2018-08-07大做業
業務需求:javascript
用13臺虛擬機搭建一個高可用負載均衡集羣架構出來,並運行三個站點,具體需求以下。
1 設計你認爲合理的架構,用visio把架構圖畫出來
2 搭建lnmp、tomcat+jdk環境
3 三個站點分別爲:discuz論壇、dedecms企業網站以及zrlog博客
4 因爲機器有限,儘量地把三個站點放到同一臺服務器上,而後作負載均衡集羣,要求全部站點域名解析到一個ip上,也就是說只有一個出口ip
5 須要共享靜態文件,好比discuz須要共享的目錄是 data/attachment,dedecms須要共享upload(具體目錄,你能夠先上傳一個圖片,查看圖片所在目錄)
6 設計合理的目錄、文件權限,好比discuz的data目錄須要給php-fpm進程用戶可寫權限,其餘目錄不用寫的就不要給寫權限(目錄755,文件644,屬主屬組root)
7 全部服務器要求只能普通用戶登陸,並且只能密鑰登陸,root只能普通用戶sudo
8 給全部服務器作一個簡單的命令審計功能
9 php-fpm服務要求設置慢執行日誌,超時時間爲2s,並作日誌切割,日誌保留一月
10 全部站點都須要配置訪問日誌,並作日誌切割,要求靜態文件日誌不作記錄,日誌保留一月
11 制定合理的mysql數據備份方案,並寫備份腳本,要求把備份數據傳輸到備份服務器
12 制定代碼、靜態文件的備份方案,並寫備份腳本,要求把備份數據傳輸到備份服務器
12 編寫數據恢復文檔,能保證當數據丟失在2小時內恢復全部數據
13 搭建zabbix監控告警系統,要求監控各個基礎指標(cpu、內存、硬盤),網卡流量須要成圖,還須要監控web站點的可用性
14 定製自定義監控腳本,監控web服務器的併發鏈接數,接入zabbix,成圖,設置觸發器,超過100告警
15 定製自定義監控腳本,監控mysql的隊列,接入zabbix,成圖,設置觸發器,隊列超過300告警
16 定製自定義監控腳本,監控mysql的慢查詢日誌,接入zabbix,成圖,設置觸發器,每分鐘超過60條日誌須要告警,須要仔細分析慢查詢日誌的規律,肯定日誌條數
17 利用jmx,在zabbix上監控tomcat
18 給三個站點的後臺訪問作二次認證,增長安全性
19 用shell腳本實現文件、代碼同步上線(參考分發系統)php
能夠簡單把需求分爲如下幾部分:
•第一部分:基礎css
1 、設計你認爲合理的架構,用visio把架構圖畫出來 七、全部服務器要求只能普通用戶登陸,並且只能密鑰登陸,root只能普通用戶sudo 8 、給全部服務器作一個簡單的命令審計功能 1八、用shell腳本實現文件、代碼同步上線(參考分發系統)
•第二部分:web服務器html
2 搭建lnmp、tomcat+jdk環境 3 三個站點分別爲:discuz論壇、dedecms企業網站以及zrlog博客 4 因爲機器有限,儘量地把三個站點放到同一臺服務器上,而後作負載均衡集羣,要求全部站點域名解析到一個ip上,也就是說只有一個出口ip 5 須要共享靜態文件,好比discuz須要共享的目錄是 data/attachment,dedecms須要共享upload(具體目錄,你能夠先上傳一個圖片,查看圖片所在目錄) 6 設計合理的目錄、文件權限,好比discuz的data目錄須要給php-fpm進程用戶可寫權限,其餘目錄不用寫的就不要給寫權限(目錄755,文件644,屬主屬組root) 9 php-fpm服務要求設置慢執行日誌,超時時間爲2s,並作日誌切割,日誌保留一月 10 全部站點都須要配置訪問日誌,並作日誌切割,要求靜態文件日誌不作記錄,日誌保留一月 17 給三個站點的後臺訪問作二次認證,增長安全性
•第三部分:前端
11 制定合理的mysql數據備份方案,並寫備份腳本,要求把備份數據傳輸到備份服務器 12 制定代碼、靜態文件的備份方案,並寫備份腳本,要求把備份 12 編寫數據恢復文檔,能保證當數據丟失在2小時內恢復全部數據
•第四部分:zabbix監控java
13 搭建zabbix監控告警系統,要求監控各個基礎指標(cpu、內存、硬盤),網卡流量須要成圖,還須要監控web站點的可用性, 14 定製自定義監控腳本,監控web服務器的併發鏈接數,超過100告警 15 定製自定義監控腳本,監控mysql的隊列,隊列超過300告警 16 定製自定義監控腳本,監控mysql的慢查詢日誌,每分鐘超過60條日誌須要告警,須要仔細分析慢查詢日誌的規律,肯定日誌條數
第一部分需求設置:
一、架構圖
二、根據架構圖分配機器角色:node
192.168.66.100 VIP 192.168.66.130 前端nginx負載主機+keepalived 192.168.66.131 前端nginx負載備機+keepalived 192.168.66.132 web服務器(lnmp+tomcat) 192.168.66.133 web服務器(lnmp+tomcat) 192.168.66.134 web服務器(lnmp+tomcat) 192.168.66.135 web服務器(lnmp+tomcat) 192.168.66.136 web服務器(lnmp+tomcat) 192.168.66.137 web服務器(lnmp+tomcat) 192.168.66.138 mysql讀寫分離調度器(mycat)+備份服務器 192.168.66.139 mysql主服務器 192.168.66.140 mysql從服務器 192.168.66.141 mysql從服務器 192.168.66.142 zabbix服務器
三、經過expect腳本批量建立普通用戶linux,並授予sudo權限
須要在13臺機器上建立linux用戶,建立密碼並授予sudo權限,IP爲192.168.66.130-142
•先登陸192.168.66.130,安裝expectmysql
[root@localhost ~]# yum install -y expect vim
[root@localhost ~]# cd /usr/local/sbin
[root@localhost sbin]# vim useradd.expect #內容以下
#!/usr/bin/expect
set user [ lindex $argv 0 ]
set passwd "123456"
set host [ lindex $argv 1 ]
set cm [ lindex $argv 2 ]
spawn ssh $user@$host
expect {
"yes/no" { send "yes\r"; exp_continue}
"assword:" { send "$passwd\r" }
}
expect "]*"
send "$cm\r"
expect "]*"
send "exit\r"
interact
[root@localhost sbin]# chmod +x useradd.expect #賦予執行權限
•建立useradd.sh腳本調用useradd.expectlinux
[root@localhost sbin]# vim ip.txt #增長ip列表,內容以下 192.168.66.130 192.168.66.131 192.168.66.132 192.168.66.133 192.168.66.134 192.168.66.135 192.168.66.136 192.168.66.137 192.168.66.138 192.168.66.139 192.168.66.140 192.168.66.141 192.168.66.142 [root@localhost sbin]# vim useradd.sh #建立用戶,密碼並授予sudo權限,並建立.ssh目錄爲密鑰準備 #!/bin/bash for i in `cat ip.txt` do ./useradd.expect "root" "$i" " useradd linux && echo "linux123"|passwd --stdin linux && echo 'linux ALL=(ALL) NOPASSWD:ALL' >>/etc/sudoers &&mkdir /home/linux/.ssh&&chmod 700 /home/linux/.ssh" done [root@localhost sbin]# sh useradd.sh
注意:第4步,請放到全部服務都搭建完成後再執行,由於搭建web服務器和mysql等啓動服務須要用到root用戶nginx
四、全部服務器要求只能普通用戶登陸,並且只能密鑰登陸
首先生成密鑰對,這裏xshell生成
工具-新建用戶密鑰生成嚮導-設置密鑰長度-生成密鑰對-生成公鑰-設置私鑰-複製公鑰內容
在Linux上配置公鑰,先用linux用戶登錄130機器,以前建立用戶的時候已經建立.ssh目錄和設定了權限
①建立公鑰文件
vim /home/linux/.ssh/authorized_keys #粘貼剛纔複製的公鑰內容,保存退出 chmod 644 /home/linux/.ssh/authorized_keys
②同步authorized_keys到全部機器,用expect腳本實現
cd /usr/local/sbin
sudo vim rsync-pub.expect
#!/usr/bin/expect
#同步公鑰文件到其餘服務器,配合rsync-pub.sh使用
set user "linux"
set passwd "linux123"
set host [ lindex $argv 0 ]
spawn rsync -av /home/linux/.ssh/authorized_keys $user@$host:/home/linux/.ssh/
expect {
"yes/no" { send "yes\r";exp_continue }
