需求分析:
現有3個二級域名,一個IP地址,要實現將這3個域名通過1個IP地址對外提供web服務,可使用IP+端口的方式對域名進行解析,且互不影響。如:
Domain1:www.huangming.org IPADDR:192.168.1.33:80
Domain2:web1.huangming.orgIPADDR:192.168.1.33:8080
Domain3:web2.huangming.orgIPADDR:192.168.1.33:8080
其中Domain1作為Nginx反向代理的2台後端Read Server(Nginx+PHP),並實現負載均衡的功能。Domain2、3為通過Nginx反向代理的2台後端Tomcat Server。
實驗拓撲:
環境介紹:
HostnameIPADDRServerhost1192.168.1.231Nginx PHP Tomcat MySQLhost2192.168.1.232Nginx PHP Tomcat MySQLhxm(huangming.org)192.168.1.33Nginx-ProxyStep1:在host1、2上搭建配置Tomcat虛擬主機,下面是相關配置
[root@host1 ~]# vim /usr/local/tomcat/conf/server.xml
1、打開server.xml配置文件,修改defaultHost="web1.huangming.org",並設置Hostname
2、指定webapp的目錄存放路徑appBase="/data/webapp1"
3、設置日志存放路徑directory="/data/webapp1/logs"
[root@host1 ~]# vim /usr/local/tomcat/conf/server.xml;在文件最後增加一個Host
<Enginename="Catalina"defaultHost="web1.huangming.org"> </Host> <Hostname="web1.huangming.org"appBase="/data/webapp1"unpackWARS="true"autoDeploy="true"> <Contextpath=""docBase="/data/webapp1"reloadabled="true"/> <ValveclassName="org.apache.catalina.valves.AccessLogValve"directory="/data/webapp1/logs" prefix="web1_access_log"suffix=".txt" pattern="%h%l%u%t"%r"%s%b"/> </Host> </Engine>
4、創建webapp的目錄文件
[root@host1 ~]# mkdir /data/webapp1
[root@host1 ~]# mkdir /data/webapp1/{lib,classes,WEB-INF,META-INF,logs} -p
[root@host1~]#ls/data/webapp1/ classesindex.jspliblogsMETA-INFWEB-INF
5、創建一個index.jsp頁面
<%@pagelanguage="java"%> <%@pageimport="java.util.*"%> <html> <head> <title>web1.huangming.orgtestpage.</title> </head> <body> <%out.println("Hello,Thisisweb1.");%> </body> </html>
6、在host2創建配置Tomcat虛擬主機,與host1相同
<Enginename="Catalina"defaultHost="web2.huangming.org"> </Host> <Hostname="web2.huangming.org"appBase="/data/webapp2"unpackWARS="true"autoDeploy="true"> <Contextpath=""docBase="/data/webapp2"reloadabled="true"/> <ValveclassName="org.apache.catalina.valves.AccessLogValve"directory="/data/webapp2/logs" prefix="web2_access_log"suffix=".txt" pattern="%h%l%u%t"%r"%s%b"/> </Host> </Engine>
Step2:Host1和Host2的Nginx虛擬主機搭建和配置
1、Host1配置一個WEB虛擬主機,添加一個server.conf配置文件
[root@host1 ~]# vim /etc/nginx/vhosts/www.conf
server{ listen80; server_name192.168.1.231; indexindex.htmlindex.htmindex.phpindex.jsp; server_tokensoff; root/data/www/html; access_log/var/log/nginx/www_access.logmain; location/{ root/data/www/html; indexindex.htmlinex.htmindex.php; } location~\.php${ includefastcgi_params; fastcgi_passunix:/var/lib/php/php-fcgi.sock; fastcgi_indexindex.php; fastcgi_paramSCRIPT_FILENAME/data/www/html$fastcgi_script_name; }
2、Host2配置一個WEB虛擬主機,添加一個server.conf配置文件
[root@host2 ~]# vim /etc/nginx/vhosts/www.conf
server{ listen80; server_name192.168.1.232; indexindex.htmlindex.htmindex.phpindex.jsp; server_tokensoff; root/data/www/html; access_log/var/log/nginx/www_access.logmain; location/{ root/data/www/html; indexindex.htmlinex.htmindex.php; } location~\.php${ includefastcgi_params; fastcgi_passunix:/var/lib/php/php-fcgi.sock; fastcgi_indexindex.php; fastcgi_paramSCRIPT_FILENAME/data/www/html$fastcgi_script_name; }
3、php-fpm的配置
# vim /usr/local/php/etc/php-fpm.conf
[global] pid=/usr/local/php/var/run/php-fpm.pid error_log=/usr/local/php/var/log/php-fpm.log [www] listen=/var/lib/php/php-fcgi.sock user=php-fpm group=php-fpm listen.owner=nginx listen.group=nginx pm=dynamic pm.max_children=100 pm.start_servers=20 pm.min_spare_servers=5 pm.max_spare_servers=35 pm.max_requests=500 rlimit_files=1024 slowlog=/var/log/php/www_slow.log request_slowlog_timeout=1 php_admin_value[open_basedir]=/data/www/:/tmp/
Step3:Nginx反向代理服務器配置
在nginx配置文件的http模塊中添加server配置
http {
include vhosts/*.conf;
......
