Tengine Tomcat 安装配置优化

一,tengine 安装和配置
 
1.基础库安装:pcre,openssl,geoip,luajit
 
#mkdir -p /var/log/nginx
#mkdir -p /var/nginx_temp/{nginx_client,nginx_proxy,nginx_fastcgi,nginx_temp}
 
#cd /data/soft
#wget 
#tar zxvf pcre-8.36.tar.gz
#cd pcre-8.36
#./configure --prefix=/usr/local
#make && make install
 
 
#cd /data/soft
#wget  
#cd openssl-1.0.1m
./config shared --prefix=/usr/local
#make && make install
 
#cd /data/soft
#wget 
 
#tar zxvf GeoIP-1.6.5.tar.gz
#cd GeoIP-1.6.5
./configure --prefix=/usr/local
#make && make install
 
#cd /data/soft
#wget 
#tar zxvf LuaJIT-2.0.4.tar.gz
#cd LuaJIT-2.0.4
#make PREFIX=/usr/local
make install  
 
#cd /data/soft
#tar xvzf tengine-1.5.2.tar.gz
#cd tengine-1.5.2
#./configure --prefix=/opt/nginx \
--lock-path=/var/lock/nginx.lock \
--pid-path=/var/run/nginx.pid \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--user=nobody \
--group=nobody \
--with-pcre=../pcre-8.36 \
--with-pcre-opt=-fPIC \
--with-openssl=../openssl-1.0.1m \
--with-openssl-opt=-fPIC \
--with-backtrace_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-http_realip_module \
--with-http_concat_module=shared \
--with-http_sysguard_module=shared \
--with-http_limit_conn_module=shared \
--with-http_limit_req_module=shared \
--with-http_split_clients_module=shared \
--with-http_footer_filter_module=shared \
--with-http_geoip_module=shared \
--with-http_sub_module=shared \
--with-http_access_module=shared \
--with-http_upstream_ip_hash_module=shared \
--with-http_upstream_least_conn_module=shared \
--with-http_referer_module=shared \
--with-http_rewrite_module=shared \
--with-http_memcached_module=shared \
--with-http_upstream_session_sticky_module=shared \
--with-http_addition_module=shared \
--with-http_xslt_module=shared \
--with-http_image_filter_module=shared \
--with-http_user_agent_module=shared \
--with-http_empty_gif_module=shared \
--with-http_browser_module=shared \
--with-http_map_module=shared \
--with-http_userid_filter_module=shared \
--with-http_charset_filter_module=shared \
--with-http_trim_filter_module=shared \
--with-http_lua_module=shared \
--without-http_fastcgi_module \
--without-http_uwsgi_module \
--without-http_scgi_module \
--without-select_module \
--without-poll_module \
-with-http_fastcgi_module=shared \
--with-http_uwsgi_module=shared  \
--http-client-body-temp-path=/var/nginx_temp/nginx_client \
--http-proxy-temp-path=/var/nginx_temp/nginx_proxy \
--http-fastcgi-temp-path=/var/nginx_temp/nginx_fastcgi \
 --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro’
  
# make && make install
 
#mkdir -p /opt/nginx/conf/{upstream,vhost.d}
#cd /opt
#mv nginx tengine-1.5.2 && ln -s tengine-1.5.2 nginx
#rm -f /opt/nginx/conf/*.default
 
 
 
 
 
2.tengine 主配置
#vi /opt/nginx/conf/nginx.conf
user nobody nobody;
   
worker_processes auto;
worker_cpu_affinity auto;
   
error_log /var/log/nginx/error.log crit;
pid /var/run/nginx.pid;
   
worker_rlimit_nofile 65535;
   
dso {
    load ngx_http_rewrite_module.so;
    load ngx_http_access_module.so;
    load ngx_http_limit_conn_module.so;
    load ngx_http_limit_req_module.so;
    load ngx_http_sysguard_module.so;
    load ngx_http_lua_module.so;
}
   
events {
    use epoll;
    worker_connections 10240;
}
   
http {
    server_tokens off;
    server_tag off;
    autoindex off;
    access_log off;
    include mime.types;
    default_type application/octet-stream;
   
