单台构建lnmp平台
本文采用单台构建LNMP—>LNMP分离,直接采用分布式部署可——链接跳转
注意:LNMP都在一台搭建(包含应用1、应用2)
1、安装Nginx:
使用Nginx官方提供的rpm包
[root@nginx ~]# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
[root@nginx ~]# yum install nginx -y
[root@nginx ~]# systemctl start nginx
[root@nginx ~]# systemctl enable nginx
2、使用第三方扩展epel源安装PHP7.2:
[root@nginx ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
[root@nginx ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
#可以使用这条命令替代上边的两条“yum -y install epel-release”
安装 php72 版本
[root@nginx ~]# yum -y install php72w php72w-cli php72w-common php72w-devel \
php72w-embedded php72w-gd php72w-mbstring php72w-pdo php72w-xml php72w-fpm \
php72w-mysqlnd php72w-opcache
[root@nginx ~]# systemctl start php-fpm
[root@nginx ~]# systemctl enable php-fpm
3、安装mysql(mariadb):
[root@nginx ~]# rpm -ivh http://repo.mysql.com/yum/mysql-5.6-community/el/7/x86_64/mysql-community-release-el7-5.noarch.rpm
[root@nginx ~]# yum install mysql-community-server -y
#本地安装可切换到对应文件夹使用命令:yum -y localinstall *
[root@nginx ~]# systemctl start mysqld
[root@nginx ~]# systemctl enable mysqld
[root@nginx ~]# mysql_secure_installation #修改mysql密码
应用1:搭建博客wordpress(基于LNMP)
1)下载wordpress源码包 4.9.8
https://www.lanzous.com/i1kfs6f
2)复制wordpress安装包,到虚拟机/,解压并赋权
[root@nginx /]# unzip wordpress-4.9.4-zh_CN.zip
[root@nginx /]# chmod -R 777 /wordpress
3)创建虚拟主机配置文件
[root@nginx /]# vim /etc/nginx/conf.d/blog.conf
server {
listen 80;
server_name blog.hao.com;
root /wordpress;
index index.php index.html;
location ~ \.php$ {
root /wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@nginx /]# systemctl reload nginx
4)创建blog数据库和管理用户
[root@nginx /]# mysql -uroot -p123 #登录数据库
mysql > create database blog; #创建数据库
mysql > grant all on blog.* to lisi@localhost identified by '123'; #设置管理用户及密码
5)客户端通过域名访问blog,安装并配置
vim /etc/hosts
192.168.1.128 blog.benet.com
域名登录:
http://blog.benet.com
登录后台:
http://blog.benet.com/wp-admin
效果图如下所示:
应用2:搭建知乎wecenter(基于LNMP)
1)下载wecenter源码包 3.3.4
2)复制WeCenter安装包,到虚拟机/zh目录下,赋权
[root@nginx /]# mkdir /zh
[root@nginx /]# cd /zh
//复制WeCenter安装包,到虚拟机/zh目录下
[root@nginx zh]# unzip WeCenter_3-3-4.zip
[root@nginx zh]# chmod -R 777 /zh
3)创建虚拟主机配置文件
[root@nginx /]# vim /etc/nginx/conf.d/zh.conf
server {
listen 80;
server_name zh.hao.com;
root /zh;
index index.php index.html;
location ~ \.php$ {
root /zh;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@nginx /]# systemctl reload nginx
4)创建blog数据库和管理用户
[root@nginx /]# mysql -uroot -p123 #登录数据库
mysql > create database zh; #创建数据库
mysql > grant all on zh.* to wangwu@localhost identified by '123'; #设置管理用户及密码
5)客户端通过域名访问zh,安装并配置
vim /etc/hosts
192.168.1.128 blog.benet.com
192.168.1.128 zh.benet.com
域名访问:
http://zh.benet.com
登录后台:
http://zh.benet.com/?/admin
效果图如下所示:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|————LNMP分离、网站基础架构(拆分过程中,上边的nginx主机改名为lnmp)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
V
nginx-lb | 192.168.1.150 |
---|---|
nginx-web1(原lnmp主机,下边都以lnmp命名) | 192.168.1.128 |
nginx-web2 | 192.168.1.129 |
mysql | 192.168.1.130 |
php | 192.168.1.131 |
nfs | 192.168.1.133 |
1、lnmp实现mysql数据库迁移
1)另起一台centos7,安装mysql
[root@mysql ~]# rpm -ivh http://repo.mysql.com/yum/mysql-5.6-community/el/7/x86_64/mysql-community-release-el7-5.noarch.rpm
[root@mysql ~]# yum install mysql-community-server -y
#本地安装可切换到对应文件夹使用命令:yum -y localinstall *.rpm
或者↑↓
[root@mysql ~]# mkdir /mysql
[root@mysql ~]# cd /mysql/
[root@mysql mysql]# rz
[root@mysql mysql]# ls
