Catalog
- Integrated architecture
- Host planning ip
- Basic optimization
- m01 build yum warehouse
- Backup Rsync network wide backup
- nfs shared storage project
- Real time replication of NFS shared storage data to backup
- SSH, Ansible, batch management service project
- MySQL database environment construction
- The construction of Nginx+PHP popular dynamic Web environment
- The construction of Nginx+Tomcat popular dynamic Web environment
- Mount PHP product and Tomcat product upload directory to NFS
- Set up nginx + preserved seven layer load, 172.16.1.5/6/lb01/lb02
- Configure nginx Tomcat HTTPS encrypted access project
- Real time replication of NFS storage data to static Web local 172.16.1.9/10/web01/02
- Nginx static Web service environment 172.16.1.9/10/sweb01/02 + dynamic and static separation
Integrated architecture
Host planning ip
Server hostname and IP planning reference template
| host name | eth0 network card | eth1 network card | Service Introduction |
|---|---|---|---|
| lb01 | 10.0.0.5/24 | 172.16.1.5/24 | Load service |
| lb02 | 10.0.0.6/24 | 172.16.1.6/24 | Load service |
| web01 | 10.0.0.7/24 | 172.16.1.7/24 | phpwww service |
| web02 | 10.0.0.8/24 | 172.16.1.8/24 | php www service |
| tweb01 | 10.0.0.9/24 | 172.16.1.9/24 | tomcat www service |
| db01 | 10.0.0.51/24 | 172.16.1.51/24 | Database services |
| nfs01 | 10.0.0.31/24 | 172.16.1.31/24 | Storage service |
| backup | 10.0.0.41/24 | 172.16.1.41/24 | Backup service |
| m01 | 10.0.0.61/24 | 172.16.1.61/24 | management service |
Basic optimization
modify ip address sed -i 's#222#61#g' /etc/sysconfig/network-scripts/ifcfg-eth[01] //Permanently modify the host name [root@oldboy-c7 ~]# hostnamectl set-hostname oldboyedu-cc7 [root@web01 data]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.16.1.5 lb01 172.16.1.6 lo02 172.16.1.7 web01 172.16.1.8 web02 172.16.1.9 sweb 172.16.1.31 nfs 172.16.1.41 backup 172.16.1.51 db #Push other hosts in batch [root@web01 data]# scp -rp /etc/hosts root@172.16.1.31:/etc/ //Adjust yum source CentOS 7 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo //1. Install the basic software package yum install net-tools vim tree htop iftop iotop lrzsz sl wget unzip telnet nmap nc psmisc \ dos2unix bash-completion iotop iftop sysstat screen -y 1.Automatic completion yum install bash-completion -y //Exit once and log in again //Install the net tools tool with ifconfig command yum install net-tools -y //2. Turn off firewalld firewall systemctl disable firewalld systemctl stop firewalld systemctl status firewalld //3. Close selinux # One way sed -ri 's#(^SELINUX=).*#\1disabled#g' /etc/selinux/config # Mode 2 sed -i '/^SELINUX=/c SELINUX=disabled' /etc/selinux/config # Mode 3 vim /etc/selinux/config # Provisional entry into force setenforce 0 //4. Optimize ulimit echo '* - nofile 65535' >> /etc/security/limits.conf //5 restart snapshot
m01 build yum warehouse
1.Basic environment preparation
//Install ftp service, start and join boot
yum -y install vsftpd
systemctl start vsftpd
systemctl enable vsftpd
//Enable yum cache function
vim /etc/yum.conf
[main] cachedir=/var/cache/yum/$basearch/$releasever
keepcache=1
yum clean all
2.Provide the foundation base source
mkdir /var/ftp/centos75
mount /dev/cdrom /mnt
cp -rp /mnt/Packages/*.rpm /var/ftp/centos75
3.Provide third party sources
mkdir /var/ftp/ops
yum install net-tools vim tree htop iftop \
iotop lrzsz sl wget unzip telnet nmap nc psmisc \
dos2unix bash-completion iotop iftop sysstat screen -y
//Copy the cached Nginx docker and dependent packages to the custom YUM warehouse directory
[root@yum_server_69_112 ~]# find /var/cache/yum/x86_64/7/ \
-iname "*.rpm" -exec cp -rf {} /var/ftp/ops \;
4.install createrepo And create reopdata Warehouse
//Install createrepo
[root@yum_server_69_112 ~]# yum -y install createrepo
//Generate warehouse information
createrepo /var/ftp/ops
createrepo /var/ftp/centos75
//Note: if new software is added to this warehouse, it needs to be regenerated once
