https+nginx+nfs+rsync+mysql
完善架构
1.web01 02 03 部署nginx 和php 80端口
2.lb部署https证书,80强转443
3.NFS: sersync
5.RSYNC 实时备份 NFS
- wordpress - zh
环境准备
| 主机名 | WANIP | LANIP | 搭建服务 |
|---|---|---|---|
| lb01 | 10.0.0.5 | 172.16.1.5 | 负载均衡+https |
| web01 | 10.0.0.7 | 172.16.1.7 | nginx+php+zh+wordpress |
| web02 | 10.0.0.8 | 172.16.1.8 | nginx+php+zh+wordpress |
| web03 | 10.0.0.9 | 172.16.1.9 | nginx+php+zh+wordpress |
| db01 | 10.0.0.51 | 172.16.1.51 | mysql+redis |
| nfs | 10.0.0.31 | 172.16.1.31 | 图片共享+sersync |
| backup | 10.0.0.41 | 172.16.1.41 | rsync |
配置lb01负载均衡https
#1. 安装nginx
[root@lb01 ~]# yum install -y nginx
#2.启动nginx加入开机自动启动
[root@lb01 ~]# systemctl start nginx
[root@lb01 ~]# yum install enable nginx
#3. 统一用户
创建用户和用户组
[root@web01 /]# groupadd www -g 666
[root@web01 /]# useradd www -u 666 -g 666 -s /sbin/nologin -M
修改nginx的配置文件
[root@web01 /]# sed -i '/^user/c user www;' /etc/nginx/nginx.conf
###########################################################################################
#4.配置https
nginx必须有ssl模块
[root@web03 ~]# nginx -V
--with-http_ssl_module
#5.创建存放ssl证书的路径
[root@web03 ~]# mkdir -p /etc/nginx/ssl_key
[root@web03 ~]# cd /etc/nginx/ssl_key
#6.生成私钥
[root@lb01 ssl_key]# openssl genrsa -idea -out /etc/nginx/ssl_key/$(date +%Y%m%d)_hgs.com.key 2048
Generating RSA private key, 2048 bit long modulus
................................................................................................................................+++
...............................................................................................................................................+++
e is 65537 (0x10001)
Enter pass phrase for /etc/nginx/ssl_key/20200604_hgs.com.key:
Verifying - Enter pass phrase for /etc/nginx/ssl_key/20200604_hgs.com.key:
#7.生成证书
[root@lb01 ssl_key]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl_key/20200604_hgs.com.key -out /etc/nginx/ssl_key/20200604_hgs.com.crt
Generating a 2048 bit RSA private key
.....................................................+++
.......................................+++
writing new private key to '/etc/nginx/ssl_key/20200604_hgs.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:111
Locality Name (eg, city) [Default City]:222
Organization Name (eg, company) [Default Company Ltd]:333
Organizational Unit Name (eg, section) []:444
Common Name (eg, your name or your server's hostname) []:hgs.com
Email Address []:123@qq.com
#8.查看私钥和证书
[root@lb01 ssl_key]# ls
20200604_hgs.com.crt 20200604_hgs.com.key
#9.编辑配置文件
#9.1.nginx 代理优化配置文件 /etc/nginx/proxy_params
#设置请求头,带着域名访问后端web
proxy_set_header HOST $host;
#设置请求头,带着客户端IP访问,访问后端web
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#优化超时时间
#nginx代理与后端服务器连接超时时间(代理连接超时)
proxy_connect_timeout 60s;
#nginx代理等待后端服务器的响应时间
proxy_read_timeout 60s;
#后端服务器数据回传给nginx代理超时时间
proxy_send_timeout 60s;
#优化缓冲区
proxy_buffering on;
proxy_buffers 8 4k;
proxy_buffer_size 4k;
#9.2 编辑虚拟主机负载均衡配置文件
[root@lb01 conf.d]# vim proxy_hgs.conf
upstream hgs {
server 172.16.1.7;
server 172.16.1.8;
server 172.16.1.9;
}
server {
listen 80;
server_name blog.hgs.com zh.hgs.com ;
return 302 https://$host/$request_uri;
}
server {
listen 443 ssl;
server_name blog.hgs.com zh.hgs.com ;
ssl_certificate /etc/nginx/ssl_key/20200604_hgs.com.crt;
ssl_certificate_key /etc/nginx/ssl_key/20200604_hgs.com.key;
location / {
#代理后端的ip和端口
proxy_pass http://hgs;
#引入优化配置文件
include proxy_params;
#避免后端如果有服务器故障,返回5xx或者4xx代码,为了不影响用户体验,把请求转交给存活web服务器
proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
}
}
#9.3 配置http层 上传大小配置
client_max_body_size 20m;
client_body_buffer_size 10m(配置请求体缓存区大小, 不配的话)
配置web01
#1.更好yum源
root@web01 yum.repos.d]# cat /etc/yum.repos.d/nginx.repo
vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
