Nginx+SpringBoot主从节点无感部署#

整体架构图

架构概述#

单服务器主从架构,通过 Nginx 反向代理实现主备节点自动故障转移。

架构图

服务器信息

主机：阿里云 ECS
IP：1.2.3.4
域名：epay.twenhub.com / epaydoc.twenhub.com
Web 服务器：OpenResty 1.27.1.2

服务端口分配

HTTP：80（强制跳转 HTTPS）
HTTPS：443（主站访问）
Master 主节点：9988
Slave 从节点：9989
NotifyPro 服务：41005

目录结构#

1
/home/server/
2
├── backend/digital_card_backend/
3
│   ├── master/
4
│   │   ├── deploy_master.sh
5
│   │   ├── jeecg-system-start-3.4.3.jar
6
│   │   └── master.log
7
│   └── slave/
8
│       ├── deploy_slave.sh
9
│       ├── jeecg-system-start-3.4.3.jar
10
│       └── slave.log
11
├── fontend/
12
│   ├── digital_card_frontend/    # 主站前端
13
│   └── doc/                      # 文档站前端
14
└── /home/flowapp/
15
    └── jeecg-system-start-3.4.3.tgz    # 部署制品
16

17
/home/nginxcert/
18
├── _.twenhub.com.crt
19
└── _.twenhub.com.key
20

21
/usr/local/openresty/nginx/conf/
22
└── nginx.conf

Nginx 配置#

完整配置文件#

路径：/usr/local/openresty/nginx/conf/nginx.conf

1
# user  nginx;
2
worker_processes  auto;
3
worker_rlimit_nofile 65535;
4
worker_shutdown_timeout 10s;
5

6
error_log  logs/error.log  warn;
7
pid        logs/nginx.pid;
8

9
events {
10
    worker_connections 65535;
11
    multi_accept on;
12
    use epoll;
13
}
14

15
http {
16
    include       mime.types;
17
    default_type  application/octet-stream;
18

19
    # Gzip 压缩
20
    gzip  on;
21
    gzip_min_length 1k;
22
    gzip_comp_level 6;
23
    gzip_vary  on;
24
    gzip_disable "MSIE [1-6]\\.";
25
    gzip_types
26
        text/plain text/css
27
        application/javascript application/json
28
        application/xml text/javascript;
29

30
    sendfile        on;
31
    keepalive_timeout 65;
32
    server_tokens off;
33
    client_max_body_size 30m;
34
    client_body_timeout 300s;
35

36
    # WebSocket 支持
37
    map $http_upgrade $connection_upgrade {
38
        default upgrade;
39
        ''      "";
40
    }
41

42
    # 后端主备服务
43
    upstream backend_service {
44
        zone backend_zone 64k;
45
        server 127.0.0.1:9988 max_fails=2 fail_timeout=5s;
46
        server 127.0.0.1:9989 backup max_fails=1 fail_timeout=5s;
47
        keepalive 64;
48
        keepalive_timeout 60s;
49
        keepalive_requests 1000;
50
    }
51

52
    # 通知服务
53
    upstream notify_service {
54
        zone notify_zone 64k;
55
        server 127.0.0.1:41005 max_fails=2 fail_timeout=5s;
56
        keepalive 32;
57
        keepalive_timeout 60s;
58
        keepalive_requests 1000;
59
    }
60

61
    # HTTP 跳转 HTTPS
62
    server {
63
        listen       80;
64
        listen       [::]:80;
65
        server_name  epay.twenhub.com;
66
        return 301 https://$host$request_uri;
67
    }
68

69
    # 文档站
70
    server {
71
        listen       443 ssl;
72
        server_name  epaydoc.twenhub.com;
73

74
        ssl_certificate      /home/nginxcert/_.twenhub.com.crt;
75
        ssl_certificate_key  /home/nginxcert/_.twenhub.com.key;
76
        ssl_session_cache    shared:SSL:10m;
77
        ssl_session_timeout  10m;
78
        ssl_protocols        TLSv1.2 TLSv1.3;
79
        ssl_ciphers          HIGH:!aNULL:!MD5;
80
        ssl_prefer_server_ciphers on;
81

82
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
83
        add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always;
84
        add_header Pragma "no-cache" always;
85
        add_header Expires "0" always;
86

