预备
Linux6.5(企业版)
镜像版本:rhel-server-6.5-x86_64-dvd.iso
封装:
[root@foundation17 ~]# virt-manager
#配置yum源
[root@localhost ~]# vi /etc/yum.repos.d/rhel-source.repo
[root@localhost ~]# yum clean all
[root@localhost ~]# yum install vim openssh-clients -y
[root@localhost ~]# cd /etc/udev/rules.d/
[root@localhost rules.d]# rm -f 70-persistent-net.rules
#配置网络
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
#IPADDR=172.25.X.X
#PREFIX=24
#解析
[root@localhost ~]# vim /etc/hosts
[root@localhost ~]# cd /etc/ssh/
[root@localhost ssh]# rm -f ssh_host_*
[root@localhost ~]# cd /etc/sysconfig/
[root@localhost sysconfig]# rm -f ip
[root@localhost sysconfig]# rm -f iptables
[root@localhost sysconfig]# chkconfig iptables off
#修改selinux
[root@localhost ~]# vim /etc/sysconfig/selinux
SELINUX=disabled
安装虚拟机:
[root@foundation17 ~]# cd /var/lib/libvirt/images
[root@foundation17 images]# qemu-img create -f qcow2 -b base.qcow2 vm1
#修改Hostname
#配置yum源
[root@server1 ~]# vim /etc/yum.repos.d/rhel-source.repo
[root@server1 ~]# yum clean all
#配置网络
[root@server1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
BOOTPROTO="static"
ONBOOT="yes"
IPADDR=172.25.X.X
PREFIX=24
#重启网络
[root@server1 ~]# /etc/init.d/network restart
Varnish
[SERVER1]
#安装varnish
[root@server1 ~]# yum install varnish-3.0.5-1.el6.x86_64.rpm varnish-libs-3.0.5-1.el6.x86_64.rpm
#配置varnish
[root@server1 ~]# cd /etc/varnish/
[root@server1 varnish]# vim default.vcl
acl westos {
"127.0.0.1";
"172.25.17.0"/24;
}
#定义多个不同域名站点的后端服务器
backend web1 {
.host = "172.25.17.2"; #主机地址
.port = "80"; #端口
}
backend web2 {
.host = "172.25.17.3";
.port = "80";
}
#定义负载均衡
director lb round-robin { #把多个后端聚合为一个组,并检测后端健康状况
{ .backend = web1; }
{ .backend = web2; }
}
#bansys 的http工作模式需要对 varnish做以下设置:
sub vcl_recv {
if (req.request == "BAN") {
if (!client.ip ~ westos) {
error 405 "Not allowed.";
}
ban("req.url ~ " + req.url);
error 200 "ban added";
}
#当访问 www.westos.org 域名通过负载均衡lb取数据时,访问bbs.westos.org 域名时到web1 取数据,访问其他页面报错404。
if (req.http.host ~ "^(www.)?westos.org") {
set req.http.host = "www.westos.org";
set req.backend = lb;
#return (pass); #不进行缓存
} elsif (req.http.host ~ "^bbs.westos.org") {
set req.backend = web1;
} else {error 404 "westos cache";
}
}
#查看缓存命中情况
sub vcl_deliver {
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT from westos cache"; #命中
}
else {
set resp.http.X-Cache = "MISS from westos cache"; #未命中
}
return (deliver);
}
[root@server1 ~]# vim /etc/sysconfig/varnish
VARBISH_LISTEN_PORT=80
[root@server1 varnish]# /etc/init.d/varnish reload#(不关闭服务)重启服务
[SERVER2]
[root@server2 ~]# yum install httpd -y
[root@server2 ~]# /etc/init.d/httpd start
[root@server2 ~]# vim /etc/httpd/conf/httpd.conf#配置http
990 NameVirtualHost *:80
1011 <VirtualHost *:80>
1012 DocumentRoot /var/www/html
1013 ServerName server2
1014 </VirtualHost>
1015
1016 <VirtualHost *:80>
1017 DocumentRoot /www/bbs
1018 ServerName bbs.westos.org
1019 </VirtualHost>
1020
1021 <VirtualHost *:80>
1022 DocumentRoot /www/westos
1023 ServerName www.westos.org
1024 </VirtualHost>
[root@server2 ~]# mkdir /www/bbs -p
[root@server2 ~]# mkdir /www/westos
[root@server2 ~]# cd /www/bbs/
[root@server2 bbs]# vim index.html
[root@server2 bbs]# cat index.html
<h1>bbs.westos.org</h1>
[root@server2 bbs]# cd ..
