High concurrency processing, there is a single server bottleneck service
Nginx belongs nio, noblocking Io nonblocking
Apache belong Bio, Blocking IO blocking of
Mounting portion
-
Installation dependence: yum -y install gcc openssl-devel pcre-devel zlib-devel -y
-
Extract the source tar -zxvf nginx-1.8.1.tar.gz
-
cd nginx-1.8.1
./configure --prefix=/opt/sxt/nginx
-
In the source tree to compile installation
make && make install
The command section
Nginx executed in the software directory / opt / sxt / nginx / sbin in
-
Start ./nginx
-
Close ./nginx -s stop fast
-
Ordinary closed ./nginx -s quit
-
Reload the configuration file ./nginx -s reload (in the state to start using, with immediate effect)
-
Reopen the log file ./nginx -s reopen
Access Port default after startup: 192.168.163.10:80
Direct access page on nginx
Html directory in the software, load the html page and other static resources (images, etc.), the directory is direct access to the root directory of nginx web page files. http: //node2/123.jpg
Configuration section
File Path: opt / sxt / nginx / conf / nginx.conf (only need to configure the master node, the other nodes start tomcat as a service node)
Global Configuration
-
worker_processes number of processes running, generally consistent with the number of cpu core
-
Error_log path and log format type
-
pid process to store the current position of
#user nobody; 用户运行nginx
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
event configuration (number of threads)
Worker_connections used to configure the number of threads per process
events {
worker_connections 1024;
}
http (Network Information)
-
Type of request received resource profiles include
-
Transmitted data mode default_type
-
log_format log format defines the format and the name of the main, you can customize the log format sxt
-
Path and access log access_log format (format references log_format)
-
sendfile kernel mode based on the data copy, the copy memory footprint reduction
-
Are tcp_nopush close competition mode service, may result in thundering herd effect
-
keepalive_timeout maintain a long time links with the browser service, a realization link multiple requests
It can be set to 0, so that the connection switching obvious, easy to test
-
Whether to send gzip file compression
-
server virtual host configuration
-
upstream proxy cluster configuration
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#log_format sxt '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"。。、';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 0;
#keepalive_timeout 65;
#gzip on;
upstream
server {...}
}
upstream cluster configuration
Configure each host server and port clusters;
The default cluster node using the polling way to call
Each weight can be added after the node weights, the greater the value assigned more
least_conn properties to achieve minimal load balancing is connected, for requesting allocation of a node connected to a minimum
Ip_hash request attribute is used to ensure the same client are directed only to one server (unless unavailable), session persistence is achieved
{XXX upstream
least_conn;
Server = weight 192.168.163.11:8080. 3;
Server 192.168.163.12:8080;
Server 192.168.163.13:8080;
}
# end note semicolon
server (web hosting)
located at http server, you can write multiple service
Web Hosting: general and ports (listen) to distinguish between virtual hosts, can be based on ip are based on the domain name (server_name). The nginx virtual host domain name and port assigned different server request, executes a corresponding service.
-
listen to nginx listening port
-
server_name to listen on the host name or IP , you can set up more spaces
-
location and uri interception proxy configuration
-
charset character set
-
access_log for the current host access log and format
-
error_page error page (understand)
-
php proxy proxy-related content ... (understand)
server {
listen 80;
server_name basenode;
location / {
root html;
index index.html index.htm;
}
#charset koi8-r;
#access_log logs/host.access.log main;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html { root html; }
}
以下基于ssl的是https的代理
server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
location (Interception and Distribution)
Located in the server, it intercepts the request and to specify a proxy server
-
proxy_pass definition proxy server or cluster, pay attention to the end of the semicolon
-
root is the root directory, index as the default access address (understand)
-
Internal controls allow and deny access to load
The default home page address nginx
LOCATION / {
the root HTML;
index index.html index.htm;} achieved through a proxy server proxy LOCATION / { proxy_pass http://192.163.163.11:8080; } agent through a proxy server clusters LOCATION / { proxy_pass HTTP: // upstream of the cluster name; } LOCATION / { the allow 192.168.78.0/24; the deny 192.168.78.1; the allow 10.1.1.0/16; the allow 192.168.1.0/32; the deny All; proxy_pass HTTP: / / XXX: 8080; }
About interception (static resources)
