欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

nginx

程序员文章站 2022-06-11 16:13:55
...

实现nginx的安装,负载到2台tomcat,解决session一致的问题。

 

一:centos5安装nginx

1 在安装之前首先要安装pcre-devel openssl openssl-devel
 yum -y install pcre-devel openssl openssl-devel 
或者源码安装,如:
# tar zxvf pcre-8.01.tar.gz
# cd  pcre-8.01
# ./configure
# make && make install
否则:
./configure: error: the HTTP rewrite module requires the PCRE library.
./configure: error: the HTTP cache module requires md5 functions from OpenSSL library.

说明:PCRE(Perl Compatible Regular Expressions)是一个Perl库,包括 perl 兼容的正规表达式库。

2 安装nginx :

seesion共享:下载补丁:http://code.google.com/p/nginx-upstream-jvm-route/  nginx0.8不好用。估计高版本都不好用?

#安装svn客户端
[[email protected] nginx-0.7.69]# yum -y install subversion
# svn checkout http://nginx-upstream-jvm-route.googlecode.com/svn/trunk/ nginx-upstream-jvm-route-read-only
# tar zxvf nginx-0.7.69.tar.gz
# cd nginx-0.7.69
[[email protected] nginx-0.7.69]# patch -p0 <  /opt/nginx/nginx-upstream-jvm-route-read-only/jvm_route.patch

#出现以下信息说明正确

patching file src/http/ngx_http_upstream.c
Hunk #1 succeeded at 3861 (offset 19 lines).
Hunk #3 succeeded at 3993 (offset 19 lines).
Hunk #5 succeeded at 4063 (offset 19 lines).
patching file src/http/ngx_http_upstream.h

 

# ./configure --user=root --group=root --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-http_ssl_module  --add-module=/opt/nginx/nginx-upstream-jvm-route-read-only
# make && make install

检查nginx的配置文件

# /usr/local/webserver/nginx/sbin/nginx -t

启动nginx

# /usr/local/webserver/nginx/sbin/nginx

 

测试安装成功:http://192.168.1.101/ 显示: Welcome to nginx!

重启nginx

# /usr/local/webserver/nginx/sbin/nginx -s reload

 

nginx -s stop     // 停止nginx

nginx -s reload   // 重新加载配置文件

nginx -s quit     // 退出nginx

 

windows下面启动nginx

cd nginx目录:

start nginx  简单点直接双击nginx.exe

打开任务管理器,查看 nginx.exe 进程,有二个进程会显示,占用系统资源,那是相当的少。

 

配置nginx开机启动

编辑/etc/rc.d/rc.local 文件,在末尾加入:/usr/local/webserver/nginx/sbin/nginx 重启则可以开机启动

 

补充:

在Nginx 中,如果服务器提供安全网页时则会用到OpenSSL库,我们需要安装库文件和它的开发安装包
OpenSSL项目是一个协作开发健壮的、商业级的、全功能的、开源工具执行于安全套接层(SSL v2/v3)和传输层安全(TLS v1)的协议,也是一个完整强壮的通用加密库。

 

二:反向代理:

反向代理(Reverse Proxy)方式是指以代理服务器来接受Internet上的连接请求,然后将请求转发给内部网络上的服务器;并将从服务器上得到的结果返回给Internet上请求连接的客户端,此时代理服务器对外就表现为一个服务器。

三:负载均衡:

#nginx所用用户和组   
user  root root; 

worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    #使用网络IO模型linux建议epoll,FreeBSD建议采用kqueue,window下不指定。   
    use epoll;   
       
    #允许最大连接数   
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
		
		upstream localhost {   
      #ip_hash   
      #ip_hash;   
        server localhost:8080 srun_id=jvm1;   
        server localhost:8180 srun_id=jvm2;
        jvm_route $cookie_JSESSIONID|sessionid reverse;   
     }   


    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
              proxy_connect_timeout   3;   
              proxy_send_timeout      30;   
              proxy_read_timeout      30;   
              proxy_pass http://localhost;   
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443;
    #    server_name  localhost;

