64bitのCentOS6.2 でnginx+tomcatをインストールするメモ

1.システム要件:
1.1 OSバージョンの確認
[root@startnews24-175 ~]# uname -a
Linux startnews24-175 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6 19:48:22 GMT 2011 x86_64 x86_64 x86_64 GNU/Linux
[root@startnews24-175 ~]# cat /etc/issue
CentOS release 6.2 (Final)
Kernel \r on an \m

1.2 必要なライブラリ
apache-tomcat-7.0.29.tar.gz
jdk-6u25-linux-x64.bin
nginx-0.8.33.tar.gz
2.nginx+tomcat環境を構築

2.1 gccコンパイラ、関連ツールと依存ライブラリをインストールする
[root@startnews24-175 ~]# yum -y install gcc gcc-c++ autoconf libjpeglibjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-develzlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncursesncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidnlibidn-devel openssl openssl-devel openldap openldap-devel nss_ldapopenldap-clients nfs-utils make patch openldap-servers

2.2 システムの基本制限
vim /etc/security/limits.conf (行の末尾に次の内容を追加)
* soft noproc 10240
* hard noproc 10240
* soft nofile 65536
* hard nofile 65536
# End of file
説明:
*すべてのユーザ
noproc 最大プロセス数
nofile ファイルをオープンする最大数

2.3 Linux OSのログイン設定ファイルを変更
vim /etc/pam.d/login
//次の内容を追記
session required /lib64/security/pam_limits.so
# tail -1 /etc/pam.d/login
session required /lib64/security/pam_limits.so

2.4 ファイアウォールとselinuxを停止
# /etc/init.d/iptables stop
[root@startnews24-175 ~]# setenforce 0

2.5 jdkをインストール
[root@startnews24-175 opt]#chmod +x jdk-6u25-linux-x64.bin
[root@startnews24-175 opt]# ./jdk-6u25-linux-x64.bin
[root@startnews24-175 opt]# tar -zxvf apache-tomcat-7.0.29.tar.gz
[root@startnews24-175 opt]# mv apache-tomcat-7.0.29 tomcat3

2.6 システム環境変数を設定
[root@startnews24-175 opt]# vim /etc/profile(行の末尾に3行コードを追加、システム環境変数を設定)
export CLASSPATH=”.:/opt/jdk1.6.0_25/jre/lib/rt.jar:/opt/jdk1.6.0_25/lib/dt.jar:/opt/jdk1.6.0_25/lib/tools.jar”
export PATH=$PATH:/opt/jdk1.6.0_25/bin
export JAVA_HOME=”/opt/jdk1.6.0_25″
[root@startnews24-175 opt]# source /etc/profile  //変数を有効にする

2.7 tomcatのserver.xmlを修正
[root@startnews24-175 conf]# vim /opt/tomcat3/conf/server.xml
<Connector port=”9080″protocol=”HTTP/1.1″
connectionTimeout=”20000″
URIEncoding=”utf-8″
redirectPort=”8443″
maxThreads=”500″ />
<Context path=””docBase=”/opt/newWebshop” useHttpOnly=”false”>
<ManagerclassName=”de.javakaffee.web.msm.MemcachedBackupSessionManager”
copyCollectionsForSerialization=”false”
sessionBackupTimeout=”100″
sessionBackupAsync=”false”
sticky=”false”
requestUriIgnorePattern=”.*\.(ico|png|gif|jpg|css|js)$”
memcachedNodes=”n1:192.168.5.11:11211,n2:192.168.5.15:11211″/>
</Context>

2.8 最大メモリを増やすために仮想マシンを追加
[root@startnews24-175 conf]# vim ../bin/catalina.sh +99
JAVA_OPTS=”-server -Djava.awt.headless=true -Xms728m-Xmx1024m -XX:PermSize=128m -XX:MaxPermSize=256m”

2.9 nginxをインストール
2.9.1 HTTPrewriteをサポート
[root@startnews24-175 ~]# cd /opt/
[root@startnews24-175 opt]# tar -zxvf pcre-7.6.tar.gz
[root@startnews24-175 pcre-7.6]# ./configure
[root@startnews24-175 pcre-7.6]# make && make install

2.9.2 jpegをコンパイルしてインストール
[root@startnews24-175 opt]# tar -zxvf jpegsrc.v7.tar.gz
[root@startnews24-175 opt]# cd jpeg-7/
[root@startnews24-175 opt]# ./configure –enable-shared –enable-static
[root@startnews24-175 opt]# make && make install

2.9.3 nginxのユーザーとグループを作成
useradd -s /sbin/nologin -M nginx
groupadd ngnix
[root@startnews24-175 opt]# tar -zxvfnginx-upstream-jvm-route-0.2.tar.gz
[root@startnews24-175 opt]# tar -zxvf nginx-0.8.33.tar.gz
[root@startnews24-175 opt]# mv nginx-0.8.33 nginx5
[root@startnews24-175 opt]# cd nginx5

2.9.4 CookieのSession Sticky機能を実現
patch -p0 < /opt/nginx_upstream_jvm_route/jvm_route.patch

2.9.5 nginxをコンパイルしてインストール
[root@startnews24-175 nginx5]# ./configure –prefix=/opt/nginx6–with-http_stub_status_module –with-pcre=/opt/pcre-7.6–add-module=../nginx_upstream_jvm_route/ –with-openssl=/usr/bin/openssl
[root@startnews24-175 nginx5]# make && make install

