码迷,mamicode.com
首页 > 其他好文 > 详细

利用虚拟机模拟搭建LNMP架构

时间:2020-01-11 20:03:03      阅读:85      评论:0      收藏:0      [点我收藏+]

标签:header   写入   设置   auto   unix   emctl   ipaddr   proxy   efs   

@魔力辛巴

利用虚拟机模拟搭建LNMP架构

  • 先创建优化后的模板机,再通过模板机克隆产生其他服务器
  • yum install -y bash-completion* net-tools vim tree htop telnet lrzsz wget iftop iotop sl unzip nmap nc psmisc dos2unix sysstat httpd-tools procps-ng rsync nfs-utils redis mariadb-server lsyncd mailx sshpass epel-release yum-utils keepalived
  • nmcli connection modify eth0 ipv4.addresses 10.0.0.5/24 && nmcli connection modify eth1 ipv4.addresses 172.16.1.5/24 && hostnamectl set-hostname

1. Lsyncd服务 文件实时同步备份

服务端(Backup服务器)配置

yum install rsync -y
groupadd -g666 www && useradd -u666 -g666 www
systemctl start rsyncd
vim /etc/rsyncd.conf

uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsyncd.passwd
log file = /var/log/rsyncd.log

##############################

[backup]
path = /backup

[data]
path = /data

[root@bakup data]#   echo ‘rsync_backup:1‘ > /etc/rsyncd.passwd
[root@bakup data]#   chmod 600 /etc/rsyncd.passwd
[root@bakup data]#   mkdir -p /backup /data
[root@bakup data]#   chown -R www.www /backup /data
[root@bakup data]#   systemctl restart rsyncd
[root@bakup data]#   systemctl enable rsyncd

客户端(NFS服务器)配置

[root@nfs01 data]#   yum install epel-release -y && yum install rsync lsyncd -y
[root@nfs01 data]#   groupadd -g666 www && useradd -u666 -g666 www
[root@nfs01 data]#   systemctl start rsyncd lsyncd
[root@nfs01 data]#   mkdir /{backup,data}
[root@nfs01 data]#   chown -R www.www /{backup,data}
[root@nfs01 data]#   vim /etc/lsyncd.conf

settings {
 logfile = "/var/log/lsyncd/lsyncd.log",
 statusFile = "/var/log/lsyncd/lsyncd.status",
 inotifyMode = "CloseWrite",
 maxProcesses = 8,
}

sync {
 default.rsync,
 source = "/data",
 target = "rsync_backup@172.16.1.41::data",
 delete= true,
 exclude = { ".*" },
 delay = 5,

rsync = {
    binary = "/usr/bin/rsync",
    archive = true,
    compress = true,
    verbose = true,
    password_file = "/etc/lsyncd.passwd",
    _extra = {"--bwlimit=200"}                          --限速选项,单位MB,非常重要
    }                                                   --不配置可能会让内网中其他服务器炸了
}

[root@nfs01 data]#   echo ‘1‘ > /etc/lsyncd.passwd
[root@nfs01 data]#   chmod 600 /etc/lsyncd.passwd
[root@nfs01 data]#   lsyncd -nodaemon /etc/lsyncd.conf
[root@nfs01 data]#   systemctl restart rsyncd lsyncd
[root@nfs01 data]#   systemctl enable rsyncd lsyncd

2. Rsync服务 通过脚本实现定期备份

客户端(任意服务器)配置

  • 上文已经配置好rsync,此处不再赘述
[root@nfs01 data]#   mkdir /scripts
[root@nfs01 data]#   vim /scripts/backup.sh

