nginx+tomcat
[root@nginx1 ~]# vim /usr/local/nginx/conf/nginx.conf
user www www;
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;
error_log logs/error.log;
worker_rlimit_nofile 10240;
pid logs/nginx.pid;
events {
use epoll;
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
'"$upstream_cache_status"';
access_log logs/access.log main;
server_tokens off;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_proxied any;
gzip_min_length 1k;
gzip_buffers 16 8k;
gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml;
gzip_vary on;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 75;
proxy_send_timeout 75;
proxy_read_timeout 75;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_buffering on;
proxy_temp_path /usr/local/nginx/proxy_temp;
proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2 keys_zone=my-cache:100m max_size=1000m inactive=600m max_size=2g;
upstream backend {
sticky;
server 192.168.1.12:8080 weight=1 max_fails=2 fail_timeout=10s;
server 192.168.1.13:8080 weight=1 max_fails=2 fail_timeout=10s;
}
server {
listen 80;
server_name localhost;
charset utf-8;
location ~ /purge(/.*) {
allow 127.0.0.1;
allow 192.168.1.0/24;
deny all;
proxy_cache_purge my-cache $host$1$is_args$args;
}
location / {
index index.jsp index.php index.html index.htm;
proxy_pass http://backend;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_ignore_headers Set-Cookie;
proxy_hide_header Set-Cookie;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
}
location ~ .*\.(gif|jpg|png|html|htm|css|js|ico|swf|pdf)(.*) {
proxy_pass http://backend;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_cache my-cache;
add_header Nginx-Cache $upstream_cache_status;
proxy_cache_valid 200 304 301 302 8h;
proxy_cache_valid 404 1m;
proxy_cache_valid any 1d;
proxy_cache_key $host$uri$is_args$args;
expires 30d;
}
}
}
[root@nginx1 ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@nginx1 ~]# nginx -s reload
nginx: [error] invalid PID number "" in "/usr/local/nginx/logs/nginx.pid"
[root@nginx1 ~]# nginx
[root@nginx1 ~]# nginx -s reload
- 访问代理服务器192.168.70.102
[root@tomcat02 ~]# echo "web2 html" > /usr/local/tomcat/webapps/ROOT/index.html[root@tomcat01 ~]# echo "web1 192.168.70.106" > /usr/local/tomcat/webapps/ROOT/index.html
测试结果:Nginx-Cache HIL 命中
未命中(配置文件中缓存不匹配 jsp 文件结尾的所以不缓存,就是未命中)
清缓存 192.168.70.102/purge/index.html
//清楚所有缓存
[root@nginx1 ~]# ls /usr/local/nginx/proxy_cache/*
/usr/local/nginx/proxy_cache/5:
e7
/usr/local/nginx/proxy_cache/6:
59
/usr/local/nginx/proxy_cache/7:
1a
[root@nginx1 ~]# rm -fr /usr/local/nginx/proxy_cache/*
- 轮询功能
[root@nginx1 ~]# vim /usr/local/nginx/conf/nginx.conf
[root@nginx1 ~]# nginx
[root@nginx1 ~]# nginx -s reload
//刷新网页192.168.70.102/index.html
- 后端服务器获取真实IP
[root@tomcat02 ~]# cat /usr/local/tomcat/logs/localhost
localhost.2023-05-16.log localhost_access_log.2023-05-16.txt
localhost.2023-05-17.log localhost_access_log.2023-05-17.txt
localhost.2023-05-18.log localhost_access_log.2023-05-18.txt
[root@tomcat02 ~]# cat /usr/local/tomcat/logs/localhost_access_log.2023-05-17.txt //访问日志
192.168.70.102 - - [17/May/2023:16:53:01 +0800] "GET /favicon.ico HTTP/1.0" 200 21630
