진취적 삶
docker 기반 nginx 를 이용한 로드 밸런싱 본문
3tier 구축과 nignx 를 이용한 로드밸런싱을 해보려고 한다.
nano 설치
sudo yum install nano
ifcfg-eth0 코드
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0
PREFIX 부분이 넷마스크 해당 부분을 16에서 24 로 변경한다.
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eth0"
UUID="a64bbff9-82ca-40cc-9dbf-3a82f4c53d85"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="172.16.210.44"
PREFIX="24"
GATEWAY="172.16.210.20"
DNS1="192.9.10.4"
IPV6_PRIVACY="no"
네트워크 서비스 재시작
sudo systemctl restart network
1. selinux disabled
nano /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
docker 설치
- docker —version 으로 확인
- yum -y update
- Docker repository 추가
- (yum-config-manager 로 저장소 추가)
sudo yum install yum-utilsyum-config-manager --add-repo <https://download.docker.com/linux/centos/docker-ce.repo>- ( 저장소 활성화)
yum-config-manager —enable docker-ce-nightly - 최신버전 도커 설치
yum -y install docker-ce docker-ce-cli containerd.io
- docker 실행을 한다
systemctl start docker
systemctl enable docker
- docker 실행 상태 체크
systemctl status docker
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since 토 2023-10-28 21:22:36 KST; 1min 41s ago
Docs: <https://docs.docker.com>
Main PID: 58282 (dockerd)
CGroup: /system.slice/docker.service
└─58282 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/contai..
Nginx proxy manager 설치
외부와 내부와의 통신을 연결해주는 보안 통로
reverse proxy, redirection ,보안인증 SSL 인증서 등의 보안등을 GUI 로 관리할수 있게끔 하는 기술 스택
docker-compose 이용하여 설치
sudo curl -L "<https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$>(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
권한 주기
sudo chmod +x /usr/local/bin/docker-compose
dock-compose.yml 작성
nano docker-compose.yml
version: '3'
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
- '10001-10199:10001-10199'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
Nginx web server 설치
docker 이용한 nginx 설치
docker pull nginx
이미지 확인
docker image ls
nginx 도커 실행
docker run -d --restart=always --name ws_nginx -p 80:80 nginx
실행 확인
docker ps -a
필요한 파일 다운로드
yum update
yum install -y wget vim
WAS 설치 2개
172.16.210.44 와 172.16.210.45 를 이용하여 WAS01 WAS02 구축하기
톰캣 검색
docker search tomcat
톰캣 이미지 다운
docker pull tomcat
톰캣 컨테이너 실행
WAS 01 실행
docker run -d -i -t --restart=always --name was_tomcat1 -p 8080:8080 -p 8009:8009 tomcat
WAS 02 실행
docker run -d -i -t --restart=always --name was_tomcat2 -p 8080:8080 -p 8009:8009 tomcat
8080 은 톰켓 기본 포트이고 8009 는 아파치와 연동을 위해 둔것이다.
bash 들어가기
docker exec -it was_tomcat1 /bin/bash
기본 유틸리티 설치
apt-get update
apt-get install -y wget
apt-get install -y vim
페이지 생성
root@343c4b4c6ebb:/usr/local/tomcat# cd webapps
root@343c4b4c6ebb:/usr/local/tomcat/webapps# pwd
/usr/local/tomcat/webapps
root@343c4b4c6ebb:/usr/local/tomcat/webapps# dir
root@343c4b4c6ebb:/usr/local/tomcat/webapps# ls
root@343c4b4c6ebb:/usr/local/tomcat/webapps# mkdir ROOT
root@343c4b4c6ebb:/usr/local/tomcat/webapps# cd ROOT/
