2018-08-07大做业
业务需求:javascript
用13台虚拟机搭建一个高可用负载均衡集群架构出来,并运行三个站点,具体需求以下。
1 设计你认为合理的架构,用visio把架构图画出来
2 搭建lnmp、tomcat+jdk环境
3 三个站点分别为:discuz论坛、dedecms企业网站以及zrlog博客
4 因为机器有限,尽量地把三个站点放到同一台服务器上,而后作负载均衡集群,要求全部站点域名解析到一个ip上,也就是说只有一个出口ip
5 须要共享静态文件,好比discuz须要共享的目录是 data/attachment,dedecms须要共享upload(具体目录,你能够先上传一个图片,查看图片所在目录)
6 设计合理的目录、文件权限,好比discuz的data目录须要给php-fpm进程用户可写权限,其余目录不用写的就不要给写权限(目录755,文件644,属主属组root)
7 全部服务器要求只能普通用户登陆,并且只能密钥登陆,root只能普通用户sudo
8 给全部服务器作一个简单的命令审计功能
9 php-fpm服务要求设置慢执行日志,超时时间为2s,并作日志切割,日志保留一月
10 全部站点都须要配置访问日志,并作日志切割,要求静态文件日志不作记录,日志保留一月
11 制定合理的mysql数据备份方案,并写备份脚本,要求把备份数据传输到备份服务器
12 制定代码、静态文件的备份方案,并写备份脚本,要求把备份数据传输到备份服务器
12 编写数据恢复文档,能保证当数据丢失在2小时内恢复全部数据
13 搭建zabbix监控告警系统,要求监控各个基础指标(cpu、内存、硬盘),网卡流量须要成图,还须要监控web站点的可用性
14 定制自定义监控脚本,监控web服务器的并发链接数,接入zabbix,成图,设置触发器,超过100告警
15 定制自定义监控脚本,监控mysql的队列,接入zabbix,成图,设置触发器,队列超过300告警
16 定制自定义监控脚本,监控mysql的慢查询日志,接入zabbix,成图,设置触发器,每分钟超过60条日志须要告警,须要仔细分析慢查询日志的规律,肯定日志条数
17 利用jmx,在zabbix上监控tomcat
18 给三个站点的后台访问作二次认证,增长安全性
19 用shell脚本实现文件、代码同步上线(参考分发系统)php
能够简单把需求分为如下几部分:
•第一部分:基础css
1 、设计你认为合理的架构,用visio把架构图画出来 七、全部服务器要求只能普通用户登陆,并且只能密钥登陆,root只能普通用户sudo 8 、给全部服务器作一个简单的命令审计功能 1八、用shell脚本实现文件、代码同步上线(参考分发系统)
•第二部分:web服务器html
2 搭建lnmp、tomcat+jdk环境 3 三个站点分别为:discuz论坛、dedecms企业网站以及zrlog博客 4 因为机器有限,尽量地把三个站点放到同一台服务器上,而后作负载均衡集群,要求全部站点域名解析到一个ip上,也就是说只有一个出口ip 5 须要共享静态文件,好比discuz须要共享的目录是 data/attachment,dedecms须要共享upload(具体目录,你能够先上传一个图片,查看图片所在目录) 6 设计合理的目录、文件权限,好比discuz的data目录须要给php-fpm进程用户可写权限,其余目录不用写的就不要给写权限(目录755,文件644,属主属组root) 9 php-fpm服务要求设置慢执行日志,超时时间为2s,并作日志切割,日志保留一月 10 全部站点都须要配置访问日志,并作日志切割,要求静态文件日志不作记录,日志保留一月 17 给三个站点的后台访问作二次认证,增长安全性
•第三部分:前端
11 制定合理的mysql数据备份方案,并写备份脚本,要求把备份数据传输到备份服务器 12 制定代码、静态文件的备份方案,并写备份脚本,要求把备份 12 编写数据恢复文档,能保证当数据丢失在2小时内恢复全部数据
•第四部分:zabbix监控java
13 搭建zabbix监控告警系统,要求监控各个基础指标(cpu、内存、硬盘),网卡流量须要成图,还须要监控web站点的可用性, 14 定制自定义监控脚本,监控web服务器的并发链接数,超过100告警 15 定制自定义监控脚本,监控mysql的队列,队列超过300告警 16 定制自定义监控脚本,监控mysql的慢查询日志,每分钟超过60条日志须要告警,须要仔细分析慢查询日志的规律,肯定日志条数
第一部分需求设置:
一、架构图
二、根据架构图分配机器角色:node
192.168.66.100 VIP 192.168.66.130 前端nginx负载主机+keepalived 192.168.66.131 前端nginx负载备机+keepalived 192.168.66.132 web服务器(lnmp+tomcat) 192.168.66.133 web服务器(lnmp+tomcat) 192.168.66.134 web服务器(lnmp+tomcat) 192.168.66.135 web服务器(lnmp+tomcat) 192.168.66.136 web服务器(lnmp+tomcat) 192.168.66.137 web服务器(lnmp+tomcat) 192.168.66.138 mysql读写分离调度器(mycat)+备份服务器 192.168.66.139 mysql主服务器 192.168.66.140 mysql从服务器 192.168.66.141 mysql从服务器 192.168.66.142 zabbix服务器
三、经过expect脚本批量建立普通用户linux,并授予sudo权限
须要在13台机器上建立linux用户,建立密码并授予sudo权限,IP为192.168.66.130-142
•先登陆192.168.66.130,安装expectmysql
[root@localhost ~]# yum install -y expect vim
[root@localhost ~]# cd /usr/local/sbin
[root@localhost sbin]# vim useradd.expect #内容以下
#!/usr/bin/expect
set user [ lindex $argv 0 ]
set passwd "123456"
set host [ lindex $argv 1 ]
set cm [ lindex $argv 2 ]
spawn ssh $user@$host
expect {
"yes/no" { send "yes\r"; exp_continue}
"assword:" { send "$passwd\r" }
}
expect "]*"
send "$cm\r"
expect "]*"
send "exit\r"
interact
[root@localhost sbin]# chmod +x useradd.expect #赋予执行权限
•建立useradd.sh脚本调用useradd.expectlinux
[root@localhost sbin]# vim ip.txt #增长ip列表,内容以下 192.168.66.130 192.168.66.131 192.168.66.132 192.168.66.133 192.168.66.134 192.168.66.135 192.168.66.136 192.168.66.137 192.168.66.138 192.168.66.139 192.168.66.140 192.168.66.141 192.168.66.142 [root@localhost sbin]# vim useradd.sh #建立用户,密码并授予sudo权限,并建立.ssh目录为密钥准备 #!/bin/bash for i in `cat ip.txt` do ./useradd.expect "root" "$i" " useradd linux && echo "linux123"|passwd --stdin linux && echo 'linux ALL=(ALL) NOPASSWD:ALL' >>/etc/sudoers &&mkdir /home/linux/.ssh&&chmod 700 /home/linux/.ssh" done [root@localhost sbin]# sh useradd.sh
注意:第4步,请放到全部服务都搭建完成后再执行,由于搭建web服务器和mysql等启动服务须要用到root用户nginx
四、全部服务器要求只能普通用户登陆,并且只能密钥登陆
首先生成密钥对,这里xshell生成
工具-新建用户密钥生成向导-设置密钥长度-生成密钥对-生成公钥-设置私钥-复制公钥内容
在Linux上配置公钥,先用linux用户登录130机器,以前建立用户的时候已经建立.ssh目录和设定了权限
①建立公钥文件
vim /home/linux/.ssh/authorized_keys #粘贴刚才复制的公钥内容,保存退出 chmod 644 /home/linux/.ssh/authorized_keys
②同步authorized_keys到全部机器,用expect脚本实现
cd /usr/local/sbin
sudo vim rsync-pub.expect
#!/usr/bin/expect
#同步公钥文件到其余服务器,配合rsync-pub.sh使用
set user "linux"
set passwd "linux123"
set host [ lindex $argv 0 ]
spawn rsync -av /home/linux/.ssh/authorized_keys $user@$host:/home/linux/.ssh/
expect {
"yes/no" { send "yes\r";exp_continue }
