码迷,mamicode.com
首页 > 其他好文 > 详细

利用虚拟机模拟搭建LNMP架构

时间:2020-01-11 20:03:03      阅读:85      评论:0      收藏:0      [点我收藏+]

标签:header   写入   设置   auto   unix   emctl   ipaddr   proxy   efs   

@魔力辛巴

利用虚拟机模拟搭建LNMP架构

  • 先创建优化后的模板机,再通过模板机克隆产生其他服务器
  • yum install -y bash-completion* net-tools vim tree htop telnet lrzsz wget iftop iotop sl unzip nmap nc psmisc dos2unix sysstat httpd-tools procps-ng rsync nfs-utils redis mariadb-server lsyncd mailx sshpass epel-release yum-utils keepalived
  • nmcli connection modify eth0 ipv4.addresses 10.0.0.5/24 && nmcli connection modify eth1 ipv4.addresses 172.16.1.5/24 && hostnamectl set-hostname

1. Lsyncd服务 文件实时同步备份

服务端(Backup服务器)配置

yum install rsync -y
groupadd -g666 www && useradd -u666 -g666 www
systemctl start rsyncd
vim /etc/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsyncd.passwd
log file = /var/log/rsyncd.log

##############################

[backup]
path = /backup

[data]
path = /data
[root@bakup data]#   echo ‘rsync_backup:1‘ > /etc/rsyncd.passwd
[root@bakup data]#   chmod 600 /etc/rsyncd.passwd
[root@bakup data]#   mkdir -p /backup /data
[root@bakup data]#   chown -R www.www /backup /data
[root@bakup data]#   systemctl restart rsyncd
[root@bakup data]#   systemctl enable rsyncd

客户端(NFS服务器)配置

[root@nfs01 data]#   yum install epel-release -y && yum install rsync lsyncd -y
[root@nfs01 data]#   groupadd -g666 www && useradd -u666 -g666 www
[root@nfs01 data]#   systemctl start rsyncd lsyncd
[root@nfs01 data]#   mkdir /{backup,data}
[root@nfs01 data]#   chown -R www.www /{backup,data}
[root@nfs01 data]#   vim /etc/lsyncd.conf
settings {
 logfile = "/var/log/lsyncd/lsyncd.log",
 statusFile = "/var/log/lsyncd/lsyncd.status",
 inotifyMode = "CloseWrite",
 maxProcesses = 8,
}

sync {
 default.rsync,
 source = "/data",
 target = "rsync_backup@172.16.1.41::data",
 delete= true,
 exclude = { ".*" },
 delay = 5,

rsync = {
    binary = "/usr/bin/rsync",
    archive = true,
    compress = true,
    verbose = true,
    password_file = "/etc/lsyncd.passwd",
    _extra = {"--bwlimit=200"}                          --限速选项,单位MB,非常重要
    }                                                   --不配置可能会让内网中其他服务器炸了
}
[root@nfs01 data]#   echo ‘1‘ > /etc/lsyncd.passwd
[root@nfs01 data]#   chmod 600 /etc/lsyncd.passwd
[root@nfs01 data]#   lsyncd -nodaemon /etc/lsyncd.conf
[root@nfs01 data]#   systemctl restart rsyncd lsyncd
[root@nfs01 data]#   systemctl enable rsyncd lsyncd

2. Rsync服务 通过脚本实现定期备份

客户端(任意服务器)配置

  • 上文已经配置好rsync,此处不再赘述
[root@nfs01 data]#   mkdir /scripts
[root@nfs01 data]#   vim /scripts/backup.sh
#! usr/bin/bash

Path=/backup
Host=$(hostname)
IP=$(ifconfig eth1 | awk ‘/inet / {print $2}‘)
Date=$(date +%F)
Dest=$Path/${Host}_${IP}_${Date}

mkdir -p $Dest

cd / && tar zcf $Dest/sysdate.tar.gz etc/fstab etc/hosts etc/passwd && tar zcf $Dest/scripts.tar.gz var/spool/cron scripta

md5sum $Path/*/*tar.gz > $Dest/flag_$Date

export RSYNC_PASSWORD=1
rsync -avz $Path/ rsync_backup@172.16.1.41::backup

find $Path/ -type d -mtime +7 | xargs rm -rf
[root@nfs01 data]#   crontab -e
00 01 * * * sh /scripts/backup.sh &> /dev/null

