[TOC] 綜合架構圖 主機規劃 ip 伺服器主機名和 IP 規劃參考模板 | 主機名 | eth0 網卡 | eth1 網卡 | 服務簡介 | | | | | | | lb01 | 10.0.0.5/24 | 172.16.1.5/24 | 負載服務 | | lb02 | 10.0.0.6/24 ...
目錄
- 綜合架構圖
- 主機規劃 ip
- 基礎優化
- m01 搭建yum倉庫
- backup- rsync全網備份
- nfs 共用存儲項目
- NFS 共用存儲數據實時複製到 backup
- SSH、Ansible,批量管理服務項目
- MySQL 資料庫環境搭建
- Nginx+PHP 流行動態 Web 環境搭建
- Nginx+Tomcat 流行動態 Web 環境搭建
- 將 PHP 產品和 Tomcat 產品上傳目錄掛載到 NFS
- 搭建 Nginx+keepalived 七層負載,172.16.1.5/6/lb01/lb02
- 配置 Nginx- tomcat- HTTPS 加密訪問項目
- 將 NFS 存儲數據實時複製到靜態 Web 本地 172.16.1.9/10/web01/02
- Nginx 靜態 Web 服務環境搭建 172.16.1.9/10/sweb01/02 +實現動靜分離
綜合架構圖
主機規劃 ip
伺服器主機名和 IP 規劃參考模板
| 主機名 | eth0 網卡 | eth1 網卡 | 服務簡介 |
|---|---|---|---|
| lb01 | 10.0.0.5/24 | 172.16.1.5/24 | 負載服務 |
| lb02 | 10.0.0.6/24 | 172.16.1.6/24 | 負載服務 |
| web01 | 10.0.0.7/24 | 172.16.1.7/24 | phpwww 服務 |
| web02 | 10.0.0.8/24 | 172.16.1.8/24 | php www 服務 |
| tweb01 | 10.0.0.9/24 | 172.16.1.9/24 | tomcat www 服務 |
| db01 | 10.0.0.51/24 | 172.16.1.51/24 | 資料庫服務 |
| nfs01 | 10.0.0.31/24 | 172.16.1.31/24 | 存儲服務 |
| backup | 10.0.0.41/24 | 172.16.1.41/24 | 備份服務 |
| m01 | 10.0.0.61/24 | 172.16.1.61/24 | 管理服務 |
基礎優化
修改ip地址
sed -i 's#222#61#g' /etc/sysconfig/network-scripts/ifcfg-eth[01]
永久修改主機名
[root@oldboy-c7 ~]# hostnamectl set-hostname oldboyedu-cc7
[root@web01 data]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5 lb01
172.16.1.6 lo02
172.16.1.7 web01
172.16.1.8 web02
172.16.1.9 sweb
172.16.1.31 nfs
172.16.1.41 backup
172.16.1.51 db
#批量推送其他主機
[root@web01 data]# scp -rp /etc/hosts [email protected]:/etc/
調整yum源
CentOS 7
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
//1.安裝基礎軟體包
yum install net-tools vim tree htop iftop iotop lrzsz sl wget unzip telnet nmap nc psmisc \
dos2unix bash-completion iotop iftop sysstat screen -y
1.自動補全
yum install bash-completion -y
退出一次,然後重新登錄
安裝net-tools工具,可使用ifconfig命令
yum install net-tools -y
//2.關閉firewalld防火牆
systemctl disable firewalld
systemctl stop firewalld
systemctl status firewalld
//3.關閉selinux
# 方式一
sed -ri 's#(^SELINUX=).*#\1disabled#g' /etc/selinux/config
# 方式二
sed -i '/^SELINUX=/c SELINUX=disabled' /etc/selinux/config
# 方式三
vim /etc/selinux/config
# 臨時生效
setenforce 0
//4.優化ulimit
echo '* - nofile 65535' >> /etc/security/limits.conf
//5 重啟快照m01 搭建yum倉庫
1.基礎環境準備
//安裝ftp服務,啟動並加入開機啟動
yum -y install vsftpd
systemctl start vsftpd
systemctl enable vsftpd
//開啟yum緩存功能
vim /etc/yum.conf
[main] cachedir=/var/cache/yum/$basearch/$releasever
keepcache=1
yum clean all
2.提供基礎base源
mkdir /var/ftp/centos75
mount /dev/cdrom /mnt
cp -rp /mnt/Packages/*.rpm /var/ftp/centos75
3.提供第三方源
mkdir /var/ftp/ops
yum install net-tools vim tree htop iftop \
iotop lrzsz sl wget unzip telnet nmap nc psmisc \
dos2unix bash-completion iotop iftop sysstat screen -y
//複製已緩存的 Nginx docker 及依賴包 到自定義 YUM 倉庫目錄中
[root@yum_server_69_112 ~]# find /var/cache/yum/x86_64/7/ \
-iname "*.rpm" -exec cp -rf {} /var/ftp/ops \;
4.安裝createrepo並創建 reopdata倉庫
//安裝createrepo
[root@yum_server_69_112 ~]# yum -y install createrepo
//生成倉庫信息
createrepo /var/ftp/ops
createrepo /var/ftp/centos75
//註意: 如果此倉庫每次新增軟體則需要重新生成一次
客戶端使用yum源
1.配置並使用base基礎源
[root@yum_client_69_113 ~]# gzip /etc/yum.repos.d/*
[root@yum_client_69_113 ~]# vim /etc/yum.repos.d/centos7.repo
[centos75]
name=centos74_base
baseurl=ftp://172.16.1.61/centos75
gpgcheck=0
2.客戶端指向本地ops源
[root@yum_client_69_113 ~]# vim /etc/yum.repos.d/ops.repo
[ops]
name=local ftpserver
baseurl=ftp://172.16.1.61/ops
