• 集群架构搭建


    0.创建www用户

    [root@web01 ~]# groupadd -g 666 www
    [root@web01 ~]# useradd -u666 -g666 www

    1.配置YUM源码(Nginx PHP)
    [root@web01 ~]# cat /etc/yum.repos.d/nginx.repo
    [nginx]
    name=nginx repo
    baseurl=http://nginx.org/packages/centos/7/$basearch/
    gpgcheck=0
    enabled=1

    2.安装扩展源【HTTPS】
    [root@nginx ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    [root@nginx ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

    3.安装Nginx+PHP
    [root@web01 ~]# # yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb nginx

    4.配置web站点【wordpress|wecenter】
    [root@web01 ~]# sed -i '/^user/c user www;' /etc/nginx/nginx.conf
    [root@web01 ~]# sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf
    [root@web01 ~]# sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf

    [root@web01 conf.d]# cat wecenter.conf
    server {
    server_name zh.oldboy.com;
    listen 80;
    root /code/zh;
    index index.php index.html;

    location ~ .php$ {
    root /code/zh;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
              }
    }

    [root@web01 conf.d]# cat wordpress.conf
    server {
    server_name blog.oldboy.com;
    listen 80;
    root /code/wordpress;
    index index.php index.html;

    location ~ .php$ {
    root /code/wordpress;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

    fastcgi_param HTTPS on;    (用以https访问)

    include fastcgi_params;

            }
    }

    ##启动服务,并加入开机自启动
    [root@web01 ~]# systemctl enable nginx php-fpm
    [root@web01 ~]# systemctl start nginx php-fpm

    5.准备对应的代码
    [root@web01 ~]# mkdir /code
    [root@web01 ~]# cd /code
    [root@web01 code]# wget https://wordpress.org/latest.tar.gz

    ##解压
    [root@web01 code]# unzip WeCenter_v3.2.2.zip
    [root@web01 code]# tar xf latest.tar.gz

    ##改名
    [root@web01 code]# mv WeCenter322/ zh

    ##授权
    [root@web01 ~]# chown -R www.www /code/

    6.配置数据库db01

    [root@db01 ~]# rpm -ivh http://repo.mysql.com/yum/mysql-5.7-community/el/7/x86_64/mysql57-community-release-el7-10.noarch.rpm
    [root@db01 ~]# yum install mysql-community-server -y

    [root@db01 ~]# systemctl enable mysqld
    [root@db01 ~]# systemctl start mysqld

    [root@db01 ~]# mysql -uroot -p$(awk '/temporary password/{print $NF}' /var/log/mysqld.log)
    mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'Bgx123.com';
    mysql> create database wordpress;
    mysql> create database zh;
    mysql> create database jpress;
    mysql> grant all privileges on *.* to 'all'@'%' identified by 'Bgx123.com';
    mysql> flush privileges;
    #####################################################################################

    7.配置windows的hosts解析,安装网站

    #####################################################################################
    web02快速扩展一台

    [root@web02 ~]# groupadd -g 666 www
    [root@web02 ~]# useradd -u666 -g666 www


    ##安装nignx与php
    [root@web02 ~]# scp root@172.16.1.7:/etc/yum.repos.d/* /etc/yum.repos.d/
    [root@web02 ~]# yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb nginx


    ##同步nginx与php配置
    [root@web02 ~]# rsync -avz --delete root@172.16.1.7:/etc/nginx /etc/
    [root@web02 ~]# rsync -avz --delete root@172.16.1.7:/etc/php-fpm.d/* /etc/php-fpm.d/

    ##在web01上打包code
    [root@web01 ~]# tar czf code.tar.gz /code/

    ##同步web01的站点目录
    [root@web02 ~]# rsync -avz root@172.16.1.7:~/code.tar.gz ./
    [root@web02 ~]# tar xf code.tar.gz -C /


    ##启动服务,并加入开机自启动
    [root@web02 ~]# systemctl enable nginx php-fpm
    [root@web02 ~]# systemctl start nginx php-fpm

    web03 JAVA站点
    [root@web03 ~]# yum install java -y
    [root@web03 ~]# mkdir /code
    [root@web03 ~]# cd /code
    [root@web03 code]# wget http://mirrors.shu.edu.cn/apache/tomcat/tomcat-9/v9.0.12/bin/apache-tomcat-9.0.12.tar.gz
    [root@web03 code]# tar xf apache-tomcat-9.0.12.tar.gz
    [root@web03 code]# ln -s /code/apache-tomcat-9.0.12 /code/tomcat

    下载jpress
    [root@web03 ~]# cd /code/tomcat/webapps
    [root@web03 ~]# rz 上传jpress的war

    启动Tomcat服务
    [root@web03 ~]# /code/tomcat/bin/startup.sh

    #####################################################################################
    nfs共享存储
    [root@nfs ~]# groupadd -g 666 www
    [root@nfs ~]# useradd -g 666 -u666 www

    #准备共享配置
    [root@nfs ~]# cat /etc/exports
    /data/blog 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
    /data/zh 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
    /data/jpress 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)

    # 创建目录并授权
    [root@nfs ~]# mkdir /data/{blog,zh,jpress} -p
    [root@nfs ~]# chown -R www.www /data
    [root@nfs ~]# systemctl enable nfs-server
    [root@nfs ~]# systemctl start nfs-server

    #####################################################################################
    web01和web02执行挂载wordpress【wecenter和jpress自行完成】
    [root@web02 wp-content]# mv uploads/ uploads_bak
    [root@web02 wp-content]# mkdir uploads
    [root@web02 wp-content]# mount -t nfs 172.16.1.31:/data/blog /code/wordpress/wp-content/uploads
    [root@web02 wp-content]# cp -rp uploads_bak/* uploads/

    web01上面直接挂载即可
    [root@web01 ~]# mkdir /code/wordpress/wp-content/uploads
    [root@web01 ~]# mount -t nfs 172.16.1.31:/data/blog /code/wordpress/wp-content/uploads

    记得加入开机自启动


    #####################################################################################
    lb01操作

    [root@lb01 ~]# scp -rp root@172.16.1.7:/etc/yum.repos.d/nginx.repo /etc/yum.repos.d/
    [root@lb01 ~]# yum install nginx -y

    [root@lb01 ~]# rm -f /etc/nginx/conf.d/*
    [root@lb01 ~]# cat /etc/nginx/conf.d/blog_proxy.conf
    upstream blog {
    server 172.16.1.7:80;
    server 172.16.1.8:80;
    }

    server {
    server_name blog.oldboy.com;
    listen 80;
    location / {
    proxy_pass http://blog;
    include proxy_params;
    }
    }

    [root@lb01 ~]# cat /etc/nginx/conf.d/zh_proxy.conf
    upstream zh {
    server 172.16.1.7:80;
    server 172.16.1.8:80;
    }

    server {
    server_name zh.oldboy.com;
    listen 80;
    location / {
    proxy_pass http://zh;
    include proxy_params;
    }
    }


    [root@lb01 ~]# cat /etc/nginx/conf.d/jpress_proxy.conf
    upstream java {
    server 172.16.1.9:8080;
    }

    server {
    listen 80;
    server_name jpress.oldboy.com;
    location / {
    proxy_pass http://java;
    include proxy_params;
    }
    }

    ##共有优化配置文件
    [root@lb01 ~]# cat /etc/nginx/proxy_params
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_connect_timeout 30;
    proxy_send_timeout 60;
    proxy_read_timeout 60;

    proxy_buffering on;
    proxy_buffer_size 32k;
    proxy_buffers 4 128k;

    [root@lb01 ~]# systemctl enable nginx
    [root@lb01 ~]# systemctl start nginx


    #####################################################################################
    lb01操作HTTPS

    1.生成ssl

    [root@lb01 ~]# openssl version
    OpenSSL 1.0.2k-fips 26 Jan 2017

    //OpenSSL 必须是1.0.2

    //nginx 必须有模块

    [root@lb01 ~]# nginx -V

    --with-http_ssl_module

    [root@lb01 ~]#  mkdir /etc/nginx/ssl_key -p

    [root@lb01 ~]#  cd /etc/nginx/ssl_key

    [root@lb01 ~]# openssl req -days 36500 -x509
    > -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt

    2.配置nginx的负载均衡支持https
    [root@lb01 conf.d]# cat blog_proxy.conf
    upstream blog {
    server 172.16.1.7:80;
    server 172.16.1.8:80;
    }
    server {
    server_name blog.oldboy.com;
    listen 80;
    return 302 https://$server_name$request_uri;
    }
    server {
    server_name blog.oldboy.com;
    listen 443;
    ssl on;
    ssl_certificate ssl_key/server.crt;
    ssl_certificate_key ssl_key/server.key;
    location / {
    proxy_pass http://blog;
    include proxy_params;
    }
    }

    [root@lb01 conf.d]# cat zh_proxy.conf
    upstream zh {
    server 172.16.1.7:80;
    server 172.16.1.8:80;
    }

    server {
    server_name zh.oldboy.com;
    listen 80;
    return 302 https://$server_name$request_uri;

    }
    server {
    server_name zh.oldboy.com;
    listen 443;
    ssl on;
    ssl_certificate ssl_key/server.crt;
    ssl_certificate_key ssl_key/server.key;
    location /{
    proxy_pass http://zh;
    include proxy_params;

    }

    }


    #####################################################################################

