Contents
Preface
I am now used to two ways of deploying nginx: Baota Panel and Docker. Among them, the nginx of Baota Panel is mainly used for SSL decryption and reverse proxy, focusing on convenience (for detailed configuration steps, see:Linux panel series configure reverse proxy and use non-443 port for publishing); nginx deployed by docker is mainly used together with PHP deployed by docker to meet my needs for building a website (for detailed configuration steps, see:Docker series single container nginx, single container php (one version) multi-site sharing).
However, now the community version of WAF in Changting Leichi does not support load balancing:
Only the professional version supports multiple upstream servers (the professional version costs more than 1,500 yuan a year), which I can't afford, so I can only add a load balancer under the waf of Changting Lei Chi to achieve it.
There are two load balancing methods to choose from:
1. Zevenet Community Edition:
The advantage of zevenet is that it has a graphical interface, and the common functions of the community version are also no problem. However, I always feel that relatively speaking, nginx is a little more lightweight, and nginx can do more things.
2. nginx
The upstream function of nginx can realize the general load balancing function, but there is no graphical interface, which is a pain. Although writing configuration is not difficult, after being used to GUI such as F5 and A10, it always feels awkward for me to write configuration files directly, and it is not easy to display and screenshot, so I can't help but think that it would be great if nginx had a graphical interface...
At this time, I found nginxwebui (project address:https://github.com/cym1102/nginxWebUI):
The official description is as follows:
nginxWebUI is a graphical tool for managing nginx configuration. You can use the web page to quickly configure the various functions of nginx, including http protocol forwarding, tcp protocol forwarding, reverse proxy, load balancing, static html server, ssl certificate automatic application, renewal, configuration, etc. After configuration, you can generate the nginx.conf file in one go, and control nginx to use this file to start and reload, completing the graphical control closed loop of nginx.
This aroused my great interest. This article is a record of the process of researching and tinkering with nginxwebui.
Deploy nginxwebui
Nginxwebui can be deployed in Linux and Windows, and you need to install Nginx and Java environment respectively; it can also be deployed in Docker mode. According to management, Docker is preferred, so this article will directly deploy it in Docker mode.
Pre-deploy nginxwebui
First use the simplest command to create nginxwebui:
docker run --name nginxwebui -d -e BOOT_OPTIONS="--server.port=8080" --privileged=true cym1102/nginxwebui:latest
Then the inside of the container/home/nginxWebUI
Copy the directory to the host machine/docker
In the table of contents:
docker cp nginxwebui:/home/nginxWebUI /docker
The purpose of doing this is to copy the contents of the folder required for the normal deployment of nginxwebui first, because if you directly use the -v parameter to mount an empty folder on the host into the container, the container will not start at all.
To delete a container:
docker stop nginxwebui docker rm nginxwebui
Officially deploy nginxwebui
The docker format command is as follows:
docker run --name nginxwebui -d --restart=always \ -v /docker/nginxWebUI:/home/nginxWebUI \ #Mount the host directory into the container -e BOOT_OPTIONS="--server.port=8080" \ #The parameter can be filled with java startup parameters, and the port number can be modified by this parameter;--server.port occupies the port, and if it is not filled in, it will start with port 8080 by default--privileged=true \ #Give the root user in the container real root authority-p 80:80 -p 443:443 -p 8080:8080 \ #In fact, the author of nginxwebui recommends using host mode, but I only need 80, 443 and 8080 (8080 is the management port), so I specified these 3 ports. You can modify the mapped ports according to your actual environmentcym1102/nginxwebui:latest /bin/bash
Note: Please remove # and the following comments.
Configure nginxwebui
Initialize nginxwebui
usehttp://host ip:8080
Log in to nginxwebui:
Log in with the newly created account:
The following is the interface of nginxwebui:
The upper right corner provides a tutorial:
Pre-configuration
Local-Reverse Proxy (server)
In the reverse proxy menu, you can configure the reverse proxy function to configurewww.example.com
Take the reverse proxy as an example:
Local-Stream parameter configuration
Starting from 1.9.0, nginx has added a new stream module to implement forwarding, proxy or load balancing of layer 4 protocols.
