您的位置:首页 > 其它

第十五周作业

2019-10-20 20:37 393 查看

1、 Nginx+Keepalived实现站点高可用

答:
keep_1#] yum –y install keepalived
s1_#] vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.19
}

vrrp_instance VI_1 {
state MASTER
interface eno16777736
virtual_router_id 14
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
10.1.0.90/16 dev eno16777736
}
}

keep_2#] yum –y install keepalived
s1_#] vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.19
}

vrrp_instance VI_1 {
state BACKUP
interface eno16777736
virtual_router_id 14
priority 96
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
10.1.0.90/16 dev eno16777736
}
}

nginx_#] ip a a 10.1.0.90/16 dev ens33
nginx_#] yum –y install nginx
nginx_#] vim /etc/nginx/conf.d/nginx.conf
server {
listen 80 default_server;
server_name w.ww3.io;
root /var/www/nginx;
location / {
index index.html;

2、实现keepalived主主模型

答:
s1_#] vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.19
}

vrrp_instance VI_1 {
state MASTER
interface eno16777736
virtual_router_id 14
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
10.1.0.91/16 dev eno16777736
}
}

vrrp_instance VI_2 {
state BACKUP
interface eno16777736
virtual_router_id 15
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 578f07b2
}
virtual_ipaddress {
10.1.0.92/16 dev eno16777736
}
}

s2_#] vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.19
}

vrrp_instance VI_1 {
state BACKUP
interface eno16777736
virtual_router_id 14
priority 96
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
10.1.0.91/16 dev eno16777736
}
}

vrrp_instance VI_2 {
state MASTER
interface eno16777736
virtual_router_id 15
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 578f07b2
}
virtual_ipaddress {
10.1.0.92/16 dev eno16777736
}
}

4、LNMP结合varnish实现动静分离

http:

(1) 动静分离部署wordpress,动静都要能实现负载均衡,要注意会话的问题;
(2) 在haproxy和后端主机之间添加varnish进行缓存;
(3) haproxy的设定要求:
(a) stats page,要求仅能通过本地访问使用管理接口;
(b) 动静分离;
(c) 分别考虑不同的服务器组的调度算法;
(d)压缩合适内容

实验环境
二、后端服务器static
设置seLinux、取消防火墙和同步时间
yum install -y ntpdate
ntpdate time1.aliyun.com
安装nginx服务和mariadb-server
[root@static-73 ~]# yum install -y epel-release mariadb-server
[root@static-73 ~]# yum -y install nginx
[root@static-73 ~]# vim /etc/my.cnf
[mysqld]
skip_name_resolve = ON
innodb_file_per_table = ON
#skip-grant-tables   #如果出现,登录mysql错误代码1045,执行完安全设定把它删掉
[root@static-73 ~]# systemctl start mariadb
[root@static-73  ~]# systemctl enable mariadb.service
[root@static-73 ~] mysql_secure_installation

[root@static-73 ~]# mysql -uroot -p
MariaDB [(none)]>  create database wordpress;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all on wordpress.* to 'wpuser'@'192.168.1.%' identified by "12345";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.01 sec)
安装wordpress
[root@static-73 ~]#  mkdir -pv /data/nginx/html #创建nginx根目录
[root@static-73 ~]# cd /data/nginx/html/
[root@static-73 html]# wget https://cn.wordpress.org/wordpress-4.9.4-zh_CN.tar.gz  #下载wordpress
[root@static-73 html]#  tar xf wordpress-4.9.4-zh_CN.tar.gz  #解压缩

[root@static-73 html]#  cp /usr/share/backgrounds/*.{png,jpg} .#拷贝本地图片到html目录下,作为静态内容
[root@static-73 html]# vim test.txt  #文本测试页
this is static-server test
[root@static-73 html]# vim index.html  #html测试页
<h1>This is static-server </h1>
[root@static-73 html]# vim index.php #php测试页
<h1>Static-server</h1>
<?php
phpinfo();
?>
设置nginx配置

[root@static-73 html]# cd
[root@static-73 ~]#  vim /etc/nginx/conf.d/static.conf

server {
listen 80;
server_name www.hehe.com;
root /data/nginx/html;
index index.html index.php;
location ~* \.php$ {
fastcgi_pass 192.168.1.74:9000;#动态内容指向dynamic服务器端口
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /data/nginx/html/$fastcgi_script_name;
}
location ~* ^/(ping|status)$ {
fastcgi_pass 192.168.1.74:9000;#动态内容指向dynamic服务器端口
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;

}
}
[root@static-73 ~]# systemctl start nginx
[root@static-73 html]# systemctl enable nginx