#! usr/bin/bash

Path=/backup
Host=$(hostname)
IP=$(ifconfig eth1 | awk ‘/inet / {print $2}‘)
Date=$(date +%F)
Dest=$Path/${Host}_${IP}_${Date}

mkdir -p $Dest

cd / && tar zcf $Dest/sysdate.tar.gz etc/fstab etc/hosts etc/passwd && tar zcf $Dest/scripts.tar.gz var/spool/cron scripta

md5sum $Path/*/*tar.gz > $Dest/flag_$Date

export RSYNC_PASSWORD=1
rsync -avz $Path/ rsync_backup@172.16.1.41::backup

find $Path/ -type d -mtime +7 | xargs rm -rf

[root@nfs01 data]#   crontab -e

00 01 * * * sh /scripts/backup.sh &> /dev/null

服务端(Backup服务器)配置

  • 上文已配置好rsync,此处不再赘述
[root@bakup data]#   yum install mailx -y
[root@bakup data]#   vim /etc/mail.rc

set from=xxx@qq.com
set smtp=smtps://smtp.qq.com:465
set smtp-auth-user=xxx@qq.com
set smtp-auth-password=XXX              #XXX表示邮箱的授权码
set smtp-auth=login
set ssl-verify=ignore
set nss-config-dir=/etc/pki/nssdb/

[root@bakup data]#   mkdir /scripts
[root@bakup data]#   vim /scripts/chark.sh

#! usr/bin/bash

Path=/backup
Date=$(date +%F)
Dest=$Path/${Host}_${IP}_${Date}

md5sum -c $Path/*/flag_$Date > $Path/result_$Date

mail -s "rsync_backup_$Date" "xxx@qq.com" < $Path/result_$Date

find $Path/ -type d -mtime +180 | xargs rm -rf

[root@bakup data]#   crontab -e

00 05 * * * sh /scripts/chark.sh &> /dev/null

3. NFS服务 统一挂载

  • NFS的一些特性
    • 简单易用,部署方便,数据可靠,服务稳定
    • 数据都是明文,不会对数据进行任何校验,也没有任何密码保护,效率极高,安全性相当于没有,只建议内网使用
    • 得益于高效率,多用于存储静态数据,减少后端存储压力
    • 并不能带来性能上的提升

服务端(NFS服务器)配置

[root@nfs01 data]#   yum install nfs-utils -y
[root@nfs01 data]#   systemctl start nfs
[root@nfs01 data]#   echo ‘/data 172.16.1.0/24(rw,all_squash,anonuid=666,anongid=666)‘ > /etc/exports
[root@nfs01 data]#   mkidr -p /data
[root@nfs01 data]#   groupadd -g666 www && useradd -u666 -g666 www
[root@nfs01 data]#   chown -R www.www /data
[root@nfs01 data]#   systemctl restart nfs
[root@nfs01 data]#   systemctl enable nfs
  • 相关参数
参数 功能
rw 读写权限
ro 只读权限
root_squash 当NFS客户端以root管理员访问时,压缩为NFS服务器的匿名用户
no_root_squash 当NFS客户端以root管理员访问时,压缩为NFS服务器的root管理员
all_squash 无论NFS客户端使用什么账户访问,都压缩为NFS服务器的匿名用户
no_all_squash 无论NFS客户端使用什么账户访问,都不进行压缩
sync 同时将数据写入内存与存储中,保证数据安全性,避免数据丢失
async 优先将数据写入到内存中,然后写入存储中,效率更高,但安全性较低
anonuid 当配置了all_squash时,指定此UID的NFS的用户,此用户必须存在在系统中
anongid 当配置了all_squash时,指定此GID的NFS的用户,此用户必须存在在系统中

客户端(WEB服务器)配置

[root@web01 ~]#   yum install nfs-utils -y
[root@web01 ~]#   systemctl start nfs
[root@web01 ~]#   groupadd -g666 www && useradd -u666 -g666 www
[root@web01 ~]#   mkdir -p /data
[root@web01 ~]#   chown -R www.www /data
[root@web01 ~]#   systemctl restart nfs
[root@web01 ~]#   systemctl enable nfs
[root@web01 ~]#   showmount -e 172.16.1.31
[root@web01 ~]#   mount -t nfs 172.16.1.31:/data /data
[root@web01 ~]#   echo ‘172.16.1.31:/data /data nfs defaults 0 0‘ >> /etc/fstab
[root@web01 ~]#   umount 172.16.1.31:/data
  • NFS服务器故障后卸载方法
[root@web01 ~]#   mount
......
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=47968k,mode=700)
172.16.1.31:/data on /mnt type nfs4 (rw,relatime,vers=4.1,rsize=65536,wsize=65536,
namlen=255,hard,proto=tcp,timeo=600,retrans=2,
sec=sys,clientaddr=172.16.1.7,local_lock=none,addr=172.16.1.31)