"password:" { send "$passwd\r" }
}
expect eof
•保存後記得賦予執行權限
rsync-pub.sh
sudo vim rsync-pub.sh
#!/bin/bash
#同步公鑰文件到其餘機器,配合rsync-pub.expect
for ip in `cat ip.txt`
do
if [ $ip == "192.168.66.130" ]
then
continue
else
./rsync-pub.expect "$ip"
fi
done
執行rsync-pub.sh便可把文件同步到全部機器
④使root沒法遠程登陸的方法,用戶只能使用密鑰登陸
修改/etc/ssh/sshd_config的內容,將"#PermitRootLogin yes"修改成"PermitRootLogin no" 將"#PasswordAuthentication yes"修改成"PasswordAuthentication no" 將"#PubkeyAuthentication yes"修改成"PubkeyAuthentication yes" 重啓sshd服務
⑥批量修改全部機器
cd /usr/local/sbin
vim nologin.expect
#!/usr/bin/expect
set user "linux"
set passwd "linux123"
set host [ lindex $argv 0 ]
spawn ssh $user@$host
expect {
"yes/no" { send "yes\r";exp_continue }
"password" { send "$passwd\r" }
}
expect "]*"
send "sudo sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config \r"
expect "]*"
send "sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config \r"
expect "]*"
send "sudo sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config \r"
expect "]*"
send "sudo systemctl restart sshd \r"
expect "]*"
send "exit \r"
•保存後須要賦予執行權限
⑦建立nologin.sh
vim nologin.sh
#!/bin/bash
for ip in `cat ip.txt`
do
./nologin.expect $ip &>>nologin.log
if [ $? -eq "0" ]
then
echo $ip.....[ ok ]
else
echo $ip.....[ faild ]
fi
done
執行nologin.sh便可實現root用戶不能遠程登錄,普通用戶只能密鑰登錄,至此,第一部分需求完成
2、搭建mysql,由於搭建web服務器須要用到數據庫mysql,因此先搭建第三部分
192.168.66.138 mysql讀寫分離調度器(mycat)+備份服務器 192.168.66.139 mysql主服務器 192.168.66.140 mysql從服務器 192.168.66.141 mysql從服務器
用root用戶登錄,寫一個通用的能夠批量遠程執行命令的expect腳本
[root@localhost ~]# vim cmd.expect
#!/usr/bin/expect
set user [lindex $argv 0] # 系統用戶
set host [lindex $argv 1] # 服務器地址
set passwd [lindex $argv 2] # 密碼
set cm [lindex $argv 3] # 須要執行的命令
spawn ssh $user@$host
set timeout -1
expect {
"yes/no" { send "yes\r"}
"password:" { send "$passwd\r" }
}
expect "]#"
send "$cm\r"
expect "]#"
send "exit\r"
interact
[root@localhost ~]# chmod a+x cmd.expect
[root@localhost ~]# vim cmd.sh # 調用腳本
#!/bin/bash
user=$2
password=$3
cm=$4
for ip in `cat $1`
do
./cmd.expect "$user" "$ip" "$password" "$cm"
done
## 參數1是存儲ip列表的文件路徑
## 參數2是用戶名
## 參數3是密碼
## 參數4須要執行的命令
# 使用這個腳本批量安裝一些基礎通用的工具
[root@localhost ~]# sh ./cmd.sh "/root/ip.txt" "root" "123456" "yum -y install expect vim-enhanced epel-release libmcrypt-devel libmcrypt"
ip.txt內容爲
192.168.66.130 192.168.66.131 192.168.66.132 192.168.66.133 192.168.66.134 192.168.66.135 192.168.66.136 192.168.66.137 192.168.66.138 192.168.66.139 192.168.66.140 192.168.66.141 192.168.66.142
經過以前寫的批量執行命令腳本安裝mysql:
[root@localhost ~]# sh ./cmd.sh "/root/dbip.txt" "root" "123456" "cd /usr/local/src/; yum install -y epel-release wget perl-Module-Install.noarch libaio*; wget http://mirrors.163.com/mysql/Downloads/MySQL-5.6/mysql-5.6.39-linux-glibc2.12-x86_64.tar.gz; tar -zxvf mysql-5.6.39-linux-glibc2.12-x86_64.tar.gz; mv mysql-5.6.39-linux-glibc2.12-x86_64 ../mysql; cd /usr/local/mysql; mkdir /data/; useradd mysql; ./scripts/mysql_install_db --user=mysql --datadir=/data/mysql; echo $? > /root/downloadMySQL.log"
dbip.txt內容爲
192.168.66.139 192.168.66.140 192.168.66.141
先配置主139的配置文件,而後使用rsync同步到從上:
# 拷貝配置文件 [root@localhost ~]# cp /usr/local/mysql/support-files/my-default.cnf /etc/my.cnf [root@localhost ~]# vim /etc/my.cnf [mysqld] datadir=/data/mysql socket=/tmp/mysql.sock # 拷貝啓動腳本 [root@localhost ~]# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld # 而後定義basedir和datadir的路徑 [root@localhost ~]# vim /etc/init.d/mysqld basedir=/usr/local/mysql datadir=/data/mysql # 將mysql加入服務列表裏面去,並設置爲開機啓動: [root@localhost ~]# chkconfig --add mysqld [root@localhost ~]# chkconfig mysqld on
編寫同步文件的expect腳本:sync.expect
[root@localhost ~]# vim sync.expect #寫入以下內容
#!/usr/bin/expect
set host [lindex $argv 0]
set passwd [lindex $argv 1]
set file [lindex $argv 2]
spawn rsync -avR --files-from=$file / root@$host:/
expect {
"yes/no" { send "yes\r"}
"password:" { send "$passwd\r" }
}
expect eof
調用腳本:sync.sh
[root@localhost ~]# vim sync.sh #寫入以下內容
#!/bin/bash
passwd=$2
file=$3
for ip in `cat $1`
do
./sync.expect $ip $passwd $file
done
## 使用方式:##
## sh sync.sh "ip列表文件" "密碼" "文件列表路徑" ##
[root@localhost ~]$ sh ./sync.sh "/root/slaveIP.txt" "123456" "/tmp/DBfile.txt" # 同步配置文件
[root@localhost ~]$ sh ./cmd.sh "/root/slaveIP.txt" "root" "123456" "/etc/init.d/mysqld start; chkconfig --add mysqld; chkconfig mysqld on" # 啓動服務而且將服務添加到服務列表裏
[root@localhost ~]$ sh ./cmd.sh "/root/slaveIP.txt" "root" "123456" "ln -s /usr/local/mysql/bin/mysql /usr/bin/mysql" # 製做軟連接到/usr/bin/目錄下
啓動主從mysql服務,登錄mysql,設置密碼
[root@localhost ~]$ mysql -uroot
mysql> set password=password('123456');
完成密碼的修改和重啓mysql服務器後,先配置主機器:
1.修改my.cnf配置文件: [root@localhost ~]$ vim /etc/my.cnf [mysqld] #增長下面兩行 server-id=139 #要和從上不一致 log_bin=master-bin #主上要打開binlog [root@localhost ~]$ service mysqld restart # 修改完配置文件後,重啓mysqld服務 [root@localhost ~]$ ls /data/mysql # 看看是否多瞭如下兩個文件 master-bin.000001 master-bin.index 2.登陸master上的mysql,爲兩臺slave添加一個同步帳號: mysql> grant replication slave on *.* to 'repl'@'192.168.66.140' identified by '123456'; mysql> grant replication slave on *.* to 'repl'@'192.168.66.141' identified by '123456'; 3.master機器上進行鎖表: mysql> flush tables with read lock; 4.看一下master的狀態,並記錄: mysql> show master status; +-------------------+----------+--------------+------------------+-------------------+ | File| Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set | +-------------------+----------+--------------+------------------+-------------------+ | master-bin.000001 | 166 | | | | +-------------------+----------+--------------+------------------+-------------------+ 1 row in set (0.00 sec)
完成以上master上的操做後,開始配置slave機器:
1.修改slave的/etc/my.cnf
# slave1
[root@localhost ~]$ vim /etc/my.cnf
[mysqld]
#增長下面一行,不用打開binlog
server-id=140
[root@localhost ~]$ service mysqld restart
# slave2
[root@localhost ~]$ vim /etc/my.cnf
[mysqld]
#增長下面一行,不用打開binlog
server-id=141
[root@localhost ~]$ service mysqld restart
2.登陸兩臺slave的mysql的root用戶,分別執行如下命令:
# slave1
[root@localhost ~]$ mysql -uroot -p'123456'
mysql> stop slave;
mysql> change master to master_host='192.168.66.139', master_user='repl', master_password='123456', master_log_file='master-bin.000001', master_log_pos=166;
mysql> start slave;
# slave2
[root@localhost ~]$ mysql -uroot -p'123456'
mysql> stop slave;
mysql> change master to master_host='192.168.66.139', master_user='repl', master_password='123456', masterr_log_file='master-bin.000001', master_log_pos=120;
mysql> start slave;
3.查看兩臺slave的主從狀態是否正常,Slave_IO_Running和 Slave_SQL_Running要爲yes:
mysql> show slave status\G
#下面兩行要爲yes,說明主從同步成功
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
4.回到master139機器上解鎖表,並建立庫111,看能不能同步
# master
mysql> unlock tables;
mysql> create database 111;
5.到slave上看是否同步了建立:
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| 111 |
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.00 sec)
主從配置完成
在192.168.66.138上搭建Mycat服務器
主從搭建完成以後就能夠搭建Mycat服務器實現讀寫分離了,由於Mycat是Java開發的,因此在安裝Mycat以前得先安裝好jdk環境。
1.下載並安裝JDK:
jdk的下載地址要去官網獲取,官網下載地址:http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
下載完以後用xshell自帶的xftp上傳到服務器/usr/local/src目錄下,我這裏已經下載好了
[root@localhost ~]# cd /usr/local/src/ [root@localhost src]# ls jdk-8u181-linux-x64.tar.gz [root@localhost src]# tar zxf jdk-8u181-linux-x64.tar.gz [root@localhost src]$ mv jdk1.8.0_181/ /usr/local/jdk1.8
編輯/etc/profile環境變量配置文件加入如下內容:
JAVA_HOME=/usr/local/jdk1.8/ JAVA_BIN=/usr/local/jdk1.8/bin JRE_HOME=/usr/local/jdk1.8/jre PATH=$PATH:/usr/local/jdk1.8/bin:/usr/local/jdk1.8/jre/bin CLASSPATH=/usr/local/jdk1.8/jre/lib:/usr/local/jdk1.8/lib:/usr/local/jdk1.8/jre/lib/charsets.jar [root@localhost ~]# source /etc/profile #加載配置
查看java環境是否搭建成功,出現以下信息說明成功
[root@localhost ~]# java -version java version "1.8.0_181" Java(TM) SE Runtime Environment (build 1.8.0_181-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)
2.下載安裝Mycat:
下載地址:http://dl.mycat.io/1.6-RELEASE/
[root@localhost ~]$ cd /usr/local/src/ [root@localhost /usr/local/src]$ wget http://dl.mycat.io/1.6-RELEASE/Mycat-server-1.6-RELEASE-20161028204710-linux.tar.gz [root@localhost /usr/local/src]$ tar -zxvf Mycat-server-1.6-RELEASE-20161028204710-linux.tar.gz [root@localhost /usr/local/src]$ mv mycat/ /usr/local/ [root@localhost /usr/local/src]$ ls /usr/local/mycat/ bin catlet conf lib logs version.txt
3.修改Mycat服務器參數調整和用戶受權的配置文件server.xml。主要修改配置段以下:
[root@localhost ~]$ vim /usr/local/mycat/conf/server.xml
# mycat用戶對邏輯數據庫ultrax,DedeCMS,zrlog具備增刪改查的權限
<user name="mycat">
<property name="password">123456</property>
<property name="schemas">ultrax,DedeCMS,zrlog</property>
