第十五週作業

1、 Nginx+Keepalived實現站點高可用

答:
keep_1#] yum –y install keepalived
s1_#] vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.19
}

vrrp_instance VI_1 {
state MASTER
interface eno16777736
virtual_router_id 14
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
10.1.0.90/16 dev eno16777736
}
}

keep_2#] yum –y install keepalived
s1_#] vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.19
}

vrrp_instance VI_1 {
state BACKUP
interface eno16777736
virtual_router_id 14
priority 96
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
10.1.0.90/16 dev eno16777736
}
}

nginx_#] ip a a 10.1.0.90/16 dev ens33
nginx_#] yum –y install nginx
nginx_#] vim /etc/nginx/conf.d/nginx.conf
    server {
listen 80 default_server;
server_name w.ww3.io;
root /var/www/nginx;
location / {
index index.html;

2、實現keepalived主主模型

答:
s1_#] vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.19
}

vrrp_instance VI_1 {
state MASTER
interface eno16777736
virtual_router_id 14
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
10.1.0.91/16 dev eno16777736
}
}

vrrp_instance VI_2 {
state BACKUP
interface eno16777736
virtual_router_id 15
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 578f07b2
}
virtual_ipaddress {
10.1.0.92/16 dev eno16777736
}
}

s2_#] vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.19
}

vrrp_instance VI_1 {
state BACKUP
interface eno16777736
virtual_router_id 14
priority 96
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
10.1.0.91/16 dev eno16777736
}
}

vrrp_instance VI_2 {
state MASTER
interface eno16777736
virtual_router_id 15
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 578f07b2
}
virtual_ipaddress {
10.1.0.92/16 dev eno16777736
}
}

4、LNMP結合varnish實現動靜分離

http:

(1) 動靜分離部署wordpress,動靜都要能實現負載均衡,要注意會話的問題;
(2) 在haproxy和後端主機之間添加varnish進行緩存;
(3) haproxy的設定要求:
(a) stats page,要求僅能通過本地訪問使用管理接口;
(b) 動靜分離;
(c) 分別考慮不同的服務器組的調度算法;
(d)壓縮合適內容

實驗環境
二、後端服務器static
設置seLinux、取消防火牆和同步時間
yum install -y ntpdate
ntpdate time1.aliyun.com
安裝nginx服務和mariadb-server
[root@static-73 ~]# yum install -y epel-release mariadb-server
[root@static-73 ~]# yum -y install nginx 
 [root@static-73 ~]# vim /etc/my.cnf
[mysqld]
skip_name_resolve = ON
innodb_file_per_table = ON
#skip-grant-tables   #如果出現,登錄mysql錯誤代碼1045,執行完安全設定把它刪掉
[root@static-73 ~]# systemctl start mariadb
[root@static-73  ~]# systemctl enable mariadb.service
[root@static-73 ~] mysql_secure_installation

 [root@static-73 ~]# mysql -uroot -p
MariaDB [(none)]>  create database wordpress;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all on wordpress.* to 'wpuser'@'192.168.1.%' identified by "12345";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.01 sec)
安裝wordpress
[root@static-73 ~]#  mkdir -pv /data/nginx/html #創建nginx根目錄
[root@static-73 ~]# cd /data/nginx/html/
[root@static-73 html]# wget https://cn.wordpress.org/wordpress-4.9.4-zh_CN.tar.gz  #下載wordpress
[root@static-73 html]#  tar xf wordpress-4.9.4-zh_CN.tar.gz  #解壓縮

[root@static-73 html]#  cp /usr/share/backgrounds/*.{png,jpg} .#拷貝本地圖片到html目錄下,作爲靜態內容
[root@static-73 html]# vim test.txt  #文本測試頁
this is static-server test
[root@static-73 html]# vim index.html  #html測試頁
<h1>This is static-server </h1>
[root@static-73 html]# vim index.php #php測試頁
<h1>Static-server</h1>
<?php
        phpinfo();
?>
設置nginx配置