"password:" { send "$passwd\r" }
}
expect eof
•保存后记得赋予执行权限
rsync-pub.sh
sudo vim rsync-pub.sh
#!/bin/bash
#同步公钥文件到其余机器,配合rsync-pub.expect
for ip in `cat ip.txt`
do
if [ $ip == "192.168.66.130" ]
then
continue
else
./rsync-pub.expect "$ip"
fi
done
执行rsync-pub.sh便可把文件同步到全部机器
④使root没法远程登陆的方法,用户只能使用密钥登陆
修改/etc/ssh/sshd_config的内容,将"#PermitRootLogin yes"修改成"PermitRootLogin no" 将"#PasswordAuthentication yes"修改成"PasswordAuthentication no" 将"#PubkeyAuthentication yes"修改成"PubkeyAuthentication yes" 重启sshd服务
⑥批量修改全部机器
cd /usr/local/sbin
vim nologin.expect
#!/usr/bin/expect
set user "linux"
set passwd "linux123"
set host [ lindex $argv 0 ]
spawn ssh $user@$host
expect {
"yes/no" { send "yes\r";exp_continue }
"password" { send "$passwd\r" }
}
expect "]*"
send "sudo sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config \r"
expect "]*"
send "sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config \r"
expect "]*"
send "sudo sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config \r"
expect "]*"
send "sudo systemctl restart sshd \r"
expect "]*"
send "exit \r"
•保存后须要赋予执行权限
⑦建立nologin.sh
vim nologin.sh
#!/bin/bash
for ip in `cat ip.txt`
do
./nologin.expect $ip &>>nologin.log
if [ $? -eq "0" ]
then
echo $ip.....[ ok ]
else
echo $ip.....[ faild ]
fi
done
执行nologin.sh便可实现root用户不能远程登录,普通用户只能密钥登录,至此,第一部分需求完成
2、搭建mysql,由于搭建web服务器须要用到数据库mysql,因此先搭建第三部分
192.168.66.138 mysql读写分离调度器(mycat)+备份服务器 192.168.66.139 mysql主服务器 192.168.66.140 mysql从服务器 192.168.66.141 mysql从服务器
用root用户登录,写一个通用的能够批量远程执行命令的expect脚本
[root@localhost ~]# vim cmd.expect
#!/usr/bin/expect
set user [lindex $argv 0] # 系统用户
set host [lindex $argv 1] # 服务器地址
set passwd [lindex $argv 2] # 密码
set cm [lindex $argv 3] # 须要执行的命令
spawn ssh $user@$host
set timeout -1
expect {
"yes/no" { send "yes\r"}
"password:" { send "$passwd\r" }
}
expect "]#"
send "$cm\r"
expect "]#"
send "exit\r"
interact
[root@localhost ~]# chmod a+x cmd.expect
[root@localhost ~]# vim cmd.sh # 调用脚本
#!/bin/bash
user=$2
password=$3
cm=$4
for ip in `cat $1`
do
./cmd.expect "$user" "$ip" "$password" "$cm"
done
## 参数1是存储ip列表的文件路径
## 参数2是用户名
## 参数3是密码
## 参数4须要执行的命令
# 使用这个脚本批量安装一些基础通用的工具
[root@localhost ~]# sh ./cmd.sh "/root/ip.txt" "root" "123456" "yum -y install expect vim-enhanced epel-release libmcrypt-devel libmcrypt"
ip.txt内容为
192.168.66.130 192.168.66.131 192.168.66.132 192.168.66.133 192.168.66.134 192.168.66.135 192.168.66.136 192.168.66.137 192.168.66.138 192.168.66.139 192.168.66.140 192.168.66.141 192.168.66.142
经过以前写的批量执行命令脚本安装mysql:
[root@localhost ~]# sh ./cmd.sh "/root/dbip.txt" "root" "123456" "cd /usr/local/src/; yum install -y epel-release wget perl-Module-Install.noarch libaio*; wget http://mirrors.163.com/mysql/Downloads/MySQL-5.6/mysql-5.6.39-linux-glibc2.12-x86_64.tar.gz; tar -zxvf mysql-5.6.39-linux-glibc2.12-x86_64.tar.gz; mv mysql-5.6.39-linux-glibc2.12-x86_64 ../mysql; cd /usr/local/mysql; mkdir /data/; useradd mysql; ./scripts/mysql_install_db --user=mysql --datadir=/data/mysql; echo $? > /root/downloadMySQL.log"
dbip.txt内容为
192.168.66.139 192.168.66.140 192.168.66.141
先配置主139的配置文件,而后使用rsync同步到从上:
# 拷贝配置文件 [root@localhost ~]# cp /usr/local/mysql/support-files/my-default.cnf /etc/my.cnf [root@localhost ~]# vim /etc/my.cnf [mysqld] datadir=/data/mysql socket=/tmp/mysql.sock # 拷贝启动脚本 [root@localhost ~]# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld # 而后定义basedir和datadir的路径 [root@localhost ~]# vim /etc/init.d/mysqld basedir=/usr/local/mysql datadir=/data/mysql # 将mysql加入服务列表里面去,并设置为开机启动: [root@localhost ~]# chkconfig --add mysqld [root@localhost ~]# chkconfig mysqld on
编写同步文件的expect脚本:sync.expect
[root@localhost ~]# vim sync.expect #写入以下内容
#!/usr/bin/expect
set host [lindex $argv 0]
set passwd [lindex $argv 1]
set file [lindex $argv 2]
spawn rsync -avR --files-from=$file / root@$host:/
expect {
"yes/no" { send "yes\r"}
"password:" { send "$passwd\r" }
}
expect eof
调用脚本:sync.sh
[root@localhost ~]# vim sync.sh #写入以下内容
#!/bin/bash
passwd=$2
file=$3
for ip in `cat $1`
do
./sync.expect $ip $passwd $file
done
## 使用方式:##
## sh sync.sh "ip列表文件" "密码" "文件列表路径" ##
[root@localhost ~]$ sh ./sync.sh "/root/slaveIP.txt" "123456" "/tmp/DBfile.txt" # 同步配置文件
