我已经在 centos7 上使用 nginx 设置了负载平衡。我的 nginx.conf 看起来不错:
upstream backend {
server 192.168.55.10:3000;
server 192.168.55.12:3000;
}
server {
listen 80;
listen 443 ssl;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
location / {
proxy_set_header Host $host;
proxy_pass http://backend;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
...
Nginx 位于 192.168.55.10 上。当我现在关闭此服务器上的节点以测试负载平衡时,我无法发出任何 http 请求。以下是我的 nginx 错误日志中的错误:
2018/05/02 06:44:30 [错误] 32547#0: *217 connect() 连接到上游时失败(113:没有到主机的路由),客户端:xxx.xxx.xxx.xx,服务器:,请求:“GET /poweredby.png HTTP/1.1”,上游:“http://192.168.55.12:3000/poweredby.png", 主机:“api.somedomain.com”, 引用网址:“https://api.somedomain.com/api/test“
我不太熟悉此服务器的设置,但托管团队已确认两个服务器之间没有任何通信限制。但显然我忽略了一些东西。
防火墙cmd--列出所有区域:
block
target: %%REJECT%%
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
dmz
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
drop
target: DROP
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
external
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
home
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh mdns samba-client dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
internal
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh mdns samba-client dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: ssh dhcpv6-client http https
ports: 80/tcp 443/tcp 8000/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
trusted
target: ACCEPT
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
work
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules: