欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  科技

集群搭建笔记

程序员文章站 2022-10-26 14:15:57
[TOC] 综合架构图 主机规划 ip 服务器主机名和 IP 规划参考模板 | 主机名 | eth0 网卡 | eth1 网卡 | 服务简介 | | | | | | | lb01 | 10.0.0.5/24 | 172.16.1.5/24 | 负载服务 | | lb02 | 10.0.0.6/24 ......

目录

综合架构图

集群搭建笔记

主机规划 ip

服务器主机名和 ip 规划参考模板

主机名 eth0 网卡 eth1 网卡 服务简介
lb01 10.0.0.5/24 172.16.1.5/24 负载服务
lb02 10.0.0.6/24 172.16.1.6/24 负载服务
web01 10.0.0.7/24 172.16.1.7/24 phpwww 服务
web02 10.0.0.8/24 172.16.1.8/24 php www 服务
tweb01 10.0.0.9/24 172.16.1.9/24 tomcat www 服务
db01 10.0.0.51/24 172.16.1.51/24 数据库服务
nfs01 10.0.0.31/24 172.16.1.31/24 存储服务
backup 10.0.0.41/24 172.16.1.41/24 备份服务
m01 10.0.0.61/24 172.16.1.61/24 管理服务

基础优化

修改ip地址
sed -i 's#222#61#g' /etc/sysconfig/network-scripts/ifcfg-eth[01]

永久修改主机名
[root@oldboy-c7 ~]# hostnamectl set-hostname oldboyedu-cc7
[root@web01 data]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5  lb01
172.16.1.6  lo02
172.16.1.7  web01
172.16.1.8  web02
172.16.1.9  sweb
172.16.1.31  nfs
172.16.1.41  backup
172.16.1.51  db
#批量推送其他主机
[root@web01 data]# scp -rp /etc/hosts root@172.16.1.31:/etc/

调整yum源
centos 7

wget -o /etc/yum.repos.d/centos-base.repo http://mirrors.aliyun.com/repo/centos-7.repo
wget -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

//1.安装基础软件包
yum install net-tools vim tree htop iftop iotop lrzsz sl wget unzip telnet nmap nc psmisc \
dos2unix bash-completion iotop iftop sysstat screen  -y

1.自动补全
yum install bash-completion -y
退出一次,然后重新登录

安装net-tools工具,可使用ifconfig命令
yum install net-tools -y 

//2.关闭firewalld防火墙
systemctl disable firewalld
systemctl stop firewalld
systemctl status firewalld

//3.关闭selinux
# 方式一
sed -ri 's#(^selinux=).*#\1disabled#g' /etc/selinux/config
# 方式二
sed -i '/^selinux=/c selinux=disabled' /etc/selinux/config
# 方式三
vim /etc/selinux/config

# 临时生效
setenforce 0  

//4.优化ulimit
echo '* - nofile 65535' >> /etc/security/limits.conf

//5 重启快照

m01 搭建yum仓库

1.基础环境准备
//安装ftp服务,启动并加入开机启动
 yum -y install vsftpd 
 systemctl start vsftpd 
 systemctl enable vsftpd

//开启yum缓存功能
 vim /etc/yum.conf
[main] cachedir=/var/cache/yum/$basearch/$releasever 
keepcache=1

 yum clean all

2.提供基础base源
 mkdir /var/ftp/centos75
 mount /dev/cdrom /mnt
 cp -rp  /mnt/packages/*.rpm /var/ftp/centos75

3.提供第三方源
mkdir /var/ftp/ops

yum install net-tools vim tree htop iftop \
iotop lrzsz sl wget unzip telnet nmap nc psmisc \
dos2unix bash-completion iotop iftop sysstat screen  -y


//复制已缓存的 nginx docker 及依赖包 到自定义 yum 仓库目录中
[root@yum_server_69_112 ~]# find /var/cache/yum/x86_64/7/ \
-iname "*.rpm" -exec cp -rf {} /var/ftp/ops \;


4.安装createrepo并创建 reopdata仓库

//安装createrepo
[root@yum_server_69_112 ~]# yum -y install createrepo
//生成仓库信息
createrepo /var/ftp/ops
createrepo /var/ftp/centos75
//注意: 如果此仓库每次新增软件则需要重新生成一次


客户端使用yum源

1.配置并使用base基础源

[root@yum_client_69_113 ~]# gzip /etc/yum.repos.d/*
[root@yum_client_69_113 ~]# vim /etc/yum.repos.d/centos7.repo 
[centos75]
name=centos74_base
baseurl=ftp://172.16.1.61/centos75
gpgcheck=0
2.客户端指向本地ops源

[root@yum_client_69_113 ~]# vim /etc/yum.repos.d/ops.repo 
[ops]
name=local ftpserver
baseurl=ftp://172.16.1.61/ops
gpgcheck=0


yum clean all
yum makecache


#其他客户端同步推送过去
[root@backup ~]# rsync -avz /etc/yum.repos.d root@172.16.1.6:/etc/ --delete

backup- rsync全网备份

[root@backup ~]# yum install rsync -y   //基础环境已经安装
[root@backup ~]# cat /etc/rsyncd.conf 
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.password
log file = /var/log/rsyncd.log
#####################################
[backup]
path = /backup
[data]
path = /data