gpgcheck=0
yum clean all
yum makecache
#其他客戶端同步推送過去
[root@backup ~]# rsync -avz /etc/yum.repos.d [email protected]:/etc/ --delete
backup- rsync全網備份
[root@backup ~]# yum install rsync -y //基礎環境已經安裝
[root@backup ~]# cat /etc/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.password
log file = /var/log/rsyncd.log
#####################################
[backup]
path = /backup
[data]
path = /data
[root@backup ~]# mkdir /backup/
[root@backup ~]# groupadd -g666 www
[root@backup ~]# useradd -u666 -g666 www
[root@backup ~]# chown -R www.www /backup/
[root@backup ~]# chmod 755 /backup
# 創建rsync使用的虛擬連接用戶
[root@backup ~]# echo "rsync_backup:1" > /etc/rsync.password
[root@backup ~]# chmod 600 /etc/rsync.password
[root@backup ~]# systemctl enable rsyncd
[root@backup ~]# systemctl start rsyncd
1 客戶端定時執行腳本 推送 backup伺服器
[root@nfs ~]# mkdir -p /server/scripts/
[root@nfs scripts]# cat /server/scripts/client_rsync_backup.sh
#!/usr/bin/bash
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#1.定義變數
Host=$(hostname)
Addr=$(ifconfig eth1|awk 'NR==2{print $2}')
Date=$(date +%F)
Dest=${Host}_${Addr}_${Date}
Path=/backup
#2.創建備份目錄
[ -d $Path/$Dest ] || mkdir -p $Path/$Dest
#3.備份對應的文件
cd / && \
[ -f $Path/$Dest/system.tar.gz ] || tar czf $Path/$Dest/system.tar.gz etc/fstab etc/rsyncd.conf && \
[ -f $Path/$Dest/log.tar.gz ] || tar czf $Path/$Dest/log.tar.gz var/log/messages var/log/secure && \
#4.攜帶md5驗證信息
[ -f $Path/$Dest/flag_$Date ] || md5sum $Path/$Dest/*.tar.gz >$Path/$Dest/flag_${Date}
#4.推送本地數據至備份伺服器
export RSYNC_PASSWORD=1
rsync -avz $Path/ [email protected]::backup
#5.本地保留最近7天的數據
find $Path/ -type d -mtime +7|xargs rm -rf
2 服務端backup 校驗壓縮包 發送給管理員
1.配置郵箱(配發件伺服器)
[root@backup ~]# cat /etc/mail.rc
yum install mailx -y
set [email protected]
set smtp=smtps://smtp.163.com:465
set [email protected]
set smtp-auth-password=aa123456
set smtp-auth=login
set ssl-verify=ignore
set nss-config-dir=/etc/pki/nssdb/
[root@backup ~]# mkdir /server/scripts -p
[root@backup scripts]# vim check_backup.sh
#!/usr/bin/bash
#1.定義全局的變數
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#2.定義局部變數
Path=/backup
Date=$(date +%F)
#3.查看flag文件,並對該文件進行校驗, 然後將校驗的結果保存至result_時間
find $Path/*_${Date} -type f -name "flag_$Date"|xargs md5sum -c >$Path/result_${Date}
#4.將校驗的結果發送郵件給管理員
mail -s "Rsync Backup $Date" [email protected] <$Path/result_${Date}
#5.刪除超過7天的校驗結果文件, 刪除超過180天的備份數據文件
find $Path/ -type f -name "result*" -mtime +7|xargs rm -f
find $Path/ -type d -mtime +180|xargs rm -rf
定時任務
#多台客戶端
[root@nfs ~]# crontab -l
00 01 * * * /usr/bin/bash /server/scripts/clinet_rsync_backup.sh >/dev/null 2>&1
測試
[root@web01 ~]# sh /server/scripts/client_rsync_backup.sh
# 多台客戶端快速增加
[root@nfs01 yum.repos.d]# scp -rp /var/spool/cron/root [email protected]:/var/spool/cron/
[root@nfs01 yum.repos.d]# rsync -avz /server [email protected]:/
#服務端
[root@backup backup]# crontab -l
00 05 * * * /usr/bin/bash /server/scripts/check_backup.sh >/dev/null 2>&1
nfs 共用存儲項目
nfs服務端
[root@nfs ~]# yum install nfs-utils -y (已安裝)
[root@nfs ~]# cat /etc/exports
/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
# nfs 依賴環境
[root@nfs ~]# groupadd -g 666 www
[root@nfs ~]# useradd -u 666 -g 666 www
[root@nfs ~]# mkdir /data
[root@nfs ~]# chown -R www.www /data
# 啟動nfs
[root@nfs ~]# systemctl enable rpcbind nfs-server
[root@nfs ~]# systemctl start rpcbind nfs-server
nfs 客戶端
#安裝工具包
[root@web01 ~]# yum install nfs-utils -y (已安裝)
