Nginx反向代理後端多個Tomcat、Nginx+PHP伺服器(Nginx的代理和負載功能)
需求分析:
現有3個二級域名,一個IP地址,要實現將這3個域名通過1個IP地址對外提供web服務,可使用IP+埠的方式對域名進行解析,且互不影響。如:
Domain1:www.huangming.org IPADDR:192.168.1.33:80 Domain2:web1.huangming.org IPADDR:192.168.1.33:8080 Domain3:web2.huangming.org IPADDR:192.168.1.33:8080 |
其中Domain1作為Nginx反向代理的2臺後端Read Server(Nginx+PHP),並實現負載均衡的功能。Domain2、3為通過Nginx反向代理的2臺後端Tomcat Server。
實驗拓撲:
環境介紹:
Hostname | IPADDR | Server |
host1 | 192.168.1.231 | Nginx PHP Tomcat MySQL |
host2 |
192.168.1.232 | Nginx PHP Tomcat MySQL |
hxm(huangming.org) | 192.168.1.33 | Nginx-Proxy |
Step1:在host1、2上搭建配置Tomcat虛擬主機,下面是相關配置
[[email protected] ~]# vim /usr/local/tomcat/conf/server.xml
1、開啟server.xml配置檔案,修改defaultHost="web1.huangming.org",並設定Hostname
2、指定webapp的目錄存放路徑appBase="/data/webapp1"
3、設定日誌存放路徑directory="/data/webapp1/logs"
[[email protected] ~]# vim /usr/local/tomcat/conf/server.xml ;在檔案最後增加一個Host
<Engine name="Catalina" defaultHost="web1.huangming.org"> <Host name="web1.huangming.org" appBase="/data/webapp1" unpackWARS="true" autoDeploy="true"> <Context path="" docBase="/data/webapp1" reloadabled="true" /> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="/data/webapp1/logs" prefix="web1_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> </Host> </Engine>
4、建立webapp的目錄檔案
[[email protected] ~]# mkdir /data/webapp1
[[email protected] ~]# mkdir /data/webapp1/{lib,classes,WEB-INF,META-INF,logs} -p
[[email protected] ~]# ls /data/webapp1/ classes index.jsp lib logs META-INF WEB-INF
5、建立一個index.jsp頁面
<%@ page language="java" %> <%@ page import="java.util.*" %> <html> <head> <title>web1.huangming.org test page.</title> </head> <body> <% out.println("Hello,This is web1."); %> </body> </html>
6、在host2建立配置Tomcat虛擬主機,與host1相同
<Engine name="Catalina" defaultHost="web2.huangming.org"> <Host name="web2.huangming.org" appBase="/data/webapp2" unpackWARS="true" autoDeploy="true"> <Context path="" docBase="/data/webapp2" reloadabled="true" /> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="/data/webapp2/logs" prefix="web2_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> </Host> </Engine>
Step2:Host1和Host2的Nginx虛擬主機搭建和配置
1、Host1配置一個WEB虛擬主機,新增一個server.conf配置檔案
[[email protected] ~]# vim /etc/nginx/vhosts/www.conf
server { listen 80; server_name 192.168.1.231; index index.html index.htm index.php index.jsp; server_tokens off; root /data/www/html; access_log /var/log/nginx/www_access.log main; location / { root /data/www/html; index index.html inex.htm index.php; } location ~ \.php$ { include fastcgi_params; fastcgi_pass unix:/var/lib/php/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/www/html$fastcgi_script_name; }
2、Host2配置一個WEB虛擬主機,新增一個server.conf配置檔案
[[email protected] ~]# vim /etc/nginx/vhosts/www.conf
server { listen 80; server_name 192.168.1.232; index index.html index.htm index.php index.jsp; server_tokens off; root /data/www/html; access_log /var/log/nginx/www_access.log main; location / { root /data/www/html; index index.html inex.htm index.php; } location ~ \.php$ { include fastcgi_params; fastcgi_pass unix:/var/lib/php/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/www/html$fastcgi_script_name; }
3、php-fpm的配置
# vim /usr/local/php/etc/php-fpm.conf
[global] pid = /usr/local/php/var/run/php-fpm.pid error_log = /usr/local/php/var/log/php-fpm.log [www] listen = /var/lib/php/php-fcgi.sock user = php-fpm group = php-fpm listen.owner = nginx listen.group = nginx pm = dynamic pm.max_children = 100 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024 slowlog = /var/log/php/www_slow.log request_slowlog_timeout = 1 php_admin_value[open_basedir]=/data/www/:/tmp/
Step3:Nginx反向代理伺服器配置
在nginx配置檔案的http模組中新增server配置
