| 主机名 |
Wan IP |
Lan IP |
搭建服务 |
| lb01 |
10.0.0.5 |
172.16.1.5 |
负载均衡 |
| lb02 |
10.0.0.6 |
172.16.1.6 |
keepalived |
| web01 |
10.0.0.7 |
172.16.1.7 |
nginx和php |
| web02 |
10.0.0.8 |
172.16.1.8 |
nginx和php |
| web03 |
10.0.0.9 |
172.16.1.9 |
nginx和php |
| nfs |
10.0.0.31 |
172.16.1.31 |
nfs和sersync |
| backup |
10.0.0.41 |
172.16.1.41 |
rsync |
| db01 |
10.0.0.51 |
172.16.1.51 |
MySQL |
backup
1.写脚本
vim /root/rsync.sh
#!/bin/bash
install=`yum install -y rsync`
cat >/etc/rsyncd.conf<<'EOF'
#!/bin/bash
uid = rsync
gid = rsync
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = kang_bak
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
[backup]
comment = welcome to oldboyedu backup!
path = /backup
EOF
useradd rsync -s /sbin/nologin -M
mkdir /backup
chown rsync.rsync /backup/ -R
echo 'kang_bak:123' > /etc/rsync.passwd
chmod 600 /etc/rsync.passwd
systemctl start rsyncd
systemctl enable rsyncd
2.一键部署
sh /root/rsync.sh
nfs
1.写脚本
vim /root/sersync.sh
#!/bin/bash
install=`yum install -y rsync nfs-utils inotify-tools`
echo "/code/wp 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)" >> /etc/exports
echo "/code/zh 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)" >> /etc/exports
groupadd www -g 666
useradd www -u 666 -g 666 -s /sbin/nologin -M
mkdir -p /code/{wp,zh}
chown www.www /code/
systemctl start rpcbind nfs-server
systemctl enable rpcbind nfs-server
download=`wget http://test.driverzeng.com/other/sersync2.5.4_64bit_binary_stable_final.tar.gz`
tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz
mv GNU-Linux-x86 /usr/local/sersync
cat >/usr/local/sersync/confxml.xml<<'EOF'
<?xml version="1.0" encoding="ISO-8859-1"?>
<head version="2.5">
<host hostip="localhost" port="8008"></host>
<debug start="false"/>
<fileSystem xfs="false"/>
<filter start="false">
<exclude expression="(.*).svn"></exclude>
<exclude expression="(.*).gz"></exclude>
<exclude expression="^info/*"></exclude>
<exclude expression="^static/*"></exclude>
</filter>
<inotify>
<delete start="true"/>
<createFolder start="true"/>
<createFile start="false"/>
<closeWrite start="true"/>
<moveFrom start="true"/>
<moveTo start="true"/>
<attrib start="true"/>
<modify start="true"/>
</inotify>
<sersync>
<!-- 客户端需要监控的目录 -->
<localpath watch="/code">
<!-- rsync服务端的IP 和 name:模块 -->
<remote ip="10.0.0.41" name="backup"/>
<!--<remote ip="192.168.8.39" name="tongbu"/>-->
<!--<remote ip="192.168.8.40" name="tongbu"/>-->
</localpath>
<rsync>
<!-- rsync命令执行的参数 -->
<commonParams params="-az"/>
<!-- rsync认证start="true" users="rsync指定的匿名用户" passwordfile="指定一个密码文件的位置权限必须600" -->
<auth start="true" users="kang_bak" passwordfile="/etc/rsync.passwd"/>
<userDefinedPort start="false" port="874"/><!-- port=874 -->
<timeout start="false" time="100"/><!-- timeout=100 -->
<ssh start="false"/>
</rsync>
<failLog path="/tmp/rsync_fail_log.sh" timeToExecute="60"/><!--default every 60mins execute once-->
<crontab start="false" schedule="600"><!--600mins-->