//The client uses the yum source
1.Configure and use base Basic source
[root@yum_client_69_113 ~]# gzip /etc/yum.repos.d/*
[root@yum_client_69_113 ~]# vim /etc/yum.repos.d/centos7.repo
[centos75]
name=centos74_base
baseurl=ftp://172.16.1.61/centos75
gpgcheck=0
2.Client points to local ops source
[root@yum_client_69_113 ~]# vim /etc/yum.repos.d/ops.repo
[ops]
name=local ftpserver
baseurl=ftp://172.16.1.61/ops
gpgcheck=0
yum clean all
yum makecache
#Other clients push past synchronously
[root@backup ~]# rsync -avz /etc/yum.repos.d root@172.16.1.6:/etc/ --delete
Backup Rsync network wide backup
[root@backup ~]# yum install rsync -y / / the basic environment is already installed
[root@backup ~]# cat /etc/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.password
log file = /var/log/rsyncd.log
#####################################
[backup]
path = /backup
[data]
path = /data
[root@backup ~]# mkdir /backup/
[root@backup ~]# groupadd -g666 www
[root@backup ~]# useradd -u666 -g666 www
[root@backup ~]# chown -R www.www /backup/
[root@backup ~]# chmod 755 /backup
# Create the virtual connection user used by rsync
[root@backup ~]# echo "rsync_backup:1" > /etc/rsync.password
[root@backup ~]# chmod 600 /etc/rsync.password
[root@backup ~]# systemctl enable rsyncd
[root@backup ~]# systemctl start rsyncd
1 Client timing script push backup The server
[root@nfs ~]# mkdir -p /server/scripts/
[root@nfs scripts]# cat /server/scripts/client_rsync_backup.sh
#!/usr/bin/bash
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#1. Define variables
Host=$(hostname)
Addr=$(ifconfig eth1|awk 'NR==2{print $2}')
Date=$(date +%F)
Dest=${Host}_${Addr}_${Date}
Path=/backup
#2. Create backup directory
[ -d $Path/$Dest ] || mkdir -p $Path/$Dest
#3. Backup corresponding files
cd / && \
[ -f $Path/$Dest/system.tar.gz ] || tar czf $Path/$Dest/system.tar.gz etc/fstab etc/rsyncd.conf && \
[ -f $Path/$Dest/log.tar.gz ] || tar czf $Path/$Dest/log.tar.gz var/log/messages var/log/secure && \
#4. Carry md5 verification information
[ -f $Path/$Dest/flag_$Date ] || md5sum $Path/$Dest/*.tar.gz >$Path/$Dest/flag_${Date}
#4. Push local data to backup server
export RSYNC_PASSWORD=1
rsync -avz $Path/ rsync_backup@172.16.1.41::backup
#5. Keep the data of the last 7 days locally
find $Path/ -type d -mtime +7|xargs rm -rf
2 Server backup Verify that the compressed package is sent to the administrator
1.Configure mailbox (distribution server)
[root@backup ~]# cat /etc/mail.rc
yum install mailx -y
set from=343264992@163.com
set smtp=smtps://smtp.163.com:465
set smtp-auth-user=343264992@163.com
set smtp-auth-password=aa123456
set smtp-auth=login
set ssl-verify=ignore
set nss-config-dir=/etc/pki/nssdb/
[root@backup ~]# mkdir /server/scripts -p
[root@backup scripts]# vim check_backup.sh
#!/usr/bin/bash
#1. Define global variables
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#2. Define local variables
Path=/backup
Date=$(date +%F)
#3. View the flag file, verify the file, and save the verification result to the result time
find $Path/*_${Date} -type f -name "flag_$Date"|xargs md5sum -c >$Path/result_${Date}
#4. Send the verification result to the administrator
mail -s "Rsync Backup $Date" 343264992@qq.com <$Path/result_${Date}
#5. Delete the verification result files over 7 days and the backup data files over 180 days
find $Path/ -type f -name "result*" -mtime +7|xargs rm -f
find $Path/ -type d -mtime +180|xargs rm -rf
//Scheduled tasks
#Multiple clients
[root@nfs ~]# crontab -l
00 01 * * * /usr/bin/bash /server/scripts/clinet_rsync_backup.sh >/dev/null 2>&1
//test
[root@web01 ~]# sh /server/scripts/client_rsync_backup.sh
# Fast increase of multiple clients
[root@nfs01 yum.repos.d]# scp -rp /var/spool/cron/root root@172.16.1.7:/var/spool/cron/
[root@nfs01 yum.repos.d]# rsync -avz /server root@172.16.1.8:/
#Server
[root@backup backup]# crontab -l
00 05 * * * /usr/bin/bash /server/scripts/check_backup.sh >/dev/null 2>&1
nfs shared storage project
nfs Server
[root@nfs ~]# Yum install NFS utils - Y (installed)
