天天看点

Nginx做tomcat代理

系统环境为6.3 64bit 最小化安装

一,编译pcre,也可以用yum安装pcre

# tar xf pcre-8.32.tar.gz  

# cd pcre-8.32

# ./configure

# make && make install

二,编译nginx

yum -y install zlib zlib-devel openssl openssl-devel pcre pcre-devel

1. gzip module requires zlib library 

2. rewrite module requires pcre library 

3. ssl support requires openssl library

#tar xf nginx-1.2.6.tar.gz

#cd nginx-1.2.6.tar.gz

# ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module   --with-pcre --with-http_memcached_module(这个版本已经支持memcached不需要再添加)

编译选项说明

--with-http_ssl_module 支持https请求

--with-http_flv_module 支持对FLV文件的拖动播放

--with-http_stub_status_module 可以后台查看nginx状态

--with-http_gzip_static_module  启用压缩

--with-http_rewrite_module  启用支持url重写

--with-pcre  启用支持正则表达式

#make & make install

[root@test1 nginx]#/usr/local/nginx/sbin/nginx

sbin/nginx: error while loading shared libraries: libpcre.so.1: cannot open shar

[root@test1 nginx]# ldd /usr/local/nginx/sbin/nginx

linux-vdso.so.1 =>  (0x00007fff343ff000)

libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fdb3c3af000)

libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fdb3c178000)

libpcre.so.1 => not found

libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007fdb3bf1c000)

libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007fdb3bb82000)

libdl.so.2 => /lib64/libdl.so.2 (0x00007fdb3b97d000)

libz.so.1 => /lib64/libz.so.1 (0x00007fdb3b767000)

libc.so.6 => /lib64/libc.so.6 (0x00007fdb3b3d4000)

/lib64/ld-linux-x86-64.so.2 (0x00007fdb3c5d5000)

libfreebl3.so => /lib64/libfreebl3.so (0x00007fdb3b171000)

libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007fdb3af2f000)

libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fdb3ac50000)

libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fdb3aa4b000)

libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fdb3a81f000)

libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007fdb3a614000)

libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fdb3a410000)

libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fdb3a1f6000)

libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fdb39fd6000)

[root@test1 nginx]# find / -name libpcre.so.0.0.1

/lib64/libpcre.so.0.0.1

[root@test1 nginx]# cd /lib64/

[root@test1 lib64]# ll libpcre.so.0  原来libpcre.so.0.0.1的软件链接是libpcre.so.0

lrwxrwxrwx. 1 root root 16 Nov 13 03:32 libpcre.so.0 -> libpcre.so.0.0.1

重新建立软链接

[root@test1 lib64]# ln -s libpcre.so.0.0.1  libpcre.so.1

[root@test1 lib64]# /usr/local/nginx/sbin/nginx 启用ngnix

[root@test1 ~]# /usr/local/nginx/sbin/nginx  -c /usr/local/nginx/conf/nginx.conf也可以用这种方式启用nginx,如果不指定默认会找nginx的安装目录下conf下nginx.conf文件。

[root@test1 lib64]# setenforce 0

[root@test1 lib64]# /etc/init.d/iptables stop

打开nginx的默认页面。

<a href="http://blog.51cto.com/attachment/201303/155727925.png" target="_blank"></a>

[root@test1 ~]# /usr/local/nginx/sbin/nginx -t 测试nginx的配置文件

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@test1 ~]# vim /etc/init.d/nginx

#/bin/bash

# chkconfig: - 85 15

# description: The nginx HTTP Server is an efficient and extensible  \

#              server implementing the current HTTP standards.

NGINX=/usr/local/nginx/sbin/nginx

CONF=/usr/local/nginx/conf/nginx.conf

start () {

$NGINX -t

if [ $? -eq 0 ];then

if  $NGINX ;then

echo " nginx start ok......"

else

echo "nginx start fail......"

fi

exit 1

}

restart () {

$NGINX -s stop

if [ $? -ne 0 ];then

killall -9 nginx

if $NGINX ;then

echo " nginx restart ok ......"

