nginx+tomcat LVS群集
LVS群集 nginx+tomcat
项目拓扑图:
一.安装nginx + tomcat
192.168.1.248和192.168.1.249服务器上如下配置:
1. JDK的安装
将下载好的安装程序放到/soft目录下
cd /soft
chmod a+x jdk-6u23-linux-i586.bin
./jdk-6u23-linux-i586.bin
mkdir -p /data/conf
mv jdk1.6.0_23/ /data/conf/jdk
删除系统中旧的版本
rm -rf /usr/bin/java
rm -rf /usr/bin/javac
创建链接,设置新的版本
ln -s /data/conf/jdk/bin/java /usr/bin/java
ln -s /data/conf/jdk/bin/javac /usr/bin/javac
查看新的版本信息
java -version
javac -version
查看jdk版本是否是1.6.到此JDK已经安装完成
2. Tomcat安装
解压压缩文件
cd /soft
tar xzvf apache-tomcat-6.0.32.tar.gz
mv apache-tomcat-6.0.32 /data/conf/tomcat
cd /data/conf/tomcat/bin/
添加用户
useradd webuser -s /sbin/nologin
chown -R webuser:webuser /data/
tomcat优化选项
(1)添加tomcat管理员
# vi /usr/local/www/tomcat/conf/tomcat-users.xml
在
其中username="tomcat"为用户名password="li147258369"为密码
(2)修改JVM
JAVA_OPTS="-Xms1024m -Xmx1024m -Xmn256m -Djava.awt.headless=true"
(3)server.xml 参数修改
maxHttpHeaderSize="8192" useBodyEncodingForURI="true" maxThreads="600" 最大连接数 redirectPort="8443" enableLookups="false" 禁用DNS查询 compression="on" compressionMinSize="2048" 压缩,压缩大小 compressableMimeType="text/html,text/xml,text/javascript,text/css,text/plain" connectionTimeout="20000" disableUploadTimeout="true" /> 设置环境目录 vi /etc/profile TOMCAT_HOME=/data/conf/tomcat JAVA_HOME=/data/conf/jdk JRE_HOME=/data/conf/jdk/jre export JAVA_HOME JRE_HOME TOMCAT_HOME 备份tomcat配置文件 cd /data/conf/tomcat/conf mv server.xml server.xml.bak 设置tomcat配置文件,配置虚拟主机 vi server.xml 在后面添加 启动tomcat /data/conf/tomcat/bin/startup.sh 查看启动进程 ps -ef |grep tomcat 访问tomcat测试页,出现猫头网页,则安装成功! links http://localhost:8080 3. 安装nginx 解压压缩文件 tar zxvf pcre-8.02.tar.gz cd pcre-8.02/ 编译安装 ./configure make && make install tar zxvf nginx-0.8.50.tar.gz cd nginx-0.8.50/ 编译安装 ./configure --prefix=/data/conf/nginx --with-http_stub_status_module make && make install 配置nginx配置文件 cd /data/conf/nginx 备份nginx.conf配置文件 mv nginx.conf nginx.conf.bak vi nginx.conf user nobody nobody; worker_processes 4; pid /data/conf/nginx/logs/nginx.pid; worker_rlimit_nofile 51200; events { use epoll; worker_connections 51200; } http{ include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 8m; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; upstream www { server 192.168.1.248:8080; server 192.168.1.249:8080; } server { listen 80; server_name www.benet.com; location / { root /data/web/www.benet.com ; index index.jsp index.htm index.html; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://www; } access_log /data/logs/benet.com/www.benet.access.log; server { server { } 检测配置文件是否存在错误 ./nginx -t 启动nginx 创建项目目录 mkdir /data/web/www.benet.com mkdir /data/web/www.accp.com mkdir /data/web/www.apache.com mkdir -p /data/logs/benet.com mkdir -p /data/logs/accp.com mkdir -p /data/logs/apache.com 建立测试网页 echo "This is benet home page !!!" > /data/web/www.benet.com/index.html echo "This is accp home page !!! " > /data/web/www.accp.com/index.html echo "This is apache home page !!!" > /data/web/www.apache.com/index.html 添加hosts记录 echo "192.168.1.248 www.benet.com" >> /etc/hosts echo "192.168.1.248 www.accp.com" >> /etc/hosts echo "192.168.1.248 www.apache.com" >> /etc/hosts 浏览测试网页,出现相应的网页,则配置完成。 