[root@nfs ~]# cat /etc/exports
/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
# nfs dependent environment
[root@nfs ~]# groupadd -g 666 www
[root@nfs ~]# useradd -u 666 -g 666 www
[root@nfs ~]# mkdir /data
[root@nfs ~]# chown -R www.www /data
# Start nfs
[root@nfs ~]# systemctl enable rpcbind nfs-server
[root@nfs ~]# systemctl start rpcbind nfs-server
nfs client
#Setup Toolkit
[root@web01 ~]# Yum install NFS utils - Y (installed)
[root@web01 ~]# systemctl start rpcbind
#Create directory for mounting
[root@web01 ~]# mkdir /data
# Mount the data directory of nfs
root@web01 ~]# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/data 172.16.1.0/24
[root@web01 ~]# mount -t nfs 172.16.1.31:/data /data
# Add power on self start
172.16.1.31:/data /data nfs defaults 0 0
//Test:
#Upload a video or picture to / data through windows
wget http://img.mp.itc.cn/upload/20170511/cad88c2e57f44e93b664a48a98a47108_th.jpg
# Verify that the content has an nfs server
[root@nfs ~]# ls /data/
1111 cad88c2e57f44e93b664a48a98a47108_th.jpg tes1 test
Real time replication of NFS shared storage data to backup
install inotify-tools
[root@nfs ~]# yum install inotify-tools rsync -y
//Install sersync
[root@nfs ~]# wget https://raw.githubusercontent.com/wsgzao/sersync/master/sersync2.5.4_64bit_binary_stable_final.tar.gz
//Unzip rename
[root@nfs01 ~]# tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz -C /usr/local/
[root@nfs01 local]# mv GNU-Linux-x86/ sersync
#Configure sersync
<fileSystem xfs="true"/> <!-- file system -->
<inotify> <!-- Event types monitored -->
<delete start="true"/>
<createFolder start="true"/>
<createFile start="true"/>
<closeWrite start="true"/>
<moveFrom start="true"/>
<moveTo start="true"/>
<attrib start="false"/>
<modify start="false"/>
</inotify>
<sersync>
<localpath watch="/data"> <!-- Monitored directory -->
<remote ip="172.16.1.41" name="data"/> <!-- backup Of IP And modules -->
</localpath>
<rsync> <!-- rsync Options for -->
<commonParams params="-az"/>
<auth start="true" users="rsync_backup" passwordfile="/etc/rsync.pass"/>
<userDefinedPort start="false" port="874"/><!-- port=874 -->
<timeout start="true" time="100"/><!-- timeout=100 -->
<ssh start="false"/>
</rsync>
#Create password file
[root@nfs01 sersync]# echo "1" > /etc/rsync.pass
[root@nfs01 ~]# chmod 600 /etc/rsync.pass
#backup create directory
[root@backup /]# mkdir /data
[root@backup /]# chowm -R www.www /data
//Start sersync
[root@nfs ~]# /usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml
SSH, Ansible, batch management service project
[root@backup ~]# rpm -ql openssh-server /etc/ssh/sshd_config --- ssh Service profile /usr/sbin/sshd --- ssh Service process start command [root@backup ~]# rpm -ql openssh-clients /usr/bin/scp --- Remote copy command /usr/bin/sftp --- Remote file transfer command /usr/bin/ssh --- Remote connection login command /usr/bin/ssh-copy-id --- Remote distribution public key command 1.Create key pair [root@m01 ~]# ssh-keygen -t rsa -C xuliangwei.com #All the way back [root@m01 ~]# ls ~/.ssh/ id_rsa(Key) id_rsa.pub(Lock head) 2#Send the key to the user who needs to log in [root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.31 #Remote login to end host mode [root@m01 ~]# ssh root@172.16.1.41 # Do not log in to the host to execute the command [root@m01 ~]# ssh root@172.16.1.41 "hostname -i" .ansible Batch management with public key #Using non exchangeable tools to realize batch public key distribution and batch management server [root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.41 [root@m01 ~]# yum install ansible -y //Check ansible version [root@m01 ~]# ansible --version ansible 2.6.1 //Configure ansible host list [root@m01 ~]# vim /etc/ansible/hosts [root@m01 7]# cat /etc/ansible/hosts [lb] 172.16.1.5 172.16.1.6 [web] 172.16.1.7 172.16.1.8 [sweb] 172.16.1.9 [nfs] 172.16.1.31 [backup] 172.16.1.41 [db] 172.16.1.51 # ansible is to detect communication through ssh port [root@m01 ~]# ansible all -m ping #Batch execution command [root@m01 ~]# ansible all -m command -a "df -h" [root@m01 ~]# ansible all -m command -a "hostname"
