Load balancing on NGiNX?

I

Igor2016-04-14 17:44:56

Nginx

Igor, 2016-04-14 17:44:56

Comrades, it's already unbearable. I have a need to load balance using nginx on a cluster. Balancing with ngx_http_upstream_module and proxy_pass . In the manuals, everything is described surprisingly elementary, but ...
nginx.conf:

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}
 
http {
    upstream apps {
        server 192.168.1.237:8080;
        server 192.168.1.240:8080;
    }

    server {
        listen  80;
        server_name _;

        location / {
            proxy_pass http://apps;
        }
    }
}

In this case, 192.168.1.135 returned me “ The page you are looking for is temporarily unavailable. Please try again later ”, despite the fact that 192.168.1.237 and 192.168.1.240 were pinged, links with port 8080 were opened, curl , wget from the balancer server to the end hosts work, elinks opened sites normally from there.
error.log was frighteningly obscure:

2016/04/13 18:36:59 [crit] 5427#0: *20 connect() to 192.168.1.240:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.1.15, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.1.240:8080/", host: "192.168.1.135"
2016/04/13 18:36:59 [crit] 5427#0: *20 connect() to 192.168.1.237:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.1.15, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.1.237:8080/", host: "192.168.1.135"

At this stage, I had the first serious plug, from which I was taken out yesterday ( perhaps by mistake? ), advising me to do:

sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx
sudo semodule -i mynginx.pp

After that, the problem moved to a new stage: with this config, going to the IP address 192.168.1.135 redirects not to the IP addresses specified in upstream , but literally to http://apps. And then I hung in earnest and for a long time.
UPD 21042016 : after dancing with a tambourine, now upstream regularly takes ip 192.168.1.135, trying to redirect where necessary, but, the dog, ascribes to itself the port of the node 8080, and tries to climb to 192.168.1.135:8080, where there is nothing.
Comrades, tell me where I turned the wrong way and what am I doing wrong? If you believe the numerous descriptions, the entire balancer setup is as simple as doors and starts with a half-kick ...
System: CentOS 7 Minimal.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

I

Igor, 2016-04-21
@Lopar

Workable option:

location / {
   proxy_pass http://apps;
   proxy_redirect http://192.168.1.135:8080 http://192.168.1.135;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Given that the original problem with SELinux remains, we need to look away getsebool -a | grep httpd, and if the setting is http_can_network_connectdisabled, we need to enable it:
After which the system starts working as intended.

F

Fixid, 2016-04-14
@Fixid

Missing proxy_pass http://00.00.00.00:80/zabbix/ ;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Rather, everyone screwed up with the config. Write the entire config.
semodule was changed in vain, this is the second error

D

DuD, 2016-04-14
@DuD

Try disabling selinux and other hacks on the system. If it helps, dig in this direction.