links http://www.benet.com links http://www.accp.com links http://www.apache.com 2011年04月07日修改完成 4. sersync 同步配置,使得网站项目文件一致。 在192.168.1.248服务器上安装rsync tar xzvf rsync-3.0.7.tar.gz cd rsync-3.0.7 ./configure --prefix=/data/conf/rsync make && make install rpm -qa |grep rsync rpm -qf /usr/bin/rsync rpm -e rsync-2.6.8-3.1 ln -s /data/conf/rsync/bin/rsync /usr/bin/rsync 查看rsync版本 rsync -version 配置rsync配置文件 vi rsyncd.conf port = 873 max connections = 4 pid file = /data/conf/rsync/rsync.pid lock file = /data/conf/rsync/rsync.lock log file = /data/conf/rsync/rsync.log [dataweb] path = /data/web auth users = aa secrets file = /data/conf/rsync/conf/rsync.passwd uid = webuser gid = webuser read only = no 创建认证用户名和密码文件 vi /data/conf/rsync/conf/rsync.passwd aa:123456 启动rsync守护进程 rsync --daemon 配置sersync配置文件 vi confxml.xml 修改为 开启sersync守护进程 ./sersync2 -d 测试文件是否同步 在192.168.1.249服务器上/data/web/目录下创建些文件 在192.168.1.248服务器上/data/web/目录下看是否同步有相应的文件 LVS群集配置 1.客户端 就是真实服务器 在192.168.1.248和249服务器环回接口上绑定 虚拟ip vi /data/conf/realserver #!/bin/bash #description : start realserver VIP=192.168.1.100 /etc/rc.d/init.d/functions case "$1" in start) echo " start LVS of REALServer" /sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce ;; stop) /sbin/ifconfig lo:0 down echo "close LVS Directorserver" echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce ;; *) echo "Usage: $0 {start|stop}" exit 1 esac 开启虚拟IP cd /data/conf ./realserve start 查看虚拟IP ip add 或者 ifconfig 192.168.1.246 lvs主机------------192.168.1.247 lvs备份机 1. 在1.246和247上安装 ipvsadm yum -y install ipvsadm 2. 192.168.1.246 lvs主机安装keepalived 安装keepalived cd /soft tar xzvf keepalived-1.1.19_.tar.gz ./configure --prefix=/data/conf/keepalived make make install 创建keepalived目录 mkdir -p /etc/keepalived 创建keepalived.conf配置文件 ! Configuration File for keepalived real_server 192.168.1.248 80 { 启动keepalived cd /data/conf/keepalived/sbin ./keepalived -D 查看keepalived进程,是否有3个进程 ps -ef |grep keepalived 查看ipvsadm ipvsadm -L -c LVS群集测试: 设置hosts文件 192.168.1.100 www.benet.com 192.168.1.100 www.accp.com 192.168.1.100 www.apache.com 访问测试网页 http://www.benet.com 关闭LVS master主机,看是否还能访问测试网页不,如果能访问,则LVS配置成功了,若不行,则进行相应的排错啦. 本文出自 “fallenleaves” 博客,请务必保留此出处http://fallenleaves.blog.51cto.com/1383716/530901
error_log /data/logs/benet.com/error-www.benet.com;
}
listen 80;
server_name www.accp.com;
location / {
root /var/www ;
index index.jsp index.htm index.html;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://www;
}
access_log /data/logs/accp.com/www.accp.access.log;
error_log /data/logs/accp.com/error-www.accp.com;
}
listen 80;
server_name www.apache.com;
location / {
root /data/web/www.apache.com ;
index index.jsp index.htm index.html;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://www;
}
access_log /data/logs/apache.com/www.apache.access.log;
error_log /data/logs/apache.com/error-www.apache.com;
}
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
# 20081013 written by :netseek
# VIP1
vrrp_instance VI_1 {
state MASTER #备份服务器上将MASTER改为BACKUP
interface eth0
virtual_router_id 51
priority 100 # 备份服务上将100改为99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.100 #(如果有多个VIP,继续换行填写.)
