• nginx+tomcat


    一、系统规划

    前端用nginx作反向代理和处理静态页面(前端负载高可以考虑在中间层添加nginx服务器处理静态页面,图片等,并设置前端只转发请求或者使用四层的lvs),并通过keepalived保持它的高可用;

    以.jsp结尾的动态请求转发至中间层的tomcat集群;

    后端数据库使用mysql主从复制,当需要对动态内容加速或者数据库io瓶颈时,考虑memcache/redis缓存或者mysql proxy读写分离;

    时间原因,部分服务用yum安装,测试和生产环境会用源码编译精简安装;如下表:

    hostname

    系统

    Ip地址

    作用

    服务

    web1

    Centos6.5

    10.188.12.200

    静态请求和负载均衡

    Nginx,keepalived

    web2

    Centos6.5

    10.188.12.201

    备用

    Nginx,keepalived

    10.188.12.202

    对外服务的vip

    app1

    Centos6.5

    10.188.12.203

    处理jsp请求

    Jdk,tomcat

    app2

    Centos6.5

    10.188.12.204

    处理jsp请求

    Jdk,tomcat

    app...

    Centos6.5

    按需求添加

    处理jsp请求或图片等

    Jdk,tomcat

    db1

    Centos6.5

    192.168.77.223

    mariadb主库

    mariadb-server

    db2

    Centos6.5

    192.168.77.224

    mariadb从库

    mariadb-server

     

    二、系统初始化

    1、修改hostname

    web1为例,其它类似:

    [root@lnmp1 ~]# hostname web1

    [root@lnmp1 ~]# sed -i 's/HOSTNAME=lnmp1/HOSTNAME=web1/' /etc/sysconfig/network

    2、设置iptables

    web1为例,其它类似:

    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

    iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

    iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

    iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

    iptables -A INPUT -p icmp -j ACCEPT

    iptables -A INPUT -i lo -j ACCEPT

    iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited

    iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited

    3、关闭selinux

    sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux

    setenforce 0

    4、安装epel源

    yum -y install epel-release.noarch

    5、设置linux系统文件句柄数

    [root@web1 ~]# ulimit -SHn 65535

    [root@web1 ~]# echo -e '* soft   nofile   32768' >> /etc/security/limits.conf

    [root@web1 ~]# echo -e '* hard nofile 65536' >> /etc/security/limits.conf

    三、安装配置nginx和keepalived

    1、安装nginx

    groupadd www

    useradd -g www -s /sbin/nologin -M -r www

    yum -y install wget pcre pcre-devel openssl-devel zlib-devel lrzsz gcc gcc-c++

    cd /usr/local/src

    wget http://nginx.org/download/nginx-1.12.0.tar.gz

    tar zxvf nginx-1.12.0.tar.gz

    cd nginx-1.12.0

    ./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_ssl_module --with-http_gzip_static_module  --with-http_stub_status_module

    make -j8

    make install

    2、配置nginx

    vi /usr/local/nginx/nginx.conf

    user  www;

    worker_processes  1;

    error_log  logs/error.log;

    pid        logs/nginx.pid;

    events {

        use epoll;

        worker_connections  1024;

    }

    http {

        include       mime.types;

        default_type  application/octet-stream;

        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                          '$status $body_bytes_sent "$http_referer" '

                          '"$http_user_agent" "$http_x_forwarded_for"';

        access_log  logs/access.log  main;

        sendfile        on;

        #tcp_nopush     on;

        #keepalive_timeout  0;

        keepalive_timeout  65;

        gzip on;

        gzip_min_length 1k;

        gzip_buffers    4 16k;

        gzip_http_version 1.0;

        gzip_comp_level 2;

        gzip_types text/plain application/x-javascripttext/css application/xml;

        gzip_vary on;

    upstream apps{

    iphash;

    server 10.188.12.203:8080  max_fails=3  fail_timeout=20s;

    server 10.188.12.204:8080  max_fails=3  fail_timeout=20s;

    }

        server {

            listen       80;

            server_name  localhost;

            charset utf-8;

            #access_log  logs/host.access.log  main;

            location / {

                root   /root/www/

                index  index.html   index.htm;

            }

        location ~ .*.(jsp|do)$ {

                proxy_pass http://apps;  

                proxy_set_header X-Real-IP $remote_addr;

            }

            location ~ .*.(gif|jpg|png|bmp|swf)$  

            {

                expires 3d;  

