LVS+KeepaLived+Nginx SSL（二）

LVS+KeepaLived+Nginx SSL

LNMP安裝

 

#!/bin/bash
#auto install lnmp
#By L
#改編自linuxtone

#Create user for The LNMP
userdel -r www ; useradd -M -s /sbin/nologin   www
userdel -r mysql ; useradd -M -s /sbin/nologin mysql

#init var
NGINX_HOME="/opt/nginx"
NGINX_VERSION="nginx-1.0.8"
PCRE_VERSION="pcre-8.10"

PHP_HOME="/opt/php"
PHP_VERSION="php-5.3.10"
LIBICONV_VERSION="libiconv-1.13.1"
LIBMCRYPT_VERSION="libmcrypt-2.5.8"
MHASH_VERSION="mhash-0.9.9.9"
MCRYPT_VERSION="mcrypt-2.6.8"

MYSQL_HOME="/opt/mysql"
MYSQL_DATA_DIR="/data/mysql/3306/data"
MYSQL_CONFIG_DIR="/etc"
MYSQL_PORT="3306"
MYSQL_VERSION="mysql-5.5.15"
CMAKE_VERSION="cmake-2.8.4"

#install the rpm bao
yum -y install dialog ntp vim-enhanced vixie-cron gcc gcc-c++ gcc-g77 flex bison autoconf automake glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel libtool* zlib-devel libxml2-devel libjpeg-devel libpng-devel libtiff-devel fontconfig-devel freetype-devel libXpm-devel gettext-devel curl curl-devel pam-devel e2fsprogs-devel krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel net-snmp net-snmp-devel nss_ldap openldap-clients openldap-servers libtidy libtidy-devel

#wget the packet
cat >> list.txt << EOF
http://docs.linuxtone.org/soft/lemp/packages/${PCRE_VERSION}.tar.gz
http://docs.linuxtone.org/soft/lemp/packages/${LIBICONV_VERSION}.tar.gz
http://docs.linuxtone.org/soft/lemp/packages/${LIBMCRYPT_VERSION}.tar.gz
http://docs.linuxtone.org/soft/lemp/packages/${MCRYPT_VERSION}.tar.gz
http://docs.linuxtone.org/soft/lemp/packages/${MHASH_VERSION}.tar.gz
http://www.cmake.org/files/v2.8/${CMAKE_VERSION}.tar.gz
http://files.directadmin.com/services/all/mysql/${MYSQL_VERSION}.tar.gz
http://nginx.org/download/${NGINX_VERSION}.tar.gz
http://ftp.wayne.edu/php/${PHP_VERSION}.tar.gz
EOF
wget -i list.txt

#install the mysql

tar zvxf ${CMAKE_VERSION}.tar.gz
cd ${CMAKE_VERSION}
./configure && make  && make install
cd ../

tar zxvf ${MYSQL_VERSION}.tar.gz
cd ${MYSQL_VERSION}
cmake . -DCMAKE_INSTALL_PREFIX=${MYSQL_HOME} -DMYSQL_DATADIR=${MYSQL_DATA_DIR} -DSYSCONFDIR=${MYSQL_CONFIG_DIR} -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITH_FEDERATED_STORAGE_ENGINE=1 -DWITH_PARTITION_STORAGE_ENGINE=1 -DMYSQL_TCP_PORT=${MYSQL_PORT} -DENABLED_LOCAL_INFILE=1 -DWITH_SSL=yes  -DEXTRA_CHARSETS=all -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_READLINE=on
gmake
make install

#init mysql
mkdir -p ${MYSQL_DATA_DIR}
cp -f support-files/mysql.server /etc/init.d/mysqld
chmod 755 /etc/init.d/mysqld
chkconfig --add mysqld
chkconfig mysqld on
cp support-files/my-medium.cnf ${MYSQL_CONFIG_DIR}/my.cnf

#init the lib file
echo "$MYSQL_HOME/lib" >>/etc/ld.so.conf
/sbin/ldconfig

#link the command
rm -rf /usr/bin/mysql* &> /dev/null
ln -s ${MYSQL_HOME}/bin/* /usr/bin/

#init mysql database
${MYSQL_HOME}/scripts/mysql_install_db --basedir=${MYSQL_HOME} --datadir=${MYSQL_DATA_DIR} --user=mysql
cd ../

