利用Nginx反向代理Tomcat 多节点

利用Nginx反向代理 Tomcat 多节点

实验说明：通过两台nginx反代理和 keepalived实现双机热备并成功访问后端商城项目数据。

实验所需

 两台nginx keepalived   漂移地址 192.168.30.100

 Nginx     192.168.30.34    

        192.168.30.36

 Tomcat    192.168.30.31

        192.168.30.32

 Mysql     192.168.30.35

 事先已经安装完成nginx和mysql

实验达成结果 通过nginx漂移地址访问tomcat搭建的商城项目并登陆，主服务器模拟宕机，实现备份机上线

商城文件 点击链接 提取码: 97f7 里面有商城构架和一个数据库表

以下是各服务详细配置

    mysql     

[root@localhost ~]# mysql -u root -p    #登陆mysql

mysql> create database slsaledb;       #创建名为slsaledb 的数据库 

mysql> GRANT all ON slsaledb.* TO 'testuser'@'%' IDENTIFIED BY 'admin123';    #授权testuser 使用密码admin123

mysql> flush privileges;     #刷新

上传商城数据库文件

[root@localhost ~]# mysql -u root -p

        Enter password:                                 #输入数据管理员库密码

接下来配置tomcat

    Tomcat所需文件

    

[root@lin3031 ~]# tar xf apache-tomcat-8.5.23.tar.gz   #解压tomcat

[root@lin3031 ~]# tar xf jdk-8u144-linux-x64.tar.gz    #解压java

[root@lin3031 ~]# cp -a jdk1.8.0_144/ /usr/local/java    #复制Java解压文件至/usr/local/java

[root@lin3031 ~]# vi /etc/profile        #增加环境变量

在最后插入下四行

export JAVA_HOME=/usr/local/java

export JRE_HOME=/usr/local/java/jre

export PATH=$PATH:/usr/local/java/bin

export CLASSPATH=./:/usr/local/java/lib:/usr/local/java/jre/lib

刷新环境变量

[root@lin3031 ~]# source /etc/profile

查看是否生效

[root@lin3031 ~]# java -version

java version "1.8.0_144"

Java(TM) SE Runtime Environment (build 1.8.0_144-b01)

Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)

[root@lin3031 ~]# cp -a apache-tomcat-8.5.23 /usr/local/tomcat8  #将解压后的tomcat复制到/usr/local/tomcat8

[root@lin3031 ~]# ln -s /usr/local/tomcat8/bin/startup.sh /usr/bin/tomcatup    #优化路径

[root@lin3031 ~]# ln -s /usr/local/tomcat8/bin/shutdown.sh /usr/bin/tomcatdown  #优化路径

[root@lin3031 ~]# tomcatup            #启动tomcat

[root@lin3031 ~]# netstat -anpt | grep 8080    #过滤8080端口

tcp6       0      0 :::8080                 :::*                    LISTEN      1325/java

另一台tomcat安装操作相同

    商城文件 点击链接 提取码: 97f7 里面有商城构架和一个数据库表

需要复制商城文件到tomcat

[root@lin3031 ~]# tar xf SLSaleSystem.tar.gz

[root@lin3031 ~]# cp -a SLSaleSystem /usr/local/tomcat8/webapps/

Tomcat主conf文件中添加

[root@lin3031 ~]# vim /usr/local/tomcat8/conf/server.xml

   

将tomcat连接后方数据库

[root@lin3031 ~]# vim /usr/local/tomcat8/webapps/SLSaleSystem/WEB-INF/classes/jdbc.properties

修改数据库地址和授权的账号密码

    

第二台tomcat操作如上相同

下面来测试

启动tomcat

[root@lin3031 ~]# tomcatdown

访问 192.168.30.31:8080 账号 admin 密码 123456

可以看到已经跳出了登陆选项

当然，用户是不可以知晓后方服务器的，需要提供一个前端来访问，下面的操作是配置两个nginx

Nginx配置

第一台  192.168.30.36

[root@lin3036 ~]# vim /usr/local/nginx/conf/nginx.conf

user  nginx nginx;

worker_processes  1;

 

#error_log  logs/error.log;

#error_log  logs/error.log  notice;

error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {

        use epoll;

    worker_connections  10240;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;

    #tcp_nopush     on;

    #keepalive_timeout  0;

    keepalive_timeout  65;

    #gzip  on;   

    upstream center_pool {               #默认轮询

                ip_hash;                #保持连接

        server 192.168.30.31:8080;      #两台tomcat服务器

        server 192.168.30.32:8080;

