Nginx Reverse proxy tomacat+keepalived for dynamic and static separation, load balancing, high availability

The static and dynamic separation in this paper is mainly realized by Nginx+tomcat, in which the nginx handles the images, HTML, JS, CSS and so on, and Tomcat handles the dynamic requests such as JSP and servlet.

Server Name System version pre-installed software IP address

Nginx Server CentOS 7 Minimum installation Nginx 192.168.22.228

Web Server A CentOS 7 minimum installation tomcat+jdk 192.168.22.229

Web Server B CentOS 7 Minimum installation tomcat+jdk 192.168.22.300

Nginx server to do load balancing, high availability, reverse proxy and static and dynamic separation, Server A, b cluster.

nginx Installation (192.168.22.228)

Official website Download: http://nginx.org/en/download.html
Version number: nginx-1.8.0.tar.gz

① Extracting files

[[email protected] ~]# cd /usr/local/software/[[email protected] software]# tar -zxvf  nginx-1.8.0.tar.gz

② Progress Nginx directory to compile and install

[[email protected] local]# cd /usr/local/software/nginx-1.8.0[[email protected] nginx-1.8.0]# ./configure --prefix=/usr/local/nginx[[email protected] nginx-1.8.0]# make & make install

③ start Nginx

[[email protected] local]#  /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

[[email protected] local]#ln –s  /usr/local/nginx/sbin/nginx   /usr/local/sbin/    

 #这样执行命令就不用决定路径了

Common errors

When the./configure command is in progress, the error is often due to the lack of a library file, as follows:

Error one: Missing gc++ library file

Workaround: Install gcc gcc-++ online

yum -y install gcc  gcc-++ autoconf automake

Error two: Missing Pcre library
./configure:error:the HTTP Rewrite module requires the PCRE library.

Workaround: Install Pcre-devel to solve the problem

yum -y install pcre-devel

Error Three:
Error message:./configure:error:the HTTP Cache module requires MD5 functions
From the OpenSSL library. You can either disable the module by using

How to resolve:

yum  -y install openssl openssl-devel

After installation continue to execute the Configure command, you can complete the installation of Nginx

[[email protected] nginx-1.8.0]# make & make Install

Nginx start, stop, restart

First, we show you how to view Nginx's process number:
With command: ps -ef|grep nginx view

[Email protected] local]# Ps-ef|grep Nginx

Root 13421 1 0 02:55? 00:00:00 Nginx:master process/usr/local/nginx/sbin/nginx-c/usr/local/nginx/conf/nginx.conf

Nobody 13422 13421 0 02:55? 00:00:00 Nginx:worker Process

Root 13448 7858 0 03:04 pts/0 00:00:00 grep--color=auto nginx

① Start Mode

"Nginx Boot file Address"-C "nginx configuration file Address"

For example:

/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

当然上面ln做了软链接  直接输入 nginx 即可启动

② shutdown mode

pkill -9 nginx

          nginx stop

③ restart

The first type of reload command:

    [[email protected] local]# cd /usr/local/nginx/sbin/    [[email protected] sbin]# ./nginx -s reload

The installation configuration and start-up stop of Nginx in Linux environment have been explained.

Tomcat installation Configuration (192.168.22.229-192.168.22.300) two installation configurations

Software Environment: jdk1.8
Software Download Catalog:/usr/lcoal/software
Software Installation directory:/usr/local/

JDK Environment Installation configuration:

Download the JDK package:

JDK website, download the required Linux version rpm package: jdk-8u65-linux-x64.rpm

Http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

To start the installation:

① Check if the system comes with a JDK, and if the system comes with a JDK, it needs to be uninstalled first. Then install the JDK we need.

Check whether the JDK command is installed:

rpm -qa | grep jdk

To delete a command that comes with a JDK:

rpm -e --nodeps  java-1.6.0-openjdk-1.6.0.0-1.41.1.10.4.el6.x86_64

or remove it with the yum-y remove command:

 yum -y remove  java-1.6.0-openjdk-1.6.0.0-1.41.1.10.4.el6.x86_64

After execution, check whether the deletion succeeded:

② uploading the installation package to the server/storage/sdc-data/software/directory via Xmanager

③ Getting file permissions

Get File Permissions command:

chmod -R 777   

This command adds execute permissions to the resource, and if it does not, the next step will prompt for insufficient permissions. Green represents permission to write

④ Installing the JDK

To execute the installation command:

rpm -ivh  /storage/sdc-data/software/jdk-8u65-linux-x64.rpm

This command installs the JDK to the/usr/java directory by default

⑤. The JDK installation directory, renamed and moved to directory/usr/local/. And see if the move was successful

The MV command is used for renaming files and moving file locations.

mv/usr/java/jdk1.8.0_45/usr/local/jdk1.8

Open the file with the VI command, open the default is the command mode, enter a or I can enter the editing mode

Vi/etc/profile

At the end of the file, configure the following variable, edit finish press Esc to exit Edit, and then enter: Wq or: x Save exit

java_home=/usr/local/jdk1.8

Path= $JAVA _home/bin: $PATH

Classpath=.: $JAVA _home/lib/dt.jar: $JAVA _home/lib/tools.jar

Export Java_home Export

PATH Export CLASSPATH

Then enter the Source/etc/profile command to make the configuration file effective.