    配置备份rsync
    [root@backup ~]# yum install rsync -y
    [root@backup ~]# cat /etc/rsyncd.conf
    uid = www
    gid = www
    port = 873
    fake super = yes
    use chroot = no
    max connections = 200
    timeout = 600
    ignore errors
    read only = false
    list = false
    auth users = rsync_backup
    secrets file = /etc/rsync.passwd
    log file = /var/log/rsyncd.log
    #####################################
    [backup]
    comment = welcome to oldboyedu backup!
    path = /backup

    [data]
    comment = welcome to oldboyedu data!
    path = /data

    ##准备目录
    [root@backup ~]# groupadd -g666 www
    [root@backup ~]# useradd -u666 -g666 www
    [root@backup ~]# chown -R www.www /{backup,data}

    ##准备密码文件
    [root@backup ~]# echo 'rsync_backup:123' > /etc/rsync.passwd
    [root@backup ~]# chmod 600 /etc/rsync.passwd


    ##启动服务并加入开机自启动
    [root@backup ~]# systemctl enable rsyncd
    [root@backup ~]# systemctl start rsyncd


    #######################其他机器准备推送脚本
    [root@lb01 scripts]# mkdir /server/scripts -p
    [root@lb01 ~]# cat /server/scripts/client_rsync_backup.sh
    #批量创建数据文件

    #!/usr/bin/bash
    export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin

    #1.定义变量
    Host=$(hostname)
    Addr=$(ifconfig eth1|awk 'NR==2{print $2}')
    Date=$(date +%F)
    Dest=${Host}_${Addr}_${Date}
    Path=/backup

    #2.创建备份目录
    [ -d $Path/$Dest ] || mkdir -p $Path/$Dest

    #3.备份对应的文件
    cd / &&
    [ -f $Path/$Dest/system.tar.gz ] || tar czf $Path/$Dest/system.tar.gz etc/fstab etc/rsyncd.conf &&
    [ -f $Path/$Dest/log.tar.gz ] || tar czf $Path/$Dest/log.tar.gz var/log/messages var/log/secure &&

    #4.携带md5验证信息
    [ -f $Path/$Dest/flag ] || md5sum $Path/$Dest/*.tar.gz >$Path/$Dest/flag

    #4.推送本地数据至备份服务器
    export RSYNC_PASSWORD=123
    rsync -avz $Path/ rsync_backup@172.16.1.41::backup

    #5.本地保留最近7天的数据
    find $Path/ -type d -mtime +7|xargs rm -rf

    ##测试脚本
    [root@lb01 ~]# chmod +x /server/scripts/client_rsync_backup.sh
    [root@lb01 ~]# sh /server/scripts/client_rsync_backup.sh

    ##编写定时任务
    [root@lb01 ~]# echo '00 00 * * * sh /server/scripts/client_rsync_backup.sh >&/dev/null' >> /var/spool/cron/root

    #######################Backup服务器上的校验脚本
    [root@backup ~]# mkdir /server/scripts -p
    [root@backup ~]# vim /server/scripts/check_backup.sh

    #!/usr/bin/bash

    #1.定义全局的变量
    export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
    #2.定义局部变量
    Path=/backup
    Date=$(date +%F)
    #3.查看flag文件,并对该文件进行校验, 然后将校验的结果保存至result_时间
    find $Path/*_${Date} -type f -name "flag"|xargs md5sum -c >$Path/result_${Date}
    #4.将校验的结果发送邮件给管理员
    mail -s "Rsync Backup $Date" 1773280586@qq.com <$Path/result_${Date}
    #5.删除超过7天的校验结果文件, 删除超过180天的备份数据文件
    find $Path/ -type f -name "result*" -mtime +7|xargs rm -f
    find $Path/ -type d -mtime +180|xargs rm -rf

    ## 服务端实现邮件功能

    [root@backup ~]# yum install mailx -y

    [root@backup ~]# vim /etc/mail.rc 

    set from=1773280586@qq.com
    set smtp=smtps://smtp.qq.com:465
    set smtp-auth-user=1773280586@qq.com
    set smtp-auth-password=fsutdpigtgidfbgd
    set smtp-auth=login
    set ssl-verify=ignore
    set nss-config-dir=/etc/pki/nssdb/

  • 相关阅读:
    带你破解时间管理的谜题
    学点产品思维(一起拿返现)
    利用MAT玩转JVM内存分析(一)
    JVM利器:Serviceability Agent介绍
    003-005:Java平台相关的面试题
    002-如何理解Java的平台独立性
    001-为什么Java能这么流行
    Redis保证事务一致性,以及常用的数据结构
    敏感词过滤服务的实现
    或许,挂掉的点总是出人意料(hw其实蛮有好感的公司)
  • 原文地址:https://www.cnblogs.com/fangdecheng/p/9838744.html
Copyright © 2020-2023  润新知