1. 7层协议
OSI(Open System Interconnection)是一个开放性的通行系统互连参考模型,他是一个定义的非常好的协议规范,共包含七层协议。直接上图,这样更直观些:
1.1 协议配置
1.1.1 7层配置
这里我们举例,在nginx做负载均衡,负载多个服务,部分服务是需要7层的,部分服务是需要4层的,也就是说7层和4层配置在同一个配置文件中。
准备三台机器:
代理机:
[root@bogon ~]# cat /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream web {
#ip_hash
server 192.168.222.133;
server 192.168.222.134;
}
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://web;
proxy_redirect default;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
[root@bogon ~]# nginx -s stop
[root@bogon ~]# nginx
后端机器一:
[root@bogon ~]# cd /etc/nginx/conf.d/
[root@bogon conf.d]# cat default.conf
server {
listen 80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html;
}
}
在/usr/share/nginx/html/index.html的基础上加2222 ,跟机器二区分开
echo 2222 >> /usr/share/nginx/html/index.html
后端机器二:
[root@bogon ~]# cat /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html;
}
#error_page 404 /404.html;
}
}
验证:(刷新就换成另一个机器了)
2. 4层协议
TCP/IP协议
之所以说TCP/IP是一个协议族,是因为TCP/IP协议包括TCP、IP、UDP、ICMP、RIP、SMTP、ARP、TFTP等许多协议,这些协议一起称为TCP/IP协议。
从协议分层模型方面来讲,TCP/IP由四个层次组成:网络接口层、网络层、传输层、应用层。
增加了一个 stream 模块,用来实现四层协议(网络层和传输层)的转发、代理、负载均衡等。stream模块的用法跟http的用法类似,允许我们配置一组TCP或者UDP等协议的监听
ngx_stream_core_module ,这个模块默认有
2.1 4层配置
4层tcp负载
stream {
upstream ssh_01 {
server 192.168.209.129:22;
}server {
listen 6666;
proxy_pass ssh_01;
proxy_timeout 60s;
proxy_connect_timeout 30s;
}
}stream块是与http块同一级别
机器一:192.168.222.132
[root@bogon ~]# cat /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
stream {
upstream ssh_01 {
server 192.168.222.133:22;
}
server {
listen 6666;
proxy_pass ssh_01;
proxy_timeout 60s;
proxy_connect_timeout 30s;
}
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream web {
#ip_hash
server 192.168.222.133;
server 192.168.222.134;
}
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://web;
proxy_redirect default;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
[root@bogon ~]# nginx -s stop
[root@bogon ~]# nginx
机器二:192.168.222.133
[root@bogon ~]# cat /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html;
}
#error_page 404 /404.html;
}
}
验证:(机器一)
[root@bogon ~]# ssh 192.168.222.132 -p6666
The authenticity of host '[192.168.222.132]:6666 ([192.168.222.132]:6666)' can't be established.
ECDSA key fingerprint is SHA256:DM5hGfyyepIDAXXk7F1Wb15peBrU+6sWURjGKs9tJzs.
ECDSA key fingerprint is MD5:64:0d:1d:d4:69:2d:88:b1:73:94:47:6f:cf:4c:aa:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.222.132]:6666' (ECDSA) to the list of known hosts.
root@192.168.222.132's password:
Last login: Fri May 9 17:08:51 2025 from 192.168.222.1
[root@bogon ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:79:35:d4 brd ff:ff:ff:ff:ff:ff
inet 192.168.222.133/24 brd 192.168.222.255 scope global noprefixroute dynamic ens33
valid_lft 1078sec preferred_lft 1078sec
inet6 fe80::ea55:4601:d3d2:d039/64 scope link noprefixroute
valid_lft forever preferred_lft forever
![[模型选择与调优]机器学习-part4](https://i-blog.csdnimg.cn/direct/f7f1baf32b834eee81fd1d36f848476a.png)