</user>
# discuz用戶對邏輯數據庫ultrax具備增刪改查的權限
<user name="discuz">
<property name="password">123456</property>
<property name="schemas">ultrax</property>
</user>
# dedecms用戶對邏輯數據庫DedeCMS具備增刪改查的權限
<user name="dedecms">
<property name="password">123456</property>
<property name="schemas">DedeCMS</property>
</user>
# zrlog用戶對邏輯數據庫zrlog具備增刪改查的權限
<user name="zrlog">
<property name="password">123456</property>
<property name="schemas">zrlog</property>
</user>
# 該用戶對邏輯數據庫ultrax,DedeCMS,zrlog僅有隻讀的權限
<user name="user">
<property name="password">123456</property>
<property name="schemas">ultrax,DedeCMS,zrlog</property>
<property name="readOnly">true</property>
</user>
# 建立以上這些用戶是用於鏈接mycat中間件。
4.修改mycat邏輯庫定義和表及分片定義的配置文件schema.xml:
# 把自帶的配置文件重命名,做爲備份
[root@localhost ~]$ mv /usr/local/mycat/conf/schema.xml /usr/local/mycat/conf/schema.xml_bak
# 新建配置文件
[root@localhost ~]$ vim /usr/local/mycat/conf/schema.xml
# 配置內容以下:
<?xml version="1.0"?>
<!DOCTYPE mycat:schema SYSTEM "schema.dtd">
<mycat:schema xmlns:mycat="http://io.mycat/">
<schema name="ultrax" checkSQLschema="false" sqlMaxLimit="1000" dataNode="dn1" />
<schema name="DedeCMS" checkSQLschema="false" sqlMaxLimit="1000" dataNode="dn2" />
<schema name="zrlog" checkSQLschema="false" sqlMaxLimit="1000" dataNode="dn3" />
<dataNode name="dn1" dataHost="localhost1" database="ultrax" />
<dataNode name="dn2" dataHost="localhost1" database="DedeCMS" />
<dataNode name="dn3" dataHost="localhost1" database="zrlog" />
<dataHost name="localhost1" maxCon="2000" minCon="1" balance="3"
writeType="1" dbType="mysql" dbDriver="native" switchType="1" slaveThreshold="100">
<heartbeat>select user()</heartbeat>
<writeHost host="hostM1" url="192.168.66.139:3306" user="root" password="123456">
<!-- can have multi read hosts -->
<readHost host="hostS1" url="192.168.66.140:3306" user="root" password="123456" />
<readHost host="hostS2" url="192.168.66.141:3306" user="root" password="123456" />
</writeHost>
</dataHost>
</mycat:schema>
schema.xml配置文件詳解:
<?xml version="1.0"?> xml文件格式;
<!DOCTYPE mycat:schema SYSTEM "schema.dtd"> 文件標籤屬性;
<mycat:schema xmlns:mycat="http://io.mycat/"> Mycat起始標籤
配置邏輯庫,與server.xml指定庫名保持一致,綁定數據節點dn1;
<schema name="testdb" checkSQLschema="false" sqlMaxLimit="1000" dataNode="dn1"></schema>
添加數據節點dn1,設置數據節點host名稱,同時設置數據節點真實database爲discuz;
<dataNode name="dn1" dataHost="localhost1" database="discuz" />
數據節點主機,綁定數據節點,設置鏈接數及均衡方式、切換方法、驅動程序、鏈接方法;
<dataHost name="localhost1" maxCon="2000" minCon="1" balance="3" writeType="1" dbType="mysql" dbDriver="native" switchType="1" slaveThreshold="100">
Balance均衡策略設置:
1) balance=0 不開啓讀寫分離機制,全部讀操做都發送到當前可用writehost;
2) balance=1 所有的readHost與stand by writeHost參與select語句的負載均衡,簡單的說,當雙主雙從模式(M1->S1,M2->S2,而且M1與 M2互爲主備),正常狀況下,M2,S1,S2都參與select語句的負載均衡
3) balance=2 全部讀操做都隨機的在readhost和writehost上分發;
4) balance=3 全部讀請求隨機的分發到wiriterHost對應的readhost執行,writerHost不負擔讀壓力。
writeType 寫入策略設置
1) writeType=0, 全部寫操做發送到配置的第一個writeHost;
2) writeType=1,全部寫操做都隨機的發送到配置的writeHost;
3) writeType=2,不執行寫操做。
switchType 策略設置
1) switchType=-1,表示不自動切換;
2) switchType=1,默認值,自動切換;
3) switchType=2,基於MySQL 主從同步的狀態決定是否切換;
4) switchType=3,基於MySQL galary cluster的切換機制(適合集羣)(1.4.1),心跳語句爲 show status like 'wsrep%'。
檢測後端MYSQL實例,SQL語句;
<heartbeat>select user()</heartbeat>
指定讀寫請求,同時轉發至後端MYSQL真實服務器,配置鏈接後端MYSQL用戶名和密碼(該用戶名和密碼爲MYSQL數據庫用戶名和密碼);
<writeHost host="hostM1" url="192.168.66.139:3306" user="mycat" password="123456">
<readHost host="hostS1" url="192.168.66.140:3306" user="mycat" password="123456" />
<readHost host="hostS2" url="192.168.66.141:3306" user="mycat" password="123456" />
</writeHost>
</dataHost> 數據主機標籤;
</mycat:schema> mycat結束標籤;
•在主上受權mycat用戶鏈接
mysql> grant all on *.* to 'mycat'@'192.168.66.138' identified by '123456'; mysql> grant all on ultrax.* to 'discuz'@'192.168.66.%' identified by '123456'; mysql> grant all on DedeCMS.* to 'dedecms'@'192.168.66.%' identified by '123456'; mysql> grant all on zrlog.* to 'zrlog'@'192.168.66.%' identified by '123456';
5.mycat配置完畢。啓動mycat並查看端口8066和9066端口是否起來:
[root@localhost ~]$ /usr/local/mycat/bin/mycat start [root@localhost ~]$ netstat -lntp tcp6 0 0 :::9066 :::* LISTEN 1413/java tcp6 0 0 :::8066 :::* LISTEN 1413/java # 注意:若是沒有這兩個端口沒有啓動,查看java環境是否生效。 # 8066是用於web鏈接mycat. # 9066是用於SA|DBA管理端口.