[root@web01 ~]# systemctl start rpcbind (預設開機自啟動)
#創建目錄用於掛載
[root@web01 ~]# mkdir /data
# 掛載nfs的data目錄
root@web01 ~]# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/data 172.16.1.0/24
[root@web01 ~]# mount -t nfs 172.16.1.31:/data /data
# 加入開機自啟動
172.16.1.31:/data /data nfs defaults 0 0
測試:
#通過windows上傳一個視頻或圖片至/data
wget http://img.mp.itc.cn/upload/20170511/cad88c2e57f44e93b664a48a98a47108_th.jpg
# 驗證內容是否存在nfs伺服器
[root@nfs ~]# ls /data/
1111 cad88c2e57f44e93b664a48a98a47108_th.jpg tes1 test
NFS 共用存儲數據實時複製到 backup
安裝inotify-tools
[root@nfs ~]# yum install inotify-tools rsync -y
安裝sersync
[root@nfs ~]# wget https://raw.githubusercontent.com/wsgzao/sersync/master/sersync2.5.4_64bit_binary_stable_final.tar.gz
解壓重命名
[root@nfs01 ~]# tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz -C /usr/local/
[root@nfs01 local]# mv GNU-Linux-x86/ sersync
#配置sersync
<fileSystem xfs="true"/> <!-- 文件系統 -->
<inotify> <!-- 監控的事件類型 -->
<delete start="true"/>
<createFolder start="true"/>
<createFile start="true"/>
<closeWrite start="true"/>
<moveFrom start="true"/>
<moveTo start="true"/>
<attrib start="false"/>
<modify start="false"/>
</inotify>
<sersync>
<localpath watch="/data"> <!-- 監控的目錄 -->
<remote ip="172.16.1.41" name="data"/> <!-- backup的IP以及模塊 -->
</localpath>
<rsync> <!-- rsync的選項 -->
<commonParams params="-az"/>
<auth start="true" users="rsync_backup" passwordfile="/etc/rsync.pass"/>
<userDefinedPort start="false" port="874"/><!-- port=874 -->
<timeout start="true" time="100"/><!-- timeout=100 -->
<ssh start="false"/>
</rsync>
#創建密碼文件
[root@nfs01 sersync]# echo "1" > /etc/rsync.pass
[root@nfs01 ~]# chmod 600 /etc/rsync.pass
#backup創建目錄
[root@backup /]# mkdir /data
[root@backup /]# chowm -R www.www /data
啟動sersync
[root@nfs ~]# /usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml
SSH、Ansible,批量管理服務項目
[root@backup ~]# rpm -ql openssh-server
/etc/ssh/sshd_config --- ssh服務配置文件
/usr/sbin/sshd --- ssh服務進程啟動命令
[root@backup ~]# rpm -ql openssh-clients
/usr/bin/scp --- 遠程拷貝命令
/usr/bin/sftp --- 遠程文件傳輸命令
/usr/bin/ssh --- 遠程連接登錄命令
/usr/bin/ssh-copy-id --- 遠程分發公鑰命令
1.創建密鑰對
[root@m01 ~]# ssh-keygen -t rsa -C xuliangwei.com #一路回車即可
[root@m01 ~]# ls ~/.ssh/
id_rsa(鑰匙) id_rsa.pub(鎖頭)
2#發送密鑰給需要登錄的用戶
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
#遠程登錄對端主機方式
[root@m01 ~]# ssh [email protected]
# 不登陸主機執行命令
[root@m01 ~]# ssh [email protected] "hostname -i"
.ansible藉助公鑰批量管理
#利用非交換式工具實現批量分發公鑰與批量管理伺服器
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# yum install ansible -y
//檢查ansible版本
[root@m01 ~]# ansible --version
ansible 2.6.1
配置ansible 主機清單
[root@m01 ~]# vim /etc/ansible/hosts
[root@m01 7]# cat /etc/ansible/hosts
[lb]
172.16.1.5
172.16.1.6
[web]
172.16.1.7
172.16.1.8
[sweb]
172.16.1.9
[nfs]
172.16.1.31
[backup]
172.16.1.41
[db]
172.16.1.51
# ansible是通過ssh埠探測通信
[root@m01 ~]# ansible all -m ping
#批量執行命令
[root@m01 ~]# ansible all -m command -a "df -h"
[root@m01 ~]# ansible all -m command -a "hostname"MySQL 資料庫環境搭建
# 1.下載MySQL官方擴展源 (yum倉庫已經準備好)
[root@nginx ~]# rpm -ivh http://repo.mysql.com/yum/mysql-5.7-community/el/7/x86_64/mysql57-community-release-el7-10.noarch.rpm
#2.安裝mysql5.7, 文件過大可能會導致下載緩慢
[root@nginx ~]# yum install mysql-community-server -y
#3.啟動資料庫, 並加入開機自啟動
[root@nginx ~]# systemctl start mysqld
[root@nginx ~]# systemctl enable mysqld
#4.由於mysql5.7預設配置了預設密碼, 需要過濾temporary password關鍵字查看對應登陸資料庫密碼
