1.服務器:
192.168.9.38 work-1
192.168.9.39 work-2
2.初始化配置
2.1 yum 安裝服務所需的依賴包
[root@localhost ~]# yum -y install epel-release wget vim lrzsz gcc gcc-c++ make autoconf openssl-devel openssh-clients sshpass ansible libselinux-python createrepo lsof net-tools tree unzip zlib-devel dos2unix ncurses-devel kernel-devel pcre-devel yum-utils
libselinux-python:ansible的script的支持包
net-tools: netstat等網絡工具
zlib-devel: 壓縮函數庫
pcre-devel: 正則表達式庫
ncurses-devel:mysql數據庫支持2.2 內核調優
由於內核調整需要重啓才生效,所以我們需要在起始進行調整
修改hosts
[root@localhost ~]# echo "192.168.9.38 work-1" >> /etc/hostsopen file:默認1024太小,我們調成65535
[root@localhost ~]# echo -e "* soft nofile 65535\n* hard nofile 65535" >> /etc/security/limits.conf- 路由轉發
[root@localhost ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
[root@localhost ~]# sysctl -p
2.3關閉firewalld和selinux
[root@work-1 ~]# systemctl stop firewalld.service
[root@work-1 ~]# systemctl disable firewalld.service
[root@work-1 ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
2.4重啓
[root@work-1 ~]# reboot
3.服務搭建
3.1 創建安裝目錄
[root@work-1 ~]# mkdir /app -p
3.2 nginx服務
3.2.1 nginx1.8.0安裝
#!/bin/bash
#author:panpeng
#此腳本用於安裝nginx
#配置yum源並安裝依賴包
yum -y install pcre-devel openssl-devel
#安裝nginx
tar xvf nginx-1.8.0.tar.gz
cd nginx-1.8.0
./configure --user=www --group=www --prefix=/app/nginx --with-http_stub_status_module --with-http_ssl_module
make && make install
#創建系統用戶
useradd -M -s /sbin/nologin www
#創建鏈接
ln -s /app/nginx/sbin/* /usr/local/sbin/
#啓動文件
cat > /lib/systemd/system/nginx.service << EOF
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/app/nginx/sbin/nginx
ExecReload=/app/nginx/sbin/nginx -s reload
ExecStop=/app/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
systemctl enable nginx.service
systemctl start nginx.service3.2.2 nginx日誌切割
#!/bin/bash
#author:xxx
#create_time=xxx
#mode_time=xxx
#version:1.0
#This spilt nginx log
pid_path="/app/nginx/logs/nginx.pid"
log_path="/app/nginx/logs/"
bak_path="/app/nginx/logs/"
log() {
if [ -d "$log_path" ] && [ -d "$bak_path" ] && [ -f "$pid_path" ]
then
\mv ${log_path}/$1 ${bak_path}/"$2""$(date +%F)".log
kill -USR1 $(cat "$pid_path")
else
echo "derictory lack"
fi
}
clean() {
find ${bak_path} -type f -mtime +7 -name "access_*.log" -exec rm -f {} \;
}
main () {
log 'access.log' 'access_'
#log 'error.log' 'error_'
clean
}
main2.2.3 nginx狀態頁和加密
[root@work-1 ~]# yum -y install httpd-tools
[root@work-1 ~]# htpasswd -bc /app/nginx/conf/htpasswd admin 000000
[root@work-1 ~]# vim /app/nginx/conf/nginx.conf
location /nginx-status {
stub_status on;
access_log off;
auth_basic "Please input password";
auth_basic_user_file /app/nginx/conf/htpasswd;
allow 192.168.9.0/24; #設置爲可訪問該狀態信息的ip
deny all;
}[root@work-1 ~]# nginx -t
[root@work-1 ~]# systemctl restart nginx
3.3 tomcat服務