[root@backup ~]# mkdir /backup/
[root@backup ~]# groupadd -g666 www
[root@backup ~]# useradd -u666 -g666 www

[root@backup ~]# chown -r www.www /backup/
[root@backup ~]# chmod 755 /backup

# 创建rsync使用的虚拟连接用户
[root@backup ~]# echo "rsync_backup:1" > /etc/rsync.password
[root@backup ~]# chmod 600 /etc/rsync.password

[root@backup ~]# systemctl enable rsyncd
[root@backup ~]# systemctl start rsyncd


1 客户端定时执行脚本 推送 backup服务器
[root@nfs ~]# mkdir -p /server/scripts/

[root@nfs scripts]# cat /server/scripts/client_rsync_backup.sh 
#!/usr/bin/bash
export path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#1.定义变量
host=$(hostname)
addr=$(ifconfig eth1|awk 'nr==2{print $2}')
date=$(date +%f)
dest=${host}_${addr}_${date}
path=/backup

#2.创建备份目录
[ -d $path/$dest ] || mkdir -p $path/$dest

#3.备份对应的文件
cd / && \
[ -f $path/$dest/system.tar.gz ] || tar czf $path/$dest/system.tar.gz etc/fstab etc/rsyncd.conf && \
[ -f $path/$dest/log.tar.gz ] || tar czf $path/$dest/log.tar.gz  var/log/messages var/log/secure && \

#4.携带md5验证信息
[ -f $path/$dest/flag_$date ] || md5sum $path/$dest/*.tar.gz >$path/$dest/flag_${date}

#4.推送本地数据至备份服务器
export rsync_password=1
rsync -avz $path/ rsync_backup@172.16.1.41::backup

#5.本地保留最近7天的数据
find $path/ -type d -mtime +7|xargs rm -rf


2 服务端backup 校验压缩包 发送给管理员
1.配置邮箱(配发件服务器)
[root@backup ~]# cat /etc/mail.rc
yum install mailx -y
set from=343264992@163.com
set smtp=smtps://smtp.163.com:465
set smtp-auth-user=343264992@163.com
set smtp-auth-password=aa123456
set smtp-auth=login
set ssl-verify=ignore
set nss-config-dir=/etc/pki/nssdb/

[root@backup ~]# mkdir /server/scripts -p
[root@backup scripts]# vim check_backup.sh
#!/usr/bin/bash

#1.定义全局的变量
export path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin

#2.定义局部变量
path=/backup
date=$(date +%f)

#3.查看flag文件,并对该文件进行校验, 然后将校验的结果保存至result_时间
find $path/*_${date} -type f -name "flag_$date"|xargs md5sum -c >$path/result_${date}

#4.将校验的结果发送邮件给管理员
mail -s "rsync backup $date" 343264992@qq.com <$path/result_${date}

#5.删除超过7天的校验结果文件, 删除超过180天的备份数据文件
find $path/ -type f -name "result*" -mtime +7|xargs rm -f
find $path/ -type d -mtime +180|xargs rm -rf

定时任务
    #多台客户端
[root@nfs ~]# crontab -l
00 01 * * * /usr/bin/bash /server/scripts/clinet_rsync_backup.sh >/dev/null 2>&1
测试
[root@web01 ~]# sh /server/scripts/client_rsync_backup.sh

# 多台客户端快速增加
[root@nfs01 yum.repos.d]# scp -rp /var/spool/cron/root root@172.16.1.7:/var/spool/cron/
[root@nfs01 yum.repos.d]# rsync -avz /server root@172.16.1.8:/
    #服务端
[root@backup backup]# crontab -l
00 05 * * * /usr/bin/bash /server/scripts/check_backup.sh >/dev/null 2>&1

nfs 共享存储项目

nfs服务端
[root@nfs ~]# yum install nfs-utils -y  (已安装)
[root@nfs ~]# cat /etc/exports
/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)

# nfs 依赖环境
[root@nfs ~]# groupadd -g 666 www
[root@nfs ~]# useradd -u 666 -g 666 www
[root@nfs ~]# mkdir /data
[root@nfs ~]# chown -r www.www /data

# 启动nfs
[root@nfs ~]# systemctl enable rpcbind nfs-server  
[root@nfs ~]# systemctl start rpcbind nfs-server

nfs 客户端
#安装工具包
[root@web01 ~]# yum install nfs-utils -y  (已安装)
[root@web01 ~]# systemctl start rpcbind    (默认开机自启动)
#创建目录用于挂载
[root@web01 ~]# mkdir /data
# 挂载nfs的data目录
root@web01 ~]# showmount -e 172.16.1.31
export list for 172.16.1.31:
/data 172.16.1.0/24
[root@web01 ~]# mount -t nfs 172.16.1.31:/data /data
# 加入开机自启动
172.16.1.31:/data  /data nfs defaults   0 0
测试:
   #通过windows上传一个视频或图片至/data
wget http://img.mp.itc.cn/upload/20170511/cad88c2e57f44e93b664a48a98a47108_th.jpg
     # 验证内容是否存在nfs服务器
[root@nfs ~]# ls /data/
1111  cad88c2e57f44e93b664a48a98a47108_th.jpg  tes1  test

nfs 共享存储数据实时复制到 backup

安装inotify-tools
[root@nfs ~]# yum install inotify-tools rsync -y
安装sersync
[root@nfs ~]# wget https://raw.githubusercontent.com/wsgzao/sersync/master/sersync2.5.4_64bit_binary_stable_final.tar.gz
解压重命名
[root@nfs01 ~]# tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz -c /usr/local/
[root@nfs01 local]# mv gnu-linux-x86/ sersync