87
        root  /home/server/fontend/doc;
88
        index index.html index.htm;
89

90
        location / {
91
            try_files $uri $uri/ =404;
92
        }
93
    }
94

95
    # 主站
96
    server {
97
        listen       443 ssl;
98
        listen       [::]:443 ssl;
99
        http2        on;
100
        server_name  epay.twenhub.com;
101

102
        ssl_certificate      /home/nginxcert/_.twenhub.com.crt;
103
        ssl_certificate_key  /home/nginxcert/_.twenhub.com.key;
104
        ssl_session_cache    shared:SSL:10m;
105
        ssl_session_timeout  10m;
106
        ssl_protocols        TLSv1.2 TLSv1.3;
107
        ssl_ciphers          HIGH:!aNULL:!MD5;
108
        ssl_prefer_server_ciphers on;
109

110
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
111

112
        # 前端 SPA
113
        root  /home/server/fontend/digital_card_frontend;
114
        index index.html;
115
        location / {
116
            try_files $uri $uri/ /index.html;
117
        }
118

119
        # 后端 API
120
        location /api/ {
121
            proxy_pass          http://backend_service;
122
            proxy_http_version  1.1;
123

124
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
125
            proxy_next_upstream_tries 2;
126

127
            proxy_connect_timeout  1s;
128
            proxy_send_timeout     30s;
129
            proxy_read_timeout     120s;
130

131
            proxy_set_header    Upgrade           $http_upgrade;
132
            proxy_set_header    Connection        $connection_upgrade;
133
            proxy_set_header    Host              $host;
134
            proxy_set_header    X-Real-IP         $remote_addr;
135
            proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
136
            proxy_set_header    X-Forwarded-Proto $scheme;
137
        }
138

139
        # 通知服务
140
        location /notify/ {
141
            proxy_pass          http://notify_service/notify_pro/;
142
            proxy_http_version  1.1;
143

144
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
145
            proxy_next_upstream_tries 2;
146

147
            proxy_connect_timeout  3s;
148
            proxy_send_timeout     300s;
149
            proxy_read_timeout     300s;
150

151
            proxy_set_header    Upgrade           $http_upgrade;
152
            proxy_set_header    Connection        $connection_upgrade;
153
            proxy_set_header    Host              $host;
154
            proxy_set_header    X-Real-IP         $remote_addr;
155
            proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
156
            proxy_set_header    X-Forwarded-Proto $scheme;
157
        }
158
    }
159
}

配置说明#

主备策略

Master 节点（9988）：主节点，处理所有请求
Slave 节点（9989）：backup 模式，仅在主节点故障时接管
故障判定：连续 2 次失败（max_fails=2），5 秒超时（fail_timeout=5s）
快速失败：proxy_connect_timeout=1s，1 秒内无法连接则切换

连接复用

keepalive 64：保持 64 个空闲连接到后端
keepalive_timeout 60s：空闲连接保持 60 秒
keepalive_requests 1000：单个连接最多处理 1000 个请求后轮换

重试机制

proxy_next_upstream：定义触发重试的错误类型
proxy_next_upstream_tries 2：最多重试 2 次（含首次）

部署脚本#

Master 主节点部署脚本#

路径：/home/server/backend/digital_card_backend/master/deploy_master.sh

1
#!/bin/bash
2

3
#---------------------------配置开始----------------------------------
4
APP_NAME=jeecg-system-start-3.4.3
5
PROG_NAME=$0
6
ACTION=$1
7
APP_START_TIMEOUT_SECONDS=120
8
APP_PORT=9988
9
BASE_URL=http://127.0.0.1:${APP_PORT}/api
10
HEALTH_CHECK_URL=${BASE_URL}/noauth/heart
11
APP_HOME=/home/server/backend/digital_card_backend/master
12
JAR_NAME=${APP_HOME}/${APP_NAME}.jar
13
JAVA_OUT=${APP_HOME}/master.log
14
PACKAGE_PATH=/home/flowapp/jeecg-system-start-3.4.3.tgz
15
SHUTDOWN_TIMEOUT_SECONDS=40
16
SPRING_PROFILE="master"
17
#---------------------------配置结束----------------------------------
18

