lamp綜合小實驗

lamp綜合小實驗

<font color=red>禁止轉載，禁止搬運</font>

遇到的問題：

一、瀏覽器打不開blog.jd.com:已經配置DNS，最終原因：這個圖形化的CentOS7使用dncp獲取的ip，DNS也獲取的網關；解決：固定IP，手動設置DNS，並確認/etc/reslov.conf

二、NFS權限問題php對NFS目錄沒有寫權限：最終解決：php是以apache運行的，NFS那邊也創建個一模一樣的apache並對/data/wordpress設置acl權限

三、nfs客戶端報錯：原因：手動刪除了NFS服務端的共享目錄；解決：客戶端強制卸載NFS重新掛即可，或者殺進程

服務器名	IP	系統
User（帶圖形化的CentOS7）	192.168.38.148	CentOS7
powerdns	192.168.38.147	CentOS7
nginx-lb	192.168.38.145	CentOS7
LAP1/2	192.168.38.136/8	CentOS7
NFS	192.168.38.138	CentOS7
MySQL-master	192.168.38.139	CentOS7
MySQL-slave	192.168.38.140	CentOS7

一、powerdns

參見powerdns

lamp環境+powerdns，該調優的調優

yum install httpd -y
# 不然啓動很慢
sed  '/#ServerName www.example.com/a ServerName www.example.com:80' /etc/httpd/conf/httpd.conf -i
systemctl start httpd && systemctl enable httpd

rpm -Uvh https://dev.mysql.com/get/mysql80-community-release-el7-2.noarch.rpm
yum install yum-utils -y
sudo yum-config-manager --disable mysql80-community
sudo yum-config-manager --enable mysql57-community
yum makecache
yum install mysql-community-server -y
cat > /etc/my.cnf <<EOF
[mysqld]
socket=/var/lib/mysql/mysql.sock
datadir=/data/mysql
log-bin
server-id=1
expire-logs-days=15
binlog-format=row
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
EOF
DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
mkdir /data/mysql -p
mysqld --initialize --datadir=/data/mysql --user=mysql
systemctl start mysqld && systemctl enable mysqld
mysqladmin -uroot -p$(grep " temporary password" /var/log/mysqld.log | awk '{print $NF}') password ${DB_PASSWORD}

curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install https://mirrors.huaweicloud.com/remi/enterprise/remi-release-7.rpm -y

yum install php73-php php73-php-mysqlnd php73-php-fpm php73-php-xml php73-php-bcmath php73-php-mbstring php73-php-xmlrpc php73-php-soap php73-php-common  php73-php-devel php73-php-gd php73-php-pecl-mcrypt php73-php-pecl-memcache php73-php-pecl-memcached  php73-php-opcache -y
systemctl start php73-php-fpm && systemctl enable php73-php-fpm

#創建powerdns數據庫和授權用戶
DB_POWERDNS_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
mysql -uroot -p${DB_PASSWORD} -e "create user powerdns@'localhost' identified by '${DB_POWERDNS_PASSWORD}';create database powerdns character set utf8 collate utf8_bin;grant all privileges on powerdns.* to powerdns@'localhost';flush privileges;"
mysql -uroot -p${DB_PASSWORD} -e "alter database powerdns default CHARACTER SET latin1;"
#創建完成後確認下該用戶能否連接數據庫

#導入表結構
#表結構語句：https://doc.powerdns.com/md/authoritative/backend-generic-mysql/#default-schema
mysql> source pdn.sql

#yum安裝pdns(可以直接從epel源裝)
# 或者使用這個源（curl -o /etc/yum.repos.d/powerdns-auth-master.repo https://repo.powerdns.com/repo-files/centos-auth-master.repo）
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install  -y pdns pdns-backend-mysql

#配置pdns.conf
sed -n 250,254p /etc/pdns/pdns.conf
launch=gmysql
gmysql-host=localhost
gmysql-user=powerdns
gmysql-password=5jIXfISFu5W8pq8lVy3qUvtL
gmysql-dbname=powerdns

