Java for building a web production environment that meets your actual needs

Source: Internet
Author: User
Tags epoll sendfile nginx load balancing

Before introducing how to build a web production environment, let's take a look at how to choose a system and related software, and what requirements should be met in a web production environment, then you will find your own ideas during the building process, rather than staying the same.

I. System Selection

There are many versions of server systems suitable for web production environments. How can we select one suitable for ourselves from these systems? The following conditions must be met:

  1. Web application language environmentIf the web application side in your hands is. net, you can directly choose win system. If the web application side is php or jsp, you should continue to consider the following points.

  2. System seriousnessWhen selecting a server system for small and medium-sized enterprises or individual users, there are generally two options: one is windows, the other is linux, then, when selecting our own system, we should consider our understanding of the system. Many people choose linux and ask him why. He said that linux is safer, no viruses, No Trojans, and no crashes. Too many windows viruses and Trojans are vulnerable to malicious attacks. Here I can say that this blind choice is wrong. Any system is vulnerable to viruses or malicious attacks.

  3. Cost requirementsThe biggest difference between windows and linux is that a non-open source project and an open source project are very simple.

    Windows has mature system service support, which is expensive. Some people have said that I have cracked the server and used it the same way. No charge is charged. I maintain it myself. Most of my shoes have chosen linux because linux is an open-source project and many elite teams are working together to develop linux. Many services are available for download from open-source sources, there are also a lot of related information on the Internet, which saves a lot of money for our system and service support.

    From the three points I have summarized above, I chose the linux-centos operating system, so I won't say much about it. Continue.

Ii. web Server Selection

The commonly used web servers in linux include apache nginx tomcat resin and other web servers. Here we choose a combination of nginx and tomcat to build our production environment.

The reason is as follows: nginx processing speed is faster than apache's memory usage, which is beyond doubt.

All modules of nginx are statically compiled, and fcgi is well supported.

Nginx supports the epoll mode, but apache does not.

The advantage of nginx as a web server is obvious, but it does not support dynamic processing. Because our environment here is java, the combination of nginx and nginx is the old tomcat, tomcat is widely recognized as a java processing server. Although it also supports static processing, its effect is far worse than nginx. Therefore, we adopt a combination to bring together their strengths to better utilize the performance of web servers.

III. The software is introduced above, and the hardware selection is introduced next.

If there are conditions, the brand server is the first choice when funds are allowed. I have only purchased the dell R720 server and will not comment on it. I just want to explain why I chose the dell Server:

  1. It is the cheapest price to configure DELL in the same way between ibm hp dell.

  2. DELL servers can select hardware based on their actual needs.

  3. I have been in touch with DELL after-sales services on our side.

Based on the above simple and powerful points, I chose the DELLR720 rack server.

So how do I choose the hardware such as the CPU memory RAID card?

  1. The CPU plays a vital role in the mysql database. The core quantity and performance determine the database query speed.

  2. We recommend that you select a large memory here. The memory is still 16 GB or 32 GB cheaper.

  3. Hard Disk selection. Here I suggest selecting four 15000-to-hard disks. The size of each disk space is determined based on actual needs. The advantage of this choice is that RAID can have multiple sexual intercourse options, you can select RAID10 or RAID5, which is also in disaster recovery considerations. If a hard disk breaks down in RAID5, You Can unmount it, at half past one, it will be too late to replace the hard disk and it will not affect the normal operation of our server.

  4. If you select a hard array card, there will be a cache problem. If you have requirements on storage and reading, you can choose a large cache.

  5. I think I should choose two power supplies for safety. One power supply costs several hundred yuan, so I can buy one with peace of mind.

I will not talk about anything else. With hardware support, the last option is bandwidth line support. Some investment is the province of the province, but some are the flowers of the flower.

If your site is very popular, popular, and growing rapidly, how important is ample bandwidth? Do not become a cannon for mosquitoes. If you have a good server, you will not be able to make good use of it.