mysql-community-client-5.6.47-2.el7.x86_64.rpm perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64.rpm perl-IO-Compress-2.061-2.el7.noarch.rpm
mysql-community-common-5.6.47-2.el7.x86_64.rpm perl-Compress-Raw-Zlib-2.061-4.el7.x86_64.rpm perl-Net-Daemon-0.48-5.el7.noarch.rpm
mysql-community-libs-5.6.47-2.el7.x86_64.rpm perl-Data-Dumper-2.145-3.el7.x86_64.rpm perl-PlRPC-0.2020-14.el7.noarch.rpm
mysql-community-server-5.6.47-2.el7.x86_64.rpm perl-DBI-1.627-4.el7.x86_64.rpm
[root@mysql mysql]# yum -y localinstall *
[root@mysql ~]# systemctl start mysqld
[root@mysql ~]# systemctl enable mysqld
[root@mysql ~]# mysql_secure_installation #修改mysql密码 或者 mysql -uroot 登录>set password
2)把原lnmp服务器上的数据库文件导出
[root@lnmp ~]# mysqldump -uroot -p123 --all-databases > `date +%F%H`-mysql-all.sql
[root@lnmp ~]# scp 2020-03-3115-mysql-all.sql root@192.168.1.130:/ #复制到新的mysql服务器
3)在新的mysql服务器上导入数据库文件
[root@mysql ~]# mysql -uroot -p123 < 2020-03-3115-mysql-all.sql
[root@mysql ~]# systemctl restart mysqld
4)在新mysql服务器上创建同名管理用户和密码
[root@mysql ~]# mysql -uroot -p123
[root@mysql ~]# grant all on blog.* to lisi@'192.168.1.%' identified by '123';
[root@mysql ~]# grant all on zh.* to wangwu@'192.168.1.%' identified by '123';
5)在原服务器(lnmp服务器)上修改blog、zh的配置文件,重新指定数据库服务器ip
先查看blog的配置位置:
[root@lnmp ~]# cd /wordpress #切换到blog网页根目录
[root@lnmp ~]# grep -R 123 #搜索保存密码的配置文件位置
[root@lnmp ~]# vim /wordpress/wp-config.php
define('DB_NAME', 'blog'); #WordPress数据库的名称
define('DB_USER', 'lisi'); #MySQL数据库用户名
define('DB_PASSWORD', '123'); #MySQL数据库密码
define('DB_HOST', '192.168.1.130'); #新MySQL主机ip
先查看zh的配置文件位置:
[root@lnmp ~]# cd /zh
[root@lnmp ~]# grep -R 123
[root@lnmp ~]# vim /zh/system/config/database.php
'host' => '192.168.1.130', #新MySQL主机ip
'username' => 'wangwu', #MySQL数据库用户名
'password' => '123', #MySQL数据库密码
'dbname' => 'zh', #zh数据库的名称
2、拆分php
1)启动一台centos7,安装php
[root@php ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
[root@php ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
[root@php ~]# yum -y install php72w php72w-cli php72w-common php72w-devel php72w-embedded php72w-gd php72w-mbstring php72w-pdo php72w-xml php72w-fpm php72w-mysqlnd php72w-opcache
#本地安装可切换到对应文件夹使用命令:yum -y localinstall *.rpm
或者↑↓
[root@php ~]# mkdir /php7.2
[root@php ~]# cd /php7.2/
[root@php php7.2]# rz
[root@php php7.2]# ls
autoconf-2.69-11.el7.noarch.rpm pcre-devel-8.32-17.el7.x86_64.rpm php72w-common-7.2.27-1.w7.x86_64.rpm php72w-mbstring-7.2.27-1.w7.x86_64.rpm
automake-1.13.4-3.el7.noarch.rpm perl-Data-Dumper-2.145-3.el7.x86_64.rpm php72w-devel-7.2.27-1.w7.x86_64.rpm php72w-mysqlnd-7.2.27-1.w7.x86_64.rpm
libargon2-20161029-3.el7.x86_64.rpm perl-Test-Harness-3.28-3.el7.noarch.rpm php72w-embedded-7.2.27-1.w7.x86_64.rpm php72w-opcache-7.2.27-1.w7.x86_64.rpm
m4-1.4.16-10.el7.x86_64.rpm perl-Thread-Queue-3.02-2.el7.noarch.rpm php72w-fpm-7.2.27-1.w7.x86_64.rpm php72w-pdo-7.2.27-1.w7.x86_64.rpm
mod_php72w-7.2.27-1.w7.x86_64.rpm php72w-cli-7.2.27-1.w7.x86_64.rpm php72w-gd-7.2.27-1.w7.x86_64.rpm php72w-xml-7.2.27-1.w7.x86_64.rpm
[root@php php7.2]# yum -y localinstall *
2)修改原lnmp服务器上的nginx配置文件,重新指向新的php服务器(zh步骤相同)
[root@lnmp ~]# vim /etc/nginx/conf.d/blog.conf
server {
listen 80;
server_name blog.hao.com;
root /wordpress;
index index.php index.html;
location ~ \.php$ {
root /wordpress;
fastcgi_pass 192.168.1.131:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@lnmp ~]# vim /etc/nginx/conf.d/zh.conf
server {
listen 80;
server_name zh.hao.com;
root /zh;
index index.php index.html;
location ~ \.php$ {