}
}
virtual_server 192.168.1.100 80 {
delay_loop 6 #(每隔10秒查询realserver状态)
lb_algo wrr #(lvs 算法)
lb_kind DR #(Direct Route)
persistence_timeout 60 #(同一IP的连接60秒内被分配到同一台realserver)
inhibit_on_failure #当web挂掉的时候,前面请求的用户,可以继续打开页面,但是后面的请求不会调度到挂掉的web上面。
protocol TCP #(用TCP协议检查realserver状态)
weight 3 #(权重)
TCP_CHECK {
connect_timeout 10 #(10秒无响应超时)
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.249 80 {
weight 1
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
}
}
}
Apache,tomcat,nginx,apache+tomcat,nginx+tomcat自动化安装脚本
#!/bin/bash
#Auto Install Apache Tomcat Nginx apache+tomcat nginx+tomcat.
#apache version: 2.2.17 download: http://httpd.apache.org/download.cgi#apache22
#jdk version: 1.6 download: http://www.oracle.com/technetwork/java/javase/downloads/index-jsp-138363.html
#tomcat version: 6.0.23 download: http://tomcat.apache.org/download-60.cgi
#nginx version: 0.8.54 download: http://nginx.org/en/download.html
#执行这个自动化安装脚本需要把apache tomcat jdk nginx的安装包拷贝到/soft目录下.
#apache安装在/opt/conf/apache目录下. nginx安装在/opt/conf/nginx目录下.
#tomcat安装在/opt/conf/tomcat目录下. jdk安装在/opt/conf/jdk目录下.
# 20110413 write: liweizhong e-mail:[email protected] QQ:543302969 Version 1.1
IN_SRC=/soft
IN_DIR=/opt/conf
echo "=================Check software development environment.================"
echo ""
rpm -q gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel \
zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel > /dev/null
if [ "$?" != 0 ] ;
then
echo "Please check your need software"
exit 0
else
echo "software is OK !! "
fi
if [[ ! -d $IN_DIR ]]
then
mkdir -p $IN_DIR
fi
function apache_ins {
echo ""
echo "===========================Apache installing============================="
sleep 5
#Auto apache
echo "installing httpd..."
cd $IN_SRC
tar jxvf httpd-2.2.17.tar.bz2
cd httpd-2.2.17
./configure --prefix=$IN_DIR/apache --with-mpm=worker --enable-rewrite --enable-deflate --disable-userdir --enable-so
[ $? != 0 ] && exit
make
[ $? != 0 ] && exit
make install
[ $? != 0 ] && exit
echo "Include conf/vhost.conf" >> $IN_DIR/apache/conf/httpd.conf
sed -i "s/#ServerName/ServerName localhost/g" $IN_DIR/apache/conf/httpd.conf
touch $IN_DIR/apache/conf/vhost.conf
$IN_DIR/apache/bin/apachectl start
echo "$IN_DIR/apache/bin/apachectl start" >> /etc/rc.local
${SERVICES}_ins
sleep 2
echo "==========================Auto Install finished=========================="
}
function tomcat_ins {
echo ""
echo "===========================Tomcat installing============================="
sleep 5
#Auto Install JDK
cd /soft
chmod 700 jdk*
./jdk-6u23-linux-i586.bin
mv jdk1.6.0_23/ /opt/conf/jdk
rm -rf /usr/bin/java
rm -rf /usr/bin/javac
ln -s /opt/conf/jdk/bin/java /usr/bin/java
ln -s /opt/conf/jdk/bin/javac /usr/bin/javac
java -version
sleep 3
javac -version
echo ""
echo ""
echo "====================Auto Install JDK Have finished======================"
#Auto Install tomcat
sleep 5
cd /soft
tar xzvf apache-tomcat-6.0.32.tar.gz
mv apache-tomcat-6.0.32 /opt/conf/tomcat
cat >> /etc/profile << EFF
TOMCAT_HOME=/opt/conf/tomcat
JAVA_HOME=/opt/conf/jdk
JRE_HOME=/opt/conf/jdk/jre
PATH=$PATH:$JAVA_HOME/bin:$JRE_HOME/bin:$TOMCAT_HOME/bin/
export JAVA_HOME JRE_HOME PATH TOMCAT_HOME
EFF
source /etc/profile
sleep 3
cd /opt/conf/tomcat/bin
./startup.sh
echo ""
echo ""
echo "=================Already all installation is complete================="
}
function nginx_ins {
echo ""
echo "===========================Nginx installing==========================="
sleep 5
#Auto nginx
echo "installing nginx..."