All right, you can choose the one you want to select. The next step is to install and configure the server. The following figure shows the entire process.

4. Build a web production environment

System Environment: minimal installation of centos6.3 _ 64

Jdk version: jdk 1.6. Select the same version as during development.

Nginx version: nginx.1.2.5.tar.gz

Tomcat version: tomcat 7

Mysql version: mysql.5.5.11.tar.gz

If the server has a hard firewall, you can disable iptables and selinux that come with linux.

At last, I will give a brief introduction.

Before installing these software, we will install some necessary tools through yum. Here we will not explain much. If we do not install them, an error will be reported when installing the software later.

yum install gcc gcc-c++ make cmake wget libtool perl-devel ncurses-devel libxml2-develzlib-devel

1. Install jdk

Tar-xvf jdk1.6.tar.gz mv jdk1.6.tar.gz/usr/local/jdk Add the environment variable vi/etc/profile at the end: export JAVA_HOME =/usr/local/jdkexport PATH = $ PATH: $ JAVA_HOME/bin save and exit: source/etc/profile refresh the system variables, so you do not need to restart the Server java-version to view the jdk version.

650) this. width = 650; "title =" 1.jpg" src = ""/>

2. install tomcat

Tar-xvf tomcat.6.0.36.tar.gz mv apache-tomcat-6.0.36/usr/local/tomcat start tomcat:/usr/local/tomcat/bin/startup. sh

650) this. width = 650; "title =" 1.jpg" src = ""/>

Tomcat installation is complete. Test it and enter http: // ip address: 8080 in the address bar.

650) this. width = 650; "title =" 1.jpg" src = ""/>

This page indicates that there is no problem with installation and startup.

The tomcat configuration file is/usr/local/tomcat/conf/server. xml does not need to be modified here, so we will not discuss it much. There are also a lot of online related information. It is very helpful to use search engines to query information.

3. Install Nginx

3.1 install the pcre-devel library required by Nginx

tar -xvf pcre-8.02.tar.gzcd pcre-8.02make && make installcd /lib64ln -s

If this link is not used, the following error will be reported when nginx is started: libpcre. so.1 cannot be found.

3.2 install Nginx-1.2.5

Tar-xvf nginx-1.2.5.tar.gzcd nginx-1.2.5. /configure -- prefix =/usr/local/nginx \ specify the nginx installation directory -- with-http_stub_status_module \ Enable the nginx status function, monitor the current nginx status-with-http_gzip_static_module \ support online real-time compression of output data streams-with-google_perftools_module \ support for TCMalloc on Nginx performance optimization make & make install

Here, the TCMalloc module is installed to optimize Nginx. Therefore, you must first install this open-source tool. See:


After the installation is complete, compile it later.

3.3 Nginx configuration details

Modify the conf/Nginx. conf file in the nginx installation directory.

vi /usr/local/nginx/conf/nginx.conf

3.31 global configuration of Nginx

User nobody; specifies the Nginx Worker process running user and user group, here is the default worker_processes 4; specifies the number of processes enabled by Nginx, if multi-core CPU, set as many as the number of CPU cores error_log logs/error. log notice; defines the global error log level as noticepid logs/nginx. pid; specifies the location where the nginx process id stores the file worker_rlimit_nofile 65535; used to bind the worker Process and CPUevents {used to set the Nginx working mode and the maximum number of connections use epoll; Nginx working mode, worker_connections 60000 is the preferred choice for epoll mode in linux. the formula below shows the maximum number of connections for each process :}

Max_clients = processes * connections

Maximum number of connections = number of processes * Maximum number of connections to each process

Divide by 4 when acting as the reverse proxy

The maximum number of connections to a process is limited by the maximum number of files opened by a linux system process. Modify the following method:

vi /etc/security/limits.conf

Modify the following content:

650) this. width = 650; "title =" 1.jpg" src = ""/>

Worker_connections settings take effect.

