lamp綜合小實驗
<font color=red>禁止轉載,禁止搬運</font>
遇到的問題:
一、瀏覽器打不開blog.jd.com:已經配置DNS,最終原因:這個圖形化的CentOS7使用dncp獲取的ip,DNS也獲取的網關;解決:固定IP,手動設置DNS,並確認/etc/reslov.conf
二、NFS權限問題php對NFS目錄沒有寫權限:最終解決:php是以apache運行的,NFS那邊也創建個一模一樣的apache並對/data/wordpress設置acl權限
三、nfs客戶端報錯:原因:手動刪除了NFS服務端的共享目錄;解決:客戶端強制卸載NFS重新掛即可,或者殺進程
服務器名 | IP | 系統 |
---|---|---|
User(帶圖形化的CentOS7) | 192.168.38.148 | CentOS7 |
powerdns | 192.168.38.147 | CentOS7 |
nginx-lb | 192.168.38.145 | CentOS7 |
LAP1/2 | 192.168.38.136/8 | CentOS7 |
NFS | 192.168.38.138 | CentOS7 |
MySQL-master | 192.168.38.139 | CentOS7 |
MySQL-slave | 192.168.38.140 | CentOS7 |
一、powerdns
參見powerdns
lamp環境+powerdns,該調優的調優
yum install httpd -y
# 不然啓動很慢
sed '/#ServerName www.example.com/a ServerName www.example.com:80' /etc/httpd/conf/httpd.conf -i
systemctl start httpd && systemctl enable httpd
rpm -Uvh https://dev.mysql.com/get/mysql80-community-release-el7-2.noarch.rpm
yum install yum-utils -y
sudo yum-config-manager --disable mysql80-community
sudo yum-config-manager --enable mysql57-community
yum makecache
yum install mysql-community-server -y
cat > /etc/my.cnf <<EOF
[mysqld]
socket=/var/lib/mysql/mysql.sock
datadir=/data/mysql
log-bin
server-id=1
expire-logs-days=15
binlog-format=row
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
EOF
DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
mkdir /data/mysql -p
mysqld --initialize --datadir=/data/mysql --user=mysql
systemctl start mysqld && systemctl enable mysqld
mysqladmin -uroot -p$(grep " temporary password" /var/log/mysqld.log | awk '{print $NF}') password ${DB_PASSWORD}
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install https://mirrors.huaweicloud.com/remi/enterprise/remi-release-7.rpm -y
yum install php73-php php73-php-mysqlnd php73-php-fpm php73-php-xml php73-php-bcmath php73-php-mbstring php73-php-xmlrpc php73-php-soap php73-php-common php73-php-devel php73-php-gd php73-php-pecl-mcrypt php73-php-pecl-memcache php73-php-pecl-memcached php73-php-opcache -y
systemctl start php73-php-fpm && systemctl enable php73-php-fpm
#創建powerdns數據庫和授權用戶
DB_POWERDNS_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
mysql -uroot -p${DB_PASSWORD} -e "create user powerdns@'localhost' identified by '${DB_POWERDNS_PASSWORD}';create database powerdns character set utf8 collate utf8_bin;grant all privileges on powerdns.* to powerdns@'localhost';flush privileges;"
mysql -uroot -p${DB_PASSWORD} -e "alter database powerdns default CHARACTER SET latin1;"
#創建完成後確認下該用戶能否連接數據庫
#導入表結構
#表結構語句:https://doc.powerdns.com/md/authoritative/backend-generic-mysql/#default-schema
mysql> source pdn.sql
#yum安裝pdns(可以直接從epel源裝)
# 或者使用這個源(curl -o /etc/yum.repos.d/powerdns-auth-master.repo https://repo.powerdns.com/repo-files/centos-auth-master.repo)
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install -y pdns pdns-backend-mysql
#配置pdns.conf
sed -n 250,254p /etc/pdns/pdns.conf
launch=gmysql
gmysql-host=localhost
gmysql-user=powerdns
gmysql-password=5jIXfISFu5W8pq8lVy3qUvtL
gmysql-dbname=powerdns
#啓動pdns,啓動後看下服務是否正常,53端口有沒有,數據庫配錯了就起不來
systemctl enable pdns
systemctl start pdns
#下載poweradmin源碼
git clone https://github.com/poweradmin/poweradmin.git
mv poweradmin /var/www/html/
chown -R apache /var/www/html/poweradmin
#配置httpd文件,使用hosts域名解析
[root@powerdns ~]# cat /etc/httpd/conf.d/powerdns.conf
<VirtualHost *:80>
ServerName poweradmin.example.cn
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/poweradmin/$1
DocumentRoot "/var/www/html/poweradmin"
<Directory /var/www/html/poweradmin>
Options None
AllowOverride None
Require all granted
</Directory>
ErrorLog "/var/log/httpd/poweradmin-error.log"
TransferLog "/var/log/httpd/poweradmin-access.log"
</VirtualHost>
[root@powerdns ~]# httpd -t
Syntax OK
[root@powerdns ~]# systemctl restart httpd