[root@server2 www]# cd westos/
[root@server2 westos]# vim index.html
[root@server2 westos]# cat index.html
<h1>server2:www.westos.org</h1>
[root@server2 ~]# vim /etc/hosts #解析
172.25.17.1 server1
172.25.17.2 server2 bbs.westos.org www.westos.org
[SERVER3]
[root@server3 ~]# yum install httpd -y
[root@server3 ~]# /etc/init.d/httpd start
[root@server3 ~]# cd /var/www/html/
[root@server3 html]# vim index.html
[root@server3 html]# cat index.html
<h1>server3:www.westos.org</h1>
[测试]
#测试缓存命中 [root@server1 ~]# curl -I IP/域名
[root@server1 ~]# curl -I www.westos.org
HTTP/1.1 200 OK
Server: Apache/2.2.15 (Red Hat)
Last-Modified: Tue, 18 Jul 2017 09:01:39 GMT
ETag: "df2e3-20-55493c37406c1"
Content-Type: text/html; charset=UTF-8
Content-Length: 32
Accept-Ranges: bytes
Date: Thu, 20 Jul 2017 02:37:12 GMT
X-Varnish: 1453255801
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS from westos cache #缓存未命中
[root@server1 ~]# curl -I www.westos.org
HTTP/1.1 200 OK
Server: Apache/2.2.15 (Red Hat)
Last-Modified: Tue, 18 Jul 2017 09:01:39 GMT
ETag: "df2e3-20-55493c37406c1"
Content-Type: text/html; charset=UTF-8
Content-Length: 32
Accept-Ranges: bytes
Date: Thu, 20 Jul 2017 02:37:13 GMT
X-Varnish: 1453255802 1453255801
Age: 1
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT from westos cache #缓存命中
#清除缓存
[root@server1 ~]# varnishadm ban.url .*$#清除所有
[root@server1 ~]# varnishadm ban.url /index.html #清除index.html 页面缓存
[root@server1 ~]# varnishadm ban.url /admin/$#清除 admin目录缓存
#测试轮询
[root@foundation17 ~]# curl www.westos.org
<h1>server2:www.westos.org</h1>
[root@server1 ~]# varnishadm ban.url .*$
[root@foundation17 ~]# curl www.westos.org
<h1>server3:www.westos.org</h1>
[root@server1 ~]# varnishadm ban.url .*$
[root@foundation17 ~]# curl www.westos.org
<h1>server2:www.westos.org</h1>
[varnish 推送平台]
#安装uzip
[root@server1 ~]# yum install uzip -y
[root@server1 ~]# unzip bansys.zip -d /var/www/html
#安装php支持
[root@server1 ~]# yum install php -y
[root@server1 ~]# /etc/init.d/httpd start
#编辑php
[root@server1 mnt]# cd /var/www/html/
[root@server1 html]# cd bansys/
[root@server1 bansys]# mv * .. #移动当前目录所有内容到上一级目录
[root@server1 bansys]# cd .. #返回上级目录
[root@server1 html]# rm -fr bansys/
[root@server1 html]# vim config.php
//varnish主机列表
//可定义多个主机列表
$var_group1 = array(
'host' => array('172.25.17.1',),
'port'=>'80',
);
//varnish群组定义
//对主机列表进行绑定
$VAR_CLUSTER = array(
'www.westos.org' => $var_group1,
);
//varnish版本
//2.x和3.x推送命令不一样
$VAR_VERSION = "3";
?>
[root@server1 ~]# vim /etc/varnish/default.vcl
见[SERVER1]
#bansys 的http工作模式需要对 varnish做以下设置:
[root@server1 ~]# vim /etc/httpd/conf/httpd.conf
136 Listen 8080
[root@server1 ~]# /etc/init.d/httpd restart
浏览器访问:
172.25.17.1:8080 #推送页面
www.westos.org/index.html #测试页
Nginx
#安装Nginx
[root@server1 ~]# tar zxf nginx-1.12.0.tar.gz
#建立nginx用户
[root@server1 ~]# useradd -M -d /usr/local/lnmp/nginx/ -s /sbin/nologin -u 1000 nginx
[root@server1 ~]# id nginx
uid=1000(nginx) gid=1000(nginx) groups=1000(nginx)
#隐藏版本
[root@server1 ~]# cd nginx-1.12.0/src/core/
[root@server1 core]# vim nginx.h
14 #define NGINX_VER "nginx"
#禁止debug
[root@server1 ~]# cd nginx-1.12.0/auto/cc/
[root@server1 cc]# vim gcc
172 #CFLAGS="$CFLAGS -g" #注释掉这行,去掉debug模式编译,编译以后程序只有几百k
[root@server1 nginx-1.12.0]# ./configure --prefix=/usr/local/lnmp/nginx/ --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_status_module
[root@server1 nginx-1.12.0]# yum install -y pcre-devel openssl-devel
[root@server1 nginx-1.12.0]# ./configure --prefix=/usr/local/lnmp/nginx/ --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_status_module
[root@server1 nginx-1.12.0]# make && make install
#运行
[root@server1 nginx]# cd sbin/
[root@server1 sbin]# ./nginx
[root@server1 sbin]# ln -s /usr/local/lnmp/nginx/sbin/nginx /sbin/#软链接 可以在任意目录下执行
[root@server1 sbin]# curl localhost -I
