1、搭建准备
IP规划:
负载均衡01 172.16.1.2
负载均衡02 172.16.1.3
MySQL数据库 172.16.1.4
web服务器01 172.16.1.6
web服务器02 172.16.1.7
NFS存储服务器 172.16.1.8
backup服务器 172.16.1.9
跳板机 172.16.1.10
系统参数:
[root@06-nginx-01~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
2、准备阶段的优化
# sed -i 's!SELINUX=enforcing!SELINUX=disabled!g' /etc/selinux/config
# systemctl disable firewalld
# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
# yum install -y lrzsz nmap tree dos2unix nc ntpdate
# setenforce 0
# crontab -e
no crontab for root - using an empty one
crontab: installing new crontab
# crontab -l
*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1
# systemctl disable firewalld
3、安装web服务器
使用yum安装nginx,比较编译安装来说更加方便。
# rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
# yum install -y nginx
# systemctl start nginx
# find / -name nginx
/etc/logrotate.d/nginx
/etc/sysconfig/nginx
/etc/nginx ##安装目录
/var/lib/yum/repos/x86_64/7/nginx
/var/log/nginx
/var/cache/yum/x86_64/7/nginx
/var/cache/nginx
/usr/sbin/nginx
/usr/lib64/nginx
/usr/share/nginx
/usr/libexec/initscripts/legacy-actions/nginx
# cat /etc/nginx/conf.d/default.conf
...
location = /50x.html {
root /usr/share/nginx/html; ##默认html首页位置
# mkdir /data-nginx01 ##创建存放前端代码的位置
# cp /usr/share/nginx/html/* /data/
# vim index.html
Hello world!
This is Nginx01 speaking.
# cd /etc/nginx/conf.d/
# cp default.conf www.conf ##将文件改成/data-nginx01
接下来绑定hosts文件之后就可以访问了。
# vim /etc/nginx/conf.d/www.html
root /data-nginx01; ##修改代码的位置,可以再location中定义,也可以全局定义
两台web服务器的内容分别是:
Hello World! This is Nginx01 speaking!
Hello World! This is Nginx02 speaking!
4、安装MySQL
# yum install -y mariadb mariadb-server
# systemctl enable mariadb
# systemctl start mariadb
# mysql_secure_installation
# netstat -lntup
3306端口已经OK,数据库安装完成
5、安装PHP
# yum install php-fpm php-common php-devel php-mysqlnd php-mbstring php-mcrypt
# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
# yum install -y gcc libmcrypt-devel mhash mcrypt libxml2 libxml2-devel openssl-devel curl-devel libjpeg-devel libxslt-devel libpng-devel freetype-devel php-mcrypt libmcrypt libmcrypt-devel
# wget http://cn2.php.net/get/php-5.5.32.tar.gz/from/this/mirror
# mv mirror php-5.5.32.tar.gz
# tar -zxf php-5.5.32.tar.gz
# cd php-5.5.32
# ./configure --prefix=/usr/local/php5.5.32 --enable-mysqlnd --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-iconv-dir=/usr/local/libiconv --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --enable-mbregex --enable-fpm --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-xmlrpc --enable-soap --enable-short-tags --enable-static --with-xsl --with-fpm-user=nginx --with-fpm-group=nginx --enable-ftp --enable-opcache=no
# make
# make install
# ln -s /usr/local/php5.5.32/ /usr/local/php
# cp php.ini-production /usr/local/php/lib/php.ini
# cd /usr/local/php/etc/
# cp php-fpm.conf.default php-fpm.conf
# /usr/local/php/sbin/php-fpm
# echo "/usr/local/php/sbin/php-fpm" >> /etc/rc.local
# netstat -lntup
可以看到9000端口处于监听状态,PHP完成安装
6、联动nginx-php-mysql
# vim /etc/nginx/conf.d/www.conf
增加与PHP联动的语句:
location ~ .*\.(php|php5)?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
## fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;也可以写成这样,针对$document_root会调用前面定义的root路径
# cd /data-nginx01
# echo "<?php phpinfo(); ?>" >>test_info.php
# vim test_mysql.php
<?php
$link_id=mysqli_connect('172.16.1.4','mysql','nginx01') or mysqli_error();
if($link_id){
echo "mysql successful by timor !";
}else{
echo mysql_error();
}
?>
这里使用的mysql扩展插件是mysqli,在PHP5.3之后就默认安装了。参考链接:http://php.net/manual/zh/mysqli.installation.php
# mysql
> create user 'mysql'@'172.16.1.6' identified by 'nginx01';
> grant all privileges on *.* to 'mysql'@'172.16.1.6' identified by 'nginx01';
> flush privileges;
7、安装NFS用于两台Nginx服务器存放数据
生产环境中一般不使用这个,原因在于受到影响的可能性太大,所以了解即可。
NFS:
# yum install -y rpcbind nfs-utils
# mkdir /data
# vim /etc/exports
/data/nginx01 172.16.1.0/24(rw,sync)
/data/nginx02 172.16.1.0/24(rw,sync)
# chmod 777 /data/nginx0*
NFS在存储的时候用户会变,如果"其他用户"的权限为r-x的话,可能导致写入不进去,这里需要注意。
# systemctl start rpcbind
# systemctl start nfs
Nginx:
# yum install -y rpcbind nfs-utils
# systemctl start nfs
# systemctl start rpcbind
# mount -t nfs 172.16.1.8:/data/nginx01 /data-nginx01
# vim /etc/fstab
172.16.1.8:/data/nginx01 /data-nginx01 nfs defaults 0 0
一般建议在rc.local中而不要放在fstab中,因为fstab会在网卡启动之前挂载,因此导致失败。当然可以通过修改开机文件启动顺序来避免这个错误产生。
8、备份
backup服务器:
# yum install -y rsync
# useradd rsync -s /sbin/nologin -M
# vim /etc/rsyncd.conf
uid = rsync
gid = rsync
use chroot = no
mac connections = 200
timeout = 300
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
[NFS]
path = /backup
ignore errors
read only = false
list = false
hosts allow = 172.16.1.0/24
#hosts deny = 0.0.0.0/24
auth users = rsync_backup
secrets file = /etc/rsync.password
# vim /etc/rsync.password
rsync_backup:Timor
# rsync --daemon
# mkdir /rsync/NFS -p
# chown rsync. /backup/NFS
# chmod 600 /etc/rsync.password
NFS存储服务器:
# echo "Timor" > /etc/rsync.password
# crontab -e
*/1 * * * * rsync -avz /data/ rsync_backup@172.16.1.9::NFS --password-file=/etc/rsync.password
每一秒进行一次推送,可以基本上保持数据的实时备份
9、Nginx负载均衡和keepalived
# rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
# yum install -y nginx
# systemctl start nginx
# vim /etc/nginx/nginx.conf
http {
upstream www_timor_com {
# ip_hash;
server 172.16.1.6:80 weight=1;
server 172.16.1.7:80 weight=1;
}
}
# vim /etc/nginx/conf.d/www.conf
location / {
index index.html index.htm;
proxy_pass http://www_timor_com;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location ~ .*\.(php|php5)?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
proxy_pass http://www_timor_com;
}
# yum install -y keepalived ipvsadm
# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL_1
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.1.5/24 dev ens33 label ens33:1
}
}
virtual_server 172.16.1.5 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 172.16.1.6 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 172.16.1.7 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
arp抑制
# route add -host 172.16.1.5 dev lo
# ip addr add 172.16.1.3/32 dev lo label lo:0
# echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
# echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
# echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
# echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
2499
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
