系统环境为6.3 64bit 最小化安装
一,编译pcre,也可以用yum安装pcre
# tar xf pcre-8.32.tar.gz
# cd pcre-8.32
# ./configure
# make && make install
二,编译nginx
yum -y install zlib zlib-devel openssl openssl-devel pcre pcre-devel
1. gzip module requires zlib library
2. rewrite module requires pcre library
3. ssl support requires openssl library
#tar xf nginx-1.2.6.tar.gz
#cd nginx-1.2.6.tar.gz
# ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-http_memcached_module(这个版本已经支持memcached不需要再添加)
编译选项说明
--with-http_ssl_module 支持https请求
--with-http_flv_module 支持对FLV文件的拖动播放
--with-http_stub_status_module 可以后台查看nginx状态
--with-http_gzip_static_module 启用压缩
--with-http_rewrite_module 启用支持url重写
--with-pcre 启用支持正则表达式
#make & make install
[root@test1 nginx]#/usr/local/nginx/sbin/nginx
sbin/nginx: error while loading shared libraries: libpcre.so.1: cannot open shar
[root@test1 nginx]# ldd /usr/local/nginx/sbin/nginx
linux-vdso.so.1 => (0x00007fff343ff000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fdb3c3af000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fdb3c178000)
libpcre.so.1 => not found
libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007fdb3bf1c000)
libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007fdb3bb82000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fdb3b97d000)
libz.so.1 => /lib64/libz.so.1 (0x00007fdb3b767000)
libc.so.6 => /lib64/libc.so.6 (0x00007fdb3b3d4000)
/lib64/ld-linux-x86-64.so.2 (0x00007fdb3c5d5000)
libfreebl3.so => /lib64/libfreebl3.so (0x00007fdb3b171000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007fdb3af2f000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fdb3ac50000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fdb3aa4b000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fdb3a81f000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007fdb3a614000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fdb3a410000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fdb3a1f6000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fdb39fd6000)
[root@test1 nginx]# find / -name libpcre.so.0.0.1
/lib64/libpcre.so.0.0.1
[root@test1 nginx]# cd /lib64/
[root@test1 lib64]# ll libpcre.so.0 原来libpcre.so.0.0.1的软件链接是libpcre.so.0
lrwxrwxrwx. 1 root root 16 Nov 13 03:32 libpcre.so.0 -> libpcre.so.0.0.1
重新建立软链接
[root@test1 lib64]# ln -s libpcre.so.0.0.1 libpcre.so.1
[root@test1 lib64]# /usr/local/nginx/sbin/nginx 启用ngnix
[root@test1 ~]# /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf也可以用这种方式启用nginx,如果不指定默认会找nginx的安装目录下conf下nginx.conf文件。
[root@test1 lib64]# setenforce 0
[root@test1 lib64]# /etc/init.d/iptables stop
打开nginx的默认页面。
<a href="http://blog.51cto.com/attachment/201303/155727925.png" target="_blank"></a>
[root@test1 ~]# /usr/local/nginx/sbin/nginx -t 测试nginx的配置文件
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@test1 ~]# vim /etc/init.d/nginx
#/bin/bash
# chkconfig: - 85 15
# description: The nginx HTTP Server is an efficient and extensible \
# server implementing the current HTTP standards.
NGINX=/usr/local/nginx/sbin/nginx
CONF=/usr/local/nginx/conf/nginx.conf
start () {
$NGINX -t
if [ $? -eq 0 ];then
if $NGINX ;then
echo " nginx start ok......"
else
echo "nginx start fail......"
fi
exit 1
}
restart () {
$NGINX -s stop
if [ $? -ne 0 ];then
killall -9 nginx
if $NGINX ;then
echo " nginx restart ok ......"
echo "nginx restart fail....."
exit 2
stop () {
echo " nginx stop ok......"
reload () {
$NGINX -s reload
echo "nginx reload ok ........"
exit 3
status () {
if [ `ps aux |grep nginx |wc -l` -eq 1 ];then
echo "nginx is stop....."
echo "nginx is running......."
