Nginx及分布式tomcat集群以及Https站点
1.准备阶段
安装前先安装(1)gcc gcc-c++编译环境(2)pcre pcre-dev (3)zlib(一般都有操作gzip的包)(4)openSSL
2.安装nginx
本文以CENTOS7为搭建环境,以Nginx1.10.1(stable稳定版)为Nginx服务器,首先上官网下载nginx
$ wget -c https://nginx.org/download/nginx-1.10.1.tar.gz
# 解压
$ tar -xzvf nginx-1.10.1.tar.gz
# 进入nginx-1.10.1
$ cdnginx-1.10.1
# 配置,测试用默认配置就可以了
$ ./configrue
(如果需要指定nginx的安装目录则加上--prefix=/usr/local/nginx ,默认是安装在/usr/local/nginx)
(r如果需要利用nginx搭建Https服务,需要安装ssl模块,加上参数./configrue --with-http_ssl_module)
# 编译安装
$ make && make install
# 安装完后,因为使用的的默认配置,所以,安装目录会在/usr/local/nginx下
# 查看是否安装成功
$ cd /usr/local/nginx/sbin/
$ ./nginx -v
# 会出现版本号说明安装成功
# 启动
$ cd /usr/local/nginx/sbin/
$ ./nginx
# 重载配置文件重启
./nginx -s reload
# 关闭nginx
# 快速关闭
$ ./nginx -s stop
# 正常有序的关闭
$ ./nginx -s quit
#nginx默认是80端口.浏览器输入http://your nginx server ip:80
(注意事项一:编译安装完nginx后,nginx的最终目录变为了/usr/local/nginx/),之前make前的目录只是一份源码,安装完就没什么用了,更改nginx文件切记要在/usr/local/nginx/里更改,例如更改nginx.conf,nginx启动时不指定配置文件的地址的话,默认就是/usr/local/nginx/conf/nginx.conf
(注意事项二:默认情况下linux是没有开放端口的,需要开启相应的端口,centos下默认是使用firewalld防火墙,还有一种是iptables防火墙,先弄清楚你服务器防火墙的类型才能确认如何开放端口)
二。nginx分发请求到分布式tomcat
这里我在虚拟机Linux中搭建了一个tomcat,ip地址为192.168.0.105:8080,在MAC主机搭建了一个tomcat,ip地址为192.168.0.101:8083
2个tomcat都搭建完毕后,做点小修改,用于分辨一个客户端请求到底是被分发到了哪个tomcat中,打开mac-tomcat的root文件夹,更改Index.jsp,在<body>元素中加入一行<p> this is a tomcat server in my mac </p>,OK。tomcat处理完毕
现在还是回到nginx服务器,直接贴我的nginx.conf配置文件,目录为:$ cd /usr/local/nginx/conf/nginx.conf(注意修改完配置文件记得重启nginx)
[root@localhost conf]# cat nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
#这是我新加的部分1——BEGIN
#服务器的集群
upstream do1shoje.com { #服务器集群名字
server 192.168.0.101:8083 weight=2;#服务器配置 weight是权重的意思,权重越大,分配的概率越大。
server 192.168.0.105:8080 weight=1;
}
#这是我新加的部分1——END
server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm;
#这是我新加的部分2——BEGIN
proxy_pass http://do1shoje.com;
#表示如果客户端请求的地址是nginx服务器的地址192.168.0.105:80,则交给名称为do1shoje.com的集群来处理,do1shoje是集群名,可自定义,但必须与上面
upstream do1shoje.com 定义的集群名一致。。。注意因为nginx和tomcat都装在centos中,
#两者的地址为:nginx:192.168.0.105:80;tomcat:192.168.0.105:8080
#这是我新加的部分2——END
}
#error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #}}
OK,Nginx+Tomcat的负载均衡搭建完毕,在浏览器中输入192.168.0.105:80(nginx的地址),请求会被分发到不同的tomcat中,多刷新几次网页查看效果
题外话:如果需要了解WEB性能压力测试,可参考Apache bench(ab)或者WEBBENCH
篇章二:利用nginx搭建https站点
nginx配置文件如下:
# HTTPS server
server {
listen 443 ssl;
server_name jianlezhai.abc;
ssl_certificate ../certificate/jianlezhai.abc_bundle.crt;
ssl_certificate_key ../certificate/jianlezhai.abc.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
proxy_pass http://www.jianlejun.abc:8080;
}
}
配置详解:
server_name:jianlezhai.abc为我当前nginx所在的服务器
ssl_certificate 证书文件路径
ssl_certificate_key 私钥文件路径
proxy_pass jianlejun.abc:8080 为我的tomcat所在服务器地址,为了方便,就直接指在了真实地址上,所以还需要加上端口号,一般都会在tomcat这台机里再加个nginx,利用这个nginx 80端口在转发到本机的8080端口,这样域名后就不用接8080端口了,丑。
我在nginx的安装目录/usr/local/nginx下新建了目录certificate存储SSL证书(记得啊有域名才能申请到SSL证书,因为我用的的腾讯云域名,里面可以直接导出SSL证书,这个服务不错,导出的目录各种场景的证书都有了,比如nginx,tomcat,IIS,apache等)