[root@static-73 html]# cd
[root@static-73 ~]#  vim /etc/nginx/conf.d/static.conf

server {
        listen 80;
        server_name www.hehe.com;
        root /data/nginx/html;
        index index.html index.php;
        location ~* \.php$ {
                fastcgi_pass 192.168.1.74:9000;#動態內容指向dynamic服務器端口
                fastcgi_index index.php;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME /data/nginx/html/$fastcgi_script_name;
        }
        location ~* ^/(ping|status)$ {
                fastcgi_pass 192.168.1.74:9000;#動態內容指向dynamic服務器端口
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;

        }
}
[root@static-73 ~]# systemctl start nginx
[root@static-73 html]# systemctl enable nginx

三、後端服務器dynamic配置
設置seLinux、取消防火牆和同步時間
yum install -y ntpdate
ntpdate time1.aliyun.com
安裝php-fpm和nginx
[root@dynamic-74 ~]# yum install -y epel-release #安裝epel源
[root@dynamic-74 ~]# yum install -y nginx php php-fpm php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap wget
[root@dynamic-74 ~]#  mkdir -pv /data/nginx/html
[root@dynamic-74 ~]# cd /data/nginx/html/
下載wordpress到指定目錄並解壓
[root@dynamic-74 html]# wget https://cn.wordpress.org/wordpress-4.9.4-zh_CN.tar.gz
[root@dynamic-74 html]# tar xf wordpress-4.9.4-zh_CN.tar.gz 
創建測試頁面
[root@dynamic-74 html]# vim test.php  #php測試頁
<html>
 <head>
  <title>PHP 測試</title>
 </head>
 <body>
 <?php echo '<p>Hello World</p>'; ?>
 </body>
</html>
[root@dynamic-74 html]# vim index.html #測試頁
<h1>This is dynamic-server</h1>
[root@dynamic-74 html]# vim index.php #PHP信息頁
<h1>Dynamic-server</h1>
<?php
        phpinfo();
?>

設置PHP-fpm
[root@dynamic-74 ~]# vim /etc/php-fpm.d/www.conf
[root@dynamic-74 ~]# grep ^[a-Z] /etc/php-fpm.d/www.conf 
listen = 192.168.1.74:9000
user = nginx
group = nginx
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.status_path = /status
ping.path = /ping
ping.response = pong
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
[root@dynamic-74 ~]#  mkdir /var/lib/php/session -pv #創建php會話目錄
[root@dynamic-74 ~]# usermod -s /bin/bash nginx 修改用戶登入後所使用的shell
[root@dynamic-74 ~]# chown nginx /var/lib/php/session/ #給目錄添加屬主

配置nginx
因爲默認配置文件監聽80端口,所有要在/etc/nginx/nginx.conf文件中註釋下述兩個默認配置

註釋掉
[root@dynamic-74 ~]# vim /etc/nginx/conf.d/dynamic.conf 

server {
        listen 80;
        server_name www.hehe.com;
        root /data/nginx/html;
        index index.html index.php;
        location ~* \.php$ {
                fastcgi_pass 192.168.1.74:9000;#動態內容指向dynamic服務器端口
                fastcgi_index index.php;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME /data/nginx/html/$fastcgi_script_name;
        }
        location ~* ^/(ping|status)$ {
                fastcgi_pass 192.168.1.74:9000; #動態內容指向dynamic服務器端口
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;

      }
}
[root@dynamic-74 ~]# systemctl start php-fpm nginx
[root@dynamic-74 ~]# systemctl enable php-fpm nginx

