集群搭建笔记
程序员文章站
2022-10-26 14:15:57
[TOC] 综合架构图 主机规划 ip 服务器主机名和 IP 规划参考模板 | 主机名 | eth0 网卡 | eth1 网卡 | 服务简介 | | | | | | | lb01 | 10.0.0.5/24 | 172.16.1.5/24 | 负载服务 | | lb02 | 10.0.0.6/24 ......
目录
- 综合架构图
- 主机规划 ip
- 基础优化
- m01 搭建yum仓库
- backup- rsync全网备份
- nfs 共享存储项目
- nfs 共享存储数据实时复制到 backup
- ssh、ansible,批量管理服务项目
- mysql 数据库环境搭建
- nginx+php 流行动态 web 环境搭建
- nginx+tomcat 流行动态 web 环境搭建
- 将 php 产品和 tomcat 产品上传目录挂载到 nfs
- 搭建 nginx+keepalived 七层负载,172.16.1.5/6/lb01/lb02
- 配置 nginx- tomcat- https 加密访问项目
- 将 nfs 存储数据实时复制到静态 web 本地 172.16.1.9/10/web01/02
- nginx 静态 web 服务环境搭建 172.16.1.9/10/sweb01/02 +实现动静分离
综合架构图
主机规划 ip
服务器主机名和 ip 规划参考模板
| 主机名 | eth0 网卡 | eth1 网卡 | 服务简介 |
|---|---|---|---|
| lb01 | 10.0.0.5/24 | 172.16.1.5/24 | 负载服务 |
| lb02 | 10.0.0.6/24 | 172.16.1.6/24 | 负载服务 |
| web01 | 10.0.0.7/24 | 172.16.1.7/24 | phpwww 服务 |
| web02 | 10.0.0.8/24 | 172.16.1.8/24 | php www 服务 |
| tweb01 | 10.0.0.9/24 | 172.16.1.9/24 | tomcat www 服务 |
| db01 | 10.0.0.51/24 | 172.16.1.51/24 | 数据库服务 |
| nfs01 | 10.0.0.31/24 | 172.16.1.31/24 | 存储服务 |
| backup | 10.0.0.41/24 | 172.16.1.41/24 | 备份服务 |
| m01 | 10.0.0.61/24 | 172.16.1.61/24 | 管理服务 |
基础优化
修改ip地址 sed -i 's#222#61#g' /etc/sysconfig/network-scripts/ifcfg-eth[01] 永久修改主机名 [root@oldboy-c7 ~]# hostnamectl set-hostname oldboyedu-cc7 [root@web01 data]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.16.1.5 lb01 172.16.1.6 lo02 172.16.1.7 web01 172.16.1.8 web02 172.16.1.9 sweb 172.16.1.31 nfs 172.16.1.41 backup 172.16.1.51 db #批量推送其他主机 [root@web01 data]# scp -rp /etc/hosts root@172.16.1.31:/etc/ 调整yum源 centos 7 wget -o /etc/yum.repos.d/centos-base.repo http://mirrors.aliyun.com/repo/centos-7.repo wget -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo //1.安装基础软件包 yum install net-tools vim tree htop iftop iotop lrzsz sl wget unzip telnet nmap nc psmisc \ dos2unix bash-completion iotop iftop sysstat screen -y 1.自动补全 yum install bash-completion -y 退出一次,然后重新登录 安装net-tools工具,可使用ifconfig命令 yum install net-tools -y //2.关闭firewalld防火墙 systemctl disable firewalld systemctl stop firewalld systemctl status firewalld //3.关闭selinux # 方式一 sed -ri 's#(^selinux=).*#\1disabled#g' /etc/selinux/config # 方式二 sed -i '/^selinux=/c selinux=disabled' /etc/selinux/config # 方式三 vim /etc/selinux/config # 临时生效 setenforce 0 //4.优化ulimit echo '* - nofile 65535' >> /etc/security/limits.conf //5 重启快照
m01 搭建yum仓库
1.基础环境准备
//安装ftp服务,启动并加入开机启动
yum -y install vsftpd
systemctl start vsftpd
systemctl enable vsftpd
//开启yum缓存功能
vim /etc/yum.conf
[main] cachedir=/var/cache/yum/$basearch/$releasever
keepcache=1
yum clean all
2.提供基础base源
mkdir /var/ftp/centos75
mount /dev/cdrom /mnt
cp -rp /mnt/packages/*.rpm /var/ftp/centos75
3.提供第三方源
mkdir /var/ftp/ops
yum install net-tools vim tree htop iftop \
iotop lrzsz sl wget unzip telnet nmap nc psmisc \
dos2unix bash-completion iotop iftop sysstat screen -y
//复制已缓存的 nginx docker 及依赖包 到自定义 yum 仓库目录中
[root@yum_server_69_112 ~]# find /var/cache/yum/x86_64/7/ \
-iname "*.rpm" -exec cp -rf {} /var/ftp/ops \;
4.安装createrepo并创建 reopdata仓库
//安装createrepo
[root@yum_server_69_112 ~]# yum -y install createrepo
//生成仓库信息
createrepo /var/ftp/ops
createrepo /var/ftp/centos75
//注意: 如果此仓库每次新增软件则需要重新生成一次
客户端使用yum源
1.配置并使用base基础源
[root@yum_client_69_113 ~]# gzip /etc/yum.repos.d/*
[root@yum_client_69_113 ~]# vim /etc/yum.repos.d/centos7.repo
[centos75]
name=centos74_base
baseurl=ftp://172.16.1.61/centos75
gpgcheck=0
2.客户端指向本地ops源
[root@yum_client_69_113 ~]# vim /etc/yum.repos.d/ops.repo
[ops]
name=local ftpserver
baseurl=ftp://172.16.1.61/ops
gpgcheck=0
yum clean all
yum makecache
#其他客户端同步推送过去
[root@backup ~]# rsync -avz /etc/yum.repos.d root@172.16.1.6:/etc/ --delete
backup- rsync全网备份
[root@backup ~]# yum install rsync -y //基础环境已经安装