root /zh;
fastcgi_pass 192.168.1.131:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@lnmp ~]# systemctl restart nginx
3)修改php服务器的配置文件
[root@php ~]# vim /etc/php-fpm.d/www.conf
listen = 192.168.1.131:9000
listen.allowed_clients = 192.168.1.128
[root@php ~]# systemctl restart php-fpm #重启php
4)从原lnmp服务器复制wordpress和zh的安装目录到php服务器
[root@lnmp ~]# scp -rp /wordpress root@192.168.1.131:/
[root@lnmp ~]# scp -rp /zh root@192.168.1.131:/
5)lnmp关闭mysql、php-fpm
[root@lnmp ~]# systemctl stop mysqld
[root@lnmp ~]# systemctl stop php-fpm
6)客户端访问验证
3、搭建nfs共享服务器,把网站静态元素通过挂载方式放在nfs上
1)开启一台centos7,安装nfs-utils、rpcbind:
[root@nfs ~]# yum -y install nfs-utils rpcbind
2)创建挂载点
[root@nfs ~]# mkdir -p /nfs/{blog,zh}
3)发布共享目录
[root@nfs ~]# vim /etc/exports
/nfs/blog 192.168.1.0/24(rw,sync,no_root_squash)
/nfs/zh 192.168.1.0/24(rw,sync,no_root_squash)
4)重启nfs服务
[root@nfs ~]# systemctl restart rpcbind
[root@nfs ~]# systemctl restart nfs
5)在nginx服务器上查看nfs共享目录
[root@lnmp ~]# showmount -e 192.168.1.133
Export list for 192.168.1.133:
/nfs/zh 192.168.1.0/24
/nfs/blog 192.168.1.0/24
6)把wordpress的内容目录挂载到nfs
[root@lnmp ~]# cd /wordpress
[root@lnmp wordpress]# cp -rp wp-content/ wp-contentbak
[root@lnmp wordpress]# mount -t nfs 192.168.1.133:/nfs/blog wp-content
[root@lnmp wordpress]# cp -rp wp-contentbak/* wp-content/
7)设置永久挂载
[root@lnmp ~]# vim /etc/fstab
192.168.1.133:/nfs/blog /wordpress/wp-content nfs defaults 0 0
8)验证nfs
[root@nfs ~]# cd /nfs/blog/
[root@nfs blog]# ls
index.php languages plugins themes
4、搭建第二台web服务器
1)安装nginx
[root@nginx-2 ~]# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
[root@nginx-2 ~]# yum -y install nginx
2)把web1(192.168.1.128)上的nginx的配置复制到web2(192.168.1.129)
[root@lnmp ~]# scp -rp /etc/nginx/* root@192.168.1.129:/etc/nginx
3)把web1上网页源码复制到web2
[root@lnmp ~]# scp -rp /wordpress root@192.168.1.129:/
[root@lnmp ~]# scp -rp /zh root@192.168.1.129:/
4)启动服务
[root@nginx-2 ~]# systemctl start nginx
5、搭建nginx负载均衡
1)安装nginx
[root@nginx-lb ~]# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
[root@nginx-lb ~]# yum -y install nginx
2)配置负载均衡
[root@nginx-lb ~]# vim /etc/nginx/conf.d/lb.conf
upstream webcluster {
server 192.168.1.128:80;
server 192.168.1.129:80;
}
server {
listen 80;
server_name blog.hao.com;
location / {
proxy_pass http://webcluster;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name zh.hao.com;
location / {
proxy_pass http://webcluster;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
[root@nginx-lb ~]# systemctl restart nginx
3)修改php服务器的配置文件
[root@php ~]# vim /etc/php-fpm.d/www.conf
listen = 192.168.1.131:9000
listen.allowed_clients = 192.168.1.128,192.168.1.129
[root@php ~]# systemctl restart php-fpm #重启php
验证1-5:
[root@client ~]# vim /etc/hosts
192.168.1.150 blog.benet.com
192.168.1.150 zh.benet.com
client访问blog.benet.com
client访问zh.benet.com
查看两台nginx(web站点1/2)日志:
nginx-1(主机名lnmp):
[root@lnmp ~]# tailf /var/log/nginx/access.log
192.168.1.134 - - [25/Jun/2020:09:41:35 +0800] "GET /static/js/aw_template.js?v=20191022 HTTP/1.0" 304 0 "http://zh.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
192.168.1.134 - - [25/Jun/2020:09:41:35 +0800] "GET /static/js/app.js?v=20191022 HTTP/1.0" 304 0 "http://zh.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
192.168.1.134 - - [25/Jun/2020:09:41:35 +0800] "GET /static/js/laydate/laydate.js HTTP/1.0" 304 0 "http://zh.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
