LNMP + haproxy + preserved load balancing - basic service preparation

Keywords: Web Server firewall vim PHP yum

  • Log service

    1. Modify the log service configuration and restart the log service;

      vim /etc/rsyslog.conf

      Edit the system log configuration to specify the included profile path and rules:

      $IncludeConfig /etc/rsyslog.d/*.conf
    2. Create a separate configuration file for haproxy;

      vim /etc/rsyslog.d/haproxy.conf

      Edit the configuration file as follows:

      $ModLoad imudp        # note off
      $UDPServerRun 514    # note off
      # Corresponding to the configuration "log local3" in "/ etc/haproxy/haproxy.cfg"
      local3.*    /var/log/haproxy.log
      # If "& ~" is not added, the message file will be written in addition to the log in / var/log/haproxy.log
    3. Configure the main configuration file of "rsyslog" and open the remote log;

      vim /etc/sysconfig/rsyslog

      Modify the configuration as follows:

      SYSLOGD_OPTIONS="-c 2 -r -m 0"
      # -c 2 uses compatibility mode, default is - c 5
      # -r open remote log
      # -m 0 marks the time stamp in minutes. A value of 0 disables this function
    4. Restart the HAProxy and log services and view their respective service status:

      service haproxy restart & service haproxy status
      service rsyslog restart & service rsyslog status
      # View error log configuration for PHP
      cat /usr/local/php/etc/php.ini | grep error_log
  • Firewall service

    1. Open port (configured according to your own needs):

      firewall-cmd --zone=public --add-port=3306/tcp --permanent
      firewall-cmd --zone=public --add-port=873/tcp --permanent
      firewall-cmd --zone=public --add-port=10002/tcp --permanent
      firewall-cmd --zone=public --add-port=10001/tcp --permanent
      firewall-cmd --zone=public --add-port=80/tcp --permanent
      firewall-cmd --zone=public --add-port=8080/tcp --permanent
    2. Restart / reload the firewall service and view its status:

      systemctl restart firewalld.service
      service firewalld restart && service firewalld status
      firewall-cmd --reload
    3. Test port:

      telnet ip port
    4. Third party firewall
      semanage is recommended here, with its own advantages of Baidu. Installation and configuration:

      # Install the port management tool semanage;
      yum -y install policycoreutils-python
      # Check the opened port;
      semanage port -l|grep http
      # Open port;
      semanage port -a -t http_port_t -p tcp port_number # Open port number, the port number to be opened
      semanage port -d -t http_port_t -p tcp port_number # Close port number, HTTP port is the port group name
  • Other orders

    # To view the pid of a service:
    ps -ef | grep ServiceName
    # Out of Service:
    kill -9 service_pid
    # To view the port usage:
    lsof -i tcp:80
    # List all ports:
    netstat -ntlp
    # Partition and mount operation
    # View current space
    df -h
    # View available disks
    fdisk -l
    fdisk /dev/sdb
    # Create partition, most operations can default
    Command (m for help): m
    # Follow the prompts:
    # Format after partition
    mkfs -t ext4 /dev/sdb1
    mkfs -t ext4 /dev/sdb2
    # Mount to an existing directory
    mount -w /dev/sdb1 /mnt/lnmp
    mount -w /dev/sdb2 /mnt/backup
    mount -o remount -w /dev/sdb2 /mnt/backup

Posted by nadz on Sun, 01 Dec 2019 13:03:36 -0800