MySQL database environment construction
# 1. Download the official MySQL extension source (yum warehouse is ready)
[root@nginx ~]# rpm -ivh http://repo.mysql.com/yum/mysql-5.7-community/el/7/x86_64/mysql57-community-release-el7-10.noarch.rpm
#2. Install mysql5.7, too large file may cause slow download
[root@nginx ~]# yum install mysql-community-server -y
#3. Start the database and add it to the startup
[root@nginx ~]# systemctl start mysqld
[root@nginx ~]# systemctl enable mysqld
#4. Because mysql5.7 is configured with the default password by default, you need to filter the temporary password keyword to view the corresponding login database password
[root@nginx ~]# grep 'temporary password' /var/log/mysqld.log
#5. Log in to mysql database [fill in the password filtered in the previous step]
[root@web02 ~]# mysql -uroot -p$(awk '/temporary password/{print $NF}' /var/log/mysqld.log)
#6. Change the database password again
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'Ckh123.com';
# Server mysql allows remote users to connect (authorization method)
grant all privileges on *.* to 'all'@'%' identified by 'Ckh123.com';
flush privileges;
#7. Install mysql on the web client (no need to install it for command test)
[root@web02 ~]# yum provides mysql
[root@web02 ~]# yum install mariadb -y
[root@web02 ~]# mysql -h172.16.1.51 -uall -pCkh123.comThe construction of Nginx+PHP popular dynamic Web environment
#1. Use the rpm package officially provided by Nginx (yum warehouse is ready)
[root@nginx ~]# cat /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
#2. Execute yum installation
[root@nginx ~]# yum install nginx -y
# Modify nginx running identity
sed -i '/^user/c user www;' /etc/nginx/nginx.conf
[root@web01 ~]# id www
uid=666(www) gid=666(www) group=666(www)
[root@web01 ~]# # groupadd -g 666 www
[root@web01 ~]# # useradd -u666 -g666 www
#3. Start and add the power on auto start
[root@web01 ~]# systemctl start nginx
[root@nginx ~]# systemctl enable nginx
#Check whether the running process is normal or not www user running
[root@web01 ~]# ps aux |grep nginx
www 2396 0.0 0.3 46996 1784 ? S 08:44 0:00 nginx: worker process
root 2398 0.0 0.2 112720 984 pts/0 R+ 08:44 0:00 grep --color=auto nginx
//Installing php7.1 using a third-party extension epel source
#1. Remove the old version of php (no old version)
[root@nginx ~]# yum remove php-mysql-5.4 php php-fpm php-common
#2. Install the extension source (yum warehouse is ready)
# Dependency package
[root@nginx ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
[root@nginx ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
# Or use yum to solve the dependency package installation
#3. Install php7.1
[root@nginx ~]# yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb
#4. Replace the user and group identity of PHP FPM
[root@web02 ~]# sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf
[root@web02 ~]# sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf
#5. Start the PHP FPM management process, and add the startup
[root@nginx ~]# systemctl start php-fpm
[root@nginx ~]# systemctl enable php-fpm
ansible Batch management
[root@m01 7]# ansible web -m yum -a "name=nginx state=installed"
[root@m01 7]# ansible web -m shell -a "sed -i '/^user/c user www;' /etc/nginx/nginx.conf "
[root@m01 7]# ansible web -m group -a "name=www gid=666"
[root@m01 7]# ansible web -m user -a "name=www uid=666 group=666 "
[root@m01 7]# ansible web -m service -a "name=nginx state=started enabled=yes"
[root@m01 7]# ansible web -m yum -a "name=php71w,php71w-cli,php71w-common,php71w-devel,php71w-embedded,php71w-gd,php71w-mcrypt,php71w-mbstring,php71w-pdo,php71w-xml,php71w-fpm,php71w-mysqlnd,php71w-opcache,php71w-pecl-memcached,php71w-pecl-redis,php71w-pecl-mongodb state=installed"
[root@m01 7]# ansible web -m shell -a "sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf;sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf"
