实验目的:实现架构,两台高可用nginx代理,后台三台服务器跑一模一样的三个网站,所以用nfs实现网站代码的共享。每台跑三个虚拟主机,分别做qqfarm、discuz、wordpress网站,域名为www.farm.com ,www.discuz.com ,www.web2.com数据库做主从(之后发现discuz和qqfarm需要ucenter管理,故又做了ucenter的虚拟主机,域名为www.ucenter.com)。
实验环境:全部主机关闭防火墙,数据库已经配好基于gtid的主从复制,主数据库同时做nfs服务器,mysql为源码包,nginx为最新的二进制包,php-fpm二进制包。
一、nfs端
下载网站代码压缩包,略。
安装nfs包yum -y install nfs-utils
,启动服务并设置开机自启。
创建文件共享目录
[root@nfs ~]# mkdir /sharedir
[root@nfs ~]# mkdir /sharedir/wordpress
[root@nfs ~]# mkdir /sharedir/farm
[root@nfs ~]# mkdir /sharedir/discuz
将网站代码解压放在对应的目录下,略
[root@nfs ~]# vim /etc/exports //设置共享
/sharedir/wordpress 192.168.122.0/24(rw,sync,no_root_squash)
/sharedir/farm 192.168.122.0/24(rw,sync,no_root_squash)
/sharedir/discuz 192.168.122.0/24(rw,sync,no_root_squash)
[root@nfs ~]# exportfs -rv //加载并查看
exporting 192.168.122.0/24:/sharedir/discuz
exporting 192.168.122.0/24:/sharedir/farm
exporting 192.168.122.0/24:/sharedir/wordpress
nfs同时也是数据库端,三个网站都需要连接数据库,故先做好数据库授权,可进行远程登陆测试看是否授权成功。
mysql> create database wordpress;
mysql> grant all on wordpress.* to 'wordpressuser'@'192.168.122.%' identified by '123';
mysql> create database farm;
mysql> grant all on farm.* to 'farmuser'@'192.168.122.%' identified by '123';
mysql> create database discuz;
mysql> grant all on discuz.* to 'discuzuser'@'192.168.122.%' identified by '123';
mysql> create database ucenter;
Query OK, 1 row affected (0.01 sec)
mysql> grant all on ucenter.* to 'ucenteruser'@'192.168.122.%' identified by '123';
二、配置跑虚拟主机的机器(这三台机器上不做任何域名的解析)
第一台:
[root@nginx1 ~]#yum -y install nfs-utils php-fpm nginx php-mysql php-gd //除了php-gd,其余必须安装
[root@nginx1 ~]# systemctl start nfs
[root@nginx1 ~]# systemctl enable nfs
[root@nginx1 ~]# vim /etc/fstab //挂在nfs端共享的代码
192.168.122.11:/sharedir/wordpress /webroot/wordpress nfs defaults,_netdev 0 0
192.168.122.11:/sharedir/farm /webroot/farm nfs defaults,_netdev 0 0
192.168.122.11:/sharedir/discuz /webroot/discuz nfs defaults,_netdev 0 0
[root@nginx1 ~]# mount -a
[root@nginx1 ~]# df //查看是否挂载上
配置虚拟主机,在/etc/nginx/conf.d/下写配置文件,删掉之前的文件
[root@nginx1 ~]# cd /etc/nginx/conf.d/
[root@nginx1 conf.d]# vim wordpress.conf
server {
listen 80;
server_name www.web2.com;
root /webroot/wordpress;
access_log /var/log/nginx/wordpress.com-acess.log;
error_log /var/log/nginx/wordpress.com-error.log;
location / {
root /webroot/wordpress;
index index.php index.html;
expires 1d;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@nginx1 conf.d]# vim farm.conf
server {
listen 80;
server_name www.farm.com;
root /webroot/farm;
access_log /var/log/nginx/farm.com-acess.log;
error_log /var/log/nginx/farm.com-error.log;
location / {
root /webroot/farm;
index index.php index.html;
expires 1d;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9001;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@nginx1 conf.d]# vim discuz.conf
server {
listen 80;
server_name www.discuz.com;
root /webroot/discuz;
access_log /var/log/nginx/discuz.com-acess.log;
error_log /var/log/nginx/discuz.com-error.log;
location / {
root /webroot/discuz;
index index.php index.html;
expires 1d;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9002;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@nginx1 conf.d]# cat ucenter.conf
server {
listen 80;
server_name www.ucenter.com;
root /webroot/ucenter/ucenter;
access_log /var/log/nginx/wordpress.com-acess.log;
error_log /var/log/nginx/wordpress.com-error.log;
location / {
root /webroot/ucenter/ucenter;
index index.php index.html;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9003;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
配置php-fpm的主配置文件php-fpm.conf ,在/etc/php-fpm.d/给虚拟主机配置相应的php池
[root@nginx1 ~]# vim /etc/php-fpm.conf
[global]
pid = /var/run/php-fpm.pid
error_log = /var/log/php-fpm.log
process_control_timeout = 0
process.max = 2048
daemonize = yes
rlimit_files = 65535
rlimit_core = 67108864
events.mechanism = epoll
emergency_restart_threshold = 10
emergency_restart_interval = 5
include = /etc/php-fpm.d/*.conf
[root@nginx1 ~]# cd /etc/php-fpm.d/
[root@nginx1 php-fpm.d]# cat wordpress_pool.conf
[wordpress.com] //池名,每一个不同
user = www //用户,建立这个用户
group = www
listen = 127.0.0.1:9000 //监听9000,对应虚拟主机里的配置
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 512
pm.start_servers = 32
pm.min_spare_servers = 32
pm.max_spare_servers = 64
pm.max_requests = 1500
pm.status_path = /wordpress_monitor_page //配置监控,不同
slowlog = /var/log/$pool-slow_log
