server5上:
安装java运行环境:
rpm -aq | grep java
tar zxf jdk-7u79-linux-x64.tar.gz -C /usr/local/
cd /usr/local/
ln -s jdk1.7.0_79/ java
vim /etc/profile
export JAVA_HOME=/usr/local/java
export CLASSPATH=.:$JAVA_HOME/lib:$JAVA_HEMO/jre/lib
export PATH=$PATH:$JAVA_HOME/bin
source /etc/profile
echo $PATH
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/usr/local/java/bin
[root@server5 ~]# vim test.java
[root@server5 ~]# javac test.java
[root@server5 ~]# java test
hello world!
java环境安装成功!
在server5上安装tomcat:
tar zxf apache-tomcat-7.0.37.tar.gz -C /usr/local/
cd /usr/local/
ln -s apache-tomcat-7.0.37/ tomcat
/usr/local/tomcat/bin/startup.sh #启动tomcat
cd webapps/ROOT/ #tomcat默认发布目录
vim test.jsp
<%@ page contentType="text/html; charset=GBK" %>
<%@ page import="java.util.*" %>
<html><head><title>Cluster App Test</title></head>
<body>
Server Info:
<%
out.println(request.getLocalAddr() + " : " + request.getLocalPort()+"<br>");%>
<%
out.println("<br> ID " + session.getId()+"<br>");
String dataName = request.getParameter("dataName");
if (dataName != null && dataName.length() > 0) {
String dataValue = request.getParameter("dataValue");
session.setAttribute(dataName, dataValue);
}
out.print("<b>Session list</b>");
Enumeration e = session.getAttributeNames();
while (e.hasMoreElements()) {
String name = (String)e.nextElement();
String value = session.getAttribute(name).toString();
out.println( name + " = " + value+"<br>");
System.out.println( name + " = " + value);
}
%>
<form action="test.jsp" method="POST">
name:<input type=text size=20 name="dataName">
<br>
key<br>
<input type=submit>
</form>
</body>
</html>
:<input type=text size=20 name="dataValue">
server6上:同样安装java环境和tomcat:
[root@server5 local]# scp -r tomcat/ java/ 172.25.92.6:/usr/local/
[root@server6 ROOT] /usr/local/tomcat/bin/startup.sh
[root@server5 local]scp tomcat/webapps/ROOT/test.jsp 172.25.92.6:/usr/local/
开启server4:重新编译nginx,使其支持 sticky 调度算法:
tar zxf nginx-sticky-module-ng.tar.gz
cd nginx-1.10.1
make clean
./configure --prefix=/usr/local/lnmp/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio --user=nginx --group=nginx --add-module=/root/nginx-sticky-module-ng
make
make install
nginx
vim /usr/local/lnmp/nginx/conf/nginx.conf
18 upstream tomcat{
19 sticky;
20 server 172.25.92.5:8080;
21 server 172.25.92.6:8080;
22
23 }
65 location ~ \.jsp$ {
66 proxy_pass http://tomcat;
67 }
nginx -s reload
测试:在浏览器访问:http://172.25.92.4/test.jsp
在不添加sticky调度算法时:
可以看见会话不能保持,在server5和server6上来回轮询。
添加sticky调度算法之后:
可以看见此调度算方法可以保持会话连接,添加的用户备保存在一台server上。
测试nginx**轮询调度算法**和ip_hash调度算法使用另一个test.jsp页面,内容为:
sever5:vim test.jsp
server5 time is : <%=new java.utill.Date() %> #显示当前主机时间
server6上:vim test.jsp
server6 time is : <%=new java.utill.Date() %> #显示当前主机时间
在浏览器访问:http://172.25.92.4/test.jsp,可以看到,server5和server6的时间在来回跳转。
对于ip_hash调度算法来说,不变即为正确的结果,此中调度算法是根据客户端ip来调度的,ip不变调度不变。
session共享
原理:
server5(n1)和server6(n2)上:两台主机相同
[root@server5 tomcat]# bin/shutdown.sh
[root@server6 tomcat]# bin/shutdown.sh
get以下软件包放在:/usr/local/tomcat/lib下
asm-3.2.jar
kryo-1.04.jar
kryo-serializers-0.10.jar
memcached-session-manager-1.6.3.jar
memcached-session-manager-tc7-1.6.3.jar
minlog-1.2.jar
msm-kryo-serializer-1.6.3.jar
reflectasm-1.01.jar
spymemcached-2.7.3.jar
vim /usr/local/tomcat/conf/context.xml
34 <Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager"
35 memcachedNodes="n1:172.25.92.5:11211,n2:172.25.92.6:11211"
36 failoverNodes="n1" #此处server5和server6不同
37 requestUriIgnorePattern=".*\.(ico|png|gif|jpg|css|js)$"
38 transcoderFactoryClass="de.javakaffee.web.msm.serializer.kryo.KryoTranscoderFactory"
39 />
[root@server5 tomcat]# bin/startup.sh
[root@server5 tomcat]# tail -f logs/catalina.out
Jan 28, 2018 12:51:34 PM de.javakaffee.web.msm.serializer.kryo.KryoTranscoder <init>
INFO: Starting with initialBufferSize 102400 and maxBufferSize 2048000
Jan 28, 2018 12:51:34 PM de.javakaffee.web.msm.MemcachedSessionService startInternal
INFO: MemcachedSessionService finished initialization, sticky true, operation timeout 1000, with node ids [n2] and failover node ids [n1]