http { include vhosts/*.conf; ...... upstream bbs { ;負載均衡配置 ip_hash; server { ;此server代理Domain1:www.haungming.org listen 80; server_name www.huangming.org huangming.org 192.168.1.33; index index.html index.htm index.php index.jsp; server_tokens off; access_log /var/log/nginx/www.access.log main; location / { proxy_pass http://bbs; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream http_500 http_502 http_503 error timeout invalid_header; proxy_buffering on; proxy_redirect off; proxy_connect_timeout 300s; proxy_send_timeout 300s; proxy_read_timeout 300s; proxy_buffer_size 64k; proxy_buffers 4 64k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_max_temp_file_size 1024m; } } server { ;此server代理Domian2:web1.huangming.org listen 80; server_name web1.huangming.org; index index.html index.htm index.jsp; server_tokens off; access_log /var/log/nginx/web1.access.log main; location / { proxy_pass http://192.168.1.231:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream http_500 http_502 http_503 error timeout invalid_header; } } server { ;此server代理Domain3:web2.huangming.org listen 80; server_name web2.huangming.org; index index.html index.htm index.jsp; server_tokens off; access_log /var/log/nginx/web2.access.log main; location / { proxy_pass http://192.168.1.232:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream http_500 http_502 http_503 error timeout invalid_header; } } } |
Step4:後端Nginx read server的日誌記錄
如果在web前端使用了代理,Nginx會使用預設的日誌記錄格式,記錄不到客戶的真實IP地址,故將兩臺host1、2的Nginx日誌格式記錄如下:
http { ...... log_format main '$HTTP_X_REAL_IP - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" "$request_time"' '"$http_user_agent" $HTTP_X_Forwarded_For'; } |
測試效果
[[email protected] ~]# curl http://192.168.1.33 -I
Step5:Nginx代理服務的日誌記錄
http { ...... log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$gzip_ratio" "$http_referer"' '"$http_user_agent" "$http_x_forwarded_for" [$upstream_addr] ' '"$upstream_response_time" - "$request_time"'; } |
測試效果:
其中"$upstream_addr"為響應客戶請求的後端read server的IP address
Step6:Nginx的靜態快取、防盜鏈的相關配置,在host1、2上
server { ...... location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; root /data/www/html; access_log off; valid_referers none blocked *.huangming.org huangming.org; if ($invalid_referer) { return 403; } } location ~ .*\.(js|css)?$ { expires 24h; access_log off; } location ~ (static|cache) { access_log off; } }
Step7:測試Nginx反向代理和負載均衡
首先需要將域名做好解析,可以在本機hosts檔案設定,或者在萬網解析
1、測試Domian1
檢視日誌記錄是否負載成功
2、測試訪問Domain2、3(Tomcat伺服器)
檢視Nginx代理Tomcat的訪問日誌
[[email protected] ~]# tail -2 /var/log/nginx/web1.access.log 101.233.172.217 - - [07/Apr/2016:11:51:02 +0800] "GET / HTTP/1.1" 200 145 "-" "-""Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" "-" [192.168.1.231:8080] "0.007" - "0.007" 101.233.172.217 - - [07/Apr/2016:11:51:44 +0800] "GET / HTTP/1.1" 200 145 "-" "-""curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" "-" [192.168.1.231:8080] "0.005" - "0.005"
[[email protected] ~]# tail -2 /var/log/nginx/web2.access.log 101.233.172.217 - - [07/Apr/2016:11:50:30 +0800] "GET /favicon.ico HTTP/1.1" 404 1016 "-" "-""Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" "-" [192.168.1.232:8080] "0.018" - "0.018" 101.233.172.217 - - [07/Apr/2016:11:51:56 +0800] "GET / HTTP/1.1" 200 145 "-" "-""curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" "-" [192.168.1.232:8080] "0.011" - "0.011"
Step8:關於Tomcat的預設管理主頁
將name=localhost,修改為本機地址192.168.1.231,這樣可以在本地通過訪問這個IP進入Tomcat的預設主頁和配置管理頁面(這樣與web1.huangming.org不產生衝突)
[[email protected] ~]# vim /usr/local/tomcat/conf/server.xml
Step9:Domain1:www.huangming.org站點目錄的同步
這裡在Host1和Host2之間使用NFS檔案伺服器,Host2掛載Host1的站點目錄檔案
[[email protected] conf]# df -Th Filesystem Type Size Used Avail Use% Mounted on /dev/sda3 ext4 13G 5.8G 6.1G 49% / tmpfs tmpfs 491M 0 491M 0% /dev/shm /dev/sda1 ext4 190M 27M 154M 15% /boot 192.168.1.231:/data/www/html nfs 13G 3.4G 8.6G 29% /data/www/html |
結語:Nginx伺服器的快取配置
在web的前端,通常會加一層快取伺服器,作為快取後端Read Server的網頁內容,以加快訪問速度,因此可以使用前端的Nginx代理伺服器配置檔案中新增快取配置同時作為快取服務使用
原文:http://blog.51cto.com/7424593/1762432