基于LNMP HAproxy Keepalived搭建高可用小型站点

建站服务器



```* 基于LNMP HAproxy Keepalived搭建高可用小型站点
前端服务器 
192.168.55.7VIP  192.168.55.100 haproxy    keepalived
192.168.55.10VIP  192.168.55.100 haproxy    keepalived
后端服务器 
192.168.55.5 php-7.1.30.tar.gznginx-1.14.2.tar.gz
192.168.55.6 php-7.1.30.tar.gznginx-1.14.2.tar.gz
mysql 
192.168.55.8 Mysql    nfs
前端服务器
192.168.55.7    和  192.168.55.10   
1、yum 安装keepalived (可编译安装)
yum install keepalived -y
2、编辑配置文件
vim /etc/keepalived/keepalived.conf
--------------------------------------------------------------------------------
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from localhost.localdomain
   smtp_server 172.22.0.1
   smtp_connect_timeout 30
   router_id localhost.localdomain1
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
vrrp_script chk_haproxy {
      script /etc/keepalived/chk_haproxy.sh
      interval 2
      weight -50
      fall  3
      rise  5
      timeout 2
}
vrrp_instance VIP1 {
    state BACKUP    #从配置换成这个MASTER
    interface ens37
    virtual_router_id 36
    priority 100
    advert_int 2
    nopreempt
    unicast_src_ip 192.168.55.7
    unicast_peer {
     192.168.55.10
}
    authentication {
        auth_type PASS
        auth_pass linux36
    }
    virtual_ipaddress {
        172.20.200.200 dev ens37 label ens37:1
        172.20.200.201 dev ens37 label ens37:2
    }
 notify_master /etc/keepalived/ping.sh
}
--------------------------------------------------------------------------------
配置中的脚本
cat /etc/keepalived/chk_haproxy.sh 
#!/bin/bash
if ! killall -0 haproxy &>/dev/null;then
    systemctl restart haproxy 
    sleep 1
    if ! killall -0 haproxy &>/dev/null;then
        systemctl stop  keepalived 
    fi
fi
--------------------------------------------------------------------------------
cat /etc/keepalived/ping.sh 
#!/bin/bash
ping -c 2 172.22.0.1 &> /dev/null
if [ $? -eq 0 ];then
  exit 0
else
  exit 2
fi
--------------------------------------------------------------------------------
注:这俩个脚本起检测作用
编译安装haproxy
yum install gcc gcc-c   glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel net-tools vim iotop bc zip unzip zlib-devel lrzsz tree screen lsof tcpdump wget  ntpdate  -y
解压安装包
cd /usr/local/src/
tar xvf haproxy-1.8.20.tar.gz 
编译安装
进入目录
cd haproxy-1.8.20
开始编译
make ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/usr/local/haproxy
生成目录
make install PREFIX=/usr/local/haproxy
查看版本
./haproxy -h
拷贝主文件
cp /usr/local/src/haproxy-1.8.20/haproxy  /usr/sbin/
创建启动脚本:
--------------------------------------------------------------------------------
vim  /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
--------------------------------------------------------------------------------
创建目录和用户:
mkdir /etc/haproxy
mkdir /var/lib/haproxy
useradd haproxy -s /sbin/nologin
chown haproxy.haproxy /var/lib/haproxy/ -R
--------------------------------------------------------------------------------
vim /etc/haproxy/haproxy.cfg
--------------------------------------------------------------------------------
global
maxconn 65536
chroot /usr/local/haproxy
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 1001
gid 1001
daemon
nbthread 2
nbproc 2
cpu-map 1 0
cpu-map 2 1
#cpu-map 3 2
#cpu-map 4 3
spread-checks 5
pidfile /run/haproxy.pid
log 127.0.0.1 local3 info

defaults
option http-keep-alive
option  forwardfor
option Redispatch
option abortonclose

maxconn 100000
mode http
timeout connect 300000ms
timeout client  300000ms
timeout server  300000ms
listen stats
  bind :9999
  stats enable
#  stats hid-version
  stats uri /haproxy-status
  stats realm HAPorxy\\\\ Stats\\\\ Page
  stats auth haadmin:123456
  stats auth admin:123456
  stats auth lvze:123456
  stats refresh 30s
#  stats admin if TRUE 
listen  web_port
 bind 0.0.0.0:8080
 mode http
 log global
 server web1  127.0.0.1:8080  check inter 3000 fall 2 rise 5
listen WEB_PORT_80
  mode tcp
  bind 192.168.55.7:80
  server web1 192.168.55.6:80 cookie web-103 weight 2 check inter 3000 fall 3 rise 5
  server web2 192.168.55.5:80 cookie web-104 weight 1 check inter 3000 fall 3 rise 5
listen MYSQL_PORT
  bind  192.168.55.8:3306
  mode tcp
  server web1 192.168.55.8:3306 cookie web-103 weight 1 check inter 3000 fall 3 rise 5
--------------------------------------------------------------------------------
启动HAProxy:
systemctl start  haproxy     启动 
systemctl restart haproxy     重启
systemctl enable haproxy     开机自启动
后端服务器
192.168.55.8
创建共享目录
yum install nfs-utils -y
