nginx
实现nginx的安装,负载到2台tomcat,解决session一致的问题。
一:centos5安装nginx
1 在安装之前首先要安装pcre-devel openssl openssl-devel
yum -y install pcre-devel openssl openssl-devel
或者源码安装,如:
# tar zxvf pcre-8.01.tar.gz
# cd pcre-8.01
# ./configure
# make && make install
否则:
./configure: error: the HTTP rewrite module requires the PCRE library.
./configure: error: the HTTP cache module requires md5 functions from OpenSSL library.
说明:PCRE(Perl Compatible Regular Expressions)是一个Perl库,包括 perl 兼容的正规表达式库。
2 安装nginx :
seesion共享:下载补丁:http://code.google.com/p/nginx-upstream-jvm-route/ nginx0.8不好用。估计高版本都不好用?
#安装svn客户端
[[email protected] nginx-0.7.69]# yum -y install subversion
# svn checkout http://nginx-upstream-jvm-route.googlecode.com/svn/trunk/ nginx-upstream-jvm-route-read-only
# tar zxvf nginx-0.7.69.tar.gz
# cd nginx-0.7.69
[[email protected] nginx-0.7.69]# patch -p0 < /opt/nginx/nginx-upstream-jvm-route-read-only/jvm_route.patch
#出现以下信息说明正确
patching file src/http/ngx_http_upstream.c
Hunk #1 succeeded at 3861 (offset 19 lines).
Hunk #3 succeeded at 3993 (offset 19 lines).
Hunk #5 succeeded at 4063 (offset 19 lines).
patching file src/http/ngx_http_upstream.h
# ./configure --user=root --group=root --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-http_ssl_module --add-module=/opt/nginx/nginx-upstream-jvm-route-read-only
# make && make install
检查nginx的配置文件
# /usr/local/webserver/nginx/sbin/nginx -t
启动nginx
# /usr/local/webserver/nginx/sbin/nginx
测试安装成功:http://192.168.1.101/ 显示: Welcome to nginx!
重启nginx
# /usr/local/webserver/nginx/sbin/nginx -s reload
nginx -s stop // 停止nginx
nginx -s reload // 重新加载配置文件
nginx -s quit // 退出nginx
windows下面启动nginx
cd nginx目录:
start nginx 简单点直接双击nginx.exe
打开任务管理器,查看 nginx.exe 进程,有二个进程会显示,占用系统资源,那是相当的少。
配置nginx开机启动
编辑/etc/rc.d/rc.local 文件,在末尾加入:/usr/local/webserver/nginx/sbin/nginx 重启则可以开机启动
补充:
在Nginx 中,如果服务器提供安全网页时则会用到OpenSSL库,我们需要安装库文件和它的开发安装包
OpenSSL项目是一个协作开发健壮的、商业级的、全功能的、开源工具执行于安全套接层(SSL v2/v3)和传输层安全(TLS v1)的协议,也是一个完整强壮的通用加密库。
二:反向代理:
反向代理(Reverse Proxy)方式是指以代理服务器来接受Internet上的连接请求,然后将请求转发给内部网络上的服务器;并将从服务器上得到的结果返回给Internet上请求连接的客户端,此时代理服务器对外就表现为一个服务器。
三:负载均衡:
#nginx所用用户和组
user root root;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;
#pid logs/nginx.pid;
events {
#使用网络IO模型linux建议epoll,FreeBSD建议采用kqueue,window下不指定。
use epoll;
#允许最大连接数
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream localhost {
#ip_hash
#ip_hash;
server localhost:8080 srun_id=jvm1;
server localhost:8180 srun_id=jvm2;
jvm_route $cookie_JSESSIONID|sessionid reverse;
}
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_connect_timeout 3;
proxy_send_timeout 30;
proxy_read_timeout 30;
proxy_pass http://localhost;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
tomcat:
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
同一台机器启动2个tomcat需要修改一个:<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
否则启动报错:严重: Can't find free port 8009 8009
四、rewrite
通过rewrite规则,可以实现规范的URL、根据变量来做URL转向及选择配置,一些动态URL地址须要伪装成静态HTML,便于搜索引擎抓取,也需要rewrite来处理。一些由于目录结构、域名变化的旧url,需要跳转到新的url上。
flag标记有:
* last 相当于Apache里的[L]标记,表示完成rewrite
* break 本条匹配完成后,终止匹配, 不再匹配后面的规则
* redirect 返回302临时重定向 地址栏会显示跳转后的地址
* permanent 返回301永久重定向 地址栏会显示跳转后的地址
last 与 break 是有区别的,last标记 在匹配后继续搜索,而break 标记在匹配后则停止搜索。
因此,一般在根location中 (location /),或者直接写在server 标签中的rewrite 规则请使用last标记,而在非根location中 (location /bbs/)请使用break标记。
/photos/123456 -> /path/to/photos/12/1234/123456.png
#带{},使用双引号/单引号 包围。
rewrite "/photos/([0-9] {2})([0-9] {2})([0-9] {2})" /path/to/photos/$1/$1$2/$1$2$3.png;
server {
listen 80;
server_name xx.xx.com;
root /usr/local/www/html/xx;
access_log logs/xx.access.log; # main;
error_page 405 =200 $request_uri;
location / {
index index.html index.htm;
rewrite ^/cms/js/(.*)$ /js/$1 last;
rewrite ^/cms/assets/(.*)$ /assets/$1 last;
}
location ^~ /cms/upload/ {
root /usr/local/www/html;
}
location ~ ^/info/([0-9]+)\-([0-9]+)\.html$ {
rewrite "^/info/([0-9]+)\-([0-9]+)\.html$" /cms/information_list.do?siteid=5&cateid=$1&page.page=$2 last;
}
}
五、例子说明
#负载 upstream的分配方式。http://onlyzq.blog.51cto.com/1228/557848 upstream usdemo{ server 192.168.1.10; server 192.168.1.11; } #虚拟主机,反向代理usdemo组主机。可以有多个虚拟主机 server { listen 80 ; server_name xx.xx.com; access_log logs/xx.access.log main; error_log logs/xx.error.log error; location ^~ /message/ { proxy_intercept_errors on; proxy_pass http://xx; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; break; } #访问除了/message/之外的所有地址 location / { root html; index index.shtml index.html; proxy_intercept_errors on; #跳转到 proxy_pass http://usdemo; #设置头信息 proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; break; } }
nginx虚拟目录(alias与root的区别) : http://blog.sina.com.cn/s/blog_6c2e6f1f0100l92h.html
一般情况下,在location /中配置root,在location /other中配置alias是一个好习惯
访问本地磁盘图片
location ^~ /cms/upload/ {
#http://www.dhresource.com/cms/upload/mImg/2014/02/11/89e4934b68a44a7f9c92baa7484c46b3.jpg 改成root不行
alias E:/xx/resource/;
}
或者
location / {
#http://www.dhresource.com/cms/upload/mImg/2014/02/11/89e4934b68a44a7f9c92baa7484c46b3.jpg root:静态文件存放的目录
root E:/xx/resource/;
}
F5是操作于IOS网络模型的传输层,Nginx、apache是基于http反向代理方式,位于ISO模型的第七层应用层。直白些就是TCP UDP 和http协议的区别,Nginx不能为基于TCP协议的应用提供负载均衡。
上一篇: nginx