[root@m01 7]# ansible web -m service -a "name=php-fpm state=started enabled=yes"
//Adjust the size of uploaded files on the website
vim /etc/php.ini
memory_limit=1024M
post_max_size=1024M
upload_max_filesize=1024M  
max_execution_time=60
max_input_time=60
vim nginx configuration file nginx.conf, find http{} Segment add
client_max_body_size 1024M;
# Restart service validation configuration
[root@web01 code]# systemctl restart nginx php-fpm
wordpress install *
[root@web01 conf.d]# cat wordpress.conf
server {
server_name wordpress.etiantian.org;
listen 80;
root /code/wordpress;
index index.php index.html;
location ~ \.php$ {
root /code/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 conf.d]# nginx -t
[root@web01 conf.d]# systemctl restart nginx
#1. Get wordpress code
[root@web01 ~]# wget https://cn.wordpress.org/wordpress-4.9.4-zh_CN.tar.gz
#2. Extract the source file of the website, copy it to the corresponding site directory, and authorize the site directory
[root@web01 ~]# tar xf wordpress-4.9.4-zh_CN.tar.gz -C /code/wordpress/
[root@web01 ~]# chown -R www.www /code/wordpress/
# wordpress products need to create databases manually
#1. Login database
[root@http-server ~]# mysql -uroot -pCkh123.com
#2. Create wordpress database
MariaDB [(none)]> create database wordpress;
MariaDB [(none)]> exit
# windows hosts resolves the login browser to visit wordpress.etian.org and install
wecenter install *
[root@web01 conf.d]# cat wecenter.conf
server {
server_name wecenter.etiantian.org;
listen 80;
root /code/wecenter;
index index.php index.html;
location ~ \.php$ {
root /code/wecenter;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 code]# nginx -t
[root@web01 code]# systemctl restart nginx
# Download wecenter products
[root@web01 ~]# wget http://ahdx.down.chinaz.com/201605/WeCenter_v3.2.1.zip
[root@web01 ~]# unzip WeCenter_v3.1.9.zip
[root@web01 code]# mv WeCenter_3-2-1 wecenter
[root@web01 ~]# chown -R www.www /code/wecenter/
#1. Login database
[root@http-server ~]# mysql -uroot -pCkh123.com
#2. Create wecenter database
MariaDB [(none)]> create database wecenter;
MariaDB [(none)]> exit
# Windows hosts analysis visit wecenter.etian.org through browser and installThe construction of Nginx+Tomcat popular dynamic Web environment
1.get ready Java Basic environment
[root@web02 ~]# yum install java jarjar-maven-plugin -y
[root@web03 ~]# mkdir /server && cd /server
2.Download and install Tomcat service
wget http://mirrors.shu.edu.cn/apache/tomcat/tomcat-8/v8.5.34/bin/apache-tomcat-8.5.34.tar.gz
[root@web03 server]# tar xf apache-tomcat-8.5.34.tar.gz
[root@web03 server]# ln -s /server/apache-tomcat-8.5.34 /server/tomcat8_1
# Start tomcat service
[root@lb01 ~]# /server/tomcat8_1/bin/startup.sh
[root@lb01 ~]# netstat -lntp
# Browser visit http://10.0.0.9:8080/
[root@web03 WEB-INF]# pwd
/server/tomcat-8080/webapps/ROOT/WEB-INF
[root@web03 webapps]# jar xf jpress-web-newest.war
# Browser visit http://10.0.0.9:8081/jpress
0.Preparing the database[db01]
mysql> create database jpress;
4.start-up tomcat
[root@web03 tomcat]# /root/tomcat/bin/startup.sh
//Turn off tomcat mode
[root@web03 tomcat]# /root/tomcat/bin/shutdown.sh
5.stay proxy New on java node
upstream php {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
upstream java {
server 172.16.1.9:8081;
}
server {
server_name wordpress.etiantian.org;
listen 80;
location / {
proxy_pass http://php;
include proxy_params;
}
}
server {
server_name jpress.etiantian.org;
listen 80;
location / {
proxy_pass http://java;
include proxy_params;
}
}
[root@lb01 conf.d]# nginx -t
[root@lb01 conf.d]# systemctl restart nginx
6.to tomcat Provide static storage[nfs operation]
[root@nfs ~]# cat /etc/exports
/data/blog 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/java 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666) #Newly added
[root@nfs ~]# mkdir /data/java
[root@nfs ~]# chown -R www.www /data/java/
[root@nfs ~]# systemctl restart nfs-server