[root@backup ~]# cat /etc/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.password
log file = /var/log/rsyncd.log
#####################################
[backup]
path = /backup
[data]
path = /data
[root@backup ~]# mkdir /backup/
[root@backup ~]# groupadd -g666 www
[root@backup ~]# useradd -u666 -g666 www
[root@backup ~]# chown -r www.www /backup/
[root@backup ~]# chmod 755 /backup
# 创建rsync使用的虚拟连接用户
[root@backup ~]# echo "rsync_backup:1" > /etc/rsync.password
[root@backup ~]# chmod 600 /etc/rsync.password
[root@backup ~]# systemctl enable rsyncd
[root@backup ~]# systemctl start rsyncd
1 客户端定时执行脚本 推送 backup服务器
[root@nfs ~]# mkdir -p /server/scripts/
[root@nfs scripts]# cat /server/scripts/client_rsync_backup.sh
#!/usr/bin/bash
export path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#1.定义变量
host=$(hostname)
addr=$(ifconfig eth1|awk 'nr==2{print $2}')
date=$(date +%f)
dest=${host}_${addr}_${date}
path=/backup
#2.创建备份目录
[ -d $path/$dest ] || mkdir -p $path/$dest
#3.备份对应的文件
cd / && \
[ -f $path/$dest/system.tar.gz ] || tar czf $path/$dest/system.tar.gz etc/fstab etc/rsyncd.conf && \
[ -f $path/$dest/log.tar.gz ] || tar czf $path/$dest/log.tar.gz var/log/messages var/log/secure && \
#4.携带md5验证信息
[ -f $path/$dest/flag_$date ] || md5sum $path/$dest/*.tar.gz >$path/$dest/flag_${date}
#4.推送本地数据至备份服务器
export rsync_password=1
rsync -avz $path/ rsync_backup@172.16.1.41::backup
#5.本地保留最近7天的数据
find $path/ -type d -mtime +7|xargs rm -rf
2 服务端backup 校验压缩包 发送给管理员
1.配置邮箱(配发件服务器)
[root@backup ~]# cat /etc/mail.rc
yum install mailx -y
set from=343264992@163.com
set smtp=smtps://smtp.163.com:465
set smtp-auth-user=343264992@163.com
set smtp-auth-password=aa123456
set smtp-auth=login
set ssl-verify=ignore
set nss-config-dir=/etc/pki/nssdb/
[root@backup ~]# mkdir /server/scripts -p
[root@backup scripts]# vim check_backup.sh
#!/usr/bin/bash
#1.定义全局的变量
export path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#2.定义局部变量
path=/backup
date=$(date +%f)
#3.查看flag文件,并对该文件进行校验, 然后将校验的结果保存至result_时间
find $path/*_${date} -type f -name "flag_$date"|xargs md5sum -c >$path/result_${date}
#4.将校验的结果发送邮件给管理员
mail -s "rsync backup $date" 343264992@qq.com <$path/result_${date}
#5.删除超过7天的校验结果文件, 删除超过180天的备份数据文件
find $path/ -type f -name "result*" -mtime +7|xargs rm -f
find $path/ -type d -mtime +180|xargs rm -rf
定时任务
#多台客户端
[root@nfs ~]# crontab -l
00 01 * * * /usr/bin/bash /server/scripts/clinet_rsync_backup.sh >/dev/null 2>&1
测试
[root@web01 ~]# sh /server/scripts/client_rsync_backup.sh
# 多台客户端快速增加
[root@nfs01 yum.repos.d]# scp -rp /var/spool/cron/root root@172.16.1.7:/var/spool/cron/
[root@nfs01 yum.repos.d]# rsync -avz /server root@172.16.1.8:/
#服务端
[root@backup backup]# crontab -l
00 05 * * * /usr/bin/bash /server/scripts/check_backup.sh >/dev/null 2>&1
nfs 共享存储项目
nfs服务端
[root@nfs ~]# yum install nfs-utils -y (已安装)
[root@nfs ~]# cat /etc/exports
/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
# nfs 依赖环境
[root@nfs ~]# groupadd -g 666 www
[root@nfs ~]# useradd -u 666 -g 666 www
[root@nfs ~]# mkdir /data
[root@nfs ~]# chown -r www.www /data
# 启动nfs
[root@nfs ~]# systemctl enable rpcbind nfs-server
[root@nfs ~]# systemctl start rpcbind nfs-server
nfs 客户端
#安装工具包
[root@web01 ~]# yum install nfs-utils -y (已安装)
[root@web01 ~]# systemctl start rpcbind (默认开机自启动)
#创建目录用于挂载
[root@web01 ~]# mkdir /data
# 挂载nfs的data目录
root@web01 ~]# showmount -e 172.16.1.31
export list for 172.16.1.31:
/data 172.16.1.0/24
[root@web01 ~]# mount -t nfs 172.16.1.31:/data /data
# 加入开机自启动
172.16.1.31:/data /data nfs defaults 0 0
测试:
#通过windows上传一个视频或图片至/data
wget http://img.mp.itc.cn/upload/20170511/cad88c2e57f44e93b664a48a98a47108_th.jpg
# 验证内容是否存在nfs服务器
[root@nfs ~]# ls /data/
1111 cad88c2e57f44e93b664a48a98a47108_th.jpg tes1 test