然后把需要的证书文件拷到certificate下,名字怎么取就随自己喜欢了。
好的,重启nginx
/usr/local/nginx/sbin/nginx -s stop
/usr/local/nginx/sbin/nginx
我们来看看最终的演示结果
进阶篇
服务器信息如下:
应用服务器 ip地址 域名 应用详情 备注
服务器A(负载均衡服务器) 123.123.100.1
jianlezhai.abc,
jianlejun.info
(2个域名都是解析到这台服务器123.123.100.1)
一个nginx、
一个tomcat
tomcat里有一个应用Demo4:8080端口
服务器B 123.123.100.2 jianlejun.com 三个tomcat
tomcat1:Demo1:8080端口
tomcat2:Demo2:8081端口
romcat3:Demo3:8082端口
预期结果:
浏览器访问:http://jianlezhai.abc,显示tomcat1:demo1的信息
浏览器访问:http://jianlezhai.abc:8001,显示tomcat4:demo4的信息
浏览器访问:http://jianlejun.info,每次访问会随机显示tomcat1:demo1,tomcat2:demo2,tomcat3:demo3的信息(这个模拟额的是分布式tomcat的负载均衡)
nginx配置如下:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
#监听Nginx所在服务器的80端口
listen 80;
server_name jianlezhai.abc;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
proxy_pass http://www.jianlejun.com:8080;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
#server 2#
#演示监听nginx所在服务器不同相同端口8001,根据相同域名不同端口转发#
server {
listen 8001;
server_name jianlezhai.abc;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
#代理nginx所在服务器上的tomcat(本机的tomcat),仅做demo演示,你可以跳转到其他应用服务器,比如125.125.125.1:8080#
proxy_pass http://127.0.0.1:8080;
}
}
#server 3#
#演示监听nginx所在服务器相同端口80,根据不同的域名转发#
server {
listen 80;
server_name jianlejun.info;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
#proxy_pass http://jianlejun.com:8080;
#这里演示跳转到多台其他应用服务器做负载均衡,就不用单地址了
#这里必须带上http://前缀,否则校验配置文件时会报错
#这里别用下划线拼接,tomcat8默认不支持,可以abc,abc.abc形式
proxy_pass http://MyServerCluster;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
#upstream参数配置负载均衡节点,由于服务器资源限制,这里通过在一台应用服务器下部署多个tomcat,然后开放不同端口来模拟分布式tomcat集群,
#真实情况你可以配置多台独立的应用服务器,比如100.100.100.1:8080,100.100.100.2:8080,100.100.100.3:8080
upstream MyServerCluster {
#这里不能带上http://,否则会校验配置文件(/sbin/nginx -t)时会报错【nginx: [emerg] invalid host in upstream "http://www.jianlejun.com:8080" in /usr/local/nginx/conf/nginx.conf:135】
server 123.123.100.2:8080 weight=5 max_conns=800;
server jianlejun.com:8081 weight=2;
server jianlejun.com:8082 weight=1;
}
# HTTPS server
#
server {
listen 443 ssl;
server_name jianlezhai.abc;
ssl_certificate ../certificate/jianlezhai.abc_bundle.crt;
ssl_certificate_key ../certificate/jianlezhai.abc.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
proxy_pass http://www.jianlejun.com:8080;
}
}
server {
listen 443 ssl;
server_name jianlejun.info;
ssl_certificate ../certificate/jianlejun.info_bundle.crt;
ssl_certificate_key ../certificate/jianlejun.info.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
proxy_pass http://www.jianlejun.com:8081;
}
}
}
结果验证:
浏览器访问:http://jianlezhai.abc,显示tomcat1:demo1的信息
浏览器访问:http://jianlezhai.abc:8001,显示tomcat4:demo4的信息
浏览器访问:http://jianlejun.info,每次访问会随机显示tomcat1:demo1,tomcat2:demo2,tomcat3:demo3的信息(这个模拟额的是分布式tomcat的负载均衡)
刷新一下,会在3个服务之间跳转,这里选取demo2的视觉:
再刷新:
大工告成。
模拟篇:
服务器信息如下:
应用服务器 ip地址 域名 应用详情 备注
服务器A(负载均衡服务器) 123.123.100.1
jianlezhai.abc,
jianlejun.info
(2个域名都是解析到这台服务器123.123.100.1)
一个nginx、
一个tomcat
tomcat里有一个应用Demo4:8080端口
服务器B 123.123.100.2 jianlejun.com