mkdir /nfsdata/wordpress -p
vi /etc/exports
/nfsdata/wordpress *(rw,no_root_squash)
 systemctl start nfs 
systemctl enable  nfs 
二进制安装mariadb 
1 准备用户和组
groupadd -r -g 336 mysql
useradd -r -g mysql -u 336 -s /sbin/nologin -d /data/mysql mysql

2 准备二进制程序文件和相关文件属性
tar xvf mariadb-10.2.23-linux-x86_64.tar.gz -C /usr/local/
cd  /usr/local/
ln -s mariadb-10.2.23-linux-x86_64/ mysql
chown -R root.root /usr/local/mysql/

3 PATH变量
cat /etc/profile.d/mysql.sh                 
vim /etc/profile.d/mysql.sh                     编辑文件
PATH=/usr/local/mysql/bin:$PATH       写入变量
source /etc/profile.d/mysql.sh              激活变量
echo $PATH                                          查看变量

4 准备数据库数据目录和数据--改成逻辑卷
mkdir /data/mysql -pv
chown mysql.mysql /data/mysql/
cd /usr/local/mysql
./scripts/mysql_install_db --datadir=/data/mysql --user=mysql

5 准备Mysql的服务器端的配置文件
mkdir /etc/mysql
cp /usr/local/mysql/support-files/my-huge.cnf /etc/mysql/my.cnf                        

vim /etc/mysql/my.cnf
     [mysqld]
     datadir=/data/mysql 加一行

6 准备服务启动脚本
cp /usr/local/mysql/support-files/mysql.server  /etc/init.d/mysqld
查看服务     chkconfig --list
添加服务     chkconfig --add mysqld
service mysqld start  或   service myseqld rstart

7 安全加固
mysql_secure_installation
8 授权用户,用来博客连接数据库
mysql  -uroot  -p 123456
CREATE DATABASE wordpress;
GRANT ALL PRIVILEGES ON  wordpress.* TO wordpress@192.168.55.% IDENTIFIED BY 123456;
 flush privileges;
192.168.55.5     192.168.55.6
php-7.1.18.tar.ba2
nginx-1.14.2.tar.gz
源码编译php
下载需要的软件
yum -y install wget vim pcre pcre-devel openssl openssl-devel libicu   devel gcc gcc-c   autoconf libjpeg libjpeg-devel libpng libpng-devel freetype     freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-   devel ncurses ncurses-devel curl curl-devel krb5-devel libidn libidn-devel openldap   openldap-devel nss_ldap jemalloc-devel cmake boost-devel bison automake libevent   libevent-devel gd gd-devel libtool* libmcrypt libmcrypt-devel mcrypt mhash libxslt   libxslt-devel readline readline-devel gmp gmp-devel libcurl libcurl-devel openjpeg   devel
进入目录  解压包 
cd //usr/local/src/
tar xvf  php-7.1.18.tar.ba2
开始编译 
cd php-7.1.18.tar.bz2
 ./configure --prefix=/app/php \\\\--enable-mysqlnd \\\\--with-mysqli=mysqlnd \\\\--with-pdo-mysql=mysqlnd \\\\--with-openssl \\\\--with-freetype-dir \\\\--with-jpeg-dir \\\\--with-png-dir \\\\--with-zlib \\\\--with-libxml-dir=/usr \\\\--with-config-file-path=/etc \\\\--with-config-file-scan-dir=/etc/php.d \\\\--enable-mbstring  \\\\--enable-xml \\\\--enable-sockets \\\\--enable-fpm  \\\\--enable-maintainer-zts \\\\--disable-fileinfo 
make -j 2
make install
修改配置文件
cp /app/php/etc/php-fpm.conf.default /app/php/etc/www.conf 
创建用户www
useradd www -u 2019
进入编译安装的目录备份并改名配置文件
cd  /app/php/etc/php-fpm.d 
 cp www.conf.default  www.conf
grep -v ; www.conf |grep -v ^$
cd   /app/php/etc 
cp php-fpm.conf.default php-fpm.conf
启动php
/app/php/sbin/php-fpm -v
/app/php/sbin/php-fpm -t
/app/php/sbin/php-fpm  -c /app/php/etc/php.ini 
ps -ef | grep php-fpm
ss -ntl 

创建php测试页面
mkdir /data/nginx/wordpress -p
vim /data/nginx/wordpress/index.php
<?php
   phpinfo();
?>
编译nginx-1.14.2
tar xvf nginx-1.14.2.tar.gz -C /usr/local/src/
cd /usr/local/src/nginx-1.14.2
./configure --prefix=/apps/nginx \\\\--user=nginx \\\\--group=nginx \\\\--with-http_ssl_module \\\\--with-http_v2_module \\\\--with-http_realip_module \\\\--with-http_stub_status_module \\\\--with-http_gzip_static_module \\\\--with-pcre \\\\--with-stream \\\\--with-stream_ssl_module \\\\--with-stream_realip_module
make 
make  install 
ln -s /apps/nginx/sbin/nginx  /sbin/ 
修改配置文件
vim /apps/nginx/conf/nginx.conf
user  www www;
include /apps/nginx/conf/server/*.conf;
--------------------------------------------------------------------------------
创建副配置目录
mkdir   /apps/nginx/conf/server  -pv
--------------------------------------------------------------------------------
vim /apps/nginx/conf/server/www.magedu.net.conf 
server {
        listen       80;
        server_name  www.magedu.net;
  location / {
            root   /data/nginx/woedpress;
            index  index.php index.html index.htm;
        }
  location ~ \\\\.php$ {
            root           /data/nginx/woedpress;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
}

nginx  -t 
测试

后端服务器配置
192.168.55.5   192.168.55.6
wordpress-5.0.3-zh_CN.tar.gz
cd /data/nginx/woedpress/
 tar xvf wordpress-5.0.3-zh_CN.tar.gz 
mv index.php wordpress-5.0.3-zh_CN.tar.gz /opt
mv wordpress/* .