192.168.1.134 - - [25/Jun/2020:09:41:35 +0800] "GET /static/js/crypto-js.js HTTP/1.0" 304 0 "http://zh.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
192.168.1.134 - - [25/Jun/2020:09:41:35 +0800] "GET /static/js/laydate/theme/default/laydate.css?v=5.0.9 HTTP/1.0" 304 0 "http://zh.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
192.168.1.134 - - [25/Jun/2020:09:41:35 +0800] "GET /static/common/avatar-mid-img.png HTTP/1.0" 304 0 "http://zh.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
192.168.1.134 - - [25/Jun/2020:09:41:35 +0800] "GET /static/css/default/img/logo.png HTTP/1.0" 304 0 "http://zh.benet.com/static/css/default/common.css?v=20191022" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
192.168.1.134 - - [25/Jun/2020:09:41:53 +0800] "GET / HTTP/1.0" 200 53201 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
192.168.1.134 - - [25/Jun/2020:09:41:53 +0800] "GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.0" 304 0 "http://blog.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
nginx-2:
[root@nginx-2 ~]# tailf /var/log/nginx/access.log
192.168.1.134 - - [25/Jun/2020:17:41:34 +0800] "GET /static/js/layer/layer.js?v=20191022 HTTP/1.0" 304 0 "http://zh.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
192.168.1.134 - - [25/Jun/2020:17:41:34 +0800] "GET /static/js/slide_captcha/gt.js HTTP/1.0" 304 0 "http://zh.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
192.168.1.134 - - [25/Jun/2020:17:41:34 +0800] "GET /static/js/compatibility.js HTTP/1.0" 304 0 "http://zh.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
192.168.1.134 - - [25/Jun/2020:17:41:34 +0800] "GET /static/js/layer/theme/default/layer.css?v=3.1.1 HTTP/1.0" 304 0 "http://zh.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
192.168.1.134 - - [25/Jun/2020:17:41:34 +0800] "GET /static/css/default/img/default_class_imgs.png HTTP/1.0" 304 0 "http://zh.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
192.168.1.134 - - [25/Jun/2020:17:41:34 +0800] "GET /static/css/default/img/bg.gif HTTP/1.0" 304 0 "http://zh.benet.com/static/css/default/common.css?v=20191022" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
192.168.1.134 - - [25/Jun/2020:17:41:35 +0800] "GET /?/crond/run/1593049295 HTTP/1.0" 200 0 "http://zh.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
192.168.1.134 - - [25/Jun/2020:17:41:52 +0800] "GET /wp-content/themes/twentyseventeen/style.css?ver=4.9.4 HTTP/1.0" 304 0 "http://blog.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
192.168.1.134 - - [25/Jun/2020:17:41:52 +0800] "GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.0" 304 0 "http://blog.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.128"
注意:6、7选其一
6、配置nginx代理服务器lb1
代理和负载均衡的区别
代理负责把连接请求直接转发到后台某个web节点
负载均衡负责把请求使用某种调度算法分散发布给后台所有web节点
1)创建代理配置文件,添加优化项 ( 或直接使用第 2)步的配置)
[root@nginx-lb1 ~]# vim /etc/nginx/conf.d/lb1.conf
server {
listen 80;
server_name blog.benet.com;
location / {
proxy_pass http://192.168.1.128;
proxy_set_header Host $http_host; #转发请求时,包含头部“HOST”信息
proxy_set_header X-Real-IP $remote_addr; #和下行一起,共同实现追踪客户端原ip
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30; #代理和后端服务器连接超时时间
proxy_send_timeout 60; #后端服务器传回代理的超时时间
proxy_read_timeout 60; #代理等待后端服务器的响应时间
proxy_buffering on; #启用缓存,后端返回内容先缓存,再给客户端,收到多少转多少
proxy_buffer_size 32k; #代理缓存用户头信息的缓存区大小
proxy_buffers 4 128k; #缓存区的设置
}
}
server {
listen 80;
server_name zh.benet.com;
location / {
proxy_pass http://192.168.1.128;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30; #代理和后端服务器连接超时时间