3.32 Nginx configuration of HTTP server Properties

http{include conf/mime.types;default_type application/octet-stream;log_format main '$remote_addr - $remote_user [$time_local] ''"$request" $status $bytes_sent ''"$http_referer" "$http_user_agent" ''"$gzip_ratio"';log_format download '$remote_addr - $remote_user [$time_local] ''"$request" $status $bytes_sent ''"$http_referer" "$http_user_agent" ''"$http_range" "$sent_http_content_range"';client_max_body_size  20m;client_header_buffer_size 32k;large_client_header_buffers  4 64k;sendfile on;tcp_nopush on;tcp_nodelay on;keepalive_timeout 60;client_header_timeout 10;client_body_timeout 10;send_timeout  10;}

The following describes the meaning of the above configuration in detail:

Include introduces external files to reduce the complexity of the master configuration file

Default_type: binary stream by default

Log_format specifies the Nginx log output format

Client_max_body_size: Maximum number of bytes of a single file requested by the client

Client_header_buffer_size size of the client request header headerbuffer

Large_client_header_buffers: number and size of large message headers in client requests

High-efficiency file transmission mode is enabled for sendfile.

Set tcp_nopush to on to prevent network congestion

Tcp_nodelay is set to on to prevent network congestion

Keepalive_timeout: the server closes the connection after the timeout value of the Client Connection persistence activity expires.

After the client_header_timeout time-out period of the client Request header times out, Nginx returns the Request time out (408) error.

Client_body_timeout: Nginx returns the Request time out (408) error after the time-out period of the client Request body times out.

The time between two send_timeout connection activities. If the client does not have any activity beyond this time, Nginx will close the connection.

3.33 http gzip module configuration

gzip on;gzip_min_length 1k;gzip_buffers  4 16k;gzip_http_version 1.1;gzip_comp_level 2;gzip_types  text/plain application/x-javascript text/css application/xml;gzip_very on;

The following describes in detail the meaning of the above Configuration:

Gzip settings enable gzip compression to compress output data streams in real time

Gzip_min_length indicates the minimum page size that can be compressed. The number of page bytes is obtained from the Content-Length in the header.

We recommend that you set the size to 1 kb. smaller than 1 kb may increase the compression size.

Gzip_buffers applies for 4 memory units of 16 KB as the compression result stream cache.

Gzip_http_version is set to identify HTTP Protocol Version 1.1 by default. Almost all browsers support gzip compression.

Gzip_comp_level: the smaller the compression ratio of gzip, the smaller the compression ratio, and the faster the processing speed. The slower the compression ratio, the CPU consumption.

Gzip_types is used to specify the compression type.


3.34 Server Load balancer Configuration

upstream tomcats{ip_hash;server;server down;server max_fails=3 fail_timeout=20s;}

The following describes in detail the meaning of the above Configuration:

The load balancing module of Nginx currently supports four scheduling algorithms, the last two of which are third-party scheduling algorithms.

By default, requests are distributed to different backend servers one by one in chronological order. If the backend server goes down, the system will automatically remove the requests without affecting them.

Weight specifies the Weight of the Round-Robin. The higher the Weight value, the higher the probability of access allocated to it, and the uneven performance of the backend server.

Ip_hash visitors from the same IP address will access a server on a fixed basis, solving the problem of session in a dynamic web page.

Fair performs Load Balancing Based on the page size and loading duration. Nginx does not support fair. You need to download the upstream_fair module.

Url_hash: Each URL is directed to the same server, which can further improve the efficiency of the cache server. You must also install the Nginx hash package.

Status in Server Load balancer scheduling:

Down, indicating that the current server is not involved in server Load balancer

Backup, reserved backup machine, all other non-backup machines will be requested when the fault or busy

Max_fails: if the maximum number of failed requests is exceeded, proxy_next_upstream is returned.

Fail_timeout indicates the number of max_fails failures, and the service suspension time can be used together.