#配置sersync
   <filesystem xfs="true"/>  <!-- 文件系统 -->

     <inotify> <!-- 监控的事件类型 -->
        <delete start="true"/>
        <createfolder start="true"/>
        <createfile start="true"/>
        <closewrite start="true"/>
         <movefrom start="true"/>
         <moveto start="true"/>
         <attrib start="false"/>
          <modify start="false"/>
      </inotify>

<sersync>
         <localpath watch="/data"> <!-- 监控的目录 -->
           <remote ip="172.16.1.41" name="data"/>  <!-- backup的ip以及模块 -->
         </localpath>


  <rsync> <!-- rsync的选项 -->
            <commonparams params="-az"/>
           <auth start="true" users="rsync_backup" passwordfile="/etc/rsync.pass"/>
            <userdefinedport start="false" port="874"/><!-- port=874 -->
            <timeout start="true" time="100"/><!-- timeout=100 -->
             <ssh start="false"/>
        </rsync>


#创建密码文件
[root@nfs01 sersync]# echo "1" > /etc/rsync.pass
[root@nfs01 ~]# chmod 600 /etc/rsync.pass
#backup创建目录
[root@backup /]# mkdir /data
[root@backup /]# chowm -r www.www /data
启动sersync
[root@nfs ~]# /usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml

ssh、ansible,批量管理服务项目

[root@backup ~]# rpm -ql openssh-server
/etc/ssh/sshd_config    --- ssh服务配置文件
/usr/sbin/sshd          --- ssh服务进程启动命令

[root@backup ~]# rpm -ql openssh-clients
/usr/bin/scp            --- 远程拷贝命令
/usr/bin/sftp           --- 远程文件传输命令
/usr/bin/ssh            --- 远程连接登录命令
/usr/bin/ssh-copy-id    --- 远程分发公钥命令


1.创建密钥对
[root@m01 ~]# ssh-keygen -t rsa -c xuliangwei.com   #一路回车即可
[root@m01 ~]# ls ~/.ssh/
id_rsa(钥匙)  id_rsa.pub(锁头)

2#发送密钥给需要登录的用户
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.31

#远程登录对端主机方式
[root@m01 ~]# ssh root@172.16.1.41

# 不登陆主机执行命令
[root@m01 ~]# ssh root@172.16.1.41 "hostname -i"

.ansible借助公钥批量管理
#利用非交换式工具实现批量分发公钥与批量管理服务器
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.41

[root@m01 ~]# yum install ansible -y

//检查ansible版本
[root@m01 ~]# ansible --version
ansible 2.6.1

配置ansible  主机清单
[root@m01 ~]# vim /etc/ansible/hosts
[root@m01 7]# cat /etc/ansible/hosts
[lb]
172.16.1.5
172.16.1.6
[web]
172.16.1.7
172.16.1.8
[sweb]
172.16.1.9
[nfs]
172.16.1.31
[backup]
172.16.1.41
[db]
172.16.1.51

# ansible是通过ssh端口探测通信
[root@m01 ~]# ansible all -m ping

#批量执行命令
[root@m01 ~]# ansible all -m command -a "df -h"
[root@m01 ~]# ansible all -m command -a "hostname"

mysql 数据库环境搭建

# 1.下载mysql官方扩展源     (yum仓库已经准备好)
[root@nginx ~]# rpm -ivh http://repo.mysql.com/yum/mysql-5.7-community/el/7/x86_64/mysql57-community-release-el7-10.noarch.rpm

#2.安装mysql5.7, 文件过大可能会导致下载缓慢
[root@nginx ~]# yum install mysql-community-server -y

#3.启动数据库, 并加入开机自启动
[root@nginx ~]# systemctl start mysqld
[root@nginx ~]# systemctl enable mysqld

#4.由于mysql5.7默认配置了默认密码, 需要过滤temporary password关键字查看对应登陆数据库密码
[root@nginx ~]# grep 'temporary password' /var/log/mysqld.log

#5.登陆mysql数据库[password中填写上一步过滤的密码]
[root@web02 ~]# mysql -uroot -p$(awk '/temporary password/{print $nf}' /var/log/mysqld.log)

#6.重新修改数据库密码
mysql> alter user 'root'@'localhost' identified by 'ckh123.com';

# 服务器mysql允许远程用户连接 (授权法)
grant all privileges on *.* to 'all'@'%' identified by 'ckh123.com';
flush privileges;
#7. web客户端安装 mysql (命令 测试用 可以不用装)
[root@web02 ~]# yum provides mysql
[root@web02 ~]# yum install mariadb -y
[root@web02 ~]# mysql -h172.16.1.51 -uall -pckh123.com

nginx+php 流行动态 web 环境搭建

#1.使用nginx官方提供的rpm包  (yum仓库已经准备好)
[root@nginx ~]# cat /etc/yum.repos.d/nginx.repo   
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