cd $IN_SRC
tar zxvf nginx-0.8.54.tar.gz
cd nginx-0.8.54
make_clean
useradd www
./configure --user=www --group=www --prefix=$IN_DIR/nginx --without-http_rewrite_module --with-http_stub_status_module --with-http_ssl_module
[ $? != 0 ] && exit
make
[ $? != 0 ] && exit
make install
[ $? != 0 ] && exit
/opt/conf/nginx/sbin/nginx
echo "$IN_DIR/nginx/sbin/nginx " >> /etc/rc.local
${SERVICES}_ins
sleep 3
echo "===============Auto Install finished================================="
}
echo "Slect install
1. apache
2. tomcat+jdk
3. nginx
4. apache+tomcat
5. nginx+tomcat
6. don't install is now
"
read -p "Please Input 1,2,3,4,5,6:" SERVER_ID
if [[ $SERVER_ID == 5 ]]; then
SERVICE="nginx"
SERVICES="tomcat"
elif [[ $SERVER_ID == 4 ]]; then
SERVICE="apache"
SERVICES="tomcat"
elif [[ $SERVER_ID == 3 ]]; then
SERVICE="nginx"
elif [[ $SERVER_ID == 2 ]]; then
SERVICE="tomcat"
elif [[ $SERVER_ID == 1 ]]; then
SERVICE="apache"
else
echo ""
echo "Thanks bye!!"
exit
fi
${SERVICE}_ins
本文出自 “fallenleaves” 博客,请务必保留此出处http://fallenleaves.blog.51cto.com/1383716/545832
自动安装多个tomcat shell脚本
自动安装多个tomcat shell脚本
#!/bin/bash
#Auto Install JDK、tomcat and they connector.
#执行这个脚本需要在/soft目录下放好JDK、tomcat、的tar.gz源码包,
#以及已经执行过的jdk(本人无法做到在jdk执行时输入Enter和空格,所以这一步骤需要手动做。)
#tomcat安装到/data/conf/tomcat,已设置环境变量。
#JDv安装>/data/conf/jdk,已设置环境变量。
# 20110401 [email protected] Version 1.0 write:fallenleaves QQ:543302969
echo "===========================Began installing============================="
if [ ! -d /opt/conf ]
then
mkdir -p /opt/conf
else
echo "This directory is already exists"
fi
#Auto Install JDK
cd /soft
chmod 700 jdk*
./jdk-6u24-linux-i586.bin
mv jdk1.6.0_24/ /opt/conf/jdk
rm -rf /usr/bin/java
rm -rf /usr/bin/javac
ln -s /opt/conf/jdk/bin/java /usr/bin/java
ln -s /opt/conf/jdk/bin/javac /usr/bin/javac
java -version
sleep 5
javac -version
echo ""
echo ""
echo "====================Auto Install JDK Have finished======================"
#Auto Install tomcat
for i in `seq 1 3`
do
mkdir -p /opt/conf/tomcat$i
cd /soft
tar xzvf apache-tomcat-7.0.12.tar.gz
mv apache-tomcat-7.0.12/* /opt/conf/tomcat$i
cat >> /etc/profile << EFF
TOMCAT$i=/opt/conf/tomcat$i
EFF
done
cat >> /etc/profile << FFG
JAVA_HOME=/opt/conf/jdk
JRE_HOME=/opt/conf/jdk/jre
PATH=$PATH:$JAVA_HOME/bin:$JRE_HOME/bin:$TOMCAT1/bin:$TOMCAT2/bin:$TOMCAT3/bin/
export JAVA_HOME JRE_HOME PATH TOMCAT1 TOMCAT2 TOMCAT3
FFG
source /etc/profile
本文出自 “fallenleaves” 博客,请务必保留此出处http://fallenleaves.blog.51cto.com/1383716/547974
nginx+tomcat负载均衡缓存服务器集群
