從零開始搭建雙主模型的nginx proxy高可用集群

easyTang ? ? Linux干貨

實驗簡介

本文主要介紹雙主模型的nginx proxy高可用集群的搭建方式。
實驗環境:

  • 使用nfs/ftp服務器,nfs提供頁面數據共享,ftp提供程序下載
  • 使用單獨的mariadb服務器提供關系型數據庫
  • 使用兩臺httpd服務器提供頁面服務,包括靜態的html和動態的php(phpmyadmin、wordpress、phpinfo)
  • 使用兩臺nginx作為兩臺httpd的負載均衡器
  • 對兩臺nginx配置keepalived保證集群的高可用

拓撲圖

從零開始搭建雙主模型的nginx proxy高可用集群

配置

nfs/ftp 192.168.45.201

#修改主機名
hostnamectl set-hostname nfs.easy.com

#同步時間
yum install -y ntp
ntpdate

#搭建nfs
yum install -y nfs-utils
mkdir /data/html -pv
vim /etc/exports
    /data/html 192.168.45.0/24(rw)
systemctl start nfs
showmount -e

#搭建ftp
yum install -y vsftpd
yum install -y lrzsz
cd /var/ftp/pub
rz
上傳phpMyAdmin-4.0.10.20-all-languages.zip
上傳wordpress-4.7.4-zh_CN.tar.gz

mariadb 192.168.45.202

#修改主機名
hostnamectl set-hostname mydb.easy.com

#同步時間    
yum install -y ntp
ntpdate

#搭建mariadb
yum install -y mariadb-server
vim /etc/my.cnf.d/server.cnf
    [mysqld] 
    skip_name_resolve=1
    log-bin=mysql-bin
    innodb_file_per_table = 1
systemctl start mariadb.service

#簡單配置mariadb
mysql_secure_installation
mysql -uroot -peasy
    GRANT ALL ON *.* TO 'root'@'192.168.45.%' IDENTIFIED BY 'easy'; 
    CREATE DATABASE wordpress;

    SELECT * FROM mysql.user \G ;
    SHOW DATABASES;

web1 192.168.45.11

#修改主機名
hostnamectl set-hostname web1.easy.com

#同步時間
yum install -y ntp
ntpdate
yum install -y httpd php php-mysql php-mcrypt php-mbstring

#掛載nfs
yum install -y nfs-utils
mkdir /data/html -pv
mount 192.168.45.201:/data/html /var/www/html

#創建phpMyAdmin wordpress
yum install -y wget
wget ftp://192.168.45.201/pub/phpMyAdmin-4.0.10.20-all-languages.zip
wget ftp://192.168.45.201/pub/wordpress-4.7.4-zh_CN.tar.gz 
tar xf wordpress-4.7.4-zh_CN.tar.gz
yum install -y unzip  
unzip phpMyAdmin-4.0.10.20-all-languages.zip 
mv /root/wordpress /var/www/html/wordpress-4.7.4  
mv /root/phpMyAdmin-4.0.10.20-all-languages /var/www/html
cd /var/www/html
ln -sv phpMyAdmin-4.0.10.20-all-languages pma
ln -sv wordpress-4.7.4 wp
ls /var/www/html

#創建主頁
vim /var/www/html/index.php
    <h1>This is index pages</h1>
    <?php
        phpinfo();
    ?>

#創建負載均衡測試頁
mkdir /var/www/lbtest
echo "web server1">> /var/www/lbtest/test.html
cat /var/www/lbtest/test.html

#配置httpd虛擬主機
vim /etc/httpd/conf.d/vhost.conf
    listen 8080
    <VirtualHost 192.168.45.11:80>
        DocumentRoot /var/www/html
        Servername www.easy.com
        <Directory '/var/www/html'>
            Options FollowsymLinks
            AllowOverride None
            Require all granted
        </Directory>
    </VirtualHost>        
    <VirtualHost 192.168.45.11:8080>
       DocumentRoot /var/www/lbtest
            <Directory '/var/www/lbtest'>
            Options None
            AllowOverride None
            Require all granted
            </Directory>
    </VirtualHost>
systemctl start httpd