服务端(Backup服务器)配置

  • 上文已配置好rsync,此处不再赘述
[root@bakup data]#   yum install mailx -y
[root@bakup data]#   vim /etc/mail.rc
set from=xxx@qq.com
set smtp=smtps://smtp.qq.com:465
set smtp-auth-user=xxx@qq.com
set smtp-auth-password=XXX              #XXX表示邮箱的授权码
set smtp-auth=login
set ssl-verify=ignore
set nss-config-dir=/etc/pki/nssdb/
[root@bakup data]#   mkdir /scripts
[root@bakup data]#   vim /scripts/chark.sh
#! usr/bin/bash

Path=/backup
Date=$(date +%F)
Dest=$Path/${Host}_${IP}_${Date}

md5sum -c $Path/*/flag_$Date > $Path/result_$Date

mail -s "rsync_backup_$Date" "xxx@qq.com" < $Path/result_$Date

find $Path/ -type d -mtime +180 | xargs rm -rf
[root@bakup data]#   crontab -e
00 05 * * * sh /scripts/chark.sh &> /dev/null

3. NFS服务 统一挂载

  • NFS的一些特性
    • 简单易用,部署方便,数据可靠,服务稳定
    • 数据都是明文,不会对数据进行任何校验,也没有任何密码保护,效率极高,安全性相当于没有,只建议内网使用
    • 得益于高效率,多用于存储静态数据,减少后端存储压力
    • 并不能带来性能上的提升

服务端(NFS服务器)配置

[root@nfs01 data]#   yum install nfs-utils -y
[root@nfs01 data]#   systemctl start nfs
[root@nfs01 data]#   echo ‘/data 172.16.1.0/24(rw,all_squash,anonuid=666,anongid=666)‘ > /etc/exports
[root@nfs01 data]#   mkidr -p /data
[root@nfs01 data]#   groupadd -g666 www && useradd -u666 -g666 www
[root@nfs01 data]#   chown -R www.www /data
[root@nfs01 data]#   systemctl restart nfs
[root@nfs01 data]#   systemctl enable nfs
  • 相关参数
参数 功能
rw 读写权限
ro 只读权限
root_squash 当NFS客户端以root管理员访问时,压缩为NFS服务器的匿名用户
no_root_squash 当NFS客户端以root管理员访问时,压缩为NFS服务器的root管理员
all_squash 无论NFS客户端使用什么账户访问,都压缩为NFS服务器的匿名用户
no_all_squash 无论NFS客户端使用什么账户访问,都不进行压缩
sync 同时将数据写入内存与存储中,保证数据安全性,避免数据丢失
async 优先将数据写入到内存中,然后写入存储中,效率更高,但安全性较低
anonuid 当配置了all_squash时,指定此UID的NFS的用户,此用户必须存在在系统中
anongid 当配置了all_squash时,指定此GID的NFS的用户,此用户必须存在在系统中

客户端(WEB服务器)配置

[root@web01 ~]#   yum install nfs-utils -y
[root@web01 ~]#   systemctl start nfs
[root@web01 ~]#   groupadd -g666 www && useradd -u666 -g666 www
[root@web01 ~]#   mkdir -p /data
[root@web01 ~]#   chown -R www.www /data
[root@web01 ~]#   systemctl restart nfs
[root@web01 ~]#   systemctl enable nfs
[root@web01 ~]#   showmount -e 172.16.1.31
[root@web01 ~]#   mount -t nfs 172.16.1.31:/data /data
[root@web01 ~]#   echo ‘172.16.1.31:/data /data nfs defaults 0 0‘ >> /etc/fstab
[root@web01 ~]#   umount 172.16.1.31:/data
  • NFS服务器故障后卸载方法
[root@web01 ~]#   mount
......
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=47968k,mode=700)
172.16.1.31:/data on /mnt type nfs4 (rw,relatime,vers=4.1,rsize=65536,wsize=65536,
namlen=255,hard,proto=tcp,timeo=600,retrans=2,
sec=sys,clientaddr=172.16.1.7,local_lock=none,addr=172.16.1.31)
[root@web01 ~]#   umount -lf 172.16.1.31:/data