[root@server6 tomcat]# bin/startup.sh
[root@server6 tomcat]# tail -f logs/catalina.out
Jan 28, 2018 12:52:05 PM de.javakaffee.web.msm.serializer.kryo.KryoTranscoder <init>
INFO: Starting with initialBufferSize 102400 and maxBufferSize 2048000
Jan 28, 2018 12:52:06 PM de.javakaffee.web.msm.MemcachedSessionService startInternal
INFO: MemcachedSessionService finished initialization, sticky true, operation timeout 1000, with node ids [n1] and failover node ids [n2]
测试:在浏览器上:
session建立在server5上
关掉server5的tomcat:[root@server5 tomcat]# bin/shutdown.sh
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/local/java
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
可以看见跳转到server6上的tomcat了,但是session-id没变3,依然保持原有的session会话。
在shell端根据sesson-id也可以看见存储在memcche上的信息
上图可以看见session缓存在server6(n2)上,所以在n2上:
telnet localhost 11211
get 95C106E817FB2FA5761858EE89377981-n2 可以看见存储的 信息
但是在server5上看不到,因为session保持连接在server6上
nginx网页加密访问:
server4:
vim /usr/local/lnmp/nginx/conf/nginx.conf
104 server {
105 listen 443 ssl;
106 server_name localhost;
107 ssl_certificate cert.pem;
108 ssl_certificate_key cert.pem;
109
110 ssl_session_cache shared:SSL:1m;
111 ssl_session_timeout 5m;
112
113 ssl_ciphers HIGH:!aNULL:!MD5;
114 ssl_prefer_server_ciphers on;
115
116 location / {
117 root /www;
118 index index.html index.htm;
119 }
120 }
server {
listen 80;
server_name www.westos.com;
location / {
root /www;
index index.html;
}
}
root@server4 html]# mkdir /www
[root@server4 html]# cd /www/
[root@server4 www]# vim index.html
<h1>www.westos.com</h1>
[root@server4 conf]# nginx -s reload
在浏览器访问:https://www.westos.com,下载证书,可以访问成功:
nginx地址重定向:
westos.com重定向到www.westos.com
vim /usr/local/lnmp/nginx/conf/nginx.conf
server {
147 listen 80;
148 server_name westos.com;
149 rewrite ^/ https://www.westos.com;
150 }
#在浏览器端访问:westo.com会跳转到www.westos.com
www.westos.com重定向到https://www.westos.com
server {
listen 80;
server_name www.westos.com;
rewrite ^/ https://www.westos.com;
}
#访问www.westos.com 跳转到https://www.westos.com
当默认发布目录/www下有图片时:
如果直接访问:https://www.westos.com/img/tedhat.jpg可以看到图片
实现重定向:访问westos.com/img/redhat.jpg重定向到https://www.westos.com/img/tedhat.jpg
vim /usr/local/lnmp/nginx/conf/nginx.conf
server {
listen 80;
server_name westos.com;
rewrite ^/(.*) https://www.westos.com/$1;
}
网页的盗链和防盗链
server4上:
盗链行为:
vim /usr/local/lnmp/nginx/conf/nginx.conf
#注释掉之前做的所有,只保留一个server
server {
listen 80;
server_name www.test.com; #默认访问发布目录下的index.html
location / {
root /www;
index index.html;
}
}
vim /www/index.html
<html>
<body>
<h1>www.westos.com</h1>
<img src="http://www.westos.com/linux.jpg"> #盗取www.westos.com下的图片linux.org
</body>
</html>
server5上:安装和配置nginx
root@server4 www]# scp -r /usr/local/lnmp/nginx/ 172.25.92.5:/usr/local/lnmp/nginx #从server4上直接拷贝
[root@server5 lnmp]# ln -s /usr/local/lnmp/nginx/sbin/nginx /usr/local/sbin/
[root@server5 lnmp]# useradd -u 800 nginx
[root@server5 lnmp]# nginx #启动[root@server5 lnmp]# vim /usr/local/lnmp/nginx/conf/nginx.conf
server {
listen 80;
server_name www.westos.com;
location / {
root /www;
}
}
[root@server5 www]# nginx -s reload
[root@server5 lnmp]# mkdir /www
[root@server5 lnmp]# cd /www/
[root@server5 www]# ls
linux.jpg
盗链测试:
server4本地加解析:172.25.92.5 www.westos.com
用来测试图片正常访问是否可以看见
使用www.test.com时:盗链行为,此时未做防盗链,也能成功!是因为它读取了index.html文件。
防盗链:
在server5上:配置nginx
[root@server5 lnmp]# vim /usr/local/lnmp/nginx/conf/nginx.conf
server {
listen 80;
server_name www.westos.com;
location / {
root /www;
}
location ~*\.(|jpg|gif|png|)$ {
valid_referers www.westos.com;
if ($invalid_referer) {
rewrite ^/ http://bbs.westos.com/daolian.jpg;
}
}
}
server {
listen 80;
server_name bbs.westos.com;
location / {
root /bbs;
index index.html;
}
{
[root@server5 www]# nginx -s reload
[root@server5 /]# mkdir bbs
[root@server5 www]# cd /bbs/
[root@server5 bbs]# ls
daolian.jpg
测试:在浏览器访问:www.test.com会自动跳转为:bbs.westos.com/daolian.jpg
解释:访问www.test.com(server4)时index.html文件指定获取www.westos.com/linux.jpg(server5)图片,但是server5做了防盗链,将对www.westos.com/linux.jpg的访问跳转至对bbs.westos.com/daolian.jpg的访问,所以server4不能成功获取linux.jpg图片,防盗链成功!