三、后端服务器dynamic配置
设置seLinux、取消防火墙和同步时间
yum install -y ntpdate
ntpdate time1.aliyun.com
安装php-fpm和nginx
[root@dynamic-74 ~]# yum install -y epel-release #安装epel源
[root@dynamic-74 ~]# yum install -y nginx php php-fpm php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap wget
[root@dynamic-74 ~]#  mkdir -pv /data/nginx/html
[root@dynamic-74 ~]# cd /data/nginx/html/
下载wordpress到指定目录并解压
[root@dynamic-74 html]# wget https://cn.wordpress.org/wordpress-4.9.4-zh_CN.tar.gz
[root@dynamic-74 html]# tar xf wordpress-4.9.4-zh_CN.tar.gz
创建测试页面
[root@dynamic-74 html]# vim test.php  #php测试页
<html>
<head>
<title>PHP 测试</title>
</head>
<body>
<?php echo '<p>Hello World</p>'; ?>
</body>
</html>
[root@dynamic-74 html]# vim index.html #测试页
<h1>This is dynamic-server</h1>
[root@dynamic-74 html]# vim index.php #PHP信息页
<h1>Dynamic-server</h1>
<?php
phpinfo();
?>

设置PHP-fpm
[root@dynamic-74 ~]# vim /etc/php-fpm.d/www.conf
[root@dynamic-74 ~]# grep ^[a-Z] /etc/php-fpm.d/www.conf
listen = 192.168.1.74:9000
user = nginx
group = nginx
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.status_path = /status
ping.path = /ping
ping.response = pong
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
[root@dynamic-74 ~]#  mkdir /var/lib/php/session -pv #创建php会话目录
[root@dynamic-74 ~]# usermod -s /bin/bash nginx 修改用户登入后所使用的shell
[root@dynamic-74 ~]# chown nginx /var/lib/php/session/ #给目录添加属主

配置nginx
因为默认配置文件监听80端口,所有要在/etc/nginx/nginx.conf文件中注释下述两个默认配置

注释掉
[root@dynamic-74 ~]# vim /etc/nginx/conf.d/dynamic.conf

server {
listen 80;
server_name www.hehe.com;
root /data/nginx/html;
index index.html index.php;
location ~* \.php$ {
fastcgi_pass 192.168.1.74:9000;#动态内容指向dynamic服务器端口
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /data/nginx/html/$fastcgi_script_name;
}
location ~* ^/(ping|status)$ {
fastcgi_pass 192.168.1.74:9000; #动态内容指向dynamic服务器端口
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;

}
}
[root@dynamic-74 ~]# systemctl start php-fpm nginx
[root@dynamic-74 ~]# systemctl enable php-fpm nginx

四、varnish服务器
设置seLinux、取消防火墙和同步时间
yum install -y ntpdate
ntpdate time1.aliyun.com
配置varnish
[root@vanish-76 ~]# yum install -y epel-release
[root@vanish-76 ~]#  yum install -y varnish
[root@vanish-76 ~]# vim /etc/varnish/varnish.param  #编辑配置文件
RELOAD_VCL=1  #会不会自动重新编译vcl配置文件,1代表编译
VARNISH_VCL_CONF=/etc/varnish/default.vcl   #默认vcl规则
VARNISH_LISTEN_PORT=6081   #监听端口
VARNISH_ADMIN_LISTEN_ADDRESS=192.168.1.76   #监听主机地址,这里是本机
VARNISH_ADMIN_LISTEN_PORT=6082  #后端监听端口
VARNISH_SECRET_FILE=/etc/varnish/secret
VARNISH_STORAGE="file,/data/cache/varnish_storage.bin,1G"  #缓存大小
VARNISH_USER=varnish  #用户
VARNISH_GROUP=varnish  #用户组
创建缓存目录
[root@vanish-76 ~]#  mkdir -pv /data/cache #创建缓存目录
mkdir: 已创建目录 "/data/cache"
[root@vanish-76 ~]# chown varnish /data/cache #给目录设置属主

编辑配置varnish的vcl
[root@vanish-76 ~]# vim /etc/varnish/default.vcl
vcl 4.0;

import directors;   # 导入负载均衡模块
probe static_healthcheck {  #静态主机健康检查规则
.url = "/index.html";    # 检查状态检查的URL
.window = 5;    # 一共检查的次数
.threshold = 4;   # 如果大于4次则为健康
.interval =2s;    # 每2秒检查一次
.timeout = 1s;   # 超时时间
}

backend static {     #后端静态主机
.host = "192.168.1.73";
.port = "80";
.probe = static_healthcheck;    #调用健康检查规则
}

sub vcl_init {      # 定义负载均衡组的名字以及调度算法
new BE = directors.round_robin();
BE.add_backend(static);
}

acl purgers {      #定义裁剪的ACL里ip地址范围
"127.0.0.1";
"192.168.1.0/24";
}

# 定义接收段
sub vcl_recv {
if (req.method == "GET" && req.http.cookie) {
return(hash);
}
if (req.method == "PURGE") {   # 如果请求方法是PURGE,也就是裁剪缓存
if (client.ip ~ purgers) {   # 如果客户端IP在我们之前定义的ACL for purges中,执行裁剪缓存
return(purge);
}
}
if (req.http.X-Forward-For) {     # 自定义头部
set req.http.X-Forward-For = req.http.X-Forward-For + "," + client.ip;  #如果对应变量有值,则它的值加上客户端ip
} else {
set req.http.X-Forward-For = client.ip;  #如果没有值,则只加ip
}
set req.backend_hint = BE.backend();
return(hash);
}

sub vcl_backend_response {
if (bereq.url ~ "\.(jpg|jpeg|gif|png)$") {   #如果后端服务器匹配jpg等图片文件
set beresp.ttl = 1d;       #设置可缓存时间
}
if (bereq.url ~ "\.(html|css|js|txt)$") {   #如果后端服务器匹配html等文件
set beresp.ttl = 12h;       #设置可缓存时间
}
if (beresp.http.Set-Cookie) {    #客户端的请求报文中Cookie首部的值
set beresp.grace = 30m;    # 在30s 内复制旧的请求结果给客户端
return(deliver);
}
}

