需求
实现nginx+tomcat8负载均衡、session共享
环境
Redis5 cluster 参考https://blog.csdn.net/liuyuhui_gdtyj/article/details/91346275
Nignx centos7.6 10.3.8.230 负载均衡
Tomcat8 centos7.6 10.3.8.231 tomcat-a
Tomcat8 centos7.6 10.3.8.232 tomcat-b
安装Tomcat
1.安装JDK
JDK官网地址:http://www.oracle.com/technetwork/java/javase/downloads/index.html
只是要部署一个Tomcat网站,所以下载Server JRE就行了。官网需要注册帐号才能下载,不想注册帐号可以用github的:https://github.com/frekele/oracle-java/releases/
不过github上没有server jre,最好还是注册一个帐号。
$ cd /usr/local/src
$ wget https://github.com/frekele/oracle-java/releases/download/8u212-b10/jre-8u212-linux-x64.tar.gz
$ tar zxf jre-8u212-linux-x64.tar.gz -C /usr/local/
$ vi /etc/profile.d/java.sh,加入如下配置
export JAVA_HOME=/usr/local/jre1.8.0_212
export JRE_HOME=/usr/local/jre1.8.0_212
export CLASSPATH=$JRE_HOME/lib/rt.jar:$JRE_HOME/lib/ext
export PATH=$PATH:$JRE_HOME/bin
使环境变量即时生效
$ source /etc/profile
测试
$ java -version
java version “1.8.0_212”
Java™ SE Runtime Environment (build 1.8.0_212-b10)
Java HotSpot™ 64-Bit Server VM (build 25.212-b10, mixed mode)
2.安装Tomcat8.5
Tomcat官网:http://tomcat.apache.org/
$ cd /usr/local/src
$ wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-8/v8.5.41/bin/apache-tomcat-8.5.41.tar.gz
$ tar zxf apache-tomcat-8.5.41.tar.gz -C /usr/local/
$ ln -s /usr/local/apache-tomcat-8.5.41 /usr/local/tomcat
$ vi /etc/profile.d/tomcat.sh,加入如下配置:
export CATALINA_HOME=/usr/local/tomcat
export CATALINA_BASE=/usr/local/tomcat
$ source /etc/profile
配置tomcat参数
在tomca/bin 目录下面,增加 setenv.sh 配置,catalina.sh启动的时候会调用,同时配置java内存参数及JRE主目录。
$ vi /usr/local/tomcat/bin/setenv.sh
#add tomcat pid,home
CATALINA_HOME=/usr/local/tomcat
CATALINA_PID="$CATALINA_HOME/tomcat.pid"
#add java opts
JAVA_OPTS="-server -XX:MetaspaceSize=256M -XX:MaxMetaspaceSize=1024M -Xms512M -Xmx1024M -XX:MaxNewSize=256M"
JRE_HOME=/usr/local/jre1.8.0_212
增加tomcat用户并授权:
$ getent group tomcat || groupadd -r tomcat
$ getent passwd tomcat || useradd -r -d /opt -s /bin/nologin -g tomcat tomcat
$ chown -R tomcat:tomcat /usr/local/apache-tomcat-8.5.41
创建tomcat.service文件
$ vi /usr/lib/systemd/system/tomcat.service
[Unit]
Description=Apache Tomcat 8
After=syslog.target network.target
[Service]
Type=forking
PIDFile=/usr/local/tomcat/tomcat.pid
ExecStart=/usr/local/tomcat/bin/startup.sh
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
User=tomcat
Group=tomcat
[Install]
WantedBy=multi-user.target
$ systemctl enable tomcat.service
$ systemctl start tomcat.service
$ ps aux |grep tomcat
3.安装tomcat-cluster-redis-session-manager
$ wget https://github.com/ran-jit/tomcat-cluster-redis-session-manager/releases/download/3.0.1/tomcat-cluster-redis-session-manager.zip
$ unzip tomcat-cluster-redis-session-manager.zip
$ chown -R tomcat:tomcat tomcat-cluster-redis-session-manager/
$ cd tomcat-cluster-redis-session-manager/
$ mv conf/* /usr/local/tomcat/conf/
$ mv lib/* /usr/local/tomcat/lib/
在tomcat/conf/redis-data-cache.properties文件中配置redis数据库信息
$ vi /usr/local/tomcat/conf/redis-data-cache.properties
redis.hosts=10.3.8.235:6379,10.3.8.236:6379,10.3.8.237:6379
redis.password=Redis+234]
在tomcat/conf/context.xml文件中…段中增加以下两行:
以上两行要以官方配置为准:https://github.com/ran-jit/tomcat-cluster-redis-session-manager
设置tomcat/conf/web.xml 中 session有效期(默认值是30)
60
如果项目里也配置了session有效期,则以项目中为准。
部署测试应用
$ vi /usr/local/tomcat/conf/server.xml,在默认的
后面添加:
保存后重启tomcat:
