Nginx + Tomcat + Https Server Load balancer configuration, nginxtomcat

Nginx + Tomcat + Https Server Load balancer configuration, nginxtomcat

As needed, we had to build an nginx + tomcat + https server. I searched for the web and found that there was always a mistake. Now I have sorted out some useful ones and I have forgotten them.

Environment: Centos6.5, JDK1.8, Tomcat8, Nginx1.10.1
Preparation materials:
1.jdk1.8installation package jdk-8u102-linux-x64.tar.gz

2.tomcat8installation package apache-tomcat-8.0.37.tar.gz

3.nginx1.10installation package nginx-1.10.1.tar.gz

 

1. JDK installation and configuration
Decompress and install the package to/usr/local/jdk.

[root@localhost ~]# tar zxvf jdk-8u102-linux-x64.tar.gz[root@localhost ~]# mv jdk1.8.0_102 /usr/local/jdk

Configure JDK Environment Variables

[root@localhost ~]# vi /etc/profile

Add the following content at the bottom

JAVA_HOME=/usr/local/jdkJRE_HOME=$JAVA_HOME/jreCLASSPATH=.:$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATHPATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATHexport JAVA_HOME JRE_HOME PATH CLASSPATH

Application Environment Variables

[root@localhost ~]# source /etc/profile

Check whether the version is successful. The version description is displayed.

[root@localhost ~]# java -version

2. Tomcat installation and configuration
Decompress and install the package to/usr/local/tomcat.

[root@localhost ~]# tar zxvf apache-tomcat-8.0.37.tar.gz[root@localhost ~]# mv apache-tomcat-8.0.37 /usr/local/tomcat

Tomcat runs as root by default, which is insecure.

[root@localhost ~]# groupadd tomcat[root@localhost ~]# useradd -g tomcat tomcat[root@localhost ~]# passwd tomcat[root@localhost ~]# chown tomcat.tomcat -R /usr/local/tomcat

Run tomcat

[root@localhost ~]# su - tomcat /usr/local/tomcat/bin/startup.sh

Set startup

[root@localhost ~]# echo "su - tomcat /usr/local/tomcat/bin/startup.sh" >> /etc/rc.local

3. install and configure Nginx
Configure Nginx users

[root@localhost ~]# groupadd nginx[root@localhost ~]# useradd -g nginx -s /sbin/nologin nginx

Install dependency packages

[root@localhost ~]# yum -y install zlib zlib-devel openssl openssl-devel pcre pcre-devel gcc gcc-c++

Decompress the package and enter the folder.

[root@localhost ~]# tar zxvf nginx-1.10.1.tar.gz[root@localhost ~]# cd nginx-1.10.1

Configure and install

[root@localhost nginx-1.10.1]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module[root@localhost nginx-1.10.1]# make && make install

Configure Nginx

[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf

In this step, you need to manually put the ssl certificate under the/usr/local/nginx/conf/directory, which are cert. crt and cert. key Files respectively.
If the certificate file is in another format, you can search for the conversion method.
If you do not need to configure https, change port 443.

Nginx main configuration file

User nginx; worker_processes 1; error_log logs/error. log; pid logs/nginx. pid; events {use epoll; worker_connections 1024;} http {include mime. types; default_type application/octet-stream; log_format main '$ remote_addr-$ remote_user [$ time_local] "$ request" ''$ status $ response" $ http_referer "'' "$ http_user_agent" "$ http_x_forwarded_for "'; access_log logs/access. log main; proxy_redirect off; p Roxy_set_header Host $ host; proxy_set_header X-Real-IP $ remote_addr; proxy_set_header X-Forwarded-For $ timeout; limit 10 m; Limit 128 k; proxy_connect_timeout 90; Limit 90; Limit 90; proxy_buffer_size 4 k; proxy_buffers 6 32 k; proxy_busy_buffers_size 64 k; proxy_temp_file_write_size 64 k; sendfile on; keepalive_timeout 65; gzi P on; gzip_min_length 1 k; gzip_buffers 4 16 k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain application/x-javascripttext/css application/xml; gzip_vary on; server {listen 80; server_name www.domain.com; # modify the domain name return 301 https: // $ server_name $ request_uri; # force redirect to port 443} server {listen 443 ssl; server_name www.domain.com; # modify the domain name ssl_certificate cert. crt; # import the certificate ssl_certificate_key cer T. key; # import the certificate ssl_session_cache shared: SSL: 1 m; ssl_session_timeout 5 m; ssl_ciphers HIGH :! ANULL :! MD5; ssl_prefer_server_ciphers on; location/{root/usr/local/tomcat/webapps/ROOT; index index.html index. jsp index.htm;} location ~. *. Jsp $ {index. jsp; proxy_pass http: // 127.0.0.1: 8080;} location/nginxstatus {stub_status on; access_log on; auth_basic "nginxstatus"; logs/usr/local/nagois/etc/htpasswd. users;} error_page 404/404 .html; error_page 500 502 503 x.html; location =/50x.html {root html ;}}}

Start the server

/usr/local/nginx/sbin/nginx

A kitten appears in the browser.