#配置php-mysql
vim /etc/php.ini
    mysqli.default_host = 192.168.45.202
    mysqli.default_user = root
    mysqli.default_pw = easy
systemctl restart httpd

#配置phpMyAdmin
cd /var/www/html/pma
cp config.sample.inc.php config.inc.php 
vim config.inc.php 
    $cfg['blowfish_secret'] = 'a8baskdljalskd7c6d';
    $cfg['Servers'][$i]['host'] = '192.168.45.202';

#配置wordpress
cd /var/www/html/wp
cp wp-config-sample.php wp-config.php
vim wp-config.php
    define('DB_NAME', 'wordpress');
    define('DB_USER', 'root');
    define('DB_PASSWORD', 'easy');
    define('DB_HOST', '192.168.45.202');

web2 192.168.45.12

#修改主機名
hostnamectl set-hostname web2.easy.com

#同步時間
yum install -y ntp
ntpdate
yum install -y httpd php php-mysql php-mcrypt php-mbstring

#掛載nfs
yum install -y nfs-utils
mkdir /data/html -pv
mount 192.168.45.201:/data/html /var/www/html

#創建負載均衡測試頁
mkdir /var/www/lbtest
echo "web server2">> /var/www/lbtest/test.html
cat /var/www/lbtest/test.html

#配置httpd虛擬主機
vim /etc/httpd/conf.d/vhost.conf
    listen 8080
    <VirtualHost 192.168.45.12:80>
        DocumentRoot /var/www/html
        Servername www.easy.com
        <Directory '/var/www/html'>
            Options FollowsymLinks
            AllowOverride None
            Require all granted
        </Directory>
    </VirtualHost>        
    <VirtualHost 192.168.45.12:8080>
       DocumentRoot /var/www/lbtest
            <Directory '/var/www/lbtest'>
            Options None
            AllowOverride None
            Require all granted
            </Directory>
    </VirtualHost>
systemctl start httpd

#配置php-mysql
vim /etc/php.ini
    mysqli.default_host = 192.168.45.202
    mysqli.default_user = root
    mysqli.default_pw = easy
systemctl restart httpd

nginx1 192.168.45.201

#修改主機名    
hostnamectl set-hostname nginx1.easy.com

#同步時間
yum install -y ntp
ntpdate
yum install -y psmisc #killall指令安裝

#配置nginx負載均衡
yum install -y nginx
vim /etc/nginx/nginx.conf
http {
    upstream backend {
        server 192.168.45.11:80;
        server 192.168.45.12:80;
    }
    upstream lbtest {
        server 192.168.45.11:8080;
        server 192.168.45.12:8080;
    }
    server{
        location / {
            proxy_pass http://backend;
        }
        location ~* 'test.html$' {
            proxy_pass http://lbtest;
        }
    }
}    
systemctl start nginx

#配置keepalived
yum install -y keepalived
mv /etc/keepalived/keepalived.conf{,.bak}
vim /etc/keepalived/keepalived.conf
    !Configuration File for keepalived
    global_defs {
        notification_email {
            root@localhost;
            }
        notification_email_from keepadmin@localhost
        smtp_server 127.0.0.1
        smtp_connect_timeout 30
        route_id nginx1
        vrrp_mcast_group4 224.51.151.251
    }        
    vrrp_instance VI_1{
        state MASTER
        priority 100
        interface ens37
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass SWF5FW2DF
        }
        virtual_ipaddress {
            172.16.51.1/16 dev ens37 label ens37:0
        }
        notify_master "/etc/keepalived/notify.sh master"
        notify_bachup "/etc/keepalived/notify.sh backup"
        notify_fault "/etc/keepalived/notify.sh fault"
    }
    vrrp_instance VI_2{
        state BACKUP
        interface ens37
        virtual_router_id 52
        priority 96
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 7D2SS5DF
        }
        virtual_ipaddress {
            172.16.51.2/16 dev ens37 label ens37:1
        }
        track_script {
            chk_down
            chk_nginx
        }
        notify_master "/etc/keepalived/notify.sh master"
        notify_bachup "/etc/keepalived/notify.sh backup"
        notify_fault "/etc/keepalived/notify.sh fault"
    }

