Ngnix+tomcat负载均衡和反向代理

1、基础包：
配置Ngnix+tomcat负载均衡和反向代理需要安装openssl zlib pcre三个库，分别到网上下载后安装到/usr/local下
2、安装
下载ngnix并加压后，用/configure --with-http_stub_status_module --with-http_ssl_module --with-openssl=/usr/local/openssl --with-http_gzip_static_module --with-http_stub_status_module --prefix=/usr/local/nginx 进行安装
3、ngnix配置文件
加入负载均衡配置，在http{下
http {
    include       mime.types;
    default_type  application/octet-stream;
    server_names_hash_bucket_size 128;
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
    #access_log  logs/access.log  main;
    sendfile        on;
    tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    reset_timedout_connection on;
    client_max_body_size 30m;
    gzip  on;
    gzip_min_length  10;
    gzip_buffers     4 8k;
    gzip_http_version 1.1;
    gzip_types  text/plain application/x-javascript text/css application/xml;
    upstream  backend
    {
     server   192.168.52.94:8080;
     server   192.168.52.151:8080;
    }
在server下的配置如下：
server {
        listen       8088;
        server_name  localhost;
        #charset koi8-r;
        #access_log  logs/host.access.log  main;
        root   /var/www/test;
        location ~ .*.jsp${  //jsp交给tomcat处理
            index  index.jsp;
            proxy_pass  http://backend;
        }
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|html|js|css)${
            expires 30d;
        }
        #error_page  404              /404.html;
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
检查ngnix的状态 /usr/local/ngnix/sbin/ngnix -t
输出the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
configuration file /usr/local/nginx/conf/nginx.conf test is successful
表示配置成功
4、两台tomcat的配置
修改默认应用~~，其他保持原样
5、生成RSA密钥的方法
openssl genrsa -des3 -out privkey.pem 2048
这个命令会生成一个2048位的密钥，同时有一个des3方法加密的密码，如果你不想要每次都输入密码，可以改成：
openssl genrsa -out privkey.pem 2048
建议用2048位密钥，少于此可能会不安全或很快将不安全。
6、生成一个证书请求
openssl req -new -key privkey.pem -out cert.csr
这个命令将会生成一个证书请求，当然，用到了前面生成的密钥privkey.pem文件
这里将生成一个新的文件cert.csr，即一个证书请求文件，你可以拿着这个文件去数字证书颁发机构（即CA）申请一个数字证书。CA会给你一个新的文件cacert.pem，那才是你的数字证书。
6.Nginx配置中，需要修改的地方:
server {
        listen       443;
        server_name localhost;

        ssl                  on;
    ssl_certificate /usr/local/nginx/conf/cacert.pem;
    ssl_certificate_key /usr/local/nginx/conf/privkey.pem;
    server_name localhost
ssl_session_timeout 5m;
}
7.在iptables中打开ssl使用到的443端口，重启iptables.
8.测试。访问时，发现有提示需要证书，应该成功了。
9、ngnix启动脚本
#/bin/bash
nginxd=/usr/local/nginx/sbin/nginx
nginx_config=/usr/local/nginx/conf/nginx.conf
nginx_pid=/usr/local/nginx/logs/nginx.pid
RETVAL=0
prog="nginx"
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x $nginxd ] || exit 0
# Start nginx daemons functions.
start() {
if [ -e $nginx_pid ];then
echo "nginx already running...."
exit 1
fi
echo -n $"Starting $prog: "
daemon $nginxd -c ${nginx_config}
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/nginx
return $RETVAL
}
# Stop nginx daemons functions.
stop() {
      echo -n $"Stopping $prog: "
      killproc $nginxd
      RETVAL=$?
      echo
      [ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /var/run/nginx.pid
}
# reload nginx service functions.
reload() {
  echo -n $"Reloading $prog: "
  kill -HUP `cat ${nginx_pid}`
   RETVAL=$?
  echo
}
# See how we were called.
case "$1" in
start)
      start
      ;;
stop)
      stop
      ;;
reload)
      reload
      ;;
restart)
      stop
      start
      ;;
status)
      status $prog
      RETVAL=$?
...skipping...
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x $nginxd ] || exit 0
# Start nginx daemons functions.
start() {
if [ -e $nginx_pid ];then
echo "nginx already running...."
exit 1
fi
echo -n $"Starting $prog: "
daemon $nginxd -c ${nginx_config}
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/nginx
return $RETVAL
}
# Stop nginx daemons functions.
stop() {
      echo -n $"Stopping $prog: "
      killproc $nginxd
      RETVAL=$?
      echo
      [ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /var/run/nginx.pid
}
# reload nginx service functions.
reload() {
  echo -n $"Reloading $prog: "
  kill -HUP `cat ${nginx_pid}`
   RETVAL=$?
  echo
}
# See how we were called.
case "$1" in
start)
      start
      ;;
stop)
      stop
      ;;
reload)
      reload
      ;;
restart)
      stop
      start
      ;;
status)
      status $prog
      RETVAL=$?
      ;;
*)
      echo $"Usage: $prog {start|stop|restart|reload|status|help}"
      exit 1
esac
exit $RETVAL