Tomcat8+Redis+Session共享

需求
实现nginx+tomcat8负载均衡、session共享

环境
Redis5 cluster 参考https://blog.csdn.net/liuyuhui_gdtyj/article/details/91346275
Nignx centos7.6 10.3.8.230 负载均衡
Tomcat8 centos7.6 10.3.8.231 tomcat-a
Tomcat8 centos7.6 10.3.8.232 tomcat-b

安装Tomcat
1.安装JDK
JDK官网地址：http://www.oracle.com/technetwork/java/javase/downloads/index.html
只是要部署一个Tomcat网站，所以下载Server JRE就行了。官网需要注册帐号才能下载，不想注册帐号可以用github的：https://github.com/frekele/oracle-java/releases/
不过github上没有server jre，最好还是注册一个帐号。

$ cd /usr/local/src
$ wget https://github.com/frekele/oracle-java/releases/download/8u212-b10/jre-8u212-linux-x64.tar.gz
$ tar zxf jre-8u212-linux-x64.tar.gz -C /usr/local/
$ vi /etc/profile.d/java.sh，加入如下配置

export JAVA_HOME=/usr/local/jre1.8.0_212
export JRE_HOME=/usr/local/jre1.8.0_212
export CLASSPATH=$JRE_HOME/lib/rt.jar:$JRE_HOME/lib/ext
export PATH=$PATH:$JRE_HOME/bin

使环境变量即时生效
$ source /etc/profile
测试
$ java -version
java version “1.8.0_212”
Java™ SE Runtime Environment (build 1.8.0_212-b10)
Java HotSpot™ 64-Bit Server VM (build 25.212-b10, mixed mode)

2.安装Tomcat8.5
Tomcat官网：http://tomcat.apache.org/
$ cd /usr/local/src
$ wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-8/v8.5.41/bin/apache-tomcat-8.5.41.tar.gz
$ tar zxf apache-tomcat-8.5.41.tar.gz -C /usr/local/
$ ln -s /usr/local/apache-tomcat-8.5.41 /usr/local/tomcat
$ vi /etc/profile.d/tomcat.sh，加入如下配置：

export CATALINA_HOME=/usr/local/tomcat
export CATALINA_BASE=/usr/local/tomcat

$ source /etc/profile

配置tomcat参数
在tomca/bin 目录下面，增加 setenv.sh 配置，catalina.sh启动的时候会调用，同时配置java内存参数及JRE主目录。
$ vi /usr/local/tomcat/bin/setenv.sh

#add tomcat pid,home
CATALINA_HOME=/usr/local/tomcat
CATALINA_PID="$CATALINA_HOME/tomcat.pid"
#add java opts
JAVA_OPTS="-server -XX:MetaspaceSize=256M -XX:MaxMetaspaceSize=1024M -Xms512M -Xmx1024M -XX:MaxNewSize=256M"
JRE_HOME=/usr/local/jre1.8.0_212

增加tomcat用户并授权：
$ getent group tomcat || groupadd -r tomcat
$ getent passwd tomcat || useradd -r -d /opt -s /bin/nologin -g tomcat tomcat
$ chown -R tomcat:tomcat /usr/local/apache-tomcat-8.5.41

创建tomcat.service文件
$ vi /usr/lib/systemd/system/tomcat.service

[Unit]
Description=Apache Tomcat 8
After=syslog.target network.target
 
[Service]
Type=forking
PIDFile=/usr/local/tomcat/tomcat.pid
ExecStart=/usr/local/tomcat/bin/startup.sh 
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
User=tomcat
Group=tomcat 

[Install]
WantedBy=multi-user.target

$ systemctl enable tomcat.service
$ systemctl start tomcat.service
$ ps aux |grep tomcat

3.安装tomcat-cluster-redis-session-manager
$ wget https://github.com/ran-jit/tomcat-cluster-redis-session-manager/releases/download/3.0.1/tomcat-cluster-redis-session-manager.zip
$ unzip tomcat-cluster-redis-session-manager.zip
$ chown -R tomcat:tomcat tomcat-cluster-redis-session-manager/
$ cd tomcat-cluster-redis-session-manager/
$ mv conf/* /usr/local/tomcat/conf/
$ mv lib/* /usr/local/tomcat/lib/

在tomcat/conf/redis-data-cache.properties文件中配置redis数据库信息
$ vi /usr/local/tomcat/conf/redis-data-cache.properties

redis.hosts=10.3.8.235:6379,10.3.8.236:6379,10.3.8.237:6379
redis.password=Redis+234]

在tomcat/conf/context.xml文件中…段中增加以下两行：

以上两行要以官方配置为准：https://github.com/ran-jit/tomcat-cluster-redis-session-manager

设置tomcat/conf/web.xml 中 session有效期(默认值是30)

     60

如果项目里也配置了session有效期，则以项目中为准。

部署测试应用
$ vi /usr/local/tomcat/conf/server.xml，在默认的......后面添加：

保存后重启tomcat：
$ systemctl restart tomcat

创建测试页面(https://blog.csdn.net/lipei1220/article/details/51316763)
$ mkdir -p /tomcatweb/work
$ vi /tomcatweb/index.jsp