proxy_send_timeout 60; #后端服务器传回代理的超时时间
proxy_read_timeout 60; #代理等待后端服务器的响应时间
proxy_buffering on; #启用缓存,后端返回内容先缓存,再给客户端,收到多少转多少
proxy_buffer_size 32k; #代理缓存用户头信息的缓存区大小
proxy_buffers 4 128k; #缓存区的设置
}
}
[root@nginx-lb1 ~]# systemctl restart nginx
客户端修改hosts文件指向lb1,测试访问
[root@client ~]# vim /etc/hosts
192.168.1.134 blog.benet.com
192.168.1.134 zh.benet.com
2)扩展:创建优化项文件,网站配置文件直接调用(推荐)
[root@nginx-lb1 ~]# vim /etc/nginx/nginx_params
proxy_set_header Host $http_host; #转发请求时,包含头部“HOST”信息
proxy_set_header X-Real-IP $remote_addr; #和下行一起,共同实现追踪客户端原ip
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30; #代理和后端服务器连接超时时间
proxy_send_timeout 60; #后端服务器传回代理的超时时间
proxy_read_timeout 60; #代理等待后端服务器的响应时间
proxy_buffering on; #启用缓存,后端返回内容先缓存,再给客户端,收到多少转多少
proxy_buffer_size 32k; #代理缓存用户头信息的缓存区大小
proxy_buffers 4 128k; #缓存区的设置
网站配置调用
[root@nginx-lb1 ~]# vim /etc/nginx/conf.d/lb1.conf
server {
listen 80;
server_name blog.benet.com;
location / {
proxy_pass http://192.168.1.128;
include nginx_params;
}
}
server {
listen 80;
server_name zh.benet.com;
location / {
proxy_pass http://192.168.1.128;
include nginx_params;
}
}
[root@nginx-lb1 ~]# systemctl restart nginx
客户端验证(过程略)
7、负载均衡(Load Balance)简写LB
面对高并发web请求,使用各种调度算法(rr,wrr,lc,wlc,ip_hash),分散转发到后台web群集节点,提高数据吞吐量,高容灾
常见的LB:
软件 | lvs、nginx、haproxy |
---|---|
硬件 | F5 |
云LB | 阿里云SLB、腾讯云CLB、青云QLB、ucloud ULB |
四层负载 | ip地址 tcp/udp 端口号 |
---|---|
七层负载 | HTTP https ftp SMTP |
1)修改lb1的配置文件,添加负载均衡功能
[root@nginx-lb1 ~]# vim /etc/nginx/conf.d/lb1.conf
upstream web_cluster {
server 192.168.1.128:80;
server 192.168.1.133:80;
}
server {
listen 80;
server_name blog.benet.com;
location / {
proxy_pass http://web_cluster;
include nginx_params;
}
}
server {
listen 80;
server_name zh.benet.com;
location / {
proxy_pass http://web_cluster;
include nginx_params;
}
}
[root@nginx-lb1 ~]# systemctl restart nginx
2)客户端访问验证,浏览器如果判断不出来,就看web节点上的日志
192.168.1.128日志:
192.168.1.134 - - [27/Jun/2020:09:19:22 +0800] "GET /wp-includes/js/wp-embed.min.js?ver=4.9.4 HTTP/1.0" 304 0 "http://blog.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.135"
192.168.1.134 - - [27/Jun/2020:09:19:22 +0800] "GET /wp-content/themes/twentyseventeen/assets/images/header.jpg HTTP/1.0" 304 0 "http://blog.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.135"
192.168.1.133日志:
192.168.1.134 - - [27/Jun/2020:09:19:22 +0800] "GET /wp-content/themes/twentyseventeen/assets/js/jquery.scrollTo.js?ver=2.1.2 HTTP/1.0" 304 0 "http://blog.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.135"
192.168.1.134 - - [27/Jun/2020:09:19:22 +0800] "GET /wp-includes/js/wp-emoji-release.min.js?ver=4.9.4 HTTP/1.0" 304 0 "http://blog.benet.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" "192.168.1.135"
3)nginx负载均衡后端状态
down | 当前节点服务器不参与负载均衡 |
---|---|
backup | 备份服务器 |
max_fails | 允许请求失败的次数 |
fails_timeout | 经过max_fails失败后,服务的暂停时间 |
max_conns | 同一ip最大连接数 |
例子:
vim /etc/nginx/conf.d/lb1.conf
upstream web_cluster {
server 192.168.1.102:80 max_fails=2 fails_timeout=10s max_conns=1;
server 192.168.1.106:80 down; #一般用于停机维护
}
8、配置4层负载均衡,发布内部服务器的web和mysql
通过公钥对免密登录:
生成公私钥对,输入命令:
[root@nginx-lb1 ~]# ssh-keygen #然后一路按回车
[root@nginx-lb1 ~]# ssh-copy-id root@192.168.1.128 #将公钥copy到目标主机
[root@nginx-lb1 ~]# ssh-copy-id root@192.168.1.130
[root@nginx-lb1 ~]# ssh-copy-id root@192.168.1.131
[root@nginx-lb1 ~]# ssh-copy-id root@192.168.1.132
[root@nginx-lb1 ~]# ssh-copy-id root@192.168.1.133
免密登录目标主机:输入命令:ssh 用户名@ip地址
[root@nginx-lb1 ~]# ssh root@192.168.1.128
