nfs: 192.168.1.40

rp1: 192.168.1.41

rp2: 192.168.1.42

mariadb: 192.168.1.43

web1: 192.168.1.110

web2: 192.168.1.111

app1: 192.168.1.112

app2: 192.168.1.113

實驗效果：用keepalived高可用反向代理服務器haproxy，將靜態頁面反代到varnish緩存服務器，動態頁面反代到后端的app服務器，訪問內容如果在緩存服務器上有緩存，就直接返回，如果沒有就到后端web服務器取

NFS:192.168.1.40

1. yum install nfs-utils rpcbind
2. vim /etc/exports

   /mnt/share      192.168.1.0/24(rw,async,all_squash)

   mkdir /mnt/share

   systemctl start nfs rpcbind

   showmount -e 192.168.1.40

3. chmod o+w /mnt/share

//給目錄一個寫權限，因為之后要將此目錄掛載到web和app服務上，以備上傳圖片

app1:192.168.1.41

1. yum install -y epel-releaseyum install -y haproxy varnish keepalived

   ntpdate 192.168.1.64

haproxy配置

1. cd /etc/haproxy
2. vim haproxy.cfg

global

log 127.0.0.1 local2

chroot /var/lib/haproxy

pidfile /var/run/haproxy.pid

maxconn 4000

user haproxy

group haproxy

daemon

stats socket /var/lib/haproxy/stats

defaults

mode http

log global

option httplog

option dontlognull

option http-server-close

option forwardfor except 127.0.0.0/8

option redispatch

retries 3

timeout http-request 10s

timeout queue 1m

timeout connect 10s

timeout client 1m

timeout server 1m

timeout http-keep-alive 10s

timeout check 10s

maxconn 3000`

frontend myweb *:80

compression algo gzip

compression type text/html text/plain application/xml application/javascript

reqadd X-Proxy-By:\ HAProxy

default_backend websrvs

acl websrvs path_end -i .jpg .jpeg .htm .gif .png .css .js .ico

//請求報文中以此類結尾的都定義為websrvs

acl appsrvs path_end .php

use_backend appsrvs if appsrvs

//調用下面定義的dynsrvs的服務器，如果附合acl定義的

appsrvs規則

use_backend websrvs if websrvs

backend websrvs

balance roundrobin

server srv1 192.168.1.41:6081 check inter 3000ms rise 2 fall 2

server srv2 192.168.1.42:6081 check inter 3000ms rise 2 fall 2

backend appsrvs

balance source

server dynsrv1 192.168.1.112:80 check inter 3000ms rise 2 fall 2

server dynsrv2 192.168.1.113:80 check inter 3000ms rise 2 fall 2

listen stats

bind *:9099

stats enable

stats uri /myproxy?admin

stats realm “HAProxy Stats Page”

stats auth admin:admin

stats admin if TRUE

varnish配置

1. cd /etc/varnish
2. vim varnish.params

VARNISH_STORAGE=”file,/data/varnish/cache,1g”

//注釋掉用內存緩存訪問，改為用磁盤緩存

3. vim default.vcl

vcl 4.0;

import directors;

backend websrv1 {

.host = “192.168.1.110”;

.port = “80”;

}

backend websrv2 {

.host = “192.168.1.111”;

.port = “80”;

}

backend appsrv1 {

.host = “192.168.1.112”;

.port = “80”;

}

backend appsrv2 {

.host = “192.168.1.113”;

.port = “80”;

}

sub vcl_init {

new staticsrvs = directors.round_robin();

staticsrvs.add_backend(websrv1);

staticsrvs.add_backend(websrv2);

new appsrvs = directors.hash();

appsrvs.add_backend(appsrv1,1);

appsrvs.add_backend(appsrv2,1);

}

sub vcl_recv {

if (req.url ~ “(?i).(css|js)$”) {

set req.backend_hint =appsrvs.backend(req.http.cookie);

}

if (req.url ~ “(?i).(jpg|jpeg|png|gif)$”) {

set req.backend_hint = staticsrvs.backend();

} else {

set req.backend_hint = appsrvs.backend(req.http.cookie);

}

}

sub vcl_backend_response {

if (beresp.http.cache-control !~ “s-maxage”) {

if (bereq.url ~ “(?i).(jpg|jpeg|png|gif|css|js|html|htm)$”) {

unset beresp.http.Set-Cookie;

set beresp.ttl = 3600s;

}

}

}

//定義符合條件的文件由varnish緩存3600秒

sub vcl_deliver {

if (obj.hits>0) {

set resp.http.X-Cache=”Hit via ” + server.ip;

} else {

set resp.http.X-Cache=”Miss from ” + server.ip;