19
mkdir -p ${APP_HOME}
20

21
usage() {
22
    echo "Usage: $PROG_NAME {start|stop|restart|deploy}"
23
    exit 2
24
}
25

26
health_check() {
27
    exptime=0
28
    echo "checking ${HEALTH_CHECK_URL}"
29
    while true
30
        do
31
            status_code=`/usr/bin/curl -L -o /dev/null --connect-timeout 5 -s -w %{http_code}  ${HEALTH_CHECK_URL}`
32
            if [ "$?" != "0" ]; then
33
               echo -n -e "\rapplication not started"
34
            else
35
                echo "code is $status_code"
36
                if [ "$status_code" == "200" ];then
37
                    break
38
                fi
39
            fi
40
            sleep 1
41
            ((exptime++))
42

43
            echo -e "\rWait app to pass health check: $exptime..."
44

45
            if [ $exptime -gt ${APP_START_TIMEOUT_SECONDS} ]; then
46
                echo 'app start failed'
47
               exit 1
48
            fi
49
        done
50
    echo "check ${HEALTH_CHECK_URL} success"
51
}
52

53
start_application() {
54
    echo "starting java process"
55
    nohup java -jar -Xmx512m -Xms256m -Dspring.profiles.active=${SPRING_PROFILE} -Dserver.port=${APP_PORT} ${JAR_NAME} >${JAVA_OUT} 2>&1 &
56
    echo "started java process"
57
}
58

59
stop_application() {
60
    checkjavapid=$(ps -ef | grep java | grep ${APP_NAME} | grep ${APP_PORT} | grep -v grep | awk '{print $2}')
61

62
    if [[ ! $checkjavapid ]]; then
63
        echo "No java process to stop (process not found)"
64
        return
65
    fi
66

67
    echo "Sending SIGTERM to Java process with PID ${checkjavapid}."
68
    kill -15 ${checkjavapid}
69

70
    for ((i=0; i<$SHUTDOWN_TIMEOUT_SECONDS; i++)); do
71
        http_status=$(curl -o /dev/null -s -w "%{http_code}\n" ${HEALTH_CHECK_URL})
72

73
        if [ "$http_status" != "200" ]; then
74
            echo "Java process stopped gracefully."
75
            if [ ! -z "$checkjavapid" ]; then
76
                kill -9 $checkjavapid
77
                echo "Killed process on pid $checkjavapid."
78
            fi
79
            return
80
        fi
81

82
        sleep 1
83
        echo "Waiting for Java process to stop..."
84
    done
85

86
    echo "Java process did not stop after $SHUTDOWN_TIMEOUT_SECONDS seconds, sending SIGKILL"
87
    if [ ! -z "$checkjavapid" ]; then
88
        kill -9 $checkjavapid
89
        echo "Killed process on port $APP_PORT."
90
    fi
91
}
92

93
start() {
94
    start_application
95
    health_check
96
}
97

98
stop() {
99
    stop_application
100
}
101

102
deploy() {
103
    stop
104

105
    echo "Unpacking $PACKAGE_PATH to $APP_HOME"
106
    if tar zxvf $PACKAGE_PATH -C $APP_HOME; then
107
        echo "Unpack finished successfully."
108

109
        echo "Removing the package $PACKAGE_PATH"
110
        rm -f $PACKAGE_PATH
111
        if [ $? -eq 0 ]; then
112
            echo "Package removed successfully."
113
        else
114
            echo "Failed to remove the package."
115
        fi
116
    else
117
        echo "Error occurred during unpacking. Exiting."
118
        exit 1
119
    fi
120

121
    start
122
}
123

124
case "$ACTION" in
125
    start)
126
        start
127
    ;;
128
    stop)
129
        stop
130
    ;;
131
    restart)
132
        stop
133
        start
134
    ;;
135
    deploy)
136
        deploy
137
    ;;
138
    *)
139
        usage
140
    ;;
141
esac

