pictures/;
        }
        error_page 404 =202 /notfound.html;
        location = /notfound.html {
                root /data/nginx/error_pages;
        }
        location /ngxstatus {
                stub_status;
        }
}
"/etc/nginx/conf.d/vhost.conf" 40L, 948C written
[root@node1 ssl]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node1 ssl]# nginx -s reload
[root@node1 ssl]# 
[root@node1 ssl]# ss -tunlp
Netid  State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
tcp    LISTEN     0      128            *:443                        *:*                   users:(("nginx",pid=20180,fd=14),("nginx",pid=20179,fd=14),("nginx",pid=17585,fd=14))
浏览器输入https://192.168.170.8
vhost
正常

二、简述Linux集群类型、系统扩展方式及调度方法


Cluster：计算机集合，为解决某个特定问题组合起来形成的单个系统；
Linux Cluster类型：
		LB：Load Balancing，负载均衡；
		HA：High Availiablity，高可用；
			A=MTBF/（MTBF+MTTR）
				(0,1)：90%, 95%, 99%, 99.5%,  99.9%, 99.99%, 99.999%, 99.9999%
		HP：High Performance，高性能；把计算复杂的问题，把计算量分散到多个CPU上。
		
			www.top500.org
			
		分布式系统：
			分布式存储，是将数据分散存储在多台独立的设备上。传统的网络存储系统采用集中的存储服务器存放所有数据，存储服务器成为系统性能的瓶颈，也是可靠性和安全性的焦点，不能满足大规模存储应用的需要。分布式网络存储系统采用可扩展的系统结构，利用多台存储服务器分担存储负荷，利用位置服务器定位存储信息，它不但提高了系统的可靠性、可用性和存取效率，还易于扩展。
			
			分布式计算，是将计算很复杂的问题分散到多个计算机来处理，最后将结果汇总到一个计算机上显示
		
	系统扩展方式：
		Scale UP：向上扩展，更换性能更强的主机，服务器能承受大量的用户请求，性价比低。
		Scale Out：向外扩展，增加主机数量使得客户端请求响应时，客户端请求能在多个服务器之间均衡分配。性价比高 
ipvs scheduler：
		根据其调度时是否考虑各RS当前的负载状态，可分为静态方法和动态方法两种：
			
			静态方法：仅根据算法本身进行调度；起点公平
				RR：roundrobin，轮询；
				WRR：Weighted RR，加权轮询；weight越大越优先
				SH：Source Hashing，实现session sticky，源IP地址hash；将来自于同一个IP地址的请求始终发往第一次挑中的RS，从而实现会话绑定，RS挂了会话丢失，可靠性不高；
				DH：Destination Hashing；目标地址哈希，将发往同一个目标地址的请求始终转发至第一次挑中的RS，典型使用场景是正向代理缓存场景中的负载均衡；
			
			动态方法：主要根据每RS当前的负载状态及调度算法进行调度；结果公平
				Overhead=计算后端服务器当前的负载值
			
				LC：least connections 谁少挑选谁
					Overhead=activeconns*256+inactiveconns
				WLC：Weighted LC
					Overhead=(activeconns*256+inactiveconns)/weight
				SED：Shortest Expection Delay
					Overhead=(activeconns+1)*256/weight
				NQ：Never Queue
				
				LBLC：Locality-Based LC，动态的DH算法；
				LBLCR：LBLC with Replication，带复制功能的LBLC，服务器之间可以缓存项共享，使得lvs在失去平衡下拉回；

三、简述lvs四种集群有点及使用场景


lvs-nat：
	多目标IP的DNAT，通过将请求报文中的目标地址和目标端口修改为某挑出的RS的RIP和PORT实现转发；
				
		（1）RIP和DIP必须在同一个IP网络，且应该使用私网地址；RS的网关要指向DIP；
		（2）请求报文和响应报文都必须经由Director转发；Director易于成为系统瓶颈；
		（3）支持端口映射，可修改请求报文的目标PORT；
		（4）vs必须是Linux系统，rs可以是任意系统；
lvs-dr：
	Direct Routing，直接路由；
				
	通过为请求报文重新封装一个MAC首部进行转发，源MAC是DIP所在的接口的MAC，目标MAC是某挑选出的RS的RIP所在接口的MAC地址；源IP/PORT，以及目标IP/PORT均保持不变；
				
	Director和各RS都得配置使用VIP；
				
		(1) 确保前端路由器将目标IP为VIP的请求报文发往Director：
				(a) 在前端网关做静态绑定；
				(b) 在RS上使用arptables；
				(c) 在RS上修改内核参数以限制arp通告及应答级别；
					arp_announce
					arp_ignore
		(2) RS的RIP可以使用私网地址，也可以是公网地址；RIP与DIP在同一IP网络；RIP的网关不能指向DIP，以确保响应报文不会经由Director；
		(3) RS跟Director要在同一个物理网络；
		(4) 请求报文要经由Director，但响应不能经由Director，而是由RS直接发往Client；
		(5) 不支持端口映射；
 
lvs-tun：
	转发方式：不修改请求报文的IP首部（源IP为CIP，目标IP为VIP），而是在原IP报文之外再封装一个IP首部（源IP是DIP，目标IP是RIP），将报文发往挑选出的目标RS；RS直接响应给客户端（源IP是VIP，目标IP是CIP）；
				
		(1) DIP, VIP, RIP都应该是公网地址；
		(2) RS的网关不能，也不可能指向DIP；
		(3) 请求报文要经由Director，但响应不能经由Director；
		(4) 不支持端口映射；
		(5) RS的OS得支持隧道功能；
				
lvs-fullnat：
	通过同时修改请求报文的源IP地址和目标IP地址进行转发；
		CIP <--> DIP 
		VIP <--> RIP 
				
		(1) VIP是公网地址，RIP和DIP是私网地址，且通常不在同一IP网络；因此，RIP的网关一般不会指向DIP；
		(2) RS收到的请求报文源地址是DIP，因此，只能响应给DIP；但Director还要将其发往Client；
		(3) 请求和响应报文都经由Director；
		(4) 支持端口映射；
				
		注意：此类型默认不支持；

4、描述LVS-NAT、LVS-DR的工作原理并实现配置

声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/w/我家自动化/article/detail/684984