[root@web01 ~]#   umount -lf 172.16.1.31:/data

4.NFS服务器故障时快速切换Backup服务器

Backup服务器配置

[root@bakup data]#   yum install nfs-utils -y
[root@bakup data]#   systemctl start nfs
[root@bakup data]#   echo ‘/data 172.16.1.0/24(rw,all_squash,anonuid=666,anongid=666)‘ >> /etc/exports
[root@bakup data]#   systemctl restart nfs
[root@bakup data]#   systemctl enable nfs

WEB服务器配置

[root@web01 ~]#   umount -lf 172.16.1.31:/data
[root@web01 ~]#   mount -t nfs 172.16.1.41:/data /var/www/html/data/User/admin/home/video/
[root@web01 ~]#   sed -i ‘s#172.16.1.31#172.16.1.41#g‘ /etc/fstab

5. 安装Nginx和PHP

[root@web01 ~]#   vim /etc/yum.repos.d/nginx.repo

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[root@web01 ~]#   yum install nginx -y
[root@web01 ~]#   yum install epel-release yum-utils -y
[root@web01 ~]#   rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
[root@web01 ~]#   yum install php72w php72w-cli php72w-common php72w-devel php72w-embedded php72w-gd php72w-mbstring php72w-pdo php72w-xml php72w-fpm php72w-mysqlnd php72w-opcache php72w-mcrypt php72w-pecl-memcached php72w-pecl-mongodb php72w-pecl-redis php72w-pecl-zip php72w-bcmath -y

6. Nginx反向代理 搭建负载均衡

[root@lb01 ~]#   systemctl start nginx
[root@lb01 ~]#   vim /etc/nginx/conf.d/proxy_simba.com.conf

upstream wordpress {
        server 172.16.1.7:80 max_conns=1000 max_fails=3 fail_timeout=10s;
        server 172.16.1.8:80 max_conns=1000 max_fails=3 fail_timeout=10s;
        server 172.16.1.9:80 backup;
        keepalive 16;
	keepalive_timeout 100s;
	keepalive_requests 50;
        }

server {
        listen 80;
        server_name simba.com;
        client_max_body_size 20m;

        location / {
                proxy_pass http://wordpress;
                include proxy_params;
                }
        }

[root@lb01 ~]#   vim /etc/nginx/conf.d/proxy_phpmyadmin.com.conf

upstream myadmin {
        server 172.16.1.7:80 max_conns=1000 max_fails=3 fail_timeout=10s;
        server 172.16.1.8:80 max_conns=1000 max_fails=3 fail_timeout=10s;
        server 172.16.1.9:80 backup;
        keepalive 16;
	keepalive_timeout 100s;
	keepalive_requests 50;
        }

server {
        listen 80;
        server_name phpmyadmin.com;
        client_max_body_size 20m;

        location / {
                proxy_pass http://myadmin;
                include proxy_params;
                }
        }

[root@lb01 ~]#   vim /etc/nginx/proxy_params

proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";

proxy_connect_timeout 30s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;

proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;

[root@lb01 ~]#   systemctl restart nginx
[root@lb01 ~]#   systemctl enable nginx
  • 一些参数的含义
参数 含义
down 标识server不参与负载均衡
backup 标识server作为备份服务器预留
max_conns 限制最大的接收连接数
max_fails 允许请求失败的次数
fail_timeout max_fails的超时时间,发生请求失败后开始计时
keepalive 最大空闲连接数
keepalive_timeout 空闲连接超时时间
keepalive_requests 一个连接的最大请求数
  • nginx_http_proxy模块
命令 功能 作用域
proxy_connect_timeout 30s nginxupstream server建立连接的超时时间 http
server
location
proxy_send_timeout 60s nginx发送数据至upstream server的超时时间 http
server
location
proxy_read_timeout 60s nginx接收upstream server数据的超时时间 http
server
location
proxy_buffering on
off		 启用当前服务器的缓冲功能
禁用当前服务器的缓冲功能		 http
server
location
proxy_buffer_size 32k 限定从upstream server取得的Response Headers大小 http
server
location
proxy_buffers 4 128k 缓冲区的数量和大小
upstream server取得的Response会放置到这里		 http
server
location
proxy_http_version 1.1 使用HTTP1.1版本
需配合proxy_set_header Connection ""使用		 http
server
location