nfs 共享存储数据实时复制到 backup
安装inotify-tools
[root@nfs ~]# yum install inotify-tools rsync -y
安装sersync
[root@nfs ~]# wget https://raw.githubusercontent.com/wsgzao/sersync/master/sersync2.5.4_64bit_binary_stable_final.tar.gz
解压重命名
[root@nfs01 ~]# tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz -c /usr/local/
[root@nfs01 local]# mv gnu-linux-x86/ sersync
#配置sersync
<filesystem xfs="true"/> <!-- 文件系统 -->
<inotify> <!-- 监控的事件类型 -->
<delete start="true"/>
<createfolder start="true"/>
<createfile start="true"/>
<closewrite start="true"/>
<movefrom start="true"/>
<moveto start="true"/>
<attrib start="false"/>
<modify start="false"/>
</inotify>
<sersync>
<localpath watch="/data"> <!-- 监控的目录 -->
<remote ip="172.16.1.41" name="data"/> <!-- backup的ip以及模块 -->
</localpath>
<rsync> <!-- rsync的选项 -->
<commonparams params="-az"/>
<auth start="true" users="rsync_backup" passwordfile="/etc/rsync.pass"/>
<userdefinedport start="false" port="874"/><!-- port=874 -->
<timeout start="true" time="100"/><!-- timeout=100 -->
<ssh start="false"/>
</rsync>
#创建密码文件
[root@nfs01 sersync]# echo "1" > /etc/rsync.pass
[root@nfs01 ~]# chmod 600 /etc/rsync.pass
#backup创建目录
[root@backup /]# mkdir /data
[root@backup /]# chowm -r www.www /data
启动sersync
[root@nfs ~]# /usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml
ssh、ansible,批量管理服务项目
[root@backup ~]# rpm -ql openssh-server /etc/ssh/sshd_config --- ssh服务配置文件 /usr/sbin/sshd --- ssh服务进程启动命令 [root@backup ~]# rpm -ql openssh-clients /usr/bin/scp --- 远程拷贝命令 /usr/bin/sftp --- 远程文件传输命令 /usr/bin/ssh --- 远程连接登录命令 /usr/bin/ssh-copy-id --- 远程分发公钥命令 1.创建密钥对 [root@m01 ~]# ssh-keygen -t rsa -c xuliangwei.com #一路回车即可 [root@m01 ~]# ls ~/.ssh/ id_rsa(钥匙) id_rsa.pub(锁头) 2#发送密钥给需要登录的用户 [root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.31 #远程登录对端主机方式 [root@m01 ~]# ssh root@172.16.1.41 # 不登陆主机执行命令 [root@m01 ~]# ssh root@172.16.1.41 "hostname -i" .ansible借助公钥批量管理 #利用非交换式工具实现批量分发公钥与批量管理服务器 [root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.41 [root@m01 ~]# yum install ansible -y //检查ansible版本 [root@m01 ~]# ansible --version ansible 2.6.1 配置ansible 主机清单 [root@m01 ~]# vim /etc/ansible/hosts [root@m01 7]# cat /etc/ansible/hosts [lb] 172.16.1.5 172.16.1.6 [web] 172.16.1.7 172.16.1.8 [sweb] 172.16.1.9 [nfs] 172.16.1.31 [backup] 172.16.1.41 [db] 172.16.1.51 # ansible是通过ssh端口探测通信 [root@m01 ~]# ansible all -m ping #批量执行命令 [root@m01 ~]# ansible all -m command -a "df -h" [root@m01 ~]# ansible all -m command -a "hostname"
mysql 数据库环境搭建
# 1.下载mysql官方扩展源 (yum仓库已经准备好)
[root@nginx ~]# rpm -ivh http://repo.mysql.com/yum/mysql-5.7-community/el/7/x86_64/mysql57-community-release-el7-10.noarch.rpm
#2.安装mysql5.7, 文件过大可能会导致下载缓慢
[root@nginx ~]# yum install mysql-community-server -y
#3.启动数据库, 并加入开机自启动
[root@nginx ~]# systemctl start mysqld
[root@nginx ~]# systemctl enable mysqld
#4.由于mysql5.7默认配置了默认密码, 需要过滤temporary password关键字查看对应登陆数据库密码
[root@nginx ~]# grep 'temporary password' /var/log/mysqld.log
#5.登陆mysql数据库[password中填写上一步过滤的密码]
[root@web02 ~]# mysql -uroot -p$(awk '/temporary password/{print $nf}' /var/log/mysqld.log)
#6.重新修改数据库密码
mysql> alter user 'root'@'localhost' identified by 'ckh123.com';
# 服务器mysql允许远程用户连接 (授权法)
grant all privileges on *.* to 'all'@'%' identified by 'ckh123.com';
flush privileges;
#7. web客户端安装 mysql (命令 测试用 可以不用装)
[root@web02 ~]# yum provides mysql
[root@web02 ~]# yum install mariadb -y
[root@web02 ~]# mysql -h172.16.1.51 -uall -pckh123.com
nginx+php 流行动态 web 环境搭建
#1.使用nginx官方提供的rpm包 (yum仓库已经准备好)
[root@nginx ~]# cat /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
#2.执行yum安装
[root@nginx ~]# yum install nginx -y
# 修改nginx 运行身份
sed -i '/^user/c user www;' /etc/nginx/nginx.conf
[root@web01 ~]# id www
uid=666(www) gid=666(www) 组=666(www)