4.NFS服务器故障时快速切换Backup服务器

Backup服务器配置

[root@bakup data]#   yum install nfs-utils -y
[root@bakup data]#   systemctl start nfs
[root@bakup data]#   echo ‘/data 172.16.1.0/24(rw,all_squash,anonuid=666,anongid=666)‘ >> /etc/exports
[root@bakup data]#   systemctl restart nfs
[root@bakup data]#   systemctl enable nfs

WEB服务器配置

[root@web01 ~]#   umount -lf 172.16.1.31:/data
[root@web01 ~]#   mount -t nfs 172.16.1.41:/data /var/www/html/data/User/admin/home/video/
[root@web01 ~]#   sed -i ‘s#172.16.1.31#172.16.1.41#g‘ /etc/fstab

5. 安装Nginx和PHP

[root@web01 ~]#   vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[root@web01 ~]#   yum install nginx -y
[root@web01 ~]#   yum install epel-release yum-utils -y
[root@web01 ~]#   rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
[root@web01 ~]#   yum install php72w php72w-cli php72w-common php72w-devel php72w-embedded php72w-gd php72w-mbstring php72w-pdo php72w-xml php72w-fpm php72w-mysqlnd php72w-opcache php72w-mcrypt php72w-pecl-memcached php72w-pecl-mongodb php72w-pecl-redis php72w-pecl-zip php72w-bcmath -y

6. Nginx反向代理 搭建负载均衡

[root@lb01 ~]#   systemctl start nginx
[root@lb01 ~]#   vim /etc/nginx/conf.d/proxy_simba.com.conf
upstream wordpress {
        server 172.16.1.7:80 max_conns=1000 max_fails=3 fail_timeout=10s;
        server 172.16.1.8:80 max_conns=1000 max_fails=3 fail_timeout=10s;
        server 172.16.1.9:80 backup;
        keepalive 16;
	keepalive_timeout 100s;
	keepalive_requests 50;
        }

server {
        listen 80;
        server_name simba.com;
        client_max_body_size 20m;

        location / {
                proxy_pass http://wordpress;
                include proxy_params;
                }
        }
[root@lb01 ~]#   vim /etc/nginx/conf.d/proxy_phpmyadmin.com.conf
upstream myadmin {
        server 172.16.1.7:80 max_conns=1000 max_fails=3 fail_timeout=10s;
        server 172.16.1.8:80 max_conns=1000 max_fails=3 fail_timeout=10s;
        server 172.16.1.9:80 backup;
        keepalive 16;
	keepalive_timeout 100s;
	keepalive_requests 50;
        }

server {
        listen 80;
        server_name phpmyadmin.com;
        client_max_body_size 20m;

        location / {
                proxy_pass http://myadmin;
                include proxy_params;
                }
        }
[root@lb01 ~]#   vim /etc/nginx/proxy_params
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";

proxy_connect_timeout 30s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;

proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
[root@lb01 ~]#   systemctl restart nginx
[root@lb01 ~]#   systemctl enable nginx
  • 一些参数的含义
参数 含义
down 标识server不参与负载均衡
backup 标识server作为备份服务器预留
max_conns 限制最大的接收连接数
max_fails 允许请求失败的次数
fail_timeout max_fails的超时时间,发生请求失败后开始计时
keepalive 最大空闲连接数
keepalive_timeout 空闲连接超时时间
keepalive_requests 一个连接的最大请求数
  • nginx_http_proxy模块
命令 功能 作用域
proxy_connect_timeout 30s nginxupstream server建立连接的超时时间 http
server
location
proxy_send_timeout 60s nginx发送数据至upstream server的超时时间 http
server
location
proxy_read_timeout 60s nginx接收upstream server数据的超时时间 http
server
location
proxy_buffering on
off
启用当前服务器的缓冲功能
禁用当前服务器的缓冲功能
http
server
location
proxy_buffer_size 32k 限定从upstream server取得的Response Headers大小 http
server
location
proxy_buffers 4 128k 缓冲区的数量和大小
upstream server取得的Response会放置到这里
http
server
location
proxy_http_version 1.1 使用HTTP1.1版本
需配合proxy_set_header Connection ""使用
http
server
location