2.9.6 nginx.confの設定
コードの一部抜粋:
user nobody;
worker_processes 4;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
worker_rlimit_nofile 51200;
events {
use epoll;
worker_connections 51200;
}
http {
include mime.types;
default_type application/octet-stream;
# limit_zone one $binary_remote_addr 10m;
server_names_hash_bucket_size 256;
client_header_buffer_size 256k;
large_client_header_buffers 4 256k;
client_max_body_size200m;
client_body_buffer_size 256k;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
send_timeout 3m;
keepalive_timeout 120;
server_tokens off;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascripttext/css application/xml text/jsp;
gzip_vary on;
#proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $http_x_forwarded_for;
proxy_set_header X-Forwarded-For$proxy_add_x_forwarded_for;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
# proxy_buffers 32 4k;
log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” “$http_x_forwarded_for”‘;
proxy_temp_path/opt/proxy_temp_path;
proxy_cache_path/opt/proxy_cache_path levels=1:2 keys_zone=cache_one:500m inactive=1dmax_size=30g;
# access_log logs/access.log main;
#sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
#keepalive_timeout 65;
#gzip on;
upstream www.arkgame.com{
server 127.0.0.1:9080;
ip_hash;
}
server {
listen 192.168.8.115:80;
server_name www.arkgame.com localhost 192.168.8.115;
#charset UTF-8;
access_log logs/access_startnews24.log main;
if ($host ~arkgame.com){
rewrite ^(.*)http://www.arkgame.com$1 permanent;
}
if ($host ~XXX.com){
rewrite ^(.*)http://www.arkgame.com$1 permanent;
}

location ^~/html/article/{
rewrite/html/article/(\d+)/(\d+)/(\d+)/(.*)\.html$ /wineCulture/detail-$1$2$3$4.shtml;
}
location / {
proxy_pass http://www.arkgame.com;
proxy_set_header X-Real-IP $http_x_forwarded_for;
index index.html index.shtmlindex.jsp login.jsp index.htm;
#proxy_redirect off;
}
location ~^/static/ {
root /opt/newWebshop/;
access_log on;
expires 12h;
}
location ~^/re- {
proxy_pass http://www.arkgame.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}

location ^~/html/culture{
rewrite /html/culture/cultureIndex\.html /wineCulture permanent;
}
location ~^/p-list/* {
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_cache cache_one;
proxy_cache_valid 200 304 12h;
proxy_cache_key $host$uri$is_args$args;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For$remote_addr;
proxy_pass http://www.arkgame.com;
expires 1h;
}

}
location /html {
root /opt/webshop/;
index index.html index.jsp index.shtml login.jsp index.htm;
access_log off;
expires 12h;
}
location ^~ /bg
{
return 404;
}
location ^~ /WEB-INF
{
return 404;
}
error_page 404 http://www.XXX.com/404.jsp;
error_page 500 502 503 504 /50x.html;
location =/50x.html {
root html;
}
server_name_in_redirect off;
}
}

#mkdir /opt/webshop
#mkdir /opt/newWebshop
#mount 192.168.8.180:/root/webshop /opt/webshop/ -o nolock
#mount 192.168.8.180:/opt/newWebshop /opt/newWebshop/ -o nolock

2.10 nginxとtomcatを起動
[root@startnews24-175 ~]# /opt/tomcat3/bin/startup.sh
Using CATALINA_BASE: /opt/tomcat3
Using CATALINA_HOME: /opt/tomcat3
Using CATALINA_TMPDIR: /opt/tomcat3/temp
Using JRE_HOME: /opt/jdk1.6.0_25
Using CLASSPATH: /opt/tomcat3/bin/bootstrap.jar:/opt/tomcat3/bin/tomcat-juli.jar
[root@startnews24-175 ~]# /opt/nginx6/sbin/nginx -t
the configuration file /opt/nginx6/conf/nginx.conf syntax is ok
configuration file /opt/nginx6/conf/nginx.conf test issuccessful
[root@startnews24-175 ~]# /opt/nginx6/sbin/nginx

2.11 Tomcatとnginxが成功に起動するかどうかを確認
[root@startnews24-175 ~]# ps -ef | grep java
root 3684 1 68 15:51 pts/0 00:01:04/opt/jdk1.6.0_25/bin/java-Djava.util.logging.config.file=/opt/tomcat3/conf/logging.properties -server-Djava.awt.headless=true -Xms728m -Xmx1024m -XX:PermSize=128m-XX:MaxPermSize=256m -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager-Djava.endorsed.dirs=/opt/tomcat3/endorsed -classpath/opt/tomcat3/bin/bootstrap.jar:/opt/tomcat3/bin/tomcat-juli.jar-Dcatalina.base=/opt/tomcat3 -Dcatalina.home=/opt/tomcat3-Djava.io.tmpdir=/opt/tomcat3/temp org.apache.catalina.startup.Bootstrap start
root 3745 3427 015:52 pts/0 00:00:00 grep java
[root@startnews24-175 ~]# ps -ef | grep nginx
root 3711 1 015:51 ? 00:00:00 nginx: masterprocess /opt/nginx6/sbin/nginx
nobody 3712 3711 015:51 ? 00:00:00 nginx: worker process
nobody 3713 3711 015:51 ? 00:00:00 nginx: workerprocess
nobody 3714 3711 015:51 ? 00:00:00 nginx: workerprocess
nobody 3715 3711 015:51 ? 00:00:00 nginx: workerprocess
nobody 3716 3711 015:51 ? 00:00:00 nginx: cachemanager process
root 3747 3427 015:53 pts/0 00:00:00 grep nginx