四、varnish服務器
設置seLinux、取消防火牆和同步時間
yum install -y ntpdate
ntpdate time1.aliyun.com
配置varnish
[root@vanish-76 ~]# yum install -y epel-release
[root@vanish-76 ~]#  yum install -y varnish
[root@vanish-76 ~]# vim /etc/varnish/varnish.param  #編輯配置文件
RELOAD_VCL=1  #會不會自動重新編譯vcl配置文件,1代表編譯
VARNISH_VCL_CONF=/etc/varnish/default.vcl   #默認vcl規則
VARNISH_LISTEN_PORT=6081   #監聽端口
VARNISH_ADMIN_LISTEN_ADDRESS=192.168.1.76   #監聽主機地址,這裏是本機
VARNISH_ADMIN_LISTEN_PORT=6082  #後端監聽端口
VARNISH_SECRET_FILE=/etc/varnish/secret
VARNISH_STORAGE="file,/data/cache/varnish_storage.bin,1G"  #緩存大小
VARNISH_USER=varnish  #用戶
VARNISH_GROUP=varnish  #用戶組
創建緩存目錄
[root@vanish-76 ~]#  mkdir -pv /data/cache #創建緩存目錄
mkdir: 已創建目錄 "/data/cache"
[root@vanish-76 ~]# chown varnish /data/cache #給目錄設置屬主

編輯配置varnish的vcl
[root@vanish-76 ~]# vim /etc/varnish/default.vcl
vcl 4.0;

import directors;   # 導入負載均衡模塊
probe static_healthcheck {  #靜態主機健康檢查規則
    .url = "/index.html";    # 檢查狀態檢查的URL
    .window = 5;    # 一共檢查的次數
    .threshold = 4;   # 如果大於4次則爲健康
    .interval =2s;    # 每2秒檢查一次
    .timeout = 1s;   # 超時時間
}

backend static {     #後端靜態主機
    .host = "192.168.1.73";
    .port = "80";
    .probe = static_healthcheck;    #調用健康檢查規則
}

sub vcl_init {      # 定義負載均衡組的名字以及調度算法
    new BE = directors.round_robin();
    BE.add_backend(static);
}

acl purgers {      #定義裁剪的ACL裏ip地址範圍
    "127.0.0.1";
    "192.168.1.0/24";
}

# 定義接收段
sub vcl_recv {
    if (req.method == "GET" && req.http.cookie) {  
        return(hash);
    }
    if (req.method == "PURGE") {   # 如果請求方法是PURGE,也就是裁剪緩存
        if (client.ip ~ purgers) {   # 如果客戶端IP在我們之前定義的ACL for purges中,執行裁剪緩存
          return(purge);
        }
    }
    if (req.http.X-Forward-For) {     # 自定義頭部
        set req.http.X-Forward-For = req.http.X-Forward-For + "," + client.ip;  #如果對應變量有值,則它的值加上客戶端ip
    } else {
        set req.http.X-Forward-For = client.ip;  #如果沒有值,則只加ip
    }
        set req.backend_hint = BE.backend();  
        return(hash);
}

sub vcl_backend_response {  
    if (bereq.url ~ "\.(jpg|jpeg|gif|png)$") {   #如果後端服務器匹配jpg等圖片文件
        set beresp.ttl = 1d;       #設置可緩存時間
    }
    if (bereq.url ~ "\.(html|css|js|txt)$") {   #如果後端服務器匹配html等文件
        set beresp.ttl = 12h;       #設置可緩存時間
    }
    if (beresp.http.Set-Cookie) {    #客戶端的請求報文中Cookie首部的值
    set beresp.grace = 30m;    # 在30s 內複製舊的請求結果給客戶端
        return(deliver);
    }
}

 # 如果命中了則返回自定義頭部,未命中則返回未找到
sub vcl_deliver {  
    if (obj.hits > 0) {     #當對象從緩存中命中的次數大於0時;
        set resp.http.X-Cache = "HIT from " + server.ip;
    } else {
        set resp.http.X-Cache = "MISS";
    }
}
[root@vanish-76 ~]# systemctl start varnish
五、haproxy服務器
設置seLinux、取消防火牆和同步時間
yum install -y ntpdate
ntpdate time1.aliyun.com
安裝haproxy
[root@haproxy-75 ~]# yum install -y haproxy
編輯配置文件,啓用本地日誌功能
[root@haproxy-75 ~]# vim /etc/rsyslog.conf  
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Save boot messages also to boot.log  
local7.*                                                /var/log/boot.log
local2.*                                                /var/log/haproxy.log
[root@haproxy-75 ~]# vim /etc/sysconfig/rsyslog  
SYSLOGD_OPTIONS="-r"
[root@haproxy-75 ~]# systemctl restart rsyslog
配置haproxy文件
[root@haproxy-75 ~]# vim /etc/haproxy/haproxy.cfg