Nginx的Web缓存服务主要由proxy_cache相关指令集和fastcgi_cache相关指令集构成,前者用于反向代理时,对后端内容源服务器进行缓存,后者主要用于对FastCGI的动态程序进行缓存。两者的功能基本上一样。
最新的Nginx 0.8.32版本,proxy_cache和fastcgi_cache已经比较完善,加上第三方的ngx_cache_purge模块(用于清除指定URL的缓存),已经可以完全取代Squid。我们已经在生产环境使用了 Nginx 的 proxy_cache 缓存功能超过两个月,十分稳定,速度不逊于 Squid。
在功能上,Nginx已经具备Squid所拥有的Web缓存加速功能、清除指定URL缓存的功能。而在性能上,Nginx对多核CPU的利用,胜过Squid不少。另外,在反向代理、负载均衡、健康检查、后端服务器故障转移、Rewrite重写、易用性上,Nginx也比Squid强大得多。这使得一台Nginx可以同时作为“负载均衡服务器”与“Web缓存服务器”来使用。
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.00.tar.gz
tar zxvf pcre-8.00.tar.gz
cd pcre-8.00/
./configure
make && make install
cd ../
tar zxvf ngx_cache_purge-1.0.tar.gz
tar zxvf nginx-0.8.32.tar.gz
cd nginx-0.8.32/
./configure –user=www –group=www –add-module=../ngx_cache_purge-1.0 –prefix=/usr/local/webserver/nginx –with-http_stub_status_module –with-http_ssl_module
make && make install
cd ../
worker_rlimit_nofile 51200;
{
use epoll;
}
{
include mime.types;
default_type application/octet-stream;
sendfile on;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 300m;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
proxy_read_timeout 60;
proxy_send_timeout 5;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
{
server 192.168.81.131:8080;
server 192.168.81.128:8080;
}
#注:proxy_temp_path和proxy_cache_path指定的路径必须在同一分区
proxy_temp_path /data0/proxy_temp_dir;
#设置Web缓存区名称为cache_one,内存缓存空间大小为50MB,1天没有被访问的内容自动清除,硬盘缓存空间大小为10GB。
proxy_cache_path /data0/proxy_cache_dir levels=1:2 keys_zone=cache_one:50m inactive=1d max_size=10g;
{
listen 80;
server_name tomcat.hxqm.com;
root /data0/htdocs/tomcat;
index index.html index.htm index.jsp default.jsp index.do default.do;
{
rewrite ^/(.*)([^/])$ http://$host/$1$2/ last;
}
{
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_cache cache_one;
proxy_cache_valid 200 304 12h;
proxy_cache_key $host$uri$is_args$args;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://tomcat;
expires 1d;
}
#用于清除缓存,假设一个URL为 http://tomcat.hxqm.com/docs/appdev/index.html,通过访问 http://tomcat.hxqm.com/purge/docs/appdev/index.html就可以清除该URL的缓存。
location ~ /purge(/.*)
{
allow 127.0.0.1;
allow 192.168.81.0/24;
deny all;
proxy_cache_purge cache_one $host$1$is_args$args;
}
location ~ .*\.(php|jsp|cgi)?$
{
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://tomcat;
}
{
expires 30d;
}
{
expires 1h;
}
’$status $body_bytes_sent “$http_referer” ‘
’”$http_user_agent” $http_x_forwarded_for’;
access_log /data1/logs/tomcatlogs.log tomcatlogs;
}
the configuration file /usr/local/webserver/nginx/conf/nginx.conf syntax is ok