<%@ page language="java" import="java.util.*" pageEncoding="GBK"%>









<%
<%
HttpSession s = request.getSession(); 
s.setAttribute("name","liuyuhui");
%>
<%
String SERVER_NAME = request.getServerName();
String SERVER_ADDR = request.getLocalAddr();
String SERVER_SOFTWARE = getServletContext().getServerInfo();
String REMOTE_HOST = request.getRemoteHost();
String REMOTE_ADDR = request.getRemoteAddr();
String HTTP_USER_AGENT = request.getHeader("User-Agent");
HashMap infoMap = new HashMap();
infoMap.put("SERVER_NAME", SERVER_NAME);
infoMap.put("SERVER_ADDR", SERVER_ADDR);
infoMap.put("SERVER_SOFTWARE", SERVER_SOFTWARE);
infoMap.put("REMOTE_HOST", REMOTE_HOST);
infoMap.put("REMOTE_ADDR", REMOTE_ADDR);
infoMap.put("HTTP_USER_AGENT", HTTP_USER_AGENT);
Iterator it = infoMap.keySet().iterator();
%>

<%
while (it.hasNext()) {
Object o = it.next();
%>

<%
}
%>
<%=o%>
<%=infoMap.get(o)%>
SessionAttribute
<%= s.getAttribute("name") %>
SessionID
<%= s.getId() %>

授予tomcat用户权限
#chown -R tomcat:tomcat /tomcatweb

在windows客户端，将10.3.8.231 blog.linuxs.top写进hosts文件，然后打开浏览器，输入：
http://blog.linuxs.top:8080

配置Nginx负载均衡
$ yum install epel-release nginx -y
$ vi /etc/nginx/nginx.conf

......
http {
    access_log  off;
    ......
    include /etc/nginx/conf.d/*.conf;
server {
        ......
        location / {
            root html;
            return 404;
        }
        ......
    }
    include vhost/*.conf;
}

#虚拟主机的配置文件和主配置文件单独写，而不是写在主配置文件中

缓存内容文件以及其它一些参数，结合自己的环境调整
$ vi /etc/nginx/conf.d/proxy.conf

server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 300m;
proxy_connect_timeout 10; 	
proxy_send_timeout 10;
proxy_read_timeout 10;
proxy_ignore_client_abort on;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k; 
proxy_temp_file_write_size 64k;
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;

虚拟机文件
$ mkdir /etc/nginx/vhost && cd /etc/nginx/vhost
$ vi blog.conf

upstream blog.linuxs.top {
    server 10.3.8.231:8080 max_fails=1 fail_timeout=10s;
    server 10.3.8.232:8080 max_fails=1 fail_timeout=10s;
}

server {
    listen    80
    server_name blog.linuxs.top
    rewrite ^(.*) https://$host$1 permanent;
}

server {
    listen    443
    server_name blog.linuxs.top

    ssl on;
    ssl_certificate /etc/pki/nginx/blog.linuxs.top.crt;
    ssl_certificate_key /etc/pki/nginx/blog.linuxs.top.key;
    ssl_session_timeout  5m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2 ;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        proxy_pass http://$host;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
    location /status {
        check_status;
        access_log  off;
    }
}

http访问强制跳转到https，后端tomcat未配置ssl，故仍然调度到http(8080)端口。
若还有其它域名访问代理，则复制blog.conf修改下相关内容即可。

上传证书
$ mkdir /etc/pki/nginx && cd /etc/pki/nginx
$ rz
$ chmod 600 *.key
$ ls -l
total 16
-rw-r–r-- 1 root root 3658 Aug 25 2018 blog.linuxs.top.crt
-rw------- 1 root root 1674 Aug 25 2018 blog.linuxs.top.key
-rw-r–r-- 1 root root 3662 Aug 28 2018 yunpan.linuxs.top.crt
-rw------- 1 root root 1678 Aug 28 2018 yunpan.linuxs.top.key
此证书是之前在阿里云上申请的，故能通过浏览器验证。

$ systemctl start nginx
$ systemctl enable nginx

然后到tomcat服务器上修改主页index.jsp，增加客户机真实IP显示：
String CLIENT_IP = request.getHeader(“X-Forwarded-For”);
infoMap.put(“CLIENT_IP”, CLIENT_IP);

最后，在windows客户机上，将之前在hosts文件写的记录改成：
10.3.8.230 blog.linuxs.top
然后在浏览器中输入https://blog.linuxs.top，效果如下：

不停地刷新，可以看到SERVER_ADDR在10.3.8.231和232之间交替，这是负载均衡的效果，而且SessionID保持不变。
图中第一行CLIENT_IP是客户端真实的IP，而第二和第三行是代理服务器的IP。如果没有经过代理访问，则第二和第三行显示的就是客户端的IP。

欢迎转载~~