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 30m;
    client_body_buffer_size 256k;
   
    sendfile on;
    tcp_nopush on;
    keepalive_timeout 60;
    tcp_nodelay on;
   
    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 6;
    gzip_types text/plain application/x-javascript text/css application/xml application/javascript text/javascript image/jpeg image/gif image/png;
    gzip_vary on;
   
    proxy_connect_timeout 120;
    proxy_read_timeout 120;
    proxy_send_timeout 120;
    proxy_buffer_size 128k;
    proxy_buffers 4 128k;
    proxy_busy_buffers_size 256k;
    proxy_temp_file_write_size 256k;
    proxy_headers_hash_max_size 1024;
    proxy_headers_hash_bucket_size 128;
   
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   
    proxy_temp_path /var/nginx_temp/nginx_temp;
   
   
   
   
   
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for" '
                    '$request_time';
 
log_format ha '$remote_addr\t-\t$remote_user\t[$time_local]\t"$request"\t'
                  '$status $body_bytes_sent\t"$http_referer"\t'
                  '"$http_user_agent"\t$request_time\t'
                  '$cookie_user_id__baidu_com\t$cookie_place_id__baidu_com\t'
                  '$cookie_elatitude\t$cookie_elongitude\t'
                  '$cookie_fixed_cid\t$cookie_temp_cid\t$http_x_requested_with\t$cookie_track_id\t$sent_http_content_type\t'
                  '$http_x_baidu_requestid\t$host'; 
   
     
    server {
        sysguard on;
        sysguard_load load=50 action=/loadlimit;
        sysguard_mem swapratio=24% action=/swaplimit;
        sysguard_mem free=100M action=/freelimit;
   
        location /loadlimit {
            return 503;
        }
   
        location /swaplimit {
            return 503;
        }
   
        location /freelimit {
            return 503;
        }
    }
   
    include upstream/*.conf;
    include vhost.d/*.conf;
}
 
 
 
3. 负载均衡池配置
#vim /opt/nginx/conf/upstream/baidi.com
upstream b_baidi_SERVER {
    consistent_hash $request_uri;
    server 100.10.111.210:8080 id=101 weight=8;
    server 100.10.111.180:8080 id=102 weight=10;
    server 100.10.210.139:8080 id=103 weight=10;
    server 100.10.112.163:8080 id=104 weight=5;
      
    check interval=3000 rise=2 fall=3 timeout=1000 type=http port=8080;
    check_http_send "OPTIONS http://baidi.com/api/check;
    check_http_expect_alive http_2xx http_3xx;
}
 
4vhost 设置
#vi /opt/nginx/conf/vhost.d/baidi.com.conf
 
server {
    listen 80;
    listen 443 ssl;
    server_name baidi.com;
 
    ssl_certificate /opt/nginx/conf/ssl/baidi.crt;
    ssl_certificate_key /opt/nginx/conf/ssl/baidi.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
    set $rewrite_status 0;
 
    if ($https_status = off) {
        set $rewrite_status "${rewrite_status}1";
    }
 
    if ($scheme = http) {
        set $rewrite_status "${rewrite_status}2";
    }
 
    if ($https = on) {
        set $https_status $https;
    }
 
    if ($rewrite_status = 012) {
        rewrite / https://$http_host$request_uri permanent;
        break;
    }
 
    access_log /var/log/nginx/baidi.com.access.log ha;
    error_log  /var/log/nginx/baidi.com.error.log;
 
    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Credentials true;
    add_header Access-Control-Allow-Headers Content-Type;
    add_header Access-Control-Allow-Methods POST;
 
    location / {
            proxy_next_upstream http_502 http_504 error timeout invalid_header;
            proxy_redirect off;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header REMOTE-HOST $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-For $remote_addr;
        proxy_pass http://b_baidi_SERVER;
        proxy_set_header Host $host;
    }
     
    location ~ health_status {
        check_status;
        allow 127.0.0.1;
        allow 10.0.0.0/8;
        allow 172.0.0.0/8;
        allow 192.168.0.0/16;
        deny all;
    }
}
 