mv wordpress /opt/
cp wp-config-sample.php wp-config.php 
vim  /data/nginx/woedpress/wp-config.php
// ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
/** WordPress数据库的名称 */
 define(\\\'DB_NAME\\\', \\\'wordpress\\\');
/** MySQL数据库用户名 */
define(\\\'DB_USER\\\', \\\'wordpress\\\');
/** MySQL数据库密码 */
define(\\\'DB_PASSWORD\\\', \\\'123456\\\');
/** MySQL主机 */
define(\\\'DB_HOST\\\', \\\'centos7.magedu.com‘);
define(\\\'DB_CHARSET\\\', \\\'utf8\\\');
define(\\\'DB_COLLATE\\\', \\\'\\\');
define(\\\'DB_COLLATE\\\', \\\'\\\');
* 或者直接访问{@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org密钥生成服务}
define(\\\'AUTHKEY\\\',         \\\'<dWC,ujj =eMzSkU~w` 5?Tt-NUnW|CTvRF`>S XT j5R<(4 .ku`1#CN:D1Xjrb\\\');
define(\\\'SECUREAUTHKEY\\\',  \\\'v&:.i|%(6CsL[jU,5 TU-cAvm A}2{V/(=(3Cks]L~|g ljE5m=B/{}:oq.w<\\\');
define(\\\'LOGGEDINKEY\\\',    \\\'d~a,Lt#-)ykANn;TW=!sXd# o>a] KTYWK un|=eLGHVyYYGD aKkm};8|raW @d\\\');
define(\\\'NONCEKEY\\\',        \\\'zr$LcVo|!pPr@ 4Q1~i8>S]<QK2e;SBT g>VN{<@/Q;=eJ`Q|9N`kAHKy}e$Kxw#\\\');
define(\\\'AUTHSALT\\\',        \\\'{` 8c/igV^=SW#[QW %Kf:0v^F=~##C70ao#J1yO[W&XWnsd.|6nxTGyD hx>u8\\\');
define(\\\'SECUREAUTHSALT\\\', \\\'|rp0)=Qs91] ^M/XFG{2q#K(&)c)z45P7-@@nyiU8.t}%kDGl8# u uo?n-U\\\');
define(\\\'LOGGEDINSALT\\\',   \\\'cP! /s^urC-LQ3mw<A#ro6v$h^d @k!WA66;9TU%=|#|MW1J^u4t0io<#M 7w\\\');
define(\\\'NONCESALT\\\',       \\\'0mPY(C:&c<Q&[$k[YOWt9;]U6Fo-4ZglmZoke`(&BrnPx|ExQ5Xyw!E5|#MXgG\\\');*
注:mysql主机可以写mysql的机器的主机名字,但一定要在本主机的hosts文件写解析 ,也可以写mysql主机的IP地址  
在下面的红色字体的网站是生成密钥的意思,建议打开网站把人家生成的密钥与本配置文件的密钥更换掉,这样做更安全**
--------------------------------------------------------------------------------
 vim /etc/hosts
192.168.55.8 centos7.magedu.com
chown www.www /data/nginx/woedpress/ -R

192.168.55.5   192.168.55.7上操作
yum   install  nfs-utils  -y
挂载共享目录    数据实时同步
mount -t nfs 192.168.55.8:/nfsdata/wordpress  /data/nginx/woedpress/wp-content/uploads/

www.magedu.net/wp-admin

更多关于云服务器域名注册虚拟主机的问题,请访问西部数码官网:www.west.cn

赞(0)
声明:本网站发布的内容(图片、视频和文字)以原创、转载和分享网络内容为主,如果涉及侵权请尽快告知,我们将会在第一时间删除。文章观点不代表本网站立场,如需处理请联系客服。电话:028-62778877-8306;邮箱:fanjiao@west.cn。本站原创内容未经允许不得转载,或转载时需注明出处:西部数码知识库 » 基于LNMP HAproxy Keepalived搭建高可用小型站点

登录

找回密码

注册