nginx
实现nginx的安装,负载到2台tomcat,解决session一致的问题。
一:centos5安装nginx
1 在安装之前首先要安装pcre-devel openssl openssl-devel
yum -y install pcre-devel openssl openssl-devel
或者源码安装,如:
# tar zxvf pcre-8.01.tar.gz
# cd pcre-8.01
# ./configure
# make && make install
否则:
./configure: error: the HTTP rewrite module requires the PCRE library.
./configure: error: the HTTP cache module requires md5 functions from OpenSSL library.
说明:PCRE(Perl Compatible Regular Expressions)是一个Perl库,包括 perl 兼容的正规表达式库。
2 安装nginx :
seesion共享:下载补丁:http://code.google.com/p/nginx-upstream-jvm-route/ nginx0.8不好用。估计高版本都不好用?
#安装svn客户端
[[email protected] nginx-0.7.69]# yum -y install subversion
# svn checkout http://nginx-upstream-jvm-route.googlecode.com/svn/trunk/ nginx-upstream-jvm-route-read-only
# tar zxvf nginx-0.7.69.tar.gz
# cd nginx-0.7.69
[[email protected] nginx-0.7.69]# patch -p0 < /opt/nginx/nginx-upstream-jvm-route-read-only/jvm_route.patch
#出现以下信息说明正确
patching file src/http/ngx_http_upstream.c
Hunk #1 succeeded at 3861 (offset 19 lines).
Hunk #3 succeeded at 3993 (offset 19 lines).
Hunk #5 succeeded at 4063 (offset 19 lines).
patching file src/http/ngx_http_upstream.h
# ./configure --user=root --group=root --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-http_ssl_module --add-module=/opt/nginx/nginx-upstream-jvm-route-read-only
# make && make install
检查nginx的配置文件
# /usr/local/webserver/nginx/sbin/nginx -t
启动nginx
# /usr/local/webserver/nginx/sbin/nginx
测试安装成功:http://192.168.1.101/ 显示: Welcome to nginx!
重启nginx
# /usr/local/webserver/nginx/sbin/nginx -s reload
nginx -s stop // 停止nginx
nginx -s reload // 重新加载配置文件
nginx -s quit // 退出nginx
windows下面启动nginx
cd nginx目录:
start nginx 简单点直接双击nginx.exe
打开任务管理器,查看 nginx.exe 进程,有二个进程会显示,占用系统资源,那是相当的少。
配置nginx开机启动
编辑/etc/rc.d/rc.local 文件,在末尾加入:/usr/local/webserver/nginx/sbin/nginx 重启则可以开机启动
补充:
在Nginx 中,如果服务器提供安全网页时则会用到OpenSSL库,我们需要安装库文件和它的开发安装包
OpenSSL项目是一个协作开发健壮的、商业级的、全功能的、开源工具执行于安全套接层(SSL v2/v3)和传输层安全(TLS v1)的协议,也是一个完整强壮的通用加密库。
二:反向代理:
反向代理(Reverse Proxy)方式是指以代理服务器来接受Internet上的连接请求,然后将请求转发给内部网络上的服务器;并将从服务器上得到的结果返回给Internet上请求连接的客户端,此时代理服务器对外就表现为一个服务器。
三:负载均衡:
#nginx所用用户和组 user root root; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; error_log logs/error.log info; #pid logs/nginx.pid; events { #使用网络IO模型linux建议epoll,FreeBSD建议采用kqueue,window下不指定。 use epoll; #允许最大连接数 worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; upstream localhost { #ip_hash #ip_hash; server localhost:8080 srun_id=jvm1; server localhost:8180 srun_id=jvm2; jvm_route $cookie_JSESSIONID|sessionid reverse; } server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { proxy_connect_timeout 3; proxy_send_timeout 30; proxy_read_timeout 30; proxy_pass http://localhost; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443; # server_name localhost; # ssl on; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_timeout 5m; # ssl_protocols SSLv2 SSLv3 TLSv1; # ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} } tomcat: <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> 同一台机器启动2个tomcat需要修改一个:<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> 否则启动报错:严重: Can't find free port 8009 8009
四、rewrite
通过rewrite规则,可以实现规范的URL、根据变量来做URL转向及选择配置,一些动态URL地址须要伪装成静态HTML,便于搜索引擎抓取,也需要rewrite来处理。一些由于目录结构、域名变化的旧url,需要跳转到新的url上。
flag标记有:
* last 相当于Apache里的[L]标记,表示完成rewrite
* break 本条匹配完成后,终止匹配, 不再匹配后面的规则
* redirect 返回302临时重定向 地址栏会显示跳转后的地址
* permanent 返回301永久重定向 地址栏会显示跳转后的地址
last 与 break 是有区别的,last标记 在匹配后继续搜索,而break 标记在匹配后则停止搜索。
因此,一般在根location中 (location /),或者直接写在server 标签中的rewrite 规则请使用last标记,而在非根location中 (location /bbs/)请使用break标记。
/photos/123456 -> /path/to/photos/12/1234/123456.png
#带{},使用双引号/单引号 包围。
rewrite "/photos/([0-9] {2})([0-9] {2})([0-9] {2})" /path/to/photos/$1/$1$2/$1$2$3.png;
server { listen 80; server_name xx.xx.com; root /usr/local/www/html/xx; access_log logs/xx.access.log; # main; error_page 405 =200 $request_uri; location / { index index.html index.htm; rewrite ^/cms/js/(.*)$ /js/$1 last; rewrite ^/cms/assets/(.*)$ /assets/$1 last; } location ^~ /cms/upload/ { root /usr/local/www/html; } location ~ ^/info/([0-9]+)\-([0-9]+)\.html$ { rewrite "^/info/([0-9]+)\-([0-9]+)\.html$" /cms/information_list.do?siteid=5&cateid=$1&page.page=$2 last; } }
五、例子说明
#负载 upstream的分配方式。http://onlyzq.blog.51cto.com/1228/557848 upstream usdemo{ server 192.168.1.10; server 192.168.1.11; } #虚拟主机,反向代理usdemo组主机。可以有多个虚拟主机 server { listen 80 ; server_name xx.xx.com; access_log logs/xx.access.log main; error_log logs/xx.error.log error; location ^~ /message/ { proxy_intercept_errors on; proxy_pass http://xx; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; break; } #访问除了/message/之外的所有地址 location / { root html; index index.shtml index.html; proxy_intercept_errors on; #跳转到 proxy_pass http://usdemo; #设置头信息 proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; break; } }
nginx虚拟目录(alias与root的区别) : http://blog.sina.com.cn/s/blog_6c2e6f1f0100l92h.html
一般情况下,在location /中配置root,在location /other中配置alias是一个好习惯
访问本地磁盘图片
location ^~ /cms/upload/ {
#http://www.dhresource.com/cms/upload/mImg/2014/02/11/89e4934b68a44a7f9c92baa7484c46b3.jpg 改成root不行
alias E:/xx/resource/;
}
或者
location / {
#http://www.dhresource.com/cms/upload/mImg/2014/02/11/89e4934b68a44a7f9c92baa7484c46b3.jpg root:静态文件存放的目录
root E:/xx/resource/;
}
F5是操作于IOS网络模型的传输层,Nginx、apache是基于http反向代理方式,位于ISO模型的第七层应用层。直白些就是TCP UDP 和http协议的区别,Nginx不能为基于TCP协议的应用提供负载均衡。
上一篇: nginx