        }

    server {

        listen       80;

        server_name  lvs01 192.168.30.36;

        location / {

        proxy_pass http://center_pool;    #代理tomcat

        }

        }

        }

使用nginx –t 检查语法

[root@lin3036 ~]# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: [warn] 10240 worker_connections exceed open file resource limit: 1024

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

 

另一台nginx 192.168.30.34

[root@lin3034 ~]# vi /usr/local/nginx/conf/nginx.conf

user  nginx nginx;

worker_processes  1;

#error_log  logs/error.log;

#error_log  logs/error.log  notice;

error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {

        use epoll;

    worker_connections  10240;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;

    #tcp_nopush     on;

    #keepalive_timeout  0;

    keepalive_timeout  65;

    #gzip  on;   

upstream center_pool {               #默认轮询

                ip_hash;                #保持连接

        server 192.168.30.31:8080;      #两台tomcat服务器

        server 192.168.30.32:8080;

        }

    server {

        listen       80;

        server_name  lvs02 192.168.30.34;

        location / {

        proxy_pass http://center_pool;    #代理tomcat

        }

        }

        }

使用nginx –t   检查语法

[root@lin3034 ~]# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: [warn] 10240 worker_connections exceed open file resource limit: 1024

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

检查后没有问题就重启nginx

systemctl restart nginx

验证

 

使用keepalived来保持两台nginx实现热备份 并用192.168.30.100访问商城

下面进行安装

yum -y install  popt-devel \

kernel-devel \

openssl-devel

 

tar xvf keepalived-1.4.2.tar.gz

 

cd keepalived-1.4.2

[root@lin3034 keepalived-1.4.2]#  ./configure --prefix=/

[root@lin3034 keepalived-1.4.2]# make && make install 

[root@lin3034 keepalived-1.4.2]# cp keepalived/etc/init.d/keepalived /etc/init.d/

[root@lin3034 keepalived-1.4.2]# systemctl enable keepalived

两台安装方式相同

下面进行配置文件修改

第一台

[root@lin3036 keepalived-1.4.2]# vi /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

        route_id NGINX-01    #服务器名称

   }

vrrp_script nginx {

        script "/opt/nginx.sh"    #keepalived 状态检查配置文件路径

        interval 2

        weight -10

}

vrrp_instance VI_1 {

    state MASTER       #作为主服务器

    interface ens33

    virtual_router_id 51

    priority 150        #优先级设为150

    advert_int 1

    authentication {

        auth_type PASS    #认证方式

        auth_pass 1111    #认证密码

    }

    track_script {

        nginx

        }

    virtual_ipaddress {

       192.168.30.100    #两台nginx共同虚拟的IP地址（漂移地址）

    }

}

    该脚本方便同时将nginx和keepalived服务器同时启动

[root@lin3036 keepalived-1.4.2]# vi /opt/nginx.sh

#!/bin/bash

#Filename:nginx.sh

A=$(ps -ef | grep keepalived | grep -v grep | wc -l)

if [ $A -gt 0 ]; then

        /etc/init.d/nginx start

else

        /etc/init.d/nginx stop

fi

[root@lin3036 keepalived-1.4.2]#  chmod +x /opt/nginx.sh

[root@lin3036 keepalived-1.4.2]# systemctl start keepalived

[root@lin3036 keepalived-1.4.2]# ip addr

由于第二台没有配置，所以默认192.168.30.100 在主服务器上

第二台

[root@lin3034 keepalived-1.4.2]# vi /etc/keepalived/keepalived.conf

global_defs {

        route_id NGINX-02

   }

vrrp_script nginx {

        script "/opt/nginx.sh"

        interval 2

        weight -10

}

vrrp_instance VI_1 {

    state BACKUP    #作为从服务器

    interface ens33

    virtual_router_id 51

    priority 100    #和主相差50

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    track_script {

        nginx

        }

    virtual_ipaddress {

        192.168.30.100

    }

    根据漂移地址是否存在而启动nginx服务。

[root@lin3034 keepalived-1.4.2]#  vi /opt/nginx.sh

#!/bin/bash

#Filename:nginx.sh

A=$(ip addr | grep 192.168.80.100/32 | grep -v grep | wc -l)

if [ $A -gt 0 ]; then

        /etc/init.d/nginx start

else

        /etc/init.d/nginx stop

fi

chmod +x /opt/nginx.sh

systemctl start keepalived

模拟主服务器故障

[root@lin3036 keepalived-1.4.2]# systemctl stop keepalived

[root@lin3036 keepalived-1.4.2]# systemctl stop nginx

[root@lin3036 keepalived-1.4.2]# ip addr

192.168.30.100 已经不在主服务器上了

而是到了从服务器

[root@lin3034 keepalived-1.4.2]# ip addr

访问192.168.30.100  账号 admin 密码 123456