#啓動pdns，啓動後看下服務是否正常，53端口有沒有，數據庫配錯了就起不來
systemctl enable pdns
systemctl start pdns

#下載poweradmin源碼
 git clone https://github.com/poweradmin/poweradmin.git
 mv poweradmin /var/www/html/
 chown -R apache /var/www/html/poweradmin

#配置httpd文件,使用hosts域名解析
[root@powerdns ~]# cat /etc/httpd/conf.d/powerdns.conf
<VirtualHost *:80>
  ServerName poweradmin.example.cn
  ProxyRequests Off
  ProxyPassMatch ^/(.*\.php)$  fcgi://127.0.0.1:9000/var/www/html/poweradmin/$1
  DocumentRoot "/var/www/html/poweradmin"
  <Directory /var/www/html/poweradmin>
    Options None 
    AllowOverride None
    Require all granted
  </Directory>
  ErrorLog "/var/log/httpd/poweradmin-error.log"
  TransferLog "/var/log/httpd/poweradmin-access.log"
</VirtualHost>
[root@powerdns ~]# httpd -t
Syntax OK
[root@powerdns ~]# systemctl restart httpd

#打開瀏覽器訪問http://poweradmin.example.cn/install一步步配置
#第一步選擇語言，第三步填數據庫信息和超管密碼，第四步創建poweradmin用戶，第五步創建數據庫和用戶（前面已經創建，不用管了），第六步手動創建config.inc.php填數據庫信息，第七步，在虛擬機上移除install目錄。
#然後重新訪問http://poweradmin.example.cn，用admin和超管密碼登陸
#然後添加主域（就是你的域名），然後編輯，添加記錄
#最後在虛擬機上dig或nslookup測試，有結果則成功
yum install bind-utils -y -q && dig @127.0.0.1 www.jd.com

二、添加主域jd.com

並解析到nginx-lb的IP上

三、nginx-lb的配置

[root@nginx-lb ~]# cat > /etc/yum.repos.d/nginx.repo <<'EOF'
[nginx]
name=nginx
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
[root@nginx-lb ~]# yum install nginx -y

[root@nginx-lb ~]# grep -v ^$ /etc/nginx/nginx.conf
user  nginx;
worker_processes  auto;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    tcp_nopush     on;
    keepalive_timeout  65;
    server_tokens off;
    gzip  on;
    include /etc/nginx/conf.d/*.conf;
}

[root@nginx-lb conf.d]# cat default.conf 
upstream backend {
    server 192.168.38.136:80 max_fails=0 fail_timeout=10s;
    server 192.168.38.138:80 max_fails=0 fail_timeout=10s;
}
server {
    listen       80;
    server_name  localhost;

    access_log  /var/log/nginx/blog.access.log  main;
    error_log  /var/log/nginx/blog.error.log;

    location / {
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://backend;
    }
}

[root@nginx-lb conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx-lb conf.d]# nginx

四、web1和web2的配置

yum install httpd -y
# 不然啓動很慢
sed  '/#ServerName www.example.com/a ServerName www.example.com:80' /etc/httpd/conf/httpd.conf -i
systemctl start httpd && systemctl enable httpd

curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install https://mirrors.huaweicloud.com/remi/enterprise/remi-release-7.rpm -y

yum install php73-php php73-php-mysqlnd php73-php-fpm php73-php-xml php73-php-bcmath php73-php-mbstring php73-php-xmlrpc php73-php-soap php73-php-common  php73-php-devel php73-php-gd php73-php-pecl-mcrypt php73-php-pecl-memcache php73-php-pecl-memcached  php73-php-opcache -y
systemctl start php73-php-fpm && systemctl enable php73-php-fpm

五、NFS服務器配置

[root@nfs1 ~]# yum install nfs-utils -y
[root@nfs1 ~]# systemctl start nfs-server && systemctl enable nfs-server.service
[root@nfs1 ~]# mkdir /data/wordpress -p
[root@nfs1 ~]# wget https://cn.wordpress.org/latest-zh_CN.tar.gz -O wordpress-zh_CN.tar.gz
[root@nfs1 ~]# tar xf wordpress-zh_CN.tar.gz 
[root@nfs1 ~]# mv -f wordpress /data/

