目標
爲了公司集羣的安全考慮,hadoop和hbase的web訪問只能供有限的人訪問 而要實現內網機器給外網訪問,要解決的問題是: 1.hadoop、hbase頁面上的url替換成外網能訪問的url 2.通過有限的端口、外網ip對外提供整集羣訪問 下面就通過nginx反向代理的方式實現
步驟
整個實現步驟爲:
### 1.下載nginx_substitutions_filter並解壓:
git clone git://github.com/yaoweibin/ngx_http_substitutions_filter_module.git
### 2.下載nginx穩定版並解壓:
wget http://nginx.org/download/nginx-1.8.0.tar.gz
tar -zxf nginx-1.8.0.tar.gz
編譯安裝
cd nginx-1.8.0
4../configure --prefix=/usr/local/nginx --pid-path=/usr/local/nginx.pid --with-http_dav_module --with-http_flv_module --with-http_realip_module --with-http_gzip_static_module --with-http_stub_status_module --with-debug --add-module=/data/ngx_http_substitutions_filter_module/
####### add-module後面是 ngx_http_substitutions_filter_module的路徑
報錯:the HTTP rewrite module requires the PCRE library.
yum -y install pcre-devel
5. make
6. make install
7. 配置cd /usr/local/nginx/conf目錄下的nginx.conf
server {
listen 80;
location / {
proxy_pass http://node2:16010/;
subs_filter_types text/css text/xml;
subs_filter node2:16030 node2/hd11;
subs_filter node3:16030 node2/hd22;
#root html;
#index index.html index.htm;
}
#hbase 默認的鏈接是加rs-status的,避免需要手動去掉,添加這個
location /hd11/rs-status {
proxy_pass http://node2:16030/rs-status;
}
#storeFile.jsp界面顯示不出來,添加
location /hd11/storeFile.jsp {
proxy_pass http://node2:16030/storeFile.jsp;
}
#region.jsp界面顯示不出來,添加
location /hd11/region.jsp {
proxy_pass http://node2:16030/region.jsp;
}
location /hd22/region.jsp {
proxy_pass http://node3:16030/region.jsp;
}
location /hd22/storeFile.jsp {
proxy_pass http://node3:16030/storeFile.jsp;
}
location /hd22/rs-status {
proxy_pass http://node3:16030/rs-status;
}
### 本次的集羣是node2和node3兩個節點,hbase爲1.2.6
8. 配置好之後cd /usr/local/nginx/sbin/目錄下
./nginx啓動
Ps -ef | grep nginx 查看啓動的nginx進程
root 17369 1 0 14:21 ? 00:00:00 nginx: master process ./nginx
nobody 17370 17369 0 14:21 ? 00:00:00 nginx: worker process
root 19090 16107 0 15:48 pts/0 00:00:00 grep nginx
輸入node2即可查看hbase界面(因爲nginx配置的是80端口,頁面node2打開默認也是80端口,所以並不需要輸入端口號)
Regionserver節點地址
9. 接下來,配置iptables,限制原來的16010端口
iptables -A INPUT -p tcp --dport 16010 -j DROP
禁止訪問16010端口
iptables -I INPUT -s node2 -ptcp --dport 16010 -j ACCEPT
iptables -I INPUT -s node3 -ptcp --dport 16010 -j ACCEPT
允許hbase集羣的兩個節點訪問16010端口
service iptables save
service iptables restart
重啓結束
直接通過node2:16010訪問不成功
通過80端口依舊ok
Nginx通過80端口反向代理連接hbaseweb成功