#打開瀏覽器訪問http://poweradmin.example.cn/install一步步配置
#第一步選擇語言,第三步填數據庫信息和超管密碼,第四步創建poweradmin用戶,第五步創建數據庫和用戶(前面已經創建,不用管了),第六步手動創建config.inc.php填數據庫信息,第七步,在虛擬機上移除install目錄。
#然後重新訪問http://poweradmin.example.cn,用admin和超管密碼登陸
#然後添加主域(就是你的域名),然後編輯,添加記錄
#最後在虛擬機上dig或nslookup測試,有結果則成功
yum install bind-utils -y -q && dig @127.0.0.1 www.jd.com
二、添加主域jd.com
並解析到nginx-lb的IP上
三、nginx-lb的配置
[root@nginx-lb ~]# cat > /etc/yum.repos.d/nginx.repo <<'EOF'
[nginx]
name=nginx
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
[root@nginx-lb ~]# yum install nginx -y
[root@nginx-lb ~]# grep -v ^$ /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
server_tokens off;
gzip on;
include /etc/nginx/conf.d/*.conf;
}
[root@nginx-lb conf.d]# cat default.conf
upstream backend {
server 192.168.38.136:80 max_fails=0 fail_timeout=10s;
server 192.168.38.138:80 max_fails=0 fail_timeout=10s;
}
server {
listen 80;
server_name localhost;
access_log /var/log/nginx/blog.access.log main;
error_log /var/log/nginx/blog.error.log;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://backend;
}
}
[root@nginx-lb conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx-lb conf.d]# nginx
四、web1和web2的配置
yum install httpd -y
# 不然啓動很慢
sed '/#ServerName www.example.com/a ServerName www.example.com:80' /etc/httpd/conf/httpd.conf -i
systemctl start httpd && systemctl enable httpd
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install https://mirrors.huaweicloud.com/remi/enterprise/remi-release-7.rpm -y
yum install php73-php php73-php-mysqlnd php73-php-fpm php73-php-xml php73-php-bcmath php73-php-mbstring php73-php-xmlrpc php73-php-soap php73-php-common php73-php-devel php73-php-gd php73-php-pecl-mcrypt php73-php-pecl-memcache php73-php-pecl-memcached php73-php-opcache -y
systemctl start php73-php-fpm && systemctl enable php73-php-fpm
五、NFS服務器配置
[root@nfs1 ~]# yum install nfs-utils -y
[root@nfs1 ~]# systemctl start nfs-server && systemctl enable nfs-server.service
[root@nfs1 ~]# mkdir /data/wordpress -p
[root@nfs1 ~]# wget https://cn.wordpress.org/latest-zh_CN.tar.gz -O wordpress-zh_CN.tar.gz
[root@nfs1 ~]# tar xf wordpress-zh_CN.tar.gz
[root@nfs1 ~]# mv -f wordpress /data/
[root@nfs1 ~]# cat /etc/exports
/data/wordpress 192.168.38.*(rw,sync,no_subtree_check,no_root_squash)
[root@nfs1 ~]# exportfs -rv
exporting 192.168.38.*:/data/wordpress
[root@nfs1 ~]# showmount -e 192.168.38.146
Export list for 192.168.38.146:
/data/wordpress 192.168.38.*
[root@nfs1 ~]# useradd -s /bin/nologin nfsuser
[root@nfs1 ~]# getent passwd nfsuser
nfsuser:x:1000:1000::/home/nfsuser:/bin/nologin
[root@nfs1 ~]# vim /etc/exports
[root@nfs1 ~]# cat /etc/exports
/data/wordpress 192.168.38.*(rw,sync,no_subtree_check,anonuid=1000,anongid=1000)
[root@nfs1 ~]# chown -R nfsuser.nfsuser /data/wordpress
[root@nfs1 ~]# exportfs -rv
exporting 192.168.38.*:/data/wordpress
六、兩個web服務器掛載nfs
[root@wp-web2 ~]# yum install nfs-utils autofs -y
[root@wp-web2 ~]# mkdir -p /data/wordpress
[root@wp-web2 ~]# grep data /etc/auto.master
/data /etc/nfs.misc
[root@wp-web2 ~]# cat /etc/nfs.misc
wordpress -rw 192.168.38.146:/data/wordpress
[root@wp-web2 ~]# systemctl restart autofs && systemctl enable autofs
七、兩個web服務器配置httpd
##httpd和php應當調優,可以放到最後
[root@wp-web1 ~]# cat /etc/httpd/conf.d/blog.jd.com.conf
<VirtualHost *:80>
ServerName blog.jd.com
DirectoryIndex index.php
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/data/wordpress/$1
DocumentRoot "/data/wordpress"
<Directory /data/wordpress>
Options None
AllowOverride None
Require all granted
</Directory>
ErrorLog "/var/log/httpd/blog.jd.com-error.log"
TransferLog "/var/log/httpd/blog.jd.com-access.log"
</VirtualHost>
[root@wp-web1 ~]# httpd -t
Syntax OK
[root@wp-web1 ~]# systemctl reload httpd
此處應做訪問測試
八、配置主從數據庫
master數據庫
