WEB架构
1.环境
2.MySQL 安装
上传安装包到 /usr/local/src/ 目录
链接:https://pan.baidu.com/s/12LNSmTuZw-BvhHFwa7ZpGQ
提取码:c61l
2.1安装步骤
shell> cd /usr/local/src/
shell> tar xvf mysql-5.6.34-onekey-install.tar.gz
shell> yum install libaio -y
shell> bash mysql-install.sh
2.2开机启动
shell> cd /usr/local/src/mysql-5.6.34-linux-glibc2.5-x86_64/
shell> cp support-files/mysql.server /etc/rc.d/init.d/mysqld
shell> chkconfig --add mysqld
2.3master配置
shell> vi /etc/my.cnf.d/server.cnf
# 启用二进制
log_bin
# 为当前节点设置一个全局唯一ID号
server_id=1
# 可选项,设置datadir中日志名称,确保不依赖主机名
log-basename = master1
2.4创建有复制权限的用记
mysql> mysql> GRANT REPLICATION SLAVE ON *.* TO 'repluser'@'192.168.37.%' IDENTIFIED BY '123456';
2.5查看二进制文件
mysql> show master logs;
2.6slave节点配置
shell> vim /etc/my.cnf.d/server.cnf
[mysqld]
server_id = 2
# 设置数据库只读
read_only = ON
2.7配置复制线程
mysql> CHANGE MASTER TO
MASTER_HOST='192.168.37.11',
MASTER_USER='repluser',
MASTER_PASSWORD='123456',
MASTER_PORT=3306,
MASTER_LOG_FILE='mysql-master-bin.000002',
MASTER_LOG_POS=120;
mysql> start slave;
2.8创建wordpress数据库及管理用户
mysql> CREATE DATABASE wordpress;
mysql> GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"192.168.37.%" IDENTIFIED BY "123456";
mysql> FLUSH PRIVILEGES;
3.NFS安装
shell> yum install nfs-utils -y
shell> vim /etc/exports
/data/wordpress 192.168.37.*(rw,no_root_squash)
shell> mkdir /data/wordpress
shell> systemctl start nfs
shell> systemctl enable nfs
4.nginx安装
上传nginx,php到 /usr/local/src 目录
4.1准备编译安装的基础环境:
shell> yum install -y vim lrzsz tree screen psmisc lsof \
tcpdump wget ntpdate gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel \
systemd-devel net-tools iotop bc zip unzip zlib-devel bash-completion nfs-utils automake \
libxml2 libxml2-devel libxslt libxslt-devel perl perl-ExtUtils-Embed
4.2nginx安装
shell> useradd www -s /sbin/nologin -u 38 -M
shell> tar -xvf nginx-1.16.1.tar.gz
shell> cd nginx-1.16.1
shell> ./configure --prefix=/apps/nginx --user=www --group=www \
--with-http_ssl_module --with-http_v2_module --with-http_realip_module \
--with-http_stub_status_module --with-http_gzip_static_module --with-pcre \
--with-stream --with-stream_ssl_module --with-stream_realip_module
shell> make
shell> make install
shell> /apps/nginx/sbin/nginx
shell> ss -tnl
4.3创建Nginx启动脚本
# 创建 /usr/lib/systemd/system/nginx.service 文件
shell> vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/apps/nginx/logs/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/apps/nginx/sbin/nginx -t
ExecStart=/apps/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
#KillSignal=SIGQUIT
#TimeoutStopSec=5
KillMode=process
PrivateTmp=true
[Install]
WantedBy=multi-user.target
4.4验证Nginx启动脚本
shell> /apps/nginx/sbin/nginx -s stop
shell> systemctl daemon-reload
shell> systemctl start nginx
shell> systemctl enable nginx
shell> systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2019-08-18 09:17:29 CST; 20s ago
Main PID: 42403 (nginx)
CGroup: /system.slice/nginx.service
├─42403 nginx: master process /apps/nginx/sbin/nginx
└─42404 nginx: worker process
Aug 18 09:17:29 nginx-2 systemd[1]: Starting The nginx HTTP and reverse proxy.....
Aug 18 09:17:29 nginx-2 nginx[42399]: nginx: the configuration file /apps/ngi...ok
Aug 18 09:17:29 nginx-2 nginx[42399]: nginx: configuration file /apps/nginx/c...ul
Aug 18 09:17:29 nginx-2 systemd[1]: Failed to read PID from file /apps/nginx/...nt
Aug 18 09:17:29 nginx-2 systemd[1]: Started The nginx HTTP and reverse proxy ...r.
Hint: Some lines were ellipsized, use -l to show in full.