configuration file /usr/local/webserver/nginx/conf/nginx.conf test is successful
CLASS_PATH=”$JAVA_HOME/lib:$JAVA_HOME/jre/lib”
PATH=”.:$PATH:$JAVA_HOME/bin”
CATALINA_HOME=”/usr/local/tomcat”
export JAVA_HOME CATALINA_HOME
case $1 in
start)
/nginx/sbin/nginx;
;;
stop)
kill -2 `ps -ef|grep "/nginx/sbin/nginx"|grep -v "grep"|awk '{print $2}' `
;;
restart)
cd "$CMD"
$0 stop
$0 start
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
a. 找到Engine标签,加入属性 jvmRoute="worker1"
User user = (User)request.getSession().getAttribute(“user”);
User.setName(“my name”);
这样我们就是直接存取出来,然后进行修改,虽然在单机情况下没有问题,但是在集群条件下,这样就导致了多台WEB服务器上的SESSION不同步的问题,因为SESSION并没有改变,Tomcat无法监视session中某个数据的值是否发生了变化。因此,我们还需要执行如下操作以保证SESSION的同步:
Request.getSession().setAttribute(“user”, user);
所以,我们在操作SESSION的时候要特别注意!另外的建议就是,我们应该尽可能的不要修改SESSION中的数据。
http://surpassdream.blog.51cto.com/1347340/544270
http://wgkgood.blog.51cto.com/
nginx rewrite 参数和例子
http://www.cnblogs.com/analyzer/articles/1377684.html
]
本位转自:http://blog.c1gstudio.com/archives/434
推荐参考地址:
Mailing list ARChives 官方讨论区
http://marc.info/?l=nginx
Nginx 常见应用技术指南[Nginx Tips]
http://bbs.linuxtone.org/thread-1685-1-1.html
本日志内容来自互联网和平日使用经验,整理一下方便日后参考。
正则表达式匹配,其中:
- * ~ 为区分大小写匹配
- * ~* 为不区分大小写匹配
- * !~和!~*分别为区分大小写不匹配及不区分大小写不匹配
文件及目录匹配,其中:
- * -f和!-f用来判断是否存在文件
- * -d和!-d用来判断是否存在目录
- * -e和!-e用来判断是否存在文件或目录
- * -x和!-x用来判断文件是否可执行
flag标记有:
- * last 相当于Apache里的[L]标记,表示完成rewrite
- * break 终止匹配, 不再匹配后面的规则
- * redirect 返回302临时重定向 地址栏会显示跳转后的地址
- * permanent 返回301永久重定向 地址栏会显示跳转后的地址
一些可用的全局变量有,可以用做条件判断(待补全)
- $args
- $content_length
- $content_type
- $document_root
- $document_uri
- $host
- $http_user_agent
- $http_cookie
- $limit_rate
- $request_body_file
- $request_method
- $remote_addr
- $remote_port
- $remote_user
- $request_filename
- $request_uri
- $query_string
- $scheme
- $server_protocol
- $server_addr
- $server_name
- $server_port
- $uri
结合QeePHP的例子
- if (!-d $request_filename) {
- rewrite ^/([a-z-A-Z]+)/([a-z-A-Z]+)/?(.*)$ /index.php?namespace=user&controller=$1&action=$2&$3 last;
- rewrite ^/([a-z-A-Z]+)/?$ /index.php?namespace=user&controller=$1 last;
- break;
多目录转成参数
abc.domian.com/sort/2 => abc.domian.com/index.php?act=sort&name=abc&id=2
- if ($host ~* (.*)/.domain/.com) {
- set $sub_name $1;
- rewrite ^/sort//(/d+)//?$ /index.php?act=sort&cid=$sub_name&id=$1 last;
- }
目录对换
/123456/xxxx -> /xxxx?id=123456
- rewrite ^/(/d+)/(.+)/ /$2?id=$1 last;
例如下面设定nginx在用户使用ie的使用重定向到/nginx-ie目录下:
- if ($http_user_agent ~ MSIE) {
- rewrite ^(.*)$ /nginx-ie/$1 break;
- }
目录自动加“/”