7.stay web03 Upper operation
[root@web03 ROOT]# yum install nfs-utils -y
[root@web03 ROOT]# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/data/java 172.16.1.0/24
/data/blog 172.16.1.0/24
8.Preparing the mount environment
[root@web03 ROOT]# groupadd -g 666 www
[root@web03 ROOT]# useradd -g www -u 666 www
//mount
[root@web03 ROOT]# cp -rp attachment/ attachment_bak
[root@web03 ROOT]# rm -rf attachment/*
[root@web03 ROOT]# mount -t nfs 172.16.1.31:/data/java /root/apache-tomcat-8.5.33/webapps/ROOT/attachment
[root@web03 ROOT]# cp -rp attachment_bak/* attachment/
//Permanent mount
[root@web03 ROOT]# cat /etc/fstab
172.16.1.31:/data/java /root/apache-tomcat-8.5.33/webapps/ROOT/attachment nfs defaults,_rnetdev 0 0
[root@web03 ROOT]# mount -a
Mount PHP product and Tomcat product upload directory to NFS
#1. The web finds out the path of image storage first, and then mounts it
wordpress wp-content/uploads/
wecenter uploads
jpress attachment/
# nfs01 server provides static storage
[root@nfs01 data]# cat /etc/exports
/data/wordpress 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/wecenter 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/jpress 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
[root@nfs01 data]# mkdir /data/{wecenter,jpress,wordpress}
[root@nfs01 data]# chown -R www.www /data
[root@nfs01 data]# systemctl restart nfs-server
# web01 install nfs tool (installed)
[root@web01 code]# yum install nfs-utils
[root@web01 code]# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/data/jpress 172.16.1.0/24
/data/wecenter 172.16.1.0/24
/data/wordpress 172.16.1.0/24
[root@web01 ~]# groupadd -g 666 www (already created)
[root@web01 ~]# useradd -g www -u 666 www
# mount
[root@web01 wecenter]# pwd
/code/wecenter
[root@web01 wecenter]# cp -rp uploads/ uploads_bak
[root@web01 code]# mount -t nfs 172.16.1.31:/data/wecenter /code/wecenter/uploads
[root@web01 code]# cp -rp /code/wecenter/uploads_bak/* /code/wecenter/uploads/
[root@web01 code]# cat /etc/fstab
172.16.1.31:/data/wecenter /code/wecenter/uploads nfs defaults 0 0
[root@web01 wp-content]# pwd
/code/wordpress/wp-content
[root@web01 wp-content]# cp -rp uploads/ uploads_bak
[root@web01 code]# mount -t nfs 172.16.1.31:/data/wordpress /code/wordpress/wp-content/uploads
[root@web01 code]# cp -rp /code/wordpress/wp-content/uploads_bak/* /code/wordpress/wp-content/uploads/
[root@web01 code]# cat /etc/fstab
172.16.1.31:/data/wordpress /code/wordpress/wp-content/uploads nfs defaults 0 0
#jpress of web03
[root@web03 jpress]# pwd
/server/tomcat-8080/webapps/jpress
[root@web03 jpress]# cp -rp attachment/ attachment_bak
[root@web03 jpress]# mount -t nfs 172.16.1.31:/data/jpress /server/tomcat-8080/webapps/ROOT/attachment
[root@web03 jpress]# groupadd -g 666 www
[root@web03 jpress]# useradd -g www -u 666 www
[root@web03 jpress]# chown -R www.www /server/tomcat-8080/webapps
[root@web03 jpress]# cp -rp attachment_bak/* attachment/
[root@web03 jpress]# cat /etc/fstab
172.16.1.31:/data/jpress /server/tomcat8_1/webapps/jpress/attachment nfs defaults 0 0Set up nginx + preserved seven layer load, 172.16.1.5/6/lb01/lb02
# web01 and web02 environments remain the same
[root@web01 code]# rsync -avz /code root@172.16.1.8:/
[root@web01 code]# rsync -avz /etc/nginx root@172.16.1.8:/etc/ --delete
[root@web01 code]# scp -rp /etc/php.ini root@172.16.1.8:/etc/
[root@web02 ~]# vim /etc/fstab
172.16.1.31:/data/wecenter /code/wecenter/uploads nfs defaults 0 0
172.16.1.31:/data/wordpress /code/wordpress/wp-content/uploads nfs defaults 0 0
[root@web02 ~]# mount -a
[root@web02 ~]# df -h
[root@web02 code]# systemctl restart nginx php-fpm
# Install nginx
[root@db01 ~]# yum install nginx
[root@db01 conf.d]# mv default.conf default.conf.off
[root@db01 conf.d]# cat proxy.conf
upstream php {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
upstream java {
server 172.16.1.9:8080;
}
server {
listen 80;
server_name wordpress.etiantian.org;
location / {
proxy_pass http://php;
include proxy_params;
}
}
server {
