網站架構部暑

環境規劃
IP 主機名 角色
192.168.0.13 lb7-01 Nginx，Keepalived
192.168.0.14 lb7-02 Nginx，Keepalived，MySQL，NFS
192.168.0.15 web-01 Nginx+PHP-FPM,Tomcat
192.168.0.16 web-02 Nginx+PHP-FPM,Tomcat
192.168.0.88 VIP
安裝系統：CentOS7.5
架構圖

1、數據庫與NFS(lb7-02)
1.1、部署MySQL5.7版本
1.1.1 環境配置
iptables -F
setenforce 0
配置主機名：
hostnamectl set-hostname lb7-02
cat /etc/hostname
1.1.2 安裝
軟件包管理器安裝
YUM或APT安裝或更新MySQL是最方面的方法。
https://dev.mysql.com/downloads/repo/yum/
https://dev.mysql.com/doc/mysql-yum-repo-quick-guide/en/
配置yum源：
cat /etc/yum.repos.d/mysql.repo

Enable to use MySQL 5.7

[mysql57-community]
name=MySQL 5.7 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.7-community/el/7/$basearch/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
查看可安裝的mysql版本:
yum repolist all|grep mysql

安裝MySQL，默認最新版本：

yum install mysql-community-server -y

啓動MySQL服務：

systemctl start mysqld

systemctl status mysqld

root賬戶默認密碼存儲在錯誤日誌中：

grep 'temporary password' /var/log/mysqld.log

mysql -uroot -p

mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewPass4!';
注意：密碼要求包含一個大寫字母，一個小寫字母，一位數字和一個特殊字符，並且密碼長度至少爲8個字符。

systemctl enable mysqld

1.1.3 MySQL服務器配置
vi /etc/my.cnf
user = mysql
port = 3306
datadir = /var/lib/mysql
socket = /var/lib/mysql/mysql.sock
bind-address = 0.0.0.0
pid-file = /var/run/mysqld/mysqld.pid
character-set-server = utf8
collation-server = utf8_general_ci
log-error = /var/log/mysqld.log

max_connections = 10240
open_files_limit = 65535
innodb_buffer_pool_size = 3G
innodb_flush_log_at_trx_commit = 2
innodb_log_file_size = 256M
innodb_flush_method = O_DIRECT
interactive_timeout = 1800
wait_timeout = 1800
slave-parallel-type = LOGICAL_CLOCK
slave-parallel-workers = 8
master-info-repository = TABLE
relay-log-info-repository = TABLE

systemctl restart mysqld

1.2、部署NFS

yum install nfs-utils -y

vi /etc/exports

/data/nfs 192.168.0.0/24(rw,no_root_squash)

mkdir -p /data/nfs/wordpress

systemctl start nfs

systemctl enable nfs

在192.168.0.15服務器上掛載

mount -t nfs 192.168.0.14:/data/nfs/wordpress /mnt/

vim /etc/fstab #自動掛載
192.168.0.14:/data/nfs/wordpress /mnt nfs defaults 0 0
注意事項：掛載不成功，檢查nfs狀態或重啓，檢查exports文件
2、部暑Web服務器(兩臺web)
Nginx與PHP工作流程圖：

