反向代理与负载均衡
2026/1/15大约 2 分钟
反向代理与负载均衡
反向代理
基本配置
server {
listen 80;
server_name api.example.com;
location / {
proxy_pass http://127.0.0.1:8080;
# 传递请求头
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}路径重写
# /api/users -> http://backend/users
location /api/ {
proxy_pass http://backend/;
}
# /api/users -> http://backend/api/users
location /api/ {
proxy_pass http://backend;
}
# 使用 rewrite
location /old-api/ {
rewrite ^/old-api/(.*)$ /new-api/$1 break;
proxy_pass http://backend;
}WebSocket 代理
location /ws {
proxy_pass http://websocket_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_read_timeout 3600s;
}负载均衡
upstream 配置
# 定义后端服务器组
upstream backend {
server 192.168.1.10:8080 weight=3;
server 192.168.1.11:8080 weight=2;
server 192.168.1.12:8080 weight=1;
server 192.168.1.13:8080 backup; # 备用服务器
}
server {
listen 80;
location / {
proxy_pass http://backend;
}
}负载均衡策略
# 1. 轮询(默认)
upstream backend {
server 192.168.1.10:8080;
server 192.168.1.11:8080;
}
# 2. 加权轮询
upstream backend {
server 192.168.1.10:8080 weight=3;
server 192.168.1.11:8080 weight=1;
}
# 3. IP Hash(会话保持)
upstream backend {
ip_hash;
server 192.168.1.10:8080;
server 192.168.1.11:8080;
}
# 4. 最少连接
upstream backend {
least_conn;
server 192.168.1.10:8080;
server 192.168.1.11:8080;
}
# 5. URL Hash
upstream backend {
hash $request_uri consistent;
server 192.168.1.10:8080;
server 192.168.1.11:8080;
}健康检查
upstream backend {
server 192.168.1.10:8080 max_fails=3 fail_timeout=30s;
server 192.168.1.11:8080 max_fails=3 fail_timeout=30s;
# 被动健康检查参数
# max_fails: 失败次数阈值
# fail_timeout: 失败后暂停时间
}服务器状态
upstream backend {
server 192.168.1.10:8080; # 正常
server 192.168.1.11:8080 weight=2; # 权重
server 192.168.1.12:8080 backup; # 备用
server 192.168.1.13:8080 down; # 下线
server 192.168.1.14:8080 max_conns=100; # 最大连接数
}完整配置示例
# 后端服务
upstream api_servers {
least_conn;
server 10.0.0.1:8080 weight=3 max_fails=3 fail_timeout=30s;
server 10.0.0.2:8080 weight=2 max_fails=3 fail_timeout=30s;
server 10.0.0.3:8080 weight=1 backup;
keepalive 32; # 保持连接数
}
upstream websocket_servers {
ip_hash;
server 10.0.0.4:8081;
server 10.0.0.5:8081;
}
server {
listen 80;
server_name app.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name app.example.com;
ssl_certificate /etc/nginx/ssl/app.crt;
ssl_certificate_key /etc/nginx/ssl/app.key;
# 静态资源
location /static/ {
alias /var/www/static/;
expires 30d;
}
# API 代理
location /api/ {
proxy_pass http://api_servers/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_connect_timeout 10s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_next_upstream error timeout http_500 http_502 http_503;
proxy_next_upstream_tries 3;
}
# WebSocket
location /ws/ {
proxy_pass http://websocket_servers/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_read_timeout 3600s;
}
# 前端应用
location / {
root /var/www/html;
try_files $uri $uri/ /index.html;
}
}灰度发布
# 基于 Cookie
upstream backend_v1 {
server 10.0.0.1:8080;
}
upstream backend_v2 {
server 10.0.0.2:8080;
}
map $cookie_version $backend {
default backend_v1;
"v2" backend_v2;
}
server {
location / {
proxy_pass http://$backend;
}
}
# 基于权重
split_clients "${remote_addr}" $variant {
10% backend_v2;
* backend_v1;
}限流配置
# 定义限流区域
limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;
limit_conn_zone $binary_remote_addr zone=conn_limit:10m;
server {
location /api/ {
# 请求速率限制
limit_req zone=api_limit burst=20 nodelay;
# 连接数限制
limit_conn conn_limit 10;
proxy_pass http://backend;
}
}