©2016-2024 Matools All rights reserved,
粤ICP备17059708号
需求分析:
现有3个二级域名,一个IP地址,要实现将这3个域名通过1个IP地址对外提供web服务,可使用IP+端口的方式对域名进行解析,且互不影响。如:
Domain1:www.huangming.org IPADDR:192.168.1.33:80
Domain2:web1.huangming.org IPADDR:192.168.1.33:8080
Domain3:web2.huangming.org IPADDR:192.168.1.33:8080
其中Domain1作为Nginx反向代理的2台后端Read
Server(Nginx+PHP),并实现负载均衡的功能。Domain2、3为通过Nginx反向代理的2台后端Tomcat Server。
实验拓扑:
<http://s1.51cto.com/wyfs02/M02/7E/D7/wKiom1cKEvXyQa3AAAGBCSFd6M8987.jpg>
环境介绍:
HostnameIPADDRServer
host1192.168.1.231Nginx PHP Tomcat MySQL
host2192.168.1.232Nginx PHP Tomcat MySQL
hxm(huangming.org)192.168.1.33Nginx-Proxy
Step1:在host1、2上搭建配置Tomcat虚拟主机,下面是相关配置
[root@host1 ~]# vim /usr/local/tomcat/conf/server.xml
1、打开server.xml配置文件,修改defaultHost="web1.huangming.org",并设置Hostname
2、指定webapp的目录存放路径appBase="/data/webapp1"
3、设置日志存放路径directory="/data/webapp1/logs"
[root@host1 ~]# vim /usr/local/tomcat/conf/server.xml ;在文件最后增加一个Host
<Engine name="Catalina" defaultHost="web1.huangming.org">
<Host name="web1.huangming.org" appBase="/data/webapp1" unpackWARS="true" autoDeploy="true">
<Context path="" docBase="/data/webapp1" reloadabled="true" />
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="/data/webapp1/logs"
prefix="web1_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" /> </Host>
</Engine>
4、创建webapp的目录文件
[root@host1 ~]# mkdir /data/webapp1
[root@host1 ~]# mkdir /data/webapp1/{lib,classes,WEB-INF,META-INF,logs} -p
[root@host1 ~]# ls /data/webapp1/
classes index.jsp lib logs META-INF WEB-INF
5、创建一个index.jsp页面
<%@ page language="java" %> <%@ page import="java.util.*" %> <html> <head>
<title>web1.huangming.org test page.</title> </head> <body>
<% out.println("Hello,This is web1."); %> </body> </html>
6、在host2创建配置Tomcat虚拟主机,与host1相同
<Engine name="Catalina" defaultHost="web2.huangming.org">
<Host name="web2.huangming.org" appBase="/data/webapp2" unpackWARS="true" autoDeploy="true">
<Context path="" docBase="/data/webapp2" reloadabled="true" />
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="/data/webapp2/logs"
prefix="web2_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" /> </Host>
</Engine>
Step2:Host1和Host2的Nginx虚拟主机搭建和配置
1、Host1配置一个WEB虚拟主机,添加一个server.conf配置文件
[root@host1 ~]# vim /etc/nginx/vhosts/www.conf
server { listen 80; server_name 192.168.1.231;
index index.html index.htm index.php index.jsp;
server_tokens off; root /data/www/html;
access_log /var/log/nginx/www_access.log main; location / {
root /data/www/html; index index.html inex.htm index.php;
} location ~ \.php$ { include fastcgi_params;
fastcgi_pass unix:/var/lib/php/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www/html$fastcgi_script_name; }
2、Host2配置一个WEB虚拟主机,添加一个server.conf配置文件
[root@host2 ~]# vim /etc/nginx/vhosts/www.conf
server { listen 80; server_name 192.168.1.232;
index index.html index.htm index.php index.jsp;
server_tokens off; root /data/www/html;
access_log /var/log/nginx/www_access.log main; location / {
root /data/www/html; index index.html inex.htm index.php;
} location ~ \.php$ { include fastcgi_params;
fastcgi_pass unix:/var/lib/php/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www/html$fastcgi_script_name; }
3、php-fpm的配置
# vim /usr/local/php/etc/php-fpm.conf
[global] pid = /usr/local/php/var/run/php-fpm.pid
error_log = /usr/local/php/var/log/php-fpm.log [www]
listen = /var/lib/php/php-fcgi.sock user = php-fpm group = php-fpm
listen.owner = nginx listen.group = nginx pm = dynamic pm.max_children = 100
pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35
pm.max_requests = 500 rlimit_files = 1024 slowlog = /var/log/php/www_slow.log
request_slowlog_timeout = 1 php_admin_value[open_basedir]=/data/www/:/tmp/
Step3:Nginx反向代理服务器配置
在nginx配置文件的http模块中添加server配置
http {
include vhosts/*.conf;
......