5.PHP安装
5.1安装依赖包
shell> yum -y install wget vim pcre pcre-devel openssl openssl-devel libicu-devel gcc gcc-c++ \
autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel \
libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel \
ncurses ncurses-devel curl curl-devel krb5-devel libidn libidn-devel openldap \
openldap-devel nss_ldap jemalloc-devel cmake boost-devel bison automake libevent \
libevent-devel gd gd-devel libtool* libmcrypt libmcrypt-devel mcrypt mhash libxslt \
libxslt-devel readline readline-devel gmp gmp-devel libcurl libcurl-devel openjpeg-devel
5.2安装PHP
shell> cd /usr/local/src
shell> tar xf php-7.2..tar.gz
shell> cd php-7.2.21
shell> ./configure --prefix=/apps/php --enable-fpm --with-fpm-user=www --with-fpm-group=www \
--with-pear --with-curl --with-png-dir --with-freetype-dir --with-iconv --with-mhash --with-zlib \
--with-xmlrpc --with-xsl --with-openssl --with-mysqli --with-pdo-mysql --disable-debug --enable-zip \
--enable-sockets --enable-soap --enable-inline-optimization --enable-xml --enable-ftp --enable-exif \
--enable-wddx --enable-bcmath --enable-calendar --enable-shmop \
--enable-dba --enable-sysvsem --enable-sysvshm --enable-sysvmsg
shell> make
shell> make install
5.3准备PHP配置文件
shell> cd /apps/php/etc/php-fpm.d/
shell> cp www.conf.default www.conf
shell> cp /usr/local/src/php-7.2.21/php.ini-production /apps/php/etc/php.ini
# 修改配置 www.conf 如下
shell> grep -v ";" www.conf | grep -v "^$"
[www]
user = www
group = www
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 30
pm.min_spare_servers = 30
pm.max_spare_servers = 35
pm.status_path = /pm_status
ping.path = /ping
ping.response = pong
access.log = log/$pool.access.log
slowlog = log/$pool.log.slow
# 日志文件路径
shell> mkdir /apps/php/log/
shell> cd /apps/php/etc/
shell> cp php-fpm.conf.default php-fpm.conf
5.4启动并验证php-fpm
# 检测语法
shell> /apps/php/sbin/php-fpm -t
[18-Aug-2019 10:54:27] NOTICE: configuration file /apps/php/etc/php-fpm.conf test is successful
# 制作启动文件设置开机启动
shell> cd /usr/local/src/php-7.2.21/
shell> cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
shell> chmod +x /etc/init.d/php-fpm
shell> service php-fpm start
shell> chkconfig --add php-fpm
shell> chkconfig --list
Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.
If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
php-fpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# 验证php-fpm
shell> ps -ef | grep php-fpm
root 42499 1 0 10:03 ? 00:00:00 php-fpm: master process (/apps/php/etc/php-fpm.conf)
www 42500 42499 0 10:03 ? 00:00:00 php-fpm: pool www
www 42501 42499 0 10:03 ? 00:00:00 php-fpm: pool www
root 42550 19674 0 10:46 pts/0 00:00:00 grep --color=auto php-fpm
shell> netstat -tnlp | grep php-fpm
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 42499/php-fpm: mast
6.部署wordpress
6.1配置Nginx
shell> grep -v "#" /apps/nginx/conf/nginx.conf | grep -v "^$"
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.del.com;
location / {
root /data/nginx/wordpress;
index index.php index.html index.htm;
if ($http_user_agent ~ "ApacheBench|WebBench|TurnitinBot|Sogou webspider|Grid Service") {
return 403;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ \.php$ {
root /data/nginx/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
6.2创建wordpress目录
# 创建wordpress网站目录
shell> mkdir -p /data/nginx/wordpress
shell> /apps/nginx/sbin/nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
shell> /apps/nginx/sbin/nginx -s reload
6.3配置WordPress文件
上传workpress文件到/data/nginx/wordpress
shell> /data/nginx/wordpress
shell> unzip wordpress-5.0.3-zh_CN.zip
shell> mv wordpress/* .