7. 负载均衡 HTTP升级HTTPs

  • 因为是虚拟机模拟搭建,所以此处自行制作一个证书
[root@lb01 ~]#   mkdir /etc/nginx/ssl_key -p
[root@lb01 ~]#   cd /etc/nginx/ssl_key
[root@lb01 ssl_key]#   openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=/ST=/L=/O=/OU=/CN=simba"
[root@lb01 ssl_key]#   openssl x509 -req -sha256 -days 36500 -in server.csr -signkey server.key -out server.crt
[root@lb01 ~]#   vim /etc/nginx/conf.d/proxy_simba.com.conf
upstream wordpress {
        server 172.16.1.7:80;
        server 172.16.1.8:80;
        server 172.16.1.9:80;
        }

server {
        listen 443 ssl;
        server_name simba.com;
        ssl_certificate ssl_key/server.crt;
		ssl_certificate_key ssl_key/server.key;
        client_max_body_size 20m;

        location / {
                proxy_pass http://wordpress;
                include proxy_params;
                }
        }

server {
	listen 80;
	server_name simbao.com;
	return 302 https://$http_host$request_uri;
}
[root@lb01 ~]#   vim /etc/nginx/conf.d/proxy_phpmyadmin.com.conf
upstream myadmin {
        server 172.16.1.7:80;
        server 172.16.1.8:80;
        server 172.16.1.9:80;
        }

server {
        listen 443 ssl;
        server_name phpmyadmin.com;
        ssl_certificate ssl_key/server.crt;
	ssl_certificate_key ssl_key/server.key;
        client_max_body_size 20m;

        location / {
                proxy_pass http://myadmin;
                include proxy_params;
                }
        }

server {
	listen 80;
	server_name phpmyadmin.com;
	return 302 https://$http_host$request_uri;
}
[root@web01 ~]#   systemctl restart nginx

8. Keepalived 负载均衡高可用

配置负载均衡lb01

[root@lb01 ~]#   yum install keepalived -y
[root@lb01 ~]#   systemctl start keepalived
[root@lb01 ~]#   vim /etc/keepalived/keepalived.conf
  • 抢占式
global_defs {
	router_id lb01
}

vrrp_instance VI_1 {
	state MASTER
	interface eth0
	virtual_router_id 50
	priority 150
	advert_int 1
	authentication {
	auth_type PASS
	auth_pass 1111
	}
	virtual_ipaddress {
	10.0.0.3
	}
}
  • 非抢占式
global_defs {
	router_id lb01
}

vrrp_instance VI_1 {
	state BACKUP
	interface eth0
	virtual_router_id 50
	priority 150
	nopreempt
	advert_int 1
	authentication {
	auth_type PASS
	auth_pass 1111
	}
	virtual_ipaddress {
	10.0.0.3
	}
}
[root@lb01 ~]#   systemctl restart keepalived
[root@lb01 ~]#   systemctl enable keepalived