root@343c4b4c6ebb:/usr/local/tomcat/webapps/ROOT# nano index.jsp
bash: nano: command not found
root@343c4b4c6ebb:/usr/local/tomcat/webapps/ROOT# vi index.jsp
보안 강화를 위한 nginx proxy 서버에서 포트 stream
172.16.210.42: 81 들어가기
NAME forward host incoming port → forward port incoming port → forward port
| Nginx proxy (suha1) | 172.16.210.42 | 10001 →22 | 10002 →81 |
| Nginx (WS1) (suha2) | 172.16.210.43 | 10003 →22 | 10004 →80 |
| Tomcat (WAS1) (suha3) | 172.16.210.44 | 10005 →22 | 10006 →8080 |
| Tomcat(WAS2) (suha4) | 172.16.210.45 | 10007→22 | 10008 →8080 |
| MariaDB(DB) (suha5) | 172.16.210.46 | 10009→22 | 10010→3306 |
| MariaDB(DB) (suha6) | 172.16.210.47 | 10011→22 | 10012→3306 |
proxy 등록후 nginx proxy 를 통해 포트별로 포워딩이 되어 접속 가능
- ssh 연결 : ssh root@172.16.210.42 -p 10001
- 웹사이트 : 172.16.210.42:10002
다른 ws 나 was 도 nginx proxy 를 통해 접속
- ws
- ssh root@172.16.210.42 -p 10003
- 172.16.210.42:10004
Nginx.conf 파일 수정
- docker exec -it ws_nginx /bin/bash
vi 편집을 위해 설치
apt-get update
apt-get install vim
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
#include /etc/nginx/conf.d/*.conf;
//로드 밸런싱 처리
upstream tomcat{
least_conn;
server 172.16.210.42:10006 max_fails=3 fail_timeout=3s;
server 172.16.210.42:10008 max_fails=3 fail_timeout=3s;
}
server {
listen 80;
listen [::]:80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
proxy_pass <http://tomcat>;
proxy_set_header Host $http_host;
}
}
}
server 172.16.210.42:10006 max_fails=3 fail_timeout=3s;
→ WAS1
server 172.16.210.42:10008 max_fails=3 fail_timeout=3s;
→ WAS2
Maria DB 설치
172.16.210.46 에서 진행
마리아 db 찾기
docker search maria
마리아 db 설치
docker pull mariadb
마리아 db 설치 및 구동
docker run --name mariadb01 -d -p 3306:3306 --restart=always -e MYSQL_ROOT_PASSWORD=Qwert1234! mariadb
— name mariadb01 : 컨테이너 이름을 mariadb01 로 지정
-d 컨테이너를 백그라운드로 실행
-p :3306:3306 : 호스트 - 컨테이너 간 포트 연결. 3306 포트 접속시 컨테이너 3306 포트로 포워딩
bash 실행
docker exec -it mariadb01 /bin/bash
mariadb 실행
mariadb -u root -p
테스트 db 생성
create database testdb;
tomcat 과 maria DB 연동
mysql(mariaDB) 연동 jdbc driver 다운로드하기
wget 으로 해당 주소 jdbc 다운로드
tar 압축 파일 풀기
tar zxvf mysql-connector-j-8.2.0.tar.gz
복사하기
cp mysql-connector-j-8.2.0.jar /usr/local/tomcat/lib/
root@343c4b4c6ebb:/usr/local/tomcat/lib# dir
annotations-api.jar ecj-4.27.jar mysql-connector-j-8.2.0.jar tomcat-i18n-es.jar tomcat-jdbc.jar
catalina-ant.jar el-api.jar servlet-api.jar tomcat-i18n-fr.jar tomcat-jni.jar
catalina-ha.jar jakartaee-migration-1.0.7-shaded.jar tomcat-api.jar tomcat-i18n-ja.jar tomcat-util.jar
catalina.jar jasper-el.jar tomcat-coyote.jar tomcat-i18n-ko.jar tomcat-util-scan.jar
catalina-ssi.jar jasper.jar tomcat-dbcp.jar tomcat-i18n-pt-BR.jar tomcat-websocket.jar
catalina-storeconfig.jar jaspic-api.jar tomcat-i18n-cs.jar tomcat-i18n-ru.jar websocket-api.jar
catalina-tribes.jar jsp-api.jar tomcat-i18n-de.jar tomcat-i18n-zh-CN.jar websocket-client-api.jar
잘 들어간걸 볼수 있다 .