shell> mv wordpress wordpress-5.0.3-zh_CN.zip /opt/
shell> cp wp-config-sample.php wp-config.php
shell> vim wp-config.php
// ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
/** WordPress数据库的名称 */
define('DB_NAME', 'wordpress');
/** MySQL数据库用户名 */
define('DB_USER', 'wordpress');
/** MySQL数据库密码 */
define('DB_PASSWORD', '123456');
/** MySQL主机 */
define('DB_HOST', '192.168.37.105');
shell> chown www.www /data/nginx/wordpress/ /apps/nginx/ -R
shell> /apps/nginx/sbin/nginx -s reload
7.nginx挂载nfs目录
shell> mount -t nfs 192.168.37.111:/data/wordpress/ /data/nginx/wordpress/wp-content/uploads/
shell> chown www.www /data/nginx/wordpress/wp-content/uploads -R
8.HAProxy,Keepalived安装
安装
shell> yum install haproxy keepalived -y
配置keepalived
# IP:192.168.34.14 master
shell> vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 88
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.248 dev eth0 label eth0:1
}
}
# IP:192.168.37.15 backup
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 88
priority 80
advert_int 2
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.248 dev eth0 label eth0:1
}
}
测试keepalived
# 启动
shell> systemctl start keepalived
# 测试 keepalived master IP
shell> ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.37.103 netmask 255.255.255.0 broadcast 192.168.37.255
inet6 fe80::250:56ff:fe39:c42b prefixlen 64 scopeid 0x20<link>
ether 00:50:56:39:c4:2b txqueuelen 1000 (Ethernet)
RX packets 7980 bytes 1212523 (1.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10619 bytes 1892227 (1.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 浮动IP地址
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.37.248 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:50:56:39:c4:2b txqueuelen 1000 (Ethernet)
配置 HAProxy(两台haproxy同样配置)
# IP:192.168.37.14
shell> vim /etc/haproxy/haproxy.cfg
listen WEB_PORT_80
bind 192.168.37.248:80
mode http
server web1 192.168.37.105:80 check inter 3000 fall 3 rise 5
server web2 192.168.37.106:80 check inter 3000 fall 3 rise 5
# IP:192.168.37.15
shell> vim /etc/haproxy/haproxy.
listen WEB_PORT_80
bind 192.168.37.248:80
mode http
server web1 192.168.37.105:80 check inter 3000 fall 3 rise 5
server web2 192.168.37.106:80 check inter 3000 fall 3 rise 5
# IP:192.168.37.104
shell> vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
shell> sysctl -p
测试haproxy
shell> systemctl restart haproxy
shell> ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 192.168.37.248:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
9.NFS备份服务器
inotify和rsync实现实时同步
配置 rsync 服务器端的配置文件
vi /etc/rsyncd.conf
# 设置用户和组
uid = root
gid = root
# 不允许切换目录
use chroot = no
# 最大的连接数据,设置为0是不限制
max connections = 0
# 忽略错误
ignore errors
# 忽略不检查
exclude = lost+found/
# 日志文件
log file = /var/log/rsyncd.log
# 进程pid文件
pid file = /var/run/rsyncd.pid
# 锁文件
lock file = /var/run/rsyncd.lock
# 反向解析
reverse lookup = no
# 允许ip访问
hosts allow = 192.168.8.0/24
[backup]
path = /backup/
comment = backup
read only = no
auth users = rsyncuser
secrets file = /etc/rsync.pass
服务器端生成验证文件
echo "rsyncuser:Centos" > /etc/rsync.pass
chmod 600 /etc/rsync.pass
服务器端准备目录
mkdir /backup
服务器端启动rsync服务
# 可加入/etc/rc.d/rc.local实现开机启动
rsync --daemon
# CentOS 7启动
systemctl start rsyncd
客户端配置密码文件
echo "Centos" > /etc/rsync.pass
chmod 600 /etc/rsync.pass
客户端测试同步数据
rsync -avz --password-file=/etc/rsync.pass /data/ rsyncuser@rsync服务器IP::backup
客户端创建inotify_rsync.sh脚本
#!/bin/bash
SRC='/data/'
DEST='rsyncuser@rsync服务器IP::backup'
inotifywait -mrq --timefmt '%Y-%m-%d %H:%M' --format '%T %w %f' -
e create,delete,moved_to,close_write,attrib ${SRC} |while read DATE
TIME DIR FILE;do
FILEPATH=${DIR}${FILE}
rsync -az --delete --password-file=/etc/rsync.pass $SRC $DEST &&
echo "At ${TIME} on ${DATE}, file $FILEPATH was backuped up via rsync"
>> /var/log/changelist.log
done
10.LVS+Keepalived
shell> yum install keepalived ipvsadm -y
# 配置keepalived master
shell> vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.249 dev eth0 label eth0:1
}
}
virtual_server 192.168.37.249 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.37.12 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.37.13 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
# 配置keepalived backup
shell> vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 200
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.249 dev eth0 label eth0:1
}
}
virtual_server 192.168.37.249 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.37.12 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.37.13 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
web服务器配置DR
shell> cat lvs-dr.sh
#!/bin/sh
#LVS DR模式初始化脚本
#Zhang Shijie:2017-08-18
LVS_VIP=192.168.37.249
source /etc/rc.d/init.d/functions
case "$1" in
start)
/sbin/ifconfig lo:0 $LVS_VIP netmask 255.255.255.255 broadcast $LVS_VIP
/sbin/route add -host $LVS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del $LVS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
检测配置是否成功
shell> ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.37.249:80 rr
-> 192.168.37.12:80 Route 1 0 0
-> 192.168.37.13:80 Route 1 0 0