[root@web01 ~]# # groupadd -g 666 www
[root@web01 ~]# # useradd -u666 -g666 www
#3.启动并加入开机自启动
[root@web01 ~]# systemctl start nginx
[root@nginx ~]# systemctl enable nginx
#检查 运行进程中式否www 用户运行
[root@web01 ~]# ps aux |grep nginx
www 2396 0.0 0.3 46996 1784 ? s 08:44 0:00 nginx: worker process
root 2398 0.0 0.2 112720 984 pts/0 r+ 08:44 0:00 grep --color=auto nginx
使用第三方扩展epel源安装php7.1
#1.移除旧版php (没有旧版 )
[root@nginx ~]# yum remove php-mysql-5.4 php php-fpm php-common
#2.安装扩展源 (yum仓库已经准备了)
# 依赖包
[root@nginx ~]# rpm -uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
[root@nginx ~]# rpm -uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
# 或者用yum自行解决依赖包安装
#3.安装php7.1版本
[root@nginx ~]# yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb
#4.替换php-fpm运行的用户和组身份
[root@web02 ~]# sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf
[root@web02 ~]# sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf
#5.启动php-fpm管理进程, 并加入开机自启
[root@nginx ~]# systemctl start php-fpm
[root@nginx ~]# systemctl enable php-fpm
ansible 批量管理
[root@m01 7]# ansible web -m yum -a "name=nginx state=installed"
[root@m01 7]# ansible web -m shell -a "sed -i '/^user/c user www;' /etc/nginx/nginx.conf "
[root@m01 7]# ansible web -m group -a "name=www gid=666"
[root@m01 7]# ansible web -m user -a "name=www uid=666 group=666 "
[root@m01 7]# ansible web -m service -a "name=nginx state=started enabled=yes"
[root@m01 7]# ansible web -m yum -a "name=php71w,php71w-cli,php71w-common,php71w-devel,php71w-embedded,php71w-gd,php71w-mcrypt,php71w-mbstring,php71w-pdo,php71w-xml,php71w-fpm,php71w-mysqlnd,php71w-opcache,php71w-pecl-memcached,php71w-pecl-redis,php71w-pecl-mongodb state=installed"
[root@m01 7]# ansible web -m shell -a "sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf;sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf"
[root@m01 7]# ansible web -m service -a "name=php-fpm state=started enabled=yes"
调整网站上传文件大小
vim /etc/php.ini
memory_limit=1024m
post_max_size=1024m
upload_max_filesize=1024m
max_execution_time=60
max_input_time=60
vim nginx配置文件 nginx.conf, 找到http{} 段 添加
client_max_body_size 1024m;
# 重启服务生效配置
[root@web01 code]# systemctl restart nginx php-fpm
wordpress 安装 *
[root@web01 conf.d]# cat wordpress.conf
server {
server_name wordpress.etiantian.org;
listen 80;
root /code/wordpress;
index index.php index.html;
location ~ \.php$ {
root /code/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param script_filename $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 conf.d]# nginx -t
[root@web01 conf.d]# systemctl restart nginx
#1.获取wordpress代码
[root@web01 ~]# wget https://cn.wordpress.org/wordpress-4.9.4-zh_cn.tar.gz
#2.解压网站源码文件,拷贝至对应站点目录,并授权站点目录
[root@web01 ~]# tar xf wordpress-4.9.4-zh_cn.tar.gz -c /code/wordpress/
[root@web01 ~]# chown -r www.www /code/wordpress/
# wordpress 产品需要手动创建数据库
#1.登陆数据库
[root@http-server ~]# mysql -uroot -pckh123.com
#2.创建wordpress数据库
mariadb [(none)]> create database wordpress;
mariadb [(none)]> exit
# windows hosts解析 登录浏览器访问wordpress.etiantian.org 并安装
wecenter 安装 *
[root@web01 conf.d]# cat wecenter.conf
server {
server_name wecenter.etiantian.org;
listen 80;
root /code/wecenter;
index index.php index.html;
location ~ \.php$ {
root /code/wecenter;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param script_filename $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 code]# nginx -t
[root@web01 code]# systemctl restart nginx
# 下载wecenter 产品
[root@web01 ~]# wget http://ahdx.down.chinaz.com/201605/wecenter_v3.2.1.zip
[root@web01 ~]# unzip wecenter_v3.1.9.zip
[root@web01 code]# mv wecenter_3-2-1 wecenter
[root@web01 ~]# chown -r www.www /code/wecenter/
#1.登陆数据库
[root@http-server ~]# mysql -uroot -pckh123.com
#2.创建wecenter数据库
mariadb [(none)]> create database wecenter;