해당 작업후 WAS docker instance를 재시작 해야한다.
docker ps -a
[root@suha3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
343c4b4c6ebb tomcat "catalina.sh run" About an hour ago Up About an hour 0.0.0.0:8009->8009/tcp, :::8009->8009/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp was_tomcat1
재시작
docker restart 343c4b4c6ebb
/usr/local/tomcat/webapps/ROOT
dbconnection.jsp
<%@ page import="java.sql.*" contentType="text/html;charset=utf-8"%>
<%
String DB_URL ="jdbc:mysql://172.16.210.42:10010/testdb";
String DB_USER ="root";
String DB_PASSWORD="Qwert1234!";
Connection conn;
Statement stmt;
try{
Class.forName("com.mysql.jdbc.Driver");
conn=DriverManager.getConnection(DB_URL,DB_USER,DB_PASSWORD);
stmt=conn.createStatement();
conn.close();
out.println("MySQL/Maria DB connection success!");
}
catch(Exception e){
out.println(e);
}
%>
두번째 db의경우
<%@ page import="java.sql.*" contentType="text/html;charset=utf-8"%>
<%
String DB_URL ="jdbc:mysql://172.16.210.42:10012/testdb";
String DB_USER ="root";
String DB_PASSWORD="Qwert1234!";
Connection conn;
Statement stmt;
try{
Class.forName("com.mysql.jdbc.Driver");
conn=DriverManager.getConnection(DB_URL,DB_USER,DB_PASSWORD);
stmt=conn.createStatement();
conn.close();
out.println("MySQL/Maria DB connection success!");
}
catch(Exception e){
out.println(e);
}
%>
nano 설치
sudo yum install nano
영구적인 변경 코드
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0
ifcfg-eth0 코드
PREFIX 부분이 넷마스크 해당 부분을 16에서 24 로 변경한다.
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eth0"
UUID="a64bbff9-82ca-40cc-9dbf-3a82f4c53d85"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="172.16.210.44"
PREFIX="24"
GATEWAY="172.16.210.20"
DNS1="192.9.10.4"
IPV6_PRIVACY="no"
네트워크 서비스 재시작
sudo systemctl restart network
1. selinux disabled
nano /etc/selinux/config
/etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
docker 설치
- docker —version 으로 확인
- yum -y update
- Docker repository 추가
- (yum-config-manager 로 저장소 추가)
sudo yum install yum-utilsyum-config-manager --add-repo <https://download.docker.com/linux/centos/docker-ce.repo>- ( 저장소 활성화)
yum-config-manager —enable docker-ce-nightly - 최신버전 도커 설치
yum -y install docker-ce docker-ce-cli containerd.io
- docker 실행을 한다
systemctl start docker
systemctl enable docker
- docker 실행 상태 체크
systemctl status docker
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since 토 2023-10-28 21:22:36 KST; 1min 41s ago
Docs: <https://docs.docker.com>
Main PID: 58282 (dockerd)
CGroup: /system.slice/docker.service
└─58282 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/contai..
Nginx proxy manager 설치
외부와 내부와의 통신을 연결해주는 보안 통로
reverse proxy, redirection ,보안인증 SSL 인증서 등의 보안등을 GUI 로 관리할수 있게끔 하는 기술 스택
docker-compose 이용하여 설치
sudo curl -L "<https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$>(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
권한 주기
sudo chmod +x /usr/local/bin/docker-compose
dock-compose.yml 작성
nano docker-compose.yml
version: '3'
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
- '10001-10199:10001-10199'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
nginx 사이트 입장
172.16.210.42:81
Nginx web server 설치
172.16.210.43 에서 실행
docker 이용한 nginx 설치
docker pull nginx
이미지 확인
docker image ls
nginx 도커 실행
docker run -d --restart=always --name ws_nginx -p 80:80 nginx
실행 확인
docker ps -a
필요한 파일 다운로드
yum update
yum install -y wget vim
WAS 설치 2개
172.16.210.44 와 172.16.210.45 를 이용하여 WAS01 WAS02 구축하기
톰캣 검색
docker search tomcat
톰캣 이미지 다운
docker pull tomcat
톰캣 컨테이너 실행
WAS 01 실행
docker run -d -i -t --restart=always --name was_tomcat1 -p 8080:8080 -p 8009:8009 tomcat
WAS 02 실행
docker run -d -i -t --restart=always --name was_tomcat2 -p 8080:8080 -p 8009:8009 tomcat
8080 은 톰켓 기본 포트이고 8009 는 아파치와 연동을 위해 둔것이다.