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 20 Jul 2017 03:48:27 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 19 Jul 2017 05:48:52 GMT
Connection: keep-alive
ETag: "596ef2c4-264"
Accept-Ranges: bytes
#配置nginx
[root@server1 ~]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# vim nginx.conf
3 worker_processes 2; #指定工作衍生进程数
4
5 worker_cpu_affinity 01 10; #CPU和进程绑定
14 events {
15 worker_connections 65535; #允许的连接数
16 }
[root@server1 conf]# vim /etc/security/limits.conf
52 nginx - nofile 65535
[root@server1 conf]# usermod -s /bin/bash nginx
[root@server1 conf]# su - nginx
-bash-4.1$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 14867
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 65535#修改成功
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 1024
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
-bash-4.1$ exit
logout
[root@server1 conf]# usermod -s /sbin/nologin nginx
#配置nginx
[root@server1 conf]# vim nginx.conf
server { #设置虚拟主机
listen 80;
server_name www.westos.org;
location / {
root /web1;
index index.html;
}
[root@server1 conf]# nginx -t #检测语法错误
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload ##重启nginx服务
[root@server1 conf]# mkdir /web1
[root@server1 conf]# cd /web1/
[root@server1 web1]# vim index.html
[root@server1 web1]# cat index.html
<h1>Nginx:WWW.WESTOS.ORG</h1>
浏览器访问:
172.25.17.1
[认证证书]
#配置nginx
[root@server1 conf]# vim nginx.conf
server {
listen 443 ssl;
server_name localhost;
ssl_certificate cert.pem; #需要手工生成
ssl_certificate_key cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /web1;
index index.html index.htm;
}
[root@server1 conf]# /etc/pki/tls/private/
[root@server1 private]# openssl genrsa 2048 > locakhost.key
[root@server1 tls]# cd certs/
[root@server1 certs]# make cert.pem
[root@server1 certs]# mv cert.pem /usr/local/lnmp/nginx/conf/
[root@server1 certs]# cd /usr/local/lnmp/nginx/conf
[root@server1 conf]# nginx -t
[root@server1 conf]# nginx -s reload
[root@server1 conf]# netstat -antlp #查看443端口是否开启
浏览器访问:
[查看Nginx状态]
#配置nginx
[root@server1 conf]# vim nginx.conf
location /status {
stub_status on;
access_log off;
allow 127.0.0.1; #允许本机
deny all; #禁止其他主机
}
[root@server1 conf]# curl localhost/status
[地址重写]
#配置nginx
[root@server1 conf]# vim nginx.conf
server {
listen 80;
server_name www.westos.org;
rewrite ^(.*)$ https://www.westos.org$1 permanent;#永久重写
# rewrite ^(.*)$ https://www.westos.org$1 redirect; #临时重写
}
[root@server1 conf]# cd /web1/
[root@server1 conf]# mkdir admin
[root@server1 admin]# vim index.html
[root@server1 admin]# cat index.html
<h1>admin page</h1>
浏览器访问:
[负载均衡]
#配置nginx
[root@server1 conf]# vim nginx.conf
http { #要写在http下
upstream westos {
#ip_hash; #hash算法
server 172.25.17.2:80 weight=2; #weight-权重
server 172.25.17.3:8080;
server 127.0.0.1:8000 backup; #若172.25.17.2和 172.25.172.3均挂掉,则执行这条指令
}
server {
listen 80;
server_name www.westos.org;
# rewrite ^(.*)$ https://www.westos.org$1 permanent;
# rewrite ^(.*)$ https://www.westos.org$1 redirect;
location / { #反向代理
proxy_pass http://westos;
}
}
#执行server 127.0.0.1:8000 backup 访问的页面
[root@server1 conf]# cd /var/www/html/
[root@server1 html]# rm -fr *
[root@server1 html]# vim index.html
[root@server1 html]# cat index.html
服务器维护中,请稍后访问。
#测试1:
[root@server1 html]# for i in {1..10}; do curl www.westos.org; done
<h1>server2</h1>
<h1>server3:www.westos.org</h1>
<h1>server2</h1>
<h1>server2</h1>
<h1>server2</h1>
<h1>server3:www.westos.org</h1>
<h1>server3:www.westos.org</h1>
<h1>server2</h1>
<h1>server2</h1>
<h1>server3:www.westos.org</h1>
#测试2:
[root@server2 ~]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
[root@server3 ~]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
[root@server1 conf]# for i in {1..10}; do curl www.westos.org; done
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。