    #    ssl                  on;
    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_timeout  5m;

    #    ssl_protocols  SSLv2 SSLv3 TLSv1;
    #    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    #    ssl_prefer_server_ciphers   on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

tomcat:
 <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">

 同一台机器启动2个tomcat需要修改一个:<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
 否则启动报错:严重: Can't find free port 8009 8009

 

四、rewrite

 

通过rewrite规则,可以实现规范的URL、根据变量来做URL转向及选择配置,一些动态URL地址须要伪装成静态HTML,便于搜索引擎抓取,也需要rewrite来处理。一些由于目录结构、域名变化的旧url,需要跳转到新的url上。

flag标记有:

* last 相当于Apache里的[L]标记,表示完成rewrite

* break 本条匹配完成后,终止匹配, 不再匹配后面的规则

* redirect 返回302临时重定向 地址栏会显示跳转后的地址

* permanent 返回301永久重定向 地址栏会显示跳转后的地址

last 与 break 是有区别的,last标记 在匹配后继续搜索,而break 标记在匹配后则停止搜索。

因此,一般在根location中 (location /),或者直接写在server 标签中的rewrite 规则请使用last标记,而在非根location中 (location /bbs/)请使用break标记。

/photos/123456  -> /path/to/photos/12/1234/123456.png

#带{},使用双引号/单引号 包围。

rewrite  "/photos/([0-9] {2})([0-9] {2})([0-9] {2})" /path/to/photos/$1/$1$2/$1$2$3.png;

 

server {
        listen       80;
        server_name  xx.xx.com;
        root  /usr/local/www/html/xx;
        access_log  logs/xx.access.log; # main;
  		error_page 405 =200 $request_uri;
        location / {
            index  index.html index.htm;
            rewrite ^/cms/js/(.*)$ /js/$1 last;
            rewrite ^/cms/assets/(.*)$ /assets/$1 last;
        }
        
        location ^~ /cms/upload/ {
            root /usr/local/www/html;
        }
        location  ~ ^/info/([0-9]+)\-([0-9]+)\.html$ {
            rewrite "^/info/([0-9]+)\-([0-9]+)\.html$"   /cms/information_list.do?siteid=5&cateid=$1&page.page=$2 last;
        }
}

 

 

五、例子说明

    #负载 upstream的分配方式。http://onlyzq.blog.51cto.com/1228/557848
	 upstream usdemo{
     		server 192.168.1.10;
     		server 192.168.1.11;
    	}
    #虚拟主机,反向代理usdemo组主机。可以有多个虚拟主机
    server {
        listen       80 ;
        server_name  xx.xx.com;
        access_log  logs/xx.access.log  main;
        error_log  logs/xx.error.log  error;
   
         location ^~ /message/ {
          proxy_intercept_errors on;
          proxy_pass http://xx;
          proxy_set_header  X-Real-IP  $remote_addr;
          proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $http_host;
          break;
        }
       #访问除了/message/之外的所有地址
        location / {
            root   html;
            index   index.shtml index.html;
	    proxy_intercept_errors on;
	    #跳转到
            proxy_pass http://usdemo;
	    #设置头信息
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            break;
        } 
    }

 

nginx虚拟目录(alias与root的区别) : http://blog.sina.com.cn/s/blog_6c2e6f1f0100l92h.html
一般情况下,在location /中配置root,在location /other中配置alias是一个好习惯

 

访问本地磁盘图片

     location ^~ /cms/upload/ {
              #http://www.dhresource.com/cms/upload/mImg/2014/02/11/89e4934b68a44a7f9c92baa7484c46b3.jpg 改成root不行
            alias E:/xx/resource/;
    }
    或者
    location / {
         #http://www.dhresource.com/cms/upload/mImg/2014/02/11/89e4934b68a44a7f9c92baa7484c46b3.jpg   root:静态文件存放的目录
            root E:/xx/resource/;
    }

 

F5是操作于IOS网络模型的传输层,Nginx、apache是基于http反向代理方式,位于ISO模型的第七层应用层。直白些就是TCP UDP 和http协议的区别,Nginx不能为基于TCP协议的应用提供负载均衡。