bash 들어가기
docker exec -it was_tomcat1 /bin/bash
기본 유틸리티 설치
apt-get update
apt-get install -y wget
apt-get install -y vim
페이지 생성
root@343c4b4c6ebb:/usr/local/tomcat# cd webapps
root@343c4b4c6ebb:/usr/local/tomcat/webapps# pwd
/usr/local/tomcat/webapps
root@343c4b4c6ebb:/usr/local/tomcat/webapps# dir
root@343c4b4c6ebb:/usr/local/tomcat/webapps# ls
root@343c4b4c6ebb:/usr/local/tomcat/webapps# mkdir ROOT
root@343c4b4c6ebb:/usr/local/tomcat/webapps# cd ROOT/
root@343c4b4c6ebb:/usr/local/tomcat/webapps/ROOT# nano index.jsp
bash: nano: command not found
root@343c4b4c6ebb:/usr/local/tomcat/webapps/ROOT# vi index.jsp
보안 강화를 위한 nginx proxy 서버에서 포트 stream
172.16.210.42: 81 들어가기
NAME forward host incoming port → forward port incoming port → forward port
| Nginx proxy (suha1) | 172.16.210.42 | 10001 →22 | 10002 →81 |
| Nginx (WS1) (suha2) | 172.16.210.43 | 10003 →22 | 10004 →80 |
| Tomcat (WAS1) (suha3) | 172.16.210.44 | 10005 →22 | 10006 →8080 |
| Tomcat(WAS2) (suha4) | 172.16.210.45 | 10007→22 | 10008 →8080 |
| MariaDB(DB) (suha5) | 172.16.210.46 | 10009→22 | 10010→3306 |
| MariaDB(DB) (suha6) | 172.16.210.47 | 10011→22 | 10012→3306 |
proxy 등록후 nginx proxy 를 통해 포트별로 포워딩이 되어 접속 가능
- ssh 연결 : ssh root@172.16.210.42 -p 10001
- 웹사이트 : 172.16.210.42:10002
다른 ws 나 was 도 nginx proxy 를 통해 접속
- ws
- ssh root@172.16.210.42 -p 10003
- 172.16.210.42:10004
Nginx.conf 파일 수정
- docker exec -it ws_nginx /bin/bash
vi 편집을 위해 설치
apt-get update
apt-get install vim
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
#include /etc/nginx/conf.d/*.conf;
//로드 밸런싱 처리
upstream tomcat{
least_conn;
server 172.16.210.42:10006 max_fails=3 fail_timeout=3s;
server 172.16.210.42:10008 max_fails=3 fail_timeout=3s;
}
server {
listen 80;
listen [::]:80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
proxy_pass <http://tomcat>;
proxy_set_header Host $http_host;
}
}
}
server 172.16.210.42:10006 max_fails=3 fail_timeout=3s;
→ WAS1
server 172.16.210.42:10008 max_fails=3 fail_timeout=3s;
→ WAS2
Maria DB 설치
172.16.210.46 에서 진행
마리아 db 찾기
docker search maria
마리아 db 설치
docker pull mariadb
마리아 db 설치 및 구동
docker run --name mariadb01 -d -p 3306:3306 --restart=always -e MYSQL_ROOT_PASSWORD=Qwert1234! mariadb
— name mariadb01 : 컨테이너 이름을 mariadb01 로 지정
-d 컨테이너를 백그라운드로 실행
-p :3306:3306 : 호스트 - 컨테이너 간 포트 연결. 3306 포트 접속시 컨테이너 3306 포트로 포워딩
bash 실행
docker exec -it mariadb01 /bin/bash
mariadb 실행
mariadb -u root -p
테스트 db 생성
create database testdb;
tomcat 과 maria DB 연동
mysql(mariaDB) 연동 jdbc driver 다운로드하기
wget 으로 해당 주소 jdbc 다운로드
tar 압축 파일 풀기
tar zxvf mysql-connector-j-8.2.0.tar.gz
복사하기
cp mysql-connector-j-8.2.0.jar /usr/local/tomcat/lib/
root@343c4b4c6ebb:/usr/local/tomcat/lib# dir
annotations-api.jar ecj-4.27.jar mysql-connector-j-8.2.0.jar tomcat-i18n-es.jar tomcat-jdbc.jar
catalina-ant.jar el-api.jar servlet-api.jar tomcat-i18n-fr.jar tomcat-jni.jar
catalina-ha.jar jakartaee-migration-1.0.7-shaded.jar tomcat-api.jar tomcat-i18n-ja.jar tomcat-util.jar
catalina.jar jasper-el.jar tomcat-coyote.jar tomcat-i18n-ko.jar tomcat-util-scan.jar
catalina-ssi.jar jasper.jar tomcat-dbcp.jar tomcat-i18n-pt-BR.jar tomcat-websocket.jar
catalina-storeconfig.jar jaspic-api.jar tomcat-i18n-cs.jar tomcat-i18n-ru.jar websocket-api.jar
catalina-tribes.jar jsp-api.jar tomcat-i18n-de.jar tomcat-i18n-zh-CN.jar websocket-client-api.jar
잘 들어간걸 볼수 있다 .