Last login: Sat Jun 27 09:29:26 2020 from 192.168.1.134
[root@nginx-web1 ~]#
#130/131/132/133 同理
配置4层负载均衡,发布内部服务器的ssh和mysql
[root@nginx-lb1 ~]# vim /etc/nginx/nginx.conf
插入数据到http字段上方:
stream {
upstream sshweb1 {
server 192.168.1.128:22;
}
upstream mysql {
server 192.168.1.130:3306;
}
server {
listen 5555;
proxy_pass sshweb1;
proxy_connect_timeout 30;
proxy_timeout 60;
}
server {
listen 7777;
proxy_pass mysql;
proxy_connect_timeout 30;
proxy_timeout 60;
}
}
[root@nginx-lb1 ~]# systemctl restart nginx
验证:
[C:\~]$ ssh root@192.168.1.134 5555
[root@nginx-web1 ~]#
[C:\~]$ ssh root@192.168.1.134 7777
Connection established. #显示established即可
高可用-增加容错性(HA:High availability)
协议:
VRRP(虚拟路由冗余协议) 公有协议 224.0.0.18
HSRP(热备份路由协议) 私有协议,Cisco公司
高可用软件:
keepalived:使用vrrp实现多台主机高可用群集
高可用角色:master 主服务器、backup 备服务器
9、实现两台负载均衡器的高可用
环境:两台负载均衡器
lb1:192.168.1.134
lb2:192.168.1.136 (新增)
1)安装keepalived (两台都装)
[root@nginx-lb1 ~]# yum -y install keepalived
[root@nginx-lb2 ~]# yum -y install keepalived
2)配置keepalived
主服务器:lb1:
[root@nginx-lb1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb1
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.254/24
}
}
systemctl restart keepalived
备服务器lb2:
[root@nginx-lb2 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb2 #路由id号,和主服务器必须不同
}
vrrp_instance VI_1 {
state BACKUP #状态:BACKUP备 MASTER主
interface ens33
virtual_router_id 51
priority 99 #优先级:备比主要小
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.254/24 #虚拟路由ip,公共ip
}
}
[root@nginx-lb2 ~]# systemctl restart keepalived
3)查看虚拟ip(漂移ip地址)
[root@nginx-lb1 ~]# ip a show dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d9:ee:19 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.134/24 brd 192.168.1.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.1.254/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::c907:ba03:890b:6420/64 scope link
valid_lft forever preferred_lft forever
4)复制lb1(192.168.1.134)关于nginx的配置到lb2(192.168.1.136)
lb2安装nginx:
[root@nginx-lb1 ~]# scp /etc/yum.repos.d/nginx.repo root@192.168.1.136:/etc/yum.repos.d/
[root@nginx-lb2 ~]# yum -y install nginx
在lb1上scp复制nginx的所有配置:
[root@nginx-lb1 ~]# scp -rp /etc/nginx/* root@192.168.1.136:/etc/nginx
在lb2上启动nginx服务:
[root@nginx-lb2 ~]# systemctl restart nginx
5)客户端修改hosts文件,访问验证(访问成功,关闭主服务器,再访问)
[root@client ~]# vim /etc/hosts
192.168.1.254 blog.benet.com zh.benet.com
关闭nginx-lb1的keepalived
[root@nginx-lb1 ~]# systemctl stop keepalived
漂移地址转移到了nginx-lb2上
[root@nginx-lb2 ~]# ip a show dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:6d:fb:a0 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.136/24 brd 192.168.1.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.1.254/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::1cf:a19:c82c:7eb2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
不影响客户端继续访问:
10、高可用裂脑
高可用节点之间互相失去联系,自认为自己是主服务器,就会出现多主现象,即裂脑现象
裂脑出现的原因:
1. 心跳线松动或网卡故障
2. 服务器硬件故障,崩溃
3. 节点服务器开启防火墙,却没有做vrrp例外
nginx服务死掉,不会出现裂脑现象,但整个集群都无法正常运作
检测裂脑脚本(在备用服务器:192.168.1.136运行)
[root@nginx-lb2 /]# vim split_brain.sh
#!/bin/sh
while true
do
ping -c 2 -W 3 192.168.1.134 &> /dev/null
if [ $? -eq 0 -a `ip add | grep 192.168.1.254 | wc -l` -eq 1 ]
then
echo "split brain....."
else
echo "HA is ok"
fi
sleep 5
done
[root@nginx-lb2 /]# chmod +x split_brain.sh
[root@nginx-lb2 /]# source split_brain.sh
开启防火墙验证:
[root@nginx-lb1 ~]# systemctl start firewalld
[root@nginx-lb2 ~]# systemctl start firewalld
[root@nginx-lb2 /]# source split_brain.sh
HA is ok
HA is ok
split brain.....
split brain.....
