nginx和tomcat实现rr,ip_hash,sticky调度，实现session共享，nginx网页加密，网页重定向，盗链和防盗链技术的实现

server5上：
安装java运行环境：

rpm -aq | grep java
tar zxf jdk-7u79-linux-x64.tar.gz -C /usr/local/
cd /usr/local/
ln -s jdk1.7.0_79/ java
vim /etc/profile
    export JAVA_HOME=/usr/local/java
    export CLASSPATH=.:$JAVA_HOME/lib:$JAVA_HEMO/jre/lib
    export PATH=$PATH:$JAVA_HOME/bin

source /etc/profile
echo $PATH
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/usr/local/java/bin
[root@server5 ~]# vim test.java
[root@server5 ~]# javac test.java 
[root@server5 ~]# java test
hello world!
java环境安装成功！

在server5上安装tomcat：

tar zxf apache-tomcat-7.0.37.tar.gz -C /usr/local/
cd /usr/local/
ln -s apache-tomcat-7.0.37/ tomcat
/usr/local/tomcat/bin/startup.sh           #启动tomcat

 cd webapps/ROOT/                     #tomcat默认发布目录
vim test.jsp

<%@ page contentType="text/html; charset=GBK" %>
<%@ page import="java.util.*" %>
<html><head><title>Cluster App Test</title></head>
<body>
Server Info:
<%
out.println(request.getLocalAddr() + " : " + request.getLocalPort()+"<br>");%>
<%
out.println("<br> ID " + session.getId()+"<br>");
String dataName = request.getParameter("dataName");
if (dataName != null && dataName.length() > 0) {
String dataValue = request.getParameter("dataValue");
session.setAttribute(dataName, dataValue);
}
out.print("<b>Session list</b>");
Enumeration e = session.getAttributeNames();
while (e.hasMoreElements()) {
String name = (String)e.nextElement();
String value = session.getAttribute(name).toString();
out.println( name + " = " + value+"<br>");
System.out.println( name + " = " + value);
}
%>
<form action="test.jsp" method="POST">
name:<input type=text size=20 name="dataName">
<br>
key<br>
<input type=submit>
</form>
</body>
</html>
:<input type=text size=20 name="dataValue">

server6上：同样安装java环境和tomcat：

[root@server5 local]# scp -r tomcat/ java/  172.25.92.6:/usr/local/
[root@server6 ROOT] /usr/local/tomcat/bin/startup.sh    
[root@server5 local]scp tomcat/webapps/ROOT/test.jsp 172.25.92.6:/usr/local/

开启server4：重新编译nginx，使其支持 sticky 调度算法：

tar zxf nginx-sticky-module-ng.tar.gz
cd nginx-1.10.1
make clean
./configure --prefix=/usr/local/lnmp/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio --user=nginx --group=nginx --add-module=/root/nginx-sticky-module-ng
 make 
make install
nginx
vim /usr/local/lnmp/nginx/conf/nginx.conf
 18         upstream tomcat{
 19         sticky;
 20         server 172.25.92.5:8080;
 21         server 172.25.92.6:8080;
 22 
 23         }
 65         location ~ \.jsp$ {
 66             proxy_pass   http://tomcat;
 67         }
nginx -s reload

测试：在浏览器访问：http://172.25.92.4/test.jsp
在不添加sticky调度算法时：


可以看见会话不能保持，在server5和server6上来回轮询。
添加sticky调度算法之后：

可以看见此调度算方法可以保持会话连接，添加的用户备保存在一台server上。

测试nginx**轮询调度算法**和ip_hash调度算法使用另一个test.jsp页面，内容为：
sever5：vim test.jsp
server5 time is : <%=new java.utill.Date() %> #显示当前主机时间

server6上：vim test.jsp
server6 time is : <%=new java.utill.Date() %> #显示当前主机时间
在浏览器访问：http://172.25.92.4/test.jsp,可以看到，server5和server6的时间在来回跳转。

