第十五周作业
2019-10-20 20:37
393 查看
1、 Nginx+Keepalived实现站点高可用
答: keep_1#] yum –y install keepalived s1_#] vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node1 vrrp_mcast_group4 224.0.100.19 } vrrp_instance VI_1 { state MASTER interface eno16777736 virtual_router_id 14 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 571f97b2 } virtual_ipaddress { 10.1.0.90/16 dev eno16777736 } } keep_2#] yum –y install keepalived s1_#] vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node1 vrrp_mcast_group4 224.0.100.19 } vrrp_instance VI_1 { state BACKUP interface eno16777736 virtual_router_id 14 priority 96 advert_int 1 authentication { auth_type PASS auth_pass 571f97b2 } virtual_ipaddress { 10.1.0.90/16 dev eno16777736 } } nginx_#] ip a a 10.1.0.90/16 dev ens33 nginx_#] yum –y install nginx nginx_#] vim /etc/nginx/conf.d/nginx.conf server { listen 80 default_server; server_name w.ww3.io; root /var/www/nginx; location / { index index.html;
2、实现keepalived主主模型
答: s1_#] vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node1 vrrp_mcast_group4 224.0.100.19 } vrrp_instance VI_1 { state MASTER interface eno16777736 virtual_router_id 14 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 571f97b2 } virtual_ipaddress { 10.1.0.91/16 dev eno16777736 } } vrrp_instance VI_2 { state BACKUP interface eno16777736 virtual_router_id 15 priority 98 advert_int 1 authentication { auth_type PASS auth_pass 578f07b2 } virtual_ipaddress { 10.1.0.92/16 dev eno16777736 } } s2_#] vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node1 vrrp_mcast_group4 224.0.100.19 } vrrp_instance VI_1 { state BACKUP interface eno16777736 virtual_router_id 14 priority 96 advert_int 1 authentication { auth_type PASS auth_pass 571f97b2 } virtual_ipaddress { 10.1.0.91/16 dev eno16777736 } } vrrp_instance VI_2 { state MASTER interface eno16777736 virtual_router_id 15 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 578f07b2 } virtual_ipaddress { 10.1.0.92/16 dev eno16777736 } }
4、LNMP结合varnish实现动静分离
http: (1) 动静分离部署wordpress,动静都要能实现负载均衡,要注意会话的问题; (2) 在haproxy和后端主机之间添加varnish进行缓存; (3) haproxy的设定要求: (a) stats page,要求仅能通过本地访问使用管理接口; (b) 动静分离; (c) 分别考虑不同的服务器组的调度算法; (d)压缩合适内容 实验环境 二、后端服务器static 设置seLinux、取消防火墙和同步时间 yum install -y ntpdate ntpdate time1.aliyun.com 安装nginx服务和mariadb-server [root@static-73 ~]# yum install -y epel-release mariadb-server [root@static-73 ~]# yum -y install nginx [root@static-73 ~]# vim /etc/my.cnf [mysqld] skip_name_resolve = ON innodb_file_per_table = ON #skip-grant-tables #如果出现,登录mysql错误代码1045,执行完安全设定把它删掉 [root@static-73 ~]# systemctl start mariadb [root@static-73 ~]# systemctl enable mariadb.service [root@static-73 ~] mysql_secure_installation [root@static-73 ~]# mysql -uroot -p MariaDB [(none)]> create database wordpress; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on wordpress.