名称:nginx+tomcat+redis+php
mail:[email protected]
-------------------------------------------------------------------------------------
安装redis软件
用户设置 添加用户gaosilive,解决研发部门上传的问题 ssh的问题
目录权限 /opt/tomcat1/webapps /opt/tomcat2/webapps /opt/tomcat3/webapps
/usr/local/nginx/conf/nginx.conf /data
目录设置:
软件目录 /data/tool(长期保存)
安装目录 根据软件情况定制
程序上传目录 /opt/tomcat1/ webapps
备份程序目录 /data/backup/system(程序保存一周)
备份数据库目录 /data/backup/mysql(长期保存)
软件部署:所需软件:
jdk-7u67-linux-x64(jdk软件,版本1.6.67)
nginx(分发软件,版本1.6)
apache-tomcat-7.0.54(版本1.7.0.54)
mysql-5.5.37(数据库软件,版本5.5.37)
redis-2.6.17(缓存,版本2.6.17)
--------------------------------------------------------------------------------
##Jdk安装
rpm –ivh jdk-7u67-linux-x64.rpm
vi /root/.bash_profile
添加内容
JAVA_HOME=/usr/java/jdk1.7.0_67
PATH=$JAVA_HOME/bin:$PATH
CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export JAVA_HOME
export PATH
export CLASSPATH
#使变量文件生效
source /root/.bash_profile
测试:java –version
##Tomcat安装
#安装目录 /opt
#解压tomcat,并复制到/opt下
tar zxf apache-tomcat-7.0.54.tar.gz
cp -a apache-tomcat-7.0.54 /opt/ tomcat1,端口为8080
cp -a apache-tomcat-7.0.54 / opt /tomcat2 端口为8081
cp -a apache-tomcat-7.0.54 / opt /tomcat2 端口为8081
具体端口为
tomcat配置文件为
#具体设置:
tomcat1/conf/server.xml修改内容:以下tomcat的三个端口
shutdown端口: <Server port="8005" shutdown="SHUTDOWN">
http端口:<Connector port="8080" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" />
AJP端口:<Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />tomcat2的配置
##sessiong共享
加入redis的lib包commons-pool-1.6、jedis-2.1.0、tomcat-redis-session-manager-1.2-tomcat-7
#配置文件
#####################server.xml########################################################
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
<Connector port="8080" protocol="HTTP/1.1"
maxThreads="1000" minSpareThreads="50" maxSpareThreads="100" acceptCount="100" connectionTimeout="30000"
enableLookups="false" redirectPort="8443" URIEncoding="UTF-8"/>
<!-- A "Connector" using the shared thread pool-->
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the BIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in the APR/native
documentation -->
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="/data/webRoot/live/gaosilive/" debug="0" reloadable="false"/>
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />
</Host>
</Engine>
</Service>
</Server>
####context.xml##############################################
<!-- The contents of this file will be loaded for each web application -->
<Context>
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat restarts -->
<Manager pathname="" />
<!-- Uncomment this to enable Comet connection tacking (provides events
on session expiration as well as webapp lifecycle) -->
<Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
<Valve className="com.radiadesign.catalina.session.RedisSessionHandlerValve" />
<Manager className="com.radiadesign.catalina.session.RedisSessionManager"
host="192.168.1.26"
port="6379"
database="0"
maxInactiveInterval="60"/>
</Context>
################context.xml############jndi设置###########################
<Resource
name="jndi/appraisal"
scope="Shareable"
type="javax.sql.DataSource"
factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory"
url="jdbc:mysql://127.0.0.1:3306/cp_gaosi?useUnicode=true&amp;characterEncoding=UTF-8"
driverClassName ="com.mysql.jdbc.Driver"
username="root"
password="gaosilive"
maxActive="200"
maxIdle="30"
maxWait="10000"
validationQuery="select 1 "
removeAbandoned="true"
removeAbandonedTimeout="1200"
/>
<Resource
name="jndi/appraisal_gs"
url="jdbc:mysql://127.0.0.1:3306/cp_gaosi_gs?useUnicode=true&amp;characterEncoding=UTF-8"
validationQuery="select 1 "
name="jndi/knowledge"
factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory"
/>
name="jndi/school"
url="jdbc:sqlserver://db.gaosiedu.com:11533;DatabaseName=gs"
driverClassName ="com.microsoft.sqlserver.jdbc.SQLServerDriver"
username="zx_ceping"
password="zx_ceping!#%&amp;"
<Resource
name="jndi/oa"
url="jdbc:oracle:thin:@106.39.37.205:1521:orcl"
driverClassName ="oracle.jdbc.OracleDriver"
username="oa"
password="oa"
validationQuery="select 1 from dual"
/>
nginx与tomcat结合并实行分发式负载均衡
nginx安装目录 /usr/local
配置文件
vi /usr/local/nginx/conf
user www www;
worker_processes auto;
error_log /home/wwwlogs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
multi_accept on;
}
http
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 100m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
#gzip on;
#gzip_min_length 1k;
#gzip_buffers 4 16k;
#gzip_http_version 1.0;
#gzip_comp_level 2;
#gzip_types text/plain application/x-javascript text/css application/xml;
#gzip_vary on;
#gzip_proxied expired no-cache no-store private auth;
#gzip_disable "MSIE [1-6]\.";
#limit_conn_zone $binary_remote_addr zone=perip:10m;
##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.