对于ip_hash调度算法来说，不变即为正确的结果，此中调度算法是根据客户端ip来调度的，ip不变调度不变。

session共享

原理：

server5（n1）和server6（n2）上：两台主机相同

[root@server5 tomcat]# bin/shutdown.sh
 [root@server6 tomcat]# bin/shutdown.sh 
get以下软件包放在：/usr/local/tomcat/lib下

asm-3.2.jar
kryo-1.04.jar
kryo-serializers-0.10.jar
memcached-session-manager-1.6.3.jar
memcached-session-manager-tc7-1.6.3.jar
minlog-1.2.jar
msm-kryo-serializer-1.6.3.jar
reflectasm-1.01.jar
spymemcached-2.7.3.jar

vim /usr/local/tomcat/conf/context.xml 
 34 <Manager  className="de.javakaffee.web.msm.MemcachedBackupSessionManager"
 35 memcachedNodes="n1:172.25.92.5:11211,n2:172.25.92.6:11211"
 36 failoverNodes="n1"             #此处server5和server6不同
 37 requestUriIgnorePattern=".*\.(ico|png|gif|jpg|css|js)$"
 38 transcoderFactoryClass="de.javakaffee.web.msm.serializer.kryo.KryoTranscoderFactory"
 39 />
 [root@server5 tomcat]# bin/startup.sh 
[root@server5 tomcat]# tail -f logs/catalina.out 
Jan 28, 2018 12:51:34 PM de.javakaffee.web.msm.serializer.kryo.KryoTranscoder <init>
INFO: Starting with initialBufferSize 102400 and maxBufferSize 2048000
Jan 28, 2018 12:51:34 PM de.javakaffee.web.msm.MemcachedSessionService startInternal
INFO: MemcachedSessionService finished initialization, sticky true, operation timeout 1000, with node ids [n2] and failover node ids [n1]

[root@server6 tomcat]# bin/startup.sh 
[root@server6 tomcat]# tail -f logs/catalina.out 
Jan 28, 2018 12:52:05 PM de.javakaffee.web.msm.serializer.kryo.KryoTranscoder <init>
INFO: Starting with initialBufferSize 102400 and maxBufferSize 2048000
Jan 28, 2018 12:52:06 PM de.javakaffee.web.msm.MemcachedSessionService startInternal
INFO: MemcachedSessionService finished initialization, sticky true, operation timeout 1000, with node ids [n1] and failover node ids [n2]

测试：在浏览器上：

session建立在server5上
关掉server5的tomcat：[root@server5 tomcat]# bin/shutdown.sh
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/local/java
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar

可以看见跳转到server6上的tomcat了，但是session-id没变3，依然保持原有的session会话。
在shell端根据sesson-id也可以看见存储在memcche上的信息
上图可以看见session缓存在server6（n2）上，所以在n2上：
telnet localhost 11211
get 95C106E817FB2FA5761858EE89377981-n2 可以看见存储的 信息
但是在server5上看不到，因为session保持连接在server6上

nginx网页加密访问：

server4:

vim /usr/local/lnmp/nginx/conf/nginx.conf

104     server {
105         listen       443 ssl;
106         server_name  localhost;
107         ssl_certificate      cert.pem;
108         ssl_certificate_key  cert.pem;
109 
110         ssl_session_cache    shared:SSL:1m;
111         ssl_session_timeout  5m;
112 
113         ssl_ciphers  HIGH:!aNULL:!MD5;
114         ssl_prefer_server_ciphers  on;
115 
116         location / {
117             root   /www;
118             index  index.html index.htm;
119         }
120     }
    server {
                listen 80;
                server_name www.westos.com;

                location / {
                root /www;
                index index.html;
                }
                }

root@server4 html]# mkdir /www
[root@server4 html]# cd /www/
[root@server4 www]# vim index.html
    <h1>www.westos.com</h1>
[root@server4 conf]# nginx -s reload