<crontabfilter start="false">
<exclude expression="*.php"></exclude>
<exclude expression="info/*"></exclude>
</crontabfilter>
</crontab>
<plugin start="false" name="command"/>
</sersync>
<plugin name="command">
<param prefix="/bin/sh" suffix="" ignoreError="true"/> <!--prefix /opt/tongbu/mmm.sh suffix-->
<filter start="false">
<include expression="(.*).php"/>
<include expression="(.*).sh"/>
</filter>
</plugin>
<plugin name="socket">
<localpath watch="/opt/tongbu">
<deshost ip="192.168.138.20" port="8009"/>
</localpath>
</plugin>
<plugin name="refreshCDN">
<localpath watch="/data0/htdocs/cms.xoyo.com/site/">
<cdninfo domainname="ccms.chinacache.com" port="80" username="xxxx" passwd="xxxx"/>
<sendurl base="http://pic.xoyo.com/cms"/>
<regexurl regex="false" match="cms.xoyo.com/site([/a-zA-Z0-9]*).xoyo.com/images"/>
</localpath>
</plugin>
</head>
EOF
echo '123' > /etc/rsync.passwd
chmod 600 /etc/rsync.passwd
/usr/local/sersync/sersync2 -rdo /usr/local/sersync/confxml.xml
2.一键部署
sh /root/sersync.sh
db01
1.安装MySQL
yum install -y mariadb-server
2.启动服务,并加入开机自启
systemctl start mariadb && systemctl enable mariadb
3.给root用户密码
mysqladmin -uroot password '123'
4.连接数据库
mysql -uroot -p123
5.创建数据库
create database wp;
create database zh;
6.查看是否创建成功
show databases;
7.创建WordPress连接数据库的用户和密码
grant all on *.* to php_user@'%' identified by '111';
web01
1.更换官方源
cat>>/etc/yum.repos.d/nginx.repo<<'EOF'
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
2.安装nginx
yum install -y nginx
3.新建并修改nginx用户
groupadd -g 666 www
useradd -u 666 -g 666 -s /sbin/nologin -M www
sed -i 's#^user nginx#user www#' /etc/nginx/nginx.conf
4.加入开机自启
systemctl enable nginx
5.添加nginx配置文件
vim /etc/nginx/conf.d/wp.conf
server {
listen 80;
server_name wp.kang.com;
root /code/wp;
index index.php index.html;
location ~ .php$ {
root /code/wp;
fastcgi_pass localhost:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
vim /etc/nginx/conf.d/zh.conf
server {
listen 80;
server_name zh.kang.com;
root /code/zh;
index index.php index.html;
location ~ .php$ {
root /code/zh;
fastcgi_pass localhost:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# 让所有的访问都走https
echo 'fastcgi_param HTTPS on;' >> /etc/nginx/fastcgi_params
6.创建对应文件
mkdir -p /code/{wp,zh}
7.将对应文件解压并放入对应文件夹
8.授权
chown -R www.www /code/
9.创建并挂载图片目录
mkdir -p /code/wordpress/wp-content/uploads/
mount -t nfs 172.16.1.31:/code/wp /code/wordpress/wp-content/uploads/
mkdir -p /code/zh/uploads
mount -t nfs 172.16.1.31:/code/zh /code/zh/uploads
10.安装php,先卸载自带
yum remove php-mysql-5.4 php php-fpm php-common
11.更换php源
vim /etc/yum.repos.d/php.repo
[php-webtatic]
name = PHP Repository
baseurl = http://us-east.repo.webtatic.com/yum/el7/x86_64/
gpgcheck = 0
enabled = 1
12.安装php
yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb
13.更改php用户和用户组
sed -i 's#^user = apache#user = www#' /etc/php-fpm.d/www.conf
sed -i 's#^group = apache#group = www#' /etc/php-fpm.d/www.conf