#2.安装lnginx
yum install -y nginx
#3.更换PHP源
[root@web02 /]# cat /etc/yum.repos.d/php.repo
[php-webtatic]
name = PHP Repository
baseurl = http://us-east.repo.webtatic.com/yum/el7/x86_64/
gpgcheck = 0
#4.安装php
[root@web02 /]# yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71wmcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached
#5.统一nginx和php用户
5.1创建用户和用户组
[root@web01 /]# groupadd www -g 666
[root@web01 /]# useradd www -u 666 -g 666 -s /sbin/nologin -M
5.2修改nginx的配置文件
[root@web01 /]# sed -i '/^user/c user www;' /etc/nginx/nginx.conf
5.3修改php的配置文件
[root@web01 /]# sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf
[root@web01 /]# sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf
#6.启动nginx和php服务,加入开机启动项
6.1启动nginx+php服务
[root@web01 /]# systemctl start nginx php-fpm
6.2 加入开机启动项
[root@web01 /]# systemctl enable nginx php-fpm
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
#7.配置worldpress+zh nginx 虚拟主机文件
7.1wordpress 虚拟主机文件
[root@web01 /]# vi /etc/nginx/conf.d/blog.hgs.conf
server {
listen 80;
server_name blog.hgs.com;
location / {
root /website/wordpress;
index index.php index.html;
}
location ~ \.php$ {
root /website/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
include fastcgi_params;
}
}
7.2zh虚拟主机配置文件
vim /etc/nginx/conf.d/zh.hgs.conf
server {
listen 80;
server_name zh.hgs.com;
root /website/zh;
index index.php index.html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#告诉PHP我前置的负载使用的是https协议
fastcgi_param HTTPS on;
include /etc/nginx/fastcgi_params;
}
}
#8.语法检查
[root@web01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
#9.创建站点目录
[root@web01 nginx]# mkdir -p /website/zh
#10.下载解压代码
10.1 wordpress
[root@web01 ~]# tar xf wordpress-5.0.3-zh_CN.tar.gz -C /website/ #解压到website下的wordpress
10.2 zh
[root@web01 ~]# unzip WeCenter_3-2-1.zip -d /website/zh/
[root@web01 zh]# mv WeCenter_3-2-1/* ./
#11.授权目录wwww权限
[root@web01 zh]# chown -R www.www /website/
配置数据库db01
#1.安装 mysql 服务
[root@db01 ~]# yum install -y mariadb-server
#2.启动服务和加入开机自启
[root@db01 ~]# systemctl start mariadb
[root@db01 ~]# systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
#3.查看进程和端口
[root@db01 ~]# ps -ef |grep 3306
root 11282 10892 0 02:28 pts/0 00:00:00 grep --color=auto 3306
[root@db01 ~]# netstat -lntup |grep mysql
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 11221/mysqld
#4.给数据root 用户设置密码
[root@db01 ~]# mysqladmin -uroot password '123'
#5.创建数据库
[root@db01 ~]# mysql -uroot -p123
MariaDB [(none)]> create database wp_db;
MariaDB [(none)]> create database zh_db;
#6.创建用户
MariaDB [(none)]> grant all on wp_db.* to wp_user@'%' identified by '123456';
MariaDB [(none)]> grant all on zh_db.* to zh_user@'%' identified by '123456';
配置web02、web03 配置文件和安装包
#拷贝 web01 nginx配置文件
[root@web02 ~]# scp 10.0.0.7:/etc/nginx/conf.d/* /etc/nginx/conf.d/
#拷贝web01 wordpress和zh 文件
[root@web02 ~]# scp -rp 10.0.0.7:/website /
#授权目录www权限
[root@web02 ~]# chown -R www.www /website/
#平滑重启
[root@web02 ~]# systemctl reload nginx php-fpm
配置NFS服务端图片共享
#1.安装 nfs服务端
[root@nfs ~]# yum -y install nfs-utils
#2.编辑配置文件 /etc/exports
[root@nfs ~]# cat /etc/exports
/wp_data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/zh_data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
#3.创建www用户和用户组
[root@nfs ~]# groupadd www -g 666
[root@nfs ~]# useradd www -u 666 -g 666
#4.创建共享文件wp_data目录 wordpress
[root@nfs ~]# mkdir /wp_data
[root@nfs ~]# chown www.www /wp_data/
[root@nfs ~]# chmod 777 /wp_data/
#5.创建共享文件zh_data目录 wordpress
[root@nfs ~]# mkdir /zh_data
[root@nfs ~]# chown www.www /zh_data/
[root@nfs ~]# chmod 777 /wp_data/
#5.启动服务开机自启
[root@nfs ~]# systemctl enable rpcbind nfs-server
Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to
/usr/lib/systemd/system/nfs-server.service.