回到master139上,經過mycat機器的IP和8066端口鏈接mysql:
[root@localhost ~]$ mysql -h'192.168.66.138' -udiscuz -p'123456' -P'8066' mysql> show databases; +----------+ | DATABASE | +----------+ | ultrax | +----------+ 1 row in set (0.01 sec)
使用root用戶登陸看看是否能查看到全部的數據庫:
[root@localhost ~]$ mysql -h'192.168.66.138' -uroot -p'123456' -P'8066' mysql> show databases; +----------+ | DATABASE | +----------+ | DedeCMS | | ultrax | | zrlog | +----------+ 3 rows in set (0.00 sec)
而後以9066端口登錄查看數據源:
[root@localhost ~]$ mysql -h'192.168.66.138' -uroot -p'123456' -P'9066' mysql> show @@datasource; +----------+--------+-------+-----------------+------+------+--------+------+------+---------+-----------+------------+ | DATANODE | NAME | TYPE | HOST | PORT | W/R | ACTIVE | IDLE | SIZE | EXECUTE | READ_LOAD | WRITE_LOAD | +----------+--------+-------+-----------------+------+------+--------+------+------+---------+-----------+------------+ | dn1 | hostM1 | mysql | 192.168.66.139 | 3306 | W | 0 | 0 | 2000 | 0 | 0 | 0 | | dn1 | hostS1 | mysql | 192.168.66.140 | 3306 | R | 0 | 0 | 2000 | 0 | 0 | 0 | | dn1 | hostS2 | mysql | 192.168.66.141 | 3306 | R | 0 | 0 | 2000 | 0 | 0 | 0 | | dn3 | hostM1 | mysql | 192.168.66.139 | 3306 | W | 0 | 0 | 2000 | 0 | 0 | 0 | | dn3 | hostS1 | mysql | 192.168.66.140 | 3306 | R | 0 | 0 | 2000 | 0 | 0 | 0 | | dn3 | hostS2 | mysql | 192.168.66.141 | 3306 | R | 0 | 0 | 2000 | 0 | 0 | 0 | | dn2 | hostM1 | mysql | 192.168.66.139 | 3306 | W | 0 | 0 | 2000 | 0 | 0 | 0 | | dn2 | hostS1 | mysql | 192.168.66.140 | 3306 | R | 0 | 0 | 2000 | 0 | 0 | 0 | | dn2 | hostS2 | mysql | 192.168.66.141 | 3306 | R | 0 | 0 | 2000 | 0 | 0 | 0 | +----------+--------+-------+-----------------+------+------+--------+------+------+---------+-----------+------------+ 9 rows in set (0.00 sec)
6.在master139上登陸mysql,建立這三個數據庫:
[root@localhost ~]$ mysql -uroot -p'123456' mysql> create database ultrax default character set utf8; mysql> create database DedeCMS default character set utf8; mysql> create database zrlog default character set utf8; mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | DedeCMS | | mysql | | performance_schema | | test | | ultrax | | zrlog | +--------------------+ 7 rows in set (0.00 sec)
至此主從複製和讀寫分離就弄好了,接下來就是搭建web服務器
先搭建LNMP環境,和Tomcat+Java環境,默認80端口給Nginx,Tomcat使用8080端口。
1.先在一臺機器上部署好所有環境,而後經過rsync同步整個環境:
①下載並安裝Nginx:
[root@localhost ~]$ yum -y install epel-release wget gcc gcc-c++ libmcrypt-devel libmcrypt libcurl-devel libxml2-devel openssl-devel bzip2-devel libjpeg-devel libpng-devel freetype-devel libmcrypt-devel; cd /usr/local/src/; wget http://nginx.org/download/nginx-1.12.1.tar.gz; tar -zxvf nginx-1.12.1.tar.gz; cd nginx-1.12.1; ./configure --prefix=/usr/local/nginx --with-http_ssl_module; echo $? > /root/downloadNginx.log; make && make install; echo $? >> /root/downloadNginx.log
先配置其中一臺機器的配置文件:
編輯啓動腳本:/etc/init.d/nginx
vim /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
編輯完成後,給這個啓動腳本文件設置755權限:
chmod 755 /etc/init.d/nginx
把nginx服務添加到服務列表,並設置開機啓動:
chkconfig --add nginx chkconfig nginx on
進入nginx的conf目錄:
cd /usr/local/nginx/conf
而後重命名一下配置文件:
mv nginx.conf nginx.conf.bak
由於不使用nginx自帶的配置文件,因此須要編輯一個配置文件:
vim /etc/init.d/nginx
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
檢查配置文件有沒有錯誤:
/usr/local/nginx/sbin/nginx -t
沒有問題就能夠啓動nginx 了:
service nginx start
②安裝mysql,這是由於php須要用到mysql的驅動庫,因此只須要安裝便可,不須要進行配置:
[root@localhost ~]$ cd /usr/local/src/; yum install -y epel-release wget perl-Module-Install.noarch libaio*;wget http://mirrors.163.com/mysql/Downloads/MySQL-5.6/mysql-5.6.39-linux-glibc2.12-x86_64.tar.gz; tar -zxvf mysql-5.6.39-linux-glibc2.12-x86_64.tar.gz; mv mysql-5.6.39-linux-glibc2.12-x86_64 ../mysql; cd /usr/local/mysql; mkdir /data/; useradd mysql; ./scripts/mysql_install_db --user=mysql --datadir=/data/mysql; echo $? > /root/downloadMySQL.log"
③安裝PHP:
批量執行命令:
[root@localhost ~]$ cd /usr/local/src/; yum -y install epel-release wget gcc gcc-c++ libmcrypt-devel libmcrypt libcurl-devel libxml2-devel openssl-devel bzip2-devel libjpeg-devel libpng-devel freetype-devel libmcrypt-devel; wget http://cn2.php.net/distributions/php-5.6.30.tar.gz; tar -zxvf php-5.6.30.tar.gz; cd php-5.6.30/; ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-pdo-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --with-pear --with-curl --with-openssl; echo $? > /root/downloadPHP.log; make && make install; echo $? >> /root/downloadPHP.log
安裝完以後拷貝php的配置文件:
[root@localhost php-5.6.30]$ cp php.ini-production /usr/local/php-fpm/etc/php.ini
建立一個php-fpm.conf文件:
[root@localhost ~]$ vim /usr/local/php-fpm/etc/php-fpm.conf # 內容以下: [global] pid = /usr/local/php-fpm/var/run/php-fpm.pid error_log = /usr/local/php-fpm/var/log/php-fpm.log [www] listen = /tmp/php-fcgi.sock listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024
拷貝啓動腳本、更改文件權限、添加到服務列表裏,並設置開機啓動:
[root@localhost php-5.6.30]# cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm [root@localhost php-5.6.30]#chmod 755 /etc/init.d/php-fpm [root@localhost php-5.6.30]#chkconfig --add php-fpm [root@localhost php-5.6.30]#chkconfig php-fpm on
添加php-fpm服務用戶:
useradd -s /sbin/nologin php-fpm
使用php-fpm -t檢測一下配置文件有沒有問題:
[root@localhost ~]$ /usr/local/php-fpm/sbin/php-fpm -t
沒有問題後就啓動服務,並檢查進程:
[root@localhost ~]$ service php-fpm start Starting php-fpm done [root@localhost ~]$ ps aux |grep php-fpm