[root@localhost ~]$ sh ./cmd.sh "/root/slaveIP.txt" "root" "123456" "/etc/init.d/mysqld start; chkconfig --add mysqld; chkconfig mysqld on" # 启动服务而且将服务添加到服务列表里
[root@localhost ~]$ sh ./cmd.sh "/root/slaveIP.txt" "root" "123456" "ln -s /usr/local/mysql/bin/mysql /usr/bin/mysql" # 制做软连接到/usr/bin/目录下
启动主从mysql服务,登录mysql,设置密码
[root@localhost ~]$ mysql -uroot
mysql> set password=password('123456');
完成密码的修改和重启mysql服务器后,先配置主机器:
1.修改my.cnf配置文件: [root@localhost ~]$ vim /etc/my.cnf [mysqld] #增长下面两行 server-id=139 #要和从上不一致 log_bin=master-bin #主上要打开binlog [root@localhost ~]$ service mysqld restart # 修改完配置文件后,重启mysqld服务 [root@localhost ~]$ ls /data/mysql # 看看是否多了如下两个文件 master-bin.000001 master-bin.index 2.登陆master上的mysql,为两台slave添加一个同步帐号: mysql> grant replication slave on *.* to 'repl'@'192.168.66.140' identified by '123456'; mysql> grant replication slave on *.* to 'repl'@'192.168.66.141' identified by '123456'; 3.master机器上进行锁表: mysql> flush tables with read lock; 4.看一下master的状态,并记录: mysql> show master status; +-------------------+----------+--------------+------------------+-------------------+ | File| Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set | +-------------------+----------+--------------+------------------+-------------------+ | master-bin.000001 | 166 | | | | +-------------------+----------+--------------+------------------+-------------------+ 1 row in set (0.00 sec)
完成以上master上的操做后,开始配置slave机器:
1.修改slave的/etc/my.cnf
# slave1
[root@localhost ~]$ vim /etc/my.cnf
[mysqld]
#增长下面一行,不用打开binlog
server-id=140
[root@localhost ~]$ service mysqld restart
# slave2
[root@localhost ~]$ vim /etc/my.cnf
[mysqld]
#增长下面一行,不用打开binlog
server-id=141
[root@localhost ~]$ service mysqld restart
2.登陆两台slave的mysql的root用户,分别执行如下命令:
# slave1
[root@localhost ~]$ mysql -uroot -p'123456'
mysql> stop slave;
mysql> change master to master_host='192.168.66.139', master_user='repl', master_password='123456', master_log_file='master-bin.000001', master_log_pos=166;
mysql> start slave;
# slave2
[root@localhost ~]$ mysql -uroot -p'123456'
mysql> stop slave;
mysql> change master to master_host='192.168.66.139', master_user='repl', master_password='123456', masterr_log_file='master-bin.000001', master_log_pos=120;
mysql> start slave;
3.查看两台slave的主从状态是否正常,Slave_IO_Running和 Slave_SQL_Running要为yes:
mysql> show slave status\G
#下面两行要为yes,说明主从同步成功
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
4.回到master139机器上解锁表,并建立库111,看能不能同步
# master
mysql> unlock tables;
mysql> create database 111;
5.到slave上看是否同步了建立:
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| 111 |
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.00 sec)
主从配置完成
在192.168.66.138上搭建Mycat服务器
主从搭建完成以后就能够搭建Mycat服务器实现读写分离了,由于Mycat是Java开发的,因此在安装Mycat以前得先安装好jdk环境。
1.下载并安装JDK:
jdk的下载地址要去官网获取,官网下载地址:http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
下载完以后用xshell自带的xftp上传到服务器/usr/local/src目录下,我这里已经下载好了
[root@localhost ~]# cd /usr/local/src/ [root@localhost src]# ls jdk-8u181-linux-x64.tar.gz [root@localhost src]# tar zxf jdk-8u181-linux-x64.tar.gz [root@localhost src]$ mv jdk1.8.0_181/ /usr/local/jdk1.8
编辑/etc/profile环境变量配置文件加入如下内容:
JAVA_HOME=/usr/local/jdk1.8/ JAVA_BIN=/usr/local/jdk1.8/bin JRE_HOME=/usr/local/jdk1.8/jre PATH=$PATH:/usr/local/jdk1.8/bin:/usr/local/jdk1.8/jre/bin CLASSPATH=/usr/local/jdk1.8/jre/lib:/usr/local/jdk1.8/lib:/usr/local/jdk1.8/jre/lib/charsets.jar [root@localhost ~]# source /etc/profile #加载配置
查看java环境是否搭建成功,出现以下信息说明成功
[root@localhost ~]# java -version java version "1.8.0_181" Java(TM) SE Runtime Environment (build 1.8.0_181-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)
2.下载安装Mycat:
下载地址:http://dl.mycat.io/1.6-RELEASE/
[root@localhost ~]$ cd /usr/local/src/ [root@localhost /usr/local/src]$ wget http://dl.mycat.io/1.6-RELEASE/Mycat-server-1.6-RELEASE-20161028204710-linux.tar.gz [root@localhost /usr/local/src]$ tar -zxvf Mycat-server-1.6-RELEASE-20161028204710-linux.tar.gz [root@localhost /usr/local/src]$ mv mycat/ /usr/local/ [root@localhost /usr/local/src]$ ls /usr/local/mycat/ bin catlet conf lib logs version.txt
3.修改Mycat服务器参数调整和用户受权的配置文件server.xml。主要修改配置段以下:
[root@localhost ~]$ vim /usr/local/mycat/conf/server.xml
# mycat用户对逻辑数据库ultrax,DedeCMS,zrlog具备增删改查的权限
<user name="mycat">
<property name="password">123456</property>
<property name="schemas">ultrax,DedeCMS,zrlog</property>
