Answer the question
In order to leave comments, you need to log in
I
I
Igor2016-04-14 17:44:56
Igor, 2016-04-14 17:44:56
Load balancing on NGiNX?
Comrades, it's already unbearable. I have a need to load balance using nginx on a cluster. Balancing with ngx_http_upstream_module and proxy_pass . In the manuals, everything is described surprisingly elementary, but ...
nginx.conf:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
upstream apps {
server 192.168.1.237:8080;
server 192.168.1.240:8080;
}
server {
listen 80;
server_name _;
location / {
proxy_pass http://apps;
}
}
}In this case, 192.168.1.135 returned me “ The page you are looking for is temporarily unavailable. Please try again later ”, despite the fact that 192.168.1.237 and 192.168.1.240 were pinged, links with port 8080 were opened, curl , wget from the balancer server to the end hosts work, elinks opened sites normally from there.
error.log was frighteningly obscure:
2016/04/13 18:36:59 [crit] 5427#0: *20 connect() to 192.168.1.240:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.1.15, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.1.240:8080/", host: "192.168.1.135"
2016/04/13 18:36:59 [crit] 5427#0: *20 connect() to 192.168.1.237:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.1.15, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.1.237:8080/", host: "192.168.1.135"At this stage, I had the first serious plug, from which I was taken out yesterday ( perhaps by mistake? ), advising me to do:
sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx
sudo semodule -i mynginx.ppAfter that, the problem moved to a new stage: with this config, going to the IP address 192.168.1.135 redirects not to the IP addresses specified in upstream , but literally to http://apps. And then I hung in earnest and for a long time.
UPD 21042016 : after dancing with a tambourine, now upstream regularly takes ip 192.168.1.135, trying to redirect where necessary, but, the dog, ascribes to itself the port of the node 8080, and tries to climb to 192.168.1.135:8080, where there is nothing.
Comrades, tell me where I turned the wrong way and what am I doing wrong? If you believe the numerous descriptions, the entire balancer setup is as simple as doors and starts with a half-kick ...
System: CentOS 7 Minimal.
3 answer(s)
@Lopar
Given that the original problem with SELinux remains, we need to look away
After which the system starts working as intended.
@Fixid
I
Igor, 2016-04-21 @Lopar
Workable option:
location / {
proxy_pass http://apps;
proxy_redirect http://192.168.1.135:8080 http://192.168.1.135;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}Given that the original problem with SELinux remains, we need to look away
getsebool -a | grep httpd, and if the setting is http_can_network_connectdisabled, we need to enable it: After which the system starts working as intended.
F
Fixid, 2016-04-14 @Fixid
Missing proxy_pass
http://00.00.00.00:80/zabbix/ ;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Rather, everyone screwed up with the config. Write the entire config.
semodule was changed in vain, this is the second error
Similar questions
U
A
T
D
O
Olga2019-04-15 20:49:25
How to properly set up a 301 redirect in Nginx when redesigning a site?
0Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question