[root@nginx ~]# grep 'temporary password' /var/log/mysqld.log
#5.登陸mysql資料庫[password中填寫上一步過濾的密碼]
[root@web02 ~]# mysql -uroot -p$(awk '/temporary password/{print $NF}' /var/log/mysqld.log)
#6.重新修改資料庫密碼
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'Ckh123.com';
# 伺服器mysql允許遠程用戶連接 (授權法)
grant all privileges on *.* to 'all'@'%' identified by 'Ckh123.com';
flush privileges;
#7. web客戶端安裝 mysql (命令 測試用 可以不用裝)
[root@web02 ~]# yum provides mysql
[root@web02 ~]# yum install mariadb -y
[root@web02 ~]# mysql -h172.16.1.51 -uall -pCkh123.comNginx+PHP 流行動態 Web 環境搭建
#1.使用Nginx官方提供的rpm包 (yum倉庫已經準備好)
[root@nginx ~]# cat /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
#2.執行yum安裝
[root@nginx ~]# yum install nginx -y
# 修改nginx 運行身份
sed -i '/^user/c user www;' /etc/nginx/nginx.conf
[root@web01 ~]# id www
uid=666(www) gid=666(www) 組=666(www)
[root@web01 ~]# # groupadd -g 666 www
[root@web01 ~]# # useradd -u666 -g666 www
#3.啟動並加入開機自啟動
[root@web01 ~]# systemctl start nginx
[root@nginx ~]# systemctl enable nginx
#檢查 運行進程中式否www 用戶運行
[root@web01 ~]# ps aux |grep nginx
www 2396 0.0 0.3 46996 1784 ? S 08:44 0:00 nginx: worker process
root 2398 0.0 0.2 112720 984 pts/0 R+ 08:44 0:00 grep --color=auto nginx
使用第三方擴展epel源安裝php7.1
#1.移除舊版php (沒有舊版 )
[root@nginx ~]# yum remove php-mysql-5.4 php php-fpm php-common
#2.安裝擴展源 (yum倉庫已經準備了)
# 依賴包
[root@nginx ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
[root@nginx ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
# 或者用yum自行解決依賴包安裝
#3.安裝php7.1版本
[root@nginx ~]# yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb
#4.替換php-fpm運行的用戶和組身份
[root@web02 ~]# sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf
[root@web02 ~]# sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf
#5.啟動php-fpm管理進程, 並加入開機自啟
[root@nginx ~]# systemctl start php-fpm
[root@nginx ~]# systemctl enable php-fpm
ansible 批量管理
[root@m01 7]# ansible web -m yum -a "name=nginx state=installed"
[root@m01 7]# ansible web -m shell -a "sed -i '/^user/c user www;' /etc/nginx/nginx.conf "
[root@m01 7]# ansible web -m group -a "name=www gid=666"
[root@m01 7]# ansible web -m user -a "name=www uid=666 group=666 "
[root@m01 7]# ansible web -m service -a "name=nginx state=started enabled=yes"
[root@m01 7]# ansible web -m yum -a "name=php71w,php71w-cli,php71w-common,php71w-devel,php71w-embedded,php71w-gd,php71w-mcrypt,php71w-mbstring,php71w-pdo,php71w-xml,php71w-fpm,php71w-mysqlnd,php71w-opcache,php71w-pecl-memcached,php71w-pecl-redis,php71w-pecl-mongodb state=installed"
[root@m01 7]# ansible web -m shell -a "sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf;sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf"
[root@m01 7]# ansible web -m service -a "name=php-fpm state=started enabled=yes"
調整網站上傳文件大小
vim /etc/php.ini
memory_limit=1024M
post_max_size=1024M
upload_max_filesize=1024M
max_execution_time=60
max_input_time=60
vim nginx配置文件 nginx.conf, 找到http{} 段 添加
client_max_body_size 1024M;
# 重啟服務生效配置
[root@web01 code]# systemctl restart nginx php-fpm
wordpress 安裝 *
[root@web01 conf.d]# cat wordpress.conf
server {
server_name wordpress.etiantian.org;
listen 80;
root /code/wordpress;
index index.php index.html;
location ~ \.php$ {
root /code/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 conf.d]# nginx -t
[root@web01 conf.d]# systemctl restart nginx
#1.獲取wordpress代碼
[root@web01 ~]# wget https://cn.wordpress.org/wordpress-4.9.4-zh_CN.tar.gz