해당 작업후 WAS docker instanc를 재시작 해야한다.
docker ps -a
[root@suha3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
343c4b4c6ebb tomcat "catalina.sh run" About an hour ago Up About an hour 0.0.0.0:8009->8009/tcp, :::8009->8009/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp was_tomcat1
재시작
docker restart 343c4b4c6ebb
/usr/local/tomcat/webapps/ROOT
dbconnection.jsp
<%@ page import="java.sql.*" contentType="text/html;charset=utf-8"%>
<%
String DB_URL ="jdbc:mysql://172.16.210.42:10010/testdb";
String DB_USER ="root";
String DB_PASSWORD="Qwert1234!";
Connection conn;
Statement stmt;
try{
Class.forName("com.mysql.jdbc.Driver");
conn=DriverManager.getConnection(DB_URL,DB_USER,DB_PASSWORD);
stmt=conn.createStatement();
conn.close();
out.println("MySQL/Maria DB connection success!");
}
catch(Exception e){
out.println(e);
}
%>
두번째 db의경우
<%@ page import="java.sql.*" contentType="text/html;charset=utf-8"%>
<%
String DB_URL ="jdbc:mysql://172.16.210.42:10012/testdb";
String DB_USER ="root";
String DB_PASSWORD="Qwert1234!";
Connection conn;
Statement stmt;
try{
Class.forName("com.mysql.jdbc.Driver");
conn=DriverManager.getConnection(DB_URL,DB_USER,DB_PASSWORD);
stmt=conn.createStatement();
conn.close();
out.println("MySQL/Maria DB connection success!");
}
catch(Exception e){
out.println(e);
}
%>
nano 설치
sudo yum install nano
영구적인 변경 코드
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0
ifcfg-eth0 코드
PREFIX 부분이 넷마스크 해당 부분을 16에서 24 로 변경한다.
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eth0"
UUID="a64bbff9-82ca-40cc-9dbf-3a82f4c53d85"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="172.16.210.44"
PREFIX="24"
GATEWAY="172.16.210.20"
DNS1="192.9.10.4"
IPV6_PRIVACY="no"
네트워크 서비스 재시작
sudo systemctl restart network
1. selinux disabled
nano /etc/selinux/config
/etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
docker 설치
- docker —version 으로 확인
- yum -y update
- Docker repository 추가
- (yum-config-manager 로 저장소 추가)
sudo yum install yum-utilsyum-config-manager --add-repo <https://download.docker.com/linux/centos/docker-ce.repo>- ( 저장소 활성화)
yum-config-manager —enable docker-ce-nightly - 최신버전 도커 설치
yum -y install docker-ce docker-ce-cli containerd.io
- docker 실행을 한다
systemctl start docker
systemctl enable docker
- docker 실행 상태 체크
systemctl status docker
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since 토 2023-10-28 21:22:36 KST; 1min 41s ago
Docs: <https://docs.docker.com>
Main PID: 58282 (dockerd)
CGroup: /system.slice/docker.service
└─58282 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/contai..