7. 负载均衡 HTTP升级HTTPs

  • 因为是虚拟机模拟搭建,所以此处自行制作一个证书
[root@lb01 ~]#   mkdir /etc/nginx/ssl_key -p
[root@lb01 ~]#   cd /etc/nginx/ssl_key
[root@lb01 ssl_key]#   openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=/ST=/L=/O=/OU=/CN=simba"
[root@lb01 ssl_key]#   openssl x509 -req -sha256 -days 36500 -in server.csr -signkey server.key -out server.crt
[root@lb01 ~]#   vim /etc/nginx/conf.d/proxy_simba.com.conf

upstream wordpress {
        server 172.16.1.7:80;
        server 172.16.1.8:80;
        server 172.16.1.9:80;
        }

server {
        listen 443 ssl;
        server_name simba.com;
        ssl_certificate ssl_key/server.crt;
		ssl_certificate_key ssl_key/server.key;
        client_max_body_size 20m;

        location / {
                proxy_pass http://wordpress;
                include proxy_params;
                }
        }

server {
	listen 80;
	server_name simbao.com;
	return 302 https://$http_host$request_uri;
}

[root@lb01 ~]#   vim /etc/nginx/conf.d/proxy_phpmyadmin.com.conf

upstream myadmin {
        server 172.16.1.7:80;
        server 172.16.1.8:80;
        server 172.16.1.9:80;
        }

server {
        listen 443 ssl;
        server_name phpmyadmin.com;
        ssl_certificate ssl_key/server.crt;
	ssl_certificate_key ssl_key/server.key;
        client_max_body_size 20m;

        location / {
                proxy_pass http://myadmin;
                include proxy_params;
                }
        }

server {
	listen 80;
	server_name phpmyadmin.com;
	return 302 https://$http_host$request_uri;
}

[root@web01 ~]#   systemctl restart nginx

8. Keepalived 负载均衡高可用

配置负载均衡lb01

[root@lb01 ~]#   yum install keepalived -y
[root@lb01 ~]#   systemctl start keepalived
[root@lb01 ~]#   vim /etc/keepalived/keepalived.conf
  • 抢占式
global_defs {
	router_id lb01
}

vrrp_instance VI_1 {
	state MASTER
	interface eth0
	virtual_router_id 50
	priority 150
	advert_int 1
	authentication {
	auth_type PASS
	auth_pass 1111
	}
	virtual_ipaddress {
	10.0.0.3
	}
}
  • 非抢占式
global_defs {
	router_id lb01
}

vrrp_instance VI_1 {
	state BACKUP
	interface eth0
	virtual_router_id 50
	priority 150
	nopreempt
	advert_int 1
	authentication {
	auth_type PASS
	auth_pass 1111
	}
	virtual_ipaddress {
	10.0.0.3
	}
}

[root@lb01 ~]#   systemctl restart keepalived
[root@lb01 ~]#   systemctl enable keepalived

配置负载均衡lb02

[root@lb02 ~]#   systemctl start nginx
[root@lb02 ~]#   rsync -avz --delete 172.16.1.5:/etc/nginx/ /etc/nginx/
[root@lb02 ~]#   nginx -t
[root@lb02 ~]#   systemctl restart nginx
[root@lb02 ~]#   systemctl enable nginx
[root@lb02 ~]#   yum install keepalived -y
[root@lb02 ~]#   systemctl start keepalived
[root@lb02 ~]#   vim /etc/keepalived/keepalived.conf
  • 抢占式
global_defs {
	router_id lb02
}

vrrp_instance VI_1 {
	state BACKUP
	interface eth0
	virtual_router_id 50
	priority 100
	advert_int 1
	authentication {
	auth_type PASS
	auth_pass 1111
	}
	virtual_ipaddress {
	10.0.0.3
	}
}
  • 非抢占式
global_defs {
	router_id lb02
}

vrrp_instance VI_1 {
	state BACKUP
	interface eth0
	virtual_router_id 50
	priority 100
	nopreempt
	advert_int 1
	authentication {
	auth_type PASS
	auth_pass 1111
	}
	virtual_ipaddress {
	10.0.0.3
	}
}