rpm -Uvh https://dev.mysql.com/get/mysql80-community-release-el7-2.noarch.rpm
yum install yum-utils -y
sudo yum-config-manager --disable mysql80-community
sudo yum-config-manager --enable mysql57-community
yum makecache
yum install mysql-community-server -y
cat > /etc/my.cnf <<EOF
[mysqld]
socket=/var/lib/mysql/mysql.sock
datadir=/data/mysql
log-bin
gtid_mode=on
enforce_gtid_consistency=on
server-id=1
expire-logs-days=15
binlog-format=row
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
EOF
DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
mkdir /data/mysql -p
mysqld --initialize --datadir=/data/mysql --user=mysql
systemctl start mysqld && systemctl enable mysqld
mysqladmin -uroot -p$(grep " temporary password" /var/log/mysqld.log | awk '{print $NF}') password ${DB_PASSWORD}
mysql> grant replication slave on *.* to 'repluser'@'192.168.38.%' identified by 'gRdoX3VZWutzDlPmiA2dGyHA';
mysql> flush privileges;
slave庫
#安裝數據庫
#修改數據庫配置
[root@mysql-slave ~]# cat /etc/my.cnf
[mysqld]
socket=/var/lib/mysql/mysql.sock
datadir=/data/mysql
server-id=1
gtid-mode=on
enforce_gtid_consistency=on
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[root@mysql-slave ~]# systemctl restart mysqld && systemctl enable mysqld
mysql> CHANGE MASTER TO
-> MASTER_HOST='192.168.38.139',
-> MASTER_USER='repluser',
-> MASTER_PASSWORD='gRdoX3VZWutzDlPmiA2dGyHA',
-> MASTER_PORT=3306,
-> MASTER_AUTO_POSITION=1;
mysql> START SLAVE;
#兩個yes表示OK
mysql> show slave status\G
......
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
九、創建wordpress數據庫
master節點操作
這裏的mysql要讓php連接,因此兩個web要分別授權或者用%代替
DB_WORDPRESS_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
mysql -uroot -p${DB_PASSWORD} -e "create user wordpress@'192.168.38.%' identified by '${DB_WORDPRESS_PASSWORD}';create database wordpress character set utf8 collate utf8_bin;grant all privileges on wordpress.* to wordpress@'192.168.38.%';flush privileges;"
十、web訪問blog.jd.com
因爲已經搭建了DNS服務器了,只需要將windos的dns改爲192.168.38.147即可訪問blog.jd.com
但是網頁顯示沒有寫權限(但普通用戶都可以往該nfs目錄寫文件)
經過測試nfs目錄權限改爲777即可(chmod 777 /data/wordpress)
最終解決辦法:nfs服務器創建apache用戶並設置acl權限(/etc/exports文件此處沒改)
[root@nfs1 ~]# /usr/sbin/groupadd -g 48 -r apache 2> /dev/null || :
[root@nfs1 ~]# /usr/sbin/useradd -c "Apache" -u 48 -g apache -s /sbin/nologin -r -d /usr/share/httpd apache 2> /dev/null || :
[root@nfs1 ~]# setfacl -R -m u:apache:rwx /data/wordpress/
十、最終效果:
十一、再部署個phpadmin
#這個直接解壓即可用
十二、再部署個discuz
操作NFS
#下載源代碼
yum install git -y
git clone https://gitee.com/ComsenzDiscuz/DiscuzX.git
cp DiscuzX/upload /data/discuz -a
chown nfsuser.nfsuser -R /data/discuz
setfacl -R -m u:apache:rwx /data/discuz
exportfs -rv
操作master數據庫
DB_DISCUZ_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
mysql -uroot -p${DB_PASSWORD} -e "create user discuz@'192.168.38.%' identified by '${DB_DISCUZ_PASSWORD}';create database discuz character set utf8 collate utf8_bin;grant all privileges on discuz.* to discuz@'192.168.38.%';flush privileges;"
操作兩臺web
[root@wp-web1 ~]# grep discuz /etc/nfs.misc
discuz -rw 192.168.38.146:/data/discuz
[root@wp-web1 ~]# systemctl reload autofs.service
[root@wp-web1 ~]# cat > /etc/httpd/conf.d/bbs.jd.com.conf << 'EOF'
<VirtualHost *:80>
ServerName bbs.jd.com
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/data/discuz/$1
DocumentRoot "/data/discuz"
<Directory /data/discuz>
Options None
AllowOverride None
Require all granted
</Directory>
ErrorLog "/var/log/httpd/bbs.jd.com-error.log"
TransferLog "/var/log/httpd/bbs.jd.com-access.log"
</VirtualHost>
EOF
[root@wp-web1 ~]# httpd -t
Syntax OK
[root@wp-web1 ~]# systemctl reload httpd
設置DNS解析
訪問測試(沒有問題):
就是這個文件屬性怪怪的:
十三、系統調優
#本來這個應該放在最前面的,最後就最後吧,
#內核參數調優
#文件句柄數調優
#nginx,php,httpd,mysql調優等
<font color=red>禁止轉載,禁止搬運,爬蟲司馬</font>
總結:
兩個域名的訪問互不影響,證明nginx那塊配置的還行