14.启动php并加入开机自启
systemctl start php-fpm && systemctl enable php-fpm
15.启动nginx
systemctl start nginx
16.在windows的 hosts文件中加入域名解析
17.浏览器打开wp.com
数据库名 wp
用户名 php_user
密码 111
数据库主机 10.0.0.51
表前缀 wp_
18.浏览器打开zh.com
数据库名称 zh
数据库用户名 php_user
数据库密码 111
数据库地址 10.0.0.51
表前缀 zh_
19.wp后台把网站改https
web02
1.更换官方源
vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
2.安装nginx
yum install -y nginx
3.新建并修改nginx用户
groupadd -g 666 www
useradd -u 666 -g 666 -s /sbin/nologin -M www
sed -i 's#^user nginx#user www#' /etc/nginx/nginx.conf
4.从web01添加
rm -rf /etc/php-fpm.d/
rm -rf /etc/php.ini
rsync -avz /etc/php-fpm.d/ root@10.0.0.8:/etc/php-fpm.d/
rsync -avz /etc/php.ini root@10.0.0.8:/etc/php.ini
rsync -avz /code/ root@10.0.0.8:/code
rsync -avz /etc/nginx/conf.d/ root@10.0.0.8:/etc/nginx/conf.d/
5.挂载图片目录
mount -t nfs 172.16.1.31:/code/wp /code/wordpress/wp-content/uploads/
mount -t nfs 172.16.1.31:/code/zh /code/zh/uploads
6.安装php,先卸载自带
yum remove php-mysql-5.4 php php-fpm php-common
7.更换php源
vim /etc/yum.repos.d/php.repo
[php-webtatic]
name = PHP Repository
baseurl = http://us-east.repo.webtatic.com/yum/el7/x86_64/
gpgcheck = 0
enabled = 1
8.安装php
yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb
9.更改php用户和用户组
sed -i 's#^user = apache#user = www#' /etc/php-fpm.d/www.conf
sed -i 's#^group = apache#group = www#' /etc/php-fpm.d/www.conf
10.启动php并加入开机自启
systemctl start php-fpm && systemctl enable php-fpm
11.启动nginx并加入开机自启
systemctl start nginx && systemctl enable nginx
web03
1.更换官方源
vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
2.安装nginx
yum install -y nginx
3.新建并修改nginx用户
groupadd -g 666 www
useradd -u 666 -g 666 -s /sbin/nologin -M www
sed -i 's#^user nginx#user www#' /etc/nginx/nginx.conf
4.从web01添加
rm -rf /etc/php-fpm.d/
rm -rf /etc/php.ini
rsync -avz /etc/php-fpm.d/ root@10.0.0.9:/etc/php-fpm.d/
rsync -avz /etc/php.ini root@10.0.0.9:/etc/php.ini
rsync -avz /code/ root@10.0.0.9:/code
rsync -avz /etc/nginx/conf.d/ root@10.0.0.9:/etc/nginx/conf.d/
5.挂载图片目录
mount -t nfs 172.16.1.31:/code/wp /code/wordpress/wp-content/uploads/
mount -t nfs 172.16.1.31:/code/zh /code/zh/uploads
6.安装php,先卸载自带
yum remove php-mysql-5.4 php php-fpm php-common
7.更换php源
vim /etc/yum.repos.d/php.repo
[php-webtatic]
name = PHP Repository
baseurl = http://us-east.repo.webtatic.com/yum/el7/x86_64/
gpgcheck = 0
enabled = 1
8.安装php
yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb
9.更改php用户和用户组
sed -i 's#^user = apache#user = www#' /etc/php-fpm.d/www.conf
sed -i 's#^group = apache#group = www#' /etc/php-fpm.d/www.conf
10.启动php并加入开机自启
systemctl start php-fpm && systemctl enable php-fpm
11.启动nginx并加入开机自启
systemctl start nginx && systemctl enable nginx
lb01
1.更换官方源
cat>>/etc/yum.repos.d/nginx.repo<<'EOF'
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
2.安装nginx和keepalived
yum install -y nginx keepalived
3.新建并修改nginx用户
groupadd -g 666 www
useradd -u 666 -g 666 -s /sbin/nologin -M www
