------------------------------------------------------Tomcat集群
1.Nginx+Tomcat+NFS+MySQL集群架构(实现)
2.Nginx+Tomcat+NFS+MySQL+HTTPS实现集群(实现)
2.1)单节点Tomcat实现HTTPS
tomcat实现 HTTPS
nginx+tomcat 实现HTTPS ( 作业 )
2.2)集群环境的HTTPS
3.Nginx+Tomcat+Redis实现集群会话共享 ( 小复杂 )
Nginx+Tomcat+NFS+MySQL集群架构
[root@lb01 ~]# cat /etc/nginx/conf.d/proxy_zrlog.wyk.com.conf
upstream zrlog {
server 172.16.1.7:8080;
server 172.16.1.8:8080;
}
server {
listen 80;
server_name zrlog.wyk.com;
#tomcat启动的java程序,可以直接通过proxy_pass进行负载均衡
location / {
proxy_pass http://zrlog;
include proxy_params;
}
}
单节点Tomcat实现HTTPS ( 了解 )
1.修改tomcat配置:
修改server.xml
0.首先需要有证书 ( 必须 )
1.将http的默认监听端口8080 修改为 80,redirect至 443
2.开启https监听器,配置证书即可。
3.将http强制跳转https ( tomcat操作,与nginx无关。)
注意:为了不破坏 web01和web02 现有的环境,选择使用 nfs 机器 作为 操作和演示!
#下载软件包做软连接
tomcat下载地址
[root@nfs ~]# yum install java -y
[root@nfs ~]# mkdir /soft
[root@nfs ~]# tar xf apache-tomcat-9.0.34.tar.gz -C /soft/
[root@nfs ~]# ln -s /soft/apache-tomcat-9.0.34/ /soft/tomcat
[root@nfs ~]#vim /soft/tomcat/conf/server.xml
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" /> #这里开始
<Connector port="443"
protocol="HTTP/1.1"
SSLEnabled="true"
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector port="80" protocol="HTTP/1.1"
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector port="443"
protocol="HTTP/1.1"
SSLEnabled="true"
scheme="https"
secure="true"
keystoreFile="/ssl/3434295_aliyun.xuliangwei.com.pfx"
keystoreType="PKCS12"
keystorePass="OpI94943"
clientAuth="false"
SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>
<!-- Define an AJP 1.3 Connector on port 8009 --> #这里结尾删掉中间东西添加上面内容
<!--
<Connector protocol="AJP/1.3"
#创建目录存放证书
[root@nfs01 ~]# ls /ssl/
3434295_aliyun.xuliangwei.com.pfx 3434295_aliyun.xuliangwei.com_tomcat.zip pfx-password.txt
修改 localhost
<Host name=“aliyun.xuliangwei.com” appBase=“webapps”
集群配置http跳转 https
环境:
5
7
8
在负载均衡5 上配置证书就可以实现全栈https,至于tomcat节点不用做任何的操作。
[root@lb01 conf.d]# cat /etc/nginx/conf.d/proxy_zrlog.wyk.com.conf
upstream zrlog {
server 172.16.1.7:8080;
server 172.16.1.8:8080;
}
server {
listen 443 ssl;
server_name zrlog.wyk.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
#tomcat启动的java程序,可以直接通过proxy_pass进行负载均衡
location / {
proxy_pass http://zrlog;
include proxy_params;
}
}
server {
listen 80;
server_name zrlog.wyk.com;
return 302 https://$server_name$request_uri;
}
Nginx+Tomcat+Redis实现集群会话共享 ( 小复杂 )
多种方式:
1.ip_hash
2.mysql
3.redis o(1)
4.tomcat自带的cluster session复制 ( 官方建议不要超过4个tomcat节点 )
------------------------------准备web01 和 web02 支持redis session共享
下载tomcat-cluster-redis-session软件包地址
0.下载软件包
[root@nfs01 ~]# wget https://github.com/ran-jit/tomcat-cluster-redis-session-manager/releases/tag/3.0.5.1
[root@web01 ~]# unzip tomcat-cluster-redis-session-manager
1.拷贝所有的jar包到tomcat
[root@web01 ~]# cp tomcat-cluster-redis-session-manager/lib/* /soft/tomcat/lib/
2.拷贝redis配置文件,并且更新redis配置文件
[root@web01 ~]# cp tomcat-cluster-redis-session-manager/conf/redis-data-cache.properties /soft/tomcat/conf/
[root@web01 ~]# vim /soft/tomcat/conf/redis-data-cache.properties
#-- Redis data-cache configuration
#- redis hosts. ex: 127.0.0.1:6379, 127.0.0.2:6379, 127.0.0.2:6380, ....
redis.hosts=172.16.1.51:6379 #修改为远程Redis服务器ip地址
#- redis password.
#redis.password=
3.在Tomcat /conf/context.xml 文件中最后添加下面两行。
[root@web01 ~]# tail -4 /soft/tomcat/conf/context.xml
-->
<Valve className="tomcat.request.session.redis.SessionHandlerValve" />
<Manager className="tomcat.request.session.redis.SessionManager" />
</Context>
每个web节点都要配置
-----------------------------准备web01 和web02 一个session测试页面
1.配置站点
[root@web01 ~]# vim /soft/tomcat/conf/server.xml
<!--站点session.oldxu.com-->
<Host name="session.wyk.com" appBase="/session"
unpackWARs="true" autoDeploy="true">
</Host>
2.创建对应目录
[root@web01 ~]# mkdir -p /session/ROOT
[root@web01 ~]# vi /session/ROOT/index.jsp
<body>
<%
//HttpSession session = request.getSession(true);
System.out.println(session.getCreationTime());
out.println("<br> web01 SESSION ID:" + session.getId() + "<br>");
out.println("Session created time is :" + session.getCreationTime()
+ "<br>");
%>
</body>
#配置不同web把(web01)改为对应的名字
每个web节点都要配置
--------------------------------------------------------接入负载均衡
[root@lb01 conf.d]# cat /etc/nginx/conf.d/proxy_session.wyk.com.conf
upstream session {
server 172.16.1.7:8080;
server 172.16.1.8:8080;
}
server {
listen 80;
server_name session.wyk.com;
location / {
proxy_pass http://session;
include proxy_params;
}
}
建议:
1.先配置session的网站
2.搭建nginx+tomcat集群
3.测试访问,演示是否web01和web02的session不一致
4.接入redis,实现tomcat共享会话信息
5.再次测试,请求web01和web02 看session是否是一致的。
6.登陆redis查看是否存在对应的session的key