upstream bbs { ;负载均衡配置
ip_hash;
server 192.168.1.231:80 weight=1 max_fails=3 fail_timeout=30s;
server 192.168.1.232:80 weight=1 max_fails=3 fail_timeout=30s;
}
server { ;此server代理Domain1:www.haungming.org
listen 80;
server_name www.huangming.org huangming.org 192.168.1.33;
index index.html index.htm index.php index.jsp;
server_tokens off;
access_log /var/log/nginx/www.access.log main;
location / {
proxy_pass http://bbs;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream http_500 http_502 http_503 error timeout
invalid_header;
proxy_buffering on;
proxy_redirect off;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_max_temp_file_size 1024m;
}
}
server { ;此server代理Domian2:web1.huangming.org
listen 80;
server_name web1.huangming.org;
index index.html index.htm index.jsp;
server_tokens off;
access_log /var/log/nginx/web1.access.log main;
location / {
proxy_pass http://192.168.1.231:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream http_500 http_502 http_503 error timeout
invalid_header;
}
}
server { ;此server代理Domain3:web2.huangming.org
listen 80;
server_name web2.huangming.org;
index index.html index.htm index.jsp;
server_tokens off;
access_log /var/log/nginx/web2.access.log main;
location / {
proxy_pass http://192.168.1.232:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream http_500 http_502 http_503 error timeout
invalid_header;
}
}
}
Step4:后端Nginx read server的日志记录
如果在web前端使用了代理,Nginx会使用默认的日志记录格式,记录不到客户的真实IP地址,故将两台host1、2的Nginx日志格式记录如下:
http {
......
log_format main '$HTTP_X_REAL_IP - $remote_user [$time_local] "$request"
'
'$status $body_bytes_sent "$http_referer"
"$request_time"'
'"$http_user_agent" $HTTP_X_Forwarded_For';
}
测试效果
[root@node1 ~]# curl http://192.168.1.33 -I
<http://s4.51cto.com/wyfs02/M02/7E/D8/wKiom1cKRa3AZIUXAAB4pWVpcQY979.jpg>
Step5:Nginx代理服务的日志记录
http {
......
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$gzip_ratio" "$http_referer"'
'"$http_user_agent" "$http_x_forwarded_for"
[$upstream_addr] '
'"$upstream_response_time" - "$request_time"';
}
测试效果:
其中"$upstream_addr"为响应客户请求的后端read server的IP address
<http://s5.51cto.com/wyfs02/M01/7E/D8/wKiom1cKRnrgRtRFAACDs1LcdPI040.jpg>
Step6:Nginx的静态缓存、防盗链的相关配置,在host1、2上
server { ......
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ {
expires 7d; root /data/www/html;
access_log off;
valid_referers none blocked *.huangming.org huangming.org;
if ($invalid_referer) { return 403;
} } location ~ .*\.(js|css)?$ {
expires 24h; access_log off; }
location ~ (static|cache) { access_log off; } }
Step7:测试Nginx反向代理和负载均衡
首先需要将域名做好解析,可以在本机hosts文件设置,或者在万网解析
1、测试Domian1
<http://s5.51cto.com/wyfs02/M00/7E/D9/wKiom1cKSknAuUZ1AADMfAIHksM284.jpg>
查看日志记录是否负载成功
<http://s2.51cto.com/wyfs02/M01/7E/D9/wKiom1cKSpSTPAMjAACoQIJMczQ416.jpg>
2、测试访问Domain2、3(Tomcat服务器)
<http://s4.51cto.com/wyfs02/M02/7E/D9/wKiom1cKS5TjbdIAAABSWYVRhOI405.jpg>
查看Nginx代理Tomcat的访问日志
[root@hxm ~]# tail -2 /var/log/nginx/web1.access.log
101.233.172.217 - - [07/Apr/2016:11:51:02 +0800] "GET / HTTP/1.1" 200 145 "-" "-""Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" "-" [192.168.1.231:8080] "0.007" - "0.007"
101.233.172.217 - - [07/Apr/2016:11:51:44 +0800] "GET / HTTP/1.1" 200 145 "-" "-""curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" "-" [192.168.1.231:8080] "0.005" - "0.005"
[root@hxm ~]# tail -2 /var/log/nginx/web2.access.log
101.233.172.217 - - [07/Apr/2016:11:50:30 +0800] "GET /favicon.ico HTTP/1.1" 404 1016 "-" "-""Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" "-" [192.168.1.232:8080] "0.018" - "0.018"
101.233.172.217 - - [07/Apr/2016:11:51:56 +0800] "GET / HTTP/1.1" 200 145 "-" "-""curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" "-" [192.168.1.232:8080] "0.011" - "0.011"
Step8:关于Tomcat的默认管理主页
将name=localhost,修改为本机地址192.168.1.231,这样可以在本地通过访问这个IP进入Tomcat的默认主页和配置管理页面
(这样与web1.huangming.org不产生冲突)
[root@host1 ~]# vim /usr/local/tomcat/conf/server.xml
<http://s5.51cto.com/wyfs02/M00/7E/D9/wKiom1cKTbXh6jYUAAATnVnbxx4354.jpg>
<http://s2.51cto.com/wyfs02/M02/7E/D9/wKiom1cKTqjBikXYAACuhOB4woI235.jpg>
Step9:Domain1:www.huangming.org站点目录的同步
这里在Host1和Host2之间使用NFS文件服务器,Host2挂载Host1的站点目录文件
[root@host2 conf]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda3 ext4 13G 5.8G 6.1G 49% /
tmpfs tmpfs 491M 0 491M 0% /dev/shm
/dev/sda1 ext4 190M 27M 154M 15% /boot
192.168.1.231:/data/www/html
nfs 13G 3.4G 8.6G 29% /data/www/html
结语:Nginx服务器的缓存配置
在web的前端,通常会加一层缓存服务器,作为缓存后端Read Server的网页内容,以加快访问速度,因此可以使用前端的Nginx代理服务器
配置文件中添加缓存配置同时作为缓存服务使用
原文:http://blog.51cto.com/7424593/1762432
热门工具 换一换