Linux下Nginx+Tomcat負載均衡和動靜分離配置要點 轉

本文使用的Linux發行版：CentOS6.7 下載地址：https://wiki.centos.org/Download 
一、安裝Nginx 
下載源：wget http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm 
安裝源：yum install nginx-release-centos-6-0.el6.ngx.noarch.rpm 
安裝Nginx：yum install nginx 
啓動Nginx服務：service nginx start 
停止Nginx服務：service nginx stop 
查看Nginx運行狀態：service nginx status 
檢查Nginx配置文件：nginx -t 
服務運行中重新加載配置：nginx -s reload 
添加Nginx服務自啓動：chkconfig nginx on 
二、修改防火牆規則 
修改Nginx所在主機的防火牆配置：vi /etc/sysconfig/iptables，將nginx使用的端口添加到允許列表中。 
例如：-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT （表示允許80端口通過） 
修改Tomcat所在主機的防火牆配置：vi /etc/sysconfig/iptables，將tomcat使用的端口添加到允許列表中。 
例如：-A INPUT -m state –state NEW -m tcp -p tcp –dport 8080 -j ACCEPT （表示允許8080端口通過） 
如果主機上有多個tomcat的話，則按此規則添加多條，修改對應的端口號即可。 
保存後重啓防火牆：service iptables restart 
三、Tomcat負載均衡配置 
Nginx啓動時默認加載配置文件/etc/nginx/nginx.conf，而nginx.conf裏會引用/etc/nginx/conf.d目錄裏的所有.conf文件。 
因此可以將自己定製的一些配置寫到單獨.conf文件裏，只要文件放在/etc/nginx/conf.d這個目錄裏即可，方便維護。 
創建tomcats.conf：vi /etc/nginx/conf.d/tomcats.conf，內容如下：

upstream tomcats {
    ip_hash;
    server 192.168.0.251:8080;
    server 192.168.0.251:8081;
    server 192.168.0.251:8082;
}

修改default.conf：vi /etc/nginx/conf.d/default.conf，修改如下：

#註釋原有的配置
#location / {
#    root   /usr/share/nginx/html;
#    index  index.html index.htm;
#}
#新增配置默認將請求轉發到tomcats.conf配置的upstream進行處理
location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://tomcats; #與tomcats.conf裏配置的upstream同名
}

保存後重新加載配置：nginx -s reload 
四、靜態資源分離配置 
修改default.conf：vi /etc/nginx/conf.d/default.conf，添加如下配置：

#所有js,css相關的靜態資源文件的請求由Nginx處理
location ~.*\.(js|css)$ {
    root    /opt/static-resources; #指定文件路徑
    expires     12h; #過期時間爲12小時
}

#所有圖片等多媒體相關靜態資源文件的請求由Nginx處理
location ~.*\.(html|jpg|jpeg|png|bmp|gif|ico|mp3|mid|wma|mp4|swf|flv|rar|zip|txt|doc|ppt|xls|pdf)$ {
    root    /opt/static-resources; #指定文件路徑
    expires     7d; #過期時間爲7天
}

五、修改SELinux安全規則 
如果訪問Nginx時出現502 Bad Gateway錯誤，則可能是Nginx主機上的SELinux限制了其使用http訪問權限引起的，輸入命令setsebool -P httpd_can_network_connect 1 開啓權限即可。 
文件/etc/nginx/nginx.conf完整配置如下：

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
worker_rlimit_nofile    100000;

events {
    use epoll;
    multi_accept on; 
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    server_tokens off;
    #tcp_nopush     on;

    keepalive_timeout  65;

    gzip on;
    gzip_disable "msie6";
    gzip_static on;
    gzip_proxied any;
    gzip_min_length 1000;
    gzip_comp_level 4;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    include /etc/nginx/conf.d/*.conf;
}

文件/etc/nginx/conf.d/default.conf完整配置如下：

server {
    listen       80;
    server_name  localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;

    #location / {
    #    root   /usr/share/nginx/html;
    #    index  index.html index.htm;
    #}

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://web_servers;
    }

    location ~.*\.(js|css)$ {
        root    /opt/static-resources;
        expires     12h;
    }

    location ~.*\.(html|jpg|jpeg|png|bmp|gif|ico|mp3|mid|wma|mp4|swf|flv|rar|zip|txt|doc|ppt|xls|pdf)$ {
        root    /opt/static-resources;
        expires     7d;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}