Nginx proxy manager 설치
외부와 내부와의 통신을 연결해주는 보안 통로
reverse proxy, redirection ,보안인증 SSL 인증서 등의 보안등을 GUI 로 관리할수 있게끔 하는 기술 스택
docker-compose 이용하여 설치
sudo curl -L "<https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$>(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
권한 주기
sudo chmod +x /usr/local/bin/docker-compose
dock-compose.yml 작성
nano docker-compose.yml
version: '3'
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
- '10001-10199:10001-10199'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
nginx 사이트 입장
172.16.210.42:81
Nginx web server 설치
172.16.210.43 에서 실행
docker 이용한 nginx 설치
docker pull nginx
이미지 확인
docker image ls
nginx 도커 실행
docker run -d --restart=always --name ws_nginx -p 80:80 nginx
실행 확인
docker ps -a
필요한 파일 다운로드
yum update
yum install -y wget vim
WAS 설치 2개
172.16.210.44 와 172.16.210.45 를 이용하여 WAS01 WAS02 구축하기
톰캣 검색
docker search tomcat
톰캣 이미지 다운
docker pull tomcat
톰캣 컨테이너 실행
WAS 01 실행
docker run -d -i -t --restart=always --name was_tomcat1 -p 8080:8080 -p 8009:8009 tomcat
WAS 02 실행
docker run -d -i -t --restart=always --name was_tomcat2 -p 8080:8080 -p 8009:8009 tomcat
8080 은 톰켓 기본 포트이고 8009 는 아파치와 연동을 위해 둔것이다.
bash 들어가기
docker exec -it was_tomcat1 /bin/bash
기본 유틸리티 설치
apt-get update
apt-get install -y wget
apt-get install -y vim
페이지 생성
root@343c4b4c6ebb:/usr/local/tomcat# cd webapps
root@343c4b4c6ebb:/usr/local/tomcat/webapps# pwd
/usr/local/tomcat/webapps
root@343c4b4c6ebb:/usr/local/tomcat/webapps# dir
root@343c4b4c6ebb:/usr/local/tomcat/webapps# ls
root@343c4b4c6ebb:/usr/local/tomcat/webapps# mkdir ROOT
root@343c4b4c6ebb:/usr/local/tomcat/webapps# cd ROOT/
root@343c4b4c6ebb:/usr/local/tomcat/webapps/ROOT# nano index.jsp
bash: nano: command not found
root@343c4b4c6ebb:/usr/local/tomcat/webapps/ROOT# vi index.jsp
보안 강화를 위한 nginx proxy 서버에서 포트 stream
172.16.210.42: 81 들어가기
NAME forward host incoming port → forward port incoming port → forward port
| Nginx proxy (suha1) | 172.16.210.42 | 10001 →22 | 10002 →81 |
| Nginx (WS1) (suha2) | 172.16.210.43 | 10003 →22 | 10004 →80 |
| Tomcat (WAS1) (suha3) | 172.16.210.44 | 10005 →22 | 10006 →8080 |
| Tomcat(WAS2) (suha4) | 172.16.210.45 | 10007→22 | 10008 →8080 |
| MariaDB(DB) (suha5) | 172.16.210.46 | 10009→22 | 10010→3306 |
| MariaDB(DB) (suha6) | 172.16.210.47 | 10011→22 | 10012→3306 |
proxy 등록후 nginx proxy 를 통해 포트별로 포워딩이 되어 접속 가능
- ssh 연결 : ssh root@172.16.210.42 -p 10001
- 웹사이트 : 172.16.210.42:10002
다른 ws 나 was 도 nginx proxy 를 통해 접속
- ws
- ssh root@172.16.210.42 -p 10003
- 172.16.210.42:10004
Nginx.conf 파일 수정
- docker exec -it ws_nginx /bin/bash
vi 편집을 위해 설치
apt-get update
apt-get install vim
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
#include /etc/nginx/conf.d/*.conf;
//로드 밸런싱 처리
upstream tomcat{
least_conn;
server 172.16.210.42:10006 max_fails=3 fail_timeout=3s;
server 172.16.210.42:10008 max_fails=3 fail_timeout=3s;
}
server {
listen 80;
listen [::]:80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
proxy_pass <http://tomcat>;
proxy_set_header Host $http_host;
