Nginx Load balancer for HTTPS access

Overall process: 1. Build a Tomcat project cluster (default complete) 2. Install Nginx required Libraries 3. Install Nginx and modify configuration file 4. Start the test

1.1.1. Install Nginx1.1.1.1. Installation Environment:

Installing the Pcre Library

Yum-y Install Pcre-devel

Installing the Zlib Library

Yum Install-y zlib-devel

Installing the OpenSSL Library

Yum install-y OpenSSL openssl-devel or compiled installation

Compile and install OpenSSL:

1. Upload the OpenSSL compression pack

Press Alt+p to enter the upload screen, upload openssl-1.0.1t.tar.gz

2. Unzip the package

[Email protected] ~]# TAR–ZXVF openssl-1.0.1t.tar.gz

[[Email protected] ~] #cd openssl-1.0.1t

3. Compiling the installation

Setting Installation Parameters

[Email protected] openssl-1.0.1t]#./config

Compiling and installing

[[email protected] nginx-1.7.7] #make

[[email protected] nginx-1.7.7] #make Install

Ready to install Nginx: upload Nginx

Press Alt+p to enter the upload interface, upload nginx

1.1.1.2. Extracting

Extract

[Email protected] ~]# TAR-ZXVF nginx-1.10.2.tar.gz

Go to Unzip folder

[Email protected] ~]# CD nginx-1.10.2

1.1.1.3. Compiling and installing

Setting Installation Parameters

[Email protected] nginx-1.10.2]#./configure--prefix=/usr/local/nginx--with-http_ssl_module

Compiling and installing

[[email protected] nginx-1.10.2]# make

[[email protected] nginx-1.10.2]# make install

OpenSSL generates a test CA certificate: See Resources

1.1.1.4. Modify the nginx.conf file for load balancing:

Requirements: 1. User through HTTPS access, through the Nginx reverse proxy implementation of HTTP internal jump 2. Implement page compression gzip 3. Record the user's real IP address 4. Use Ip-hash to create cluster information to resolve session sticky issues 5. Access address for DNS registered domain name 6.nginx managing static Resources

The configuration file is as follows:

#user nobody; Worker_processes 1; #error_log Logs/error.log; #error_log Logs/error.log Notice; #error_log Logs/error.log Info; #pid Logs/nginx.pid; Events { Worker_connections 1024; } HTTP { Include Mime.types; Default_type Application/octet-stream; #log_format Main ' $remote _addr-$remote _user [$time _local] "$request" ' # ' $status $body _bytes_sent ' $http _referer ' # ' "$http _user_agent" "$http _x_forwarded_for" '; #配置集群信息 Upstream XXX { Ip_hash; Server xxx.xx.xxx.xx:8083; Server xxx.xx.xxx.xx:8085; } #access_log Logs/access.log Main; Sendfile on; #tcp_nopush on; #keepalive_timeout 0; Keepalive_timeout 65; #开启压缩 gzip on; server { Listen 80; server_name localhost; #charset Koi8-r; #access_log Logs/host.access.log Main; Location/{ root HTML; Index index.html index.htm; } #error_page 404/404.html; # REDIRECT Server error pages to the static page/50x.html # Error_page 502 503 504/50x.html; Location =/50x.html { root HTML; } # Proxy The PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # Proxy_pass http://127.0.0.1; #} # Pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root HTML; # Fastcgi_pass 127.0.0.1:9000; # Fastcgi_index index.php; # Fastcgi_param Script_filename/scripts$fastcgi_script_name; # include Fastcgi_params; #} # Deny access to. htaccess files, if Apache ' s document Root # concurs with Nginx ' s one # #location ~/\.ht { # Deny All; #} } # Another virtual host using mix of ip-, name-, and port-based configuration # #server { # Listen 8000; # Listen somename:8080; # server_name somename alias Another.alias; # location/{ # root HTML; # index index.html index.htm; #    } #} # HTTPS Server # server { Listen 443 SSL; server_name www.xxx.com; SSL_CERTIFICATE/USR/LOCAL/NGINX/SERVER.CRT; Ssl_certificate_key/usr/local/nginx/server.key; Ssl_session_cache shared:ssl:1m; Ssl_session_timeout 5000m; # ssl_ciphers high:!anull:! MD5; Ssl_prefer_server_ciphers on; Location ~ \.png$ { Root/home; } Location/{ #root html; #index index.html index.htm; #配置用户真实ip Proxy_set_header Host $host; Proxy_set_header X-real-ip $remote _addr; Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for; #使用之前配置的集群 Proxy_pass http://xxx; } } }

Note: 1.location block root path problem: For example, the location block is configured as follows

Location ~ \.png$

{

Root/home;

}

The project Picture access path is/images/a.png, then the matching regular after path becomes/home/images/a.png

The above configuration file location regular URI is only an example.

1.1.1.5. Activating Nginx

View the installation files, conf is the configuration file, Sbin is the startup directory

[Email protected] nginx-1.10.2]# cd/usr/local/nginx/

Go to startup file directory and start Nginx

[Email protected] nginx]# CD sbin/

[Email protected] sbin]#./nginx

Viewing the startup process

Shutting down the firewall

[[Email protected] sbin]# service iptables stop

Access test

1.1.1.6. Nginx Related extensions:

Access process: When the ' optional Match rule ' module is not added, the Nginx server first searches multiple location blocks in the server block for a standard URI and request string match, and if there are multiple matches, records the highest match. The server then matches the regular URI in the location block with the request string, the local regular URI matches successfully, no longer searches, and the location block is used to process the request, and if the regular match all fails, This request is processed using the most matching location block just recorded.

Command:

./nginx

./nginx-s Stop

./nginx-s quit

./nginx-s Reload

./nginx-s quit: This stop step is to stop the nginx process from completing the processing task.

./nginx-s STOP: This method is equivalent to first detecting the Nginx process ID and then using the KILL command to force the kill process.

Query Nginx Process:

PS Aux|grep Nginx

8.2.6 Restart Service:

1. Stop and restart (recommended):

Restarting the nginx is equivalent to stopping and starting the Stop command before executing the start command. As follows:

./nginx-s quit

./nginx

2. Reload the configuration file:

When the configuration file of Ngin x nginx.conf Modified, for the configuration to take effect need to restart Nginx, use-s reload do not have to stop the nginx and then start Nginx can be configured in Nginx to take effect, as follows:

./nginx-s Reload

8.2.7 Access: http://xx.xx.xx.xxx/successful loading of the Nginx Welcome page, if you see Welcome to nginx! the word proves that the installation was successful

8.2.8 View Nginx installation path Whereis Nginx

Nginx Load balancer for HTTPS access