Note: During ip_hash scheduling, the scheduling status of Server Load balancer cannot be weight or backup.

3.35 server Virtual Host Configuration

Server {listen 8080; the port is set to server_name based on your backend server; it can be an IP address or index index.html index.htm index. jsp; set the address for accessing the default homepage. the root directory of the web page of the root/www/abc VM charset gb2312; used to set the webpage encoding format access_log logs/abc. access. log main; the access log storage PATH uses main to specify the output format}

3.36 detailed configuration of URL matching

Location supports regular expressions and condition determination. You can use location to implement dynamic and static separation.

All static files, such as html jpg, are left to process all jsp dynamic files and handed over to tomcat for processing.

All static files with the extension name .gif2.16.jpg2.16.png and swf are handed over to Nginx for processing.

Location ~ . * \. (Gif | jpg | png | swf) $ {root/web/abc; website root directory expires 30d; specify the expiration time of static files. Here is 30 days}

Submit the upload directory and all files in the html directory under the root directory of the website to nginx for processing.

Location ~ ^/(Upload | html)/{root/web/abc; website root directory expires 30d; specified static file expiration time: 30 days}

Submit all. jsp extension files under the VM to port 8080 of the Local Machine for processing.

location ~ .*.jsp$ {index index.jsp;proxy_pass http://localhost:8080;}

3.37 error message returned page configuration

Error_page 404/404 .html; error_page 500 502 503 x.html; location =/50x.html {root html; where to find the error page after an error is returned}

According to the above detailed introduction to the nginx configuration file, I believe I can master how to configure the dynamic and static separation of nginx load balancing and other web server-related technical information. Based on your actual situation, you can submit static files to nginx for processing, and submit dynamic files to tomcat for processing. If the load is high, you can also use nginx for load balancing, load Balancing can also be started through multiple tomcat, related information:

After Nginx is configured, check whether the configuration is correct through/usr/local/nginx/sbin/nginx-t. If there is an error, it will tell you the error location. If there is no error, it will appear as follows:

650) this. width = 650; "title =" 1.jpg" src = ""/>

Enable and disable Nginx

/Usr/local/nginx/sbin/nginx starts Nginxps-ef | grep nginx

650) this. width = 650; "title =" 1.jpg" src = ""/>

Kill 7665 closes nginx.

The nginx detailed introduction is complete. Continue to the following mysql Installation

4. Install the mysql database

4.1 create a mysql installation directory

mkdir -p /usr/local/webserver/mysql/

4.2 create a data storage directory

mkdir -p /data/mysql/

4.3 create users and user groups and grant data storage directory permissions

groupadd mysqluseradd -g mysql mysqlchown mysql.mysql -R /data/mysql/

4.4 download and decompress mysql 5.5.11

wget zxvf mysql-5.5.11.tar.gzcd mysql-5.5.11

4.5 compile mysql-5.5.11

cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql/  \-DMYSQL_DATADIR=/data/mysql  \-DMYSQL_UNIX_ADDR=/data/mysql/mysqld.sock  \-DWITH_INNOBASE_STORAGE_ENGINE=1  \-DENABLED_LOCAL_INFILE=1 \-DMYSQL_TCP_PORT=3306  \-DEXTRA_CHARSETS=all \-DDEFAULT_CHARSET=utf8  \-DDEFAULT_COLLATION=utf8_general_ci  \-DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock  \-DMYSQL_USER=mysql \-DWITH_DEBUG=0make && make install

4.6 copy the configuration file

cp support-files/my-medium.cnf /etc/my.cnfcp support-files/mysql.server /etc/init.d/mysqldchmod 755 /etc/init.d/mysqld

4.7 initialize the database

cd /usr/local/mysql/scripts./mysql_install_db --user=mysql \--basedir=/usr/local/webserver/mysql \--datadir=/data/mysql/ &

4.8 start the mysql Service

/Etc/init. d/mysqld startps-ef | grep mysql command to check whether to start

4.9 log on to the mysql database

/usr/local/webserver/mysql/bin/mysql -u root -p

The initial password for logging on to the MySQL server through the command line is blank.

