Linux下Nginx+Tomcat负载均衡和动静分离配置要点

2021-12-06 08:25:06

本文使用的Linux发行版:CentOS6.7 下载地址:https://wiki.centos.org/Download

一、安装Nginx

下载源:wget http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm

安装源:yum install nginx-release-centos-6-0.el6.ngx.noarch.rpm

安装Nginx:yum install nginx

启动Nginx服务:service nginx start

停止Nginx服务:service nginx stop

查看Nginx运行状态:service nginx status

检查Nginx配置文件:nginx -t

服务运行中重新加载配置:nginx -s reload

添加Nginx服务自启动:chkconfig nginx on

二、修改防火墙规则

修改Nginx所在主机的防火墙配置:vi /etc/sysconfig/iptables,将nginx使用的端口添加到允许列表中。

例如:-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT (表示允许80端口通过)

修改Tomcat所在主机的防火墙配置:vi /etc/sysconfig/iptables,将tomcat使用的端口添加到允许列表中。

例如:-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT (表示允许8080端口通过)

如果主机上有多个tomcat的话,则按此规则添加多条,修改对应的端口号即可。

保存后重启防火墙:service iptables restart

三、Tomcat负载均衡配置

Nginx启动时默认加载配置文件/etc/nginx/nginx.conf,而nginx.conf里会引用/etc/nginx/conf.d目录里的所有.conf文件。

因此可以将自己定制的一些配置写到单独.conf文件里,只要文件放在/etc/nginx/conf.d这个目录里即可,方便维护。

创建tomcats.conf:vi /etc/nginx/conf.d/tomcats.conf,内容如下:

 upstream tomcats {

     ip_hash;

     server 192.168.0.251:8080;

     server 192.168.0.251:8081;

     server 192.168.0.251:8082;

 }

修改default.conf:vi /etc/nginx/conf.d/default.conf,修改如下:

 #注释原有的配置

 #location / {

 #    root   /usr/share/nginx/html;

 #    index  index.html index.htm;

 #}

 #新增配置默认将请求转发到tomcats.conf配置的upstream进行处理

 location / {

     proxy_set_header Host $host;

     proxy_set_header X-Real-IP $remote_addr;

     proxy_set_header REMOTE-HOST $remote_addr;

     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

     proxy_pass http://tomcats; #与tomcats.conf里配置的upstream同名

 }

保存后重新加载配置:nginx -s reload

四、静态资源分离配置

修改default.conf:vi /etc/nginx/conf.d/default.conf,添加如下配置:

 #所有js,css相关的静态资源文件的请求由Nginx处理

 location ~.*\.(js|css)$ {

     root    /opt/static-resources; #指定文件路径

     expires     12h; #过期时间为12小时

 }

 #所有图片等多媒体相关静态资源文件的请求由Nginx处理

 location ~.*\.(html|jpg|jpeg|png|bmp|gif|ico|mp3|mid|wma|mp4|swf|flv|rar|zip|txt|doc|ppt|xls|pdf)$ {

     root    /opt/static-resources; #指定文件路径

     expires     7d; #过期时间为7天

 }

五、修改SELinux安全规则

如果访问Nginx时出现502 Bad Gateway错误,则可能是Nginx主机上的SELinux限制了其使用http访问权限引起的,输入命令setsebool -P httpd_can_network_connect 1 开启权限即可。

文件/etc/nginx/nginx.conf完整配置如下:

 user  nginx;

 worker_processes  auto;

 error_log  /var/log/nginx/error.log warn;

 pid        /var/run/nginx.pid;

 worker_rlimit_nofile    100000;

 events {

     use epoll;

     multi_accept on;

     worker_connections  1024;

 }

 http {

     include       /etc/nginx/mime.types;

     default_type  application/octet-stream;

     #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

     #                  '$status $body_bytes_sent "$http_referer" '

     #                  '"$http_user_agent" "$http_x_forwarded_for"';

     #access_log  /var/log/nginx/access.log  main;

     sendfile        on;

     server_tokens off;

     #tcp_nopush     on;

     keepalive_timeout  65;

     gzip on;

     gzip_disable "msie6";

     gzip_static on;

     gzip_proxied any;

     gzip_min_length 1000;

     gzip_comp_level 4;

     gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

     include /etc/nginx/conf.d/*.conf;

 }

文件/etc/nginx/conf.d/default.conf完整配置如下:

 server {

     listen       80;

     server_name  localhost;

     #charset koi8-r;

     #access_log  /var/log/nginx/log/host.access.log  main;

     #location / {

     #    root   /usr/share/nginx/html;

     #    index  index.html index.htm;

     #}

     location / {

         proxy_set_header Host $host;

         proxy_set_header X-Real-IP $remote_addr;

         proxy_set_header REMOTE-HOST $remote_addr;

         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

         proxy_pass http://web_servers;

     }

     location ~.*\.(js|css)$ {

         root    /opt/static-resources;

         expires     12h;

     }

     location ~.*\.(html|jpg|jpeg|png|bmp|gif|ico|mp3|mid|wma|mp4|swf|flv|rar|zip|txt|doc|ppt|xls|pdf)$ {

         root    /opt/static-resources;

         expires     7d;

     }

     #error_page  404              /404.html;

     # redirect server error pages to the static page /50x.html

     #

     error_page   500 502 503 504  /50x.html;

     location = /50x.html {

         root   /usr/share/nginx/html;

     }

     # proxy the PHP scripts to Apache listening on 127.0.0.1:80

     #

     #location ~ \.php$ {

     #    proxy_pass   http://127.0.0.1;

     #}

     # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

     #

     #location ~ \.php$ {

     #    root           html;

     #    fastcgi_pass   127.0.0.1:9000;

     #    fastcgi_index  index.php;

     #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;

     #    include        fastcgi_params;

     #}

     # deny access to .htaccess files, if Apache's document root

     # concurs with nginx's one

     #

     #location ~ /\.ht {

     #    deny  all;

     #}

 }

(温馨提示:如果执行命令时没有root权限,请在命令前面加上 sudo 执行)

上一篇:Effective C++:条款29:为“异常安全”而努力是值得的


下一篇:c#音乐播放器