192.168.70.102 - - [17/May/2023:16:54:01 +0800] "GET / HTTP/1.0" 200 9
192.168.70.102 - - [17/May/2023:16:56:16 +0800] "GET / HTTP/1.0" 200 9
192.168.70.102 - - [17/May/2023:16:56:22 +0800] "GET / HTTP/1.0" 200 9
192.168.70.102 - - [17/May/2023:16:59:14 +0800] "GET / HTTP/1.0" 200 9
192.168.70.102 - - [17/May/2023:17:53:36 +0800] "GET /index.html HTTP/1.0" 404 1084
192.168.70.102 - - [17/May/2023:17:56:35 +0800] "GET /index.html HTTP/1.0" 200 10
192.168.70.102 - - [17/May/2023:18:02:51 +0800] "GET / HTTP/1.0" 200 20
192.168.70.102 - - [17/May/2023:18:11:30 +0800] "GET /index.jsp HTTP/1.0" 200 9
192.168.70.102 - - [17/May/2023:18:26:30 +0800] "GET /index.html HTTP/1.0" 200 20
192.168.70.102 - - [17/May/2023:18:27:17 +0800] "GET /index.jsp HTTP/1.0" 200 9
修改tiomcat配置
# vim /usr/local/tomcat/conf/server.xml //修改tomcat2
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%{X-FORWARDED-FOR}i %a %l %u %t %r %s %b %D %q %{User-Agent}i" resolveHosts="false" />
[root@tomcat02 ~]# systemctl restart tomcat
# vim /usr/local/tomcat/conf/server.xml //修改tomcat1
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%{X-FORWARDED-FOR}i %a %l %u %t %r %s %b %D %q %{User-Agent}i" resolveHosts="false" />
[root@tomcat01 ~]# systemctl restart tomcat
去tomcat客户端查看访问日志
[root@tomcat02 ~]# cat /usr/local/tomcat/logs/localhost_access_log.2023-05-18.txt
192.168.70.10 192.168.70.102 - - [18/May/2023:06:08:15 +0800] GET /index.html HTTP/1.0 200 20 3 Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.95 Safari/537.36
192.168.70.10 192.168.70.102 - - [18/May/2023:06:08:16 +0800] GET /index.html HTTP/1.0 200 20 2 Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.95 Safari/537.36
192.168.70.10 192.168.70.102 - - [18/May/2023:06:08:16 +0800] GET /index.html HTTP/1.0 200 20 1 Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.95 Safari/537.36
192.168.70.10 192.168.70.102 - - [18/May/2023:06:08:17 +0800] GET /index.html HTTP/1.0 200 20 3 Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.95 Safari/537.36
[root@tomcat02 ~]#
- 静动分离
//配置106 主机
[root@tomcat01 ~]# systemctl stop tomcat
[root@tomcat01 ~]# netstat -anplt | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1092/nginx: master
更改代理服务器
[root@nginx1 ~]# vim /usr/local/nginx/conf/nginx.conf
[root@nginx1 ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@nginx1 ~]# nginx -s reload
- 理论知识
proxy_connect_timeout :nginx跟后端服务器连接超时时间(代理连接超时)
proxy_read_timeout :定义从后端服务器读取响应的超时。此超时是指相邻两次读操作之间的最长时间间隔,而不是整个响应传输完成的最长时间。如果后端服务器在超时时间段内没有传输任何数据,连接将被关闭。
proxy_send_timeout :定义向后端服务器传输请求的超时。此超时是指相邻两次写操作之间的最长时间间隔,而不是整个请求传输完成的最长时间。如果后端服务器在超时时间段内没有接收到任何数据,连接将被关闭
proxy_set_header Host $host; 允许重新定义或者添加发往后端服务器的请求头。
Host的含义是表明请求的主机名,nginx反向代理服务器会向后端真实服务器发送请求,并且请求头中的host字段重写为proxy_pass指令设置的服务器。因为nginx作为反向代理使用,而如果后端真实的服务器设置有类似防盗链或者根据http请求头中的host字段来进行路由或判断功能的话,如果反向代理层的nginx不重写请求头中的host字段,将会导致请求失败。
proxy_set_header X-Forwarded-For $remote_addr; 后端web服务器获取真实的客户端IP。把真实客户端IP写入到请求头X-Forwarded-For,在Nginx Backend输出X-Forwarded-For获取到了真实客户端IP。
X_Forward_For字段表示该条http请求是有谁发起的?如果反向代理服务器不重写该请求头的话,那么后端真实服务器在处理时会认为所有的请求都来自反向代理服务器,如果后端有防攻击策略的话,那么机器就被封掉了。因此,在配置用作反向代理的nginx中一般会增加两条配置,修改http的请求头:
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;