Source/etc/profile

⑦.java-version

The following version information appears, indicating that all installation configurations were successful. At this point, the Linux environment installation configuration JDK is complete and the Tomcat installation begins

3. Install Tomcat

① Enter the directory where the package is located

[[email protected] local]# cd /usr/local/software/[[email protected] software]# lsapache-tomcat-8.0.30.tar.gz  jdk-8u45-linux-x64.rpm  redis-3.0.5.tar.gz

② extracting Tomcat

[[email protected] software]# tar -zxvf apache-tomcat-8.0.30.tar.gz apache-tomcat-8.0.30/bin/catalina.shapache-tomcat-8.0.30/bin/configtest.shapache-tomcat-8.0.30/bin/daemon.shapache-tomcat-8.0.30/bin/digest.shapache-tomcat-8.0.30/bin/setclasspath.shapache-tomcat-8.0.30/bin/shutdown.shapache-tomcat-8.0.30/bin/startup.shapache-tomcat-8.0.30/bin/tool-wrapper.sh

③ Move and rename

[[email protected] software]# mv apache-tomcat-8.0.30 /usr/local/tomcat8

④ Start Tomcat

⑤ client Browser Access

PS: Before remote testing, the Linux firewall needs to be shut down.

CentOS7 shut down the firewall command:

Systemctl Stop Firewalld (temporarily shut down the firewall)

Systemctl Disable FIREWALLD (permanently shut down the firewall)

Tomcat can be understood as a small Web server, the default home page path

/usr/local/tomcat8/webapps/examples\index.html

Nginx reverse proxy and load balancer

Explanation: The forward proxy is our visit to foreign sites, we are not accessible by itself, with the use of agents can be

Reverse proxy is the proxy server, for example, we here Nginx proxy Tomcat, customer access to Tomcat in fact, the first through Nginx

The following is the configuration of load balancing and reverse proxy nginx.conf

Worker_processes 2;
events{
    worker_connections 1024;
}
http{
Keepalive_timeout;
gzip on;
Upstream mycluster{             #配置负载均衡
         server 192.168.22.299:8080 weight=1;
         server 192.168.24.300:8080 weight=1;
   }
    server{
        Listen 8088;                       # There is no default 80,80 available here.
        server_name 192.168.22.298;
        location/{
             Proxy_pass http://mycluster;        #反向代理

#如果没配置负载均衡, in fact, as long as the following server IP is specified here to implement the reverse proxy, of course, the load balancer is configured here, so to specify the IP list behind the server, such as here two Tomcat IP address, the following proxy configuration can not
Proxy_set_header X-real-ip $remote _addr; # Real Client IP
Proxy_set_header Host $host; # The host information in the request header
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for; # Proxy routing information, where IP has security implications
Proxy_set_header X-forwarded-proto $scheme; # Real User Access Protocol
}
Error_page 502 503 504/50x.html;
Location =/50x.html {
root HTML;
}
}
}
This way nginx reverse proxy and load balancer are configured to complete when the customer accesses the 192.168.22.298 when the load balancer is accessed by the 192.168.22.299-192.168.22.300

Additional

upstream backend {       #如果负载均衡集群只要一台服务器，就需要配置ip_hash

ip_hash;

server  backend1.example.com  max_fails=3 fail_timeout=30s;

server  backend2.example.com down;

}

If this directive is used, it will cause the client's request to be distributed among the servers in the upstream with the client's IP address, and its key technique is to hash the request client IP address in such a way that the client is always able to pass to the same backend server. However, if the server is considered invalid, then the client's request will be passed to the other server. So this mechanism is a high probability that client requests are always connected to the same server

If you use this directive, you cannot use the weight method, if you specify an S erver in a upstream, the server needs to be removed, then you need to add the down parameter after the IP or machine name.

In order to differentiate the access 192.168.22.228 will automatically load balance first access to 192.168.22.229, in the refresh on the access to 192.168.22.300, in order to facilitate testing, the default home page of the two Tomcat to distinguish the content

Summary

This article implements the load balancing effect of the Tomcat server cluster through Nginx reverse proxy. From this demo, we can simply feel what the reverse proxy has done for us and what is load balancing. Of course, this is just a simple use of nginx, do some simple configuration, follow-up will do some of the optimization of load balancing configuration, there is the session sharing problem, and nginx high availability of the problem, these knowledge follow-up blog will be introduced to, towering high-rise flat, step by step.