- if (-d $request_filename){
- rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent;
- }
禁止htaccess
- location ~//.ht {
- deny all;
- }
禁止多个目录
- location ~ ^/(cron|templates)/ {
- deny all;
- break;
- }
禁止以/data开头的文件
可以禁止/data/下多级目录下.log.txt等请求;
- location ~ ^/data {
- deny all;
- }
禁止单个目录
不能禁止.log.txt能请求
- location /searchword/cron/ {
- deny all;
- }
禁止单个文件
- location ~ /data/sql/data.sql {
- deny all;
- }
给favicon.ico和robots.txt设置过期时间;
这里为favicon.ico为99天,robots.txt为7天并不记录404错误日志
- location ~(favicon.ico) {
- log_not_found off;
- expires 99d;
- break;
- }
- location ~(robots.txt) {
- log_not_found off;
- expires 7d;
- break;
- }
设定某个文件的过期时间;这里为600秒,并不记录访问日志
- location ^~ /html/scripts/loadhead_1.js {
- access_log off;
- root /opt/lampp/htdocs/web;
- expires 600;
- break;
- }
文件反盗链并设置过期时间
这里的return 412 为自定义的http状态码,默认为403,方便找出正确的盗链的请求
“rewrite ^/ http://leech.c1gstudio.com/leech.gif;”显示一张防盗链图片
“access_log off;”不记录访问日志,减轻压力
“expires 3d”所有文件3天的浏览器缓存
- location ~* ^.+/.(jpg|jpeg|gif|png|swf|rar|zip|css|js)$ {
- valid_referers none blocked *.c1gstudio.com *.c1gstudio.net localhost 208.97.167.194;
- if ($invalid_referer) {
- rewrite ^/ http://leech.c1gstudio.com/leech.gif;
- return 412;
- break;
- }
- access_log off;
- root /opt/lampp/htdocs/web;
- expires 3d;
- break;
- }
只充许固定ip访问网站,并加上密码
- root /opt/htdocs/www;
- allow 208.97.167.194;
- allow 222.33.1.2;
- allow 231.152.49.4;
- deny all;
- auth_basic "C1G_ADMIN";
- auth_basic_user_file htpasswd;
将多级目录下的文件转成一个文件,增强seo效果
/job-123-456-789.html 指向/job/123/456/789.html
- rewrite ^/job-([0-9]+)-([0-9]+)-([0-9]+)/.html$ /job/$1/$2/jobshow_$3.html last;
将根目录下某个文件夹指向2级目录
如/shanghaijob/ 指向 /area/shanghai/
如果你将last改成permanent,那么浏览器地址栏显是/location/shanghai/
- rewrite ^/([0-9a-z]+)job/(.*)$ /area/$1/$2 last;
上面例子有个问题是访问/shanghai 时将不会匹配
- rewrite ^/([0-9a-z]+)job$ /area/$1/ last;
- rewrite ^/([0-9a-z]+)job/(.*)$ /area/$1/$2 last;
这样/shanghai 也可以访问了,但页面中的相对链接无法使用,
如./list_1.html真实地址是/area/shanghia/list_1.html会变成/list_1.html,导至无法访问。
那我加上自动跳转也是不行咯
(-d $request_filename)它有个条件是必需为真实目录,而我的rewrite不是的,所以没有效果
- if (-d $request_filename){
- rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent;
- }
知道原因后就好办了,让我手动跳转吧
- rewrite ^/([0-9a-z]+)job$ /$1job/ permanent;
- rewrite ^/([0-9a-z]+)job/(.*)$ /area/$1/$2 last;
文件和目录不存在的时候重定向:
- if (!-e $request_filename) {
- proxy_pass http://127.0.0.1;
- }
域名跳转
- server
- {
- listen 80;
- server_name jump.c1gstudio.com;
- index index.html index.htm index.php;
- root /opt/lampp/htdocs/www;