</user>
# discuz用户对逻辑数据库ultrax具备增删改查的权限
<user name="discuz">
<property name="password">123456</property>
<property name="schemas">ultrax</property>
</user>
# dedecms用户对逻辑数据库DedeCMS具备增删改查的权限
<user name="dedecms">
<property name="password">123456</property>
<property name="schemas">DedeCMS</property>
</user>
# zrlog用户对逻辑数据库zrlog具备增删改查的权限
<user name="zrlog">
<property name="password">123456</property>
<property name="schemas">zrlog</property>
</user>
# 该用户对逻辑数据库ultrax,DedeCMS,zrlog仅有只读的权限
<user name="user">
<property name="password">123456</property>
<property name="schemas">ultrax,DedeCMS,zrlog</property>
<property name="readOnly">true</property>
</user>
# 建立以上这些用户是用于链接mycat中间件。
4.修改mycat逻辑库定义和表及分片定义的配置文件schema.xml:
# 把自带的配置文件重命名,做为备份
[root@localhost ~]$ mv /usr/local/mycat/conf/schema.xml /usr/local/mycat/conf/schema.xml_bak
# 新建配置文件
[root@localhost ~]$ vim /usr/local/mycat/conf/schema.xml
# 配置内容以下:
<?xml version="1.0"?>
<!DOCTYPE mycat:schema SYSTEM "schema.dtd">
<mycat:schema xmlns:mycat="http://io.mycat/">
<schema name="ultrax" checkSQLschema="false" sqlMaxLimit="1000" dataNode="dn1" />
<schema name="DedeCMS" checkSQLschema="false" sqlMaxLimit="1000" dataNode="dn2" />
<schema name="zrlog" checkSQLschema="false" sqlMaxLimit="1000" dataNode="dn3" />
<dataNode name="dn1" dataHost="localhost1" database="ultrax" />
<dataNode name="dn2" dataHost="localhost1" database="DedeCMS" />
<dataNode name="dn3" dataHost="localhost1" database="zrlog" />
<dataHost name="localhost1" maxCon="2000" minCon="1" balance="3"
writeType="1" dbType="mysql" dbDriver="native" switchType="1" slaveThreshold="100">
<heartbeat>select user()</heartbeat>
<writeHost host="hostM1" url="192.168.66.139:3306" user="root" password="123456">
<!-- can have multi read hosts -->
<readHost host="hostS1" url="192.168.66.140:3306" user="root" password="123456" />
<readHost host="hostS2" url="192.168.66.141:3306" user="root" password="123456" />
</writeHost>
</dataHost>
</mycat:schema>
schema.xml配置文件详解:
<?xml version="1.0"?> xml文件格式;
<!DOCTYPE mycat:schema SYSTEM "schema.dtd"> 文件标签属性;
<mycat:schema xmlns:mycat="http://io.mycat/"> Mycat起始标签
配置逻辑库,与server.xml指定库名保持一致,绑定数据节点dn1;
<schema name="testdb" checkSQLschema="false" sqlMaxLimit="1000" dataNode="dn1"></schema>
添加数据节点dn1,设置数据节点host名称,同时设置数据节点真实database为discuz;
<dataNode name="dn1" dataHost="localhost1" database="discuz" />
数据节点主机,绑定数据节点,设置链接数及均衡方式、切换方法、驱动程序、链接方法;
<dataHost name="localhost1" maxCon="2000" minCon="1" balance="3" writeType="1" dbType="mysql" dbDriver="native" switchType="1" slaveThreshold="100">
Balance均衡策略设置:
1) balance=0 不开启读写分离机制,全部读操做都发送到当前可用writehost;
2) balance=1 所有的readHost与stand by writeHost参与select语句的负载均衡,简单的说,当双主双从模式(M1->S1,M2->S2,而且M1与 M2互为主备),正常状况下,M2,S1,S2都参与select语句的负载均衡
3) balance=2 全部读操做都随机的在readhost和writehost上分发;
4) balance=3 全部读请求随机的分发到wiriterHost对应的readhost执行,writerHost不负担读压力。
writeType 写入策略设置
1) writeType=0, 全部写操做发送到配置的第一个writeHost;
2) writeType=1,全部写操做都随机的发送到配置的writeHost;
3) writeType=2,不执行写操做。
switchType 策略设置
1) switchType=-1,表示不自动切换;
2) switchType=1,默认值,自动切换;
3) switchType=2,基于MySQL 主从同步的状态决定是否切换;
4) switchType=3,基于MySQL galary cluster的切换机制(适合集群)(1.4.1),心跳语句为 show status like 'wsrep%'。
检测后端MYSQL实例,SQL语句;
<heartbeat>select user()</heartbeat>
指定读写请求,同时转发至后端MYSQL真实服务器,配置链接后端MYSQL用户名和密码(该用户名和密码为MYSQL数据库用户名和密码);
<writeHost host="hostM1" url="192.168.66.139:3306" user="mycat" password="123456">
<readHost host="hostS1" url="192.168.66.140:3306" user="mycat" password="123456" />
<readHost host="hostS2" url="192.168.66.141:3306" user="mycat" password="123456" />
</writeHost>
</dataHost> 数据主机标签;
</mycat:schema> mycat结束标签;
•在主上受权mycat用户链接
mysql> grant all on *.* to 'mycat'@'192.168.66.138' identified by '123456'; mysql> grant all on ultrax.* to 'discuz'@'192.168.66.%' identified by '123456'; mysql> grant all on DedeCMS.* to 'dedecms'@'192.168.66.%' identified by '123456'; mysql> grant all on zrlog.* to 'zrlog'@'192.168.66.%' identified by '123456';
5.mycat配置完毕。启动mycat并查看端口8066和9066端口是否起来:
[root@localhost ~]$ /usr/local/mycat/bin/mycat start [root@localhost ~]$ netstat -lntp tcp6 0 0 :::9066 :::* LISTEN 1413/java tcp6 0 0 :::8066 :::* LISTEN 1413/java # 注意:若是没有这两个端口没有启动,查看java环境是否生效。 # 8066是用于web链接mycat. # 9066是用于SA|DBA管理端口.