#2.执行yum安装
[root@nginx ~]# yum install nginx -y
# 修改nginx 运行身份
sed -i '/^user/c user www;' /etc/nginx/nginx.conf  
[root@web01 ~]# id www  
uid=666(www) gid=666(www) 组=666(www)  
[root@web01 ~]# # groupadd -g 666 www  
[root@web01 ~]# # useradd -u666 -g666 www  
#3.启动并加入开机自启动
[root@web01 ~]# systemctl start nginx  
[root@nginx ~]# systemctl enable nginx

#检查 运行进程中式否www 用户运行
[root@web01 ~]# ps aux |grep nginx  
www        2396  0.0  0.3  46996  1784 ?        s    08:44   0:00 nginx: worker process  
root       2398  0.0  0.2 112720   984 pts/0    r+   08:44   0:00 grep --color=auto nginx


使用第三方扩展epel源安装php7.1

#1.移除旧版php   (没有旧版 )
[root@nginx ~]# yum remove php-mysql-5.4 php php-fpm php-common   

#2.安装扩展源 (yum仓库已经准备了)
# 依赖包
[root@nginx ~]# rpm -uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
[root@nginx ~]# rpm -uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
# 或者用yum自行解决依赖包安装

#3.安装php7.1版本
[root@nginx ~]# yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb

#4.替换php-fpm运行的用户和组身份
[root@web02 ~]# sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf 
[root@web02 ~]# sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf

#5.启动php-fpm管理进程, 并加入开机自启
[root@nginx ~]# systemctl start php-fpm
[root@nginx ~]# systemctl enable php-fpm


ansible 批量管理
[root@m01 7]# ansible web -m yum -a "name=nginx state=installed"
[root@m01 7]# ansible web -m shell -a "sed -i '/^user/c user www;' /etc/nginx/nginx.conf "
[root@m01 7]# ansible web -m group -a "name=www gid=666"
[root@m01 7]# ansible web -m user -a "name=www uid=666 group=666 "
[root@m01 7]# ansible web -m service -a "name=nginx state=started enabled=yes"
[root@m01 7]# ansible web -m yum -a "name=php71w,php71w-cli,php71w-common,php71w-devel,php71w-embedded,php71w-gd,php71w-mcrypt,php71w-mbstring,php71w-pdo,php71w-xml,php71w-fpm,php71w-mysqlnd,php71w-opcache,php71w-pecl-memcached,php71w-pecl-redis,php71w-pecl-mongodb  state=installed"
[root@m01 7]# ansible web -m shell -a "sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf;sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf"
[root@m01 7]# ansible web -m service -a "name=php-fpm state=started enabled=yes"

调整网站上传文件大小
vim /etc/php.ini
memory_limit=1024m
post_max_size=1024m
upload_max_filesize=1024m  
max_execution_time=60
max_input_time=60

vim nginx配置文件 nginx.conf, 找到http{} 段 添加
client_max_body_size 1024m; 
# 重启服务生效配置
[root@web01 code]# systemctl restart nginx php-fpm

wordpress 安装 *
[root@web01 conf.d]# cat wordpress.conf
server {
    server_name wordpress.etiantian.org;
    listen 80;
    root /code/wordpress;
    index index.php index.html;

    location ~ \.php$ {
        root /code/wordpress;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  script_filename  $document_root$fastcgi_script_name;
            include        fastcgi_params;
    }
}

[root@web01 conf.d]# nginx -t
[root@web01 conf.d]# systemctl restart nginx
#1.获取wordpress代码
[root@web01 ~]# wget https://cn.wordpress.org/wordpress-4.9.4-zh_cn.tar.gz

#2.解压网站源码文件,拷贝至对应站点目录,并授权站点目录
[root@web01 ~]# tar xf wordpress-4.9.4-zh_cn.tar.gz -c /code/wordpress/
[root@web01 ~]# chown -r www.www /code/wordpress/

# wordpress 产品需要手动创建数据库
#1.登陆数据库
[root@http-server ~]# mysql -uroot -pckh123.com
#2.创建wordpress数据库
mariadb [(none)]> create database wordpress;
mariadb [(none)]> exit

# windows hosts解析 登录浏览器访问wordpress.etiantian.org 并安装


wecenter 安装 *
[root@web01 conf.d]# cat wecenter.conf
server {
    server_name wecenter.etiantian.org;
    listen 80;
    root /code/wecenter;
    index index.php index.html;

    location ~ \.php$ {
        root /code/wecenter;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  script_filename  $document_root$fastcgi_script_name;
            include        fastcgi_params;
    }
}
[root@web01 code]# nginx -t
[root@web01 code]# systemctl restart nginx

# 下载wecenter 产品
[root@web01 ~]# wget http://ahdx.down.chinaz.com/201605/wecenter_v3.2.1.zip
[root@web01 ~]# unzip wecenter_v3.1.9.zip 
[root@web01 code]# mv wecenter_3-2-1 wecenter
[root@web01 ~]# chown -r www.www /code/wecenter/