}
}
}
server 172.16.210.42:10006 max_fails=3 fail_timeout=3s;
→ WAS1
server 172.16.210.42:10008 max_fails=3 fail_timeout=3s;
→ WAS2
Maria DB 설치
172.16.210.46 에서 진행
마리아 db 찾기
docker search maria
마리아 db 설치
docker pull mariadb
마리아 db 설치 및 구동
docker run --name mariadb01 -d -p 3306:3306 --restart=always -e MYSQL_ROOT_PASSWORD=Qwert1234! mariadb
— name mariadb01 : 컨테이너 이름을 mariadb01 로 지정
-d 컨테이너를 백그라운드로 실행
-p :3306:3306 : 호스트 - 컨테이너 간 포트 연결. 3306 포트 접속시 컨테이너 3306 포트로 포워딩
bash 실행
docker exec -it mariadb01 /bin/bash
mariadb 실행
mariadb -u root -p
테스트 db 생성
create database testdb;
tomcat 과 maria DB 연동
mysql(mariaDB) 연동 jdbc driver 다운로드하기
wget 으로 해당 주소 jdbc 다운로드
tar 압축 파일 풀기
tar zxvf mysql-connector-j-8.2.0.tar.gz
복사하기
cp mysql-connector-j-8.2.0.jar /usr/local/tomcat/lib/
root@343c4b4c6ebb:/usr/local/tomcat/lib# dir
annotations-api.jar ecj-4.27.jar mysql-connector-j-8.2.0.jar tomcat-i18n-es.jar tomcat-jdbc.jar
catalina-ant.jar el-api.jar servlet-api.jar tomcat-i18n-fr.jar tomcat-jni.jar
catalina-ha.jar jakartaee-migration-1.0.7-shaded.jar tomcat-api.jar tomcat-i18n-ja.jar tomcat-util.jar
catalina.jar jasper-el.jar tomcat-coyote.jar tomcat-i18n-ko.jar tomcat-util-scan.jar
catalina-ssi.jar jasper.jar tomcat-dbcp.jar tomcat-i18n-pt-BR.jar tomcat-websocket.jar
catalina-storeconfig.jar jaspic-api.jar tomcat-i18n-cs.jar tomcat-i18n-ru.jar websocket-api.jar
catalina-tribes.jar jsp-api.jar tomcat-i18n-de.jar tomcat-i18n-zh-CN.jar websocket-client-api.jar
잘 들어간걸 볼수 있다 .
해당 작업후 WAS docker instanc를 재시작 해야한다.
docker ps -a
[root@suha3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
343c4b4c6ebb tomcat "catalina.sh run" About an hour ago Up About an hour 0.0.0.0:8009->8009/tcp, :::8009->8009/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp was_tomcat1
재시작
docker restart 343c4b4c6ebb
/usr/local/tomcat/webapps/ROOT
dbconnection.jsp
<%@ page import="java.sql.*" contentType="text/html;charset=utf-8"%>
<%
String DB_URL ="jdbc:mysql://172.16.210.42:10010/testdb";
String DB_USER ="root";
String DB_PASSWORD="Qwert1234!";
Connection conn;
Statement stmt;
try{
Class.forName("com.mysql.jdbc.Driver");
conn=DriverManager.getConnection(DB_URL,DB_USER,DB_PASSWORD);
stmt=conn.createStatement();
conn.close();
out.println("MySQL/Maria DB connection success!");
}
catch(Exception e){
out.println(e);
}
%>
두번째 db의경우
<%@ page import="java.sql.*" contentType="text/html;charset=utf-8"%>
<%
String DB_URL ="jdbc:mysql://172.16.210.42:10012/testdb";
String DB_USER ="root";
String DB_PASSWORD="Qwert1234!";
Connection conn;
Statement stmt;
try{
Class.forName("com.mysql.jdbc.Driver");
conn=DriverManager.getConnection(DB_URL,DB_USER,DB_PASSWORD);
stmt=conn.createStatement();
conn.close();
out.println("MySQL/Maria DB connection success!");
}
catch(Exception e){
out.println(e);
}
%>
'개발' 카테고리의 다른 글
| QueryDSL (0) | 2024.02.28 |
|---|---|
| JPA 단점과 JPQL (0) | 2024.02.28 |
| JPA 와 Hibernate (0) | 2024.02.28 |
| docker를 이용한 3tier 구축하기 nginx ,tomcat,db (1) | 2024.01.18 |
'개발' Related Articles
more