回到master139上,经过mycat机器的IP和8066端口链接mysql:
[root@localhost ~]$ mysql -h'192.168.66.138' -udiscuz -p'123456' -P'8066' mysql> show databases; +----------+ | DATABASE | +----------+ | ultrax | +----------+ 1 row in set (0.01 sec)
使用root用户登陆看看是否能查看到全部的数据库:
[root@localhost ~]$ mysql -h'192.168.66.138' -uroot -p'123456' -P'8066' mysql> show databases; +----------+ | DATABASE | +----------+ | DedeCMS | | ultrax | | zrlog | +----------+ 3 rows in set (0.00 sec)
而后以9066端口登录查看数据源:
[root@localhost ~]$ mysql -h'192.168.66.138' -uroot -p'123456' -P'9066' mysql> show @@datasource; +----------+--------+-------+-----------------+------+------+--------+------+------+---------+-----------+------------+ | DATANODE | NAME | TYPE | HOST | PORT | W/R | ACTIVE | IDLE | SIZE | EXECUTE | READ_LOAD | WRITE_LOAD | +----------+--------+-------+-----------------+------+------+--------+------+------+---------+-----------+------------+ | dn1 | hostM1 | mysql | 192.168.66.139 | 3306 | W | 0 | 0 | 2000 | 0 | 0 | 0 | | dn1 | hostS1 | mysql | 192.168.66.140 | 3306 | R | 0 | 0 | 2000 | 0 | 0 | 0 | | dn1 | hostS2 | mysql | 192.168.66.141 | 3306 | R | 0 | 0 | 2000 | 0 | 0 | 0 | | dn3 | hostM1 | mysql | 192.168.66.139 | 3306 | W | 0 | 0 | 2000 | 0 | 0 | 0 | | dn3 | hostS1 | mysql | 192.168.66.140 | 3306 | R | 0 | 0 | 2000 | 0 | 0 | 0 | | dn3 | hostS2 | mysql | 192.168.66.141 | 3306 | R | 0 | 0 | 2000 | 0 | 0 | 0 | | dn2 | hostM1 | mysql | 192.168.66.139 | 3306 | W | 0 | 0 | 2000 | 0 | 0 | 0 | | dn2 | hostS1 | mysql | 192.168.66.140 | 3306 | R | 0 | 0 | 2000 | 0 | 0 | 0 | | dn2 | hostS2 | mysql | 192.168.66.141 | 3306 | R | 0 | 0 | 2000 | 0 | 0 | 0 | +----------+--------+-------+-----------------+------+------+--------+------+------+---------+-----------+------------+ 9 rows in set (0.00 sec)
6.在master139上登陆mysql,建立这三个数据库:
[root@localhost ~]$ mysql -uroot -p'123456' mysql> create database ultrax default character set utf8; mysql> create database DedeCMS default character set utf8; mysql> create database zrlog default character set utf8; mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | DedeCMS | | mysql | | performance_schema | | test | | ultrax | | zrlog | +--------------------+ 7 rows in set (0.00 sec)
至此主从复制和读写分离就弄好了,接下来就是搭建web服务器
先搭建LNMP环境,和Tomcat+Java环境,默认80端口给Nginx,Tomcat使用8080端口。
1.先在一台机器上部署好所有环境,而后经过rsync同步整个环境:
①下载并安装Nginx:
[root@localhost ~]$ yum -y install epel-release wget gcc gcc-c++ libmcrypt-devel libmcrypt libcurl-devel libxml2-devel openssl-devel bzip2-devel libjpeg-devel libpng-devel freetype-devel libmcrypt-devel; cd /usr/local/src/; wget http://nginx.org/download/nginx-1.12.1.tar.gz; tar -zxvf nginx-1.12.1.tar.gz; cd nginx-1.12.1; ./configure --prefix=/usr/local/nginx --with-http_ssl_module; echo $? > /root/downloadNginx.log; make && make install; echo $? >> /root/downloadNginx.log
先配置其中一台机器的配置文件:
编辑启动脚本:/etc/init.d/nginx
vim /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
编辑完成后,给这个启动脚本文件设置755权限:
chmod 755 /etc/init.d/nginx
把nginx服务添加到服务列表,并设置开机启动:
chkconfig --add nginx chkconfig nginx on
进入nginx的conf目录:
cd /usr/local/nginx/conf
而后重命名一下配置文件:
mv nginx.conf nginx.conf.bak
由于不使用nginx自带的配置文件,因此须要编辑一个配置文件:
vim /etc/init.d/nginx
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
检查配置文件有没有错误:
/usr/local/nginx/sbin/nginx -t
没有问题就能够启动nginx 了:
service nginx start
②安装mysql,这是由于php须要用到mysql的驱动库,因此只须要安装便可,不须要进行配置:
[root@localhost ~]$ cd /usr/local/src/; yum install -y epel-release wget perl-Module-Install.noarch libaio*;wget http://mirrors.163.com/mysql/Downloads/MySQL-5.6/mysql-5.6.39-linux-glibc2.12-x86_64.tar.gz; tar -zxvf mysql-5.6.39-linux-glibc2.12-x86_64.tar.gz; mv mysql-5.6.39-linux-glibc2.12-x86_64 ../mysql; cd /usr/local/mysql; mkdir /data/; useradd mysql; ./scripts/mysql_install_db --user=mysql --datadir=/data/mysql; echo $? > /root/downloadMySQL.log"
③安装PHP:
批量执行命令:
[root@localhost ~]$ cd /usr/local/src/; yum -y install epel-release wget gcc gcc-c++ libmcrypt-devel libmcrypt libcurl-devel libxml2-devel openssl-devel bzip2-devel libjpeg-devel libpng-devel freetype-devel libmcrypt-devel; wget http://cn2.php.net/distributions/php-5.6.30.tar.gz; tar -zxvf php-5.6.30.tar.gz; cd php-5.6.30/; ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-pdo-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --with-pear --with-curl --with-openssl; echo $? > /root/downloadPHP.log; make && make install; echo $? >> /root/downloadPHP.log
安装完以后拷贝php的配置文件:
[root@localhost php-5.6.30]$ cp php.ini-production /usr/local/php-fpm/etc/php.ini
建立一个php-fpm.conf文件:
[root@localhost ~]$ vim /usr/local/php-fpm/etc/php-fpm.conf # 内容以下: [global] pid = /usr/local/php-fpm/var/run/php-fpm.pid error_log = /usr/local/php-fpm/var/log/php-fpm.log [www] listen = /tmp/php-fcgi.sock listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024
拷贝启动脚本、更改文件权限、添加到服务列表里,并设置开机启动:
[root@localhost php-5.6.30]# cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm [root@localhost php-5.6.30]#chmod 755 /etc/init.d/php-fpm [root@localhost php-5.6.30]#chkconfig --add php-fpm [root@localhost php-5.6.30]#chkconfig php-fpm on
