网硕互联帮助中心📦 Nginx学习笔记(五)——Nginx后端服务器组配置
⚙️ 一、upstream模块架构解析
#mermaid-svg-86KFfZFF6SaSgNck {font-family:\”trebuchet ms\”,verdana,arial,sans-serif;font-size:16px;fill:#333;}#mermaid-svg-86KFfZFF6SaSgNck .error-icon{fill:#552222;}#mermaid-svg-86KFfZFF6SaSgNck .error-text{fill:#552222;stroke:#552222;}#mermaid-svg-86KFfZFF6SaSgNck .edge-thickness-normal{stroke-width:2px;}#mermaid-svg-86KFfZFF6SaSgNck .edge-thickness-thick{stroke-width:3.5px;}#mermaid-svg-86KFfZFF6SaSgNck .edge-pattern-solid{stroke-dasharray:0;}#mermaid-svg-86KFfZFF6SaSgNck .edge-pattern-dashed{stroke-dasharray:3;}#mermaid-svg-86KFfZFF6SaSgNck .edge-pattern-dotted{stroke-dasharray:2;}#mermaid-svg-86KFfZFF6SaSgNck .marker{fill:#333333;stroke:#333333;}#mermaid-svg-86KFfZFF6SaSgNck .marker.cross{stroke:#333333;}#mermaid-svg-86KFfZFF6SaSgNck svg{font-family:\”trebuchet ms\”,verdana,arial,sans-serif;font-size:16px;}#mermaid-svg-86KFfZFF6SaSgNck .label{font-family:\”trebuchet ms\”,verdana,arial,sans-serif;color:#333;}#mermaid-svg-86KFfZFF6SaSgNck .cluster-label text{fill:#333;}#mermaid-svg-86KFfZFF6SaSgNck .cluster-label span{color:#333;}#mermaid-svg-86KFfZFF6SaSgNck .label text,#mermaid-svg-86KFfZFF6SaSgNck span{fill:#333;color:#333;}#mermaid-svg-86KFfZFF6SaSgNck .node rect,#mermaid-svg-86KFfZFF6SaSgNck .node circle,#mermaid-svg-86KFfZFF6SaSgNck .node ellipse,#mermaid-svg-86KFfZFF6SaSgNck .node polygon,#mermaid-svg-86KFfZFF6SaSgNck .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#mermaid-svg-86KFfZFF6SaSgNck .node .label{text-align:center;}#mermaid-svg-86KFfZFF6SaSgNck .node.clickable{cursor:pointer;}#mermaid-svg-86KFfZFF6SaSgNck .arrowheadPath{fill:#333333;}#mermaid-svg-86KFfZFF6SaSgNck .edgePath .path{stroke:#333333;stroke-width:2.0px;}#mermaid-svg-86KFfZFF6SaSgNck .flowchart-link{stroke:#333333;fill:none;}#mermaid-svg-86KFfZFF6SaSgNck .edgeLabel{background-color:#e8e8e8;text-align:center;}#mermaid-svg-86KFfZFF6SaSgNck .edgeLabel rect{opacity:0.5;background-color:#e8e8e8;fill:#e8e8e8;}#mermaid-svg-86KFfZFF6SaSgNck .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#mermaid-svg-86KFfZFF6SaSgNck .cluster text{fill:#333;}#mermaid-svg-86KFfZFF6SaSgNck .cluster span{color:#333;}#mermaid-svg-86KFfZFF6SaSgNck div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:\”trebuchet ms\”,verdana,arial,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#mermaid-svg-86KFfZFF6SaSgNck :root{–mermaid-font-family:\”trebuchet ms\”,verdana,arial,sans-serif;}
客户端请求
Nginx前端
upstream模块
后端服务器1
后端服务器2
后端服务器3
返回响应
客户端
核心机制: Nginx的upstream模块建立了一个虚拟服务器池,通过负载均衡算法将请求分发到多个后端服务器。这种架构提供三大核心能力:
📌 二、基础配置语法
http {
upstream backend {
# 服务器配置
server 192.168.1.101:8080 weight=5;
server 192.168.1.102:8080;
server backup.example.com:8080 backup;
# 负载均衡算法
least_conn;
# 健康检查
max_fails=3;
fail_timeout=30s;
}
server {
location / {
proxy_pass http://backend;
}
}
}
⚖ 三、负载均衡策略深度解析