#配置通知腳本
vim /etc/keepalived/notify.sh
    #!/bin/bash
    #
    contact='root@localhost'
    notify(){
            local mailsubject="$(hostname) to be $1 ,vip floating"
            local mailbody="$(date +'%F $T'):vrrp transition,$(hostname) changed to be $1"
            echo "$mailbody" |mail -s "$mailsubject" $contact
    }
    case $1 in
    master)
            systemctl start nginx.service
            notify master
            ;;
    backup)
            systemctl start nginx.service
            notify backup
            ;;
    fault)
            systemctl stop nginx.service
            notify fault
            ;;
    *)
            echo "ERROR"
            exit 1
            ;;
    esac

nginx2 192.168.45.202

#修改主機名
hostnamectl set-hostname nginx2.easy.com

#同步時間
yum install -y ntp
ntpdate
yum install -y psmisc #killall指令安裝

#配置nginx負載均衡
yum install -y nginx
mv /etc/nginx/nginx.conf{,.bak}
接受nginx1傳送配置后
systemctl start nginx

#配置keepalived
yum install -y keepalived
mv /etc/keepalived/keepalived.conf{,.bak}
vim /etc/keepalived/keepalived.conf
    !Configuration File for keepalived        
    global_defs {
        notification_email {
            root@localhost;
            }
        notification_email_from keepadmin@localhost
        smtp_server 127.0.0.1
        smtp_connect_timeout 30
        route_id nginx2
        vrrp_mcast_group4 224.51.151.251
    }        
    vrrp_script chk_down{
        script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0 "
        interval 1
        weight -5
        fall 1
        rise 1
    }        
    vrrp_script chk_nginx{
        script "killall -0 nginx && exit 0 || exit 1"
        interval 1
        weight -5
        fall 2
        rise 2
    }
    vrrp_instance VI_1{
        state BACKUP
        interface ens37
        virtual_router_id 51
        priority 96
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass SWF5FW2DF
        }
        virtual_ipaddress {
            172.16.51.1/16 dev ens37 label ens37:0
        }
        track_script {
            chk_down
            chk_nginx
        }
        notify_master "/etc/keepalived/notify.sh master"
        notify_bachup "/etc/keepalived/notify.sh backup"
        notify_fault "/etc/keepalived/notify.sh fault"
    }
    vrrp_instance VI_2{
        state MASTER
        interface ens37
        virtual_router_id 52
        priority 100
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 7D2SS5DF
        }
        virtual_ipaddress {
            172.16.51.2/16 dev ens37 label ens37:1
        }
        track_script {
            chk_down
            chk_nginx
        }
        notify_master "/etc/keepalived/notify.sh master"
        notify_bachup "/etc/keepalived/notify.sh backup"
        notify_fault "/etc/keepalived/notify.sh fault"
    }

#配置通知腳本
vim /etc/keepalived/notify.sh
    #!/bin/bash
    #
    contact='root@localhost'
    notify(){
            local mailsubject="$(hostname) to be $1 ,vip floating"
            local mailbody="$(date +'%F $T'):vrrp transition,$(hostname) changed to be $1"
            echo "$mailbody" |mail -s "$mailsubject" $contact
    }
    case $1 in
    master)
            systemctl start nginx.service
            notify master
            ;;
    backup)
            systemctl start nginx.service
            notify backup
            ;;
    fault)
            systemctl stop nginx.service
            notify fault
            ;;
    *)
            echo "ERROR"
            exit 1
            ;;
    esac

實驗總結

BUG

  • 該環境配置完成后出現BUG,chk_nginx腳本并不會真正的檢測nginx,來對keepalived權重進行調整

待完善

  • 該實驗環境只是實現基本功能,部分配置存在安全隱患
  • 該環境單點狀況過多,需要提升頁面資源的nfs服務器和關系型數據庫mariadb服務器的高可用性
  • httpd服務器沒有實現動靜分離
  • httpd服務器負載均衡不能保持會話,需要增加session服務器
  • 增加cache服務器可以大幅度提高瀏覽速度 



                                                        
原創文章,作者:easyTang,如若轉載,請注明出處:http://www.www58058.com/78553
                        


                        

                        