Format: location rules of regular expressions {}
Rules include
-
= Exact matching at the beginning of
-
~ ^ Represents the beginning of a specified string begins with uri
-
~ Represents the beginning of a case-sensitive match regular
-
~ * Represents the beginning of a case-insensitive regular match
-
! Negate
-
/ Generic matches, any requests are matched to the
-
Mainly involved
-
^ ~ / Static / designated static resources
-
~ . (GIF | JPG | PNG | JS | CSS) $ specified ending suffix
-
* ~ . PNG $ specify a certain type of file suffixes
-
= LOCATION / {
# Rule A
}
LOCATION = / Login {
# Rule B
}
LOCATION ~ ^ / static / {
# Rule C
}
LOCATION ~ \. (GIF | JPG | PNG | JS | CSS) {$
# Rule D
}
~ * LOCATION \ .png $ {
# rule E
}
LOCATION! ~ \ .xhtml $ {
# rule F.
}
LOCATION! ~ * \ .xhtml $ {
# rule G
}
LOCATION / {
# rule H
}
Tips:
-
http: // localhost / will match rule A
-
http: // localhost / login will match rule B
-
http: // localhost / register the matching rules
-
http: //localhost/static/a.html the matching rule C
-
Sequentially matched in order, once a match to the first rule, no longer matches the back, the order of the rules so to note
http: //localhost/b.jpg rule is satisfied the rule D and E, but the order of precedence rules D, E does not work rules,
http: //localhost/static/c.png the priority rule to match C
-
http: //localhost/a.PNG the matching rules E, without matching rules D, E because the rules are not case sensitive.
-
http: //localhost/a.xhtml not matching rules and rule F G, HTTP: //localhost/a.XHTML not match rule G, as case insensitive. Rule F., G is the exclusion rules, but does not meet the matching rule to match.
-
http: // localhost / category / id / 1111 is finally matched to the rule H, other rules are not satisfied, the background are generally requested.
Static resource server
-
Examples of static resources placed directly on nginx, can also be configured to perform a dedicated server to serve static resources.
# Static resources www.123.com/static/xxxx makes a request directly to the statices file in the folder nginx service acquisition. #statices folder is created in the path / opt / SXT / Nginx / statices
Server {
the listen 80;
server_name www.123.com;
LOCATION ~ ^ / static / { Alias statices /; } LOCATION / { proxy_pass http://192.168.163.11 : 8080; } }
-
Static resources can be configured to a different domain name.
# Www.123.com pages can request a static resource www.456.com/static/xxxx it, stored path to the resource above server{ listen 80; server_name www.123.com; location / { proxy_pass http://192.168.163.11:8080; } } server{ listen 80; server_name www.456.com; location ^~ /static/ { alias statices/; } }
-
When a static resource to tomcat, the default point webapps / project / static / directory ( www.123.com/static/xxx.jpg )
server{ listen 80; server_name www.123.com; location ^~ /static/ { proxy_pass http://192.168.163.11:8080;# point tomcat static resource is located } }
About Access Control
-
allow allow access, deny deny access
-
After judging from the sequentially down, find the first matching determination conditions, conditions of the latter determination is not executed.
-
all represent all requests matching
-
Note that this is for the client's ip and range limits (192.168.78.0/24) access to the port
allow 192.168.78.0/24; deny 192.168.78.1; allow 10.1.1.0/16; allow 192.168.1.0/32; deny all;
About Test
Each node using tomcat test: each node listens on port 8080
Use tomcat home page is accessed, it is necessary to modify the home page:
-
Home path /opt/sxt/apache-tomcat-7.0.61/webapps/ROOT/index.jsp
-
The following code Home modified such that the currently accessed web page display node ID and session connection
<H1> XXX node <h1> <%=session.getId() %>
In access control ip local host subnet top three +.1, that is 192.168.163.1
Forward Proxy and Reverse Proxy
-
Forward proxy work for clients,
-
It needs to know the proxy address and destination address
-
Through a proxy to access the target address
-
-
Reverse proxy server work
-
Only need to know the address of the reverse proxy does not need to specify a specific server
-
Reverse proxy configuration rule, by the rule server request pointing to the corresponding
-
Session consistency
Since the cluster is not a single server, customers need to ensure access to the same session in the cluster
Solutions
1 session replication functionality that comes with tomcat (understand)
2 software configuration management process, integration tomcat, save the session database
memcached program
yum install memcached -y
service memcached start
chkconfig memcached on (optional)
telnet localhost 11211 checked whether or quit exit (port shared server session is 11211)
Copy memcached tomcat dependencies to the respective session server need to share the path is /opt/sxt/apache-tomcat-7.0.61/lib
Modify tomcat server configuration file, / opt / sxt / apache-tomcat-7.0.61 / conf / context.xml
# Note to modify memcachedNodes session that is shared server, memcached server is installed ip: 11211 <Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager" memcachedNodes="n1:192.168.163.10:11211" sticky="true" lockingMode="auto" sessionBackupAsync="false" requestUriIgnorePattern=".*\.(ico|png|gif|jpg|css|js)$" sessionBackupTimeout="1000" transcoderFactoryClass="de.javakaffee.web.msm.serializer.kryo.KryoTranscoderFactory" />
Restart tomcat: ./ shutdown.sh ./startup.sh
The above-described configuration values used in a server cluster to share the same
Cross-domain solutions (to be studied)
domain settings
location / { proxy_cookie_domain b.com a.com; proxy_pass http://b.com; }
Making cookice b.com endureth a.com page (session cookie along with migration)
Reference https://blog.csdn.net/u013314786/article/details/84584374