 
 
 
4 启动脚本
#vim /etc/init.d/nginx
 
#!/bin/sh
#
# nginx - this script start and stop the nginx daemon
#
# chkconfig: 2345
# description: Startup script for nginx
# processname: nginx
# config: /opt/nginx/conf/nginx.conf
# pidfile: /var/run/nginx.pid
#
# code by rocketzhang
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
   
DAEMON="/opt/nginx/sbin/nginx"
CNFFILE="/opt/nginx/conf/nginx.conf"
PIDFILE="/var/run/nginx.pid"
LOCKFILE="/var/lock/nginx.lock"
   
RETVAL=0
   
set -e
[[ -x "$DAEMON" ]] || exit 0
   
start() {
    [[ -x $DAEMON ]] || exit 5
    [[ -f $CNFFILE ]] || exit 6
   
    echo -n "Startting Nginx......"
    $DAEMON -c $CNFFILE || echo -n "Nginx already running!"
    RETVAL=$?
    echo
    [[ $RETVAL -eq 0 ]] && touch $LOCKFILE
}
   
stop() {
    echo -n "Stopping Nginx......"
   
    if [[ -n `ps aux | grep nginx | awk '/master/{print $2}'` ]]; then
        kill -QUIT `ps aux | grep nginx | awk '/master/{print $2}'`
        RETVAL=$?
        echo
        [[ $RETVAL -eq 0 ]] && rm -f $LOCKFILE $PIDFILE
    fi
}
   
reload() {
    echo -n "Reloading Nginx......"
   
    if [[ -n `ps aux | grep nginx | awk '/master/{print $2}'` ]]; then
        kill -HUP `ps aux | grep nginx | awk '/master/{print $2}'`
        RETVAL=$?
        echo
    fi
}
   
case "$1" in
start)
    start
    ;;
   
stop)
    stop
    ;;
   
reload)
    reload
    ;;
   
restart)
    stop
    sleep 1
    start
    ;;
   
*)
    echo "Usage: service nginx {start|stop|reload|restart}"
    RETVAL=1
    ;;
esac
   
exit $RETVAL
 
 
5.# 服务启动 
#chmod +x /etc/init.d/nginx
#chkconfig nginx on
#service nginx start




二,tomcat 安装和配置

组件
jdk 1.8.0_45
tomcat  8.0.23
apr 1.5.2
apr-iconv 1.2.1
apr-util 1.5.4
tomcat-native 1.1.33



tomcat 3种通讯模式,BIO,NIC,APR,默认是BIO

2.1 基础安装
# cd /usr/local/src
# tar xvzf jdk-8u45-linux-x64.gz -C /opt
# cd /opt && ln -s jdk1.8.0_45 jdk
  
# cd /usr/local/src
# wget http://mirrors.hust.edu.cn/apache/tomcat/tomcat-8/v8.0.23/bin/apache-tomcat-8.0.23.tar.gz
# tar xvzf apache-tomcat-8.0.23.tar.gz -C /opt
# cd /opt && ln -s apache-tomcat-8.0.23 tomcat

#vim /etc/profile
export TOMCAT_HOME=/opt/tomcat
export JAVA_HOME=/opt/jdk
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$PATH:$JAVA_HOME/bin:$TOMCAT_HOME/bin

#source /etc/profile

#vim /opt/tomcat/conf/server.xml

<Connector port="8080"
        protocol="org.apache.coyote.http11.Http11AprProtocol"  #使用Apr,如果不想使用APR  
        maxHttpHeaderSize="8192"
        onnectionTimeout="20000"
        redirectPort="8443"
        maxThreads="1000"
        minSpareThreads="50"
        maxSpareThreads="150"
        minProcessors="100"
        maxProcessors="1000"
        acceptCount="1000"
        disableUpload20meout="true"
        enableLookups="false"
        URIEncoding="UTF-8" />
        