#install nginx
tar zvxf ${PCRE_VERSION}.tar.gz
cd ${PCRE_VERSION}
./configure && make  && make install
cd ../

tar zvxf ${NGINX_VERSION}.tar.gz
cd ${NGINX_VERSION}
./configure --user=www --group=www --prefix=${NGINX_HOME} --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-md5=/usr/lib --with-sha1=/usr/lib --with-http_gzip_static_module

make  &&  make install
cd ../
#install php-support
tar zxvf ${LIBICONV_VERSION}.tar.gz
cd ${LIBICONV_VERSION}
./configure --prefix=/usr/local
make  &&  make install
cd ../

tar zxvf ${LIBMCRYPT_VERSION}.tar.gz
cd ${LIBMCRYPT_VERSION}
./configure --prefix=/usr
make   && make install
cd libltdl/
./configure --enable-ltdl-install
make  && make install
cd ../../

tar zxvf ${MHASH_VERSION}.tar.gz
cd ${MHASH_VERSION}
./configure --prefix=/usr
make  && make install
ldconfig
cd ../

ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
/sbin/ldconfig


tar zxvf ${MCRYPT_VERSION}.tar.gz
cd ${MCRYPT_VERSION}
./configure --prefix=/usr
make   && make install
cd ../

echo "/usr/lib" >> /etc/ld.so.conf
echo "/usr/local/lib" >> /etc/ld.so.conf
/sbin/ldconfig

#install php
tar zxvf ${PHP_VERSION}.tar.gz
cd ${PHP_VERSION}
./configure --prefix=${PHP_HOME} --with-config-file-path=${PHP_HOME}/etc --with-mysql=${MYSQL_HOME} --with-mysqli=${MYSQL_HOME}/bin/mysql_config --with-pdo-mysql=${MYSQL_HOME} --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-pdo-sqlite --enable-pdo --with-bz2 --with-gettext --with-snmp --with-libxml-dir --enable-xml --disable-rpath --disable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-fpm --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-ldap --with-ldap-sasl --with-xmlrpc --enable-zip --enable-soap --without-pear
make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-production ${PHP_HOME}/etc/php.ini
cd ../
echo ""

配置Nginx

user  www www;

worker_processes 8;

error_log  /data/web_logs/nginx_error.log  crit;

pid        /opt/nginx/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;

events
{
  use epoll;
  worker_connections 65535;
}

http
{
  include       mime.types;
  default_type  application/octet-stream;

  #charset  gb2312;
  server_names_hash_bucket_size 128;
  client_header_buffer_size 32k;
  large_client_header_buffers 4 32k;
  client_max_body_size 8m;

  sendfile on;
  tcp_nopush     on;

  keepalive_timeout 60;

  tcp_nodelay on;

  fastcgi_connect_timeout 300;
  fastcgi_send_timeout 300;
  fastcgi_read_timeout 300;
  fastcgi_buffer_size 64k;
  fastcgi_buffers 4 64k;
  fastcgi_busy_buffers_size 128k;
  fastcgi_temp_file_write_size 128k;

  gzip on;
  gzip_min_length  1k;
  gzip_buffers     4 16k;
  gzip_http_version 1.0;
  gzip_comp_level 2;
  gzip_types       text/plain application/x-javascript text/css application/xml;
  gzip_vary on;
    log_format  main '$remote_addr - $remote_user [$time_local] "$request" '
               '$status $body_bytes_sent "$http_referer" '
               '"$http_user_agent" $http_x_forwarded_for';
  include /opt/nginx/conf/sites-enabled/*;
}

關於Nginx配置文件的解釋可以去看：

http://liuyu.blog.51cto.com/183345/294118

Keepalived_timeout 的詳細解釋可以去看：
http://www.perfgeeks.com/?p=673

PHP-fpm啓動腳本：

 

#!/bin/bash
PID='/opt/php/logs/php-fpm.pid'
FPM='/opt/php/sbin/php-fpm'

case $1 in
    start)

        echo  "Starting php_fpm.... "

        sleep 1

        if [ -f $PID ];then
            echo  'The PID file has been exists'
            exit 1
        fi

        $FPM

        if [ $? -eq 0  ];then
            echo  'done'
        else
            exit 1
        fi

    ;;

    stop)

        echo  "Shutting down php_fpm "

        sleep 1

        if [ ! -r $PID ] ; then
        echo "warning, no pid file found - php-fpm is not running ?"
        exit 1
        fi

        kill -TERM `cat $PID`

    ;;

    restart)

        $0 stop
        $0 start
    ;;

    reload)

    echo  "Reload service php-fpm "

        sleep 1

    if [ ! -r $PID ] ; then
        echo "warning, no pid file found - php-fpm is not running ?"
        exit 1
    fi

    kill -USR2 `cat $PID`

    echo " done"
    ;;
    *)
        echo "Usage: $0 {start|stop|restart|reload|}"
            exit 1
    ;;

 esac