#1.登陆数据库
[root@http-server ~]# mysql -uroot -pckh123.com

#2.创建wecenter数据库
mariadb [(none)]> create database wecenter;
mariadb [(none)]> exit

# window hosts解析 通过浏览器访问 wecenter.etiantian.org 并安装

nginx+tomcat 流行动态 web 环境搭建

1.准备java基础环境
[root@web02 ~]# yum install java jarjar-maven-plugin -y
[root@web03 ~]# mkdir /server && cd /server

2.下载并安装tomcat服务
wget http://mirrors.shu.edu.cn/apache/tomcat/tomcat-8/v8.5.34/bin/apache-tomcat-8.5.34.tar.gz
[root@web03 server]# tar xf apache-tomcat-8.5.34.tar.gz
[root@web03 server]# ln -s /server/apache-tomcat-8.5.34 /server/tomcat8_1
# 启动 tomcat 服务
[root@lb01 ~]# /server/tomcat8_1/bin/startup.sh
[root@lb01 ~]# netstat -lntp

# 浏览器访问  http://10.0.0.9:8080/

[root@web03 web-inf]# pwd
/server/tomcat-8080/webapps/root/web-inf

[root@web03 webapps]# jar xf jpress-web-newest.war
# 浏览器访问 http://10.0.0.9:8081/jpress
0.准备数据库[db01]
mysql> create database jpress;

4.启动tomcat
[root@web03 tomcat]# /root/tomcat/bin/startup.sh
    关闭tomcat方式
[root@web03 tomcat]# /root/tomcat/bin/shutdown.sh


5.在proxy上新增java节点
upstream php {
    server 172.16.1.7:80;
    server 172.16.1.8:80;
}

upstream java {
    server 172.16.1.9:8081;
}

server {
    server_name wordpress.etiantian.org;
    listen 80;
    location / {
        proxy_pass http://php;
        include proxy_params;
    }
}
server {
    server_name jpress.etiantian.org;
    listen 80;
    location / {
        proxy_pass http://java;
        include proxy_params;
    }
}

[root@lb01 conf.d]# nginx -t
[root@lb01 conf.d]# systemctl restart nginx


6.给tomcat提供静态存储[nfs操作]
[root@nfs ~]# cat /etc/exports
/data/blog 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/java 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)   #新增

[root@nfs ~]# mkdir /data/java
[root@nfs ~]# chown -r www.www /data/java/

[root@nfs ~]# systemctl restart nfs-server

7.在web03上操作
[root@web03 root]# yum install nfs-utils -y
[root@web03 root]# showmount -e 172.16.1.31
export list for 172.16.1.31:
/data/java 172.16.1.0/24
/data/blog 172.16.1.0/24

8.准备挂载环境
[root@web03 root]# groupadd -g 666 www
[root@web03 root]# useradd -g www -u 666 www

挂载
[root@web03 root]# cp -rp attachment/ attachment_bak
[root@web03 root]# rm -rf attachment/*
[root@web03 root]# mount -t nfs 172.16.1.31:/data/java /root/apache-tomcat-8.5.33/webapps/root/attachment
[root@web03 root]# cp -rp attachment_bak/* attachment/

永久挂载
[root@web03 root]# cat /etc/fstab 
172.16.1.31:/data/java /root/apache-tomcat-8.5.33/webapps/root/attachment nfs defaults,_rnetdev 0 0
[root@web03 root]# mount -a

将 php 产品和 tomcat 产品上传目录挂载到 nfs

#1.web先找出图片存储的路径,然后进行挂载

wordpress   wp-content/uploads/
wecenter    uploads
jpress          attachment/


# nfs01 服务器提供静态存储
[root@nfs01 data]# cat /etc/exports
/data/wordpress 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/wecenter 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/jpress 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)

[root@nfs01 data]# mkdir /data/{wecenter,jpress,wordpress}
[root@nfs01 data]# chown -r www.www /data
[root@nfs01 data]# systemctl restart nfs-server


 # web01 安装 nfs工具  (已经安装)
[root@web01 code]# yum install nfs-utils
[root@web01 code]# showmount -e 172.16.1.31
export list for 172.16.1.31:
/data/jpress    172.16.1.0/24
/data/wecenter  172.16.1.0/24
/data/wordpress 172.16.1.0/24

[root@web01 ~]# groupadd -g 666 www   (已经创建了)
[root@web01 ~]# useradd -g www -u 666 www

# 挂载
[root@web01 wecenter]# pwd
/code/wecenter
[root@web01 wecenter]# cp -rp uploads/ uploads_bak
[root@web01 code]# mount -t nfs 172.16.1.31:/data/wecenter /code/wecenter/uploads
[root@web01 code]# cp -rp /code/wecenter/uploads_bak/* /code/wecenter/uploads/
[root@web01 code]# cat /etc/fstab
172.16.1.31:/data/wecenter  /code/wecenter/uploads nfs defaults 0 0

