nginx负载均衡+tomcat+https搭建指南

文章目录

1.下载nginx安装包2.进入nginx.1.16.1.tar.gz目录下3.执行编译4.查看安装情况5.启动nginx7.修改nginx配置文件8.重新加载nignx.conf文件9.浏览器访问测试

1.下载nginx安装包

wget http://q0udgfsc3./nginx-1.16.1.tar.gztar -zxvf nginx-1.16.1.tar.gz

如果地址失效，请下载官方下载1.16.1稳定版本

2.进入nginx.1.16.1.tar.gz目录下

./configure --prefix=/usr/local/nginx/ --with-http_stub_status_module --with-http_ssl_module

如果有error报错，应该是系统问题

yum update // 更新yum install -y gcc pcre pcre-devel openssl openssl-devel gd gd-devel //安装前置库

最后重新执行./configure命令

./configure --prefix=/usr/local/nginx/ --with-http_stub_status_module --with-http_ssl_module

3.执行编译

make && make install

4.查看安装情况

/usr/local/nginx/sbin/nginx -v

5.启动nginx

cd /usr/local/nginx/sbin/ // 进入/usr/local/nginx/sbin/目录下./nginx //启动./nginx -s stop // 停止

浏览器输入ip地址，如果浏览器提示无法连接，建议开发阶段直接开启防火墙，生产再给防火墙添加端口访问

systemctl status firewalld // 查看防火墙是否运行systemctl stop firewalld // 禁用防火墙systemctl disabled firewalld // 禁止防火墙开启自启firewall-cmd --query-port=666/tcp 提示no表示未开firewall-cmd --add-port=666/tcp --permanent 提示 success 表示成功firewall-cmd --reload 比如添加规则之后，需要执行此命令firewall-cmd --query-port=666/tcp 提示yes表示成功firewall-cmd --permanent --remove-port=666/tcp```java>看到nginx欢迎页面，说明nginx能够访问了# 6.生成证书nginx.crt和nginx.key```javaopenssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /usr/local/nginx/nginx.key -out /usr/local/nginx/nginx.crt

7.修改nginx配置文件

vim nginx.conf

编辑完成如下：

#user nobody;worker_processes 1;#error_log logs/error.log;#error_log logs/error.log notice;#error_log logs/error.log info;#pid logs/nginx.pid;events {worker_connections 1024;}http {include mime.types;default_type application/octet-stream;#log_format main '$remote_addr - $remote_user [$time_local] "$request" '# '$status $body_bytes_sent "$http_referer" '# '"$http_user_agent" "$http_x_forwarded_for"';#access_log logs/access.log main;sendfile on;#tcp_nopushon;#keepalive_timeout 0;keepalive_timeout 65;#gzip on;upstream dynamic {server 10.0.5.78:8080 weight=2;server 10.0.5.75:8080 weight=1;}server {listen 8080;server_name 10.0.5.70;#charset koi8-r;#access_log logs/host.access.log main;location / {proxy_pass http://dynamic/;}#error_page 404 /404.html;# redirect server error pages to the static page /50x.html#error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}}server {listen 8443 ssl;server_name 10.211.55.5;ssl_certificate/usr/local/nginx/nginx.crt;ssl_certificate_key /usr/local/nginx/nginx.key;ssl_session_timeout 5m;ssl_protocols TLSv1;ssl_ciphers HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers on;location / {proxy_pass http://dynamic/;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto https;proxy_next_upstreamoff;}}}

这里有个坑，被代理的服务集群一定要加上轮训权重的参数，不然部分js加载不出来。

8.重新加载nignx.conf文件

./usr/local/nginx/sbin/.nginx -s reload

9.浏览器访问测试

https://10.0.5.41:8443/ //10.0.5.41为nginx服务器ip