mariadb [(none)]> exit
# window hosts解析 通过浏览器访问 wecenter.etiantian.org 并安装
nginx+tomcat 流行动态 web 环境搭建
1.准备java基础环境
[root@web02 ~]# yum install java jarjar-maven-plugin -y
[root@web03 ~]# mkdir /server && cd /server
2.下载并安装tomcat服务
wget http://mirrors.shu.edu.cn/apache/tomcat/tomcat-8/v8.5.34/bin/apache-tomcat-8.5.34.tar.gz
[root@web03 server]# tar xf apache-tomcat-8.5.34.tar.gz
[root@web03 server]# ln -s /server/apache-tomcat-8.5.34 /server/tomcat8_1
# 启动 tomcat 服务
[root@lb01 ~]# /server/tomcat8_1/bin/startup.sh
[root@lb01 ~]# netstat -lntp
# 浏览器访问 http://10.0.0.9:8080/
[root@web03 web-inf]# pwd
/server/tomcat-8080/webapps/root/web-inf
[root@web03 webapps]# jar xf jpress-web-newest.war
# 浏览器访问 http://10.0.0.9:8081/jpress
0.准备数据库[db01]
mysql> create database jpress;
4.启动tomcat
[root@web03 tomcat]# /root/tomcat/bin/startup.sh
关闭tomcat方式
[root@web03 tomcat]# /root/tomcat/bin/shutdown.sh
5.在proxy上新增java节点
upstream php {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
upstream java {
server 172.16.1.9:8081;
}
server {
server_name wordpress.etiantian.org;
listen 80;
location / {
proxy_pass http://php;
include proxy_params;
}
}
server {
server_name jpress.etiantian.org;
listen 80;
location / {
proxy_pass http://java;
include proxy_params;
}
}
[root@lb01 conf.d]# nginx -t
[root@lb01 conf.d]# systemctl restart nginx
6.给tomcat提供静态存储[nfs操作]
[root@nfs ~]# cat /etc/exports
/data/blog 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/java 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666) #新增
[root@nfs ~]# mkdir /data/java
[root@nfs ~]# chown -r www.www /data/java/
[root@nfs ~]# systemctl restart nfs-server
7.在web03上操作
[root@web03 root]# yum install nfs-utils -y
[root@web03 root]# showmount -e 172.16.1.31
export list for 172.16.1.31:
/data/java 172.16.1.0/24
/data/blog 172.16.1.0/24
8.准备挂载环境
[root@web03 root]# groupadd -g 666 www
[root@web03 root]# useradd -g www -u 666 www
挂载
[root@web03 root]# cp -rp attachment/ attachment_bak
[root@web03 root]# rm -rf attachment/*
[root@web03 root]# mount -t nfs 172.16.1.31:/data/java /root/apache-tomcat-8.5.33/webapps/root/attachment
[root@web03 root]# cp -rp attachment_bak/* attachment/
永久挂载
[root@web03 root]# cat /etc/fstab
172.16.1.31:/data/java /root/apache-tomcat-8.5.33/webapps/root/attachment nfs defaults,_rnetdev 0 0
[root@web03 root]# mount -a
将 php 产品和 tomcat 产品上传目录挂载到 nfs
#1.web先找出图片存储的路径,然后进行挂载
wordpress wp-content/uploads/
wecenter uploads
jpress attachment/
# nfs01 服务器提供静态存储
[root@nfs01 data]# cat /etc/exports
/data/wordpress 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/wecenter 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/jpress 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
[root@nfs01 data]# mkdir /data/{wecenter,jpress,wordpress}
[root@nfs01 data]# chown -r www.www /data
[root@nfs01 data]# systemctl restart nfs-server
# web01 安装 nfs工具 (已经安装)
[root@web01 code]# yum install nfs-utils
[root@web01 code]# showmount -e 172.16.1.31
export list for 172.16.1.31:
/data/jpress 172.16.1.0/24
/data/wecenter 172.16.1.0/24
/data/wordpress 172.16.1.0/24
[root@web01 ~]# groupadd -g 666 www (已经创建了)
[root@web01 ~]# useradd -g www -u 666 www
# 挂载
[root@web01 wecenter]# pwd
/code/wecenter
[root@web01 wecenter]# cp -rp uploads/ uploads_bak
[root@web01 code]# mount -t nfs 172.16.1.31:/data/wecenter /code/wecenter/uploads
[root@web01 code]# cp -rp /code/wecenter/uploads_bak/* /code/wecenter/uploads/
[root@web01 code]# cat /etc/fstab
172.16.1.31:/data/wecenter /code/wecenter/uploads nfs defaults 0 0
[root@web01 wp-content]# pwd
/code/wordpress/wp-content
[root@web01 wp-content]# cp -rp uploads/ uploads_bak
[root@web01 code]# mount -t nfs 172.16.1.31:/data/wordpress /code/wordpress/wp-content/uploads