listen 80;
server_name wecenter.etiantian.org;
location / {
proxy_pass http://php;
include proxy_params;
}
}
server {
listen 80;
server_name jpress.etiantian.org;
location / {
proxy_pass http://java;
include proxy_params;
}
}
[root@db01 conf.d]# cat /etc/nginx/proxy_params
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
[root@db01 conf.d]# nginx -t
[root@db01 conf.d]# systemctl restart nginx
##windows hosts parsing browser access
# +keepalived
#Two LBS are the same configuration, one lb02-6 is fast configuration
[root@lb02 ~]# yum install nginx
[root@lb02 ~]# scp -rp root@172.16.1.5:/etc/yum.repos.d /etc / (the yum warehouse has been configured in the basic environment)
[root@lb02 conf.d]# rsync -avz root@172.16.1.5:/etc/nginx /etc/ --delete
[root@lb02 ~]# systemctl start nginx
[root@lb02 ~]# systemctl enable nginx
# Install keepalived
[root@lb01 ~]# yum install keepalived -y
[root@lb02 ~]# yum install keepalived -y
#Configure keepalived
[root@lb01 conf.d]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@lb01 conf.d]# systemctl restart keepalived
[root@lb01 conf.d]# systemctl enable keepalived
[root@lb02 conf.d]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@lb02 conf.d]# systemctl restart keepalived
[root@lb01 conf.d]# systemctl enable keepalived
Configure nginx Tomcat HTTPS encrypted access project
[root@web01 code]# mkdir /etc/nginx/ssl_key
[root@web01 code]# cd /etc/nginx/ssl_key/
[root@web01 ~]# openssl genrsa -idea -out server.key 2048
//Here the password is set 1234
[root@web01 ~]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:WH
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:edu
Organizational Unit Name (eg, section) []:SA
Common Name (eg, your name or your server's hostname) []:bgx
Email Address []:bgx@foxmail.com
[root@web01 ssl_key]# cat /etc/nginx/conf.d/wecenter-https.conf
server {
listen 443;
server_name wecenter.etiantian.org;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
root /code/wecenter;
index index.php index.html;
}
location ~ \.php$ {
root /code/wecenter;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 ~]# cat /etc/nginx/conf.d/wordpress-https.conf
server {
server_name wordpress.etiantian.org;
listen 443;
root /code/wordpress;
index index.php index.html;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location ~ \.php$ {
root /code/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 conf.d]# rsync -avz /etc/nginx root@172.16.1.8:/etc/ --delete
[root@web01 ssl_key]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 ssl_key]# systemctl restart nginx
# Load balancing configuration
[root@lb01 code]# mkdir /etc/nginx/ssl_key
[root@lb01 code]# cd /etc/nginx/ssl_key/
[root@lb01 ssl_key]# scp -rp root@172.16.1.7:/etc/nginx/ssl_key/* ./
[root@lb01 nginx]# cat /etc/nginx/conf.d/proxy-https.conf
upstream php {
server 172.16.1.7:443;
server 172.16.1.8:443;
}
upstream java {
server 172.16.1.9:8080;
}
server {
listen 80;
server_name wordpress.etiantian.org;
return 302 https://$server_name$request_uri;
}
server {
listen 80;
server_name wecenter.etiantian.org;
return 302 https://$server_name$request_uri;
}
server {
listen 80;
server_name jpress.etiantian.org;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name jpress.etiantian.org;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
# note, there is not SSL here! plain HTTP is used
proxy_pass http://java;
}
}
server {
listen 443;
server_name wordpress.etiantian.org;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass https://php;
include proxy_params;
}
}
server {
listen 443;
server_name wecenter.etiantian.org;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass https://php;
include proxy_params;
}
}
# lb02 same configuration
[root@lb01 ssl_key]# rsync -avz /etc/nginx root@172.16.1.6:/etc/ --delete
#One of the most critical is the configuration of ssl_certificate and ssl_certificate_key. The others are configured as normal. However, there is an additional proxy_set_header x-forwarded-proxy HTTPS; configuration.