Nginx static and dynamic separation configuration

New Test Catalog DRP (MKDIR–P/USR/LOCAL/TOMCAT8/WEBAPPS/DRP). (two Tomcat is also configured)

Build JSP dynamic page, vim/usr/local/tomcat8/webapps/drp/index.jsp

<%@ page language= "java" contenttype= "text/html; charset=gb18030 "

pageencoding= "GB18030"%>

<HTML>

<meta http-equiv= "Content-type" content= "text/html; charset=gb18030 ">

<title>nginx Static and dynamic separation test </title>

<body>

</body>

JSP into the DRP directory (MKDIR–P/USR/LOCAL/TOMCAT8/WEBAPPS/DRP), add a picture label, load the tomcat root directory/usr/local/tomcat8/webapps/drp/img/ Girl.jpg picture file (can be replaced with other pictures). Launch the Tomcat test to see if it can be accessed. (two Tomcat is also configured)

Browser input URL: http://192.168.22.229:8080/drp/index.jsp

Browser input URL: http://192.168.22.300:8080/drp/index.jsp test access to normal before continuing

To configure Nginx, complete nginx configuration file:

User nobody;

Worker_processes 2;

events{

Worker_connections 1024;

}

http{#设置默认类型为二进制流

Default_type Application/octet-stream; #这里的路径好像不对, because the document was made up,

Server_names_hash_bucket_size 128;

#指定来自客户端请求头的headerbuffer大小, set to 32KB

Client_header_buffer_size 32k;

#指定客户端请求中较大的消息头的缓存最大数量和大小, this is 4 32KB

Large_client_header_buffers 4 32k;

#上传文件大小

Client_max_body_size 356m;

#nginx的HttpLog模块指定, specify the output format of the Nginx log, the output format is access

Log_format access ' $remote _addr-$remote _user [$time _local] "$request"

' $status $body _bytes_sent "$http _referer" "$http _user_agent"

"$http _x_forwarded_for";

#access日志存在未知

Access_log/var/log/nginx/access.log access;

#开启高效模式文件传输模式, Tcp_nopush and Tcp_nodelay two are set to on to prevent network congestion.

Sendfile on;

Tcp_nopush on;

Tcp_nodelay on;

#设置客户端连接保持活动的超时时间

Keepalive_timeout 65;

Server_tokens off;

#客户端请求主体读取缓存

Client_body_buffer_size 512k;

Proxy_connect_timeout 5;

Proxy_send_timeout 60;

Proxy_read_timeout 5;

Proxy_buffer_size 16k;

Proxy_buffers 4 64k;

Proxy_busy_buffers_size 128k;

Proxy_temp_file_write_size 128k;

#开启gzip

gzip on;

#允许压缩的最小字节数

Gzip_min_length 1k; #4个单位为16k的内存作为压缩结果流缓存

Gzip_buffers 4 16k;

#设置识别HTTP协议版本, the default is 1.1

Gzip_http_version 1.1;

#gzip压缩比, can be set in 1~9, 1 compression ratio of the smallest, the fastest, 9 compression ratio of the largest, the slowest, consumes the CPU

Gzip_comp_level 2;

#压缩的类型

Gzip_types text/plain application/x-javascript text/css application/xml;

#让前端的缓存服务器混村经过的gzip压缩的页面

Gzip_vary on;

Upstream mycluster{

Server 192.168.22.229:8080 weight=1;

Server 192.168.22.300:8080 weight=1;

}

server{

Listen 8088; server_name 192.168.22.228;

CharSet Utf-8; #设置编码为utf-8;

#location/{

# root HTML;

# index index.html index.htm;

#}

#location ~. *\. (jsp|do|action) $

Location/{

Proxy_next_upstream http_502 http_504 error timeout invalid_header;

Proxy_pass Http://mycluster; #① All requests are forwarded to Tomcat for processing

# Real Client IP

Proxy_set_header X-real-ip $remote _addr;

# The host information in the request header

Proxy_set_header Host $host;

# Proxy routing information, where IP has security implications

Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;

# Real User Access Protocol

Proxy_set_header X-forwarded-proto $scheme;

}

#② individual requests such as: Html,js,css and other static resource requests, handled by Nginx

#静态文件交给nginx处理

Location ~. *\. (htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma) $ {

Root/usr/local/webapps; Expires 30d; }

#静态文件交给nginx处理

Location ~. *\. (JS|CSS)? $ {

Root/usr/local/webapps;

Expires 1h;

}

Error_page 502 503 504/50x.html;

Location =/50x.html {

root HTML;

}

}

}

Test nginx static and dynamic separation

According to the above configuration file, the configuration of static and dynamic separation and load balancing is completed, then the Nginx is started.
Visit URL: http://192.168.22.228:8088/drp/index.jsp

You can see that the picture is not loaded. This is because the static resource access request has been blocked by Nginx, handled by Nginx. But the Nginx server /usr/local/webapps directory and no picture resources, so the picture is not loaded out. The index.jsp page can be displayed, stating that the dynamic request has been forwarded to the Tomcat,tomcat to parse the index.jsp.

Place the image file in the Nginx server/usr/local/webapps directory, and copy the entire directory of the DRP on Tomcat to it.

Then refresh the browser again, the picture will display properly. The 192.168.22.230 here is 192.168.22.300, which was set when the experiment was done.

It can be seen from the down display that the 192.168.22.230 dynamic file index.jsp shown above is handled by Tomcat

The picture below is handled by Nginx

Last Nginx high-availability configuration (nginx+keepalived)

Nginx Reverse proxy tomacat+keepalived for dynamic and static separation, load balancing, high availability