upstream bbs { ;負載均衡配置
ip_hash; server 192.168.1.231:80 weight=1 max_fails=3 fail_timeout=30s; server 192.168.1.232:80 weight=1 max_fails=3 fail_timeout=30s; }
server { ;此server代理Domain1:www.haungming.org
listen 80;
server_name www.huangming.org huangming.org 192.168.1.33;
index index.html index.htm index.php index.jsp;
server_tokens off;
access_log /var/log/nginx/www.access.log main;
location / {
proxy_pass http://bbs;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream http_500 http_502 http_503 error timeout invalid_header;
proxy_buffering on;
proxy_redirect off;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_max_temp_file_size 1024m;
}
}
server { ;此server代理Domian2:web1.huangming.org
listen 80;
server_name web1.huangming.org;
index index.html index.htm index.jsp;
server_tokens off;
access_log /var/log/nginx/web1.access.log main;
location / {
proxy_pass http://192.168.1.231:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream http_500 http_502 http_503 error timeout invalid_header;
}
}
server { ;此server代理Domain3:web2.huangming.org
listen 80;
server_name web2.huangming.org;
index index.html index.htm index.jsp;
server_tokens off;
access_log /var/log/nginx/web2.access.log main;
location / {
proxy_pass http://192.168.1.232:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream http_500 http_502 http_503 error timeout invalid_header;
}
}
}
Step4:後端Nginx read server的日志記錄
如果在web前端使用了代理,Nginx會使用默認的日志記錄格式,記錄不到客戶的真實IP地址,故將兩台host1、2的Nginx日志格式記錄如下:
http {
......
log_format main '$HTTP_X_REAL_IP - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" "$request_time"'
'"$http_user_agent" $HTTP_X_Forwarded_For';
}
測試效果
[root@node1~]#curlhttp://192.168.1.33-I
Step5:Nginx代理服務的日志記錄
http {...... log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$gzip_ratio" "$http_referer"' '"$http_user_agent" "$http_x_forwarded_for" [$upstream_addr] ' '"$upstream_response_time" - "$request_time"';}測試效果:
其中"$upstream_addr"為響應客戶請求的後端read server的IP address
Step6:Nginx的靜態緩存、防盜鏈的相關配置,在host1、2上
server{ ...... location~*^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)${ expires7d; root/data/www/html; access_logoff; valid_referersnoneblocked*.huangming.orghuangming.org; if($invalid_referer) { return403; } } location~.*\.(js|css)?${ expires24h; access_logoff; } location~(static|cache){ access_logoff; } }
Step7:測試Nginx反向代理和負載均衡
首先需要將域名做好解析,可以在本機hosts文件設置,或者在萬網解析
1、測試Domian1
查看日志記錄是否負載成功
2、測試訪問Domain2、3(Tomcat服務器)
查看Nginx代理Tomcat的訪問日志
[root@hxm~]#tail-2/var/log/nginx/web1.access.log 101.233.172.217--[07/Apr/2016:11:51:02+0800]"GET/HTTP/1.1"200145"-""-""Mozilla/5.0(WindowsNT6.3;WOW64;Trident/7.0;rv:11.0)likeGecko""-"[192.168.1.231:8080]"0.007"-"0.007" 101.233.172.217--[07/Apr/2016:11:51:44+0800]"GET/HTTP/1.1"200145"-""-""curl/7.19.7(x86_64-redhat-linux-gnu)libcurl/7.19.7NSS/3.14.0.0zlib/1.2.3libidn/1.18libssh2/1.4.2""-"[192.168.1.231:8080]"0.005"-"0.005"
[root@hxm~]#tail-2/var/log/nginx/web2.access.log 101.233.172.217--[07/Apr/2016:11:50:30+0800]"GET/favicon.icoHTTP/1.1"4041016"-""-""Mozilla/5.0(WindowsNT6.3;WOW64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/45.0.2454.101Safari/537.36""-"[192.168.1.232:8080]"0.018"-"0.018" 101.233.172.217--[07/Apr/2016:11:51:56+0800]"GET/HTTP/1.1"200145"-""-""curl/7.19.7(x86_64-redhat-linux-gnu)libcurl/7.19.7NSS/3.14.0.0zlib/1.2.3libidn/1.18libssh2/1.4.2""-"[192.168.1.232:8080]"0.011"-"0.011"
Step8:關於Tomcat的默認管理主頁
將name=localhost,修改為本機地址192.168.1.231,這樣可以在本地通過訪問這個IP進入Tomcat的默認主頁和配置管理頁面(這樣與web1.huangming.org不產生沖突)
[root@host1 ~]# vim /usr/local/tomcat/conf/server.xml
Step9:Domain1:www.huangming.org站點目錄的同步
這裡在Host1和Host2之間使用NFS文件服務器,Host2掛載Host1的站點目錄文件
[root@host2 conf]# df -ThFilesystem Type Size Used Avail Use% Mounted on/dev/sda3 ext4 13G 5.8G 6.1G 49% /tmpfs tmpfs 491M 0 491M 0% /dev/shm/dev/sda1 ext4 190M 27M 154M 15% /boot192.168.1.231:/data/www/html nfs 13G 3.4G 8.6G 29% /data/www/html結語:Nginx服務器的緩存配置
在web的前端,通常會加一層緩存服務器,作為緩存後端Read Server的網頁內容,以加快訪問速度,因此可以使用前端的Nginx代理服務器配置文件中添加緩存配置同時作為緩存服務使用
本文出自 “7414593” 博客,請務必保留此出處http://7424593.blog.51cto.com/7414593/1762432