day47——Tomcat+Nginx集群架构实现

1.接入负载均衡nginx

[root@lb01 conf.d]# cat proxy_zrlog.oldxu.com.conf 
upstream  zrlog {
    server 172.16.1.7:8080;
    server 172.16.1.8:8080;
    }
server {
    listen 80;
    server_name zrlog.oldxu.com;
    
    location / {
        proxy_pass http://zrlog;
        include proxy_params;
    }
}

2.会话共享的解决

Nginx+Tomcat集群会话共享 redis cluster

session测试代码用例

2.1配置虚拟主机

#编写一个虚拟主机，将目录的位置指向软件会话存放的目录
[root@web01 conf]# vim /soft/tomcat/conf/server.xml 

  
  

2.2编写测试文件(测试时用)

准备index.jsp文件(为了区分需要调整输出的web01 web02)
[root@web01 ~]# mkdir /code/session/ROOT
[root@web01 ~]# cat /code/session/ROOT/index.jsp 

<%
//HttpSession session = request.getSession(true);
System.out.println(session.getCreationTime());
out.println("
 web01 SESSION ID:" + session.getId() + "
");
out.println("Session created time is :" + session.getCreationTime()
+ "
");
%>

2.3下载tomcatredis软件包

下载TomcatClusterRedisSessionManager (所有web集群都需要操作)
GitHub地址 https://github.com/ran-jit/tomcat-cluster-redis-session-manager

[root@tomcat ~]# wget https://github.com/ran-jit/tomcat-cluster-redis-session-manager/releases/download/3.0.3/tomcat-cluster-redis-session-manager.zip
[root@tomcat ~]# unzip tomcat-cluster-redis-session-manager.zip
[root@web01 ~]# cd tomcat-cluster-redis-session-manager

2.3.1拷贝jar包

[root@web01 tomcat-cluster-redis-session-manager]# cp lib/* /soft/tomcat/lib/

2.3.2拷贝tomcat连接redis配置文件

[root@web01 tomcat-cluster-redis-session-manager]# cp conf/redis-data-cache.properties /soft/tomcat/conf/

2.3.3修改redis-data-cache.properties

[root@web01 ~]# vim /soft/tomcat/conf/redis-data-cache.properties
...
redis.hosts=172.16.1.51:6379
redis.password=123456           #有密码就写密码,没有不要写
...

2.4修改tomcat的定位context.xml

添加如下两行至tomcat/conf/context.xml

[root@web01 ~]# vim /soft/tomcat/conf/context.xml

    .....
    
    
    ....

2.5修改会话的保持时间

修改tomcat/conf/web.xml 配置文件session的超时时间 ,单位是分钟

[root@web01 ~]# vim /soft/tomcat/conf/web.xml

            60       #根据情况调整

3.接入redis

安装redis，当然也可以自行搭建redis集群，anyway

#安装redis
[root@redis ~]# yum install redis -y
#修改配置文件
[root@redis ~]# cat /etc/redis.conf
...
bind 172.16.1.51 127.0.0.1      #绑自己所在的ip地址
requirepass 123456              #如果不需要密码,则不要配置
...
[root@redis ~]# systemctl start redis
[root@redis ~]# systemctl enable redis

#打包推
[root@web01 ~]# scp -rp /code/session/ [email protected]:/code/
[root@web01 ~]# scp -rp /soft/tomcat/ [email protected]:/soft/

4.重启多台机器的Tomcat

# /soft/tomcat/bin/shutdown.sh && /soft/tomcat/bin/startup.sh

5.接入负载均衡,通过负载均衡轮询调度检查是否正常

[root@lb01 ~]# vim /etc/nginx/conf.d/proxy_session.oldxu.com.conf 
upstream session{
        server 172.16.1.7:8080;
        server 172.16.1.8:8080;
}

server{
        listen 80;
        server_name session.oldxu.com;

        location / {
                proxy_pass http://session;
                include proxy_params;
        }
}

6.如果session会话不正常:

将域名解析到指定的服务器,通过8080的方式去访问,测试,检查日志.

7.Nginx+Tomcat集群全站Https

单台:

​ 1.http接收器修改为 80端口 ---> 443
​ 2.配置443的证书

集群:

在负载均衡上面配置跳转

[root@lb01 conf.d]# cat proxy_zrlog.oldxu.com.conf 
upstream  zrlog {
    server 172.16.1.7:8080;
    server 172.16.1.8:8080;
}

server {
    listen 443 ssl;
    ssl_certificate ssl_key/server.crt;
    ssl_certificate_key ssl_key/server.key;
    server_name zrlog.oldxu.com;

    location / {
        proxy_pass http://zrlog;
        include proxy_params;
    }
}
server {
    listen 80;
    server_name zrlog.oldxu.com;
    return 302 https://$http_host$request_uri;
}

生成认证证书：

#创建存放ssl证书的路径
[root@Nginx ~]# mkdir -p /etc/nginx/ssl_key
[root@Nginx ~]# cd /etc/nginx/ssl_key

1.生成证书
[root@Nginx /etc/nginx/ssl_key]# openssl genrsa -idea -out server.key 2048
Enter pass phrase for server.key:   #输入密码1234
Verifying - Enter pass phrase for server.key:   #输入密码1234

2.生成自签证书，同时去掉私钥的密码
[root@Nginx /etc/nginx/ssl_key]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt