基础架构搭建环境准备
查看网络状况、关闭所有虚拟机的防火墙和selinux
[root@localhost ~]# ip a
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# setenforce 0
一、搭建web1节点(nginx)
(1)修改主机名
[root@localhost ~]# hostnamectl set-hostname web1
[root@localhost ~]# bash
(2)配置nginx官方yum源
[root@web1 ~]# cd /etc/yum.repos.d/
[root@web1 yum.repos.d]# vim nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
(3)安装nginx
[root@web1 yum.repos.d]# yum -y install nginx
[root@web1 yum.repos.d]# systemctl start nginx
[root@web1 yum.repos.d]# systemctl enable nginx
二、搭建web2节点(nginx)
(1)修改主机名
[root@localhost ~]# hostnamectl set-hostname web2
[root@localhost ~]# bash
(2)配置nginx官方yum源
[root@web2 ~]# cd /etc/yum.repos.d/
[root@web2 yum.repos.d]# vim nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
(3)安装nginx
[root@web2 yum.repos.d]# yum -y install nginx
[root@web2 yum.repos.d]# systemctl start nginx
[root@web2 yum.repos.d]# systemctl enable nginx
三、搭建mysql服务器
(1)修改主机名
[root@localhost ~]# hostnamectl set-hostname mysql
[root@localhost ~]# bash
(2)安装mysql
[root@mysql ~]# rpm -ivh http://repo.mysql.com/yum/mysql-5.6-community/el/7/x86_64/mysql-community-release-el7-5.noarch.rpm
[root@mysql ~]# yum -y install mysql-community-server
[root@mysql ~]# systemctl start mysqld
[root@mysql ~]# systemctl enable mysqld
四、搭建php服务器
(1)修改主机名
[root@localhost ~]# hostnamectl set-hostname php
[root@localhost ~]# bash
(2)安装php
[root@php ~]# yum -y install epel-release
[root@php ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
[root@php ~]# yum -y install php72w php72w-cli php72w-common php72w-devel php72w-embedded php72w-gd php72w-mbstring php72w-pdo php72w-xml php72w-fpm php72w-mysqlnd php72w-opcache
[root@php ~]# systemctl start php-fpm
[root@php ~]# systemctl enable php-fpm
五、web1安装wordpress
(1)下载wordpress源码包
(2)复制wordpress安装包到虚拟机/,解压并赋权
[root@web1 /]# unzip wordpress-4.9.4-zh_CN.zip
[root@web1 /]# chmod -R 777 /wordpress
(3)创建虚拟主机配置文件
[root@web1 /]# vim /etc/nginx/conf.d/blog.conf
server {
listen 80;
server_name blog.benet.com;
root /wordpress;
index index.php index.html;
location ~ \.php$ {
root /wordpress;
fastcgi_pass 192.168.229.157:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web1 /]# nginx -t
[root@web1 /]# systemctl restart nginx
(4)在mysql服务器上创建blog数据库和用户
1.初始化密码设置
[root@mysql ~]# mysql_secure_installation
2.登录数据库创建数据库与远程管理用户
[root@mysql ~]# mysql -uroot -pasd123
create database blog;
grant all on blog.* to zj@'%' identified by 'asd123';
[root@mysql ~]# systemctl restart mysqld
(5)从web1上复制wordpress目录到php的根目录并修改php配置文件
[root@web1 ~]# scp -rp /wordpress root@192.168.229.157:/
[root@php ~]# vim /etc/php-fpm.d/www.conf
定位并修改为:
listen = 192.168.229.157:9000
listen.allowed_clients = 192.168.229.152,192.168.229.155(web服务器节点)
[root@php ~]# systemctl restart php-fpm
六、web1安装zh
(1)下载wecenter源码包
(2)创建/zh目录,复制wecenter安装包到虚拟机/zh目录下赋权
[root@web1 ~]# mkdir /zh
[root@web1 zh]# cd /zh
[root@web1 zh]# unzip wecenter_3-3-4.zip
[root@web1 zh]# chmod -R 777 /zh
(3)创建虚拟主机配置文件
[root@web1 zh]# vim /etc/nginx/conf.d/zh.conf
server {
listen 80;
server_name zh.benet.com;
root /zh;
index index.php index.html;
location ~ \.php$ {
root /zh;
fastcgi_pass 192.168.229.157:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web1 zh]# systemctl restart nginx
(4)在mysql服务器上创建zh数据库和管理用户
1.登录数据库创建数据库与远程管理用户
[root@mysql ~]# mysql -uroot -pasd123
create database zh;
grant all on zh.* to zj@'%' identified by 'asd123';