#2.解壓網站源碼文件,拷貝至對應站點目錄,並授權站點目錄
[root@web01 ~]# tar xf wordpress-4.9.4-zh_CN.tar.gz -C /code/wordpress/
[root@web01 ~]# chown -R www.www /code/wordpress/
# wordpress 產品需要手動創建資料庫
#1.登陸資料庫
[root@http-server ~]# mysql -uroot -pCkh123.com
#2.創建wordpress資料庫
MariaDB [(none)]> create database wordpress;
MariaDB [(none)]> exit
# windows hosts解析 登錄瀏覽器訪問wordpress.etiantian.org 並安裝
wecenter 安裝 *
[root@web01 conf.d]# cat wecenter.conf
server {
server_name wecenter.etiantian.org;
listen 80;
root /code/wecenter;
index index.php index.html;
location ~ \.php$ {
root /code/wecenter;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 code]# nginx -t
[root@web01 code]# systemctl restart nginx
# 下載wecenter 產品
[root@web01 ~]# wget http://ahdx.down.chinaz.com/201605/WeCenter_v3.2.1.zip
[root@web01 ~]# unzip WeCenter_v3.1.9.zip
[root@web01 code]# mv WeCenter_3-2-1 wecenter
[root@web01 ~]# chown -R www.www /code/wecenter/
#1.登陸資料庫
[root@http-server ~]# mysql -uroot -pCkh123.com
#2.創建wecenter資料庫
MariaDB [(none)]> create database wecenter;
MariaDB [(none)]> exit
# window hosts解析 通過瀏覽器訪問 wecenter.etiantian.org 並安裝Nginx+Tomcat 流行動態 Web 環境搭建
1.準備Java基礎環境
[root@web02 ~]# yum install java jarjar-maven-plugin -y
[root@web03 ~]# mkdir /server && cd /server
2.下載並安裝Tomcat服務
wget http://mirrors.shu.edu.cn/apache/tomcat/tomcat-8/v8.5.34/bin/apache-tomcat-8.5.34.tar.gz
[root@web03 server]# tar xf apache-tomcat-8.5.34.tar.gz
[root@web03 server]# ln -s /server/apache-tomcat-8.5.34 /server/tomcat8_1
# 啟動 tomcat 服務
[root@lb01 ~]# /server/tomcat8_1/bin/startup.sh
[root@lb01 ~]# netstat -lntp
# 瀏覽器訪問 http://10.0.0.9:8080/
[root@web03 WEB-INF]# pwd
/server/tomcat-8080/webapps/ROOT/WEB-INF
[root@web03 webapps]# jar xf jpress-web-newest.war
# 瀏覽器訪問 http://10.0.0.9:8081/jpress
0.準備資料庫[db01]
mysql> create database jpress;
4.啟動tomcat
[root@web03 tomcat]# /root/tomcat/bin/startup.sh
關閉tomcat方式
[root@web03 tomcat]# /root/tomcat/bin/shutdown.sh
5.在proxy上新增java節點
upstream php {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
upstream java {
server 172.16.1.9:8081;
}
server {
server_name wordpress.etiantian.org;
listen 80;
location / {
proxy_pass http://php;
include proxy_params;
}
}
server {
server_name jpress.etiantian.org;
listen 80;
location / {
proxy_pass http://java;
include proxy_params;
}
}
[root@lb01 conf.d]# nginx -t
[root@lb01 conf.d]# systemctl restart nginx
6.給tomcat提供靜態存儲[nfs操作]
[root@nfs ~]# cat /etc/exports
/data/blog 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/java 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666) #新增
[root@nfs ~]# mkdir /data/java
[root@nfs ~]# chown -R www.www /data/java/
[root@nfs ~]# systemctl restart nfs-server
7.在web03上操作
[root@web03 ROOT]# yum install nfs-utils -y
[root@web03 ROOT]# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/data/java 172.16.1.0/24
/data/blog 172.16.1.0/24
8.準備掛載環境
[root@web03 ROOT]# groupadd -g 666 www
[root@web03 ROOT]# useradd -g www -u 666 www
掛載
[root@web03 ROOT]# cp -rp attachment/ attachment_bak
[root@web03 ROOT]# rm -rf attachment/*
[root@web03 ROOT]# mount -t nfs 172.16.1.31:/data/java /root/apache-tomcat-8.5.33/webapps/ROOT/attachment
[root@web03 ROOT]# cp -rp attachment_bak/* attachment/
永久掛載
[root@web03 ROOT]# cat /etc/fstab
172.16.1.31:/data/java /root/apache-tomcat-8.5.33/webapps/ROOT/attachment nfs defaults,_rnetdev 0 0
[root@web03 ROOT]# mount -a
將 PHP 產品和 Tomcat 產品上傳目錄掛載到 NFS
