一.nginx
Nginx(“engine x”)是一款是由俄罗斯的程序设计师Igor Sysoev所开发高性能的 Web和 反向代理 服务器,也是一个 IMAP/POP3/SMTP 代理服务器。
在高连接并发的情况下,Nginx是Apache服务器不错的替代品
1.nginx常用功能
(1)Http代理,反向代理:
作为web服务器最常用的功能之一,尤其是反向代理。
Nginx在做反向代理时,提供性能稳定,并且能够提供配置灵活的转发功能。Nginx可以根据不同的正则匹配,采取不同的转发策略,比如图片文件结尾的走文件服务器,动态页面走web服务器,只要你正则写的没问题,又有相对应的服务器解决方案,你就可以随心所欲的玩。并且Nginx对返回结果进行错误页跳转,异常判断等。如果被分发的服务器存在异常,他可以将请求重新转发给另外一台服务器,然后自动去除异常服务器。
(2)负载均衡
Nginx提供的负载均衡策略有2种:内置策略和扩展策略。内置策略为轮询,加权轮询,Ip hash。
Ip hash算法,对客户端请求的ip进行hash操作,然后根据hash结果将同一个客户端ip的请求分发给同一台服务器进行处理,可以解决session不共享的问题。
二.nginx部署
1.安装nginx安装包,编译源代码
[root@server2 ~]# ls
nginx-1.18.0.tar.gz
[root@server2 ~]# tar zxf nginx-1.18.0.tar.gz
[root@server2 ~]# ls
nginx-1.18.0 nginx-1.18.0.tar.gz
[root@server2 ~]# cd nginx-1.18.0/
[root@server2 nginx-1.18.0]# ls
auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src
[root@server2 nginx-1.18.0]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module
./configure: error: C compiler cc is not found
[root@server2 nginx-1.18.0]# yum install -y gcc
[root@server2 nginx-1.18.0]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module
./configure: error: the HTTP rewrite module requires the PCRE library.
[root@server2 nginx-1.18.0]# yum install -y pcre-devel
[root@server2 nginx-1.18.0]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module
./configure: error: SSL modules require the OpenSSL library.
[root@server2 nginx-1.18.0]# yum install -y openssl-devel
[root@server2 nginx-1.18.0]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module
[root@server2 nginx-1.18.0]# ls
auto CHANGES CHANGES.ru conf configure contrib html LICENSE Makefile man objs README src
[root@server2 nginx-1.18.0]# ll Makefile
-rw-r--r-- 1 root root 376 Aug 8 13:48 Makefile
[root@server2 nginx-1.18.0]# make
[root@server2 nginx-1.18.0]# make install
[root@server2 nginx-1.18.0]# du -sh
27M .
[root@server2 nginx-1.18.0]# du -h /root/nginx-1.18.0.tar.gz
1016K /root/nginx-1.18.0.tar.gz
[root@server2 nginx-1.18.0]# cd /usr/local/nginx/
[root@server2 nginx]# ls
conf html logs sbin
[root@server2 nginx]# du -sh
5.8M .
[root@server2 nginx]# cd sbin/
[root@server2 sbin]# ls
nginx
[root@server2 sbin]# ./nginx -v
nginx version: nginx/1.18.0
[root@server2 sbin]# ./nginx
2.编辑~/nginx-1.18.0/auto/cc/gcc,注释debug
3.隐藏nginx版本信息
[root@server2 nginx-1.18.0]# vim ~/nginx-1.18.0/scr/core/nginx.h
4.修改服务路径
[root@server2 nginx-1.18.0]# vim /usr/lib/systemd/system/nginx.service
##检查配置文件正确性
[root@server2 nginx-1.18.0]# /usr/local/nginx/sbin/nginx -t
[root@server2 nginx-1.18.0]# systemctl daemon-reload
[root@server2 nginx-1.18.0]# /usr/local/nginx/sbin/nginx -s stop
[root@server2 nginx-1.18.0]# systemctl restart nginx
5.新建用户,写入limits.conf文件中
[root@server2 conf]# useradd -M /usr/local/nginx -s /sbin/nologin nginx
[root@server2 conf]# vim /etc/security/limits.conf
6.修改配置文件并测试
[root@server2 nginx]# vim /usr/local/nginx/conf/nginx.conf
[root@server2 nginx]# systemctl reload nginx
(1)两台主机负载均衡
测试
(2)ip_hash算法
测试
(3)访问多个网址
[root@server2 nginx]# vim /usr/local/nginx/conf/nginx.conf
[root@server2 nginx]# mkdir /www1 /www2
[root@server2 nginx]# echo www1 > /www1/index.html
[root@server2 nginx]# echo www2 > /www2/index.html
[root@server2 nginx]# systemctl restart nginx
[root@foundation13 cluster]# vim /etc/hosts
测试
(4)访问不同的网址,不同的调度算法:
测试结果:
三.pacemaker+iscsi
1.安装软件包,设置服务开机启动
[root@server3 html]# yum install targetcli
[root@server3 html]# systemctl start target
[root@server3 html]# systemctl enable target
2.iscsi存储配置
(1)server3上添加一块硬盘
(2)配置iscsi存储输出
[root@server3 html]# targetcli
/> cd /backstores/block
/backstores/block> create mydisk /dev/vdb
Created block storage object mydisk using /dev/vdb.