[root@lb02 ~]#   systemctl restart keepalived
[root@lb02 ~]#   systemctl enable keepalived

9. Keepalived故障自动转移

[root@lb01 ~]#   mkdir /scripts
[root@lb01 ~]#   vim /scripts/check_web.sh

#! /usr/bin/bash

Nginx_Process_Number=$(ps -C nginx --no-header|wc -l)

if [ $Nginx_Process_Number -lt 2 ];then
        systemctl restart nginx &>/dev/null

	sleep 3

        Nginx_Process_Number=$(ps -C nginx --no-header|wc -l)

        if [ $Nginx_Process_Number -lt 2 ];then
	pkill keepalived
        fi
fi

[root@lb01 ~]#   chmod +x /scripts/check_web.sh
[root@lb01 ~]#   vim /etc/keepalived/keepalived.conf

global_defs {
	router_id lb01
}

vrrp_script check_web {
	script "/scripts/check_web.sh"
	interval 3
}

vrrp_instance VI_1 {
	state MASTER
	interface eth0
	virtual_router_id 50
	priority 150
	advert_int 1
	authentication {
	auth_type PASS
	auth_pass 1111
	}
	virtual_ipaddress {
	10.0.0.3
	}

	track_script {
	check_web
	}
}

[root@lb01 ~]#   systemctl restart keepalived

10. 博客网站搭建

WEB服务器配置

[root@web01 ~]#   groupadd -g666 www && useradd -u666 -g666 www
[root@web01 ~]#   systemctl start php-fpm nginx
[root@web01 ~]#   sed -i ‘/^user/c user www;‘ /etc/nginx/nginx.conf
[root@web01 ~]#   sed -i ‘/^user/c user = www‘ /etc/php-fpm.d/www.conf
[root@web01 ~]#   sed -i ‘/^group/c group = www‘ /etc/php-fpm.d/www.conf
[root@web01 ~]#   vim /etc/nginx/conf.d/simba.com.conf

server {
        listen 80;
        server_name simba.com;
        root /simba/wordpress;
        client_max_body_size 20m;

        location / {
                index index.html index.php;
                }

        location ~ \.php$ {
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
                }
        }

[root@web01 ~]#   nginx -t
[root@web01 ~]#   mkdir -p /simba/wordpress/wp-content/uploads
[root@web01 ~]#   cd /simba
[root@web01 simba]#   unzip wordpress-5.3-zh_CN.zip
[root@web01 simba]#   chown -R www.www /simba
[root@web01 simba]#   systemctl restart php-fpm nginx
[root@web01 simba]#   systemctl enable php-fpm nginx

DB服务器配置

[root@db ~]#   yum install mariadb-server -y
[root@db ~]#   systemctl start mariadb
[root@db ~]#   systemctl enable mariadb
[root@db ~]#   mysqladmin password ‘123456‘
[root@db ~]#   mysql -uroot -p123456
MariaDB [(none)]>   create database wordpress;
MariaDB [(none)]>   use wordpress;
MariaDB [(none)]>   grant all privileges on *.* to ‘all‘@‘%‘ identified by ‘123456‘;
[root@db ~]#   systemctl restart mariadb

网页配置

  • 数据库名填写wordpress
  • 用户名all与密码123456
  • 数据库主机1720.16.1.51
  • 配置安装完成后,自行完成站点信息配置即可

11. 镜像网站搭建

[root@web02 ~]#   mkdir -p /mirrors/{centos,ubuntu,redhat}
[root@web02 ~]#   yum install httpd-tools -y
[root@web02 ~]#   htpasswd -bc /etc/nginx/auth_conf simba 123456
[root@web02 ~]#   vim /etc/nginx/conf.d/mirrors.com.conf
[root@web02 ~]#   vim /mirrors/index.html