#1.web先找出圖片存儲的路徑,然後進行掛載
wordpress wp-content/uploads/
wecenter uploads
jpress attachment/
# nfs01 伺服器提供靜態存儲
[root@nfs01 data]# cat /etc/exports
/data/wordpress 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/wecenter 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/jpress 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
[root@nfs01 data]# mkdir /data/{wecenter,jpress,wordpress}
[root@nfs01 data]# chown -R www.www /data
[root@nfs01 data]# systemctl restart nfs-server
# web01 安裝 nfs工具 (已經安裝)
[root@web01 code]# yum install nfs-utils
[root@web01 code]# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/data/jpress 172.16.1.0/24
/data/wecenter 172.16.1.0/24
/data/wordpress 172.16.1.0/24
[root@web01 ~]# groupadd -g 666 www (已經創建了)
[root@web01 ~]# useradd -g www -u 666 www
# 掛載
[root@web01 wecenter]# pwd
/code/wecenter
[root@web01 wecenter]# cp -rp uploads/ uploads_bak
[root@web01 code]# mount -t nfs 172.16.1.31:/data/wecenter /code/wecenter/uploads
[root@web01 code]# cp -rp /code/wecenter/uploads_bak/* /code/wecenter/uploads/
[root@web01 code]# cat /etc/fstab
172.16.1.31:/data/wecenter /code/wecenter/uploads nfs defaults 0 0
[root@web01 wp-content]# pwd
/code/wordpress/wp-content
[root@web01 wp-content]# cp -rp uploads/ uploads_bak
[root@web01 code]# mount -t nfs 172.16.1.31:/data/wordpress /code/wordpress/wp-content/uploads
[root@web01 code]# cp -rp /code/wordpress/wp-content/uploads_bak/* /code/wordpress/wp-content/uploads/
[root@web01 code]# cat /etc/fstab
172.16.1.31:/data/wordpress /code/wordpress/wp-content/uploads nfs defaults 0 0
#web03 的jpress
[root@web03 jpress]# pwd
/server/tomcat-8080/webapps/jpress
[root@web03 jpress]# cp -rp attachment/ attachment_bak
[root@web03 jpress]# mount -t nfs 172.16.1.31:/data/jpress /server/tomcat-8080/webapps/ROOT/attachment
[root@web03 jpress]# groupadd -g 666 www
[root@web03 jpress]# useradd -g www -u 666 www
[root@web03 jpress]# chown -R www.www /server/tomcat-8080/webapps
[root@web03 jpress]# cp -rp attachment_bak/* attachment/
[root@web03 jpress]# cat /etc/fstab
172.16.1.31:/data/jpress /server/tomcat8_1/webapps/jpress/attachment nfs defaults 0 0搭建 Nginx+keepalived 七層負載,172.16.1.5/6/lb01/lb02
# web01 和web02 環境保持一模一樣
[root@web01 code]# rsync -avz /code [email protected]:/
[root@web01 code]# rsync -avz /etc/nginx [email protected]:/etc/ --delete
[root@web01 code]# scp -rp /etc/php.ini [email protected]:/etc/
[root@web02 ~]# vim /etc/fstab
172.16.1.31:/data/wecenter /code/wecenter/uploads nfs defaults 0 0
172.16.1.31:/data/wordpress /code/wordpress/wp-content/uploads nfs defaults 0 0
[root@web02 ~]# mount -a
[root@web02 ~]# df -h
[root@web02 code]# systemctl restart nginx php-fpm
# 安裝nginx
[root@db01 ~]# yum install nginx
[root@db01 conf.d]# mv default.conf default.conf.off
[root@db01 conf.d]# cat proxy.conf
upstream php {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
upstream java {
server 172.16.1.9:8080;
}
server {
listen 80;
server_name wordpress.etiantian.org;
location / {
proxy_pass http://php;
include proxy_params;
}
}
server {
listen 80;
server_name wecenter.etiantian.org;
location / {
proxy_pass http://php;
include proxy_params;
}
}
server {
listen 80;
server_name jpress.etiantian.org;
location / {
proxy_pass http://java;
include proxy_params;
}
}
[root@db01 conf.d]# cat /etc/nginx/proxy_params
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
[root@db01 conf.d]# nginx -t