Slave 从节点部署脚本#

路径：/home/server/backend/digital_card_backend/slave/deploy_slave.sh

1
#!/bin/bash
2

3
#---------------------------配置开始----------------------------------
4
APP_NAME=jeecg-system-start-3.4.3
5
PROG_NAME=$0
6
ACTION=$1
7
APP_START_TIMEOUT_SECONDS=120
8
APP_PORT=9989
9
BASE_URL=http://127.0.0.1:${APP_PORT}/api
10
HEALTH_CHECK_URL=${BASE_URL}/noauth/heart
11
APP_HOME=/home/server/backend/digital_card_backend/slave
12
JAR_NAME=${APP_HOME}/${APP_NAME}.jar
13
JAVA_OUT=${APP_HOME}/slave.log
14
PACKAGE_PATH=/home/flowapp/jeecg-system-start-3.4.3.tgz
15
SHUTDOWN_TIMEOUT_SECONDS=40
16
SPRING_PROFILE="slave"
17
#---------------------------配置结束----------------------------------
18

19
mkdir -p ${APP_HOME}
20

21
usage() {
22
    echo "Usage: $PROG_NAME {start|stop|restart|deploy}"
23
    exit 2
24
}
25

26
health_check() {
27
    exptime=0
28
    echo "checking ${HEALTH_CHECK_URL}"
29
    while true
30
        do
31
            status_code=`/usr/bin/curl -L -o /dev/null --connect-timeout 5 -s -w %{http_code}  ${HEALTH_CHECK_URL}`
32
            if [ "$?" != "0" ]; then
33
               echo -n -e "\rapplication not started"
34
            else
35
                echo "code is $status_code"
36
                if [ "$status_code" == "200" ];then
37
                    break
38
                fi
39
            fi
40
            sleep 1
41
            ((exptime++))
42

43
            echo -e "\rWait app to pass health check: $exptime..."
44

45
            if [ $exptime -gt ${APP_START_TIMEOUT_SECONDS} ]; then
46
                echo 'app start failed'
47
               exit 1
48
            fi
49
        done
50
    echo "check ${HEALTH_CHECK_URL} success"
51
}
52

53
start_application() {
54
    echo "starting java process"
55
    nohup java -jar -Xmx512m -Xms256m -Dspring.profiles.active=${SPRING_PROFILE} -Dserver.port=${APP_PORT} ${JAR_NAME} >${JAVA_OUT} 2>&1 &
56
    echo "started java process"
57
}
58

59
stop_application() {
60
    checkjavapid=$(ps -ef | grep java | grep ${APP_NAME} | grep ${APP_PORT} | grep -v grep | awk '{print $2}')
61

62
    if [[ ! $checkjavapid ]]; then
63
        echo "No java process to stop (process not found)"
64
        return
65
    fi
66

67
    echo "Sending SIGTERM to Java process with PID ${checkjavapid}."
68
    kill -15 ${checkjavapid}
69

70
    for ((i=0; i<$SHUTDOWN_TIMEOUT_SECONDS; i++)); do
71
        http_status=$(curl -o /dev/null -s -w "%{http_code}\n" ${HEALTH_CHECK_URL})
72

73
        if [ "$http_status" != "200" ]; then
74
            echo "Java process stopped gracefully."
75
            if [ ! -z "$checkjavapid" ]; then
76
                kill -9 $checkjavapid
77
                echo "Killed process on pid $checkjavapid."
78
            fi
79
            return
80
        fi
81

82
        sleep 1
83
        echo "Waiting for Java process to stop..."
84
    done
85

86
    echo "Java process did not stop after $SHUTDOWN_TIMEOUT_SECONDS seconds, sending SIGKILL"
87
    if [ ! -z "$checkjavapid" ]; then
88
        kill -9 $checkjavapid
89
        echo "Killed process on port $APP_PORT."
90
    fi
91
}
92

93
start() {
94
    start_application
95
    health_check
96
}
97

98
stop() {
99
    stop_application
100
}
101

102
deploy() {
103
    stop
104

105
    echo "Unpacking $PACKAGE_PATH to $APP_HOME"
106
    if tar zxvf $PACKAGE_PATH -C $APP_HOME; then
107
        echo "Unpack finished successfully."
108

109
        echo "Removing the package $PACKAGE_PATH"
110
        rm -f $PACKAGE_PATH
111
        if [ $? -eq 0 ]; then
112
            echo "Package removed successfully."
113
        else
114
            echo "Failed to remove the package."
115
        fi
116
    else
117
        echo "Error occurred during unpacking. Exiting."
118
        exit 1
119
    fi
120