request_slowlog_timeout = 3
request_terminate_timeout = 20
catch_workers_output = no
security.limit_extensions = ""
[root@nginx1 php-fpm.d]# cat farm_pool.conf 除了以下配置外都与wordpress_pool.conf相同
[farm.com]
listen = 127.0.0.1:9001
pm.status_path = /farm_monitor_page
[root@nginx1 php-fpm.d]# vim discuz_pool.conf 除了以下配置外都与wordpress_pool.conf相同
[discuz.com]
listen = 127.0.0.1:9002
pm.status_path = /discuz_monitor_page
[root@nginx1 php-fpm.d]# cat ucenter_pool.conf 除了以下配置外都与wordpress_pool.conf相同
[ucenter.com]
listen = 127.0.0.1:9003
pm.status_path = /ucenter_monitor_page
修改网站代码目录的权限为777,或者改变属主和属组为www。
[root@nginx1 php-fpm.d]# chmod -R 777 /webroot/
启动或重启nginx服务和php-fpm服务
配置这些网页代码,连接远程已经授好权数据库
网页代码如下:
[root@nginx1 php-fpm.d]# cd /webroot/
[root@nginx1 webroot]# ls
discuz farm ucenter wordpress
[root@nginx1 webroot]# vim discuz/config.inc.php //利用已经授权的用户修改连接数据库。
$dbhost = '192.168.122.11'; // 数据库服务器
$dbuser = 'discuzuser'; // 数据库用户名
$dbpw = '123'; // 数据库密码
$dbname = 'discuz'; // 数据库名
$pconnect = 0; // 数据库持久连接 0=关闭, 1=打开
[root@nginx2 webroot]# vim wordpress/wp-config.php //设置wordpress的mysql连接。
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'wordpress');
/** MySQL database username */
define('DB_USER', 'wordpressuser');
/** MySQL database password */
define('DB_PASSWORD', '123');
/** MySQL hostname */
define('DB_HOST', '192.168.122.11');
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');
/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
其余根据已经在数据库授好的用户和密码在网页上进行设置。
第二台、第三台跑虚拟主机的机器配置同上,完全相同。配置通过域名进行网站的安装部署,先部署ucenter,qqfarm中的表需导入数据库。
网站部署略。
配置代理、proxy1:
[root@proxy1 ~]# vim /etc/nginx/nginx.conf
upstream backend {
server 192.168.122.207; //后端跑虚拟主机的机器1的ip
server 192.168.122.101; //后端跑虚拟主机的机器2的ip
server 192.168.122.223; //后端跑虚拟主机的机器3的ip
}
给代理配置虚拟主机
[root@proxy1 conf.d]# ls
discuz.conf farm.conf ucenter.conf wordpress.conf
[root@proxy1 conf.d]# vim discuz.conf
server {
listen 80;
server_name www.discuz.com;
access_log /data0/www/logs/www.discuz.com-access_log; //需创建此目录 /data0/www/logs
error_log /data0/www/logs/www.discuz.com-error_log;
location / {
proxy_pass http://backend;
proxy_set_header x-real-ip $remote_addr;
}
}
[root@proxy1 conf.d]# vim farm.conf //除了以下配置不同其余都与discuz.conf 的相同
server_name www.farm.com;
access_log /data0/www/logs/www.farm.com-access_log;
error_log /data0/www/logs/www.farm.com-error_log;
[root@proxy1 conf.d]# cat wordpress.conf //除了以下配置不同其余都与discuz.conf 的相同
server_name www.web2.com;
access_log /data0/www/logs/www.web2.com-access_log;
error_log /data0/www/logs/www.web2.com-error_log;
[root@proxy1 conf.d]# cat ucenter.conf //除了以下配置不同其余都与discuz.conf 的相同
server_name www.ucenter.com;
access_log /data0/www/logs/www.ucenter.com-access_log;
error_log /data0/www/logs/www.ucenter.com-error_log;
在/etc/hosts做解析:
[root@proxy1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.122.207 www.discuz.com www.farm.com www.web2.com www.ucenter.com
192.168.122.101 www.discuz.com www.farm.com www.web2.com www.ucenter.com
192.168.122.223 www.discuz.com www.farm.com www.web2.com www.ucenter.com
启动nginx,并将proxy2配成相同的配置。
三、配置两台代理的高可用
proxy1:
yum -y install keeplived
[root@proxy1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
smtp_server 192.168.200.1
router_id proxy1
}
vrrp_script check_run {
script "/root/keepalived_check_nginx.sh"
interval 5
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
check_run
}
virtual_ipaddress {
192.168.122.100
}
}
[root@proxy1 ~]# vim keepalived_check_nginx.sh //脚本内容
#!/bin/bash
/usr/bin/curl -I http://localhost &>/dev/null
if [ $? -ne 0 ];then
/etc/init.d/keepalived stop
fi
[root@proxy1 ~]# chmod a+x keepalived_check_nginx.sh
[root@proxy1 ~]#systemctl start keepalived
[root@proxy1 ~]#ip a //查看是否生效
[root@proxy1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:e5:3b:bc:f5 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.157/24 brd 192.168.122.255 scope global dynamic eth0
valid_lft 2239sec preferred_lft 2239sec
inet 192.168.122.100/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::1d18:b4a0:69eb:73f4/64 scope link
valid_lft forever preferred_lft forever
配置proxy2,除了keepalived服务的配置文件不同其余都相同
[root@localhost ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
smtp_server 192.168.200.1
router_id proxy2
}
vrrp_script check_run {
script "/root/keepalived_check_nginx.sh"
interval 5
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
check_run
}
virtual_ipaddress {
192.168.122.100
}
}