[root@web01 code]# cp -rp /code/wordpress/wp-content/uploads_bak/* /code/wordpress/wp-content/uploads/
[root@web01 code]# cat /etc/fstab
172.16.1.31:/data/wordpress /code/wordpress/wp-content/uploads nfs defaults 0 0
#web03 的jpress
[root@web03 jpress]# pwd
/server/tomcat-8080/webapps/jpress
[root@web03 jpress]# cp -rp attachment/ attachment_bak
[root@web03 jpress]# mount -t nfs 172.16.1.31:/data/jpress /server/tomcat-8080/webapps/root/attachment
[root@web03 jpress]# groupadd -g 666 www
[root@web03 jpress]# useradd -g www -u 666 www
[root@web03 jpress]# chown -r www.www /server/tomcat-8080/webapps
[root@web03 jpress]# cp -rp attachment_bak/* attachment/
[root@web03 jpress]# cat /etc/fstab
172.16.1.31:/data/jpress /server/tomcat8_1/webapps/jpress/attachment nfs defaults 0 0
搭建 nginx+keepalived 七层负载,172.16.1.5/6/lb01/lb02
# web01 和web02 环境保持一模一样
[root@web01 code]# rsync -avz /code root@172.16.1.8:/
[root@web01 code]# rsync -avz /etc/nginx root@172.16.1.8:/etc/ --delete
[root@web01 code]# scp -rp /etc/php.ini root@172.16.1.8:/etc/
[root@web02 ~]# vim /etc/fstab
172.16.1.31:/data/wecenter /code/wecenter/uploads nfs defaults 0 0
172.16.1.31:/data/wordpress /code/wordpress/wp-content/uploads nfs defaults 0 0
[root@web02 ~]# mount -a
[root@web02 ~]# df -h
[root@web02 code]# systemctl restart nginx php-fpm
# 安装nginx
[root@db01 ~]# yum install nginx
[root@db01 conf.d]# mv default.conf default.conf.off
[root@db01 conf.d]# cat proxy.conf
upstream php {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
upstream java {
server 172.16.1.9:8080;
}
server {
listen 80;
server_name wordpress.etiantian.org;
location / {
proxy_pass http://php;
include proxy_params;
}
}
server {
listen 80;
server_name wecenter.etiantian.org;
location / {
proxy_pass http://php;
include proxy_params;
}
}
server {
listen 80;
server_name jpress.etiantian.org;
location / {
proxy_pass http://java;
include proxy_params;
}
}
[root@db01 conf.d]# cat /etc/nginx/proxy_params
proxy_set_header host $http_host;
proxy_set_header x-real-ip $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
[root@db01 conf.d]# nginx -t
[root@db01 conf.d]# systemctl restart nginx
##windows hosts 解析 浏览器访问
# +keepalived
#两台lb 一模一样配置 , 快速配置一台lb02-6
[root@lb02 ~]# yum install nginx
[root@lb02 ~]# scp -rp root@172.16.1.5:/etc/yum.repos.d /etc/ (基础环境已经配置好yum仓库)
[root@lb02 conf.d]# rsync -avz root@172.16.1.5:/etc/nginx /etc/ --delete
[root@lb02 ~]# systemctl start nginx
[root@lb02 ~]# systemctl enable nginx
# 安装 keepalived
[root@lb01 ~]# yum install keepalived -y
[root@lb02 ~]# yum install keepalived -y
#配置 keepalived
[root@lb01 conf.d]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
vrrp_instance vi_1 {
state backup
interface eth0
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type pass
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@lb01 conf.d]# systemctl restart keepalived
[root@lb01 conf.d]# systemctl enable keepalived
[root@lb02 conf.d]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance vi_1 {
state master
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type pass
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@lb02 conf.d]# systemctl restart keepalived
[root@lb01 conf.d]# systemctl enable keepalived
配置 nginx- tomcat- https 加密访问项目
[root@web01 code]# mkdir /etc/nginx/ssl_key
[root@web01 code]# cd /etc/nginx/ssl_key/
[root@web01 ~]# openssl genrsa -idea -out server.key 2048
这里密码设置1234
[root@web01 ~]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
country name (2 letter code) [xx]:cn
state or province name (full name) []:wh
locality name (eg, city) [default city]:wh
organization name (eg, company) [default company ltd]:edu
organizational unit name (eg, section) []:sa
