nginx負載均衡+tomcat+https搭建指南

1.下載nginx安裝包

wget http://q0udgfsc3.bkt.clouddn.com/nginx-1.16.1.tar.gz
tar -zxvf nginx-1.16.1.tar.gz

如果地址失效，請下載官方下載1.16.1穩定版本

2.進入nginx.1.16.1.tar.gz目錄下

./configure --prefix=/usr/local/nginx/ --with-http_stub_status_module --with-http_ssl_module

如果有error報錯，應該是系統問題

yum update // 更新
yum install -y gcc pcre pcre-devel openssl openssl-devel gd gd-devel //安裝前置庫

最後重新執行./configure命令

./configure --prefix=/usr/local/nginx/ --with-http_stub_status_module --with-http_ssl_module

3.執行編譯

make && make install

4.查看安裝情況

/usr/local/nginx/sbin/nginx -v

5.啓動nginx

cd /usr/local/nginx/sbin/  // 進入/usr/local/nginx/sbin/目錄下
./nginx //啓動
./nginx -s stop // 停止

瀏覽器輸入ip地址，如果瀏覽器提示無法連接，建議開發階段直接開啓防火牆，生產再給防火牆添加端口訪問

systemctl status firewalld // 查看防火牆是否運行
systemctl stop firewalld // 禁用防火牆
systemctl disabled firewalld // 禁止防火牆開啓自啓
firewall-cmd --query-port=666/tcp    提示no表示未開
firewall-cmd --add-port=666/tcp --permanent   提示    success 表示成功
firewall-cmd --reload    比如添加規則之後，需要執行此命令
firewall-cmd --query-port=666/tcp  提示yes表示成功
firewall-cmd --permanent --remove-port=666/tcp

```java
>看到nginx歡迎頁面，說明nginx能夠訪問了

# 6.生成證書nginx.crt和nginx.key
```java
openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /usr/local/nginx/nginx.key -out /usr/local/nginx/nginx.crt

7.修改nginx配置文件

vim nginx.conf

編輯完成如下：

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
    
	upstream dynamic {
    	server 10.0.5.78:8080 weight=2;
    	server 10.0.5.75:8080 weight=1;
    }

    server {
        listen       8080;
        server_name  10.0.5.70;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            proxy_pass http://dynamic/;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

      server {
        listen       8443 ssl;
        server_name  10.211.55.5;
        ssl_certificate      /usr/local/nginx/nginx.crt;
        ssl_certificate_key  /usr/local/nginx/nginx.key;
        ssl_session_timeout  5m;
        ssl_protocols TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;

         location / {
              proxy_pass              http://dynamic/;
              proxy_set_header        Host $host;
              proxy_set_header        X-Real-IP $remote_addr;
              proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header        X-Forwarded-Proto https;
              proxy_next_upstream     off;
        }
    }
}

這裏有個坑，被代理的服務集羣一定要加上輪訓權重的參數，不然部分js加載不出來。

8.重新加載nignx.conf文件

./usr/local/nginx/sbin/.nginx -s reload

9.瀏覽器訪問測試

https://10.0.5.41:8443/   //10.0.5.41爲nginx服務器ip