配置负载均衡lb02

[root@lb02 ~]#   systemctl start nginx
[root@lb02 ~]#   rsync -avz --delete 172.16.1.5:/etc/nginx/ /etc/nginx/
[root@lb02 ~]#   nginx -t
[root@lb02 ~]#   systemctl restart nginx
[root@lb02 ~]#   systemctl enable nginx
[root@lb02 ~]#   yum install keepalived -y
[root@lb02 ~]#   systemctl start keepalived
[root@lb02 ~]#   vim /etc/keepalived/keepalived.conf
  • 抢占式
global_defs {
	router_id lb02
}

vrrp_instance VI_1 {
	state BACKUP
	interface eth0
	virtual_router_id 50
	priority 100
	advert_int 1
	authentication {
	auth_type PASS
	auth_pass 1111
	}
	virtual_ipaddress {
	10.0.0.3
	}
}
  • 非抢占式
global_defs {
	router_id lb02
}

vrrp_instance VI_1 {
	state BACKUP
	interface eth0
	virtual_router_id 50
	priority 100
	nopreempt
	advert_int 1
	authentication {
	auth_type PASS
	auth_pass 1111
	}
	virtual_ipaddress {
	10.0.0.3
	}
}
[root@lb02 ~]#   systemctl restart keepalived
[root@lb02 ~]#   systemctl enable keepalived

9. Keepalived故障自动转移

[root@lb01 ~]#   mkdir /scripts
[root@lb01 ~]#   vim /scripts/check_web.sh
#! /usr/bin/bash

Nginx_Process_Number=$(ps -C nginx --no-header|wc -l)

if [ $Nginx_Process_Number -lt 2 ];then
        systemctl restart nginx &>/dev/null

	sleep 3

        Nginx_Process_Number=$(ps -C nginx --no-header|wc -l)

        if [ $Nginx_Process_Number -lt 2 ];then
	pkill keepalived
        fi
fi
[root@lb01 ~]#   chmod +x /scripts/check_web.sh
[root@lb01 ~]#   vim /etc/keepalived/keepalived.conf
global_defs {
	router_id lb01
}

vrrp_script check_web {
	script "/scripts/check_web.sh"
	interval 3
}

vrrp_instance VI_1 {
	state MASTER
	interface eth0
	virtual_router_id 50
	priority 150
	advert_int 1
	authentication {
	auth_type PASS
	auth_pass 1111
	}
	virtual_ipaddress {
	10.0.0.3
	}

	track_script {
	check_web
	}
}
[root@lb01 ~]#   systemctl restart keepalived

10. 博客网站搭建

WEB服务器配置

[root@web01 ~]#   groupadd -g666 www && useradd -u666 -g666 www
[root@web01 ~]#   systemctl start php-fpm nginx
[root@web01 ~]#   sed -i ‘/^user/c user www;‘ /etc/nginx/nginx.conf
[root@web01 ~]#   sed -i ‘/^user/c user = www‘ /etc/php-fpm.d/www.conf
[root@web01 ~]#   sed -i ‘/^group/c group = www‘ /etc/php-fpm.d/www.conf
[root@web01 ~]#   vim /etc/nginx/conf.d/simba.com.conf
server {
        listen 80;
        server_name simba.com;
        root /simba/wordpress;
        client_max_body_size 20m;

        location / {
                index index.html index.php;
                }

        location ~ \.php$ {
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
                }
        }
[root@web01 ~]#   nginx -t
[root@web01 ~]#   mkdir -p /simba/wordpress/wp-content/uploads
[root@web01 ~]#   cd /simba
[root@web01 simba]#   unzip wordpress-5.3-zh_CN.zip
[root@web01 simba]#   chown -R www.www /simba
[root@web01 simba]#   systemctl restart php-fpm nginx
[root@web01 simba]#   systemctl enable php-fpm nginx

DB服务器配置

[root@db ~]#   yum install mariadb-server -y
[root@db ~]#   systemctl start mariadb
[root@db ~]#   systemctl enable mariadb
[root@db ~]#   mysqladmin password ‘123456‘
[root@db ~]#   mysql -uroot -p123456
MariaDB [(none)]>   create database wordpress;
MariaDB [(none)]>   use wordpress;
MariaDB [(none)]>   grant all privileges on *.* to ‘all‘@‘%‘ identified by ‘123456‘;
[root@db ~]#   systemctl restart mariadb

网页配置

  • 数据库名填写wordpress
  • 用户名all与密码123456
  • 数据库主机1720.16.1.51
  • 配置安装完成后,自行完成站点信息配置即可