[root@mysql ~]# systemctl restart mysqld
(5)修改客户端/etc/hosts文件并进行访问测试,安装并配置
[root@localhost ~]# vim /etc/hosts
七、配置web2节点服务器
(1)将web1上的wordpress和zh目录,复制到web2根目录下
[root@web1 ~]# scp -rp /wordpress root@192.168.229.155:/
[root@web1 ~]# scp -rp /zh root@192.168.229.155:/
(2)复制web1的zh.conf和blog.conf配置文件到web2
[root@web1 ~]# scp -rp /etc/nginx/conf.d/blog.conf root@192.168.229.155:/etc/nginx/conf.d/
[root@web1 ~]# scp -rp /etc/nginx/conf.d/zh.conf root@192.168.229.155:/etc/nginx/conf.d/
(3)在web2上重启nginx服务
[root@web1 ~]# systemctl restart nginx
八、配置负载均衡服务器lb1
(1)启动lb1,安装nginx
[root@localhost ~]# hostnamectl set-hostname lb1
[root@localhost ~]# bash
[root@lb1 ~]# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
[root@lb1 ~]# yum -y install nginx
[root@lb1 ~]# systemctl start nginx
[root@lb1 ~]# systemctl enable nginx
(2)添加优化项
[root@lb1 ~]# vim /etc/nginx/nginx_params
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
(3)创建lb1配置文件
[root@lb1 ~]# vim /etc/nginx/conf.d/lb1.conf
upstream web_cluster {
server 192.168.229.152:80;
server 192.168.229.155:80;
}
server {
listen 80;
server_name blog.benet.com;
location / {
proxy_pass http://web_cluster;
include nginx_params;
}
}
server {
listen 80;
server_name zh.benet.com;
location / {
proxy_pass http://web_cluster;
include nginx_params;
}
}
[root@lb1 ~]# nginx -t
[root@lb1 ~]# systemctl restart nginx
九、配置第二台负载均衡服务器lb2
操作同第八步
十、配置两台负载均衡服务器高可用
(1)在lb1和lb2上都安装keepalived(如果虚拟机是最小化安装,则需要安装psmisc包提供killall命令)
[root@lb1 ~]# yum -y install keepalived
[root@lb2 ~]# yum -y install keepalived
(2)配置keepalived
主服务器:lb1
[root@lb1 ~]# vim /etc/keepalived/keepalived.conf
修改为:
global_defs {
router_id lb1
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.229.18
}
}
[root@lb1 ~]# systemctl start keepalived
[root@lb1 ~]# systemctl enable keepalived
备服务器:lb2
[root@lb2 ~]# vim /etc/keepalived/keepalived.conf
修改为:
global_defs {
router_id lb2 #路由id号,和主服务器必须不同
}
vrrp_instance VI_1 {
state BACKUP #状态:BACKUP备 MASTER主
interface ens33
virtual_router_id 51
priority 99 #优先级:备比主要小
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.229.18 #虚拟路由ip,公共ip,和lb1保持一致
}
}
[root@lb2 ~]# systemctl start keepalived
[root@lb2 ~]# systemctl enable keepalived
(3)查看漂移地址
[root@lb1 ~]# ip addr show dev ens33
十一、解决nginx故障造成群集无法工作
1.最小化安装需要安装psmisc包
[root@lb1 ~]# yum -y install psmisc
2.编辑nginx监控脚本
[root@lb1 ~]# mkdir /sh
[root@lb1 ~]# vim /sh/check_nginx_proxy.sh
#!/bin/bash
killall -0 nginx
if [ $? -ne 0 ];then
systemctl stop keepalived
fi
[root@lb1 ~]# chmod +x /sh/check_nginx_proxy.sh
3.添加脚本追踪模块到keepalived配置文件
[root@lb1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb1
}
vrrp_script check_nginx_proxy {
script "/sh/check_nginx_proxy.sh"
interval 2
weight 5
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.229.18
}
track_script {
check_nginx_proxy
}
}
[root@lb1 ~]# systemctl restart keepalived
十二、配置nfs共享
(1)安装nfs-utils、rpcbind
[root@localhost ~]# hostnamectl set-hostname nfs
[root@localhost ~]# bash
[root@nfs ~]# yum -y install nfs-utils rpcbind
(2)创建挂载点
[root@nfs ~]# mkdir -p /nfs/{blog,zh}
(3)发布共享目录
vim /etc/exports
/nfs/blog 192.168.229.0/24(rw,sync,no_root_squash)
/nfs/zh 192.168.229.0/24(rw,sync,no_root_squash)
(4)启动nfs服务
[root@nfs ~]# systemctl start rpcbind
[root@nfs ~]# systemctl start nfs
[root@nfs ~]# systemctl enable rpcbind
[root@nfs ~]# systemctl enable nfs
(5)在web1服务器上查看nfs共享目录
[root@web1 ~]# yum -y install nfs-utils rpcbind