sed -i 's#^user nginx#user www#' /etc/nginx/nginx.conf
4.配置证书
mkdir /etc/nginx/ssl
cd /etc/nginx/ssl
openssl req -days 36500 -x509
> -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
Generating a 2048 bit RSA private key
5.添加nginx配置文件
vim /etc/nginx/conf.d/zh.conf
upstream zh {
server 172.16.1.7;
server 172.16.1.8;
server 172.16.1.9;
}
server {
listen 80;
server_name zh.kang.com;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name zh.kang.com;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
location / {
proxy_pass http://zh;
proxy_set_header Host $host;
}
}
vim /etc/nginx/conf.d/wp.conf
upstream wp {
server 172.16.1.7;
server 172.16.1.8;
server 172.16.1.9;
}
server {
listen 80;
server_name wp.kang.com;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name wp.kang.com;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
location / {
proxy_pass http://wp;
proxy_set_header Host $host;
}
}
5.添加MASTER配置文件
vim /etc/keepalived/keepalived.conf
global_defs { #全局配置
router_id lb01 #标识身份->名称
}
vrrp_script xxx {
script "/root/nginx_keep.sh"
interval 5
}
vrrp_instance VI_1 {
state MASTER #标识角色状态
interface eth0 #网卡绑定接口
virtual_router_id 50 #虚拟路由id
priority 150 #优先级
advert_int 1 #监测间隔时间
authentication { #认证
auth_type PASS #认证方式
auth_pass 1111 #认证密码
}
virtual_ipaddress {
10.0.0.3 #虚拟的VIP地址
}
}
track_script {
xxx
}
6.添加脚本
vim /root/nginx_keep.sh
#!/bin/sh
nginx_status=$(ps -C nginx --no-header|wc -l)
#1.判断Nginx是否存活,如果不存活则尝试启动Nginx
if [ $nginx_status -eq 0 ];then
systemctl start nginx
sleep 3
#2.等待3秒后再次获取一次Nginx状态
nginx_status=$(ps -C nginx --no-header|wc -l)
#3.再次进行判断, 如Nginx还不存活则停止Keepalived,让地址进行漂移,并退出脚本
if [ $nginx_status -eq 0 ];then
systemctl stop keepalived
fi
fi
7.启动
systemctl start nginx keepalived
lb02
1.更换官方源
cat>>/etc/yum.repos.d/nginx.repo<<'EOF'
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
2.安装nginx和keepalived
yum install -y nginx keepalived
3.新建并修改nginx用户
groupadd -g 666 www
useradd -u 666 -g 666 -s /sbin/nologin -M www
sed -i 's#^user nginx#user www#' /etc/nginx/nginx.conf
4.配置证书
mkdir /etc/nginx/ssl
# lb01 rsync -avz /etc/nginx/ssl root@10.0.0.6:/etc/nginx/ssl
5.添加nginx配置文件
# lb01 rsync -avz /etc/nginx/conf.d/ root@10.0.0.6:/etc/nginx/conf.d/
6.添加MASTER配置文件
vim /etc/keepalived/keepalived.conf
global_defs { #全局配置
router_id lb01 #标识身份->名称
}
vrrp_instance VI_1 {
state MASTER #标识角色状态
interface eth0 #网卡绑定接口
virtual_router_id 50 #虚拟路由id
priority 150 #优先级
advert_int 1 #监测间隔时间
authentication { #认证
auth_type PASS #认证方式
auth_pass 1111 #认证密码
}
virtual_ipaddress {
10.0.0.3 #虚拟的VIP地址
}
7.启动
systemctl start nginx keepalived
8.网站访问脚本
vim test.sh
#!/bin/bash
while true;do
code_status=$(curl -I -m 10 -o /dev/null -s -w %{http_code} www.wp.com)
if [ $code_status -eq 200 ];then
echo "$(date +%F-%T)_网站访问成功" >> /tmp/web.log
else
echo "$(date +%F-%T)_网站访问失败,状态码是: $code_status" >> /tmp/web.log
fi
sleep 1
done
9.物理机hosts解析
10.0.0.3 zh.kang.com wp.kang.com
10.浏览器访问
zh.kang.com
wp.kang.com