在浏览器访问：https://www.westos.com，下载证书，可以访问成功：

nginx地址重定向：

westos.com重定向到www.westos.com

vim /usr/local/lnmp/nginx/conf/nginx.conf
server {
147                 listen 80;
148                 server_name westos.com;
149                 rewrite ^/ https://www.westos.com;
150         }
#在浏览器端访问：westo.com会跳转到www.westos.com
www.westos.com重定向到https://www.westos.com
 server {
                listen 80;
                server_name www.westos.com;
                rewrite ^/ https://www.westos.com;
        }
#访问www.westos.com 跳转到https://www.westos.com

当默认发布目录/www下有图片时：
如果直接访问：https://www.westos.com/img/tedhat.jpg可以看到图片

实现重定向：访问westos.com/img/redhat.jpg重定向到https://www.westos.com/img/tedhat.jpg

vim /usr/local/lnmp/nginx/conf/nginx.conf
server {
                listen 80;
                server_name westos.com;
                rewrite ^/(.*) https://www.westos.com/$1;
        }

网页的盗链和防盗链

server4上：

盗链行为：

vim /usr/local/lnmp/nginx/conf/nginx.conf
#注释掉之前做的所有，只保留一个server
server {
                listen 80;
                server_name www.test.com;    #默认访问发布目录下的index.html
                location / {
                root /www;
                index index.html;
                }
        }

vim /www/index.html
<html>
<body>
<h1>www.westos.com</h1>
<img src="http://www.westos.com/linux.jpg">  #盗取www.westos.com下的图片linux.org
</body>
</html>

server5上：安装和配置nginx

root@server4 www]# scp -r /usr/local/lnmp/nginx/ 172.25.92.5:/usr/local/lnmp/nginx     #从server4上直接拷贝
[root@server5 lnmp]# ln -s /usr/local/lnmp/nginx/sbin/nginx /usr/local/sbin/
[root@server5 lnmp]# useradd -u 800 nginx
[root@server5 lnmp]# nginx           #启动[root@server5 lnmp]# vim /usr/local/lnmp/nginx/conf/nginx.conf
server {
                listen 80;
                server_name www.westos.com;
                location / {
                root /www;
                }            
        }

[root@server5 www]# nginx -s reload
[root@server5 lnmp]# mkdir /www
[root@server5 lnmp]# cd /www/
[root@server5 www]# ls
linux.jpg

盗链测试：
server4本地加解析：172.25.92.5 www.westos.com

用来测试图片正常访问是否可以看见

使用www.test.com时：盗链行为，此时未做防盗链，也能成功！是因为它读取了index.html文件。

防盗链：

在server5上：配置nginx

[root@server5 lnmp]# vim /usr/local/lnmp/nginx/conf/nginx.conf
server {
                listen 80;
                server_name www.westos.com;

                location / {
                root /www;
                }
                location ~*\.(|jpg|gif|png|)$ {
                        valid_referers www.westos.com;
                        if ($invalid_referer) {
                        rewrite ^/ http://bbs.westos.com/daolian.jpg;
                        }
                }
        }
        server {
                listen 80;
                server_name bbs.westos.com;
                location / {
                root /bbs;
                index index.html;
                }
        {
[root@server5 www]# nginx -s reload
[root@server5 /]# mkdir bbs
[root@server5 www]# cd /bbs/
[root@server5 bbs]# ls
daolian.jpg

测试：在浏览器访问：www.test.com会自动跳转为：bbs.westos.com/daolian.jpg

解释:访问www.test.com（server4）时index.html文件指定获取www.westos.com/linux.jpg（server5）图片，但是server5做了防盗链，将对www.westos.com/linux.jpg的访问跳转至对bbs.westos.com/daolian.jpg的访问，所以server4不能成功获取linux.jpg图片，防盗链成功！