[root@db01 conf.d]# systemctl restart nginx
##windows hosts 解析 瀏覽器訪問
# +keepalived
#兩台lb 一模一樣配置 , 快速配置一臺lb02-6
[root@lb02 ~]# yum install nginx
[root@lb02 ~]# scp -rp [email protected]:/etc/yum.repos.d /etc/ (基礎環境已經配置好yum倉庫)
[root@lb02 conf.d]# rsync -avz [email protected]:/etc/nginx /etc/ --delete
[root@lb02 ~]# systemctl start nginx
[root@lb02 ~]# systemctl enable nginx
# 安裝 keepalived
[root@lb01 ~]# yum install keepalived -y
[root@lb02 ~]# yum install keepalived -y
#配置 keepalived
[root@lb01 conf.d]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@lb01 conf.d]# systemctl restart keepalived
[root@lb01 conf.d]# systemctl enable keepalived
[root@lb02 conf.d]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@lb02 conf.d]# systemctl restart keepalived
[root@lb01 conf.d]# systemctl enable keepalived
配置 Nginx- tomcat- HTTPS 加密訪問項目
[root@web01 code]# mkdir /etc/nginx/ssl_key
[root@web01 code]# cd /etc/nginx/ssl_key/
[root@web01 ~]# openssl genrsa -idea -out server.key 2048
這裡密碼設置1234
[root@web01 ~]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:WH
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:edu
Organizational Unit Name (eg, section) []:SA
Common Name (eg, your name or your server's hostname) []:bgx
Email Address []:[email protected]
[root@web01 ssl_key]# cat /etc/nginx/conf.d/wecenter-https.conf
server {
listen 443;
server_name wecenter.etiantian.org;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
root /code/wecenter;
index index.php index.html;
}
location ~ \.php$ {
root /code/wecenter;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 ~]# cat /etc/nginx/conf.d/wordpress-https.conf
server {
server_name wordpress.etiantian.org;
listen 443;
root /code/wordpress;
index index.php index.html;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location ~ \.php$ {
root /code/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 conf.d]# rsync -avz /etc/nginx [email protected]:/etc/ --delete
[root@web01 ssl_key]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 ssl_key]# systemctl restart nginx
# 負載均衡配置
[root@lb01 code]# mkdir /etc/nginx/ssl_key
[root@lb01 code]# cd /etc/nginx/ssl_key/
[root@lb01 ssl_key]# scp -rp [email protected]:/etc/nginx/ssl_key/* ./
[root@lb01 nginx]# cat /etc/nginx/conf.d/proxy-https.conf
upstream php {
server 172.16.1.7:443;
server 172.16.1.8:443;
}
upstream java {
server 172.16.1.9:8080;
}
server {
listen 80;
server_name wordpress.etiantian.org;
return 302 https://$server_name$request_uri;
}
server {
listen 80;
server_name wecenter.etiantian.org;
return 302 https://$server_name$request_uri;
}
server {
listen 80;
server_name jpress.etiantian.org;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name jpress.etiantian.org;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
# note, there is not SSL here! plain HTTP is used
proxy_pass http://java;
}
}
server {
listen 443;
server_name wordpress.etiantian.org;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass https://php;
include proxy_params;
}
}
server {
listen 443;
server_name wecenter.etiantian.org;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass https://php;
include proxy_params;
}
}
# lb02 一樣的配置
[root@lb01 ssl_key]# rsync -avz /etc/nginx [email protected]:/etc/ --delete
#其中最為關鍵的就是 ssl_certificate 和 ssl_certificate_key 這兩項配置,其他的按正常配置。不過多了一個 proxy_set_header X-Forwarded-Proto https; 配置。
Tomcat server.xml 完整配置