- rewrite ^/ http://www.c1gstudio.com/;
- access_log off;
- }
多域名转向
- server_name www.c1gstudio.com www.c1gstudio.net;
- index index.html index.htm index.php;
- root /opt/lampp/htdocs;
- if ($host ~ "c1gstudio/.net") {
- rewrite ^(.*) http://www.c1gstudio.com$1 permanent;
- }
三级域名跳转
- if ($http_host ~* "^(.*)/.i/.c1gstudio/.com$") {
- rewrite ^(.*) http://top.yingjiesheng.com$1;
- break;
- }
域名镜向
- server
- {
- listen 80;
- server_name mirror.c1gstudio.com;
- index index.html index.htm index.php;
- root /opt/lampp/htdocs/www;
- rewrite ^/(.*) http://www.c1gstudio.com/$1 last;
- access_log off;
- }
某个子目录作镜向
- location ^~ /zhaopinhui {
- rewrite ^.+ http://zph.c1gstudio.com/ last;
- break;
- }
discuz ucenter home (uchome) rewrite
- rewrite ^/(space|network)-(.+)/.html$ /$1.php?rewrite=$2 last;
- rewrite ^/(space|network)/.html$ /$1.php last;
- rewrite ^/([0-9]+)$ /space.php?uid=$1 last;
discuz 7 rewrite
- rewrite ^(.*)/archiver/((fid|tid)-[/w/-]+/.html)$ $1/archiver/index.php?$2 last;
- rewrite ^(.*)/forum-([0-9]+)-([0-9]+)/.html$ $1/forumdisplay.php?fid=$2&page=$3 last;
- rewrite ^(.*)/thread-([0-9]+)-([0-9]+)-([0-9]+)/.html$ $1/viewthread.php?tid=$2&extra=page/%3D$4&page=$3 last;
- rewrite ^(.*)/profile-(username|uid)-(.+)/.html$ $1/viewpro.php?$2=$3 last;
- rewrite ^(.*)/space-(username|uid)-(.+)/.html$ $1/space.php?$2=$3 last;
- rewrite ^(.*)/tag-(.+)/.html$ $1/tag.php?name=$2 last;
给discuz某版块单独配置域名
- server_name bbs.c1gstudio.com news.c1gstudio.com;
- location = / {
- if ($http_host ~ news/.c1gstudio.com$) {
- rewrite ^.+ http://news.c1gstudio.com/forum-831-1.html last;
- break;
- }
- }
discuz ucenter 头像 rewrite 优化
- location ^~ /ucenter {
- location ~ .*/.php?$
- {
- #fastcgi_pass unix:/tmp/php-cgi.sock;
- fastcgi_pass 127.0.0.1:9000;
- fastcgi_index index.php;
- include fcgi.conf;
- }
- location /ucenter/data/avatar {
- log_not_found off;
- access_log off;
- location ~ /(.*)_big/.jpg$ {
- error_page 404 /ucenter/images/noavatar_big.gif;
- }
- location ~ /(.*)_middle/.jpg$ {
- error_page 404 /ucenter/images/noavatar_middle.gif;
- }
- location ~ /(.*)_small/.jpg$ {
- error_page 404 /ucenter/images/noavatar_small.gif;
- }
- expires 300;
- break;
- }
- }
jspace rewrite
- location ~ .*/.php?$
- {
- #fastcgi_pass unix:/tmp/php-cgi.sock;
- fastcgi_pass 127.0.0.1:9000;
- fastcgi_index index.php;
- include fcgi.conf;
- }
- location ~* ^/index.php/
- {
- rewrite ^/index.php/(.*) /index.php?$1 break;
- fastcgi_pass 127.0.0.1:9000;
- fastcgi_index index.php;
- include fcgi.conf;
- }