121
    start
122
}
123

124
case "$ACTION" in
125
    start)
126
        start
127
    ;;
128
    stop)
129
        stop
130
    ;;
131
    restart)
132
        stop
133
        start
134
    ;;
135
    deploy)
136
        deploy
137
    ;;
138
    *)
139
        usage
140
    ;;
141
esac

脚本说明#

主从节点差异

配置项	Master	Slave
APP_PORT	9988	9989
APP_HOME	…/master	…/slave
JAVA_OUT	master.log	slave.log
SPRING_PROFILE	master	slave

脚本功能

start：启动服务并健康检查
stop：优雅停机（SIGTERM → 等待 40s → SIGKILL）
restart：先停止后启动
deploy：停止 → 解压制品 → 启动

健康检查

检查地址：http://127.0.0.1:{PORT}/api/noauth/heart
超时时间：120 秒
检查间隔：1 秒
成功条件：HTTP 200

优雅停机流程

发送 SIGTERM 信号（kill -15）
每秒检查健康接口
接口返回非 200 时执行 kill -9 清理
超过 40 秒强制 kill -9

云效流水线部署#

云效流水线配置

流水线配置#

流水线名称：digital_card_backend

代码源：

分支：master
触发方式：Webhook 触发或手动触发

流程阶段：

Java 构建上传：构建 JAR 包并上传到制品库
Slave 节点部署：部署从节点
Master 节点部署：部署主节点

部署任务配置#

部署任务配置

Slave 节点部署任务#

主机组：部署 执行用户：root（或具有执行权限的用户） 部署脚本：

1
sleep 3
2
cd /home/server/backend/digital_card_backend/slave
3
sh deploy_slave.sh deploy

说明：

sleep 3：等待云效将制品（jeecg-system-start-3.4.3.tgz）上传到 /home/flowapp/ 目录
脚本会自动停止旧服务、解压新制品、启动新服务并进行健康检查

Master 节点部署任务#

主机组：部署 执行用户：root（或具有执行权限的用户） 部署脚本：

1
sleep 3
2
cd /home/server/backend/digital_card_backend/master
3
sh deploy_master.sh deploy

说明：

sleep 3：确保制品上传完成（与 Slave 共享同一个制品文件）
由于部署顺序是先 Slave 后 Master，此时 Slave 已经启动完成

零停机部署原理#

零停机部署流程

部署流程时序:

1
1. 云效构建完成，上传制品到 /home/flowapp/jeecg-system-start-3.4.3.tgz
2
   ↓
3
2. 延迟 3 秒（确保文件上传完整）
4
   ↓
5
3. 部署 Slave 节点
6
   - 停止旧 Slave（端口 9989）
7
   - 解压制品到 /home/server/backend/digital_card_backend/slave/
8
   - 启动新 Slave
9
   - 健康检查通过（最多等待 120 秒）
10
   【此时流量仍在 Master 9988，服务不中断】
11
   ↓
12
4. 延迟 3 秒
13
   ↓
14
5. 部署 Master 节点
15
   - 停止旧 Master（端口 9988）
16
   【Nginx 检测到 Master 不可用，自动切换流量到 Slave 9989】
17
   - 解压制品到 /home/server/backend/digital_card_backend/master/
18
   - 启动新 Master
19
   - 健康检查通过（最多等待 120 秒）
20
   【Nginx 检测到 Master 恢复，自动切换流量回 Master 9988】
21
   ↓
22
6. 部署完成，Slave 保持运行作为备用节点

Nginx 自动切换逻辑：

Master 正常时：100% 流量到 Master（9988）
Master 故障时：100% 流量到 Slave（9989，backup 节点）
Master 恢复后：自动切回 Master
切换检测：每次请求前检查，1 秒连接超时即判定故障

Nginx无感切换示意

部署触发方式#

自动触发：

代码推送到 master 分支时，Webhook 自动触发流水线
云效自动执行：构建 → 部署 Slave → 部署 Master

手动触发：

在云效控制台点击”运行”按钮
选择指定分支或 commit 进行部署

部署验证#

查看部署日志：

云效控制台 → 运行历史 → 点击对应的运行记录
查看”Slave 节点”和”Master 节点”的部署详情