}

}

keepalived配置

1. vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

notification_email {

root@localhost

}

notification_email_from keepalived@localhost

smtp_server 127.0.0.1

smtp_connect_timeout 30

router_id node1

vrrp_skip_check_adv_addr

vrrp_strict

vrrp_garp_interval 0

vrrp_gna_interval 0

vrrp_mcast_group4 224.1.101.30

}

vrrp_instance VI_1 {

state MASTER

interface eno16777736

virtual_router_id 51

priority 100

advert_int 1

authentication {

auth_type PASS

auth_pass 1234

}

virtual_ipaddress {

192.168.1.50/24 dev eno16777736 label eno16777736:0

}

notify_master “/etc/keepalived/notify.sh master”

notify_backup “/etc/keepalived/notify.sh backup”

}

vrrp_instance VI_2 {

state BACKUP

priority 96

interface eno16777736

virtual_router_id 52

advert_int 1

authentication {

auth_type PASS

auth_pass 1234

}

virtual_ipaddress {

192.168.1.51/24 dev eno16777736 label eno16777736:0

}

notify_master “/etc/keepalived/notify.sh master”

notify_backup “/etc/keepalived/notify.sh backup”

}

keepalived 報警腳本

vim /etc/keepalived/notify.sh

#!/bin/bash

contact=’root@localhost’

//定義誰可以接收郵件

notify() {

local mailsubject=”$(hostname) to be $1, vip floating”

//聲明本地局部變量，mailsubject是聲明標題的，$(hostname)是當前主機名，意思是當前主機發生了變化，VIP流動了，$1是狀態，給什么狀態就顯示什么狀態

local mailbody=”$(date +’%F %T’): vrrp transition, $(hostname) changed to be $1″

//這是定義郵件正文的，$(date +’%F %T’)是時間，意思是在這個時刻vrrp發生了狀態轉移，$(hostname)當前主機變成了$1狀態

echo “$mailbody” | mail -s “$mailsubject” $contact

//調用本地郵件服務器向本地用戶發郵件，如果要使用互聯網上的郵件服務器發郵件要用python寫腳本

}

case $1 in

//$1是腳本的位置變量，看傳輸的是下面的哪一個什么

master)

notify master

;;

backup)

notify backup

;;

fault)

notify fault

;;

*)

echo “Usage: $(basename $0) {master|backup|fault}”

exit 1

;;

esac

chmod +x notify.sh

bash -n notify.sh

//檢查語法

bash -x notify.sh master

systemctl start haproxy varnish keepalived

//啟動所有服務

app2:192.168.1.42

app2服務器上所安裝的軟件與配置與app1上是一致的，只是將keepalived的配置做一下調整，如下

! Configuration File for keepalived

global_defs {

notification_email {

root@localhost

}

notification_email_from keepalived@localhost

smtp_server 127.0.0.1

smtp_connect_timeout 30

router_id node1

vrrp_skip_check_adv_addr

vrrp_strict

vrrp_garp_interval 0

vrrp_gna_interval 0

vrrp_mcast_group4 224.1.101.30

}

vrrp_instance VI_1 {

state BACKUP

interface eno16777736

virtual_router_id 51

priority 96

advert_int 1

authentication {

auth_type PASS

auth_pass 1234

}

virtual_ipaddress {

192.168.1.50/24 dev eno16777736 label eno16777736:0

}

notify_master “/etc/keepalived/notify.sh master”

notify_backup “/etc/keepalived/notify.sh backup”

}

vrrp_instance VI_2 {

state MASTER

priority 100

interface eno16777736

virtual_router_id 52

advert_int 1

authentication {

auth_type PASS

auth_pass 1234

}

virtual_ipaddress {

192.168.1.51/24 dev eno16777736 label eno16777736:0

}

notify_master “/etc/keepalived/notify.sh master”

notify_backup “/etc/keepalived/notify.sh backup”

}

mariadb:192.168.1.43

1.yum install -y mariadb-server

2.vim /etc/my.cnf

skip_name_resolve=ON

innodb_file_per_table=ON

mysql_secure_installation

Set root password? [Y/n] y #是否設置密碼

New password: #輸入要設置的密碼

Re-enter new password:

Remove anonymous users? [Y/n] y #是否刪除匿名用戶

Disallow root login remotely? [Y/n]n

#是否禁止管理員遠程登錄（為了試驗方便，設置成不要，生成中禁止遠程登錄）

Remove test database and access to it? [Y/n]n

#刪除測試數據庫

Reload privilege tables now? [Y/n]y #重載

mysql -uroot -pcentos

create database wordpress;

grant all on wordpress.* to ‘wps’@’%’ identified by ‘centos’;

flush privileges;

mysql -uwps -pcentos

systemctl start mariadb

web1:192.168.1.110

1. yum install -y epel-releaseyum install -y nginx nfs-utils
2. vim /etc/nginx/conf.d/web.conf

server {

server_name 192.168.1.110;

index index.html;

root /data/apps;