<h1> simba mirrors.com </h1>
<ul><li><a href="http://mirrors.com/centos" target="_blank">centos系统</a
></li> </ul>
<ul><li><a href="http://mirrors.com/ubuntu" target="_blank">ubuntu系统</a
></li> </ul>
<ul><li><a href="http://mirrors.com/redhat" target="_blank">redhat系统</a
></li> </ul>

对网站进行访问控制

  • 10.0.0.1 仅允许访问 centos系统目录
  • 10.0.0.100 拒绝访问 ubuntu系统目录 , 其他的IP都允许
  • 需使用用户名与密码访问 redhat系统目录
  • nginx_http_autoindex模块
命令 功能 作用域
autoindex on
off		 开启列出目录功能
关闭列出目录功能		 http
server
location
autoindex_exact_size on
off		 显示文件详细大小,单位 bytes
显示文件大概大小,单位 *B		 http
server
location
autoindex_localtime on
off		 显示的文件时间为文件的服务器时间
显示的文件时间为GMT时间		 http
server
location
autoindex_format html
xml
json
jsonp		 用这几个风格展示目录 http
server
location		 
[root@web02 ~]#   vim /etc/nginx/conf.d/mirrors.com.conf

server {
        listen 80;
        server_name mirrors.com;
        charset utf8;                   #设置字符集为utf8,防止中文乱码
        root /mirrors

        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
        autoindex_format html;

        location / {
                index index.html;
                }

        location /centos {
                allow 10.0.0.1/32;
                deny all;
                }

        location /ubuntu {
                allow all;
                deny 10.0.0.100/32;
                }

        location /redhat {
                auth_basic "simba Site";
                auth_basic_user_file /etc/nginx/auth_conf;
                }
        }

对网站设置访问限制

[root@web02 ~]#   
[root@web02 ~]#   
[root@web02 ~]#   
[root@web02 ~]#   
[root@web02 ~]#   
[root@web02 ~]#

12. Redis服务 实现session共享

WEB服务器上搭建phpMyadmin

  • phpMyadmin同样需要解包,此处不再赘述
[root@web01 ~]#   ln -s /simba/phpMyAdmin-5.0.0-rc1-all-languages/ /simba/phpMyAdmin
[root@web01 ~]#   chown -R www.www /simba
[root@web01 ~]#   chown -R www.www /var/lib/php/session
[root@web01 ~]#   cp /simba/phpMyAdmin/config.sample.inc.php /simba/phpMyAdmin/config.inc.php
[root@web01 ~]#   sed -i ‘32s#localhost#172.16.1.51#g‘ /simba/phpMyAdmin/config.inc.php
[root@web01 ~]#   vim /etc/nginx/conf.d/phpmyadmin.com.conf

server {
        listen 80;
        server_name phpmyadmin.com;
        root /simba/phpMyAdmin;

        location / {
                index index.php;
        }       

        location ~ \.php$ {
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
                }
        }

[root@web01 ~]#   vim /etc/php.ini                #替换原来的内容
session.save_handler = redis
session.save_path = "tcp://172.16.1.51:6379?weight=1&timeout=2.5"

[root@web01 ~]#   vim /etc/php-fpm.d/www.conf     #将目标内容注释
;php_value[session.save_handler] = files
;php_value[session.save_path]    = /var/lib/php/session

[root@web01 ~]#   systemctl restart nginx php-fpm

DB服务器配置Redis

[root@db ~]#   yum install redis -y
[root@db ~]#   systemctl start redis
[root@db ~]#   sed -i ‘/^bind/c bind 127.0.0.1 172.16.1.51‘ /etc/redis.conf
[root@db ~]#   systemctl restart redis
[root@db ~]#   systemctl enable redis
[root@db ~]#   redis-cli
127.0.0.1:6379> KEYS *                  #查看所有session信息