4.10 remove Anonymous Logon

delete from mysql.user where user="";

4.11 If You Need to remotely connect to mysql, perform the following operations:

use mysql ;insert into user set host='%',user='root',password='';

4.12 set password for local and remote host users

use mysql ;set password for 'root'@'localhost'=PASSWORD("123456");set password for 'root'@'%'=PASSWORD("123456");FLUSH PRIVILEGES;

5. The following describes how to optimize system kernel parameters for Nginx applications in linux.

net.ipv4.tcp_max_tw_buckets = 6000net.ipv4.ip_local_port_range = 1024 65000net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_syncookies = 1net.core.somaxconn = 262144net.core.netdev_max_backlog = 262144net.ipv4.tcp_max_orphans = 262144net.ipv4.tcp_max_syn_backlog = 262144net.ipv4.tcp_synack_retries = 1net.ipv4.tcp_syn_retries = 1net.ipv4.tcp_fin_timeout = 1net.ipv4.tcp_keepalive_time = 30

Add the preceding Kernel Parameter Value to the/etc/sysctl. conf file, and then execute the following command to make it take effect.

mkdir -p /usr/local/webserver/mysql/

The preceding parameters are described as follows:

Net. ipv4.tcp _ max_tw_buckets is used to set the default value of timewait to 180000.

Net. ipv4.ip _ local_port_range is used to set the minimum port range that allows the system to open 1024

Net. ipv4.tcp _ tw_recycle is used to set the start timewait quick recovery.

Net. ipv4.tcp _ tw_reuse is used to enable reuse and allow time-wait sockets to be re-used for new tcp connections.

Net. ipv4.tcp _ syncookies are used to enable syn cookies. When syn waits for a queue, cookies are enabled.

Net. core. somaxconn is 128 by default. The parameter is used to adjust the number of tcp connections initiated by the system at the same time. In highly concurrent requests, the default value may cause connection timeout or retransmission. Therefore, this value must be adjusted based on the number of concurrent requests.

Net. core. netdev_max_backlog indicates the maximum number of packets that can be sent to the queue when each network interface receives packets at a rate faster than the rate at which the kernel processes these packets.

Net. ipv4.tcp _ max_orphans is used to set the maximum number of tcp sockets in the system that are not associated with any user file handle. If this number is exceeded, the isolated connection is reset immediately and a warning is printed. This restriction is used to prevent simple DOS attacks. You cannot rely too much on this limit or even manually reduce this value. In more cases, you should increase this value.

Net. ipv4.tcp _ max_syn_backlog is used to record the maximum value of connection requests that have not received confirmation from the client. For systems with 1024 MB of memory, the default value of the sub-parameter is 128, and that of Systems with small memory is.

The value of the net. ipv4.tcp _ synack_retries parameter determines the number of SYN + ACK packets sent before the kernel disconnects.

Net. ipv4.tcp _ syn_retries indicates the number of SYN packets sent before the kernel disconnects the resume connection.

Net. ipv4.tcp _ fin_timeout determines the time for the socket to remain in the FIN-WAIT-2 state. The default value is 60 seconds. It is very important to set this value correctly. Sometimes, even if a web server with a small load has a large number of dead sockets, leading to the risk of memory overflow.

Net. ipv4.tcp _ keepalive_time indicates the frequency of keepalive messages sent by tcp when keepalive is started. The default value is 2 hours ).

This article describes how to build a web production environment. The real system production environment can be achieved by installing a few pieces of software, instead of relying on several articles, technical personnel need to accumulate their own experience in the application, so as to build a better system environment. As the saying goes, it is a horse-drawn horse. You can also try it on your own.

This article is from the "O & M engineer" blog, please be sure to keep this source

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.