#mermaid-svg-dxQmxkLp2x471FOG {font-family:\”trebuchet ms\”,verdana,arial,sans-serif;font-size:16px;fill:#333;}#mermaid-svg-dxQmxkLp2x471FOG .error-icon{fill:#552222;}#mermaid-svg-dxQmxkLp2x471FOG .error-text{fill:#552222;stroke:#552222;}#mermaid-svg-dxQmxkLp2x471FOG .edge-thickness-normal{stroke-width:2px;}#mermaid-svg-dxQmxkLp2x471FOG .edge-thickness-thick{stroke-width:3.5px;}#mermaid-svg-dxQmxkLp2x471FOG .edge-pattern-solid{stroke-dasharray:0;}#mermaid-svg-dxQmxkLp2x471FOG .edge-pattern-dashed{stroke-dasharray:3;}#mermaid-svg-dxQmxkLp2x471FOG .edge-pattern-dotted{stroke-dasharray:2;}#mermaid-svg-dxQmxkLp2x471FOG .marker{fill:#333333;stroke:#333333;}#mermaid-svg-dxQmxkLp2x471FOG .marker.cross{stroke:#333333;}#mermaid-svg-dxQmxkLp2x471FOG svg{font-family:\”trebuchet ms\”,verdana,arial,sans-serif;font-size:16px;}#mermaid-svg-dxQmxkLp2x471FOG .label{font-family:\”trebuchet ms\”,verdana,arial,sans-serif;color:#333;}#mermaid-svg-dxQmxkLp2x471FOG .cluster-label text{fill:#333;}#mermaid-svg-dxQmxkLp2x471FOG .cluster-label span{color:#333;}#mermaid-svg-dxQmxkLp2x471FOG .label text,#mermaid-svg-dxQmxkLp2x471FOG span{fill:#333;color:#333;}#mermaid-svg-dxQmxkLp2x471FOG .node rect,#mermaid-svg-dxQmxkLp2x471FOG .node circle,#mermaid-svg-dxQmxkLp2x471FOG .node ellipse,#mermaid-svg-dxQmxkLp2x471FOG .node polygon,#mermaid-svg-dxQmxkLp2x471FOG .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#mermaid-svg-dxQmxkLp2x471FOG .node .label{text-align:center;}#mermaid-svg-dxQmxkLp2x471FOG .node.clickable{cursor:pointer;}#mermaid-svg-dxQmxkLp2x471FOG .arrowheadPath{fill:#333333;}#mermaid-svg-dxQmxkLp2x471FOG .edgePath .path{stroke:#333333;stroke-width:2.0px;}#mermaid-svg-dxQmxkLp2x471FOG .flowchart-link{stroke:#333333;fill:none;}#mermaid-svg-dxQmxkLp2x471FOG .edgeLabel{background-color:#e8e8e8;text-align:center;}#mermaid-svg-dxQmxkLp2x471FOG .edgeLabel rect{opacity:0.5;background-color:#e8e8e8;fill:#e8e8e8;}#mermaid-svg-dxQmxkLp2x471FOG .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#mermaid-svg-dxQmxkLp2x471FOG .cluster text{fill:#333;}#mermaid-svg-dxQmxkLp2x471FOG .cluster span{color:#333;}#mermaid-svg-dxQmxkLp2x471FOG div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:\”trebuchet ms\”,verdana,arial,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#mermaid-svg-dxQmxkLp2x471FOG :root{–mermaid-font-family:\”trebuchet ms\”,verdana,arial,sans-serif;}
轮询
加权轮询
IP哈希
最少连接
随机
请求
负载均衡策略
Server1
Server2
Server3
Server4
Server5
轮询(Round Robin) 默认策略,按配置文件顺序依次分发请求
upstream backend {
server 192.168.1.101;
server 192.168.1.102;
}
加权轮询(Weighted Round Robin) 根据服务器处理能力分配权重
upstream backend {
server 192.168.1.101 weight=3; # 处理60%请求
server 192.168.1.102 weight=2; # 处理40%请求
}
IP哈希(IP Hash) 基于客户端IP的会话保持方案
upstream backend {
ip_hash;
server 192.168.1.101;
server 192.168.1.102;
}
最少连接(Least Connections) 动态选择当前连接数最少的服务器
upstream backend {
least_conn;
server 192.168.1.101;
server 192.168.1.102;
}
随机负载(Random) 随机选择后端服务器,支持加权随机
upstream backend {
random;
server 192.168.1.101 weight=2;
server 192.168.1.102 weight=1;
}
🩺 四、健康检查与容错机制
upstream backend {
server 192.168.1.101 max_fails=3 fail_timeout=30s;
server 192.168.1.102 max_fails=2 fail_timeout=60s;
# 被动健康检查
health_check interval=5s fails=3 passes=2;
health_check_timeout 3s;
# 备份服务器
server backup1.example.com:8080 backup;
server backup2.example.com:8080 backup;
}
健康检查参数详解:
| max_fails | 1 | 允许失败次数 |
| fail_timeout | 10s | 失败后暂停时间 |
| slow_start | 0 | 恢复后权重渐变时间 |
| backup | – | 标记为备用服务器 |