Tomcat server.xml Full configuration
[root@web03 server]# cat tomcat8_1/conf/server.xml
<?xml version="1.0" encoding="UTF-8"?>
<Server port="8011" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8081" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443"
proxyPort="443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
#There is nothing special in the above configuration, but it should be noted that there must be a proxyPort="443", which is the key of the whole article. Of course, the redirectPort must also be 443. At the same time, the configuration of the < value > node is also very important, otherwise your application in Tomcat will not work in reading the getScheme() method and some security policies configured in web.xml.Real time replication of NFS storage data to static Web local 172.16.1.9/10/web01/02
# web01 prepare environment
[root@web01 ~]# yum install rsync -y / / the basic environment is already installed
[root@web01 ~]# cat /etc/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.password
log file = /var/log/rsyncd.log
#####################################
[data]
path = /data
[root@web01 ~]# mkdir /data/
[root@web01 ~]# groupadd -g666 www (user already exists)
[root@web01 ~]# useradd -u666 -g666 www
[root@web01 ~]# chown -R www.www /data/
[root@web01 ~]# chmod 755 /data (default 755)
# Create the virtual connection user used by rsync
[root@web01 ~]# echo "rsync_backup:1" > /etc/rsync.password
[root@web01 ~]# chmod 600 /etc/rsync.password
[root@web01 ~]# systemctl enable rsyncd
[root@web01 ~]# systemctl restart rsyncd
# Modify the sersync configuration file before copying
[root@nfs01 data]# cd /usr/local/sersync/
[root@nfs01 sersync]# cp confxml.xml web01-confxml.xml
[root@nfs01 sersync]# vim web01-confxml.xml # Where to modify
<host hostip="localhost" port="8009"></host>
<remote ip="172.16.1.7" name="data"/>
#Startup service
[root@nfs01 sersync]# /usr/local/sersync/sersync2 -dro /usr/local/sersync/web01-confxml.xml
web02 Similar operationNginx static Web service environment 172.16.1.9/10/sweb01/02 + dynamic and static separation
flag-------------------------------
//System service address
CentOS7.5 proxy 10.0.0.5 lb01
CentOS7.5 Nginx 10.0.0.7 web01
CentOS7.5 TOmcat 10.0.0.9 web03
# web01 static resources
[root@web01 data]# wget http://nginx.org/nginx.png
[root@web01 data]# cat /etc/nginx/conf.d/ds.conf
server {
listen 80;
server_name ds.etiantian.org;
root /data;
index index.php index.html;
location ~* .*\.(png|jpg|gif)$ {
root /data;
}
}
# web03 dynamic resources
[root@web03 webapps]# cat /server/tomcat8_1/webapps/ROOT/java-test.jsp
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<HTML>
<HEAD>
<TITLE>JSP Test Page</TITLE>
</HEAD>
<BODY>
<%
Random rand = new Random();
out.println("<h1>Random number:</h1>");
out.println(rand.nextInt(99)+100);
%>
</BODY>
</HTML>
#lb01 integrate static and dynamic resources in one page
# nginx configuration
[root@lb01 conf.d]# cat /etc/nginx/conf.d/ds.conf
upstream static {
server 10.0.0.7:80;
}
upstream javaround {
server 10.0.0.9:8080;
}
server {
listen 80;
server_name ds.etiantian.org;
location / {
root /soft/code;
index index.html;
}
location ~ .*\.(png|jpg|gif)$ {
proxy_pass http://static;
include proxy_params;
}
location ~ .*\.jsp$ {
proxy_pass http://javaround;
include proxy_params;
}
}
# code
[root@lb01 conf.d]# cat /soft/code/index.html
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>test ajax And cross domain access</title>
<script src="http://libs.baidu.com/jquery/2.1.4/jquery.min.js"></script>
</head>
<script type="text/javascript">
$(document).ready(function(){
$.ajax({
type: "GET",
url: "http://ds.etiantian.org/java-test.jsp",
success: function(data) {
$("#get_data").html(data)
},
error: function() {
alert("fail!!,Please refresh and try again!");
}
});
});
</script>
<body>
<h1>Test dynamic and static separation</h1>
<img src="http://ds.etiantian.org/nginx.png">
<div id="get_data"></div>
</body>
</html>
# windows hosts parsing 10.0.0.5 ds.etian.org
# The image and dynamic random number are displayed on one page at the same time,
# Stop the picture on nginx page of web01 and it will not be displayed. The dynamic resources will be displayed normally and vice versa