④安裝tomcat
安裝tomcat以前要先安裝jdk,jdk安裝請參考上面安裝mycat的過程
這裏直接安裝tomcat
[root@localhost src]$ wget http://mirrors.shuosc.org/apache/tomcat/tomcat-8/v8.5.24/bin/apache-tomcat-8.5.24.tar.gz [root@localhost src]$ tar -zxvf apache-tomcat-8.5.24.tar.gz [root@localhost src]$ mv apache-tomcat-8.5.24 /usr/local/tomcat
啓動與關閉服務的命令:
/usr/local/tomcat/bin/startup.sh # 啓動服務 /usr/local/tomcat/bin/shutdown.sh # 關閉服務
查看進程與端口:
netstat -lntp #三個端口8080 8009 8005 ps aux |grep java
⑤搭建discuz論壇、dedecms企業網站以及zrlog博客
1.搭建discuz論壇,先給discuz配置一個虛擬主機站點,先把nginx主配置文件nginx.conf中的server段刪除
vim /usr/local/nginx/conf/nginx.conf
#刪除server那段
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
刪除後加上這一行,這是用來引用虛擬主機配置文件的:
include vhost/*.conf;
建立vhost目錄:
mkdir /usr/local/nginx/conf/vhost
進入到vhost目錄下,建立一個discuz.com.conf文件:
cd /usr/local/nginx/conf/vhost
vim discuz.com.conf #添加下面的內容
server
{
listen 80;
server_name www.discuz.com;
index index.html index.htm index.php;
root /data/wwwroot/discuz.com;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/discuz.com$fastcgi_script_name;
}
}
建立站點目錄:
mkdir -p /data/wwwroot/discuz.com/
二、開始安裝Discuz
下載Discuz的壓縮包:
Discuz的壓縮包能夠在官網下載本身須要的版本:http://www.discuz.net/forum.php
[root@localhost ~]# cd /usr/local/src/ [root@localhost src]# wget http://download.comsenz.com/DiscuzX/3.3/Discuz_X3.3_SC_UTF8.zip
解壓:
[root@localhost src]# unzip Discuz_X3.3_SC_UTF8.zip
解壓後會有如下幾個目錄:
[root@localhost src]# ls Discuz_X3.3_SC_UTF8.zip readme upload utility
把upload目錄下全部的文件拷貝到discuz.com站點目錄下:
[root@localhost src]# cp -r upload/* /data/wwwroot/discuz.com/
到windows上配置hosts文件,windows的hosts文件默認在這個目錄下:
C:\Windows\System32\drivers\etc
在hosts文件中加上這一句:
192.168.66.132 www.discuz.com
保存以後就能夠在瀏覽器訪問 www.discuz.com 進入discuz的安裝界面
而後就會進入目錄、文件的權限檢查界面,可是會發現這些目錄或文件權限不足,因此都是不可寫的狀態:
用腳本把提示對應目錄權限改爲777,
[root@localhost ~]# cd /data/wwwroot/discuz.com/ [root@localhost discuz.com]# vim fileList.txt # 先把路徑都放在一個文本文件中 ./config ./data ./data/cache ./data/avatar ./data/plugindata ./data/download ./data/addonmd5 ./data/template ./data/threadcache ./data/attachment ./data/attachment/album ./data/attachment/forum ./data/attachment/group ./data/log ./uc_client/data/cache ./uc_server/data/ ./uc_server/data/cache ./uc_server/data/avatar ./uc_server/data/backup ./uc_server/data/logs ./uc_server/data/tmp uc_server/data/view [root@localhost discuz.com]# vim filePermission.sh #!bin/bash for file in `cat ./fileList.txt` do chmod 777 $file done [root@localhost discuz.com]# sh ./filePermission.sh
刷新後
點擊下一步:
選擇「全新安裝 Discuz! X,點擊「下一步」,進入安裝數據庫的界面,以下圖所示,須要注意的是數據庫填的是主的IP,一會再去配置中改爲mycat的地址
這裏只須要輸入你數據庫root用戶的密碼,而後再設置一個admin密碼就能夠了,發送告警郵件的郵箱寫不寫均可以,剩下的會自動進行安裝:
安裝完成後點擊訪問便可
訪問:
而後回到web服務器上修改discuz的配置文件。將dbhost,dbuser,dbpw,dbname中的參數改成和mycat一一對應。實現讀寫分離:
[root@localhost discuz.com]$ vim /data/wwwroot/discuz.com/config/config_global.php // ---------------------------- CONFIG DB ----------------------------- // $_config['db']['1']['dbhost'] = '192.168.66.138:8066'; $_config['db']['1']['dbuser'] = 'discuz'; $_config['db']['1']['dbpw'] = '123456'; $_config['db']['1']['dbcharset'] = 'utf8'; $_config['db']['1']['pconnect'] = '0'; $_config['db']['1']['dbname'] = 'ultrax'; $_config['db']['1']['tablepre'] = 'pre_'; $_config['db']['slave'] = ''; $_config['db']['common']['slave_except_table'] = ''; ## 修改完成後重啓nginx [root@localhost discuz.com]$ service nginx restart Restarting nginx (via systemctl): [ 肯定 ]
而後登陸discuz論壇的admin用戶,可以成功登陸表明沒問題:
⑥搭建dedecms企業網站,一樣的也須要先配置一個虛擬主機站點:
進入到vhost目錄下,建立一個dedecms.com.conf文件:
cd /usr/local/nginx/conf/vhost vim dedecms.com.conf
添加如下內容:
server
{
listen 80;
server_name www.dedecms.com;
index index.html index.htm index.php;
root /data/wwwroot/dedecms.com;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/dedecms.com$fastcgi_script_name;
}
}
建立站點目錄:
mkdir -p /data/wwwroot/dedecms.com/
官網上下載Dedecms的壓縮包,官網下載地址以下:
http://www.dedecms.com/products/dedecms/downloads/
這裏下載的是5.7的UTF8版本的:
[root@localhost ~]# cd /usr/local/src/ [root@localhost src]# wget http://updatenew.dedecms.com/base-v57/package/DedeCMS-V5.7-UTF8-SP2.tar.gz
下載以後解壓到對應的目錄
[root@localhost src]# tar -zxvf DedeCMS-V5.7-UTF8-SP2.tar.gz [root@localhost src]# ls DedeCMS-V5.7-UTF8-SP2 [root@localhost src]# cd DedeCMS-V5.7-UTF8-SP2 [root@localhos DedeCMS-V5.7-UTF8-SP2]# ls docs uploads [root@localhost DedeCMS-V5.7-UTF8-SP2]#cp -r ./uploads/* /data/wwwroot/dedecms.com/
完成以上操做後,一樣的配置一下windows上的hosts文件,而後使用瀏覽器訪問
由於權限不足出現如下界面的狀況:
把對應目錄權限設置下:
[root@localhost dedecms.com]$ chmod 777 ./plus [root@localhost dedecms.com]$ chmod 777 ./dede [root@localhost dedecms.com]$ chmod 777 ./data [root@localhost dedecms.com]$ chmod 777 ./a [root@localhost dedecms.com]$ chmod 777 ./install [root@localhost dedecms.com]$ chmod 777 ./special [root@localhost dedecms.com]$ chmod 777 ./uploads/
賦予權限後刷新頁面就行了:
設置數據庫信息和管理員密碼:
安裝完成:
訪問http://www.dedecms.com/dede/ 輸入管理的用戶密碼後能夠登陸網站後臺:
登錄成功
⑦搭建zrlog博客系統:
1.配置tomcat的虛擬主機,Tomcat在server.xml文件中配置虛擬主機:
[root@localhost ~]$ vim /usr/local/tomcat/conf/server.xml
# 在文件中增長如下內容:
<Host name="www.zrlog.com" appBase=""
unpackWARs= "true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Context path="" docBase="/data/wwwroot/zrlog.com/" debug="0" reloadable="true" crossContext="true"/>
2.建立相應的站點目錄:
mkdir /data/wwwroot/zrlog.com
3.下載zrlog,並解壓到站點目錄下:
