Linux下Nginx+Tomcat負載均衡和動靜分離配置要點

無心碼農發表於2015-12-14
LinuxNginxTomcat負載

本文使用的Linux發行版:CentOS6.7 下載地址:https://wiki.centos.org/Download

一、安裝Nginx

下載源:wget http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm

安裝源:yum install nginx-release-centos-6-0.el6.ngx.noarch.rpm

安裝Nginx:yum install nginx

啟動Nginx服務:service nginx start

停止Nginx服務:service nginx stop

檢視Nginx執行狀態:service nginx status

檢查Nginx配置檔案:nginx -t

服務執行中重新載入配置:nginx -s reload

新增Nginx服務自啟動:chkconfig nginx on

二、修改防火牆規則

修改Nginx所在主機的防火牆配置:vi /etc/sysconfig/iptables,將nginx使用的埠新增到允許列表中。

例如:-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT (表示允許80埠透過)

修改Tomcat所在主機的防火牆配置:vi /etc/sysconfig/iptables,將tomcat使用的埠新增到允許列表中。

例如:-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT (表示允許8080埠透過)

如果主機上有多個tomcat的話,則按此規則新增多條,修改對應的埠號即可。

儲存後重啟防火牆:service iptables restart

三、Tomcat負載均衡配置

Nginx啟動時預設載入配置檔案/etc/nginx/nginx.conf,而nginx.conf裡會引用/etc/nginx/conf.d目錄裡的所有.conf檔案。

因此可以將自己定製的一些配置寫到單獨.conf檔案裡,只要檔案放在/etc/nginx/conf.d這個目錄裡即可,方便維護。

建立tomcats.conf:vi /etc/nginx/conf.d/tomcats.conf,內容如下:

1 upstream tomcats {
2     ip_hash;
3     server 192.168.0.251:8080;
4     server 192.168.0.251:8081;
5     server 192.168.0.251:8082;
6 }

修改default.conf:vi /etc/nginx/conf.d/default.conf,修改如下:

 1 #註釋原有的配置
 2 #location / {
 3 #    root   /usr/share/nginx/html;
 4 #    index  index.html index.htm;
 5 #}
 6 
 7 #新增配置預設將請求轉發到tomcats.conf配置的upstream進行處理
 8 location / {
 9     proxy_set_header Host $host;
10     proxy_set_header X-Real-IP $remote_addr;
11     proxy_set_header REMOTE-HOST $remote_addr;
12     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
13     proxy_pass http://tomcats; #與tomcats.conf裡配置的upstream同名
14 }

儲存後重新載入配置:nginx -s reload

四、靜態資源分離配置

修改default.conf:vi /etc/nginx/conf.d/default.conf,新增如下配置:

 1 #所有js,css相關的靜態資原始檔的請求由Nginx處理
 2 location ~.*\.(js|css)$ {
 3     root    /opt/static-resources; #指定檔案路徑
 4     expires     12h; #過期時間為12小時
 5 }
 6 #所有圖片等多媒體相關靜態資原始檔的請求由Nginx處理
 7 location ~.*\.(html|jpg|jpeg|png|bmp|gif|ico|mp3|mid|wma|mp4|swf|flv|rar|zip|txt|doc|ppt|xls|pdf)$ {
 8     root    /opt/static-resources; #指定檔案路徑
 9     expires     7d; #過期時間為7天
10 }

五、修改SELinux安全規則

如果訪問Nginx時出現502 Bad Gateway錯誤,則可能是Nginx主機上的SELinux限制了其使用http訪問許可權引起的,輸入命令setsebool -P httpd_can_network_connect 1 開啟許可權即可。

檔案/etc/nginx/nginx.conf完整配置如下:

 1 user  nginx;
 2 worker_processes  auto;
 3 
 4 error_log  /var/log/nginx/error.log warn;
 5 pid        /var/run/nginx.pid;
 6 worker_rlimit_nofile    100000;
 7 
 8 
 9 events {
10     use epoll;
11     multi_accept on; 
12     worker_connections  1024;
13 }
14 
15 
16 http {
17     include       /etc/nginx/mime.types;
18     default_type  application/octet-stream;
19 
20     #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
21     #                  '$status $body_bytes_sent "$http_referer" '
22     #                  '"$http_user_agent" "$http_x_forwarded_for"';
23 
24     #access_log  /var/log/nginx/access.log  main;
25 
26     sendfile        on;
27     server_tokens off;
28     #tcp_nopush     on;
29 
30     keepalive_timeout  65;
31 
32     gzip on;
33     gzip_disable "msie6";
34     gzip_static on;
35     gzip_proxied any;
36     gzip_min_length 1000;
37     gzip_comp_level 4;
38     gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
39 
40     include /etc/nginx/conf.d/*.conf;
41 }

檔案/etc/nginx/conf.d/default.conf完整配置如下:

 1 server {
 2     listen       80;
 3     server_name  localhost;
 4 
 5     #charset koi8-r;
 6     #access_log  /var/log/nginx/log/host.access.log  main;
 7 
 8     #location / {
 9     #    root   /usr/share/nginx/html;
10     #    index  index.html index.htm;
11     #}
12 
13     location / {
14         proxy_set_header Host $host;
15         proxy_set_header X-Real-IP $remote_addr;
16         proxy_set_header REMOTE-HOST $remote_addr;
17         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
18         proxy_pass http://web_servers;
19     }
20 
21     location ~.*\.(js|css)$ {
22         root    /opt/static-resources;
23         expires     12h;
24     }
25 
26     location ~.*\.(html|jpg|jpeg|png|bmp|gif|ico|mp3|mid|wma|mp4|swf|flv|rar|zip|txt|doc|ppt|xls|pdf)$ {
27         root    /opt/static-resources;
28         expires     7d;
29     }
30 
31     #error_page  404              /404.html;
32 
33     # redirect server error pages to the static page /50x.html
34     #
35     error_page   500 502 503 504  /50x.html;
36     location = /50x.html {
37         root   /usr/share/nginx/html;
38     }
39 
40     # proxy the PHP scripts to Apache listening on 127.0.0.1:80
41     #
42     #location ~ \.php$ {
43     #    proxy_pass   http://127.0.0.1;
44     #}
45 
46     # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
47     #
48     #location ~ \.php$ {
49     #    root           html;
50     #    fastcgi_pass   127.0.0.1:9000;
51     #    fastcgi_index  index.php;
52     #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
53     #    include        fastcgi_params;
54     #}
55 
56     # deny access to .htaccess files, if Apache's document root
57     # concurs with nginx's one
58     #
59     #location ~ /\.ht {
60     #    deny  all;
61     #}
62 }

(溫馨提示:如果執行命令時沒有root許可權,請在命令前面加上 sudo 執行)

相關文章