Nginx基本配置与应用

一、准备

1.1 环境准备

CentOS7软件环境

1.2 tomcat多实例

把/etc/profile.d/tomcat.sh中的变量注释了

#export TOMCAT_HOME=/usr/local/tomcat
#export CATALINA_HOME=/usr/local/tomcat
#export CATALINA_BASE=/usr/local/tomcat
#export CATALINA_TMPDIR=/usr/local/tomcat/temp
#export TOMCAT_USER=tomcat

unset TOMCAT_HOME
unset CATALINA_HOME
unset CATALINA_BASE
unset CATALINA_TMPDIR

复制tomcat目录

cd /opt/tomcat
cp -a apache-tomcat-8.5.16 tomcat8180
cp -a apache-tomcat-8.5.16 tomcat8280
cp -a apache-tomcat-8.5.16 tomcat8380

修改配置

# 创建部署目录
mkdir -p /data/webapps
chown -R tomcat:tomcat /data/webapps

# 修改配置，通过脚本修改如下内容
# 行号  替换前                 替换后
# 22    8005              =>  8105
# 69    8080              =>  8180
# 116   8009              =>  8109
# 148   appBase="webapps" =>  appBase="/data/webapps"

# 执行脚本a.sh
sh a.sh

# 查看修改后的不同
diff /opt/tomcat/apache-tomcat-8.5.16/conf/server.xml /opt/tomcat/tomcat8180/conf/server.xml

a.sh

#!/bin/sh

for i in {1..3}
do
  file=/opt/tomcat/tomcat8"$i"80/conf/server.xml
  sed -i '22s/8005/8'"$i"'05/' $file
  sed -i '69s/8080/8'"$i"'80/' $file
  sed -i '116s/8009/8'"$i"'09/' $file
  #sed -i '148s#appBase=".*"#appBase="/data/webapps"#' $file
done

启动多实例

# 以普通用户运行tomcat
# for i in {1..3};do /opt/tomcat/tomcat8"$i"80/bin/daemon.sh start;done
for i in {1..3};do /opt/tomcat/tomcat8"$i"80/bin/startup.sh;done
netstat -tunlp | grep 80

# 关闭
for i in {1..3};do /opt/tomcat/tomcat8"$i"80/bin/shutdown.sh;done

image

1.3 配置hosts

# 查看服务器ip
ifconfig

# 修改hosts
C:\Windows\System32\drivers\etc
192.168.5.210 test.com
192.168.5.210 beijing.test.com
192.168.5.210 shanghai.test.com

二、负载均衡

2.2 流程

image

2.2 nginx配置

http://nginx.org/en/docs/http/ngx_http_upstream_module.html

/etc/nginx.conf

/usr/local/nginx/conf/nginx.conf

worker_processes  1;
events {
    worker_connections  1024;
}

# http最外层模块
http {
    # 全局变量参数
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    upstream web_pool {
        server 127.0.0.1:8180 weight=1;
        server 127.0.0.1:8280 weight=1;
        server 127.0.0.1:8380 weight=2;
    }

    # server相当于虚拟站点
    server {
        listen       80;
        server_name  localhost;
        location / {
            proxy_pass  http://web_pool;
            index  index.html index.htm;
        }
    }
}

解析

http：根元素
upstream：反向代理的域
server：虚拟站点

location # 请求的一个节点

location参数

root                         # 站点根路径
index                        # 首页
proxy_pass                   # 代理服务
proxy_redirect off;          # 是否允许重写向
proxy_set_header Host $host; # 传header参数至后台端服务
proxy_set_header X-Forwarded-For $remote_addr;
proxy_connect_timeout 90;    # 连接代理服务超时时间
proxy_send_timeout 90;       # 请求改善最大时间
proxy_read_timeout 90;       # 读取最大时间

upstream参数

service         # 反向服务地址加端口
weight          # 权重 
max_fails       # 失败多少次后认为主机已经挂掉，踢出
fail_timeout    # 踢出后重新探测时间
backup          # 备用服务
max_conns       # 允许最大连接数
slow_start      # 当节点恢复，不立即加入 

max_fails注重用户体验好就要配置低

server 127.0.0.1:8180 fail_timeout=5s slow_start=10s;

2.3 负载算法

ll+weight：根据权重轮询

ip_hash：hash(client_ip)%2=index，解决session一致性

url_hash：hash(url)%2=index，资源缓存服务

least_conn：最少连接

least_time：请求时间越少，权重越高

三、应用实战

在修改nginx.conf配置文件后

# 验证配置是否正确
nginx -t

# 平滑启动
nginx -s reload

3.1 动静分离

nginx.conf

worker_processes  1;
events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    upstream web_pool {
        server 127.0.0.1:8180 weight=1;
        server 127.0.0.1:8280 weight=1;
    }
    
    upstream static_resource {
        server 127.0.0.1:8380;
    }

    server {
        listen       80;
        server_name  localhost;
        # 动态服务
        location / {
            proxy_pass  http://web_pool;
            index  index.html index.htm;
        }
        # 静态服务
        location ~* \.(gif|css|png|jpg|js|swf)(.*) {
            proxy_pass http://static_resource;
        }
    }
}

tomcat内容

image

基中index.html

cat /opt/tomcat/tomcat8180/webapps/ROOT/index.html
<html>
<head>
<title>index</title>
</head>
<body>
<h1>Hello 8180</h1>
<img src="one-piece.png"/>
</body>
</html>

cat /opt/tomcat/tomcat8280/webapps/ROOT/index.html
<html>
<head>
<title>index</title>
</head>
<body>
<h1>Hello 8280</h1>
<img src="one-piece.png"/>
</body>
</html>

浏览器访问test.com， Hello 8180与Hello 8280循环出现 image

3.2 防盗链

image

原理就是根据Referer防盗链

nginx.conf

worker_processes  1;
events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    upstream web_pool {
        server 127.0.0.1:8180 weight=1;
        server 127.0.0.1:8280 weight=1;
    }
    
    upstream static_resource {
        server 127.0.0.1:8380;
    }

    server {
        listen       80;
        server_name  localhost;
        # 动态服务
        location / {
            proxy_pass  http://web_pool;
            index  index.html index.htm;
        }
        # 静态服务
        location ~* \.(gif|css|png|jpg|js|swf)(.*) {
            # 防盗链设置
            valid_referers none blocked *.test.com;
            if ($invalid_referer) {
                rewrite ^/ http://7xkmkl.com1.z0.glb.clouddn.com/404.jpg;
            }
            proxy_pass http://static_resource;
        }
    }
}

用IP访问：重新打开浏览器或Chrome用隐身模式打开

image

3.3 城市静态站点实现

server {
    listen 80;
    server_name *.test.com;
    root /data/www/$host;
    access_log logs/$host.access.log;
    location / {
        index index.html;
    }
}

静态站点目录如下

image

index.html

cat /data/www/beijing.test.com/index.html 
beijing

cat /data/www/shanghai.test.com/index.html 
shanghai

流量器访问beijing.test.com shanghai.test.com

image image