利用 nginx 反向代理tomcat
第一步:
在两个tomcat上创建网站数据存放目录(100、101)
[root@ubuntu2004 ~]#mkdir /data/website/ROOT -p
在配置文件添加网站域名及数据存放路径
[root@ubuntu2004 ~]#vim /usr/local/tomcat/conf/server.xml
</Host>
<Host name="www.meng.com" appBase="/data/website" unpackWARs="true" autoDeploy="true">
</Host>
[root@ubuntu2004 ~]#systemctl restart tomcat.service 重启tomcat
root@ubuntu2004 ~]#chown -R tomcat.tomcat /data/website/
找测试页面丢到ROOT下(并修改测试数据区别开来100和101机器,生产中数据是一样的)
[root@ubuntu2004 ~]#cd /data/website/ROOT/
[root@ubuntu2004 ROOT]#rz -E
rz waiting to receive.
[root@ubuntu2004 ROOT]#cat index.jsp
<%@ page import="java.util.*" %>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>tomcat test</title>
</head>
<body>
<h1> Tomcat Website A </h1>
<div>On <%=request.getServerName() %></div>
<div><%=request.getLocalAddr() + ":" + request.getLocalPort() %></div>
<div>SessionID = <span style="color:blue"><%=session.getId() %></span></div>
<%=new Date()%>
</body>
</html>
第二步:在102nginx主机上
修改配置文件
[root@ubunt ~]# vim /apps/nginx/conf/nginx.conf
include /apps/nginx/conf/conf.d/*.conf;
创建www.meng.com的文件
mkdir /apps/nginx/conf/conf.d/
vim /apps/nginx/conf/conf.d/www.meng.com.conf (必须以conf结尾)
upstream webservers {
server 10.0.0.100:8080;
server 10.0.0.101:8080;
}
server {
listen 80;
server_name www.meng.com;
location / {
proxy_pass http://webservers;
proxy_set_header host $http_host;
}
}
[root@ubunt ~]# nginx -s reload
去windows上做DNS解析 10.0.0.102 www.meng.com
在windos的CMD命令窗口上执行查看结果
C:\Users\Administrator>curl www.meng.com
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>tomcat test</title>
</head>
<body>
<h1> Tomcat Website A </h1> A结果
<div>On www.meng.com</div>
<div>10.0.0.100:8080</div>
<div>SessionID = <span style="color:blue">46832DFB845D48E376B6B044E25B6EBF</span></div>
Wed Sep 28 21:08:43 CST 2022
</body>
</html>
C:\Users\Administrator>curl www.meng.com
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>tomcat test</title>
</head>
<body>
<h1> Tomcat Website B </h1> B结果
<div>On www.meng.com</div>
<div>10.0.0.101:8080</div>
<div>SessionID = <span style="color:blue">CFEECEFD4C79A2E9B82E6CA6BFB38E68</span></div>
Wed Sep 28 21:08:49 CST 2022
</body>
</html>
虽然可以轮询,但是SessionID每次都会变化,无法保持,如果是登录信息的网站,无法登录上去,静态页面可以看
实现外部请求协议为https,内部请求为http
在网上申请证书或者自签名证书
自生成证书(脚本)
#!/bin/bash
CA_SUBJECT="/O=meng/CN=ca.meng.com"
SUBJECT="/C=CN/ST=henan/L=zhengzhou/O=meng/CN=www.meng.com"
SERIAL=34
EXPIRE=202002
FILE=www.meng.com
openssl req -x509 -newkey rsa:2048 -subj $CA_SUBJECT -keyout ca.key -nodes -days 202002 -out ca.crt
openssl req -newkey rsa:2048 -nodes -keyout ${FILE}.key -subj $SUBJECT -out ${FILE}.crt
openssl x509 -req -in ${FILE}.crt -CA ca.crt -CAkey ca.key -set_serial $SERIAL -days $EXPIRE -out ${FILE}.crt
chmod 600 ${FILE}.key ca.key
创建目录存放证书文件
[root@ubunt ~]# mkdir /apps/nginx/conf/conf.d/ssl
生成pem
[root@ubunt ~]# cat www.meng.com.crt ca.crt > www.meng.com.pem
把www.meng.com.pem与www.meng.com.key 移动到ssl目录下
[root@ubunt ssl]# ls
www.meng.com.key www.meng.com.pem
修改文件
[root@ubunt conf.d]# vim /apps/nginx/conf/conf.d/www.meng.com.conf
upstream webservers {
#ip_hash; 取客户端ip的全部24位最hash
#hash $remote_addr; 取客户端ip的全部32位最hash
hash $cookie_jsessionid consistent; 一致性哈希
server 10.0.0.100:8080;
server 10.0.0.101:8080;
}
server {
listen 80;
server_name www.meng.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name www.meng.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /apps/nginx/conf/conf.d/ssl/www.meng.com.pem;
ssl_certificate_key /apps/nginx/conf/conf.d/ssl/www.meng.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
proxy_pass http://webservers;