                            
(0)

                                                    


                        

                            

                                                                    

                                                                                
                                            easyTangeasyTang                                        
                                    

                                                                

                                    
                                    
                                    

                                        
                                    

                                

                            

                        

                    

                                            

                    

                
                

                     上一篇
                    2017-06-25
                

            

                            

                
                

                    下一篇 
                    2017-06-26
                

            

            

                    
                                            

                            
相關推薦
  • 
        
    
                
    
            
                                 Linux 第三天: (07月26日) Linux使用幫助            
        
    
        
    
            
    Linux 第三天: (07月26日) Linux使用幫助         whatis 顯示命令的簡短描述makewhatis centos6 制作數據庫mandb centos7 制作數據庫 help COMMAND 內部命令man bash 內部命令COMMAND –help -h 外部命令man C…
    
        
    
        
    
                                            Linux干貨
                            2016-08-08
            
    
                            
    
        
    
    
    

    • 

  • 
        
    
                
    
            
                                 mysql慢查詢日志進行按庫切割重寫文件然后分析            
        
    
        
    
            
    需求: 把每天的慢查詢日志進行按庫切割 對每個庫的慢查詢日志進行分析 思路: 工具/功能 一般統計信息 高級統計信息 腳本 優勢 mysqldumpslow 支持 不支持 perl mysql官方自帶 mysqlsla 支持 支持 perl 功能強大,數據報表齊全,定制化能力強. mysql-explain-slow-log 支持 不支持 perl 無 my…
    
        
    
        
    
                                            Linux干貨
                            2015-04-03
            
    
                            
    
        
    
    
    

    • 

  • 
        
    
                
    
            
                                 網絡配置管理:ifcfg、iproute2和ss等相關命令介紹(不完整,需要后期完善)            
        
    
        
    
            
    網絡配置管理:ifcfg、iproute2和ss等相關命令介紹 ifcfg家族: ifconfig [interface] ifconfig interface [aftype] options | address …   -a :查看所有 接口信息 add<地址>:設置網絡設備IPv6的ip地址 del<地址>…
    
        
    
        
    
                                            Linux干貨
                            2017-01-19
            
    
                            
    
        
    
    
    

    • 

  • 
        
    
                
    
            
                                 Gdevops 2017全球敏捷運維峰會【北京站】限時免費!            
        
    
        
    
            
    Introduction 全球敏捷運維峰會 打造敏捷與運維領域標桿峰會! 2017年全球敏捷運維峰會(Gdevops, Global Devops Summit)將于2017年在成都、上海、北京、廣州四城全面啟動,本次Gdevops 2017全球敏捷運維峰會【北京站】由上海市經濟和信息化委員會指導,上海市云計算產業促進中心、DBAplus社群主辦,數十家媒體…
    
        
    
        
    
                                            Linux干貨
                            2017-08-02
            
    
                            
    
        
    
    
    

    • 

  • 
        
    
                
    
            
                                 正則表達式之初體驗            
        
    
        
    
            
    學習正則表達式之前,看過這復雜的表達式,猶如天書,無比高大上;懷著戰戰兢兢的心情,開始了學習之旅: 一、  正則表達式:Global search REgular expression and Print out the line. 我的理解是:通過一大堆符號組成的公式逐行查找文本中匹配的字符串并顯示出來  分類: &…
    
        
    
        
    
                                            Linux干貨
                            2015-03-31
            
    
                            
    
        
    
    
    

    • 

  • 
        
        
    
                
    
            
                                 實現CA和證書申請,            
        
    
        
    
            
    接下來講的是在centos7.3和centos6.8中實現CA和證書申請,centos7.3作為主機,centos6.8作為客戶端 首先你授權客戶端CA證書,必須本身主機也具有CA,自己證明自己,先CA自簽證書,然后在7.3創建私鑰 為了方便以后的操作CD進入 cd /etc/pki/CA   生成自簽名證書 -new:  生成…
    
        
    
        
    
                                    2017-04-11
            
    
                            
    
        
    
    
    

    • 

                        

                                    

                    

            
    




            

                                                    

                                                                    

                                    

                                                                    

                            

                    
        










    

欧美性久久久久