13. NFS服务 整合WEB节点静态资源至NFS服务器

NFS服务器配置

  • 此处以wordpress的图片资源为例
[root@nfs ~]#   echo ‘/data/wordpress 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)‘ >> /etc/exports
[root@nfs ~]#   mkdir -p /data/wordpress
[root@nfs ~]#   chown -R www.www /data/wordpress
[root@nfs ~]#   systemctl restart nfs

web节点配置

[root@web01 ~]#   mount -t nfs 172.16.1.31:/data/wordpress /simba/wordpress/wp-content/uploads/
[root@web01 ~]#   echo ‘172.16.1.31:/data/wordpress /simba/wordpress/wp-content/uploads/ nfs defaults 0 0‘ >> /etc/fstab

14. WEB集群 扩展web节点整合成WEB集群

[root@web02 ~]#   groupadd -g666 www && useradd -u666 -g666 www
[root@web02 ~]#   systemctl start php-fpm nginx
[root@web02 ~]#   scp 172.16.1.7:/etc/yum.repos.d/* /etc/yum.repos.d/
[root@web02 ~]#   yum install nginx -y
[root@web02 ~]#   rpm -e $(rpm -qa php*)
[root@web02 ~]#   yum install php72w php72w-cli php72w-common php72w-devel php72w-embedded php72w-gd php72w-mbstring php72w-pdo php72w-xml php72w-fpm php72w-mysqlnd php72w-opcache php72w-mcrypt php72w-pecl-memcached php72w-pecl-mongodb php72w-pecl-redis php72w-pecl-zip php72w-bcmath -y
[root@web02 ~]#   rsync -avz --delete 172.16.1.7:/etc/nginx/ /etc/nginx/
[root@web02 ~]#   rsync -avz 172.16.1.7:/etc/php.ini /etc/php.ini
[root@web02 ~]#   rsync -avz 172.16.1.7:/etc/php-fpm.d/www.conf /etc/php-fpm.d/www.conf
[root@web02 ~]#   rsync -avz --delete 172.16.1.7:/simba /
[root@web02 ~]#   rsync -avz --delete 172.16.1.7:/etc/fstab /etc/
[root@web02 ~]#   nginx -t
[root@web02 ~]#   php-fpm -t
[root@web02 ~]#   systemctl restart php-fpm nginx
[root@web02 ~]#   systemctl enable php-fpm nginx

15. 跳板机 SSH秘钥对配置

跳板机Manager服务器

  • 通过sshpass与脚本配合实现免交互推送公钥,但需要目标主机密码统一
[root@manager ~]#   ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):     #秘钥存储路径,默认即可
Created directory ‘/root/.ssh‘.
Enter passphrase (empty for no passphrase):                  #创建秘钥的密码,不创建
Enter same passphrase again:                                 #回车确认即可

[root@manager ~]#   yum install sshpass -y
[root@manager ~]#   sed -i ‘/^#   StrictHostKeyChecking/c StrictHostKeyChecking no‘ /etc/ssh/ssh_config
[root@manager ~]#   mkdir /scripts
[root@manager ~]#   vim /scripts/ssh_copy.sh

#! usr/bin/bash

for IP in 172.16.1.{5,6,7,8,9,31,41,51,175}
do
sshpass -p 1 ssh-copy-id -i ~/.ssh/id_rsa.pub root@$IP &> /dev/null
done

[root@manager ~]#   ssh root@172.16.1.5                      #测试连接其他服务器
Last login: Mon Dec  2 15:08:27 2019 from 10.0.0.1
[root@lb01 ~]#                                               #服务器连接成功

openssh-clients – ssh 客户端 | openssh-server – sshd 服务端

利用虚拟机模拟搭建LNMP架构

标签:header   写入   设置   auto   unix   emctl   ipaddr   proxy   efs   

原文地址:https://www.cnblogs.com/magicsimba/p/12180867.html
(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
分享档案
更多>
2021年07月29日 (22)
2021年07月28日 (40)
2021年07月27日 (32)
2021年07月26日 (79)
2021年07月23日 (29)
2021年07月22日 (30)
2021年07月21日 (42)
2021年07月20日 (16)
2021年07月19日 (90)
2021年07月16日 (35)
周排行
mamicode.com排行更多图片
更多
友情链接
兰亭集智   国之画   百度统计   站长统计   阿里云   chrome插件   新版天听网
关于我们 - 联系我们 - 留言反馈
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!