解决因为防火墙出现的裂脑现象:
[root@nginx-lb1 ~]# firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
success
[root@nginx-lb1 ~]# firewall-cmd --reload
success
[root@nginx-lb2 ~]# firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
success
[root@nginx-lb2 ~]# firewall-cmd --reload
success
[root@nginx-lb2 /]# source split_brain.sh
split brain.....
split brain.....
HA is ok
HA is ok
11、解决nginx故障造成群集无法工作
nginx服务死掉,不会出现裂脑现象,但整个集群都无法正常运作
编辑nginx监控脚本
[root@nginx-lb1 ~]# mkdir /sh
[root@nginx-lb1 ~]# vim /sh/check_nginx_proxy.sh
#! /bin/bash
killall -0 nginx
if [ $? -ne 0 ];then
systemctl stop keepalived
fi
[root@nginx-lb1 ~]# chmod -R +x /sh/
添加脚本追踪模块到keepalived配置文件
[root@nginx-lb1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb1
}
vrrp_script check_nginx_proxy {
script "/sh/check_nginx_proxy.sh"
interval 2
weight 5
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.254
}
track_script {
check_nginx_proxy
}
}
[root@nginx-lb1 ~]# systemctl restart keepalived
手动关闭nginx,触发脚本关闭keepalived
[root@nginx-lb1 ~]# systemctl stop nginx
[root@nginx-lb1 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: inactive (dead)
6月 27 11:08:21 nginx-lb1 Keepalived_vrrp[49260]: Opening file '/etc/keepalived/keepalived.conf'.
6月 27 11:08:21 nginx-lb1 Keepalived_vrrp[49260]: WARNING - default user 'keepalived_script' for script execution...ate.
6月 27 11:08:21 nginx-lb1 Keepalived_vrrp[49260]: Unsafe permissions found for script '/sh/check_nginx_proxy.sh'.
6月 27 11:08:21 nginx-lb1 Keepalived_vrrp[49260]: SECURITY VIOLATION - scripts are being executed but script_secu...pts.
6月 27 11:08:21 nginx-lb1 Keepalived_vrrp[49260]: VRRP_Instance(VI_1) removing protocol VIPs.
6月 27 11:08:21 nginx-lb1 Keepalived_vrrp[49260]: Using LinkWatch kernel netlink reflector...
6月 27 11:08:21 nginx-lb1 Keepalived_vrrp[49260]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
6月 27 11:08:21 nginx-lb1 Keepalived[49258]: Stopping
6月 27 11:08:21 nginx-lb1 systemd[1]: Stopping LVS and VRRP High Availability Monitor...
6月 27 11:08:22 nginx-lb1 systemd[1]: Stopped LVS and VRRP High Availability Monitor.
Hint: Some lines were ellipsized, use -l to show in full.