# 如果命中了则返回自定义头部,未命中则返回未找到
sub vcl_deliver {
if (obj.hits > 0) {     #当对象从缓存中命中的次数大于0时;
set resp.http.X-Cache = "HIT from " + server.ip;
} else {
set resp.http.X-Cache = "MISS";
}
}
[root@vanish-76 ~]# systemctl start varnish
五、haproxy服务器
设置seLinux、取消防火墙和同步时间
yum install -y ntpdate
ntpdate time1.aliyun.com
安装haproxy
[root@haproxy-75 ~]# yum install -y haproxy
编辑配置文件,启用本地日志功能
[root@haproxy-75 ~]# vim /etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log
local2.*                                                /var/log/haproxy.log
[root@haproxy-75 ~]# vim /etc/sysconfig/rsyslog
SYSLOGD_OPTIONS="-r"
[root@haproxy-75 ~]# systemctl restart rsyslog
配置haproxy文件
[root@haproxy-75 ~]# vim /etc/haproxy/haproxy.cfg

frontend  main *:80
acl url_static       path_end       -i .jpg .gif .png .css .js .txt  #静态资源acl规则
acl url_dynamic     path_end        -i .php #动态资源acl规则
compression algo gzip  #设置压缩算法为gzip
compression type text/html text/plain image/x-png image/x-citrix-jpeg  #设置压缩的内容类>型为相关静态内容
use_backend static          if url_static   #后端静态主机组调用静态acl规则
use_backend dynamic     if url_dynamic #后端动态主机组调用动态acl规则
default_backend             websrvs   #其他默认使用

backend websrvs     #默认主机组
balance roundrobin    #算法
cookie WEBSRV insert nocache indirect   #基于cookie会话绑定同一台服务器
server web1 192.168.1.74:80 check  cookie web1
server web2 192.168.1.76:6081 check  cookie web1

backend static  #添加varnish为静态服务,由varnish将代理处理静态请求
balance roundrobin #算法
server srvs1 192.168.1.76:6081 check

backend dynamic  #动态主机组
balance roundrobin   #算法
server dyn1 192.168.1.74:80 check

listen stats         #haproxy的管理页面设置
bind *:8080     #管理端口
stats enable    #启用
stats uri /admin?stats      #访问路径
acl url_stats src 192.168.1.0/24  #配置ACL匹配本地网段
stats admin if url_stats  #只允许匹配ACL的本地网段访问stats的管理页面
[root@haproxy-75 ~]# systemctl start haproxy

六、测试
1、LNMP动静分离部署wordpress,动静都要能实现负载均衡,要注意会话的问题。
此时访问以.php的结尾的内容会被haproxy负载到dynamic服务器上处理,而访问.jpg,.png和.txt等静态内容则被负载到static服务器上进行处理。
动态wordpress测试
静态图片资源测试
由上图所示访问wordpres页面的动态和静态图片内容已被分开处理,静态内容代理到varnish-76上进行处理,而动态内容则代理到dynamic服务器进行处理。
访问http://192.168.0.81 默认会轮询到后端两个服务器上
[root@clinet ~]# for i in {1..10} ; do curl http://192.168.1.75 ; done
<h1>This is static-server </h1>
<h1>This is dynamic-server</h1>

<h1>This is static-server </h1>
<h1>This is dynamic-server</h1>

<h1>This is static-server </h1>
<h1>This is dynamic-server</h1>

<h1>This is static-server </h1>
<h1>This is dynamic-server</h1>

<h1>This is static-server </h1>
<h1>This is dynamic-server</h1>
基于cookie会话保持功能,用户通过web访问都会被调度到同一个后端服务器。

会话保持
2、在haproxy和后端主机之间添加varnish进行缓存
从此前的截图上,我们已经能看到,相关的静态内容已经被varnish缓存所“HIT”中了,这说明我们缓存已经生效了。
缓存命中信息
3、压缩合适的内容类型和设置stats page仅能通过本地访问使用管理接口。
因为我们在haproxy的配置中设置了对相关静态内容进行压缩,所以访问相关静态内容时,如果响应报文带有相关的压缩字段,说明压缩已经成功。

压缩成功
4、 stats page信息页仅能通过本地访问使用管理接口
访问stats页面,因为访问主机是本地网络,所以能够下图红框中的管理操作。如果不是指定的本地网段,则只能查看相关的stats状态,而无法进行管理操作。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: