linux运维篇19
一、haproxy https实现
路由拓扑
后台web服务器搭建
LAMP架构看这个:LAMP
yum install -y httpd
echo web>/var/www/html/index.html
systemctl start httpd
haproxy配置:
编译安装haproxy方法:haproxy编译
证书原理:ssl证书生成方式
按照上面安装haproxy
mkdir /haproxy/etc/ssl -p 创建ssl证书存放目录
cd /haproxy/etc/ssl/
vi ssl.sh 利用脚本快速生成证书
#!/bin/bash
#设置CA
CA_SUBJECT="/O=heaven/CN=io"
#设置客户端名称
SUBJECT="/C=CN/ST=Beijing/L=Beijing/O=nginx/CN=haproxy.test.io"
#设置证书文件名
FILE=haproxy.test.io
KEY_SIZE=2048
SERIAL=34
SERIAL2=35
CA_EXPIRE=202002
EXPIRE=365
#生成自签名的CA证书
openssl req -x509 -newkey rsa:${KEY_SIZE} -subj $CA_SUBJECT -keyout ca.key -nodes -days $CA_EXPIRE -out ca.crt
#客户端生成私钥和证书申请
openssl req -newkey rsa:${KEY_SIZE} -nodes -keyout ${FILE}.key -subj $SUBJECT -out ${FILE}.csr
#颁发证书
openssl x509 -req -in ${FILE}.csr -CA ca.crt -CAkey ca.key -set_serial $SERIAL -days $EXPIRE -out ${FILE}.crt
chmod 600 *.key
将客户端的证书和秘钥合并
cat haproxy.test.io.crt haproxy.test.io.key >haproxy.test.io.pem
ls
haproxy创建配置文件
vi /haproxy/etc/conf.d/web.cfg
listen web-hosts
bind 192.168.116.130:80
bind 192.168.116.130:443 ssl crt /haproxy/etc/ssl/haproxy.test.io.pem
mode http
log global
redirect scheme https if !{
ssl_fc }
http-request set-header X-forwarded-Port %[dst_port]
http-request add-header X-forwarded-Proto https if {
ssl_fc }
server web1 192.168.116.132:80 check
systemctl restart haproxy
客户端测试
curl -k https://192.168.116.130
二、总结tomcat的核心组件以及根目录结构
核心组件:
- server:tomcat核心组件,可以启动多个tomcat实例,也就是多个server(tomcat)主进程。
- service(服务):主要用于engine(引擎)和Connector连接器之间的关联,一个service只能有一个引擎。可以有多个service。
- Connector:连接器。主要用于管理tomcat的端口和http协议,https协议,ajp协议等协议的通信。
- engine(引擎):主要用来调度客户端的访问请求到网页上。
- host(虚拟主机):主要定义网站名字,网站目录等信息
- Context :定义应用程序单独的路径映射和配置等信息
配置文件关系演示:
<?xml version="1.0" encoding="UTF-8"?>
#server包括service
<Server port="8005" shutdown="SHUTDOWN">
<Service name="Catalina">
#service包括connector和engine
<Connector port="8080" protocol="HTTP/1.1"connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
#engine包括host
<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Context >
<Context />
</Host>
</Engine>
</Service>
</Server>
目录:
- bin:程序目录,主要存放tomcat启动的程序和脚本
- conf:配置文件目录,包括server组件配置,网页访问管理,tomcat程序管理规则等配置文件。
- lib:库目录。主要存放tomcat启动时需要的jar依赖包。
- logs:日志目录。存放tomcat的网站访问日志,错误日志。
- work:jsp编译后的结果文件目录。
- webapps:存放网站文件的目录
三、tomcat实现多虚拟主机
tomcat依赖Java服务,所以要先安装Java服务
Java编译安装:
Java 8的源码包需要注册账户后才能下载:Java下载
tar xf jdk-8u301-linux-x64.tar.gz -C /usr/local/ 解压下载的压缩包
cd /usr/local/
ln -s jdk1.8.0_301/ jdk
vi /etc/profile.d/java.sh
编辑环境变量
export JAVA_HOME=/usr/local/jdk
export PATH=$PATH:$JAVA_HOME/bin
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=$JAVA_HOME/lib/:$JRE_HOME/lib
source /etc/profile.d/java.sh
java -version
tomcat编译:
wget https://dlcdn.apache.org/tomcat/tomcat-8/v8.5.70/bin/apache-tomcat-8.5.70.tar.gz
tar xf apache-tomcat-8.5.70.tar.gz -C /usr/local/
cd /usr/local/
ln -s apache-tomcat-8.5.70/ tomcat
echo 'PATH=/usr/local/tomcat/bin:$PATH' > /etc/profile.d/tomcat.sh
source /etc/profile.d/tomcat.sh
useradd -r -s /sbin/nologin tomcat
echo "JAVA_HOME=/usr/local/jdk"> /usr/local/tomcat/conf/tomcat.conf
chown -R tomcat.tomcat /usr/local/tomcat/
创建service文件
vi /lib/systemd/system/tomcat.service
[Unit]
Description=Tomcat
#After=syslog.target network.target remote-fs.target nss-lookup.target
After=syslog.target network.target
[Service]
Type=forking
EnvironmentFile=/usr/local/tomcat/conf/tomcat.conf
ExecStart=/usr/local/tomcat/bin/startup.sh
ExecStop=/usr/local/tomcat/bin/shutdown.sh
PrivateTmp=true
User=tomcat
Group=tomcat
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable tomcat
systemctl start tomcat
创建2个虚拟主机目录
mkdir /data/test{
1,2} -p
mkdir /data/test1/ROOT
mkdir /data/test2/ROOT
vi /data/test1/ROOT/index.jsp 编译虚拟主机1网页
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>test1</title>
</head>
<body>
<h1>test1</h1>
vi /data/test2/ROOT/index.jsp 编译虚拟主机2网页
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>test2</title>
</head>
<body>
<h1>test2</h1>
chown -R tomcat.tomcat /data/
配置tomcat主配置文件
设置hosts,要不然不能解析网站
vi /etc/hosts
192.168.116.130 test1.tomcat.aa test2.tomcat.aa
vi /usr/local/tomcat/conf/server.xml 删除其他,只留下这些
<?xml version="1.0" encoding="UTF-8"?>
<Server>
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector protocol="AJP/1.3"
address="::1"
port="8009"
redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Host name="test1.tomcat.aa" appBase="/data/test1"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
<Host name="test2.tomcat.aa" appBase="/data/test2"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
systemctl restart tomcat
客户端测试
设置hosts,要不然不能解析网站
vi /etc/hosts
192.168.116.130 test1.tomcat.aa test2.tomcat.aa
curl http://test1.tomcat.aa:8080/
curl http://test2.tomcat.aa:8080/
四、nginx实现后端tomcat的负载均衡调度
路由拓扑
tomcat-1配置:
按照上面安装好tomcat,修改主页
vi /usr/local/tomcat/webapps/ROOT/index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>web1</title>
</head>
<body>
<h1>web1</h1>
systemctl restart tomcat
tomcat-2配置:
按照上面安装好tomcat,修改主页
vi /usr/local/tomcat/webapps/ROOT/index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>web2</title>
</head>
<body>
<h1>web2</h1>
systemctl restart tomcat
nginx配置
编译安装看这个:nginx编译安装
初始化配置
cd /etc/yum.repos.d/
yum install -y wget
wget http://mirrors.aliyun.com/repo/Centos-7.repo
wget http://mirrors.aliyun.com/repo/epel-7.repo
mv CentOS-Base.repo CentOS-Base.repo.bak
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
yum clean all
yum makecache
systemctl stop firewalld
systemctl disable firewalld
sed -i 's/SELINUX=enforcing$/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
yum install -y nginx
vi /etc/nginx/nginx.conf 删除文件内容,改为下面这些
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
upstream webs {
server 192.168.116.132:8080;
server 192.168.116.133:8080;
}
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
location / {
proxy_pass http://webs;
index index.jsp;
}
}
}
systemctl start nginx
客户端访问测试,默认是轮询状态,也就是一台一次代理
curl http://192.168.116.130
五、简述memcached的工作原理
官网:memcached
工作原理:memcached采用Slab Allocator机制来分配、管理内存。这个机制会把物理内存分配成默认1M大小的页(page),每个页又分成块(chunk),但是这个块的大小不一样。假如第1页大小是1M,分成了100个块,那么每块大小就是10.24K。但是第2页的块大小是上一页的1.25倍(默认倍数),也就是12.8K一个块。以此类推,直到1页1个块1M内存。
图片描述:
特性:
- 采用key-value(键-值)结构存储数据,没有集合,列表等这种记录格式
- 不支持持久化保存数据,所有数据保存在内存中,一旦断电就会丢失。
- value的最大容量为1M,不适合大量数据存储
- 采用预分配内存机制管理内存,能够省去分配内存的时间
- 使用非阻塞I/O复用结构,数据存储效率高
- 支持多线程方式存储数据
- 懒淘汰机制:当数据需要删除时只是标记为0(过期),有新数据再把老的数据覆盖。
- 单机的QPS(每秒查询量)最高可以达60W,适合并发量高的场景
- 服务端不支持集群功能,无法实现高可用负载。但是源代码开放,可以通过修改代码实现集群功能。