The layer 4 forwarding implemented by nginx through stream is different from that of lvs: stream implements layer 4 forwarding in proxy mode, while lvs forwards directly. Therefore, the performance of layer 4 forwarding in stream mode is slightly inferior to that in lvs, but in some special environments, the proxy mode provides a better experience.
Among professional load balancing devices, F5's 4-layer load balancing uses the proxy mode (and only supports this mode), while A10's 4-layer mode can choose between TCP and TCP proxy. In some special cases, the TCP mode will have problems, the most common of which is the link load balancing scenario. Because the delay of access requests from the WAN is too different from the delay of the intranet, using the direct forwarding mode will cause strange access problems. In this case, it is enough to change to the TCP proxy mode. I have also encountered problems with the TCP proxy, but changing to TCP fixed the problem. . .
Local-Load Balancing (upstream)
The main thing here is to add an upstream group, and then use the proxy type in the reverse proxy settings mentioned earlier to achieve load balancing.
Then set it in the reverse proxy menu:
If it is a layer 4 load balancing, you need to select the forwarding type as tcp/udp when creating an upstream group:
Then set it in the reverse proxy menu:
Local-static web page upload
当我们要以源码方式对app进行部署的时候,需要nginxwebui的反向代理的代理类型选择”静态html”,然后使用root指定工作目录,而在这之前,需要先将源码文件上传到nginxwebui的指定目录里。
Compress the source code folder to be uploaded into a zip package format, and then specify the working directory. The -v parameter used when we created docker earlier specifies the path /home/nginxWebUI mounted on the host to the container, so create an html directory directly under this path (take www.example.com.zip as an example):
At this time, the zip package has been automatically decompressed to
/home/nginxWebUI/html/www.example.com
:Then configure it in the reverse proxy:
In the above figure, the proxy target can be root mode or alias mode. You can choose according to your own configuration habits.
Local-Certificate Management
在证书管理中可添加证书, 并进行签发(通过Let’s encrypt申请证书, 只支持在linux下签发证书。)和续签, 开启定时续签后, 系统会自动续签即将过期的证书(只有超过60天的证书才会进行续签),证书的签发是用的acme.sh
ofDNS
model:
Local-Other Settings
There are some other settings, which are very simple and clear, so I won’t explain them one by one:
There are some others, which I won’t list one by one.
local-enable-config
nginxwebui比较有特色的一点,是上面这些配置其实都只能算是预配置,所有上面的设置并未生效,需要在启用配置菜单下点击”替换文件”才能生效:
点击”替换文件”之后:
默认是所有配置都在nginx.conf中,如果大家喜欢按不同域名分为多个文件,可以打开”按域名分解文件”开关:
This makes it much more refreshing overall.
System Management - Remote Server
If there are multiple nginxwebui servers, you can log in to one of them, add the IP and username and password of other servers in remote management, and then you can manage all nginx servers on one machine.
At the same time, nginxwebui also provides a one-click synchronization function, which can synchronize the data configuration and certificate files of a server to other servers. The remote server interface is as follows:
Summarize
In fact, everyone is used to configuring nginx in different ways. For example, I am more used to using the official nginx in docker to build websites. Using nginxwebui will reduce efficiency. However, for those who are not so familiar with nginx configuration, I think nginxwebui is a good helper, and the graphical interface makes the configuration more intuitive and the display effect is good. It is a very good nginx configuration auxiliary tool. However, nginxwebui can only cover the common 90% functions of nginx. Some advanced functions that are not included still need to be manually added in the final generated nginx.conf file.
I use nginxwebui specifically for layer 4 and 7 load balancing (usually layer 4 load balancing is sufficient), and the planned structure is finally fully achieved: