0.创建www用户
[root@web01 ~]# groupadd -g 666 www
[root@web01 ~]# useradd -u666 -g666 www
1.配置YUM源码(Nginx PHP)
[root@web01 ~]# cat /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
2.安装扩展源【HTTPS】
[root@nginx ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
[root@nginx ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
3.安装Nginx+PHP
[root@web01 ~]# # yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb nginx
4.配置web站点【wordpress|wecenter】
[root@web01 ~]# sed -i '/^user/c user www;' /etc/nginx/nginx.conf
[root@web01 ~]# sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf
[root@web01 ~]# sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf
[root@web01 conf.d]# cat wecenter.conf
server {
server_name zh.oldboy.com;
listen 80;
root /code/zh;
index index.php index.html;
location ~ .php$ {
root /code/zh;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 conf.d]# cat wordpress.conf
server {
server_name blog.oldboy.com;
listen 80;
root /code/wordpress;
index index.php index.html;
location ~ .php$ {
root /code/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on; (用以https访问)
include fastcgi_params;
}
}
##启动服务,并加入开机自启动
[root@web01 ~]# systemctl enable nginx php-fpm
[root@web01 ~]# systemctl start nginx php-fpm
5.准备对应的代码
[root@web01 ~]# mkdir /code
[root@web01 ~]# cd /code
[root@web01 code]# wget https://wordpress.org/latest.tar.gz
##解压
[root@web01 code]# unzip WeCenter_v3.2.2.zip
[root@web01 code]# tar xf latest.tar.gz
##改名
[root@web01 code]# mv WeCenter322/ zh
##授权
[root@web01 ~]# chown -R www.www /code/
6.配置数据库db01
[root@db01 ~]# rpm -ivh http://repo.mysql.com/yum/mysql-5.7-community/el/7/x86_64/mysql57-community-release-el7-10.noarch.rpm
[root@db01 ~]# yum install mysql-community-server -y
[root@db01 ~]# systemctl enable mysqld
[root@db01 ~]# systemctl start mysqld
[root@db01 ~]# mysql -uroot -p$(awk '/temporary password/{print $NF}' /var/log/mysqld.log)
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'Bgx123.com';
mysql> create database wordpress;
mysql> create database zh;
mysql> create database jpress;
mysql> grant all privileges on *.* to 'all'@'%' identified by 'Bgx123.com';
mysql> flush privileges;
#####################################################################################
7.配置windows的hosts解析,安装网站
#####################################################################################
web02快速扩展一台
[root@web02 ~]# groupadd -g 666 www
[root@web02 ~]# useradd -u666 -g666 www
##安装nignx与php
[root@web02 ~]# scp root@172.16.1.7:/etc/yum.repos.d/* /etc/yum.repos.d/
[root@web02 ~]# yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb nginx
##同步nginx与php配置
[root@web02 ~]# rsync -avz --delete root@172.16.1.7:/etc/nginx /etc/
[root@web02 ~]# rsync -avz --delete root@172.16.1.7:/etc/php-fpm.d/* /etc/php-fpm.d/
##在web01上打包code
[root@web01 ~]# tar czf code.tar.gz /code/
##同步web01的站点目录
[root@web02 ~]# rsync -avz root@172.16.1.7:~/code.tar.gz ./
[root@web02 ~]# tar xf code.tar.gz -C /
##启动服务,并加入开机自启动
[root@web02 ~]# systemctl enable nginx php-fpm
[root@web02 ~]# systemctl start nginx php-fpm
web03 JAVA站点
[root@web03 ~]# yum install java -y
[root@web03 ~]# mkdir /code
[root@web03 ~]# cd /code
[root@web03 code]# wget http://mirrors.shu.edu.cn/apache/tomcat/tomcat-9/v9.0.12/bin/apache-tomcat-9.0.12.tar.gz
[root@web03 code]# tar xf apache-tomcat-9.0.12.tar.gz
[root@web03 code]# ln -s /code/apache-tomcat-9.0.12 /code/tomcat
下载jpress
[root@web03 ~]# cd /code/tomcat/webapps
[root@web03 ~]# rz 上传jpress的war
启动Tomcat服务
[root@web03 ~]# /code/tomcat/bin/startup.sh
#####################################################################################
nfs共享存储
[root@nfs ~]# groupadd -g 666 www
[root@nfs ~]# useradd -g 666 -u666 www
#准备共享配置
[root@nfs ~]# cat /etc/exports
/data/blog 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/zh 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/jpress 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
# 创建目录并授权
[root@nfs ~]# mkdir /data/{blog,zh,jpress} -p
[root@nfs ~]# chown -R www.www /data
[root@nfs ~]# systemctl enable nfs-server
[root@nfs ~]# systemctl start nfs-server
#####################################################################################
web01和web02执行挂载wordpress【wecenter和jpress自行完成】
[root@web02 wp-content]# mv uploads/ uploads_bak
[root@web02 wp-content]# mkdir uploads
[root@web02 wp-content]# mount -t nfs 172.16.1.31:/data/blog /code/wordpress/wp-content/uploads
[root@web02 wp-content]# cp -rp uploads_bak/* uploads/
web01上面直接挂载即可
[root@web01 ~]# mkdir /code/wordpress/wp-content/uploads
[root@web01 ~]# mount -t nfs 172.16.1.31:/data/blog /code/wordpress/wp-content/uploads
记得加入开机自启动
#####################################################################################
lb01操作