2.1、部署Nginx
2.1.1 web服務器配置
2.1.1.1 環境配置
Web-01配置：
iptables -F
setenforce 0
配置主機名：
hostnamectl set-hostname web-01
cat /etc/hostname
Web-02配置：
iptables -F
setenforce 0
配置主機名：
hostnamectl set-hostname web-02
cat /etc/hostname
2.1.1.2 安裝
wget http://nginx.org/download/nginx-1.15.3.tar.gz
yum install gcc pcre-devel openssl-devel -y
useradd -M -s /sbin/nologin nginx
tar -xzf nginx-1.15.3.tar.gz
cd nginx-1.15.3
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module --with-stream=dynamic
make && make install
2.2、部署PHP與配置
wget http://docs.php.net/distributions/php-5.6.38.tar.gz
yum install gd-devel libxml2-devel libcurl-devel libjpeg-devel libpng-devel -y
tar -xzf php-5.6.38.tar.gz
cd php-5.6.38
./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-mysql --with-mysqli --with-openssl --with-zlib --with-curl --with-gd --with-jpeg-dir --with-png-dir --with-iconv --enable-fpm --enable-zip --enable-mbstring
make -j 8 && make install
cp php.ini-production /usr/local/php/etc/php.ini
cd /usr/local/php/etc/
vi php.ini
date.timezone = Asia/Shanghai
cp php-fpm.conf.default php-fpm.conf
vi php-fpm.conf
user = nginx
group = nginx
cd /opt/php-5.6.38
cp sapi/fpm/php-fpm.service /usr/lib/systemd/system/
vi /usr/lib/systemd/system/php-fpm.service
[Unit]
Description=The PHP FastCGI Process Manager
After=syslog.target network.target

[Service]
Type=simple
PIDFile=/usr/local/php/var/run/php-fpm.pid
ExecStart=/usr/local/php/sbin/php-fpm --nodaemonize --fpm-config /usr/local/php/etc/php-fpm.conf
ExecReload=/bin/kill -USR2 $MAINPID

[Install]
WantedBy=multi-user.target

systemctl daemon-reload
systemctl start php-fpm
systemctl enable php-fpm
2.3、配置Nginx與PHP-FPM
cat /usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes 8;

#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;

pid logs/nginx.pid;

events {
worker_connections 1024;
}

http {
include mime.types;
include vhost/*.conf;
default_type application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

#access_log  logs/access.log  main;

sendfile        on;
tcp_nopush     on;

#keepalive_timeout  0;
keepalive_timeout  65;

#gzip  on;

}

cd /usr/local/nginx/conf
mkdir vhost
cat vhost/wordpress.conf
server {
listen 80;
server_name localhost;

#charset koi8-r;

#access_log logs/host.access.log main;

location / {
root html/wordpress;
index index.php index.html index.htm;
}

location ~ .php$ {
root html/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

重啓服務：
/usr/local/nginx/sbin/nginx
ps -ef |grep nginx
2.4、部署PHP項目
wget https://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
cp -r wordpress /usr/local/nginx/html
chown nginx.nginx -R /usr/local/nginx/html/wordpress
在Mysql實例創建數據庫並授權用戶：
mysql -uroot -p
mysql> create database wordpress;
mysql> grant all on wordpress.* to 'wp'@'192.168.0.%' identified by 'MyNewPass4!';
配置wordpress連接mysql：
訪問:http://192.168.0.15/wp-admin/setup-config.php

登陸: http://192.168.0.15/wp-login.php

2.5、部署Java項目
項目包：https://pan.baidu.com/s/1dzk7SU
wget http://mirrors.hust.edu.cn/apache/tomcat/tomcat-8/v8.5.34/bin/apache-tomcat-8.5.34.tar.gz
yum install java-1.8.0-openjdk -y
java -version
tar -xzf apache-tomcat-8.5.34.tar.gz
cd apache-tomcat-8.5.34/webapps/
rm -rf ./*
yum install unzip -y
unzip /opt/solo-2.9.4.war -d ROOT
cd /opt/apache-tomcat-8.5.34/bin
./startup.sh
tail ../logs/catalina.out -f
3、負載均衡器(lb7-01、lb7-02)
3.1、環境配置
iptables -F
setenforce 0
配置主機名：
hostnamectl set-hostname lb7-01
cat /etc/hostname
3.2、部署Nginx
wget http://nginx.org/download/nginx-1.15.3.tar.gz
yum install gcc pcre-devel openssl-devel -y
useradd -M -s /sbin/nologin nginx
tar -xzf nginx-1.15.3.tar.gz
cd nginx-1.15.3
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module --with-stream=dynamic
make && make install
3.2、配置負載均衡
cat /usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes 8;
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream wordpress {
ip_hash;
server 192.168.0.15:80;
server 192.168.0.16:80;
}
server {
listen 80;
server_name wordpress.ctnrs.com;
location / {
proxy_pass http://wordpress;
}
access_log logs/wordpress.access.log main;
}
upstream solo {
ip_hash;
server 192.168.0.13:8080;
server 192.168.0.14:8080;
}
server {
listen 80;
server_name solo.ctnrs.com;
location / {
proxy_pass http://solo;
}
access_log logs/solo.access.log main;
}
}

