利用Nginx反向代理 Tomcat 多节点
实验说明:通过两台nginx反代理和 keepalived实现双机热备并成功访问后端商城项目数据。
实验所需
两台nginx keepalived 漂移地址 192.168.30.100
Nginx 192.168.30.34
192.168.30.36
Tomcat 192.168.30.31
192.168.30.32
Mysql 192.168.30.35
事先已经安装完成nginx和mysql
实验达成结果 通过nginx漂移地址访问tomcat搭建的商城项目并登陆,主服务器模拟宕机,实现备份机上线
商城文件 点击链接 提取码: 97f7 里面有商城构架和一个数据库表
以下是各服务详细配置
mysql
[root@localhost ~]# mysql -u root -p #登陆mysql
mysql> create database slsaledb; #创建名为slsaledb 的数据库
mysql> GRANT all ON slsaledb.* TO 'testuser'@'%' IDENTIFIED BY 'admin123'; #授权testuser 使用密码admin123
mysql> flush privileges; #刷新
上传商城数据库文件
[root@localhost ~]# mysql -u root -p <slsaledb-2014-4-10.sql #上传数据表
Enter password: #输入数据管理员库密码
接下来配置tomcat
Tomcat所需文件
[root@lin3031 ~]# tar xf apache-tomcat-8.5.23.tar.gz #解压tomcat
[root@lin3031 ~]# tar xf jdk-8u144-linux-x64.tar.gz #解压java
[root@lin3031 ~]# cp -a jdk1.8.0_144/ /usr/local/java #复制Java解压文件至/usr/local/java
[root@lin3031 ~]# vi /etc/profile #增加环境变量
在最后插入下四行
export JAVA_HOME=/usr/local/java
export JRE_HOME=/usr/local/java/jre
export PATH=$PATH:/usr/local/java/bin
export CLASSPATH=./:/usr/local/java/lib:/usr/local/java/jre/lib
刷新环境变量
[root@lin3031 ~]# source /etc/profile
查看是否生效
[root@lin3031 ~]# java -version
java version "1.8.0_144"
Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)
[root@lin3031 ~]# cp -a apache-tomcat-8.5.23 /usr/local/tomcat8 #将解压后的tomcat复制到/usr/local/tomcat8
[root@lin3031 ~]# ln -s /usr/local/tomcat8/bin/startup.sh /usr/bin/tomcatup #优化路径
[root@lin3031 ~]# ln -s /usr/local/tomcat8/bin/shutdown.sh /usr/bin/tomcatdown #优化路径
[root@lin3031 ~]# tomcatup #启动tomcat
[root@lin3031 ~]# netstat -anpt | grep 8080 #过滤8080端口
tcp6 0 0 :::8080 :::* LISTEN 1325/java
另一台tomcat安装操作相同
商城文件 点击链接 提取码: 97f7 里面有商城构架和一个数据库表
需要复制商城文件到tomcat
[root@lin3031 ~]# tar xf SLSaleSystem.tar.gz
[root@lin3031 ~]# cp -a SLSaleSystem /usr/local/tomcat8/webapps/
Tomcat主conf文件中添加 <Context path="" docBase="SLSaleSystem" reloadable="true" debug="0"></Context>
[root@lin3031 ~]# vim /usr/local/tomcat8/conf/server.xml
将tomcat连接后方数据库
[root@lin3031 ~]# vim /usr/local/tomcat8/webapps/SLSaleSystem/WEB-INF/classes/jdbc.properties
修改数据库地址和授权的账号密码
第二台tomcat操作如上相同
下面来测试
启动tomcat
[root@lin3031 ~]# tomcatdown
访问 192.168.30.31:8080 账号 admin 密码 123456
可以看到已经跳出了登陆选项
当然,用户是不可以知晓后方服务器的,需要提供一个前端来访问,下面的操作是配置两个nginx
Nginx配置
第一台 192.168.30.36
[root@lin3036 ~]# vim /usr/local/nginx/conf/nginx.conf
user nginx nginx;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;
#pid logs/nginx.pid;
events {
use epoll;
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream center_pool { #默认轮询
ip_hash; #保持连接
server 192.168.30.31:8080; #两台tomcat服务器
server 192.168.30.32:8080;
}
server {
listen 80;
server_name lvs01 192.168.30.36;
location / {
proxy_pass http://center_pool; #代理tomcat
}
}
}
使用nginx –t 检查语法
[root@lin3036 ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: [warn] 10240 worker_connections exceed open file resource limit: 1024
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
另一台nginx 192.168.30.34