添加php-fpm服务用户:
useradd -s /sbin/nologin php-fpm
使用php-fpm -t检测一下配置文件有没有问题:
[root@localhost ~]$ /usr/local/php-fpm/sbin/php-fpm -t
没有问题后就启动服务,并检查进程:
[root@localhost ~]$ service php-fpm start Starting php-fpm done [root@localhost ~]$ ps aux |grep php-fpm
④安装tomcat
安装tomcat以前要先安装jdk,jdk安装请参考上面安装mycat的过程
这里直接安装tomcat
[root@localhost src]$ wget http://mirrors.shuosc.org/apache/tomcat/tomcat-8/v8.5.24/bin/apache-tomcat-8.5.24.tar.gz [root@localhost src]$ tar -zxvf apache-tomcat-8.5.24.tar.gz [root@localhost src]$ mv apache-tomcat-8.5.24 /usr/local/tomcat
启动与关闭服务的命令:
/usr/local/tomcat/bin/startup.sh # 启动服务 /usr/local/tomcat/bin/shutdown.sh # 关闭服务
查看进程与端口:
netstat -lntp #三个端口8080 8009 8005 ps aux |grep java
⑤搭建discuz论坛、dedecms企业网站以及zrlog博客
1.搭建discuz论坛,先给discuz配置一个虚拟主机站点,先把nginx主配置文件nginx.conf中的server段删除
vim /usr/local/nginx/conf/nginx.conf
#删除server那段
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
删除后加上这一行,这是用来引用虚拟主机配置文件的:
include vhost/*.conf;
建立vhost目录:
mkdir /usr/local/nginx/conf/vhost
进入到vhost目录下,建立一个discuz.com.conf文件:
cd /usr/local/nginx/conf/vhost
vim discuz.com.conf #添加下面的内容
server
{
listen 80;
server_name www.discuz.com;
index index.html index.htm index.php;
root /data/wwwroot/discuz.com;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/discuz.com$fastcgi_script_name;
}
}
建立站点目录:
mkdir -p /data/wwwroot/discuz.com/
二、开始安装Discuz
下载Discuz的压缩包:
Discuz的压缩包能够在官网下载本身须要的版本:http://www.discuz.net/forum.php
[root@localhost ~]# cd /usr/local/src/ [root@localhost src]# wget http://download.comsenz.com/DiscuzX/3.3/Discuz_X3.3_SC_UTF8.zip
解压:
[root@localhost src]# unzip Discuz_X3.3_SC_UTF8.zip
解压后会有如下几个目录:
[root@localhost src]# ls Discuz_X3.3_SC_UTF8.zip readme upload utility
把upload目录下全部的文件拷贝到discuz.com站点目录下:
[root@localhost src]# cp -r upload/* /data/wwwroot/discuz.com/
到windows上配置hosts文件,windows的hosts文件默认在这个目录下:
C:\Windows\System32\drivers\etc
在hosts文件中加上这一句:
192.168.66.132 www.discuz.com
保存以后就能够在浏览器访问 www.discuz.com 进入discuz的安装界面
而后就会进入目录、文件的权限检查界面,可是会发现这些目录或文件权限不足,因此都是不可写的状态:
用脚本把提示对应目录权限改为777,
[root@localhost ~]# cd /data/wwwroot/discuz.com/ [root@localhost discuz.com]# vim fileList.txt # 先把路径都放在一个文本文件中 ./config ./data ./data/cache ./data/avatar ./data/plugindata ./data/download ./data/addonmd5 ./data/template ./data/threadcache ./data/attachment ./data/attachment/album ./data/attachment/forum ./data/attachment/group ./data/log ./uc_client/data/cache ./uc_server/data/ ./uc_server/data/cache ./uc_server/data/avatar ./uc_server/data/backup ./uc_server/data/logs ./uc_server/data/tmp uc_server/data/view [root@localhost discuz.com]# vim filePermission.sh #!bin/bash for file in `cat ./fileList.txt` do chmod 777 $file done [root@localhost discuz.com]# sh ./filePermission.sh
刷新后
点击下一步:
选择“全新安装 Discuz! X,点击“下一步”,进入安装数据库的界面,以下图所示,须要注意的是数据库填的是主的IP,一会再去配置中改为mycat的地址
这里只须要输入你数据库root用户的密码,而后再设置一个admin密码就能够了,发送告警邮件的邮箱写不写均可以,剩下的会自动进行安装:
安装完成后点击访问便可
访问:
而后回到web服务器上修改discuz的配置文件。将dbhost,dbuser,dbpw,dbname中的参数改成和mycat一一对应。实现读写分离:
[root@localhost discuz.com]$ vim /data/wwwroot/discuz.com/config/config_global.php // ---------------------------- CONFIG DB ----------------------------- // $_config['db']['1']['dbhost'] = '192.168.66.138:8066'; $_config['db']['1']['dbuser'] = 'discuz'; $_config['db']['1']['dbpw'] = '123456'; $_config['db']['1']['dbcharset'] = 'utf8'; $_config['db']['1']['pconnect'] = '0'; $_config['db']['1']['dbname'] = 'ultrax'; $_config['db']['1']['tablepre'] = 'pre_'; $_config['db']['slave'] = ''; $_config['db']['common']['slave_except_table'] = ''; ## 修改完成后重启nginx [root@localhost discuz.com]$ service nginx restart Restarting nginx (via systemctl): [ 肯定 ]
而后登陆discuz论坛的admin用户,可以成功登陆表明没问题:
⑥搭建dedecms企业网站,一样的也须要先配置一个虚拟主机站点:
进入到vhost目录下,建立一个dedecms.com.conf文件:
cd /usr/local/nginx/conf/vhost vim dedecms.com.conf
添加如下内容:
server
{
listen 80;
server_name www.dedecms.com;
index index.html index.htm index.php;
root /data/wwwroot/dedecms.com;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/dedecms.com$fastcgi_script_name;
}
}
建立站点目录:
mkdir -p /data/wwwroot/dedecms.com/
官网上下载Dedecms的压缩包,官网下载地址以下:
http://www.dedecms.com/products/dedecms/downloads/
这里下载的是5.7的UTF8版本的:
[root@localhost ~]# cd /usr/local/src/ [root@localhost src]# wget http://updatenew.dedecms.com/base-v57/package/DedeCMS-V5.7-UTF8-SP2.tar.gz
下载以后解压到对应的目录
[root@localhost src]# tar -zxvf DedeCMS-V5.7-UTF8-SP2.tar.gz [root@localhost src]# ls DedeCMS-V5.7-UTF8-SP2 [root@localhost src]# cd DedeCMS-V5.7-UTF8-SP2 [root@localhos DedeCMS-V5.7-UTF8-SP2]# ls docs uploads [root@localhost DedeCMS-V5.7-UTF8-SP2]#cp -r ./uploads/* /data/wwwroot/dedecms.com/
完成以上操做后,一样的配置一下windows上的hosts文件,而后使用浏览器访问
由于权限不足出现如下界面的状况:
把对应目录权限设置下:
[root@localhost dedecms.com]$ chmod 777 ./plus [root@localhost dedecms.com]$ chmod 777 ./dede [root@localhost dedecms.com]$ chmod 777 ./data [root@localhost dedecms.com]$ chmod 777 ./a [root@localhost dedecms.com]$ chmod 777 ./install [root@localhost dedecms.com]$ chmod 777 ./special [root@localhost dedecms.com]$ chmod 777 ./uploads/
