使用 nginx 负载平衡与 node.js 时出错

tag-icon tag-icon nginx iptables firewall load-balancing
使用 nginx 负载平衡与 node.js 时出错

我已经在 centos7 上使用 nginx 设置了负载平衡。我的 nginx.conf 看起来不错:

upstream backend {
        server 192.168.55.10:3000;
        server 192.168.55.12:3000;
   }


    server {
        listen       80;
        listen       443 ssl;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        ssl_certificate         /etc/nginx/ssl/server.crt;
        ssl_certificate_key     /etc/nginx/ssl/server.key;

        location / {
          proxy_set_header    Host             $host;
          proxy_pass          http://backend;
          proxy_set_header    X-Real-IP        $remote_addr;
          proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
          proxy_set_header    X-Client-Verify  SUCCESS;
          proxy_set_header    X-Client-DN      $ssl_client_s_dn;
...

Nginx 位于 192.168.55.10 上。当我现在关闭此服务器上的节点以测试负载平衡时,我无法发出任何 http 请求。以下是我的 nginx 错误日志中的错误:

2018/05/02 06:44:30 [错误] 32547#0: *217 connect() 连接到上游时失败(113:没有到主机的路由),客户端:xxx.xxx.xxx.xx,服务器:,请求:“GET /poweredby.png HTTP/1.1”,上游:“http://192.168.55.12:3000/poweredby.png", 主机:“api.somedomain.com”, 引用网址:“https://api.somedomain.com/api/test

我不太熟悉此服务器的设置,但托管团队已确认两个服务器之间没有任何通信限制。但显然我忽略了一些东西。

防火墙cmd--列出所有区域:

block
  target: %%REJECT%%
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


dmz
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


drop
  target: DROP
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


external
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh
  ports:
  protocols:
  masquerade: yes
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


home
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh mdns samba-client dhcpv6-client
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


internal
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh mdns samba-client dhcpv6-client
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens192
  sources:
  services: ssh dhcpv6-client http https
  ports: 80/tcp 443/tcp 8000/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


trusted
  target: ACCEPT
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


work
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh dhcpv6-client
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

相关内容