[root@lin3034 ~]# vi /usr/local/nginx/conf/nginx.conf
user nginx nginx;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;
#pid logs/nginx.pid;
events {
use epoll;
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream center_pool { #默认轮询
ip_hash; #保持连接
server 192.168.30.31:8080; #两台tomcat服务器
server 192.168.30.32:8080;
}
server {
listen 80;
server_name lvs02 192.168.30.34;
location / {
proxy_pass http://center_pool; #代理tomcat
}
}
}
使用nginx –t 检查语法
[root@lin3034 ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: [warn] 10240 worker_connections exceed open file resource limit: 1024
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
检查后没有问题就重启nginx
systemctl restart nginx
验证
使用keepalived来保持两台nginx实现热备份 并用192.168.30.100访问商城
下面进行安装
yum -y install popt-devel \
kernel-devel \
openssl-devel
tar xvf keepalived-1.4.2.tar.gz
cd keepalived-1.4.2
[root@lin3034 keepalived-1.4.2]# ./configure --prefix=/
[root@lin3034 keepalived-1.4.2]# make && make install
[root@lin3034 keepalived-1.4.2]# cp keepalived/etc/init.d/keepalived /etc/init.d/
[root@lin3034 keepalived-1.4.2]# systemctl enable keepalived
两台安装方式相同
下面进行配置文件修改
第一台
[root@lin3036 keepalived-1.4.2]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
route_id NGINX-01 #服务器名称
}
vrrp_script nginx {
script "/opt/nginx.sh" #keepalived 状态检查配置文件路径
interval 2
weight -10
}
vrrp_instance VI_1 {
state MASTER #作为主服务器
interface ens33
virtual_router_id 51
priority 150 #优先级设为150
advert_int 1
authentication {
auth_type PASS #认证方式
auth_pass 1111 #认证密码
}
track_script {
nginx
}
virtual_ipaddress {
192.168.30.100 #两台nginx共同虚拟的IP地址(漂移地址)
}
}
该脚本方便同时将nginx和keepalived服务器同时启动
[root@lin3036 keepalived-1.4.2]# vi /opt/nginx.sh
#!/bin/bash
#Filename:nginx.sh
A=$(ps -ef | grep keepalived | grep -v grep | wc -l)
if [ $A -gt 0 ]; then
/etc/init.d/nginx start
else
/etc/init.d/nginx stop
fi
[root@lin3036 keepalived-1.4.2]# chmod +x /opt/nginx.sh
[root@lin3036 keepalived-1.4.2]# systemctl start keepalived
[root@lin3036 keepalived-1.4.2]# ip addr
由于第二台没有配置,所以默认192.168.30.100 在主服务器上
第二台
[root@lin3034 keepalived-1.4.2]# vi /etc/keepalived/keepalived.conf
global_defs {
route_id NGINX-02
}
vrrp_script nginx {
script "/opt/nginx.sh"
interval 2
weight -10
}
vrrp_instance VI_1 {
state BACKUP #作为从服务器
interface ens33
virtual_router_id 51
priority 100 #和主相差50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
nginx
}
virtual_ipaddress {
192.168.30.100
}
根据漂移地址是否存在而启动nginx服务。
[root@lin3034 keepalived-1.4.2]# vi /opt/nginx.sh
#!/bin/bash
#Filename:nginx.sh
A=$(ip addr | grep 192.168.80.100/32 | grep -v grep | wc -l)
if [ $A -gt 0 ]; then
/etc/init.d/nginx start
else
/etc/init.d/nginx stop
fi
chmod +x /opt/nginx.sh
systemctl start keepalived
模拟主服务器故障
[root@lin3036 keepalived-1.4.2]# systemctl stop keepalived
[root@lin3036 keepalived-1.4.2]# systemctl stop nginx
[root@lin3036 keepalived-1.4.2]# ip addr
192.168.30.100 已经不在主服务器上了
而是到了从服务器
[root@lin3034 keepalived-1.4.2]# ip addr
访问192.168.30.100 账号 admin 密码 123456