11. 镜像网站搭建

[root@web02 ~]#   mkdir -p /mirrors/{centos,ubuntu,redhat}
[root@web02 ~]#   yum install httpd-tools -y
[root@web02 ~]#   htpasswd -bc /etc/nginx/auth_conf simba 123456
[root@web02 ~]#   vim /etc/nginx/conf.d/mirrors.com.conf
[root@web02 ~]#   vim /mirrors/index.html
<h1> simba mirrors.com </h1>
<ul><li><a href="http://mirrors.com/centos" target="_blank">centos系统</a
></li> </ul>
<ul><li><a href="http://mirrors.com/ubuntu" target="_blank">ubuntu系统</a
></li> </ul>
<ul><li><a href="http://mirrors.com/redhat" target="_blank">redhat系统</a
></li> </ul>

对网站进行访问控制

  • 10.0.0.1 仅允许访问 centos系统目录
  • 10.0.0.100 拒绝访问 ubuntu系统目录 , 其他的IP都允许
  • 需使用用户名与密码访问 redhat系统目录
  • nginx_http_autoindex模块
命令 功能 作用域
autoindex on
off
开启列出目录功能
关闭列出目录功能
http
server
location
autoindex_exact_size on
off
显示文件详细大小,单位 bytes
显示文件大概大小,单位 *B
http
server
location
autoindex_localtime on
off
显示的文件时间为文件的服务器时间
显示的文件时间为GMT时间
http
server
location
autoindex_format html
xml
json
jsonp
用这几个风格展示目录 http
server
location
[root@web02 ~]#   vim /etc/nginx/conf.d/mirrors.com.conf
server {
        listen 80;
        server_name mirrors.com;
        charset utf8;                   #设置字符集为utf8,防止中文乱码
        root /mirrors

        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
        autoindex_format html;

        location / {
                index index.html;
                }

        location /centos {
                allow 10.0.0.1/32;
                deny all;
                }

        location /ubuntu {
                allow all;
                deny 10.0.0.100/32;
                }

        location /redhat {
                auth_basic "simba Site";
                auth_basic_user_file /etc/nginx/auth_conf;
                }
        }

对网站设置访问限制

[root@web02 ~]#   
[root@web02 ~]#   
[root@web02 ~]#   
[root@web02 ~]#   
[root@web02 ~]#   
[root@web02 ~]#   

12. Redis服务 实现session共享

WEB服务器上搭建phpMyadmin

  • phpMyadmin同样需要解包,此处不再赘述
[root@web01 ~]#   ln -s /simba/phpMyAdmin-5.0.0-rc1-all-languages/ /simba/phpMyAdmin
[root@web01 ~]#   chown -R www.www /simba
[root@web01 ~]#   chown -R www.www /var/lib/php/session
[root@web01 ~]#   cp /simba/phpMyAdmin/config.sample.inc.php /simba/phpMyAdmin/config.inc.php
[root@web01 ~]#   sed -i ‘32s#localhost#172.16.1.51#g‘ /simba/phpMyAdmin/config.inc.php
[root@web01 ~]#   vim /etc/nginx/conf.d/phpmyadmin.com.conf
server {
        listen 80;
        server_name phpmyadmin.com;
        root /simba/phpMyAdmin;

        location / {
                index index.php;
        }       

        location ~ \.php$ {
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
                }
        }
[root@web01 ~]#   vim /etc/php.ini                #替换原来的内容
session.save_handler = redis
session.save_path = "tcp://172.16.1.51:6379?weight=1&timeout=2.5"
[root@web01 ~]#   vim /etc/php-fpm.d/www.conf     #将目标内容注释
;php_value[session.save_handler] = files
;php_value[session.save_path]    = /var/lib/php/session
[root@web01 ~]#   systemctl restart nginx php-fpm

DB服务器配置Redis

[root@db ~]#   yum install redis -y
[root@db ~]#   systemctl start redis
[root@db ~]#   sed -i ‘/^bind/c bind 127.0.0.1 172.16.1.51‘ /etc/redis.conf
[root@db ~]#   systemctl restart redis
[root@db ~]#   systemctl enable redis
[root@db ~]#   redis-cli
127.0.0.1:6379> KEYS *                  #查看所有session信息