proxy_set_header host $http_host;
}
}
[root@ubunt conf.d]# nginx -s reload
去网页访问,有证书。
实现会话保持
第一种方法: 会话粘性(session sticky,根据源地址和cookie进行绑定)
在nginx
[root@ubunt conf.d]# vim /apps/nginx/conf/conf.d/www.meng.com.conf
upstream webservers {
#ip_hash; 取客户端ip的全部24位最hash
#hash $remote_addr; 取客户端ip的全部32位最hash
hash $cookie_jsessionid consistent; 一致性哈希
server 10.0.0.100:8080;
server 10.0.0.101:8080;
}
server {
listen 80;
server_name www.meng.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name www.meng.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /apps/nginx/conf/conf.d/ssl/www.meng.com.pem;
ssl_certificate_key /apps/nginx/conf/conf.d/ssl/www.meng.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
proxy_pass http://webservers;
proxy_set_header host $http_host;
}
}
[root@ubunt conf.d]# nginx -s reload
第二种方法:复制集群(在100.101机器上修改)
第一步:
[root@ubunt ~]# vim /apps/nginx/conf/conf.d/www.meng.com.conf
先关闭原来的 hash $cookie_jsessionid consistent; 一致性哈希
[root@ubunt ~]# nginx -s reload
第二步:
https://tomcat.apache.org/tomcat-10.0-doc/cluster-howto.html https://tomcat.apache.org/tomcat-9.0-doc/cluster-howto.html https://tomcat.apache.org/tomcat-8.5-doc/cluster-howto.html http://tomcat.apache.org/tomcat-7.0-doc/cluster-howto.html
对应好版本,去网站访问USER GUIDE的序号19,复制The following is the default cluster configuration:的内容到
[root@ubuntu2004 ~]#vim /usr/local/tomcat/conf/server.xml
(放在域名下面,所有tomcat都改,只把auto改成当前ip address="10.0.0.100")
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
channelSendOptions="8">
<Manager className="org.apache.catalina.ha.session.DeltaManager"
expireSessionsOnShutdown="false"
notifyListenersOnReplication="true"/>
<Channel className="org.apache.catalina.tribes.group.GroupChannel">
<Membership className="org.apache.catalina.tribes.membership.McastService"
address="228.0.0.4"
port="45564"
frequency="500"
dropTime="3000"/>
<Receiver className="org.apache.catalina.tribes.transport.nio.NioReceiver"
address="10.0.0.100"
port="4000"
autoBind="100"
selectorTimeout="5000"
maxThreads="6"/>
<Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
<Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
</Sender>
<Interceptor className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
<Interceptor className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor"/>
</Channel>
<Valve className="org.apache.catalina.ha.tcp.ReplicationValve"
filter=""/>
<Valve className="org.apache.catalina.ha.session.JvmRouteBinderValve"/>
<Deployer className="org.apache.catalina.ha.deploy.FarmWarDeployer"
tempDir="/tmp/war-temp/"
deployDir="/tmp/war-deploy/"
watchDir="/tmp/war-listen/"
watchEnabled="false"/>
<ClusterListener className="org.apache.catalina.ha.session.ClusterSessionListener"/>
</Cluster>
第三步:把自带的WEB-INF下的web.xml拷贝到/data/website/ROOT/
[root@ubuntu2004 ~]#cd /data/website/ROOT/
[root@ubuntu2004 ROOT]#ls
index.jsp
[root@ubuntu2004 ROOT]#cd /data/website/ROOT/
[root@ubuntu2004 ROOT]#cp /usr/local/tomcat/webapps/ROOT/WEB-INF/ . -r
[root@ubuntu2004 ROOT]#ls
[root@ubuntu2004 WEB-INF]#vim web.xml
index.jsp WEB-INF
Welcome to Tomcat
</description>
<distributable/>
</web-app>
把改过的文件拷贝到其他tomcat下
[root@ubuntu2004 ROOT]#scp -r WEB-INF/ 10.0.0.101:/data/website/ROOT/
重启服务
[root@ubuntu2004 ROOT]#systemctl restart tomcat.service
ss -ntl 出现4000端口,用来接收多播数据,去网页访问。
验证多播:
在其他机器tcpdump -i -eth0 -nn host 233.0.0.0
第三种方法:session server(Memcached和redis)
Memcached
另起服务器下载Memcached
[root@ubuntu2004 ~]#apt -y install memcached 下载memcache
[root@ubuntu2004 ~]#systemctl status memcached.service ubuntu自动启动
9月 29 10:42:58 ubuntu2004 systemd[1]: Started memcached daemon.