/usr/local/nginx/sbin/nginx
/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/nginx -s reload
3.3、Nginx+Keepalived高可用
3.3.1、master配置
yum install keepalived -y
vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {

接收郵件地址

notification_email {br/>[email protected]
[email protected]br/>[email protected]
}

郵件發送地址

notification_email_from [email protected]

本地郵件服務器發郵件

smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_MASTER
}

vrrp_script check_nginx {
script "/usr/local/nginx/sbin/check_nginx.sh"
interval 2
weight -20
}

vrrp_instance VI_1 {
state MASTER
interface ens33
nopreempt #不搶佔
virtual_router_id 51 # VRRP路由ID實例，每個實例是唯一的
priority 100 # 優先級，備服務器設置90
advert_int 1 # 指定VRRP心跳包通告間隔時間，默認1秒

VRRP驗證塊

authentication {
    auth_type PASS
    auth_pass 1111
}
# VIP定義塊
virtual_ipaddress {
    192.168.0.88/24
}
track_script {
   check_nginx
}

}

systemctl start keepalived
systemctl enable keepalived

nginx狀態檢查腳本：
cat /usr/local/nginx/sbin/check_nginx.sh
#!/bin/bash

count=$(ps -ef |grep nginx |egrep -cv "grep|$$")

if [ "$count" -eq 0 ]; then
exit 1
#systemctl stop keepalived
Fi

chmod +x /usr/local/nginx/sbin/check_nginx.sh

3.3.2、backup配置
yum install keepalived -y
vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {

接收郵件地址

notification_email {br/>[email protected]
[email protected]br/>[email protected]
}

郵件發送地址

notification_email_from [email protected]

本地郵件服務器發郵件

smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_MASTER
}

vrrp_script check_nginx {
script "/usr/local/nginx/sbin/check_nginx.sh"
interval 2
weight -20
}

vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51 # VRRP路由ID實例，每個實例是唯一的
priority 90 # 優先級，備服務器設置90
advert_int 1 # 指定VRRP心跳包通告間隔時間，默認1秒

VRRP驗證塊

authentication {
    auth_type PASS
    auth_pass 1111
}
# VIP定義塊
virtual_ipaddress {
    192.168.0.88/24
}
track_script {
   check_nginx
}

}

systemctl start keepalived
systemctl enable keepalived

nginx狀態檢查腳本：
cat /usr/local/nginx/sbin/check_nginx.sh
#!/bin/bash

count=$(ps -ef |grep nginx |egrep -cv "grep|$$")