漂移地址转移到nginx-lb2
[root@nginx-lb2 ~]# ip a show dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:6d:fb:a0 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.136/24 brd 192.168.1.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.1.254/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::1cf:a19:c82c:7eb2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@nginx-lb2 ~]# firewall-cmd --add-port=80/tcp --permanent #开启了防火墙就允许80端口通过
success
[root@nginx-lb2 ~]# firewall-cmd --reload #重载firewalld配置
success
客户端不影响访问:
12、Nginx_ssl模块
企业内部实现https案例:
- 生成key密钥
- 生成证书签名请求文件(csr文件)
- 生成证书签名文件(ca文件)
拓展例子:配置https网站及https负载均衡—转到
1)查看是否安装openssl和版本
[root@nginx-web1 ~]# rpm -q openssl
[root@nginx-web1 ~]# yum -y install openssl
[root@nginx-web1 ~]# openssl version
查看nginx是否安装ssl模块
[root@nginx-web1 ~]# nginx -V #显示结果包含: --with-http_ssl_module
创建ssl密钥目录,并进入目录
[root@nginx-web1 ~]# mkdir -p /etc/nginx/ssl_key
[root@nginx-web1 ~]# cd /etc/nginx/ssl_key
2)本机当CA:证书颁发机构,创建私钥
[root@nginx-web1 ssl_key]# openssl genrsa -idea -out server.key 2048
3)生成证书,去掉私钥的密码
[root@nginx-web1 ssl_key]# openssl req -days 3650 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
4)案例:配置https的blog、zh(web2和web1配置相同)
(1)配置web1的blog
[root@nginx-web1 ~]# vim /etc/nginx/conf.d/blog.conf
server {
listen 443 ssl;
server_name blog.benet.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
root /wordpress;
index index.php index.html;
location ~ \.php$ {
root /wordpress;
fastcgi_pass 192.168.1.131:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name blog.benet.com;
# rewrite .* https://blog.benet.com;
# rewrite .* https://$host$request_uri redirect;
# rewrite .* https://$server_name$request_uri redirect;
rewrite .* https://$server_name$1 redirect;
}
(2)配置web1的zh
[root@nginx-web1 ~]# vim /etc/nginx/conf.d/zh.conf
server {
listen 443 ssl;
server_name zh.benet.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
root /zh;
index index.php index.html;
location ~ \.php$ {
root /zh;
fastcgi_pass 192.168.1.131:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name zh.benet.com;
# rewrite .* https://zh.benet.com;
# rewrite .* https://$host$request_uri redirect;
# rewrite .* https://$server_name$request_uri redirect;
rewrite .* https://$server_name$1 redirect;
}
[root@nginx-web1 ~]# nginx -t
[root@nginx-web1 ~]# systemctl restart nginx
(3)web2的配置与web1相同
[root@nginx-web1 ~]# scp -rp /etc/nginx/ssl_key/ root@192.168.1.133:/etc/nginx/
root@192.168.1.133's password:
server.key 100% 1704 1.7KB/s 00:00
server.crt 100% 1220 1.2KB/s 00:00
[root@nginx-web1 ~]# scp -rp /etc/nginx/conf.d/ root@192.168.1.133:/etc/nginx/
root@192.168.1.133‘s password:
default.conf 100% 1093 1.1KB/s 00:00
https.conf 100% 542 0.5KB/s 00:00
blog.conf 100% 786 0.8KB/s 00:00
zh.conf 100% 767 0.8KB/s 00:00
[root@nginx-web2 ~]# nginx -t
[root@nginx-web2 ~]# systemctl restart nginx
(4)验证web节点:客户机分别修改hosts文件,使用https://https.benet.com访问测试
vim /etc/hosts
192.168.1.128 blog.benet.com
192.168.1.128 zh.benet.com
vim /etc/hosts
192.168.1.133 blog.benet.com
192.168.1.133 zh.benet.com
(5)配置负载均衡lb1
[root@nginx-web1 ~]# scp -rp /etc/nginx/ssl_key/ root@192.168.1.134:/etc/nginx/
root@192.168.1.134's password:
server.key 100% 1704 1.7KB/s 00:00
server.crt 100% 1220 1.2KB/s 00:00
[root@nginx-lb1 ~]# vim /etc/nginx/conf.d/lb.conf
upstream web_cluster {
server 192.168.1.128:443;
server 192.168.1.133:443;
}
server {
listen 443 ssl;
server_name blog.benet.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass https://web_cluster;
include nginx_params;
}
}
server {
listen 443 ssl;
server_name zh.benet.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass https://web_cluster;
include nginx_params;
}
}
server {
listen 80;
server_name blog.benet.com;
return 302 https://$server_name$1;
}
server {
listen 80;
server_name zh.benet.com;
return 302 https://$server_name$1;
}
[root@nginx-lb1 ~]# nginx -t
[root@nginx-lb1 ~]# systemctl restart nginx
[root@nginx-lb1 ~]# firewall-cmd --add-port=443/tcp --permanent
success
[root@nginx-lb1 ~]# firewall-cmd --reload
success
(6)配置负载均衡lb2
[root@nginx-web1 ~]# scp -rp /etc/nginx/ssl_key/ root@192.168.1.136:/etc/nginx/
root@192.168.1.136's password:
server.key 100% 1704 1.7KB/s 00:00
server.crt 100% 1220 1.2KB/s 00:00
[root@nginx-lb1 ~]# scp -rp /etc/nginx/conf.d/lb.conf root@192.168.1.136:/etc/nginx/conf.d/
root@192.168.1.136's password:
lb.conf 100% 864 0.8KB/s 00:00
[root@nginx-lb2 ~]# nginx -t
[root@nginx-lb2 ~]# systemctl restart nginx
[root@nginx-lb2 ~]# firewall-cmd --add-port=443/tcp --permanent
success
[root@nginx-lb2 ~]# firewall-cmd --reload
success
(7)验证负载均衡:客户机修改hosts文件,使用https://https.benet.com访问测试
vim /etc/hosts
192.168.1.254 blog.benet.com
192.168.1.254 zh.benet.com