[root@lb01 ~]# scp -rp root@172.16.1.7:/etc/yum.repos.d/nginx.repo /etc/yum.repos.d/
[root@lb01 ~]# yum install nginx -y
[root@lb01 ~]# rm -f /etc/nginx/conf.d/*
[root@lb01 ~]# cat /etc/nginx/conf.d/blog_proxy.conf
upstream blog {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
server_name blog.oldboy.com;
listen 80;
location / {
proxy_pass http://blog;
include proxy_params;
}
}
[root@lb01 ~]# cat /etc/nginx/conf.d/zh_proxy.conf
upstream zh {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
server_name zh.oldboy.com;
listen 80;
location / {
proxy_pass http://zh;
include proxy_params;
}
}
[root@lb01 ~]# cat /etc/nginx/conf.d/jpress_proxy.conf
upstream java {
server 172.16.1.9:8080;
}
server {
listen 80;
server_name jpress.oldboy.com;
location / {
proxy_pass http://java;
include proxy_params;
}
}
##共有优化配置文件
[root@lb01 ~]# cat /etc/nginx/proxy_params
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
[root@lb01 ~]# systemctl enable nginx
[root@lb01 ~]# systemctl start nginx
#####################################################################################
lb01操作HTTPS
1.生成ssl
[root@lb01 ~]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
//OpenSSL 必须是1.0.2
//nginx 必须有模块
[root@lb01 ~]# nginx -V
--with-http_ssl_module
[root@lb01 ~]# mkdir /etc/nginx/ssl_key -p
[root@lb01 ~]# cd /etc/nginx/ssl_key
[root@lb01 ~]# openssl req -days 36500 -x509
> -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
2.配置nginx的负载均衡支持https
[root@lb01 conf.d]# cat blog_proxy.conf
upstream blog {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
server_name blog.oldboy.com;
listen 80;
return 302 https://$server_name$request_uri;
}
server {
server_name blog.oldboy.com;
listen 443;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass http://blog;
include proxy_params;
}
}
[root@lb01 conf.d]# cat zh_proxy.conf
upstream zh {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
server_name zh.oldboy.com;
listen 80;
return 302 https://$server_name$request_uri;
}
server {
server_name zh.oldboy.com;
listen 443;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location /{
proxy_pass http://zh;
include proxy_params;
}
}
#####################################################################################
配置备份rsync
[root@backup ~]# yum install rsync -y
[root@backup ~]# cat /etc/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
comment = welcome to oldboyedu backup!
path = /backup
[data]
comment = welcome to oldboyedu data!
path = /data
##准备目录
[root@backup ~]# groupadd -g666 www
[root@backup ~]# useradd -u666 -g666 www
[root@backup ~]# chown -R www.www /{backup,data}
##准备密码文件
[root@backup ~]# echo 'rsync_backup:123' > /etc/rsync.passwd
[root@backup ~]# chmod 600 /etc/rsync.passwd
##启动服务并加入开机自启动
[root@backup ~]# systemctl enable rsyncd
[root@backup ~]# systemctl start rsyncd
#######################其他机器准备推送脚本
[root@lb01 scripts]# mkdir /server/scripts -p
[root@lb01 ~]# cat /server/scripts/client_rsync_backup.sh
#批量创建数据文件
#!/usr/bin/bash
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#1.定义变量
Host=$(hostname)
Addr=$(ifconfig eth1|awk 'NR==2{print $2}')
Date=$(date +%F)
Dest=${Host}_${Addr}_${Date}
Path=/backup
#2.创建备份目录
[ -d $Path/$Dest ] || mkdir -p $Path/$Dest
#3.备份对应的文件
cd / &&
[ -f $Path/$Dest/system.tar.gz ] || tar czf $Path/$Dest/system.tar.gz etc/fstab etc/rsyncd.conf &&
[ -f $Path/$Dest/log.tar.gz ] || tar czf $Path/$Dest/log.tar.gz var/log/messages var/log/secure &&
#4.携带md5验证信息
[ -f $Path/$Dest/flag ] || md5sum $Path/$Dest/*.tar.gz >$Path/$Dest/flag
#4.推送本地数据至备份服务器
export RSYNC_PASSWORD=123
rsync -avz $Path/ rsync_backup@172.16.1.41::backup
#5.本地保留最近7天的数据
find $Path/ -type d -mtime +7|xargs rm -rf
##测试脚本
[root@lb01 ~]# chmod +x /server/scripts/client_rsync_backup.sh
[root@lb01 ~]# sh /server/scripts/client_rsync_backup.sh
##编写定时任务
[root@lb01 ~]# echo '00 00 * * * sh /server/scripts/client_rsync_backup.sh >&/dev/null' >> /var/spool/cron/root
#######################Backup服务器上的校验脚本
[root@backup ~]# mkdir /server/scripts -p
[root@backup ~]# vim /server/scripts/check_backup.sh
#!/usr/bin/bash
#1.定义全局的变量
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#2.定义局部变量
Path=/backup
Date=$(date +%F)
#3.查看flag文件,并对该文件进行校验, 然后将校验的结果保存至result_时间
find $Path/*_${Date} -type f -name "flag"|xargs md5sum -c >$Path/result_${Date}
#4.将校验的结果发送邮件给管理员
mail -s "Rsync Backup $Date" 1773280586@qq.com <$Path/result_${Date}
#5.删除超过7天的校验结果文件, 删除超过180天的备份数据文件
find $Path/ -type f -name "result*" -mtime +7|xargs rm -f
find $Path/ -type d -mtime +180|xargs rm -rf
## 服务端实现邮件功能
[root@backup ~]# yum install mailx -y
[root@backup ~]# vim /etc/mail.rc
set from=1773280586@qq.com
set smtp=smtps://smtp.qq.com:465
set smtp-auth-user=1773280586@qq.com
set smtp-auth-password=fsutdpigtgidfbgd
set smtp-auth=login
set ssl-verify=ignore
set nss-config-dir=/etc/pki/nssdb/