common name (eg, your name or your server's hostname) []:bgx
email address []:bgx@foxmail.com
[root@web01 ssl_key]# cat /etc/nginx/conf.d/wecenter-https.conf
server {
listen 443;
server_name wecenter.etiantian.org;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
root /code/wecenter;
index index.php index.html;
}
location ~ \.php$ {
root /code/wecenter;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param script_filename $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 ~]# cat /etc/nginx/conf.d/wordpress-https.conf
server {
server_name wordpress.etiantian.org;
listen 443;
root /code/wordpress;
index index.php index.html;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location ~ \.php$ {
root /code/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param script_filename $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 conf.d]# rsync -avz /etc/nginx root@172.16.1.8:/etc/ --delete
[root@web01 ssl_key]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 ssl_key]# systemctl restart nginx
# 负载均衡配置
[root@lb01 code]# mkdir /etc/nginx/ssl_key
[root@lb01 code]# cd /etc/nginx/ssl_key/
[root@lb01 ssl_key]# scp -rp root@172.16.1.7:/etc/nginx/ssl_key/* ./
[root@lb01 nginx]# cat /etc/nginx/conf.d/proxy-https.conf
upstream php {
server 172.16.1.7:443;
server 172.16.1.8:443;
}
upstream java {
server 172.16.1.9:8080;
}
server {
listen 80;
server_name wordpress.etiantian.org;
return 302 https://$server_name$request_uri;
}
server {
listen 80;
server_name wecenter.etiantian.org;
return 302 https://$server_name$request_uri;
}
server {
listen 80;
server_name jpress.etiantian.org;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name jpress.etiantian.org;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
ssl_session_cache shared:ssl:1m;
ssl_session_timeout 5m;
ssl_ciphers high:!anull:!md5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header host $http_host;
proxy_set_header x-forwarded-proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
# note, there is not ssl here! plain http is used
proxy_pass http://java;
}
}
server {
listen 443;
server_name wordpress.etiantian.org;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass https://php;
include proxy_params;
}
}
server {
listen 443;
server_name wecenter.etiantian.org;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass https://php;
include proxy_params;
}
}
# lb02 一样的配置
[root@lb01 ssl_key]# rsync -avz /etc/nginx root@172.16.1.6:/etc/ --delete
#其中最为关键的就是 ssl_certificate 和 ssl_certificate_key 这两项配置,其他的按正常配置。不过多了一个 proxy_set_header x-forwarded-proto https; 配置。
tomcat server.xml 完整配置
[root@web03 server]# cat tomcat8_1/conf/server.xml
<?xml version="1.0" encoding="utf-8"?>
<server port="8011" shutdown="shutdown">
<listener classname="org.apache.catalina.startup.versionloggerlistener" />
<listener classname="org.apache.catalina.security.securitylistener" />
-->
<!--apr library loader. documentation at /docs/apr.html -->
<listener classname="org.apache.catalina.core.aprlifecyclelistener" sslengine="on" />
<!-- prevent memory leaks due to use of particular java/javax apis-->
<listener classname="org.apache.catalina.core.jrememoryleakpreventionlistener" />
<listener classname="org.apache.catalina.mbeans.globalresourceslifecyclelistener" />
<listener classname="org.apache.catalina.core.threadlocalleakpreventionlistener" />
<resource name="userdatabase" auth="container"
type="org.apache.catalina.userdatabase"
description="user database that can be updated and saved"
factory="org.apache.catalina.users.memoryuserdatabasefactory"
pathname="conf/tomcat-users.xml" />
</globalnamingresources>
<service name="catalina">
<connector port="8081" protocol="http/1.1"
connectiontimeout="20000"
redirectport="443"
proxyport="443" />