[root@localhost ~]$ cd /usr/local/src/ [root@localhost src]$ wget http://dl.zrlog.com/release/zrlog-1.7.1-baaecb9-release.war [root@localhost src]$ unzip zrlog-1.7.1-baaecb9-release.war -d /data/wwwroot/zrlog.com
4.爲了共享80端口還須要配置nginx反向代理tomcat,編輯主機配置文件:
[root@localhost ~]$ vim /usr/local/nginx/conf/vhost/zrlog.com.conf
## 文件內容以下
upstream zrlog_com
{
ip_hash;
server localhost:8080;
}
server
{
listen 80;
server_name www.zrlog.com;
location /
{
proxy_pass http://zrlog_com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
[root@localhost ~]$ service nginx restart # 重啓nginx
5.重啓tomcat服務:
/usr/local/tomcat/bin/shutdown.sh /usr/local/tomcat/bin/startup.sh
6.配置好Windows上的hosts文件,而後使用瀏覽器訪問 http://www.zrlog.com:
下一步後填寫後臺管理的賬號,安裝成功
⑧給站點的後臺訪問作二次認證
首先安裝httpd-tools:
yum install -y httpd-tools
而後使用httpd-tools裏的htpasswd 命令去生成一個用戶密碼文件:
[root@localhost ~]$ htpasswd -c /usr/local/nginx/conf/htpasswd admin New password: Re-type new password: Adding password for user admin
生成完成後cat一下htpasswd 文件能夠看到以下內容:
[root@localhost ~]$ cat /usr/local/nginx/conf/htpasswd admin:$apr1$73nmrAKd$7eSGO2h58BrAnUMekFt7P0
若是還須要再次添加用戶的話就不須要加上-c選項了,加上-c選項會覆蓋原來的htpasswd 文件。
編輯discuz的主機配置文件:
[root@localhost ~]$ vim /usr/local/nginx/conf/vhost/discuz.com.conf
## 添加如下內容,要記得添加在 location ~ \.php$ 上面
location ~ admin.php
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
從新加載nginx的配置文件:
/usr/local/nginx/sbin/nginx -t /usr/local/nginx/sbin/nginx -s reload
而後使用curl訪問看看是否須要認證,結果以下則沒問題:
[root@localhost ~]$ curl -x127.0.0.1:80 http://www.discuz.com/admin.php -I HTTP/1.1 401 Unauthorized Server: nginx/1.12.1 Date: Wed, 8 Aug 2018 11:01:40 GMT Content-Type: text/html Content-Length: 195 Connection: keep-alive WWW-Authenticate: Basic realm="Auth"
最後指定用戶名和密碼訪問看看是否成功,結果以下則沒問題:
[root@localhost ~]$ curl -x127.0.0.1:80 -u admin:"123456" http://www.discuz.com/admin.php -I HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Wed, 8 Aug 2018 11:02:30 GMT Content-Type: application/octet-stream Content-Length: 2739 Last-Modified: Wed, 8 Aug 2018 11:02:40 GMT Connection: keep-alive ETag: "5a334add-ab3" Accept-Ranges: bytes
配置dedecms,一樣的也是須要編輯主機配置文件:
[root@localhost ~]$ vim /usr/local/nginx/conf/vhost/dedecms.com.conf
## 配置內容以下:
location /dede/
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd; # 密碼文件路徑
}
而後從新加載nginx,一樣的使用curl訪問看看是否須要認證:
[root@localhost ~]$ curl -x127.0.0.1:80 http://www.dedecms.com/dede/ -I HTTP/1.1 401 Unauthorized Server: nginx/1.12.1 Date:Wed, 8 Aug 2018 11:05:35 GMT Content-Type: text/html Content-Length: 195 Connection: keep-alive WWW-Authenticate: Basic realm="Auth"
最後是zrlog,編輯nginx的反向代理配置文件:
[root@localhost ~]$ vim /usr/local/nginx/conf/vhost/zrlog.com.conf
## 在location / 的上面添加如下這段內容:
location /admin/
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
proxy_pass http://zrlog_com/admin/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
重啓nginx
[root@localhost ~]$ service nginx restart
測試是否須要驗證
[root@localhost ~]$ curl -x127.0.0.1:80 http://www.zrlog.com/admin/ -I HTTP/1.1 401 Unauthorized Server: nginx/1.12.1 Date: Wed, 8 Aug 2018 11:10:25 GMT Content-Type: text/html Content-Length: 195 Connection: keep-alive WWW-Authenticate: Basic realm="Auth"
若是出現訪問首頁正常可是訪問管理頁面nginx卻報404錯誤的狀況,首先確認好配置文件是正確,重啓nginx依舊不正常的話,就試一下使用killall命令殺掉nginx進程,能讓進程將內存數據都寫入到磁盤中,而後再啓動nginx
⑨.分配目錄文件權限
discuz的目錄、文件權限以前在安裝的時候分配好了,如今把install目錄給刪除便可:
[root@localhost ~]$ cd /data/wwwroot/discuz.com [root@localhost /data/wwwroot/discuz.com]$ rm -rf install/
而後設置dedecms的目錄、文件權限,下面是dedecms官網的目錄安全配置說明:
一、目錄權限 咱們不建議用戶把欄目目錄設置在根目錄, 緣由是這樣進行安全設置會十分的麻煩, 在默認的狀況下,安裝完成後,目錄設置以下: (1) data、templets、uploads、a或5.3的html目錄, 設置可讀寫,不可執行的權限; (2) 不須要專題的,建議刪除 special 目錄, 須要能夠在生成HTML後,刪除 special/index.php 而後把這目錄設置爲可讀寫,不可執行的權限; (3) include、member、plus、後臺管理目錄 設置爲可執行腳本,可讀,但不可寫入(安裝了附加模塊的,book、ask、company、group 目錄一樣如此設置)。 二、其它需注意問題 (1) 雖然對 install 目錄已經進行了嚴格處理, 但爲了安全起見,咱們依然建議把它刪除; (2) 不要對網站直接使用MySQL root用戶的權限,給每一個網站設置獨立的MySQL用戶賬號,許可權限爲: 代碼以下 複製代碼 SELECT, INSERT , UPDATE , DELETE CREATE , DROP , INDEX , ALTER , CREATE TEMPORARY TABLES
我嘗試按照說明去修改權限結果出現網站沒法訪問的問題,因而實踐事後發現只須要更改如下幾個目錄的權限便可:
[root@localhost /data/wwwroot]$ cd dedecms.com/ [root@localhost /data/wwwroot/dedecms.com]$ chmod 766 ./uploads [root@localhost /data/wwwroot/dedecms.com]$ chmod 766 ./a [root@localhost /data/wwwroot/dedecms.com]$ chmod 755 ./plus [root@localhost /data/wwwroot/dedecms.com]$ chmod 644 data/common.inc.php [root@localhost /data/wwwroot/dedecms.com]$ rm -rf install/ [root@localhost /data/wwwroot/dedecms.com]$ mv ./special/ /tmp/
zrlog的就默認便可,由於默認都是75五、644的權限。
最後將配置文件和站點目錄使用以前的腳本都同步到其餘web服務器上,同步/data/目錄和/usr/local/目錄便可。
⑩.配置機器中web服務器的靜態文件共享,這一步咱們使用NFS完成
1.服務端須要安裝nfs-utils和rpcbind包,安裝命令:
yum install -y nfs-utils rpcbind
2.客戶端須要安裝nfs-utils包,安裝命令,使用腳本批量安裝:
yum install -y nfs-utils
3.肯定須要共享的目錄:
discuz須要共享的目錄是:/data/wwwroot/discuz.com/data/attachment/ dedecms須要共享的目錄是:/data/wwwroot/dedecms.com/uploads/ zrlog須要共享的目錄是:/data/wwwroot/zrlog.com/attached/ 而後給這些目錄777的權限
4.爲了安全性須要限定共享的ip,因此須要編寫一個簡單的循環腳本,批量在服務端的/etc/exports文件中寫入配置,腳本內容以下:
file=$1 for i in `seq 3 7` do echo "$file 192.168.66.13$i/24(rw,sync,no_root_squash)" >> /etc/exports done # 執行腳本,參數是須要共享的目錄路徑 [root@localhost ~]$ sh forIP.sh "/data/wwwroot/discuz.com/data/attachment/" [root@localhost ~]$ sh forIP.sh "/data/wwwroot/dedecms.com/uploads/" [root@localhost ~]$ sh forIP.sh "/data/wwwroot/zrlog.com/attached/"