* to 'wpuser'@'192.168.1.%' identified by "12345"; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.01 sec) 安装wordpress [root@static-73 ~]# mkdir -pv /data/nginx/html #创建nginx根目录 [root@static-73 ~]# cd /data/nginx/html/ [root@static-73 html]# wget https://cn.wordpress.org/wordpress-4.9.4-zh_CN.tar.gz #下载wordpress [root@static-73 html]# tar xf wordpress-4.9.4-zh_CN.tar.gz #解压缩 [root@static-73 html]# cp /usr/share/backgrounds/*.{png,jpg} .#拷贝本地图片到html目录下,作为静态内容 [root@static-73 html]# vim test.txt #文本测试页 this is static-server test [root@static-73 html]# vim index.html #html测试页 <h1>This is static-server </h1> [root@static-73 html]# vim index.php #php测试页 <h1>Static-server</h1> <?php phpinfo(); ?> 设置nginx配置 [root@static-73 html]# cd [root@static-73 ~]# vim /etc/nginx/conf.d/static.conf server { listen 80; server_name www.hehe.com; root /data/nginx/html; index index.html index.php; location ~* \.php$ { fastcgi_pass 192.168.1.74:9000;#动态内容指向dynamic服务器端口 fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /data/nginx/html/$fastcgi_script_name; } location ~* ^/(ping|status)$ { fastcgi_pass 192.168.1.74:9000;#动态内容指向dynamic服务器端口 include fastcgi_params; fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; } } [root@static-73 ~]# systemctl start nginx [root@static-73 html]# systemctl enable nginx 三、后端服务器dynamic配置 设置seLinux、取消防火墙和同步时间 yum install -y ntpdate ntpdate time1.aliyun.com 安装php-fpm和nginx [root@dynamic-74 ~]# yum install -y epel-release #安装epel源 [root@dynamic-74 ~]# yum install -y nginx php php-fpm php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap wget [root@dynamic-74 ~]# mkdir -pv /data/nginx/html [root@dynamic-74 ~]# cd /data/nginx/html/ 下载wordpress到指定目录并解压 [root@dynamic-74 html]# wget https://cn.wordpress.org/wordpress-4.9.4-zh_CN.tar.gz [root@dynamic-74 html]# tar xf wordpress-4.9.4-zh_CN.tar.gz 创建测试页面 [root@dynamic-74 html]# vim test.php #php测试页 <html> <head> <title>PHP 测试</title> </head> <body> <?php echo '<p>Hello World</p>'; ?> </body> </html> [root@dynamic-74 html]# vim index.html #测试页 <h1>This is dynamic-server</h1> [root@dynamic-74 html]# vim index.php #PHP信息页 <h1>Dynamic-server</h1> <?php phpinfo(); ?> 设置PHP-fpm [root@dynamic-74 ~]# vim /etc/php-fpm.d/www.conf [root@dynamic-74 ~]# grep ^[a-Z] /etc/php-fpm.d/www.conf listen = 192.168.1.74:9000 user = nginx group = nginx pm = dynamic pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.status_path = /status ping.path = /ping ping.response = pong slowlog = /var/log/php-fpm/www-slow.log php_admin_value[error_log] = /var/log/php-fpm/www-error.log php_admin_flag[log_errors] = on php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/session [root@dynamic-74 ~]# mkdir /var/lib/php/session -pv #创建php会话目录 [root@dynamic-74 ~]# usermod -s /bin/bash nginx 修改用户登入后所使用的shell [root@dynamic-74 ~]# chown nginx /var/lib/php/session/ #给目录添加属主 配置nginx 因为默认配置文件监听80端口,所有要在/etc/nginx/nginx.conf文件中注释下述两个默认配置 注释掉 [root@dynamic-74 ~]# vim /etc/nginx/conf.d/dynamic.conf server { listen 80; server_name www.hehe.com; root /data/nginx/html; index index.html index.php; location ~* \.php$ { fastcgi_pass 192.168.1.74:9000;#动态内容指向dynamic服务器端口 fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /data/nginx/html/$fastcgi_script_name; } location ~* ^/(ping|status)$ { fastcgi_pass 192.168.1.74:9000; #动态内容指向dynamic服务器端口 include fastcgi_params; fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; } } [root@dynamic-74 ~]# systemctl start php-fpm nginx [root@dynamic-74 ~]# systemctl enable php-fpm nginx 四、varnish服务器 设置seLinux、取消防火墙和同步时间 yum install -y ntpdate ntpdate time1.aliyun.com 配置varnish [root@vanish-76 ~]# yum install -y epel-release [root@vanish-76 ~]# yum install -y varnish [root@vanish-76 ~]# vim /etc/varnish/varnish.param #编辑配置文件 RELOAD_VCL=1 #会不会自动重新编译vcl配置文件,1代表编译 VARNISH_VCL_CONF=/etc/varnish/default.vcl #默认vcl规则 VARNISH_LISTEN_PORT=6081 #监听端口 VARNISH_ADMIN_LISTEN_ADDRESS=192.168.1.76 #监听主机地址,这里是本机 VARNISH_ADMIN_LISTEN_PORT=6082 #后端监听端口 VARNISH_SECRET_FILE=/etc/varnish/secret VARNISH_STORAGE="file,/data/cache/varnish_storage.bin,1G" #缓存大小 VARNISH_USER=varnish #用户 VARNISH_GROUP=varnish #用户组 创建缓存目录 [root@vanish-76 ~]# mkdir -pv /data/cache #创建缓存目录 mkdir: 已创建目录 "/data/cache" [root@vanish-76 ~]# chown varnish /data/cache #给目录设置属主 编辑配置varnish的vcl [root@vanish-76 ~]# vim /etc/varnish/default.vcl vcl 4.0; import directors; # 导入负载均衡模块 probe static_healthcheck { #静态主机健康检查规则 .url = "/index.html"; # 检查状态检查的URL .window = 5; # 一共检查的次数 .threshold = 4; # 如果大于4次则为健康 .interval =2s; # 每2秒检查一次 .timeout = 1s; # 超时时间 } backend static { #后端静态主机 .host = "192.168.1.73"; .port = "80"; .probe = static_healthcheck; #调用健康检查规则 } sub vcl_init { # 定义负载均衡组的名字以及调度算法 new BE = directors.round_robin(); BE.add_backend(static); } acl purgers { #定义裁剪的ACL里ip地址范围 "127.0.0.1"; "192.168.1.0/24"; } # 定义接收段 sub vcl_recv { if (req.method == "GET" && req.http.cookie) { return(hash); } if (req.method == "PURGE") { # 如果请求方法是PURGE,也就是裁剪缓存 if (client.ip ~ purgers) { # 如果客户端IP在我们之前定义的ACL for purges中,执行裁剪缓存 return(purge); } } if (req.http.X-Forward-For) { # 自定义头部 set req.http.X-Forward-For = req.http.X-Forward-For + "," + client.ip; #如果对应变量有值,则它的值加上客户端ip } else { set req.http.X-Forward-For = client.ip; #如果没有值,则只加ip } set req.backend_hint = BE.backend(); return(hash); } sub vcl_backend_response { if (bereq.url ~ "\.(jpg|jpeg|gif|png)$") { #如果后端服务器匹配jpg等图片文件 set beresp.ttl = 1d; #设置可缓存时间 } if (bereq.url ~ "\.