server_tokens off;
#log format
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
upstream egaosi {
server 127.0.0.1:8080;
server 127.0.0.1:8090;
server 127.0.0.1:8100;
server 127.0.0.1:8200 backup;
server
listen 80;
server_name www.egaosi.com egaosi.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_redirect off ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
proxy_pass http://egaosi;
}
#error_page 404 /404.html;
location /nginx_status {
stub_status on;
access_log off;
}
location ^~ ^\/bbs {
root /data/webRoot/bbs;
index index.html index.htm index.php;
location ^~ ^\/bbs\/.+\.php{
include fastcgi.conf;
fastcgi_pass unix:/tmp/php-cgi.sock;
}
location ~ [^/]\.php(/|$)
{
# comment try_files $uri =404; to enable pathinfo
try_files $uri =404;
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
#include pathinfo.conf;
#location ~* .(gif|jpg|jpeg|png|bmp|swf)$
#{
# expires 30d;
#}
#location ~* .(js|css)$
# expires 12h;
access_log /home/wwwlogs/access.log access;
include vhost/*.conf;
vim vhost/www.91haoke.com.conf
server{
listen 80;
server_name www.91haoke.com;
root /data/91haoke;
index index.html index.htm index.php;
location / {
# try_files $uri /index.php$uri;
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php/$1 last;
break;
}
}
error_page 500 502 503 504 /50x.html;
location /50x.html
root html;
location ~* \.php {
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi.conf;
ssi on;
ssi_silent_errors on;
location /status {
stub_status on;
access_log off;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|mp3)$
expires 30d;
location ~ .*\.(js|css)?$
expires 1h;
access_log /home/wwwlogs/access.log access;
}
vim vhost/ht.tuiyou.com.conf
server_name ht.tuiyou.com;
root /data/ceping/ht;
index index.html index.htm index.jsp;
error_page 500 502 503 504 /50x.html;
location /50x.html {
root html;
#location ~ .*.jsp$ {
location ~ $ {
index index.jsp;
proxy_pass http://127.0.0.1:8082;
location ~ \.mp4$
# mp4;
重启服务:/etc/init.d/nginx start
##Mysql安装
mysql目录 /usr/local
cp support-files/my-innodb-heavy-4G.cnf /etc/my.cnf
##config file edit
vim /etc/my.cnf
skip-name-resolve=1
cp support-files/mysql.server /etc/init.d/mysqlsource
chmod 755 /etc/init.d/mysqlsource
chown mysql.mysql /usr/local/mysql/ -R
##init mysql datadir
sh scripts/mysql_install_db --user=mysql --basedir=/usr/local/mysql/ --datadir=/usr/local/mysql/data/
重启服务:/etc/init.d/mysqld start
-------------------------------------------------------------------------------------------------------------
#redis install
tar xf redis-2.6.17.tar.gz
cd redis-2.6.17
make
cd src/
make install
mkdir -p /usr/local/bin
cd ..
