Nginx+SSL+Tomcat+Memcached安装
开源是非常不错的,大家多多交流共同学习,Think。Email:cnbjthink@gmail
安装openssl
[root@rhel src]#tar zxvf openssl-1.0.
[root@rhel src]#cd openssl-1.0.0g
[root@rhel openssl-1.0.0g]#./config shared zlib--prefix=/usr/local/openssl
[root@rhel openssl-1.0.0g]#make&&make install
安装pcre
[root@rhel src]#tar zxvf pcre-8.
[root@rhel src]#cd pcre-8.30
[root@rhel pcre-8.30]#./configure--prefix=/usr/local/pcre
[root@rhel pcre-8.30]#make&&make install
安装Nginx
[root@rhel src]#tar zxvf nginx-1.0.
[root@rhel src]#cd nginx-1.0.12
[root@rhel nginx-1.0.12]#./configure--prefix=/usr/local/nginx--with-pcre=/usr/local/src/pcre-8.30/ --with-openssl=/usr/local/src/openssl-1.0.0g/--with-http_ssl_module--with-http_gzip_static_module --with-http_sub_module--with-http_stub_status_module
注:configure的时候要指定pcre和openssl源码包目录,要不报错:“make[1]:*** [/usr/local/pcre//Makefile]Error127”
[root@rhel nginx-1.0.12]#make&&make install
[root@test nginx-1.0.12]#useradd nginx
[root@rhel nginx-1.0.12]#/usr/local/nginx/sbin/nginx
[root@rhel nginx-1.0.12]#echo"/usr/local/nginx/sbin/nginx">>/etc/rc.local
生成DSA密钥2048位
[root@test mnt]#openssl dsaparam-rand-genkey-out mydsa.key2048
0semi-random bytes loaded
Generating DSA parameters,2048bit long prime
This could take some time
................+++++++++++++++++++++++++++++++++++++++++++++++++++*
...+.........................................+......................................+....................+....................+.+...............+......+... ........+.....................................+......+.+..+......+........+.+........+....+...+....+................+..+........+......+..+... +.........+...+....+....................+...............+.....+.................+........+.........+.................................+.+..........+.. ...........+....+..+..+..............+.......+................+..+....................+...............++++++++++++++++++++++
+++++++++++++++++++++++++++++*
生成CA密钥:密码123456
[root@test mnt]#openssl gendsa-des3-out cert.key mydsa.key
Generating DSA key,2048bits
Enter PEM pass phrase:
Verifying-Enter PEM pass phrase:
用这个CA密钥来创建证书
[root@test mnt]#openssl req-new-x509-days365-key cert.key-out cert.pem Enter pass phrase for cert.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter'.',the field will be left blank.
-----
Country Name(2letter code)[GB]:CN
State or Province Name(full name)[Berkshire]:BJ
Locality Name(eg,city)[Newbury]:BJ
Organization Name(eg,company)[My Company Ltd]:Think Organizational Unit Name(eg,section)[]:Think
Common Name(eg,your name or your server's hostname)[]:192.168.8.179 Email Address[]:cnbjthink@gmail
[root@test mnt]#ls
cert.key cert.pem mydsa.key
[root@test mnt]#
把证书设置为root专用
[root@test mnt]#chmod700cert.*
[root@test mnt]#ll
total12
-rwx------1root root1264Feb1619:34cert.key
-rwx------1root root2037Feb1619:35cert.pem
-rw-r--r--1root root804Feb1619:33mydsa.key
[root@test mnt]#
[root@test mnt]#cp-p*/usr/local/nginx/conf/
安装java
[root@rhel src]#chmod+x jdk-6u29-linux-i586.bin
[root@rhel src]#./jdk-6u29-linux-i586.bin
[root@rhel src]#mv jdk1.6.0_29/usr/local/jdk
[root@rhel src]#vim/etc/profile
在最后添加
export JAV A_HOME=/usr/local/jdk
export CLASSPATH=:$JAV A_HOME/lib
export PATH=$PATH:$JAV A_HOME/bin
[root@rhel src]#source/etc/profile
[root@test local]#java-version
java version"1.6.0_29"
Java(TM)SE Runtime Environment(build1.6.0_29-b11)
Java HotSpot(TM)Client VM(build20.4-b02,mixed mode)
安装tomcat
[root@rhel src]#tar zxvf apache-tomcat-7.0.
[root@rhel src]#cp-rf apache-tomcat-7.0.25/usr/local/tomcat1
[root@rhel src]#cp-rf apache-tomcat-7.0.25/usr/local/tomcat2
安装memcached
先下载libevent-2.0.和memcached-1.4.的源码包,前者是后者的依赖包,就是一个事件驱动的包。
[root@rhel src]#tar zxvf libevent-2.0.
[root@rhel src]#cd libevent-2.0.17-stable
[root@rhel libevent-2.0.17-stable]#./configure--prefix=/usr/local/libevent-2.0.17
[root@rhel libevent-2.0.17-stable]#make&&make install
[root@rhel src]#tar zxvf memcached-1.4.