echo "nginx restart fail....."

exit 2

stop () {

echo " nginx stop ok......"

reload () {

$NGINX -s reload

echo "nginx reload ok ........"

exit 3

status () {

if [ `ps aux |grep  nginx |wc -l` -eq 1 ];then

echo "nginx is stop....."

echo "nginx is running......."

case $1 in

start)

start

;;

stop)

stop

restart)

restart

reload)

reload

status)

status

*)

echo "Usgage:`basename $0` {start|stop|restart|status}"

esac

[root@test1 ~]# chmod +x /etc/init.d/nginx

[root@test1 ~]# chkconfig --add nginx

[root@test1 ~]# chkconfig nginx on

三,配置tomcat

[root@test1 ~]# rpm -ivh jdk-7u9-linux-x64.rpm

[root@test1 ~]# vim /etc/profile 在export做下列修改和最一行修改ulimit

JAVA_HOME=/usr/java/jdk1.7.0_09/

CLASS_PATH=$JAVA_HOME/lib:$JAVA_HOME/jre/lib

PATH=$PATH:$JAVA_HOME:/bin

CATALINA_HOME=/usr/local/tomcat

export JAVA_HOME CATALINA_HOMEexport PATH  USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL  HISTTIMEFORMAT

unset i

unset pathmunge  

ulimit -SHn 65535

[root@test1 ~]# . /etc/profile

[root@test1 ~]# java -version

java version "1.7.0_09"

Java(TM) SE Runtime Environment (build 1.7.0_09-b05)

Java HotSpot(TM) 64-Bit Server VM (build 23.5-b02, mixed mode)

[root@test1 ~]# tar xf apache-tomcat-7.0.32.tar.gz -C /usr/local/

[root@test1 ~]# cd /usr/local/

[root@test1 local]# ln -s apache-tomcat-7.0.32 tomcat

[root@test1 local]# cd tomcat/

[root@test1 tomcat]# bin/catalina.sh start

打开浏览器测试,tomcat默认监听8080端口。

四,整合nginx与tomcat

[root@test1 ~]# cd /usr/local/nginx/

[root@test1 nginx]# mv conf/nginx.conf conf/nginx.conf.bak

[root@test1 nginx]# vim conf/nginx.conf

user  nobody;

worker_processes  2;

error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {

   use epoll;

   worker_connections  65536;

http {

   include       mime.types;

   default_type  application/octet-stream;

   log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                     '$status $body_bytes_sent "$http_referer" '

                     '"$http_user_agent" "$http_x_forwarded_for"';

   sendfile        on;

   keepalive_timeout  65;

   #配置gzip压缩

   gzip on;

   gzip_min_length 1k;

   gzip_buffers     4 16k;

   gzip_http_version 1.0;

   gzip_comp_level 2;

   gzip_types       text/plain application/x-javascript text/css application/xml;

   gzip_vary on;

    #设置Web缓存区名称为cache_one,内存缓存空间大小为100MB,1天没有被访问的内容自动清除,硬盘缓存空间大小为1GB

proxy_cache_path /usr/local/nginx/cache_data levels=1:2 keys_zone=cache_one:100m inactive=1d max_size=1g;

upstream 192.168.1.18 {

     #ip_hash策略将同一IP的所有请求都转发到同一应用服务器

     #ip_hash;

     server localhost:8080;

   server {

       listen       80;

       server_name  192.168.1.18;

       index index.jsp

       charset utf-8;

       location / {

           #root   html;

           #index  index.jsp;

           proxy_pass http://192.168.1.18;

           proxy_set_header X-Real-IP $remote_addr;

           client_max_body_size 100m;