13. NFS服务 整合WEB节点静态资源至NFS服务器

NFS服务器配置

  • 此处以wordpress的图片资源为例
[root@nfs ~]#   echo ‘/data/wordpress 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)‘ >> /etc/exports
[root@nfs ~]#   mkdir -p /data/wordpress
[root@nfs ~]#   chown -R www.www /data/wordpress
[root@nfs ~]#   systemctl restart nfs

web节点配置

[root@web01 ~]#   mount -t nfs 172.16.1.31:/data/wordpress /simba/wordpress/wp-content/uploads/
[root@web01 ~]#   echo ‘172.16.1.31:/data/wordpress /simba/wordpress/wp-content/uploads/ nfs defaults 0 0‘ >> /etc/fstab

14. WEB集群 扩展web节点整合成WEB集群

[root@web02 ~]#   groupadd -g666 www && useradd -u666 -g666 www
[root@web02 ~]#   systemctl start php-fpm nginx
[root@web02 ~]#   scp 172.16.1.7:/etc/yum.repos.d/* /etc/yum.repos.d/
[root@web02 ~]#   yum install nginx -y
[root@web02 ~]#   rpm -e $(rpm -qa php*)
[root@web02 ~]#   yum install php72w php72w-cli php72w-common php72w-devel php72w-embedded php72w-gd php72w-mbstring php72w-pdo php72w-xml php72w-fpm php72w-mysqlnd php72w-opcache php72w-mcrypt php72w-pecl-memcached php72w-pecl-mongodb php72w-pecl-redis php72w-pecl-zip php72w-bcmath -y
[root@web02 ~]#   rsync -avz --delete 172.16.1.7:/etc/nginx/ /etc/nginx/
[root@web02 ~]#   rsync -avz 172.16.1.7:/etc/php.ini /etc/php.ini
[root@web02 ~]#   rsync -avz 172.16.1.7:/etc/php-fpm.d/www.conf /etc/php-fpm.d/www.conf
[root@web02 ~]#   rsync -avz --delete 172.16.1.7:/simba /
[root@web02 ~]#   rsync -avz --delete 172.16.1.7:/etc/fstab /etc/
[root@web02 ~]#   nginx -t
[root@web02 ~]#   php-fpm -t
[root@web02 ~]#   systemctl restart php-fpm nginx
[root@web02 ~]#   systemctl enable php-fpm nginx

15. 跳板机 SSH秘钥对配置

跳板机Manager服务器

  • 通过sshpass与脚本配合实现免交互推送公钥,但需要目标主机密码统一
[root@manager ~]#   ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):     #秘钥存储路径,默认即可
Created directory ‘/root/.ssh‘.
Enter passphrase (empty for no passphrase):                  #创建秘钥的密码,不创建
Enter same passphrase again:                                 #回车确认即可
[root@manager ~]#   yum install sshpass -y
[root@manager ~]#   sed -i ‘/^#   StrictHostKeyChecking/c StrictHostKeyChecking no‘ /etc/ssh/ssh_config
[root@manager ~]#   mkdir /scripts
[root@manager ~]#   vim /scripts/ssh_copy.sh
#! usr/bin/bash

for IP in 172.16.1.{5,6,7,8,9,31,41,51,175}
do
sshpass -p 1 ssh-copy-id -i ~/.ssh/id_rsa.pub root@$IP &> /dev/null
done
[root@manager ~]#   ssh root@172.16.1.5                      #测试连接其他服务器
Last login: Mon Dec  2 15:08:27 2019 from 10.0.0.1
[root@lb01 ~]#                                               #服务器连接成功

openssh-clients – ssh 客户端 | openssh-server – sshd 服务端

利用虚拟机模拟搭建LNMP架构

标签:header   写入   设置   auto   unix   emctl   ipaddr   proxy   efs   

原文地址:https://www.cnblogs.com/magicsimba/p/12180867.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!