[root@web01 wp-content]# pwd
/code/wordpress/wp-content
[root@web01 wp-content]# cp -rp uploads/ uploads_bak
[root@web01 code]# mount -t nfs 172.16.1.31:/data/wordpress /code/wordpress/wp-content/uploads
[root@web01 code]# cp -rp /code/wordpress/wp-content/uploads_bak/* /code/wordpress/wp-content/uploads/
[root@web01 code]# cat /etc/fstab
172.16.1.31:/data/wordpress /code/wordpress/wp-content/uploads nfs defaults 0 0

#web03 的jpress
[root@web03 jpress]# pwd
/server/tomcat-8080/webapps/jpress
[root@web03 jpress]# cp -rp attachment/ attachment_bak
[root@web03 jpress]# mount -t nfs 172.16.1.31:/data/jpress /server/tomcat-8080/webapps/root/attachment

[root@web03 jpress]# groupadd -g 666 www
[root@web03 jpress]# useradd -g www -u 666 www
[root@web03 jpress]# chown -r www.www /server/tomcat-8080/webapps

[root@web03 jpress]# cp -rp attachment_bak/* attachment/

[root@web03 jpress]# cat /etc/fstab
172.16.1.31:/data/jpress /server/tomcat8_1/webapps/jpress/attachment nfs defaults 0 0

搭建 nginx+keepalived 七层负载,172.16.1.5/6/lb01/lb02

# web01  和web02 环境保持一模一样
[root@web01 code]# rsync -avz /code root@172.16.1.8:/ 
[root@web01 code]# rsync -avz /etc/nginx root@172.16.1.8:/etc/ --delete
[root@web01 code]# scp -rp /etc/php.ini root@172.16.1.8:/etc/
[root@web02 ~]# vim /etc/fstab
172.16.1.31:/data/wecenter  /code/wecenter/uploads nfs defaults 0 0
172.16.1.31:/data/wordpress /code/wordpress/wp-content/uploads nfs defaults 0 0
[root@web02 ~]# mount -a
[root@web02 ~]# df -h
[root@web02 code]# systemctl restart nginx php-fpm

# 安装nginx
[root@db01 ~]# yum install nginx
[root@db01 conf.d]# mv default.conf default.conf.off
[root@db01 conf.d]# cat proxy.conf
upstream php {
    server 172.16.1.7:80;
    server 172.16.1.8:80;
}
upstream java {
    server 172.16.1.9:8080;
}
server {
    listen 80;
    server_name wordpress.etiantian.org;
    location / {
        proxy_pass http://php;
        include proxy_params;
    }
}
server {
    listen 80;
    server_name wecenter.etiantian.org;
    location / {
        proxy_pass http://php;
        include proxy_params;
    }
}
server {
    listen 80;
    server_name jpress.etiantian.org;
    location / {
           proxy_pass http://java;
           include proxy_params;
         }
}

[root@db01 conf.d]# cat /etc/nginx/proxy_params
proxy_set_header host $http_host;
proxy_set_header x-real-ip $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;

proxy_connect_timeout 30;
proxy_send_timeout  60;
proxy_read_timeout  60;

proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;

[root@db01 conf.d]# nginx -t
[root@db01 conf.d]# systemctl restart nginx

##windows hosts 解析  浏览器访问

# +keepalived

#两台lb 一模一样配置 , 快速配置一台lb02-6
[root@lb02 ~]# yum install nginx
[root@lb02 ~]# scp -rp root@172.16.1.5:/etc/yum.repos.d /etc/  (基础环境已经配置好yum仓库)
[root@lb02 conf.d]# rsync -avz root@172.16.1.5:/etc/nginx /etc/ --delete
[root@lb02 ~]# systemctl start nginx
[root@lb02 ~]# systemctl enable nginx

# 安装 keepalived
[root@lb01 ~]# yum install keepalived -y
[root@lb02 ~]# yum install keepalived -y

#配置 keepalived
[root@lb01 conf.d]# cat /etc/keepalived/keepalived.conf
global_defs {
    router_id lb01
}
vrrp_instance vi_1 {
    state backup
    interface eth0
    virtual_router_id 50
    priority 150
    advert_int 1
    authentication {
        auth_type pass
        auth_pass 1111
    }
    virtual_ipaddress {
        10.0.0.3
    }
}
[root@lb01 conf.d]# systemctl restart keepalived
[root@lb01 conf.d]# systemctl enable keepalived

[root@lb02 conf.d]# cat /etc/keepalived/keepalived.conf
global_defs {
    router_id lb02
}
vrrp_instance vi_1 {
    state master
    interface eth0
    virtual_router_id 50
    priority 100
    advert_int 1
    authentication {
        auth_type pass
        auth_pass 1111
}
    virtual_ipaddress {
        10.0.0.3
    }
}
[root@lb02 conf.d]# systemctl restart keepalived
[root@lb01 conf.d]# systemctl enable keepalived

配置 nginx- tomcat- https 加密访问项目

[root@web01 code]# mkdir /etc/nginx/ssl_key 
[root@web01 code]# cd /etc/nginx/ssl_key/
[root@web01 ~]# openssl genrsa -idea -out server.key 2048
这里密码设置1234
[root@web01 ~]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
country name (2 letter code) [xx]:cn
state or province name (full name) []:wh
locality name (eg, city) [default city]:wh
organization name (eg, company) [default company ltd]:edu    
organizational unit name (eg, section) []:sa
common name (eg, your name or your server's hostname) []:bgx
email address []:bgx@foxmail.com