[root@rhel src]#cd memcached-1.4.13
[root@rhel memcached-1.4.13]#./configure--prefix=/usr/local/memcached-1.4.13 --with-libevent=/usr/local/libevent-2.0.17/
[root@rhel memcached-1.4.13]#make&&make install
[root@rhel memcached-1.4.13]#cd/usr/local/memcached-1.4.13/
[root@rhel memcached-1.4.13]#useradd memcached
[root@rhel memcached-1.4.13]#./bin/memcached-d-m2048-u memcached
[root@rhel memcached-1.4.13]#echo"/usr/local/memcached-1.4.13/bin/memcached-d-m2048-u memcached">>/etc/rc.local
[root@rhel memcached-1.4.13]#/usr/local/memcached-1.4.13/bin/memcached-h(查看帮助信息)
memcached-session-manager配置
让tomcat调用memcached来存储session早就是一个很成熟的解决方案了,开源的msm就可以
解决这个问题。
官方给出的4种序列化方案,其中kryo是效率最高的,具体比较看官方地址:nginx ssl证书配置
le/p/memcached-session-manager/wiki/SerializationStrategies
[root@rhel src]#cd memcached-session-manager/
[root@rhel memcached-session-manager]#ls
kryo-1.03.jar memcached-session-manager-tc7-1.5.1.jar
kryo-serializers-0.8.jar minlog-1.2.jar
memcached-2.5.jar msm-kryo-serializer-1.5.1.jar
memcached-session-manager-1.5.1.jar reflectasm-0.9.jar
[root@rhel memcached-session-manager]#
注意:这八个低版本的包测试成功,高版本的有问题,切记,如需要包的话问我要!
[root@rhel memcached-session-manager]#cp-rf*/usr/local/tomcat1/lib/
[root@rhel memcached-session-manager]#cp-rf*/usr/local/tomcat2/lib/
修改tomcat
[root@test src]#cd/usr/local/
[root@test local]#vim tomcat1/l
[root@test local]#vim tomcat2/l
<1&l修改
1)<Server port="8005"shutdown="SHUTDOWN">两个Tomcat的port分别为:8005、8006
2)<Connector port="8080"protocol="HTTP/1.1"connectionTimeout="20000"redirectPort="8443" />两个Tomcat的port分别为:8080、8081
3)<Connector port="8009"protocol="AJP/1.3"redirectPort="8443"/>两个Tomcat的port分别为:8009、8010
4)<Engine name="Catalina"defaultHost="localhost"jvmRoute="tomcat1">两个Tomcat的jvmRoute 分别为:tomcat1、tomcat2
<2&l修改
修改tomcat的配置文件l,调整成新的session存储方式,在配置文件中<Context>标签内加入以下代码:
[root@test local]#vim tomcat1/l
[root@test local]#vim tomcat2/l
<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager"
memcachedNodes="n1:127.0.0.1:11211"
sticky="false"
lockingMode="auto"
sessionBackupAsync="false"
sessionBackupTimeout="1000"
transcoderFactoryClass="de.javakaffee.web.msm.serializer.kryo.KryoTranscoderFactory"
/>
在tomcat/conf/logging.properties文件中添加de.javakaffee.web.msm.level=FINE,就可以在catalina.out的日志中看到详细的session存取情况。
[root@rhel memcached-session-manager]#vim/usr/local/tomcat1/conf/logging.properties
[root@rhel memcached-session-manager]#vim/usr/local/tomcat2/conf/logging.properties
de.javakaffee.web.msm.level=FINE
在两个Tomcat的webapps目录下修改ROOT目录中的index.jsp文件,文件内容如下:
[root@test local]#vim/usr/local/tomcat1/webapps/ROOT/index.jsp
[root@test local]#vim/usr/local/tomcat2/webapps/ROOT/index.jsp
<%@page contentType="text/html;charset=GBK"%>
<%@page import="java.util.*"%>
<html><head><title>Cluster Test</title></head>
<body>
<%
//HttpSession Session(true);
System.out.Id());
out.println("<br>SESSION ID:"+Id()+"<br>");
%>
</body>
</html>
启动tomcat
[root@test local]#/usr/local/tomcat1/bin/startup.sh
Using CATALINA_BASE:/usr/local/tomcat1
Using CATALINA_HOME:/usr/local/tomcat1
Using CATALINA_TMPDIR:/usr/local/tomcat1/temp
Using JRE_HOME:/usr/local/jdk
Using CLASSPATH:/usr/local/tomcat1/bin/bootstrap.jar:/usr/local/tomcat1/bin/tomcat-juli.jar [root@test local]#/usr/local/tomcat2/bin/startup.sh
Using CATALINA_BASE:/usr/local/tomcat2
Using CATALINA_HOME:/usr/local/tomcat2
Using CATALINA_TMPDIR:/usr/local/tomcat2/temp
Using JRE_HOME:/usr/local/jdk
Using CLASSPATH:/usr/local/tomcat2/bin/bootstrap.jar:/usr/local/tomcat2/bin/tomcat-juli.jar [root@test local]#
发表评论