case $1 in
start)
start
;;
stop)
stop
restart)
restart
reload)
reload
status)
status
*)
echo "Usgage:`basename $0` {start|stop|restart|status}"
esac
[root@test1 ~]# chmod +x /etc/init.d/nginx
[root@test1 ~]# chkconfig --add nginx
[root@test1 ~]# chkconfig nginx on
三,配置tomcat
[root@test1 ~]# rpm -ivh jdk-7u9-linux-x64.rpm
[root@test1 ~]# vim /etc/profile 在export做下列修改和最一行修改ulimit
JAVA_HOME=/usr/java/jdk1.7.0_09/
CLASS_PATH=$JAVA_HOME/lib:$JAVA_HOME/jre/lib
PATH=$PATH:$JAVA_HOME:/bin
CATALINA_HOME=/usr/local/tomcat
export JAVA_HOME CATALINA_HOMEexport PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL HISTTIMEFORMAT
unset i
unset pathmunge
ulimit -SHn 65535
[root@test1 ~]# . /etc/profile
[root@test1 ~]# java -version
java version "1.7.0_09"
Java(TM) SE Runtime Environment (build 1.7.0_09-b05)
Java HotSpot(TM) 64-Bit Server VM (build 23.5-b02, mixed mode)
[root@test1 ~]# tar xf apache-tomcat-7.0.32.tar.gz -C /usr/local/
[root@test1 ~]# cd /usr/local/
[root@test1 local]# ln -s apache-tomcat-7.0.32 tomcat
[root@test1 local]# cd tomcat/
[root@test1 tomcat]# bin/catalina.sh start
打开浏览器测试,tomcat默认监听8080端口。
四,整合nginx与tomcat
[root@test1 ~]# cd /usr/local/nginx/
[root@test1 nginx]# mv conf/nginx.conf conf/nginx.conf.bak
[root@test1 nginx]# vim conf/nginx.conf
user nobody;
worker_processes 2;
error_log logs/error.log info;
#pid logs/nginx.pid;
events {
use epoll;
worker_connections 65536;
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
keepalive_timeout 65;
#配置gzip压缩
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
#设置Web缓存区名称为cache_one,内存缓存空间大小为100MB,1天没有被访问的内容自动清除,硬盘缓存空间大小为1GB
proxy_cache_path /usr/local/nginx/cache_data levels=1:2 keys_zone=cache_one:100m inactive=1d max_size=1g;
upstream 192.168.1.18 {
#ip_hash策略将同一IP的所有请求都转发到同一应用服务器
#ip_hash;
server localhost:8080;
server {
listen 80;
server_name 192.168.1.18;
index index.jsp
charset utf-8;
location / {
#root html;
#index index.jsp;
proxy_pass http://192.168.1.18;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 100m;
}
error_page 500 502 503 504 /50x.html;
location ~* \.(gif|jpg|jpeg|png|bmp|html|htm|flv|swf|ico)$ {
proxy_cache cache_one;
proxy_cache_valid 200 302 304 1h;
proxy_cache_key $host$uri$is_args$args;
proxy_pass http://192.168.1.18;
add_header Last-Modified $date_gmt;
add_header Via $server_addr;
expires 30d;
location ~ .*\.(js|css)?$
{
proxy_cache cache_one;
proxy_cache_valid 200 302 304 1h;
proxy_cache_key $host$uri$is_args$args;
proxy_pass http://192.168.1.18;
add_header Last-Modified $date_gmt;
add_header Via $server_addr;
expires 1h;
}
#扩展名以.php、.jsp、.cgi结尾的动态应用程序不缓存
location ~ .*\.(php|jsp|cgi)?$ {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://192.168.1.18;
[root@test1 nginx]# /etc/init.d/nginx reload
打开浏览器如下所示表示整合成功
<a href="http://blog.51cto.com/attachment/201303/155753851.png" target="_blank"></a>
五,安装probe监控tomcat状态
1、简介
psi-probe是lambdaprobe的一个分支版本,用于对Tomcat进行监控,比tomcat的manager强大很多。
psi就是一个形如叉子的符号Ψ,希腊字母的第23个字母,用来代表fork。
为啥需要分支呢,因为lambdaprobe已经多年没有更新(大致在2006年就停止发布新版本了)。
2、下载地址
<a href="http://code.google.com/p/psi-probe/downloads/list">http://code.google.com/p/psi-probe/downloads/list</a>
3、安装
1.解压,将probe.war放进webapps目录。
2.修改CATALINA_HOME/conf/tomcat-users.xml
(权限配置参考如下,由于首先保证可运行,权限没有特别细分,仅供参考)
下面的权限从小到大,probeuser,poweruser,poweruserplus,manager。如果配置了manager,全部的权限可以不用配置。下面只是演示如果配置权限。Mangaer权限最大,如果没有需要可以不要配置。
<tomcat-users>
<role rolename="probeuser" />
<role rolename="poweruser" />
<role rolename="poweruserplus" />
<role rolename="manager" />
<user username="tomcat" password="tomcat2012" roles="probeuser,poweruser,poweruserplus,manager"/>
</tomcat-users>
4、注意事项
1.不要忘记文件中的<!---->,默认是注释的,需要去掉
2.tomcat6.0.30以上,角色manager一分为四,manager仍保留但不建议使用,因为那样容易遭到CSRF攻击。详见下面的描述:
1 Note that for Tomcat 6.0.30 onwards, the roles required to use the manager application were changed from the single manager role to add the following four roles. (The manager role is still available but should not be used as it avoids the CSRF protection). You will need to assign the role(s) required for the functionality you wish to access.
2
3 manager-gui - allows access to the HTML GUI and the status pages
4 manager-script - allows access to the text interface and the status pages
5 manager-jmx - allows access to the JMX proxy and the status pages
6 manager-status - allows access to the status pages only
7 The HTML interface is protected against CSRF but the text and JMX interfaces are not. To maintain the CSRF protection:
8
9 users with the manager-gui role should not be granted either the manager-script or manager-jmx roles.
10 if the text or jmx interfaces are accessed through a browser (e.g. for testing since these interfaces are intended for tools not humans) then the browser must be closed afterwards to terminate the session.
如果配置不对,就会出现403的错误,连tomcat的manager都进不了,更不用说probe了。
3.lambdaprobe是不支持tomcat6.0.30以上的。所以最好使用psi-probe。
4.在配置tomcat-users.xml时,还需要加入poweruser等角色,才可以正常使用,不然也是403Forbidden。
5,效果图
重启tomcat进入192.168.1.18/probe输入用户名和密码
<a href="http://blog.51cto.com/attachment/201303/155837772.png" target="_blank"></a>
本文转自 deng304749970 51CTO博客,原文链接:http://blog.51cto.com/damondeng/1154244,如需转载请自行联系原作者