}

3. systemctl start nginx
4. mkdir -p /data/apps
5. 上傳wordpress軟件包到服務器
6. unzip wordpress-4.3.1-zh_CN.zip
7. cp -r wordpress /data/apps
8. cd /data/apps
9. ln -sv wordpress wps
10. mkdir /data/apps/wps/wp-content/uploads
11. mount -t nfs 192.168.1.40:/mnt/share /data/apps/wps/wp-content/uploads
12. mkdir /data/apps/wps/html
13. mount -t nfs 192.168.1.40:/mnt/html /data/apps/wps/html

web2:192.168.1.111

1. yum install -y epel-releaseyum install -y nginx nfs-utils
2. vim /etc/nginx/conf.d/web.conf

server {

server_name 192.168.1.111;

index index.html;

root /data/apps;

}

3. systemctl start nginx
4. mkdir -p /data/apps
5. 上傳wordpress軟件包到服務器
6. unzip wordpress-4.3.1-zh_CN.zip
7. cp -r wordpress /data/apps
8. cd /data/apps
9. ln -sv wordpress wps
10. mkdir /data/apps/wps/wp-content/uploads
11. mount -t nfs 192.168.1.40:/mnt/share /data/apps/wps/wp-content/uploads
12. mkdir /data/apps/wps/html
13. mount -t nfs 192.168.1.40:/mnt/html /data/apps/wps/html

app1:192.168.1.112

1. yum install httpd php-mysql php-mbstring nfs-utils
2. vim /etc/httpd/conf.d/app.conf

<VirtualHost 192.168.1.112:80>

DocumentRoot “/data/apps”

DirectoryIndex index.php index.html

<Directory “/data/apps”>

Options FollowSymLinks

AllowOverride All

Require all granted

</Directory>

CustomLog “logs/wp_access.log” combined

ErrorLog “logs/wp_error.log”

</VirtualHost>

3. mkdir -p /data/apps
4. 上傳wordpress軟件包到服務器
5. unzip wordpress-4.3.1-zh_CN.zip
6. cp -r wordpress /data/apps
7. cd /data/apps
8. ln -sv wordpress wps
9. cd wps
10. cp wp-config-sample.php wp-config.php
11. vim wp-config.php

/** WordPress數據庫的名稱 */

define(‘DB_NAME’, ‘wordpress’);

/** MySQL數據庫用戶名 */

define(‘DB_USER’, ‘wps’);

/** MySQL數據庫密碼 */

define(‘DB_PASSWORD’, ‘centos’);

/** MySQL主機 */

define(‘DB_HOST’, ‘192.168.1.43’);

12. systemctl start httpd
13. mkdir /data/apps/wps/wp-content/uploads
14. mount -t nfs 192.168.1.40:/mnt/share /data/apps/wps/wp-content/uploads
15. mkdir /data/apps/wps/html
16. mount -t nfs 192.168.1.40:/mnt/html /data/apps/wps/html

app2:192.168.1.113

1. yum install httpd php-mysql php-mbstring nfs-utils
2. vim /etc/httpd/conf.d/app.conf

<VirtualHost 192.168.1.113:80>

DocumentRoot “/data/apps”

DirectoryIndex index.php index.html

<Directory “/data/apps”>

Options FollowSymLinks

AllowOverride All

Require all granted

</Directory>

CustomLog “logs/wp_access.log” combined

ErrorLog “logs/wp_error.log”

</VirtualHost>

3. mkdir -p /data/apps
4. 上傳wordpress軟件包到服務器
5. unzip wordpress-4.3.1-zh_CN.zip
6. cp -r wordpress /data/apps
7. cd /data/apps
8. ln -sv wordpress wps
9. cd wps
10. cp wp-config-sample.php wp-config.php
11. vim wp-config.php

/** WordPress數據庫的名稱 */

define(‘DB_NAME’, ‘wordpress’);

/** MySQL數據庫用戶名 */

define(‘DB_USER’, ‘wps’);

/** MySQL數據庫密碼 */

define(‘DB_PASSWORD’, ‘centos’);

/** MySQL主機 */

define(‘DB_HOST’, ‘192.168.1.43’);

12. systemctl start httpd
13. mkdir /data/apps/wps/wp-content/uploads
14. mount -t nfs 192.168.1.40:/mnt/share /data/apps/wps/wp-content/uploads
15. mkdir /data/apps/wps/html
16. mount -t nfs 192.168.1.40:/mnt/html /data/apps/wps/html

修改本機hosts文件

加入 www.test.com 192.168.1.50 www.test.com 192.168.1.51

測試：

訪問www.test.com/wps

將固定鏈接改為html形式