nginx- 安装、搭建web容器、负载均衡与ssl
nginx 用作web容器很简单
将网站放在
/usr/local/nginx/html 下面即可
nginx/conf 配置文件
#
# A virtual host using mix of IP-, name-, and port-based configuration
#
user root;
# 内核数
worker_processes 2;
worker_rlimit_nofile 15360;
events {
use epoll;
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
}
2- nginx 搭建负载均衡、配置ssl
首先都需要把 加密文件下载到nginx 与节点tomcat服务器,放在指定目录,然后配置nginx.conf 文件 与server.xml文件
#
# A virtual host using mix of IP-, name-, and port-based configuration
#
user root;
worker_processes 2;
worker_rlimit_nofile 15360;
events {
use epoll;
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
upstream up_nodes {
server ip1:8080;
server ip2:8080;
}
server {
listen 443 ssl; # Example config for OwnCloud, browsable at https://owncloud.domain.com
listen 80;
server_name xxx.com;
#client_max_body_size 0;
ssl on;
root html;
index index.html index.htm;
ssl_certificate /usr/local/nginx/conf/cert/214786447730184.pem;
ssl_certificate_key /usr/local/nginx/conf/cert/214786447730184.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://up_nodes;
proxy_connect_timeout 1800s;
proxy_send_timeout 1800s;
proxy_read_timeout 1800s;
}
}
}
2-1 节点使用tomcat容器,配置文件为
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="2000000"
maxThreads="1000"
minSpareThreads="100"
maxSpareThreads="500"
acceptCount="700"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<Connector port="443"
protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true"
scheme="https"
secure="true"
keystoreFile="/home/duke/apache-tomcat-8.5.28/conf/cert/214786447730184.pfx"
keystoreType="PKCS12"
keystorePass="214786447730184"
clientAuth="false"
SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_S
HA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>
3- nginx 同时配置多个服务,或者同时充当web容器与负载均衡,可以同时配置多个server
#
# A virtual host using mix of IP-, name-, and port-based configuration
#
user root;
worker_processes 2;
worker_rlimit_nofile 15360;
events {
use epoll;
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
upstream up_nodes {
server ip1:8080;
server ip2:8080;
}
server {
listen 443 ssl; # Example config for OwnCloud, browsable at https://owncloud.domain.com
listen 80;
server_name name1.com;
#client_max_body_size 0;
ssl on;
root html;
index index.html index.htm;
ssl_certificate /usr/local/nginx/conf/cert/214786447730184.pem;
ssl_certificate_key /usr/local/nginx/conf/cert/214786447730184.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://up_nodes;
proxy_connect_timeout 1800s;
proxy_send_timeout 1800s;
proxy_read_timeout 1800s;
}
}
server {
listen 443 ssl; # Example config for OwnCloud, browsable at https://owncloud.domain.com
listen 80;
server_name name2.com;
ssl on;
root html;
index index.html index.htm;
ssl_certificate /usr/local/nginx/conf/cert/214786447730184.pem;
ssl_certificate_key /usr/local/nginx/conf/cert/214786447730184.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
}