三个tomcat
一个nginx(下面称为nginx_B)
tomcat1:Demo1:8080端口
tomcat2:Demo2:8081端口
romcat3:Demo3:8082端口
注意事项:
该篇章在应用服务器B上多加了个nginx_B,用于转发请求,这样做的好处就是不用同时对外暴露三个端口(假如端口是7000,7001,7002)
只需要暴露nginx_B的80端口即可,由nginx_B做请求的分发。
预期目标:
所有请求都要以https协议发送
浏览器访问:http://jianlezhai.abc或jianlezhai.abc或https://jianlezhai.abc,统一定向到https://jianlezhai.abc,显示tomcat1:demo1的信息(即同时允许http,https请求,但最终都要重写到https,下面的也同理)
浏览器访问:http://jianlejun.info,每次访问会随机显示tomcat1:demo1,tomcat2:demo2,tomcat3:demo3的信息(这个模拟额的是分布式tomcat的负载均衡)
Nginx_A配置文件如下:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
#监听Nginx所在服务器的80端口
listen 80;
server_name jianlezhai.abc;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
rewrite ^(.*) https://$server_name$1 permanent;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
#server 2#
#演示监听nginx所在服务器相同端口80,根据不同的域名转发#
server {
listen 80;
server_name jianlejun.info;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
rewrite ^(.*) https://$server_name$1 permanent;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
#upstream参数配置负载均衡节点,由于服务器资源限制,这里通过在一台应用服务器下部署多个tomcat,然后开放不同端口来模拟分布式tomcat集群,
#真实情况你可以配置多台独立的应用服务器,比如100.100.100.1:8080,100.100.100.2:8080,100.100.100.3:8080
upstream MyServerCluster {
#这里不能带上http://,否则会校验配置文件(/sbin/nginx -t)时会报错【nginx: [emerg] invalid host in upstream "http://www.jianlejun.com:8080" in /usr/local/nginx/conf/nginx.conf:135】
#这里只是为了演示Nginx_B的需要,jianlejun.com:8081和jianlejun.com:8082用Nginx_B分发,8080不经过nginx_b,把这三台看成就独立的服务器就好了
server 123.123.100.2:8080 weight=5 max_conns=800;
server jianlejun.com weight=2;
#server jianlejun.com:8082 weight=1;
}
# HTTPS server
#
server {
listen 443 ssl;
server_name jianlezhai.abc;
ssl_certificate ../certificate/jianlezhai.abc_bundle.crt;
ssl_certificate_key ../certificate/jianlezhai.abc.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
proxy_pass http://www.jianlejun.com:8080;
}
}
server {
listen 443 ssl;
server_name jianlejun.info;
ssl_certificate ../certificate/jianlejun.info_bundle.crt;
ssl_certificate_key ../certificate/jianlejun.info.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
proxy_pass http://MyServerCluster;
}
}
}
Nginx_B配置文件如下:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
proxy_pass http://127.0.0.1:8081;
}
location /Demo2 {
root html;
index index.html index.htm;
proxy_pass http://127.0.0.1:8081;
}
location /Demo3 {
root html;
index index.html index.htm;
proxy_pass http://127.0.0.1:8082;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
大功告成!
拓展篇:
nginx配置跨域:现在一般项目都是前后端分离的,那么由于浏览器的同源策略,就会存在跨域问题,当然解决 跨域问题的方法有很多。这里以nginx为示例,只需要在server节点配置如下属性即可解决跨域问题
server {
listen 80;
server_name jianlejun.club;
#charset koi8-r;
#access_log logs/host.access.log main;
location /demo {
root html;
index index.html index.htm;
proxy_pass http://127.0.0.1:8082;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
}
}
这里的含义是/demo下的所有资源对任意ip都是不做限制的,一般来说这样比较危险
可以限制下允许跨域访问的资源,比如说对外的api之类的,同时add_header Access-Control-Allow-Origin *;指明所有ip都可访问,一般也是要限制服务器的ip地址(比如只允许前端服务器所在的ip地址)
目录 返回
首页