            }

           }

        }

    }

    3、安装配置keepalived

    yum -y install keepalived

    创建nginx进程监控脚本:

    vi /etc/keepalived/check_nginx.sh

    #!/bin/bash

    counter=$(ps -C nginx --no-heading|wc -l)

    if [ "${counter}" = "0" ]; then

        /usr/local/bin/nginx

        sleep 2

        counter=$(ps -C nginx --no-heading|wc -l)

        if [ "${counter}" = "0" ]; then

            /etc/init.d/keepalived stop

        fi

    fi

    chmod 755 /etc/keepalived/check_nginx.sh

    更改keepalived.conf

    ! Configuration File for keepalived

    global_defs {

        notification_email {

            243161146@qq.com

        }

        notification_email_from sh24316@sina.cn

        smtp_server smtp.sina.cn

        smtp_connect_timeout 30

        router_id LVS_DEVEL

    }

    vrrp_script chk_nginx {

    #    script "killall -0 nginx"

        script "/etc/keepalived/check_nginx.sh"

        interval 2

        weight -5

        fall 3 

        rise 2

    }

     

    vrrp_instance VI_1 {

        state MASTER

        interface eth0

        mcast_src_ip 10.188.12.200

        virtual_router_id 51

        priority 101

        advert_int 2

        authentication {

            auth_type PASS

            auth_pass 1111

        }

        virtual_ipaddress {

            10.188.12.202

        }

        track_script {

           chk_nginx

        }

    }

    备机上的keepalived.conf只需要更改 stateBACKUP,priority 100, mcast_src_ip 10.188.12.201

    四、安装配置tomcat server

    1、安装jdk

    wget -e 'http_proxy=192.168.77.226:808' -O "jdk-8u121-linux-x64.rpm" http://download.oracle.com/otn/java/jdk/8u121-b13/e9e7ea248e2c4826b92b3f075a80e441/jdk-8u121-linux-x64.rpm?AuthParam=1496053942_30cd718b9bf6c0d4a6bbe34a72e86dd6

    (需要先登陆oracle官网,找到相关版本下载链接)

    rpm -ivh jdk-8u121-linux-x64.rpm

    vi /etc/profile.d/java.sh

    #!/bin/bash
    JAVA_HOME=/usr/java/jdk1.8.0_121/
    PATH=$JAVA_HOME:$PATH
    export PATH JAVA_HOME

    . /etc/profile.d/java.sh

    2、安装配置tomcat

    wget https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-8/v8.5.15/bin/apache-tomcat-8.5.15.tar.gz

    tar xf apache-tomcat-8.5.15.tar.gz -C /usr/local

    ln -sv /usr/local/apache-tomcat-8.5.15 /usr/local/tomcat

    vi /etc/profile.d/tomcat.sh

    #!/bin/bash
    export CATALINA_HOME=/usr/local/tomcat
    export PATH=$PATH:$CATALINA_HOME/bin

     .  /etc/profile.d/tomcat.sh

    在更改/usr/local/tomcat/conf/server.xml后(比如在Host里修改appBase等)启动tomcat服务:catalina.sh start

    3、JVM配置和优化

    根据实际情况更改catalina.sh   server.xml         web.xml             tomcat-users.xml

    五、安装配置mariadb主从:(使用mariadb10来代替默认的mysql5.1)

    1、安装mariadb10

    配置yum:

    vi /etc/yum.repos.d/mariadb.repo

    # http://downloads.mariadb.org/mariadb/repositories/

    [mariadb]

    name = MariaDB

    baseurl = http://yum.mariadb.org/10.1/centos6-amd64

    gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB

    gpgcheck=1

    yum -y install MariaDB-server

    2、配置主从

    db1:

    cp  /usr/share/mysql/my-huge.cnf  /etc/my.cnf

    service mysql restart   

    mysql_secure_installation

    vi /etc/my.cnf  添加

    server-id = 1

    log-bin = mysql-bin

    binlog_format = row

    log-slave-updates

    sync_binlog = 1

    auto_increment_increment = 2 

    auto_increment_offset = 1

    登陆mysql并创建复制账号并重置状态:

    grant replication slave,replication client on *.* to 'copy'@'192.168.77.224' identified by 'paste';

    reset master;
    reset slave;

    db2:

    cp  /usr/share/mysql/my-huge.cnf  /etc/my.cnf

    service mysql restart   

    mysql_secure_installation

    vi /etc/my.cnf

    server-id       = 2

    log-bin=mysql-bin

    log-slave-updates

    relay-log=relay-log-bin

    change master to master_host='192.168.77.223',master_user='copy',master_password='paste',master_log_file='mysql-bin.000001',master_log_pos=563;

    start slave;
    show slave statusG

    过往配置:

    一、安装nginx

    yum -y install wget pcre pcre-devel openssl-devel zlib-devel lrzsz gcc gcc-c++
    wget http://nginx.org/download/nginx-1.12.0.tar.gz
    wget http://nginx.org/download/nginx-1.12.0.tar.gz
    groupadd www
    useradd -g www -s /sbin/nologin -M -r www
    ./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module

    make && make install

    添加配置文件:

    user  www;
    worker_processes  1;
    
    error_log  logs/error.log;
    #error_log  logs/error.log  notice;
    #error_log  logs/error.log  info;
    
    pid        logs/nginx.pid;
    
    
    events {
        use epoll;
        worker_connections  1024;
    }
    
    
    http {
        include       mime.types;
        default_type  application/octet-stream;
    
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';
    
        access_log  logs/access.log  main;
    
        sendfile        on;
        #tcp_nopush     on;
    