<connector port="8009" protocol="ajp/1.3" redirectport="8443" />
<engine name="catalina" defaulthost="localhost">
<realm classname="org.apache.catalina.realm.lockoutrealm">
<realm classname="org.apache.catalina.realm.userdatabaserealm"
resourcename="userdatabase"/>
</realm>
<host name="localhost" appbase="webapps"
unpackwars="true" autodeploy="true">
<valve classname="org.apache.catalina.valves.accesslogvalve" directory="logs"
remoteipheader="x-forwarded-for"
remoteipproxiesheader="x-forwarded-by"
protocolheader="x-forwarded-proto"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</host>
</engine>
</service>
</server>
#上述的配置中没有什么特别的,但是特别特别注意的是必须有 proxyport="443",这是整篇文章的关键,当然 redirectport 也必须是 443。同时 <value> 节点的配置也非常重要,否则你在 tomcat 中的应用在读取 getscheme() 方法以及在 web.xml 中配置的一些安全策略会不起作用。
将 nfs 存储数据实时复制到静态 web 本地 172.16.1.9/10/web01/02
# web01准备环境
[root@web01 ~]# yum install rsync -y //基础环境已经安装
[root@web01 ~]# cat /etc/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.password
log file = /var/log/rsyncd.log
#####################################
[data]
path = /data
[root@web01 ~]# mkdir /data/
[root@web01 ~]# groupadd -g666 www (用户已经存在)
[root@web01 ~]# useradd -u666 -g666 www
[root@web01 ~]# chown -r www.www /data/
[root@web01 ~]# chmod 755 /data (默认755)
# 创建rsync使用的虚拟连接用户
[root@web01 ~]# echo "rsync_backup:1" > /etc/rsync.password
[root@web01 ~]# chmod 600 /etc/rsync.password
[root@web01 ~]# systemctl enable rsyncd
[root@web01 ~]# systemctl restart rsyncd
# 复制之前的sersync 配置文件修改
[root@nfs01 data]# cd /usr/local/sersync/
[root@nfs01 sersync]# cp confxml.xml web01-confxml.xml
[root@nfs01 sersync]# vim web01-confxml.xml # 修改的地方
<host hostip="localhost" port="8009"></host>
<remote ip="172.16.1.7" name="data"/>
#启动服务
[root@nfs01 sersync]# /usr/local/sersync/sersync2 -dro /usr/local/sersync/web01-confxml.xml
web02 操作类似
nginx 静态 web 服务环境搭建 172.16.1.9/10/sweb01/02 +实现动静分离
flag-------------------------------
系统 服务 地址
centos7.5 proxy 10.0.0.5 lb01
centos7.5 nginx 10.0.0.7 web01
centos7.5 tomcat 10.0.0.9 web03
# web01静态资源
[root@web01 data]# wget http://nginx.org/nginx.png
[root@web01 data]# cat /etc/nginx/conf.d/ds.conf
server {
listen 80;
server_name ds.etiantian.org;
root /data;
index index.php index.html;
location ~* .*\.(png|jpg|gif)$ {
root /data;
}
}
# web03 动态资源
[root@web03 webapps]# cat /server/tomcat8_1/webapps/root/java-test.jsp
<%@ page language="java" import="java.util.*" pageencoding="utf-8"%>
<html>
<head>
<title>jsp test page</title>
</head>
<body>
<%
random rand = new random();
out.println("<h1>random number:</h1>");
out.println(rand.nextint(99)+100);
%>
</body>
</html>
#lb01 整合静态和动态资源在一个页面
# nginx 配置
[root@lb01 conf.d]# cat /etc/nginx/conf.d/ds.conf
upstream static {
server 10.0.0.7:80;
}
upstream javaround {
server 10.0.0.9:8080;
}
server {
listen 80;
server_name ds.etiantian.org;
location / {
root /soft/code;
index index.html;
}
location ~ .*\.(png|jpg|gif)$ {
proxy_pass http://static;
include proxy_params;
}
location ~ .*\.jsp$ {
proxy_pass http://javaround;
include proxy_params;
}
}
# 代码
[root@lb01 conf.d]# cat /soft/code/index.html
<html lang="en">
<head>
<meta charset="utf-8" />
<title>测试ajax和跨域访问</title>
<script src="http://libs.baidu.com/jquery/2.1.4/jquery.min.js"></script>
</head>
<script type="text/javascript">
$(document).ready(function(){
$.ajax({
type: "get",
url: "http://ds.etiantian.org/java-test.jsp",
success: function(data) {
$("#get_data").html(data)
},
error: function() {
alert("fail!!,请刷新再试!");
}
});
});
</script>
<body>
<h1>测试动静分离</h1>
<img src="http://ds.etiantian.org/nginx.png">
<div id="get_data"></div>
</body>
</html>
# windows hosts 解析 10.0.0.5 ds.etiantian.org
# 浏览器访问 http://ds.etiantian.org/ 图片和动态随机数同时显示在一个页面上,
# 停掉web01 的nginx 页面的图片不显示,动态资源正常显示 反之一样