frontend  main *:80
    acl url_static       path_end       -i .jpg .gif .png .css .js .txt  #靜態資源acl規則
    acl url_dynamic     path_end        -i .php #動態資源acl規則
    compression algo gzip  #設置壓縮算法爲gzip
    compression type text/html text/plain image/x-png image/x-citrix-jpeg  #設置壓縮的內容類>型爲相關靜態內容
    use_backend static          if url_static   #後端靜態主機組調用靜態acl規則
    use_backend dynamic     if url_dynamic #後端動態主機組調用動態acl規則
    default_backend             websrvs   #其他默認使用

backend websrvs     #默認主機組
        balance roundrobin    #算法
        cookie WEBSRV insert nocache indirect   #基於cookie會話綁定同一臺服務器
        server web1 192.168.1.74:80 check  cookie web1
        server web2 192.168.1.76:6081 check  cookie web1

backend static  #添加varnish爲靜態服務,由varnish將代理處理靜態請求
        balance roundrobin #算法
        server srvs1 192.168.1.76:6081 check

backend dynamic  #動態主機組
        balance roundrobin   #算法
        server dyn1 192.168.1.74:80 check

listen stats         #haproxy的管理頁面設置
        bind *:8080     #管理端口
        stats enable    #啓用
        stats uri /admin?stats      #訪問路徑
        acl url_stats src 192.168.1.0/24  #配置ACL匹配本地網段
        stats admin if url_stats  #只允許匹配ACL的本地網段訪問stats的管理頁面
[root@haproxy-75 ~]# systemctl start haproxy

六、測試
1、LNMP動靜分離部署wordpress,動靜都要能實現負載均衡,要注意會話的問題。
此時訪問以.php的結尾的內容會被haproxy負載到dynamic服務器上處理,而訪問.jpg,.png和.txt等靜態內容則被負載到static服務器上進行處理。
動態wordpress測試
靜態圖片資源測試
由上圖所示訪問wordpres頁面的動態和靜態圖片內容已被分開處理,靜態內容代理到varnish-76上進行處理,而動態內容則代理到dynamic服務器進行處理。
訪問http://192.168.0.81 默認會輪詢到後端兩個服務器上
[root@clinet ~]# for i in {1..10} ; do curl http://192.168.1.75 ; done
<h1>This is static-server </h1>
<h1>This is dynamic-server</h1>

<h1>This is static-server </h1>
<h1>This is dynamic-server</h1>

<h1>This is static-server </h1>
<h1>This is dynamic-server</h1>

<h1>This is static-server </h1>
<h1>This is dynamic-server</h1>

<h1>This is static-server </h1>
<h1>This is dynamic-server</h1>
基於cookie會話保持功能,用戶通過web訪問都會被調度到同一個後端服務器。

會話保持
2、在haproxy和後端主機之間添加varnish進行緩存
從此前的截圖上,我們已經能看到,相關的靜態內容已經被varnish緩存所“HIT”中了,這說明我們緩存已經生效了。
緩存命中信息
3、壓縮合適的內容類型和設置stats page僅能通過本地訪問使用管理接口。
因爲我們在haproxy的配置中設置了對相關靜態內容進行壓縮,所以訪問相關靜態內容時,如果響應報文帶有相關的壓縮字段,說明壓縮已經成功。

壓縮成功
4、 stats page信息頁僅能通過本地訪問使用管理接口
訪問stats頁面,因爲訪問主機是本地網絡,所以能夠下圖紅框中的管理操作。如果不是指定的本地網段,則只能查看相關的stats狀態,而無法進行管理操作。
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章