🔗 五、连接优化参数
upstream backend {
server 192.168.1.101;
# 连接池设置
keepalive 32; # 每个worker保持的连接数
keepalive_requests 1000; # 单个连接最大请求数
keepalive_timeout 60s; # 空闲连接超时
# 连接参数
proxy_connect_timeout 3s; # 连接后端超时
proxy_read_timeout 30s; # 读取响应超时
proxy_send_timeout 30s; # 发送请求超时
}
🧩 六、多场景配置案例
多协议支持
# TCP负载均衡
stream {
upstream tcp_backend {
server 192.168.1.101:3306;
server 192.168.1.102:3306;
}
server {
listen 3306;
proxy_pass tcp_backend;
}
}
# UDP负载均衡
stream {
upstream dns_servers {
server 192.168.1.201:53;
server 192.168.1.202:53;
}
server {
listen 53 udp;
proxy_pass dns_servers;
}
}
多区域部署
upstream global_backend {
# 北美区域
server us-east1.example.com;
server us-west1.example.com;
# 欧洲区域
server eu-central1.example.com;
# 故障转移
server backup.example.com backup;
}
金丝雀发布
upstream backend {
# 正式版本 (90%流量)
server 192.168.1.101 weight=90;
# 金丝雀版本 (10%流量)
server 192.168.1.102 weight=10;
}
会话持久化
# 基于cookie的会话保持
upstream backend {
sticky cookie srv_id expires=1h domain=.example.com path=/;
server 192.168.1.101;
server 192.168.1.102;
}
# 基于路由的会话保持
map $request_uri $persist_key {
~/user/([^/]+) $1;
default $remote_addr;
}
upstream backend {
hash $persist_key consistent;
server 192.168.1.101;
server 192.168.1.102;
}
🛡 七、安全增强配置
upstream backend {
server 192.168.1.101;
# 访问控制
deny 192.168.1.50; # 屏蔽特定IP
allow 10.0.0.0/8; # 允许内网访问
# SSL终端到终端加密
server 192.168.1.102:443 ssl;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
# 连接限制
zone backend 10m; # 共享内存区
queue 100 timeout=60s; # 排队请求数
}
📊 八、监控与日志
# 自定义日志格式
log_format upstream_log '$remote_addr – $upstream_addr '
'$upstream_status $upstream_response_time '
'"$request" $status $body_bytes_sent';
# upstream状态监控
location /upstream_status {
stub_status;
allow 127.0.0.1;
deny all;
access_log off;
}
# Prometheus监控
location /metrics {
content_by_lua_block {
metric_connections = ngx.shared.metrics:get("connections") or 0
ngx.say("nginx_upstream_connections ", metric_connections)
}
}
⚠ 九、常见陷阱与解决方案
502 Bad Gateway错误
# 解决方案:调整超时参数
proxy_connect_timeout 5s;
proxy_read_timeout 60s;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
后端服务器过载
# 解决方案:添加限流
limit_req_zone $binary_remote_addr zone=backend:10m rate=10r/s;
location / {
limit_req zone=backend burst=20;
proxy_pass http://backend;
}
会话不一致问题
# 解决方案:启用会话保持
upstream backend {
sticky route $request_uri;
server 192.168.1.101;
server 192.168.1.102;
}
🧪 十、性能压测方案
# 使用wrk进行压力测试
wrk -t12 -c400 -d30s -s post.lua http://backend.example.com/api
# 监控命令
watch -n 1 "echo 'show pools' | nc 127.0.0.1 9000 | grep backend"
性能优化参数:
events {
worker_connections 10240; # 增加连接数
}
http {
# 内核优化
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# upstream连接复用
proxy_http_version 1.1;
proxy_set_header Connection "";
}
🔍 配置验证与调试
# 详细日志记录
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
log_format debug_log '$upstream_addr $upstream_response_time $upstream_status';
# 调试端点
location /backend_debug {
proxy_pass http://backend;
add_header X-Backend-Addr $upstream_addr;
add_header X-Backend-Response-Time $upstream_response_time;
access_log /var/log/nginx/backend_debug.log debug_log;
}
📚 推荐阅读: Nginx官方文档 – HTTP负载均衡 Nginx Cookbook – 高级负载均衡技术
评论前必须登录!
注册