if [ "$count" -eq 0 ]; then
exit 1
#systemctl stop keepalived
Fi

chmod +x /usr/local/nginx/sbin/check_nginx.sh
3.3.3、master存在VIP
[root@lb7-01 ~]# ip addr |grep ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.0.13/24 brd 192.168.0.255 scope global noprefixroute ens33
inet 192.168.0.88/24 scope global secondary ens33
3.3.4、BACKUP不存在VIP
[root@lb7-02 ~]# ip addr
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.0.14/24 brd 192.168.0.255 scope global noprefixroute ens33
3.3.5、查看keepalived日誌
[root@lb7-01 log]# tail -f messages
Sep 18 22:52:10 lb7-01 Keepalived_vrrp[5999]: /usr/local/nginx/sbin/check_nginx.sh exited with status 1
Sep 18 22:52:12 lb7-01 Keepalived_vrrp[5999]: /usr/local/nginx/sbin/check_nginx.sh exited with status 1
Sep 18 22:52:14 lb7-01 Keepalived_vrrp[5999]: /usr/local/nginx/sbin/check_nginx.sh exited with status 1
Sep 18 22:52:16 lb7-01 Keepalived_vrrp[5999]: /usr/local/nginx/sbin/check_nginx.sh exited with status 1
Sep 18 22:52:18 lb7-01 Keepalived_vrrp[5999]: /usr/local/nginx/sbin/check_nginx.sh exited with status 1
Sep 18 22:52:20 lb7-01 Keepalived_vrrp[5999]: /usr/local/nginx/sbin/check_nginx.sh exited with status 1
Sep 18 22:52:22 lb7-01 Keepalived_vrrp[5999]: VRRP_Script(check_nginx) succeeded
Sep 18 22:52:23 lb7-01 Keepalived_vrrp[5999]: VRRP_Instance(VI_1) Changing effective priority from 80 to 100
Sep 18 23:01:01 lb7-01 systemd: Started Session 4 of user root.
Sep 18 23:01:01 lb7-01 systemd: Starting Session 4 of user root.

[root@lb7-02 conf]# tail -f /var/log/messages
Sep 18 23:33:37 lb7-02 Keepalived_vrrp[6711]: /usr/local/nginx/sbin/check_nginx.sh exited with status 2
Sep 18 23:33:39 lb7-02 Keepalived_vrrp[6711]: /usr/local/nginx/sbin/check_nginx.sh exited with status 2
Sep 18 23:33:41 lb7-02 Keepalived_vrrp[6711]: /usr/local/nginx/sbin/check_nginx.sh exited with status 2
Sep 18 23:33:43 lb7-02 Keepalived_vrrp[6711]: /usr/local/nginx/sbin/check_nginx.sh exited with status 2
Sep 18 23:33:45 lb7-02 Keepalived_vrrp[6711]: /usr/local/nginx/sbin/check_nginx.sh exited with status 2
Sep 18 23:33:47 lb7-02 Keepalived_vrrp[6711]: /usr/local/nginx/sbin/check_nginx.sh exited with status 2
Sep 18 23:33:49 lb7-02 Keepalived_vrrp[6711]: /usr/local/nginx/sbin/check_nginx.sh exited with status 2
Sep 18 23:33:51 lb7-02 Keepalived_vrrp[6711]: /usr/local/nginx/sbin/check_nginx.sh exited with status 2
Sep 18 23:33:53 lb7-02 Keepalived_vrrp[6711]: /usr/local/nginx/sbin/check_nginx.sh exited with status 2
Sep 18 23:33:55 lb7-02 Keepalived_vrrp[6711]: /usr/local/nginx/sbin/check_nginx.sh exited with status 2
Sep 18 23:33:57 lb7-02 Keepalived_vrrp[6711]: /usr/local/nginx/sbin/check_nginx.sh exited with status 2
4、測試
4.1、停止Nginx服務查看VIP是否偏移成功
lb7-01配置：
pkill nginx
ps -ef |grep nginx
master不存在VIP：
[root@lb7-01 etc]# ip addr |grep ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.0.13/24 brd 192.168.0.255 scope global noprefixroute ens33
BACKUP存在VIP：
[root@lb7-02 conf]# ip a |grep ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.0.14/24 brd 192.168.0.255 scope global noprefixroute ens33
inet 192.168.0.88/24 scope global secondary ens33

測試網站：
訪問http://192.168.0.88是否正常
4.2、訪問VIP網站測試是否正常均衡到Web服務器
兩臺web服務器配置：
cat /usr/local/nginx/conf/vhost/wordpress.conf #把wordpress訪問去掉
location ~ .php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Web-01配置：
cat /usr/local/nginx/html/index.php
<h1>192.168.0.15<h1>

/usr/local/nginx/sbin/nginx -s reload

Web-02配置：
cat /usr/local/nginx/html/index.php
<h1>192.168.0.16<h1>

/usr/local/nginx/sbin/nginx -s reload

測試nginx輪詢效果：

再次刷新頁面：