       }

       error_page   500 502 503 504  /50x.html;

       location ~* \.(gif|jpg|jpeg|png|bmp|html|htm|flv|swf|ico)$ {

          proxy_cache cache_one;

          proxy_cache_valid 200 302 304 1h;

          proxy_cache_key $host$uri$is_args$args;

          proxy_pass http://192.168.1.18;

          add_header Last-Modified $date_gmt;

          add_header Via $server_addr;

          expires 30d;

       location ~ .*\.(js|css)?$

       {

        proxy_cache cache_one;

        proxy_cache_valid 200 302 304 1h;

        proxy_cache_key $host$uri$is_args$args;

        proxy_pass http://192.168.1.18;

        add_header Last-Modified $date_gmt;

        add_header Via $server_addr;

        expires      1h;

        }

       #扩展名以.php、.jsp、.cgi结尾的动态应用程序不缓存

location ~ .*\.(php|jsp|cgi)?$ {

       proxy_set_header Host $host;

       proxy_set_header X-Forwarded-For $remote_addr;

       proxy_pass http://192.168.1.18;

[root@test1 nginx]# /etc/init.d/nginx reload

打开浏览器如下所示表示整合成功

<a href="http://blog.51cto.com/attachment/201303/155753851.png" target="_blank"></a>

五,安装probe监控tomcat状态

1、简介

psi-probe是lambdaprobe的一个分支版本,用于对Tomcat进行监控,比tomcat的manager强大很多。

psi就是一个形如叉子的符号Ψ,希腊字母的第23个字母,用来代表fork。

为啥需要分支呢,因为lambdaprobe已经多年没有更新(大致在2006年就停止发布新版本了)。

2、下载地址

<a href="http://code.google.com/p/psi-probe/downloads/list">http://code.google.com/p/psi-probe/downloads/list</a>

3、安装

1.解压,将probe.war放进webapps目录。

2.修改CATALINA_HOME/conf/tomcat-users.xml

(权限配置参考如下,由于首先保证可运行,权限没有特别细分,仅供参考)

下面的权限从小到大,probeuser,poweruser,poweruserplus,manager。如果配置了manager,全部的权限可以不用配置。下面只是演示如果配置权限。Mangaer权限最大,如果没有需要可以不要配置。

&lt;tomcat-users&gt;

 &lt;role rolename="probeuser" /&gt;

 &lt;role rolename="poweruser" /&gt;

 &lt;role rolename="poweruserplus" /&gt;

 &lt;role rolename="manager" /&gt;

 &lt;user username="tomcat" password="tomcat2012" roles="probeuser,poweruser,poweruserplus,manager"/&gt;

&lt;/tomcat-users&gt;

4、注意事项

1.不要忘记文件中的&lt;!----&gt;,默认是注释的,需要去掉

2.tomcat6.0.30以上,角色manager一分为四,manager仍保留但不建议使用,因为那样容易遭到CSRF攻击。详见下面的描述:

1 Note that for Tomcat 6.0.30 onwards, the roles required to use the manager application were changed from the single manager role to add the following four roles. (The manager role is still available but should not be used as it avoids the CSRF protection). You will need to assign the role(s) required for the functionality you wish to access.  

2  

3 manager-gui - allows access to the HTML GUI and the status pages  

4 manager-script - allows access to the text interface and the status pages  

5 manager-jmx - allows access to the JMX proxy and the status pages  

6 manager-status - allows access to the status pages only  

7 The HTML interface is protected against CSRF but the text and JMX interfaces are not. To maintain the CSRF protection:  

8  

9 users with the manager-gui role should not be granted either the manager-script or manager-jmx roles.  

10 if the text or jmx interfaces are accessed through a browser (e.g. for testing since these interfaces are intended for tools not humans) then the browser must be closed afterwards to terminate the session.  

如果配置不对,就会出现403的错误,连tomcat的manager都进不了,更不用说probe了。

3.lambdaprobe是不支持tomcat6.0.30以上的。所以最好使用psi-probe。

4.在配置tomcat-users.xml时,还需要加入poweruser等角色,才可以正常使用,不然也是403Forbidden。

5,效果图

重启tomcat进入192.168.1.18/probe输入用户名和密码

<a href="http://blog.51cto.com/attachment/201303/155837772.png" target="_blank"></a>

本文转自 deng304749970 51CTO博客,原文链接:http://blog.51cto.com/damondeng/1154244,如需转载请自行联系原作者