$ systemctl restart tomcat
创建测试页面(https://blog.csdn.net/lipei1220/article/details/51316763)
$ mkdir -p /tomcatweb/work
$ vi /tomcatweb/index.jsp
<%@ page language="java" import="java.util.*" pageEncoding="GBK"%>
Server Info
<%
<%
HttpSession s = request.getSession();
s.setAttribute("name","liuyuhui");
%>
<%
String SERVER_NAME = request.getServerName();
String SERVER_ADDR = request.getLocalAddr();
String SERVER_SOFTWARE = getServletContext().getServerInfo();
String REMOTE_HOST = request.getRemoteHost();
String REMOTE_ADDR = request.getRemoteAddr();
String HTTP_USER_AGENT = request.getHeader("User-Agent");
HashMap infoMap = new HashMap();
infoMap.put("SERVER_NAME", SERVER_NAME);
infoMap.put("SERVER_ADDR", SERVER_ADDR);
infoMap.put("SERVER_SOFTWARE", SERVER_SOFTWARE);
infoMap.put("REMOTE_HOST", REMOTE_HOST);
infoMap.put("REMOTE_ADDR", REMOTE_ADDR);
infoMap.put("HTTP_USER_AGENT", HTTP_USER_AGENT);
Iterator it = infoMap.keySet().iterator();
%>
<%
while (it.hasNext()) {
Object o = it.next();
%>
<%
}
%>
<%=o%> <%=infoMap.get(o)%> SessionAttribute <%= s.getAttribute("name") %>
SessionID <%= s.getId() %>
授予tomcat用户权限
#chown -R tomcat:tomcat /tomcatweb
在windows客户端,将10.3.8.231 blog.linuxs.top写进hosts文件,然后打开浏览器,输入:
http://blog.linuxs.top:8080
配置Nginx负载均衡
$ yum install epel-release nginx -y
$ vi /etc/nginx/nginx.conf
......
http {
access_log off;
......
include /etc/nginx/conf.d/*.conf;
server {
......
location / {
root html;
return 404;
}
......
}
include vhost/*.conf;
}
#虚拟主机的配置文件和主配置文件单独写,而不是写在主配置文件中
缓存内容文件以及其它一些参数,结合自己的环境调整
$ vi /etc/nginx/conf.d/proxy.conf
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 300m;
proxy_connect_timeout 10;
proxy_send_timeout 10;
proxy_read_timeout 10;
proxy_ignore_client_abort on;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
虚拟机文件
$ mkdir /etc/nginx/vhost && cd /etc/nginx/vhost
$ vi blog.conf
upstream blog.linuxs.top {
server 10.3.8.231:8080 max_fails=1 fail_timeout=10s;
server 10.3.8.232:8080 max_fails=1 fail_timeout=10s;
}
server {
listen 80
server_name blog.linuxs.top
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443
server_name blog.linuxs.top
ssl on;
ssl_certificate /etc/pki/nginx/blog.linuxs.top.crt;
ssl_certificate_key /etc/pki/nginx/blog.linuxs.top.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 ;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://$host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /status {
check_status;
access_log off;
}
}
http访问强制跳转到https,后端tomcat未配置ssl,故仍然调度到http(8080)端口。
若还有其它域名访问代理,则复制blog.conf修改下相关内容即可。
上传证书
$ mkdir /etc/pki/nginx && cd /etc/pki/nginx
$ rz
$ chmod 600 *.key
$ ls -l
total 16
-rw-r–r-- 1 root root 3658 Aug 25 2018 blog.linuxs.top.crt
-rw------- 1 root root 1674 Aug 25 2018 blog.linuxs.top.key
-rw-r–r-- 1 root root 3662 Aug 28 2018 yunpan.linuxs.top.crt
-rw------- 1 root root 1678 Aug 28 2018 yunpan.linuxs.top.key
此证书是之前在阿里云上申请的,故能通过浏览器验证。
$ systemctl start nginx
$ systemctl enable nginx
然后到tomcat服务器上修改主页index.jsp,增加客户机真实IP显示:
String CLIENT_IP = request.getHeader(“X-Forwarded-For”);
infoMap.put(“CLIENT_IP”, CLIENT_IP);
最后,在windows客户机上,将之前在hosts文件写的记录改成:
10.3.8.230 blog.linuxs.top
然后在浏览器中输入https://blog.linuxs.top,效果如下:
不停地刷新,可以看到SERVER_ADDR在10.3.8.231和232之间交替,这是负载均衡的效果,而且SessionID保持不变。
图中第一行CLIENT_IP是客户端真实的IP,而第二和第三行是代理服务器的IP。如果没有经过代理访问,则第二和第三行显示的就是客户端的IP。
欢迎转载~~