[root@web01 ssl_key]# cat /etc/nginx/conf.d/wecenter-https.conf
server {
    listen 443;
    server_name wecenter.etiantian.org;
    ssl on;
    ssl_certificate   ssl_key/server.crt;
        ssl_certificate_key  ssl_key/server.key;
    location / {
        root /code/wecenter;
        index index.php index.html;
    }
    location ~ \.php$ {
        root /code/wecenter;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  script_filename  $document_root$fastcgi_script_name;
            include        fastcgi_params;

    }
}
[root@web01 ~]# cat /etc/nginx/conf.d/wordpress-https.conf
server {
    server_name wordpress.etiantian.org;
    listen 443;
    root /code/wordpress;
    index index.php index.html;
    ssl on;
    ssl_certificate ssl_key/server.crt;
    ssl_certificate_key ssl_key/server.key;

    location ~ \.php$ {
        root /code/wordpress;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  script_filename  $document_root$fastcgi_script_name;
            include        fastcgi_params;

    }
}

[root@web01 conf.d]# rsync -avz /etc/nginx root@172.16.1.8:/etc/ --delete
[root@web01 ssl_key]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 ssl_key]# systemctl restart nginx

# 负载均衡配置
[root@lb01 code]# mkdir /etc/nginx/ssl_key 
[root@lb01 code]# cd /etc/nginx/ssl_key/
[root@lb01 ssl_key]# scp -rp root@172.16.1.7:/etc/nginx/ssl_key/* ./
[root@lb01 nginx]# cat /etc/nginx/conf.d/proxy-https.conf
upstream php {
    server 172.16.1.7:443;
    server 172.16.1.8:443;
}
upstream java {
    server 172.16.1.9:8080;
}
server {
    listen 80;
    server_name wordpress.etiantian.org;
    return 302 https://$server_name$request_uri;
}
server {
    listen 80;
    server_name wecenter.etiantian.org;
    return 302 https://$server_name$request_uri;
}
server {
    listen 80;
    server_name jpress.etiantian.org;
    return 302 https://$server_name$request_uri;
}
server {
    listen       443 ssl;
    server_name  jpress.etiantian.org;

    ssl on;
    ssl_certificate  ssl_key/server.crt;
    ssl_certificate_key  ssl_key/server.key;

    ssl_session_cache    shared:ssl:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  high:!anull:!md5;
    ssl_prefer_server_ciphers  on;

    location / {
        proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header host $http_host;
        proxy_set_header x-forwarded-proto https;
        proxy_redirect off;
        proxy_connect_timeout      240;
        proxy_send_timeout         240;
        proxy_read_timeout         240;
        # note, there is not ssl here! plain http is used
        proxy_pass http://java;
    }
}

server {
    listen 443;
    server_name wordpress.etiantian.org;
        ssl on;
            ssl_certificate  ssl_key/server.crt;
        ssl_certificate_key  ssl_key/server.key;
    location / {
        proxy_pass https://php;
        include proxy_params;
    }
}

server {
    listen 443;
    server_name wecenter.etiantian.org;
        ssl on;
            ssl_certificate  ssl_key/server.crt;
        ssl_certificate_key  ssl_key/server.key;
    location / {
        proxy_pass https://php;
        include proxy_params;
    }

}

# lb02 一样的配置
[root@lb01 ssl_key]# rsync -avz /etc/nginx root@172.16.1.6:/etc/ --delete



#其中最为关键的就是 ssl_certificate 和 ssl_certificate_key 这两项配置,其他的按正常配置。不过多了一个 proxy_set_header x-forwarded-proto https; 配置。     


tomcat server.xml 完整配置

[root@web03 server]# cat tomcat8_1/conf/server.xml
<?xml version="1.0" encoding="utf-8"?>

<server port="8011" shutdown="shutdown">
  <listener classname="org.apache.catalina.startup.versionloggerlistener" />
  <listener classname="org.apache.catalina.security.securitylistener" />
  -->
  <!--apr library loader. documentation at /docs/apr.html -->
  <listener classname="org.apache.catalina.core.aprlifecyclelistener" sslengine="on" />
  <!-- prevent memory leaks due to use of particular java/javax apis-->
  <listener classname="org.apache.catalina.core.jrememoryleakpreventionlistener" />
  <listener classname="org.apache.catalina.mbeans.globalresourceslifecyclelistener" />
  <listener classname="org.apache.catalina.core.threadlocalleakpreventionlistener" />

    <resource name="userdatabase" auth="container"
              type="org.apache.catalina.userdatabase"
              description="user database that can be updated and saved"
              factory="org.apache.catalina.users.memoryuserdatabasefactory"
              pathname="conf/tomcat-users.xml" />
  </globalnamingresources>

  <service name="catalina">
  
    <connector port="8081" protocol="http/1.1"
               connectiontimeout="20000"
               redirectport="443"
        proxyport="443" />
 