        
 #vi /opt/tomcat/bin/setenv.sh
 JAVA_OPTS="-Djava.awt.headless=true -Dfile.encoding=UTF-8
    -server -Xms48g -Xmx48g -Xss1m
    -XX:NewSize=8g -XX:MaxNewSize=16g
    -XX:NewRatio=4 -XX:SurvivorRatio=4
    -XX:+AggressiveOpts -XX:+UseBiasedLocking
    -XX:+UseConcMarkSweepGC -XX:ParallelCMSThreads=24
    -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -Xloggc:/data/logs/tomcat/gc.log
    -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/data/logs/tomcat/heapdump.bin
    -XX:+CMSParallelRemarkEnabled -XX:+ScavengeBeforeFullGC
    -XX:CMSInitiatingOccupancyFraction=75"
  
CATALINA_OUT=/data/logs/tomcat/catalina.out
  
CATALINA_OPTS="-Dcom.sun.management.jmxremote=true
    -Dcom.sun.management.jmxremote.authenticate=false
    -Dcom.sun.management.jmxremote.ssl=false
    -Dcom.sun.management.jmxremote.port=10826"
    
    
  #chmod +x /opt/tomcat/bin/setenv.sh
  
  
  #vi /opt/tomcat/conf/logging.properties
  sed -i 's#${catalina.base}/logs#/data/logs/tomcat#g' /opt/tomcat/conf/logging.properties
  
 
 
 
 
 
 # cd /usr/local/src
# wget http://mirrors.hust.edu.cn/apache/apr/apr-1.5.2.tar.gz
# tar xvzf apr-1.5.2.tar.gz
# cd apr-1.5.2
# ./configure --prefix=/opt/apr
# make && make install
  
# cd /usr/local/src
# wget http://mirrors.hust.edu.cn/apache/apr/apr-iconv-1.2.1.tar.gz
# tar xvzf apr-iconv-1.2.1.tar.gz
# cd apr-iconv-1.2.1
# ./configure --prefix=/opt/apr-iconv --with-apr=/opt/apr
# make && make install
  
# cd /usr/local/src
# wget http://mirrors.hust.edu.cn/apache/apr/apr-util-1.5.4.tar.gz
# tar xvzf apr-util-1.5.4.tar.gz
# cd apr-util-1.5.4
# ./configure --prefix=/opt/apr-util --with-apr=/opt/apr --with-apr-iconv=/opt/apr-iconv/bin/apriconv
# make && make install
  
# cd /usr/local/src
# wget http://mirrors.cnnic.cn/apache/tomcat/tomcat-connectors/native/1.1.33/source/tomcat-native-1.1.33-src.tar.gz
# tar xvzf tomcat-native-1.1.33-src.tar.gz
# cd tomcat-native-1.1.33-src/jni/native
# ./configure --prefix=/usr --with-apr=/opt/apr --with-java-home=/opt/jdk
# make && make install




2.3 tomcat 安全设置
隐藏版本信息
# cd /opt/tomcat/lib
# mkdir -p org/apache/catalina/util
# vim org/apache/catalina/util/ServerInfo.properties


删除tomcat 管理页面
rm -rf /opt/tomcat/webapps/*

# 已普通用户运行tomcat
# useradd tomcat -s /bin/bash
 
# chown -R tomcat:tomcat /opt/tomcat/
# chown -R tomcat:tomcat /data/logs/{search,tomcat}
 
# sudo su tomcat /opt/tomcat/bin/startup.sh


2.4 其他设置
自定义错误页面吗,如下添加
<error-page>
<error-code>500</error-code>
<location>/500.jsp</location>
</error-page>




2.5 压力测试
测试工具:siege
并发线程数:600
测试命令:/opt/siege/bin/siege -c 600 -f /opt/tomcat.txt


RT:0.23 secs
Tr:1368.91 trans/sec
Throughput:0.14MB/SEC
Concurrency:312.35


测试并调优的难点主要是在JVM上,需要对JVM有较深入的了解,根据不同的应用场景进行调优


你可能感兴趣的:(tomcat,tengine,配置后话)