江苏龙网

  1. 主页 > 生活百科 > >

「Nginx」实现负载均衡、限流、缓存、黑白名单和灰度发布( 二 )

Nginx

在本地磁盘创建一个文件目录,根据设置,将请求的资源以K-V形式缓存在此目录当中,KEY需要自己定义(这里用的是url的hash值),同时可以根据需要指定某内容的缓存时长,比如状态码为200缓存10分钟,状态码为301,302的缓存5分钟,其他所有内容缓存1分钟等等 。
可以通过purger的功能清理缓存 。
AB测试/个性化需求时应禁用掉浏览器缓存 。

「Nginx」实现负载均衡、限流、缓存、黑白名单和灰度发布

文章插图
 
Nginx黑名单1.一般配置location / {deny192.168.1.1;deny 192.168.1.0/24;allow 10.1.1.0/16;allow 2001:0db8::/32;denyall;}2. Lua+redis动态黑名单(OpenResty)安装运行
yum install yum-utilsyum-config-manager --add-repo https://openresty.org/package/centos/openresty.repoyum install openrestyyum install openresty-resty查看yum --disablerepo="*" --enablerepo="openresty" list available运行service openresty start配置(
/usr/local/openresty/nginx/conf/nginx.conf)
lua_shared_dict ip_blacklist 1m;server {listen80;location / {access_by_lua_file lua/ip_blacklist.lua;proxy_pass http://real_server;}}lua脚本(ip_blacklist.lua)
local redis_host= "192.168.1.132"local redis_port= 6379local redis_pwd= 123456local redis_db = 2-- connection timeout for redis in ms.local redis_connection_timeout = 100-- a set key for blacklist entrieslocal redis_key= "ip_blacklist"-- cache lookups for this many secondslocal cache_ttl= 60-- end configurationlocal ip= ngx.var.remote_addrlocal ip_blacklist= ngx.shared.ip_blacklistlocal last_update_time= ip_blacklist:get("last_update_time");-- update ip_blacklist from Redis every cache_ttl seconds:if last_update_time == nil or last_update_time < ( ngx.now() - cache_ttl ) thenlocal redis = require "resty.redis";local red = redis:new();red:set_timeout(redis_connect_timeout);local ok, err = red:connect(redis_host, redis_port);if not ok thenngx.log(ngx.ERR, "Redis connection error while connect: " .. err);elselocal ok, err = red:auth(redis_pwd)if not ok thenngx.log(ngx.ERR, "Redis password error while auth: " .. err);elselocal new_ip_blacklist, err = red:smembers(redis_key);if err thenngx.log(ngx.ERR, "Redis read error while retrieving ip_blacklist: " .. err);elsengx.log(ngx.ERR, "Get data success:" .. new_ip_blacklist)-- replace the locally stored ip_blacklist with the updated values:ip_blacklist:flush_all();for index, banned_ip in ipairs(new_ip_blacklist) doip_blacklist:set(banned_ip, true);end-- update timeip_blacklist:set("last_update_time", ngx.now());endendendendif ip_blacklist:get(ip) thenngx.log(ngx.ERR, "Banned IP detected and refused access: " .. ip);return ngx.exit(ngx.HTTP_FORBIDDEN);end 
「Nginx」实现负载均衡、限流、缓存、黑白名单和灰度发布

文章插图
 
Nginx灰度发布1.根据Cookie实现灰度发布根据Cookie查询version值,如果该version值为v1转发到host1,为v2转发到host2,都不匹配的情况下转发到默认配置 。
upstream host1 {server 192.168.2.46:2001 weight=1;#轮询服务器和访问权重server 192.168.2.46:2002 weight=2;}upstream host2 {server 192.168.1.155:1111max_fails=1 fail_timeout=60;}upstream default {server 192.168.1.153:1111max_fails=1 fail_timeout=60;}map $COOKIE_version $group {~*v1$ host1;~*v2$ host2;default default;}lua_shared_dict ip_blacklist 1m;server {listen80;#set $group "default";#if ($http_cookie ~* "version=v1"){#set $group host1;#}#if ($http_cookie ~* "version=v2"){#set $group host2;#}location / {access_by_lua_file lua/ip_blacklist.lua;proxy_pass http://$group;}}2.根据来路IP实现灰度发布server {……………set $group default;if ($remote_addr ~ "192.168.119.1") {set $group host1;}if ($remote_addr ~ "192.168.119.2") {set $group host2;}3.更细粒度灰度发布参考:
https://github.com/sunshinelyz/ABTestingGateway




推荐阅读


上一篇:荣寿固伦公主和慈禧,

下一篇:赵匡胤有多厉害,赵匡胤演义武功排名