[root@nfs1 ~]# cat /etc/exports
/data/wordpress 192.168.38.*(rw,sync,no_subtree_check,no_root_squash)
[root@nfs1 ~]# exportfs -rv
exporting 192.168.38.*:/data/wordpress
[root@nfs1 ~]# showmount -e 192.168.38.146
Export list for 192.168.38.146:
/data/wordpress 192.168.38.*

[root@nfs1 ~]# useradd -s /bin/nologin nfsuser
[root@nfs1 ~]# getent passwd nfsuser
nfsuser:x:1000:1000::/home/nfsuser:/bin/nologin
[root@nfs1 ~]# vim /etc/exports
[root@nfs1 ~]# cat /etc/exports
/data/wordpress 192.168.38.*(rw,sync,no_subtree_check,anonuid=1000,anongid=1000)
[root@nfs1 ~]# chown -R nfsuser.nfsuser /data/wordpress
[root@nfs1 ~]# exportfs -rv
exporting 192.168.38.*:/data/wordpress

六、兩個web服務器掛載nfs

[root@wp-web2 ~]# yum install nfs-utils autofs -y

[root@wp-web2 ~]# mkdir -p /data/wordpress

[root@wp-web2 ~]# grep data /etc/auto.master
/data   /etc/nfs.misc
[root@wp-web2 ~]# cat /etc/nfs.misc 
wordpress   -rw 192.168.38.146:/data/wordpress
[root@wp-web2 ~]# systemctl restart autofs && systemctl enable autofs

七、兩個web服務器配置httpd

##httpd和php應當調優，可以放到最後
[root@wp-web1 ~]# cat /etc/httpd/conf.d/blog.jd.com.conf 
<VirtualHost *:80>
  ServerName blog.jd.com
  DirectoryIndex index.php
  ProxyRequests Off
  ProxyPassMatch ^/(.*\.php)$  fcgi://127.0.0.1:9000/data/wordpress/$1
  DocumentRoot "/data/wordpress"
  <Directory /data/wordpress>
    Options None 
    AllowOverride None
    Require all granted
  </Directory>
  ErrorLog "/var/log/httpd/blog.jd.com-error.log"
  TransferLog "/var/log/httpd/blog.jd.com-access.log"
</VirtualHost>
[root@wp-web1 ~]# httpd -t
Syntax OK
[root@wp-web1 ~]# systemctl reload httpd

此處應做訪問測試

八、配置主從數據庫

master數據庫

rpm -Uvh https://dev.mysql.com/get/mysql80-community-release-el7-2.noarch.rpm
yum install yum-utils -y
sudo yum-config-manager --disable mysql80-community
sudo yum-config-manager --enable mysql57-community
yum makecache
yum install mysql-community-server -y
cat > /etc/my.cnf <<EOF
[mysqld]
socket=/var/lib/mysql/mysql.sock
datadir=/data/mysql
log-bin
gtid_mode=on
enforce_gtid_consistency=on
server-id=1
expire-logs-days=15
binlog-format=row
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
EOF
DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
mkdir /data/mysql -p
mysqld --initialize --datadir=/data/mysql --user=mysql
systemctl start mysqld && systemctl enable mysqld
mysqladmin -uroot -p$(grep " temporary password" /var/log/mysqld.log | awk '{print $NF}') password ${DB_PASSWORD}

mysql> grant replication slave on *.* to 'repluser'@'192.168.38.%' identified by 'gRdoX3VZWutzDlPmiA2dGyHA';
mysql> flush privileges;

slave庫

#安裝數據庫
#修改數據庫配置
[root@mysql-slave ~]# cat /etc/my.cnf
[mysqld]
socket=/var/lib/mysql/mysql.sock
datadir=/data/mysql
server-id=1
gtid-mode=on
enforce_gtid_consistency=on
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[root@mysql-slave ~]# systemctl restart mysqld && systemctl enable mysqld

mysql> CHANGE MASTER TO
    -> MASTER_HOST='192.168.38.139',
    -> MASTER_USER='repluser',
    -> MASTER_PASSWORD='gRdoX3VZWutzDlPmiA2dGyHA',
    -> MASTER_PORT=3306,
    -> MASTER_AUTO_POSITION=1;
mysql>  START SLAVE;