/backstores/block> cd /iscsi/
/iscsi> create iqn.2020-08.org.westos:storage1
Created target iqn.2020-08.org.westos:storage1.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
/iscsi> cd iqn.2020-08.org.westos:storage1/tpg1/acls/
/iscsi/iqn.20...ge1/tpg1/acls> create iqn.2020-08.org.westos:client
Created Node ACL for iqn.2020-08.org.westos:client
/iscsi/iqn.20...ge1/tpg1/acls> cd ..
/iscsi/iqn.20...storage1/tpg1> cd luns/
/iscsi/iqn.20...ge1/tpg1/luns> create /backstores/block/mydisk
Created LUN 0.
Created LUN 0->0 mapping in node ACL iqn.2020-08.org.westos:client
/iscsi/iqn.20...ge1/tpg1/luns> exit
(3)server1,server2上配置nginx服务
server2上面已经配置好(server1同server2)
[root@server2 ~]# scp nginx-1.18.0.tart.gz server2:~/
[root@server1 ~]# tar zxf nginx-1.18.0.tart.gz
[root@server2 conf]# scp nginx.conf server1:/usr/local/nginx/conf/
root@server1's password:
scp: /usr/local/nginx/conf/: Is a directory
[root@server2 conf]# scp /usr/lib/systemd/system/nginx.service server1:/usr/lib/systemd/system/
root@server1's password:
nginx.service 100% 449 587.4KB/s 00:00
[root@server2 conf]# scp /etc/security/limits.conf server1:/etc/security/
root@server1's password:
limits.conf 100% 2443 1.8MB/s 00:00
[root@server1 nginx-1.18.0]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module
[root@server1 nginx-1.18.0]# yum install -y gcc pcre-devel openssl-devel
[root@server1 nginx-1.18.0]# make && make install
(4)客户端配置
server1上配置iscsi
[root@server1 ~]# yum install -y iscsi-initiator-utils
[root@server1 ~]# ssh server2 yum install -y iscsi-initiator-utils
[root@server1 ~]# iscsiadm -m discovery -t st -p 172.25.13.3
[root@server1 ~]# ll /dev/sda
[root@server1 ~]# fdisk /dev/sda
[root@server1 ~]# mkfs.xfs /dev/sda1
[root@server1 ~]# vim /etc/iscsi/initiatorname.iscsi
server2上配置iscsi(此节点无需对磁盘分区格式化)
[root@server2 ~]# iscsiadm -m discovery -t st -p 172.25.13.3
[root@server2 ~]# iscsiadm -m node -l
/etc/iscsi/initiatorname.iscsi
3.Pacemaker高可用配置:
(1)启动集群
[root@server1 ~]# pcs cluster start --all
(2)配置集群资源
[root@server1 ~]# pcs resource create vip ocf:heartbeat:IPaddr2 ip=172.25.13.100 op monitor interval=30s
[root@server1 ~]# pcs resource create webdata ocf:heartbeat:Filesystem device="/dev/sda1" directory="/usr/local/nginx/html" fstype=xfs op monitor interval=60s
[root@server1 ~]# pcs resource create website systemd:nginx op monitor interval=60s
[root@server1 ~]# pcs resource group add webserver vip webdata website
##防止集群节点恢复后资源自动迁移
[root@server1 ~]# pcs resource defaults resource-stickiness=100