(html|css|js|txt)$") { #如果后端服务器匹配html等文件 set beresp.ttl = 12h; #设置可缓存时间 } if (beresp.http.Set-Cookie) { #客户端的请求报文中Cookie首部的值 set beresp.grace = 30m; # 在30s 内复制旧的请求结果给客户端 return(deliver); } } # 如果命中了则返回自定义头部,未命中则返回未找到 sub vcl_deliver { if (obj.hits > 0) { #当对象从缓存中命中的次数大于0时; set resp.http.X-Cache = "HIT from " + server.ip; } else { set resp.http.X-Cache = "MISS"; } } [root@vanish-76 ~]# systemctl start varnish 五、haproxy服务器 设置seLinux、取消防火墙和同步时间 yum install -y ntpdate ntpdate time1.aliyun.com 安装haproxy [root@haproxy-75 ~]# yum install -y haproxy 编辑配置文件,启用本地日志功能 [root@haproxy-75 ~]# vim /etc/rsyslog.conf # Provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 # Save boot messages also to boot.log local7.* /var/log/boot.log local2.* /var/log/haproxy.log [root@haproxy-75 ~]# vim /etc/sysconfig/rsyslog SYSLOGD_OPTIONS="-r" [root@haproxy-75 ~]# systemctl restart rsyslog 配置haproxy文件 [root@haproxy-75 ~]# vim /etc/haproxy/haproxy.cfg frontend main *:80 acl url_static path_end -i .jpg .gif .png .css .js .txt #静态资源acl规则 acl url_dynamic path_end -i .php #动态资源acl规则 compression algo gzip #设置压缩算法为gzip compression type text/html text/plain image/x-png image/x-citrix-jpeg #设置压缩的内容类>型为相关静态内容 use_backend static if url_static #后端静态主机组调用静态acl规则 use_backend dynamic if url_dynamic #后端动态主机组调用动态acl规则 default_backend websrvs #其他默认使用 backend websrvs #默认主机组 balance roundrobin #算法 cookie WEBSRV insert nocache indirect #基于cookie会话绑定同一台服务器 server web1 192.168.1.74:80 check cookie web1 server web2 192.168.1.76:6081 check cookie web1 backend static #添加varnish为静态服务,由varnish将代理处理静态请求 balance roundrobin #算法 server srvs1 192.168.1.76:6081 check backend dynamic #动态主机组 balance roundrobin #算法 server dyn1 192.168.1.74:80 check listen stats #haproxy的管理页面设置 bind *:8080 #管理端口 stats enable #启用 stats uri /admin?stats #访问路径 acl url_stats src 192.168.1.0/24 #配置ACL匹配本地网段 stats admin if url_stats #只允许匹配ACL的本地网段访问stats的管理页面 [root@haproxy-75 ~]# systemctl start haproxy 六、测试 1、LNMP动静分离部署wordpress,动静都要能实现负载均衡,要注意会话的问题。 此时访问以.php的结尾的内容会被haproxy负载到dynamic服务器上处理,而访问.jpg,.png和.txt等静态内容则被负载到static服务器上进行处理。 动态wordpress测试 静态图片资源测试 由上图所示访问wordpres页面的动态和静态图片内容已被分开处理,静态内容代理到varnish-76上进行处理,而动态内容则代理到dynamic服务器进行处理。 访问http://192.168.0.81 默认会轮询到后端两个服务器上 [root@clinet ~]# for i in {1..10} ; do curl http://192.168.1.75 ; done <h1>This is static-server </h1> <h1>This is dynamic-server</h1> <h1>This is static-server </h1> <h1>This is dynamic-server</h1> <h1>This is static-server </h1> <h1>This is dynamic-server</h1> <h1>This is static-server </h1> <h1>This is dynamic-server</h1> <h1>This is static-server </h1> <h1>This is dynamic-server</h1> 基于cookie会话保持功能,用户通过web访问都会被调度到同一个后端服务器。 会话保持 2、在haproxy和后端主机之间添加varnish进行缓存 从此前的截图上,我们已经能看到,相关的静态内容已经被varnish缓存所“HIT”中了,这说明我们缓存已经生效了。 缓存命中信息 3、压缩合适的内容类型和设置stats page仅能通过本地访问使用管理接口。 因为我们在haproxy的配置中设置了对相关静态内容进行压缩,所以访问相关静态内容时,如果响应报文带有相关的压缩字段,说明压缩已经成功。 压缩成功 4、 stats page信息页仅能通过本地访问使用管理接口 访问stats页面,因为访问主机是本地网络,所以能够下图红框中的管理操作。如果不是指定的本地网段,则只能查看相关的stats状态,而无法进行管理操作。