    <connector port="8009" protocol="ajp/1.3" redirectport="8443" />
    
    <engine name="catalina" defaulthost="localhost">

      <realm classname="org.apache.catalina.realm.lockoutrealm">
        <realm classname="org.apache.catalina.realm.userdatabaserealm"
               resourcename="userdatabase"/>
      </realm>

      <host name="localhost"  appbase="webapps"
            unpackwars="true" autodeploy="true">

        <valve classname="org.apache.catalina.valves.accesslogvalve" directory="logs"
          remoteipheader="x-forwarded-for"
                  remoteipproxiesheader="x-forwarded-by"
                  protocolheader="x-forwarded-proto"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </host>
    </engine>
  </service>
</server>           

#上述的配置中没有什么特别的,但是特别特别注意的是必须有 proxyport="443",这是整篇文章的关键,当然 redirectport 也必须是 443。同时 <value> 节点的配置也非常重要,否则你在 tomcat 中的应用在读取 getscheme() 方法以及在 web.xml 中配置的一些安全策略会不起作用。

将 nfs 存储数据实时复制到静态 web 本地 172.16.1.9/10/web01/02

# web01准备环境

[root@web01 ~]# yum install rsync -y   //基础环境已经安装
[root@web01 ~]# cat /etc/rsyncd.conf 
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.password
log file = /var/log/rsyncd.log
#####################################

[data]
path = /data


[root@web01 ~]# mkdir /data/
[root@web01 ~]# groupadd -g666 www     (用户已经存在)
[root@web01 ~]# useradd -u666 -g666 www

[root@web01 ~]# chown -r www.www /data/
[root@web01 ~]# chmod 755 /data   (默认755)

# 创建rsync使用的虚拟连接用户
[root@web01 ~]# echo "rsync_backup:1" > /etc/rsync.password
[root@web01 ~]# chmod 600 /etc/rsync.password

[root@web01 ~]# systemctl enable rsyncd
[root@web01 ~]# systemctl restart rsyncd


# 复制之前的sersync 配置文件修改

[root@nfs01 data]# cd /usr/local/sersync/
[root@nfs01 sersync]# cp confxml.xml web01-confxml.xml
[root@nfs01 sersync]# vim web01-confxml.xml  # 修改的地方
    <host hostip="localhost" port="8009"></host>
            <remote ip="172.16.1.7" name="data"/>
#启动服务
[root@nfs01 sersync]# /usr/local/sersync/sersync2 -dro /usr/local/sersync/web01-confxml.xml
            
web02 操作类似

nginx 静态 web 服务环境搭建 172.16.1.9/10/sweb01/02 +实现动静分离

flag-------------------------------
系统      服务      地址
centos7.5   proxy       10.0.0.5  lb01
centos7.5   nginx       10.0.0.7  web01
centos7.5   tomcat      10.0.0.9  web03
            
# web01静态资源
[root@web01 data]# wget http://nginx.org/nginx.png
[root@web01 data]# cat /etc/nginx/conf.d/ds.conf
server {
    listen 80;
    server_name ds.etiantian.org;
    root /data;
    index index.php index.html;

    location ~* .*\.(png|jpg|gif)$ {
        root /data;
    }
}
            
# web03 动态资源            
[root@web03 webapps]# cat /server/tomcat8_1/webapps/root/java-test.jsp
<%@ page language="java" import="java.util.*" pageencoding="utf-8"%>
<html>
    <head>
        <title>jsp test page</title>
    </head>
    <body>
      <%
        random rand = new random();
        out.println("<h1>random number:</h1>");
        out.println(rand.nextint(99)+100);
      %>
          </body>
          </html>           
            
#lb01 整合静态和动态资源在一个页面
# nginx 配置 
[root@lb01 conf.d]# cat /etc/nginx/conf.d/ds.conf
upstream static {
        server 10.0.0.7:80;
}
upstream javaround {
        server 10.0.0.9:8080;
}
server {
        listen 80;
        server_name ds.etiantian.org;
        location / {
                root /soft/code;
                index index.html;
        }
        location ~ .*\.(png|jpg|gif)$ {
                proxy_pass http://static;
                include proxy_params;
        }
        location  ~ .*\.jsp$ {
                proxy_pass http://javaround;
                include proxy_params;
        }
}           

# 代码            
[root@lb01 conf.d]# cat /soft/code/index.html
<html lang="en">
<head>
        <meta charset="utf-8" />
        <title>测试ajax和跨域访问</title>
        <script src="http://libs.baidu.com/jquery/2.1.4/jquery.min.js"></script>
</head>
<script type="text/javascript">
$(document).ready(function(){
        $.ajax({
        type: "get",
        url: "http://ds.etiantian.org/java-test.jsp",
        success: function(data) {
                $("#get_data").html(data)
        },
        error: function() {
                alert("fail!!,请刷新再试!");
        }
        });
});
</script>
        <body>
                <h1>测试动静分离</h1>
               <img src="http://ds.etiantian.org/nginx.png">
                <div id="get_data"></div>
        </body>
</html>         
            
            
# windows hosts 解析 10.0.0.5   ds.etiantian.org  
# 浏览器访问  http://ds.etiantian.org/  图片和动态随机数同时显示在一个页面上,
# 停掉web01 的nginx  页面的图片不显示,动态资源正常显示 反之一样