[root@web03 server]# cat tomcat8_1/conf/server.xml
<?xml version="1.0" encoding="UTF-8"?>
<Server port="8011" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8081" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443"
proxyPort="443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
#上述的配置中沒有什麼特別的,但是特別特別註意的是必須有 proxyPort="443",這是整篇文章的關鍵,當然 redirectPort 也必須是 443。同時 <Value> 節點的配置也非常重要,否則你在 Tomcat 中的應用在讀取 getScheme() 方法以及在 web.xml 中配置的一些安全策略會不起作用。將 NFS 存儲數據實時複製到靜態 Web 本地 172.16.1.9/10/web01/02
# web01準備環境
[root@web01 ~]# yum install rsync -y //基礎環境已經安裝
[root@web01 ~]# cat /etc/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.password
log file = /var/log/rsyncd.log
#####################################
[data]
path = /data
[root@web01 ~]# mkdir /data/
[root@web01 ~]# groupadd -g666 www (用戶已經存在)
[root@web01 ~]# useradd -u666 -g666 www
[root@web01 ~]# chown -R www.www /data/
[root@web01 ~]# chmod 755 /data (預設755)
# 創建rsync使用的虛擬連接用戶
[root@web01 ~]# echo "rsync_backup:1" > /etc/rsync.password
[root@web01 ~]# chmod 600 /etc/rsync.password
[root@web01 ~]# systemctl enable rsyncd
[root@web01 ~]# systemctl restart rsyncd
# 複製之前的sersync 配置文件修改
[root@nfs01 data]# cd /usr/local/sersync/
[root@nfs01 sersync]# cp confxml.xml web01-confxml.xml
[root@nfs01 sersync]# vim web01-confxml.xml # 修改的地方
<host hostip="localhost" port="8009"></host>
<remote ip="172.16.1.7" name="data"/>
#啟動服務
[root@nfs01 sersync]# /usr/local/sersync/sersync2 -dro /usr/local/sersync/web01-confxml.xml
web02 操作類似Nginx 靜態 Web 服務環境搭建 172.16.1.9/10/sweb01/02 +實現動靜分離
flag-------------------------------
系統 服務 地址
CentOS7.5 proxy 10.0.0.5 lb01
CentOS7.5 Nginx 10.0.0.7 web01
CentOS7.5 TOmcat 10.0.0.9 web03
# web01靜態資源
[root@web01 data]# wget http://nginx.org/nginx.png
[root@web01 data]# cat /etc/nginx/conf.d/ds.conf
server {
listen 80;
server_name ds.etiantian.org;
root /data;
index index.php index.html;
location ~* .*\.(png|jpg|gif)$ {
root /data;
}
}
# web03 動態資源
[root@web03 webapps]# cat /server/tomcat8_1/webapps/ROOT/java-test.jsp
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<HTML>
<HEAD>
<TITLE>JSP Test Page</TITLE>
</HEAD>
<BODY>
<%
Random rand = new Random();
out.println("<h1>Random number:</h1>");
out.println(rand.nextInt(99)+100);
%>
</BODY>
</HTML>
#lb01 整合靜態和動態資源在一個頁面
# nginx 配置
[root@lb01 conf.d]# cat /etc/nginx/conf.d/ds.conf
upstream static {
server 10.0.0.7:80;
}
upstream javaround {
server 10.0.0.9:8080;
}
server {
listen 80;
server_name ds.etiantian.org;
location / {
root /soft/code;
index index.html;
}
location ~ .*\.(png|jpg|gif)$ {
proxy_pass http://static;
include proxy_params;
}
location ~ .*\.jsp$ {
proxy_pass http://javaround;
include proxy_params;
}
}
# 代碼
[root@lb01 conf.d]# cat /soft/code/index.html
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>測試ajax和跨域訪問</title>
<script src="http://libs.baidu.com/jquery/2.1.4/jquery.min.js"></script>
</head>
<script type="text/javascript">
$(document).ready(function(){
$.ajax({
type: "GET",
url: "http://ds.etiantian.org/java-test.jsp",
success: function(data) {
$("#get_data").html(data)
},
error: function() {
alert("fail!!,請刷新再試!");
}
});
});
</script>
<body>
<h1>測試動靜分離</h1>
<img src="http://ds.etiantian.org/nginx.png">
<div id="get_data"></div>
</body>
</html>
# windows hosts 解析 10.0.0.5 ds.etiantian.org
# 瀏覽器訪問 http://ds.etiantian.org/ 圖片和動態隨機數同時顯示在一個頁面上,
# 停掉web01 的nginx 頁面的圖片不顯示,動態資源正常顯示 反之一樣