赋予权限后刷新页面就行了:
设置数据库信息和管理员密码:
安装完成:
访问http://www.dedecms.com/dede/ 输入管理的用户密码后能够登陆网站后台:
登录成功
⑦搭建zrlog博客系统:
1.配置tomcat的虚拟主机,Tomcat在server.xml文件中配置虚拟主机:
[root@localhost ~]$ vim /usr/local/tomcat/conf/server.xml
# 在文件中增长如下内容:
<Host name="www.zrlog.com" appBase=""
unpackWARs= "true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Context path="" docBase="/data/wwwroot/zrlog.com/" debug="0" reloadable="true" crossContext="true"/>
2.建立相应的站点目录:
mkdir /data/wwwroot/zrlog.com
3.下载zrlog,并解压到站点目录下:
[root@localhost ~]$ cd /usr/local/src/ [root@localhost src]$ wget http://dl.zrlog.com/release/zrlog-1.7.1-baaecb9-release.war [root@localhost src]$ unzip zrlog-1.7.1-baaecb9-release.war -d /data/wwwroot/zrlog.com
4.为了共享80端口还须要配置nginx反向代理tomcat,编辑主机配置文件:
[root@localhost ~]$ vim /usr/local/nginx/conf/vhost/zrlog.com.conf
## 文件内容以下
upstream zrlog_com
{
ip_hash;
server localhost:8080;
}
server
{
listen 80;
server_name www.zrlog.com;
location /
{
proxy_pass http://zrlog_com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
[root@localhost ~]$ service nginx restart # 重启nginx
5.重启tomcat服务:
/usr/local/tomcat/bin/shutdown.sh /usr/local/tomcat/bin/startup.sh
6.配置好Windows上的hosts文件,而后使用浏览器访问 http://www.zrlog.com:
下一步后填写后台管理的账号,安装成功
⑧给站点的后台访问作二次认证
首先安装httpd-tools:
yum install -y httpd-tools
而后使用httpd-tools里的htpasswd 命令去生成一个用户密码文件:
[root@localhost ~]$ htpasswd -c /usr/local/nginx/conf/htpasswd admin New password: Re-type new password: Adding password for user admin
生成完成后cat一下htpasswd 文件能够看到以下内容:
[root@localhost ~]$ cat /usr/local/nginx/conf/htpasswd admin:$apr1$73nmrAKd$7eSGO2h58BrAnUMekFt7P0
若是还须要再次添加用户的话就不须要加上-c选项了,加上-c选项会覆盖原来的htpasswd 文件。
编辑discuz的主机配置文件:
[root@localhost ~]$ vim /usr/local/nginx/conf/vhost/discuz.com.conf
## 添加如下内容,要记得添加在 location ~ \.php$ 上面
location ~ admin.php
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
从新加载nginx的配置文件:
/usr/local/nginx/sbin/nginx -t /usr/local/nginx/sbin/nginx -s reload
而后使用curl访问看看是否须要认证,结果以下则没问题:
[root@localhost ~]$ curl -x127.0.0.1:80 http://www.discuz.com/admin.php -I HTTP/1.1 401 Unauthorized Server: nginx/1.12.1 Date: Wed, 8 Aug 2018 11:01:40 GMT Content-Type: text/html Content-Length: 195 Connection: keep-alive WWW-Authenticate: Basic realm="Auth"
最后指定用户名和密码访问看看是否成功,结果以下则没问题:
[root@localhost ~]$ curl -x127.0.0.1:80 -u admin:"123456" http://www.discuz.com/admin.php -I HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Wed, 8 Aug 2018 11:02:30 GMT Content-Type: application/octet-stream Content-Length: 2739 Last-Modified: Wed, 8 Aug 2018 11:02:40 GMT Connection: keep-alive ETag: "5a334add-ab3" Accept-Ranges: bytes
配置dedecms,一样的也是须要编辑主机配置文件:
[root@localhost ~]$ vim /usr/local/nginx/conf/vhost/dedecms.com.conf
## 配置内容以下:
location /dede/
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd; # 密码文件路径
}
而后从新加载nginx,一样的使用curl访问看看是否须要认证:
[root@localhost ~]$ curl -x127.0.0.1:80 http://www.dedecms.com/dede/ -I HTTP/1.1 401 Unauthorized Server: nginx/1.12.1 Date:Wed, 8 Aug 2018 11:05:35 GMT Content-Type: text/html Content-Length: 195 Connection: keep-alive WWW-Authenticate: Basic realm="Auth"
最后是zrlog,编辑nginx的反向代理配置文件:
[root@localhost ~]$ vim /usr/local/nginx/conf/vhost/zrlog.com.conf
## 在location / 的上面添加如下这段内容:
location /admin/
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
proxy_pass http://zrlog_com/admin/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
重启nginx
[root@localhost ~]$ service nginx restart
测试是否须要验证
[root@localhost ~]$ curl -x127.0.0.1:80 http://www.zrlog.com/admin/ -I HTTP/1.1 401 Unauthorized Server: nginx/1.12.1 Date: Wed, 8 Aug 2018 11:10:25 GMT Content-Type: text/html Content-Length: 195 Connection: keep-alive WWW-Authenticate: Basic realm="Auth"
若是出现访问首页正常可是访问管理页面nginx却报404错误的状况,首先确认好配置文件是正确,重启nginx依旧不正常的话,就试一下使用killall命令杀掉nginx进程,能让进程将内存数据都写入到磁盘中,而后再启动nginx
⑨.分配目录文件权限
discuz的目录、文件权限以前在安装的时候分配好了,如今把install目录给删除便可:
[root@localhost ~]$ cd /data/wwwroot/discuz.com [root@localhost /data/wwwroot/discuz.com]$ rm -rf install/
而后设置dedecms的目录、文件权限,下面是dedecms官网的目录安全配置说明:
一、目录权限 咱们不建议用户把栏目目录设置在根目录, 缘由是这样进行安全设置会十分的麻烦, 在默认的状况下,安装完成后,目录设置以下: (1) data、templets、uploads、a或5.3的html目录, 设置可读写,不可执行的权限; (2) 不须要专题的,建议删除 special 目录, 须要能够在生成HTML后,删除 special/index.php 而后把这目录设置为可读写,不可执行的权限; (3) include、member、plus、后台管理目录 设置为可执行脚本,可读,但不可写入(安装了附加模块的,book、ask、company、group 目录一样如此设置)。 二、其它需注意问题 (1) 虽然对 install 目录已经进行了严格处理, 但为了安全起见,咱们依然建议把它删除; (2) 不要对网站直接使用MySQL root用户的权限,给每一个网站设置独立的MySQL用户账号,许可权限为: 代码以下 复制代码 SELECT, INSERT , UPDATE , DELETE CREATE , DROP , INDEX , ALTER , CREATE TEMPORARY TABLES
我尝试按照说明去修改权限结果出现网站没法访问的问题,因而实践事后发现只须要更改如下几个目录的权限便可:
[root@localhost /data/wwwroot]$ cd dedecms.com/ [root@localhost /data/wwwroot/dedecms.com]$ chmod 766 ./uploads [root@localhost /data/wwwroot/dedecms.com]$ chmod 766 ./a [root@localhost /data/wwwroot/dedecms.com]$ chmod 755 ./plus [root@localhost /data/wwwroot/dedecms.com]$ chmod 644 data/common.inc.php [root@localhost /data/wwwroot/dedecms.com]$ rm -rf install/ [root@localhost /data/wwwroot/dedecms.com]$ mv ./special/ /tmp/