#6#启动rpcbind 和server
[root@nfs ~]# systemctl restart rpcbind nfs-server
#7.检查端口
[root@nfs ~]# netstat -lntup |grep rpc
#8.检测文件
[root@nfs ~]# cat /var/lib/nfs/etab
/wp_data
172.16.1.0/24(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,all_squash,no_subtree_check,
secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,rw,secure,root_squash,all_squas
h)
#9. showmount -e
[root@nfs ~]# showmount -e
Export list for nfs:
/zh_data 172.16.1.0/24
/wp_data 172.16.1.0/24
配置web01、02、03的nfs挂载
#1.安装nfs服务
[root@web01 wordpress]# yum install -y nfs-utils rpcbind
#2.启动rpc服务
[root@web01 wordpress]# systemctl restart rpcbind
[root@web01 wordpress]# systemctl enable rpcbind
#3.查看挂载源
[root@web01 wordpress]# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/wp_data 172.16.1.0/24
#4.客户端挂载
#wordpress 挂载
#创建存放图片目录
mkdir /website/wordpress/wp-content/uploads/
[root@web01 /]# mount -t nfs 172.16.1.31:/wp_data /website/wordpress/wp-content/uploads/
#zh挂载
#创建存放图片目录
mkdir /website/zh/uploads/article
[root@web01 /]# mount -t nfs 172.16.1.31:/zh_data /website/zh/uploads/article
#5.查看挂载
[root@web01 ~]# df -h
配置backup sersync
#配置backup 服务器
#1。 安装rsync
[root@backup ~]# yum install rsync -y
#2 配置rsync
[root@backup ~]# vi /etc/rsyncd.conf
uid = rsync
gid = rsync
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = true
secrets file = /etc/rsync.password
auth users = rsync_backup
log file = /var/log/rsyncd.log
#####################################
[wp]
path = /wp_data
[zh]
path = /zh_data
#3. 创建数据目录
[root@backup ~]# mkdir /{wp_data,zh_data}
#4. 创建用户并授权
[root@backup ~]# useradd -M -s /sbin/nologin www
[root@backup ~]# chown -R www.www /wp_data/ /zh_data/
#5. 创建链接的虚拟用户密码文件并赋予600权限
[root@backup ~]# echo "rsync_backup:1" /etc/rsync.password
[root@backup ~]# chmod 600 /etc/rsync.password
6# 启动rsyncd
[root@backup ~]# systemctl restart rsyncd
###################################################################################################
#置nfs服务器
#1. sersync需要依赖inotify和rsync,所以需要安装对应软件
[root@nfs01 ~]# yum install rsync inotify -y
#2. 安装sersync
[root@nfs01 ~]# mkdir /server/tools -p
[root@nfs01 ~]# cd /server/tools/
[root@nfs01 tools]# wget https://raw.githubusercontent.com/wsgzao/sersync/master/sersync2.5.4_64bit_binary_stable_final.tar.gz
#3.解压 剪切到 /usr/local/sersync
[root@nfs01 tools]# tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz
[root@nfs01 tools]# mv GNU-Linux-x86/ /usr/local/sersync
#4. 进入到 目录 备份confxml.xml
[root@nfs01 tools]# cd /usr/local/sersync/
[root@nfs01 sersync]# cp confxml.xml confxml.bak
[root@nfs01 sersync]# vim confxml.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<head version="2.5">
<host hostip="localhost" port="8008"></host>
<debug start="false"/>
<fileSystem xfs="true"/> #文件系统开启
<filter start="false"> #排除不想同步的文件
<exclude expression="(.*)\.svn"></exclude>
<exclude expression="(.*)\.gz"></exclude>
<exclude expression="^info/*"></exclude>
<exclude expression="^static/*"></exclude>
</filter>
<inotify> #监控时间类型
<delete start="true"/>
<createFolder start="true"/>
<createFile start="false"/>
<closeWrite start="true"/>
<moveFrom start="true"/>
<moveTo start="true"/>
<attrib start="false"/>
<modify start="false"/>
</inotify>
<sersync>
<localpath watch="/zh_data"> #监控zh目录
<remote ip="172.16.1.41" name="zh"/> #ip及模块
<!--<remote ip