[root@ubuntu2004 ~]#ss -ntl 11211端口号
修改配置文件,具备跨远程访问
[root@ubuntu2004 ~]#vim /etc/memcached.conf
-m 1024 #内存修改为物理内存的至少1/4或者一半
#-l 127.0.0.1
-l 0.0.0.0 #支持远程连接
重启服务
[root@ubuntu2004 ~]#systemctl restart memcached.service
查看端口 是不是0.0.0.0 : 11211
在前端tomcat服务器向memcached写入数据
[root@ubuntu2004 ~]#apt -y install python3-memcache
[root@centos8 ~]#yum -y install python3 python3-memcached
[root@ubuntu2004 ~]#cat m3.py
#!/usr/bin/python3 #coding:utf-8 import memcache m = memcache.Client(['10.0.0.103:11211'], debug=True)for i in range(10): m.set("key%d" % i,"v%d" % i)
ret = m.get('key%d' % i)
print("%s" % ret)
[root@ubuntu2004 ~]#chmod +x m3.py
[root@ubuntu2004 ~]#./m3.py
v0
v1
v2
v3
v4
v5
v6
v7
v8
v9
[root@ubuntu2004 ~]#telnet 10.0.0.103 11211
Trying 10.0.0.103...
Connected to 10.0.0.103.
Escape character is '^]'.
get key1
VALUE key1 16 2
v1
END
数据已经写入,但是现在session server存在单点问题
如何解决memcache的单点问题
第一种:(黏制模式:sticky sessionID交叉存放)
第一步:在tomcat机器下载memcached
[root@ubuntu2004 ~]#apt -y install memcached
修改配置文件,具备跨远程访问
[root@ubuntu2004 ~]#vim /etc/memcached.conf
-m 1024 内存修改为物理内存的至少1/4或者一半
#-l 127.0.0.1
-l 0.0.0.0
重启服务
[root@ubuntu2004 ~]#systemctl restart memcached.service
查看端口 是不是0.0.0.0 : 11211
第二步:把上面需要的依赖包放在tomcat的库目录里(11个包)
依赖包下载地址
https://github.com/magro/memcached-session-manager/wiki/SetupAndConfiguration
[root@ubuntu2004 lib]#pwd
/usr/local/tomcat/lib
[root@ubuntu2004 lib]#rz -E
rz waiting to receive.
第三步:
100机器
[root@ubuntu2004 tomcat]#vim conf/context.xml (最下面添加)
<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager" memcachedNodes="n1:10.0.0.100:11211,n2:10.0.0.101:11211" #memcache地址
failoverNodes="n1" #备用地址
requestUriIgnorePattern=".*\.(ico|png|gif|jpg|css|js)$" transcoderFactoryClass="de.javakaffee.web.msm.serializer.kryo.KryoTranscoderFactory />
</Context>
[root@ubuntu2004 tomcat]#systemctl restart tomcat.service
101机器
[root@ubuntu2004 tomcat]#vim conf/context.xml (最下面添加)
<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager" memcachedNodes="n1:10.0.0.100:11211,n2:10.0.0.101:11211"
failoverNodes="n2"
requestUriIgnorePattern=".*\.(ico|png|gif|jpg|css|js)$" transcoderFactoryClass="de.javakaffee.web.msm.serializer.kryo.KryoTranscoderFactory"
/>
</Context>
[root@ubuntu2004 tomcat]#systemctl restart tomcat.service
配置完成,去网页访问www.meng.com 会发现访问主机会变,但是sessionID不会变
第二种:(非黏制模式:non-sticky sessionID交叉存放且各自保存)
100、200机器
[root@ubuntu2004 tomcat]#vim conf/context.xml (最下面添加)
<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager"
memcachedNodes="n1:10.0.0.100:11211,n2:10.0.0.101:11211"
sticky="false"
sessionBackupAsync="false"
lockingMode="uriPattern:/path1|/path2"
requestUriIgnorePattern=".*\.(ico|png|gif|jpg|css|js)$" transcoderFactoryClass="de.javakaffee.web.msm.serializer.kryo.KryoTranscoderFactory"
/>
</Context>
[root@ubuntu2004 tomcat]#systemctl restart tomcat.service
配置完成,去网页访问www.meng.com 会发现访问主机会变,但是sessionID不会变
redis
在103机器安装redis
[root@ubuntu2004 ~]#apt -y install redis
更改配置文件,支持远程连接
[root@ubuntu2004 ~]#vim /etc/redis/redis.conf
bind 0.0.0.0
[root@ubuntu2004 ~]#systemctl restart redis
[root@ubuntu2004 ~]#ss -ntl 0.0.0.0:6379
第二步:
100、200机器
[root@ubuntu2004 tomcat]#vim conf/context.xml (最下面添加)
<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager" memcachedNodes="redis://10.0.0.103" sticky="false" sessionBackupAsync="false" lockingMode="uriPattern:/path1|/path2" requestUriIgnorePattern=".*\.(ico|png|gif|jpg|css|js)$" transcoderFactoryClass="de.javakaffee.web.msm.serializer.kryo.KryoTranscoderFactory"
/>
</Context>
[root@ubuntu2004 tomcat]#systemctl restart tomcat.service
配置完成,去网页访问www.meng.com 会发现访问主机会变,但是sessionID不会变
也可去redis客户端去查询
[root@ubuntu2004 ~]#redis-cli
127.0.0.1:6379> keys *
1) "validity:9477290EF9B08F7E06E200E84E6BB25E"
2) "9477290EF9B08F7E06E200E84E6BB25E"