#兩個yes表示OK
mysql> show slave status\G
                    ......
             Slave_IO_Running: Yes
            Slave_SQL_Running: Yes

九、創建wordpress數據庫

master節點操作

這裏的mysql要讓php連接，因此兩個web要分別授權或者用%代替

DB_WORDPRESS_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
mysql -uroot -p${DB_PASSWORD} -e "create user wordpress@'192.168.38.%' identified by '${DB_WORDPRESS_PASSWORD}';create database wordpress character set utf8 collate utf8_bin;grant all privileges on wordpress.* to wordpress@'192.168.38.%';flush privileges;"

十、web訪問blog.jd.com

因爲已經搭建了DNS服務器了，只需要將windos的dns改爲192.168.38.147即可訪問blog.jd.com

但是網頁顯示沒有寫權限（但普通用戶都可以往該nfs目錄寫文件）

經過測試nfs目錄權限改爲777即可（chmod 777 /data/wordpress）

最終解決辦法：nfs服務器創建apache用戶並設置acl權限(/etc/exports文件此處沒改)

[root@nfs1 ~]# /usr/sbin/groupadd -g 48 -r apache 2> /dev/null || :
[root@nfs1 ~]# /usr/sbin/useradd -c "Apache" -u 48 -g apache -s /sbin/nologin -r -d /usr/share/httpd apache 2> /dev/null || :
[root@nfs1 ~]# setfacl -R -m u:apache:rwx /data/wordpress/

十、最終效果：

十一、再部署個phpadmin

#這個直接解壓即可用

十二、再部署個discuz

操作NFS

#下載源代碼
yum install git -y
git clone https://gitee.com/ComsenzDiscuz/DiscuzX.git
cp DiscuzX/upload /data/discuz -a
chown nfsuser.nfsuser -R /data/discuz
setfacl -R -m u:apache:rwx /data/discuz
exportfs -rv

操作master數據庫

DB_DISCUZ_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
mysql -uroot -p${DB_PASSWORD} -e "create user discuz@'192.168.38.%' identified by '${DB_DISCUZ_PASSWORD}';create database discuz character set utf8 collate utf8_bin;grant all privileges on discuz.* to discuz@'192.168.38.%';flush privileges;"

操作兩臺web

[root@wp-web1 ~]# grep discuz /etc/nfs.misc 
discuz      -rw 192.168.38.146:/data/discuz
[root@wp-web1 ~]# systemctl reload autofs.service 

[root@wp-web1 ~]# cat > /etc/httpd/conf.d/bbs.jd.com.conf << 'EOF'
<VirtualHost *:80>
  ServerName bbs.jd.com
  ProxyRequests Off
  ProxyPassMatch ^/(.*\.php)$  fcgi://127.0.0.1:9000/data/discuz/$1
  DocumentRoot "/data/discuz"
  <Directory /data/discuz>
    Options None 
    AllowOverride None
    Require all granted
  </Directory>
  ErrorLog "/var/log/httpd/bbs.jd.com-error.log"
  TransferLog "/var/log/httpd/bbs.jd.com-access.log"
</VirtualHost>
EOF
[root@wp-web1 ~]# httpd -t
Syntax OK
[root@wp-web1 ~]# systemctl reload httpd

設置DNS解析

訪問測試（沒有問題）：

就是這個文件屬性怪怪的：

十三、系統調優

#本來這個應該放在最前面的，最後就最後吧，
#內核參數調優
#文件句柄數調優
#nginx，php，httpd，mysql調優等

<font color=red>禁止轉載，禁止搬運，爬蟲司馬</font>

總結：

---

兩個域名的訪問互不影響，證明nginx那塊配置的還行