Linux下Nginx+Tomcat负载均衡和动静分离配置要点
本文使用的Linux发行版:CentOS6.7 下载地址:https://wiki.centos.org/Download
一、安装Nginx
下载源:wget http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
安装源:yum install nginx-release-centos-6-0.el6.ngx.noarch.rpm
安装Nginx:yum install nginx
启动Nginx服务:service nginx start
停止Nginx服务:service nginx stop
查看Nginx运行状态:service nginx status
检查Nginx配置文件:nginx -t
服务运行中重新加载配置:nginx -s reload
添加Nginx服务自启动:chkconfig nginx on
二、修改防火墙规则
修改Nginx所在主机的防火墙配置:vi /etc/sysconfig/iptables,将nginx使用的端口添加到允许列表中。
例如:-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT (表示允许80端口通过)
修改Tomcat所在主机的防火墙配置:vi /etc/sysconfig/iptables,将tomcat使用的端口添加到允许列表中。
例如:-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT (表示允许8080端口通过)
如果主机上有多个tomcat的话,则按此规则添加多条,修改对应的端口号即可。
保存后重启防火墙:service iptables restart
三、Tomcat负载均衡配置
Nginx启动时默认加载配置文件/etc/nginx/nginx.conf,而nginx.conf里会引用/etc/nginx/conf.d目录里的所有.conf文件。
因此可以将自己定制的一些配置写到单独.conf文件里,只要文件放在/etc/nginx/conf.d这个目录里即可,方便维护。
创建tomcats.conf:vi /etc/nginx/conf.d/tomcats.conf,内容如下:
1 upstream tomcats { 2 ip_hash; 3 server 192.168.0.251:8080; 4 server 192.168.0.251:8081; 5 server 192.168.0.251:8082; 6 }
修改default.conf:vi /etc/nginx/conf.d/default.conf,修改如下:
1 #注释原有的配置 2 #location / { 3 # root /usr/share/nginx/html; 4 # index index.html index.htm; 5 #} 6 7 #新增配置默认将请求转发到tomcats.conf配置的upstream进行处理 8 location / { 9 proxy_set_header Host $host; 10 proxy_set_header X-Real-IP $remote_addr; 11 proxy_set_header REMOTE-HOST $remote_addr; 12 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 13 proxy_pass http://tomcats; #与tomcats.conf里配置的upstream同名 14 }
保存后重新加载配置:nginx -s reload
四、静态资源分离配置
修改default.conf:vi /etc/nginx/conf.d/default.conf,添加如下配置:
1 #所有js,css相关的静态资源文件的请求由Nginx处理 2 location ~.*\.(js|css)$ { 3 root /opt/static-resources; #指定文件路径 4 expires 12h; #过期时间为12小时 5 } 6 #所有图片等多媒体相关静态资源文件的请求由Nginx处理 7 location ~.*\.(html|jpg|jpeg|png|bmp|gif|ico|mp3|mid|wma|mp4|swf|flv|rar|zip|txt|doc|ppt|xls|pdf)$ { 8 root /opt/static-resources; #指定文件路径 9 expires 7d; #过期时间为7天 10 }
五、修改SELinux安全规则
如果访问Nginx时出现502 Bad Gateway错误,则可能是Nginx主机上的SELinux限制了其使用http访问权限引起的,输入命令setsebool -P httpd_can_network_connect 1 开启权限即可。
文件/etc/nginx/nginx.conf完整配置如下:
1 user nginx; 2 worker_processes auto; 3 4 error_log /var/log/nginx/error.log warn; 5 pid /var/run/nginx.pid; 6 worker_rlimit_nofile 100000; 7 8 9 events { 10 use epoll; 11 multi_accept on; 12 worker_connections 1024; 13 } 14 15 16 http { 17 include /etc/nginx/mime.types; 18 default_type application/octet-stream; 19 20 #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 21 # '$status $body_bytes_sent "$http_referer" ' 22 # '"$http_user_agent" "$http_x_forwarded_for"'; 23 24 #access_log /var/log/nginx/access.log main; 25 26 sendfile on; 27 server_tokens off; 28 #tcp_nopush on; 29 30 keepalive_timeout 65; 31 32 gzip on; 33 gzip_disable "msie6"; 34 gzip_static on; 35 gzip_proxied any; 36 gzip_min_length 1000; 37 gzip_comp_level 4; 38 gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; 39 40 include /etc/nginx/conf.d/*.conf; 41 }
文件/etc/nginx/conf.d/default.conf完整配置如下:
1 server { 2 listen 80; 3 server_name localhost; 4 5 #charset koi8-r; 6 #access_log /var/log/nginx/log/host.access.log main; 7 8 #location / { 9 # root /usr/share/nginx/html; 10 # index index.html index.htm; 11 #} 12 13 location / { 14 proxy_set_header Host $host; 15 proxy_set_header X-Real-IP $remote_addr; 16 proxy_set_header REMOTE-HOST $remote_addr; 17 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 18 proxy_pass http://web_servers; 19 } 20 21 location ~.*\.(js|css)$ { 22 root /opt/static-resources; 23 expires 12h; 24 } 25 26 location ~.*\.(html|jpg|jpeg|png|bmp|gif|ico|mp3|mid|wma|mp4|swf|flv|rar|zip|txt|doc|ppt|xls|pdf)$ { 27 root /opt/static-resources; 28 expires 7d; 29 } 30 31 #error_page 404 /404.html; 32 33 # redirect server error pages to the static page /50x.html 34 # 35 error_page 500 502 503 504 /50x.html; 36 location = /50x.html { 37 root /usr/share/nginx/html; 38 } 39 40 # proxy the PHP scripts to Apache listening on 127.0.0.1:80 41 # 42 #location ~ \.php$ { 43 # proxy_pass http://127.0.0.1; 44 #} 45 46 # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 47 # 48 #location ~ \.php$ { 49 # root html; 50 # fastcgi_pass 127.0.0.1:9000; 51 # fastcgi_index index.php; 52 # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; 53 # include fastcgi_params; 54 #} 55 56 # deny access to .htaccess files, if Apache's document root 57 # concurs with nginx's one 58 # 59 #location ~ /\.ht { 60 # deny all; 61 #} 62 }
(温馨提示:如果执行命令时没有root权限,请在命令前面加上 sudo 执行)