        #keepalive_timeout  0;
        keepalive_timeout  65;
    
        gzip on;
        gzip_min_length 1k;
        gzip_buffers    4 16k;
        gzip_http_version 1.0;
        gzip_comp_level 2;
        gzip_types text/plain application/x-javascripttext/css application/xml;
        gzip_vary on;
    
        server {
            listen       80;
            server_name  www.test.com;
    
            charset utf-8;
    
            #access_log  logs/host.access.log  main;
    
            location / {
                root   /usr/local/tomcat/webapps/ROOT;
                index  index.html index.jsp  index.htm;
            }
    
        location ~ .*.jsp$ {
                index index.jsp;
                proxy_pass http://127.0.0.1:8080;   
                proxy_redirect off;
                proxy_set_header Host $host;  
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                client_max_body_size 10m;   
                client_body_buffer_size 128k; 
                proxy_connect_timeout 90;   
                proxy_read_timeout 90;      
                proxy_buffer_size 4k;       
                proxy_buffers 6 32k;        
                proxy_busy_buffers_size 64k;
                proxy_temp_file_write_size 64k; 
            }
            location ~ .*.(gif|jpg|png|bmp|swf)$   
            {
                expires 30d;   
            }
            location ~ .*.(jsp|js|css)?$
            {
                expires 1d;
            }    
        
           error_page  404              /404.html;
    
           #redirect server error pages to the static page /50x.html
            
           error_page   500 502 503 504  /50x.html;
           location = /50x.html {
               root   html;
           }
    
            # proxy the PHP scripts to Apache listening on 127.0.0.1:80
            #
            #location ~ .php$ {
            #    proxy_pass   http://127.0.0.1;
            #}
    
            # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
            #
            #location ~ .php$ {
            #    root           html;
            #    fastcgi_pass   127.0.0.1:9000;
            #    fastcgi_index  index.php;
            #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
            #    include        fastcgi_params;
            #}
    
            # deny access to .htaccess files, if Apache's document root
            # concurs with nginx's one
            #
            #location ~ /.ht {
            #    deny  all;
            #}
        }
    
    
        # another virtual host using mix of IP-, name-, and port-based configuration
        #
        #server {
        #    listen       8000;
        #    listen       somename:8080;
        #    server_name  somename  alias  another.alias;
    
        #    location / {
        #        root   html;
        #        index  index.html index.htm;
        #    }
        #}
    
    
        # HTTPS server
        #
        #server {
        #    listen       443 ssl;
        #    server_name  localhost;
    
        #    ssl_certificate      cert.pem;
        #    ssl_certificate_key  cert.key;
    
        #    ssl_session_cache    shared:SSL:1m;
        #    ssl_session_timeout  5m;
    
        #    ssl_ciphers  HIGH:!aNULL:!MD5;
        #    ssl_prefer_server_ciphers  on;
    
        #    location / {
        #        root   html;
        #        index  index.html index.htm;
        #    }
        #}
    
    }

    添加启动脚本:

    #!/bin/bash
    # chkconfig: 345 99 20
    # description: Nginx servicecontrol script
    PROG="/usr/local/nginx/sbin/nginx"
    PIDF="/usr/local/nginx/logs/nginx.pid"
    case "$1" in
    start)
    $PROG
    echo "Nginx service start success."
    ;;
    stop)
    kill -s QUIT $(cat $PIDF)
    echo "Nginx service stop success."
    ;;
    restart)
    $0 stop
    $0 start
    ;;
    reload)
    kill -s HUP $(cat $PIDF)
    echo "reload Nginx config success."
    ;;
    *)
    echo "Usage: $0{start|stop|restart|reload}"
    exit 1
    esac
    chmod +x /etc/init.d/nginx
    service nginx restart
    chkconfig nginx on

    添加nginx环境:

    echo -e 'PATH=/usr/local/nginx/sbin:$PATH' >> /etc/profile
    source /etc/profile

    二、安装tomcat

    tar zxvf apache-tomcat-8.5.15.tar.gz
    tar zxvf jdk-8u131-linux-x64.tar.gz
    
    cp /usr/local/src/apache-tomcat-8.5.15 /usr/local/tomcat -rf
    cp jdk1.8.0_131  /usr/local/jdk -rf

    vi /etc/profile   
    JAVA_HOME=/usr/local/jdk
    PATH=$PATH:$JAVA_HOME/bin
    CLASSPATH=$JAVA_HOME/lib:$JAVA_HOME/jre/lib
    export JAVA_HOME PATH CLASSPATH
    source /etc/profile

    /usr/local/tomcat/bin/startup.sh
  • 相关阅读:
    Solr 配置连接数据库
    最大利润
    分割金条的最小代价
    民居点亮
    一个会议室最多安排几场宣讲
    N皇后问题
    Integer的缓存机制
    Windows快捷键
    二叉树中两个节点的最低公共祖节点
    判断二叉树是不是完全二叉树
  • 原文地址:https://www.cnblogs.com/feral/p/6844432.html
Copyright © 2020-2023  润新知