[root@web1 ~]# showmount -e 192.168.229.160
(6)把wordpress的内容目录挂载到nfs
[root@web1 ~]# cd /wordpress
[root@web1 ~]# cp -rp wp-content/ wp-contentbak
[root@web1 ~]# mount -t nfs 192.168.1.116:/nfs/blog wp-content
[root@web1 ~]# cp -rp wp-contentbak/* wp-content/
(7)设置永久挂载
[root@web1 ~]# vim /etc/fstab
192.168.229.160:/nfs/log /wordpress/wp-content nfs defaults 0 0
十三、配置https的blog、zh(web2和web1配置相同)
1.查看是否安装openssl和版本
[root@web1-152 ~]# rpm -q openssl
[root@web1-152 ~]# yum -y install openssl
2.查看nginx是否安装ssl模块
[root@web1-152 ~]# nginx -V
显示结果包含: --with-http_ssl_module
3.创建ssl密钥目录,并进入目录
[root@web1-152 ~]# mkdir -p /etc/nginx/ssh_key
[root@web1-152 ssh_key]# cd /etc/nginx/ssh_key
4.本机当CA:证书颁发机构,创建私钥
[root@web1-152 ssh_key]# openssl genrsa -idea -out server.key 2048
5.生成证书,去掉私钥的密码
[root@web1-152 ssh_key]# openssl req -days 3650 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
6.在web1上对blog和zh的配置文件进行修改
(1)配置web1的blog
[root@web1-152 ~]# vim /etc/nginx/conf.d/blog.conf
server {
listen 443 ssl;
server_name blog.benet.com;
ssl_certificate ssh_key/server.crt;
ssl_certificate_key ssh_key/server.key;
root /wordpress;
index index.php index.html;
location ~ \.php$ {
root /wordpress;
fastcgi_pass 192.168.229.157:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name blog.benet.com;
rewrite .* https://blog.benet.com;
rewrite .* https://$host$request_uri redirect;
rewrite .* https://$server_name$request_uri redirect;
rewrite .* https://$server_name$1 redirect;
}
(2)配置web1的zh
[root@web1-152 ~]# vim /etc/nginx/conf.d/zh.conf
server {
listen 443 ssl;
server_name zh.benet.com;
ssl_certificate ssh_key/server.crt;
ssl_certificate_key ssh_key/server.key;
root /zh;
index index.php index.html;
location ~ \.php$ {
root /zh;
fastcgi_pass 192.168.229.157:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name zh.benet.com;
rewrite .* https://zh.benet.com;
rewrite .* https://$host$request_uri redirect;
rewrite .* https://$server_name$request_uri redirect;
rewrite .* https://$server_name$1 redirect;
}
[root@web1-152 ~]# nginx -t
[root@web1-152 ~]# systemctl restart nginx
直接把web1的配置传到web2上
[root@web1-152 ~]# scp -rp /etc/nginx/ssh_key root@192.168.229.155:/etc/nginx
[root@web1-152 ~]# scp -rp /etc/nginx/conf.d/blog.conf root@192.168.229.155:/etc/nginx/conf.d/
[root@web1-152 ~]# scp -rp /etc/nginx/conf.d/zh.conf root@192.168.229.155:/etc/nginx/conf.d/
(3)配置负载均衡lb1,lb2配置一样
首先把证书传到lb1上
[root@web1-152 ~]# scp -rp /etc/nginx/ssh_key/ root@192.168.229.158:/etc/nginx/
[root@lb1 ~]# vim /etc/nginx/conf.d/lb.conf
upstream web_cluster {
server 192.168.229.152:443;
server 192.168.229.155:443;
}
server {
listen 443 ssl;
server_name blog.benet.com;
ssl_certificate ssh_key/server.crt;
ssl_certificate_key ssh_key/server.key;
location / {
proxy_pass https://web_cluster;
include nginx_params;
}
}
server {
listen 443 ssl;
server_name zh.benet.com;
ssl_certificate ssh_key/server.crt;
ssl_certificate_key ssh_key/server.key;
location / {
proxy_pass https://web_cluster;
include nginx_params;
}
}
server {
listen 80;
server_name blog.benet.com;
return 302 https://$server_name$1;
}
server {
listen 80;
server_name zh.benet.com;
return 302 https://$server_name$1;
}
[root@lb1 ~]# nginx -t
[root@lb1 ~]# systemctl restart nginx
关于lb2的配置,直接把lb1的配置传过去即可。
[root@lb1 ~]# scp -rp /etc/nginx/ssh_key/ root@192.168.229.158:/etc/nginx/
[root@lb1 ~]# scp -rp /etc/nginx/conf.d/lb.conf root@192.168.229.159:/etc/nginx/conf.d/