cp redis.conf redis6379.conf
vi redis6379.conf
daemonize yes
pidfile /usr/local/redis/var/redis.pid
port 6379
timeout 300
loglevel debug
logfile /usr/local/redis/var/redis.log
databases 16
save 900 1
save 300 10
save 60 10000
rdbcompression yes
dbfilename dump.rdb
dir /usr/local/redis/var/
appendonly no
appendfsync always
glueoutputbuf yes
shareobjects no
shareobjectspoolsize 1024
vi redis6380.conf
aemonize yes
port 6380
cd /usr/local/redis/bin/
./redis-server --port 6379 > /dev/null &
./redis-server --port 6380 > /dev/null &
ps aux |grep redis
telnet 127.0.0.1 6379
telnet 127.0.0.1 6380
###备份数据
1。Web备份
#!/bin/bash
DAY=`/bin/date +%Y%m%d`
DATA_DIR=/opt/tomcat1/webapps
BACKUP_DIR=/data/backup/system
export DAY DATA_DIR DEL_DAY BACKUP_DIR
if [ -d $BACKUP_DIR/$DEL_DAY ]
then
rm -rf $BACKUP_DIR/$DEL_DAY
fi
/bin/mkdir -p $BACKUP_DIR/$DAY
cd $DATA_DIR
for i in `ls`
do
if [ $i != weblog ]
then
cd $DATA_DIR
tar cjf $BACKUP_DIR/$DAY/$i.tar.bz2 $i
fi
done
2. Mysql备份(长期保存)
AAA=gaosilive
mysqldump -h localhost -u root -pgaosilive $AAA > /data/backup/mysql/$AAA`date +%Y%m%d`.sql
tomcat之间的同步问题:
采用
防火墙:
防火墙设置:
允许sshd(22)端口访问,远程登录更改端口号
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
允许ftp(21、20)端口访问
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
允许web(80)端口访问
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
允许mysql(3306)端口访问
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
允许redis(6379)端口访问
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 6379 -j ACCEPT
测试环境部署线上环境(rsync):
server:192.168.1.244(测试服务器)
client:192.168.1.26(正式服务器)
##--------------------------------------server192.168.1.244----------------------------
yum -y install gcc wget vim
wget http://rsync.samba.org/ftp/rsync/src/rsync-3.0.9.tar.gz
tar xvf rsync-3.0.9.tar.gz && cd rsync-3.0.9
./configure --prefix=/usr
make && make install
mkdir -p /etc/rsyncd/rsyncd && cd /etc/rsyncd/rsyncd/
touch rsyncd.conf
touch rsyncd.secrets
chmod 600 rsyncd.secrets
touch rsyncd.motd
vi /etc/rsyncd/rsyncd.conf
# Distributed under the terms of the GNU General Public License v2
# Minimal configuration file for rsync daemon
# See rsync(1) and rsyncd.conf(5) man pages for help
# This line is required by the /etc/init.d/rsyncd script
pid file = /var/run/rsyncd.pid
port = 873
address =192.168.1.244
#uid = nobody
#gid = nobody
uid = root
gid = root
use chroot = yes
read only = yes
#limit access to private LANs
hosts allow=192.168.1.0/255.255.255.0
hosts deny=*
max connections = 5
motd file = /etc/rsyncd/rsyncd.motd
#This will give you a separate log file
log file = /var/log/rsync.log
#This will log every file transferred - up to 85,000+ per user, per sync
#transfer logging = yes
log format = %t %a %m %f %b
syslog facility = local3
timeout = 300
[samba_data]
path = /opt
list=no
ignore errors
auth users = root
secrets file = /etc/rsyncd/rsyncd.secrets
vi /etc/rsyncd/rsyncd.secrets
root:111111
user:111111
chown root.root rsyncd.secrets
chmod 600 rsyncd.secrets
vi /etc/rsyncd/rsyncd.motd
++++++++++++++++++++++++++++++++++++++++++++++
Welcome to use the mike.org.cn rsync services!
2002------2014
EOF
### 启动rsync服务器
/usr/bin/rsync --daemon --config=/etc/rsyncd/rsyncd.conf
ipt.9.tar.gz
cd rsync-3.0.9
./configure --prefix=/usr
makemake install
##在rsync客户端上查看提供了哪些可用的数据源:
rsync -avzP rables -A INPUT -p tcp -m state --state NEW -m tcp --dport 873 -j ACCEPT
###rsync 服务器上的所提供的同步内容在rsync服务器上查看提供了哪些可用的数据源。
rsync --list-only [email protected]::samba_data
mkdir -p /data/share/
-----------------------rsync客户端安装192.168.1.26--------------------------------------
wget http://rsync.samba.org/ftp/rsync/src/rsync-3.0.9.tar.gz
tar xvf [email protected]::samba_data
rsync -avzP --delete [email protected]::samba_data /opt
rsync -avzp --delete --password-file=rsync.password [email protected]::samba_data /data
touch rsync.password
chmod 600 rsync.passwod
echo "111111"> rsync.password
rsync -avzp --delete --password-file=rsync.password [email protected]::samba_data /data这样就不需要密码了
##在 /etc/cron.daily.rsync中创建了一个文件名为:root.sh ,并且是权限是 755。
mkdir /etc/cron.daily.rsync
cd /etc/cron.daily.rsync
touch root.sh
chmod 755 root.sh
root.sh
#172.16.5.244 samba_data backup
/usr/bin/rsync -avzP --delete --password-file=/etc/rsyncd/rsyncroot.password [email protected]::samba_data /data/$(date +'%m-%d-%y')
sh root.sh
mkdir /etc/rsyncd/
cd /etc/rsyncd/
touch rsyncroot.password
chmod 600 rsyncroot.password
echo "111111" > rsyncroot.password
service crond restart
killall crond
ps aux |grep crond
/usr/sbin/crond
ps aux |grep crond
本文转自 msj0905 51CTO博客,原文链接:http://blog.51cto.com/sky66/1684906
![Apache静态文件访问配置(书封服务器)[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)