執行完腳本以後,/etc/exports文件內容以下:
/data/wwwroot/discuz.com/data/attachment/ 192.168.66.133/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/discuz.com/data/attachment/ 192.168.66.134/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/discuz.com/data/attachment/ 192.168.66.135/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/discuz.com/data/attachment/ 192.168.66.136/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/discuz.com/data/attachment/ 192.168.66.137/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/dedecms.com/uploads/ 192.168.66.133/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/dedecms.com/uploads/ 192.168.66.134/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/dedecms.com/uploads/ 192.168.66.135/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/dedecms.com/uploads/ 192.168.66.136/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/dedecms.com/uploads/ 192.168.66.137/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/zrlog.com/attached/ 192.168.66.133/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/zrlog.com/attached/ 192.168.66.134/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/zrlog.com/attached/ 192.168.66.135/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/zrlog.com/attached/ 192.168.66.136/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/zrlog.com/attached/ 192.168.66.137/24(rw,sync,anonuid=1000,anongid=1000)
5.使用以前的批量命令腳本查看機器有沒有監聽111端口,通常來說安裝完nfs以後就會自動啓動服務並監聽端口的,若是沒有啓動的話,就手動啓動一下,命令以下:
systemctl start rpcbind systemctl start nfs
6.置rpcbind和nfs服務開機啓動:
systemctl enable rpcbind systemctl enable nfs
7.把共享的目錄分別掛載到各個客戶端上
使用Keepalived結合nginx負載均衡
192.168.66.100 VIP 192.168.66.130 前端nginx負載主機+keepalived 192.168.66.131 前端nginx負載備機+keepalived
分別在130和131的機器安裝keepalived+nginx
yum install -y keepalived
nginx源碼安裝參考上面的過程(兩臺都要配置)
安裝好以後新增一個nginx虛擬主機配置文件
vi /usr/local/nginx/conf/vhost/lb.conf
upstream lb
{
ip_hash;
server 192.168.66.132:80;
server 192.168.66.133:80;
server 192.168.66.134:80;
server 192.168.66.135:80;
server 192.168.66.136:80;
server 192.168.66.137:80;
}
server
{
listen 80;
server_name ww.discuz.com www.dedecms.com www.zrlog.com;
location /
{
proxy_pass http://lb;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
更改130的keepalived配置文件
默認的配置文件路徑在/etc/keepalived/keepalived.conf
清空文件內容
> /etc/keepalived/keepalived.conf
編輯配置文件
vim /etc/keepalived/keepalived.conf
添加加如下內容:
global_defs {
notification_email {
aming@aminglinux.com
}
notification_email_from root@aminglinux.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh"
interval 3
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux>com
}
virtual_ipaddress {
192.168.66.100
}
track_script {
chk_nginx
}
}
這裏須要注意的是:"virtual_ipaddress"也就是所謂的vip咱們設置爲192.168.66.100
2.定義監控腳本
腳本路徑在keepalived配置文件中有定義,路徑爲/usr/local/sbin/check_ng.sh
編輯配置文件:
vim /usr/local/sbin/check_ng.sh
增長如下內容:
#!/bin/bash
#時間變量,用於記錄日誌
d=`date --date today +%Y%m%d_%H:%M:%S`
#計算nginx進程數量
n=`ps -C nginx --no-heading|wc -l`
#若是進程爲0,則啓動nginx,而且再次檢測nginx進程數量,
#若是還爲0,說明nginx沒法啓動,此時須要關閉keepalived
if [ $n -eq "0" ]; then
/etc/init.d/nginx start
n2=`ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0" ]; then
echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
systemctl stop keepalived
fi
fi
3.腳本建立完以後,還須要改變腳本的權限
chmod 755 /usr/local/sbin/check_ng.sh
4.啓動keepalived服務,由於,上面定義了檢測nginx服務,全部會自動把nginx帶起來
systemctl start keepalived
5.查看是否加載了vip
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:a4:dd:e8 brd ff:ff:ff:ff:ff:ff
inet 192.168.66.130/24 brd 192.168.66.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.66.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::3116:74ed:1d0a:3851/64 scope link noprefixroute
valid_lft forever preferred_lft forever
131機器的keepalived配置
vim /etc/keepalived/keepalived.conf
添加加如下內容:
global_defs {
notification_email {
aming@aminglinux.com
}
notification_email_from root@aminglinux.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh"
interval 3
}
vrrp_instance VI_1 {
state BACKUP //這裏 和master不同的名字
interface eno33 //網卡和當前機器一致,不然沒法啓動keepalived服務
virtual_router_id 51 //和主機器 保持一致
priority 90 //權重,要比主機器小的數值
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux>com
}
virtual_ipaddress {
192.168.66.100 VIP和主上一致
}
track_script {
chk_nginx
}
}
nginx配置和腳本和130機器同樣最後測試訪問VIP三個站點正常便可
相關文章
- 1. 20180807 入駐博客園
- 2. 做業——12 hadoop大做業
- 3. Python大做業
- 4. 大做業
- 5. MySQL大做業
- 6. android大做業
- 7. java大做業
- 8. 01.AirSim環境搭建-Windows-20180807
- 9. DS博客做業04--樹大做業
- 10. 大一期末大做業
- 更多相關文章...
- • Docker 命令大全 - Docker教程
- • PHP PDO 大對象 (LOBs) - PHP參考手冊
- • JDK13 GA發佈:5大特性解讀
- • TiDB 在摩拜單車在線數據業務的應用和實踐
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 融合阿里雲,牛客助您找到心儀好工作
- 2. 解決jdbc(jdbctemplate)在測試類時不報錯在TomCatb部署後報錯
- 3. 解決PyCharm GoLand IntelliJ 等 JetBrains 系列 IDE無法輸入中文
- 4. vue+ant design中關於圖片請求不顯示的問題。
- 5. insufficient memory && Native memory allocation (malloc) failed
- 6. 解決IDEA用Maven創建的Web工程不能創建Java Class文件的問題
- 7. [已解決] Error: Cannot download ‘https://start.spring.io/starter.zip?
- 8. 在idea讓java文件夾正常使用
- 9. Eclipse啓動提示「subversive connector discovery」
- 10. 帥某-技巧-快速轉帖博主文章(article_content)
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. 20180807 入駐博客園
- 2. 做業——12 hadoop大做業
- 3. Python大做業
- 4. 大做業
- 5. MySQL大做業
- 6. android大做業
- 7. java大做業
- 8. 01.AirSim環境搭建-Windows-20180807
- 9. DS博客做業04--樹大做業
- 10. 大一期末大做業