zrlog的就默认便可,由于默认都是75五、644的权限。
最后将配置文件和站点目录使用以前的脚本都同步到其余web服务器上,同步/data/目录和/usr/local/目录便可。
⑩.配置机器中web服务器的静态文件共享,这一步咱们使用NFS完成
1.服务端须要安装nfs-utils和rpcbind包,安装命令:
yum install -y nfs-utils rpcbind
2.客户端须要安装nfs-utils包,安装命令,使用脚本批量安装:
yum install -y nfs-utils
3.肯定须要共享的目录:
discuz须要共享的目录是:/data/wwwroot/discuz.com/data/attachment/ dedecms须要共享的目录是:/data/wwwroot/dedecms.com/uploads/ zrlog须要共享的目录是:/data/wwwroot/zrlog.com/attached/ 而后给这些目录777的权限
4.为了安全性须要限定共享的ip,因此须要编写一个简单的循环脚本,批量在服务端的/etc/exports文件中写入配置,脚本内容以下:
file=$1 for i in `seq 3 7` do echo "$file 192.168.66.13$i/24(rw,sync,no_root_squash)" >> /etc/exports done # 执行脚本,参数是须要共享的目录路径 [root@localhost ~]$ sh forIP.sh "/data/wwwroot/discuz.com/data/attachment/" [root@localhost ~]$ sh forIP.sh "/data/wwwroot/dedecms.com/uploads/" [root@localhost ~]$ sh forIP.sh "/data/wwwroot/zrlog.com/attached/"
执行完脚本以后,/etc/exports文件内容以下:
/data/wwwroot/discuz.com/data/attachment/ 192.168.66.133/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/discuz.com/data/attachment/ 192.168.66.134/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/discuz.com/data/attachment/ 192.168.66.135/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/discuz.com/data/attachment/ 192.168.66.136/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/discuz.com/data/attachment/ 192.168.66.137/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/dedecms.com/uploads/ 192.168.66.133/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/dedecms.com/uploads/ 192.168.66.134/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/dedecms.com/uploads/ 192.168.66.135/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/dedecms.com/uploads/ 192.168.66.136/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/dedecms.com/uploads/ 192.168.66.137/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/zrlog.com/attached/ 192.168.66.133/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/zrlog.com/attached/ 192.168.66.134/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/zrlog.com/attached/ 192.168.66.135/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/zrlog.com/attached/ 192.168.66.136/24(rw,sync,anonuid=1000,anongid=1000) /data/wwwroot/zrlog.com/attached/ 192.168.66.137/24(rw,sync,anonuid=1000,anongid=1000)
5.使用以前的批量命令脚本查看机器有没有监听111端口,通常来说安装完nfs以后就会自动启动服务并监听端口的,若是没有启动的话,就手动启动一下,命令以下:
systemctl start rpcbind systemctl start nfs
6.置rpcbind和nfs服务开机启动:
systemctl enable rpcbind systemctl enable nfs
7.把共享的目录分别挂载到各个客户端上
使用Keepalived结合nginx负载均衡
192.168.66.100 VIP 192.168.66.130 前端nginx负载主机+keepalived 192.168.66.131 前端nginx负载备机+keepalived
分别在130和131的机器安装keepalived+nginx
yum install -y keepalived
nginx源码安装参考上面的过程(两台都要配置)
安装好以后新增一个nginx虚拟主机配置文件
vi /usr/local/nginx/conf/vhost/lb.conf
upstream lb
{
ip_hash;
server 192.168.66.132:80;
server 192.168.66.133:80;
server 192.168.66.134:80;
server 192.168.66.135:80;
server 192.168.66.136:80;
server 192.168.66.137:80;
}
server
{
listen 80;
server_name ww.discuz.com www.dedecms.com www.zrlog.com;
location /
{
proxy_pass http://lb;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
更改130的keepalived配置文件
默认的配置文件路径在/etc/keepalived/keepalived.conf
清空文件内容
> /etc/keepalived/keepalived.conf
编辑配置文件
vim /etc/keepalived/keepalived.conf
添加加如下内容:
global_defs {
notification_email {
aming@aminglinux.com
}
notification_email_from root@aminglinux.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh"
interval 3
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux>com
}
virtual_ipaddress {
192.168.66.100
}
track_script {
chk_nginx
}
}
这里须要注意的是:"virtual_ipaddress"也就是所谓的vip咱们设置为192.168.66.100
2.定义监控脚本
脚本路径在keepalived配置文件中有定义,路径为/usr/local/sbin/check_ng.sh
编辑配置文件:
vim /usr/local/sbin/check_ng.sh
增长如下内容:
#!/bin/bash
#时间变量,用于记录日志
d=`date --date today +%Y%m%d_%H:%M:%S`
#计算nginx进程数量
n=`ps -C nginx --no-heading|wc -l`
#若是进程为0,则启动nginx,而且再次检测nginx进程数量,
#若是还为0,说明nginx没法启动,此时须要关闭keepalived
if [ $n -eq "0" ]; then
/etc/init.d/nginx start
n2=`ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0" ]; then
echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
systemctl stop keepalived
fi
fi
3.脚本建立完以后,还须要改变脚本的权限
chmod 755 /usr/local/sbin/check_ng.sh
4.启动keepalived服务,由于,上面定义了检测nginx服务,全部会自动把nginx带起来
systemctl start keepalived
5.查看是否加载了vip
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:a4:dd:e8 brd ff:ff:ff:ff:ff:ff
inet 192.168.66.130/24 brd 192.168.66.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.66.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::3116:74ed:1d0a:3851/64 scope link noprefixroute
valid_lft forever preferred_lft forever
131机器的keepalived配置
vim /etc/keepalived/keepalived.conf
添加加如下内容:
global_defs {
notification_email {
aming@aminglinux.com
}
notification_email_from root@aminglinux.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh"
interval 3
}
vrrp_instance VI_1 {
state BACKUP //这里 和master不同的名字
interface eno33 //网卡和当前机器一致,不然没法启动keepalived服务
virtual_router_id 51 //和主机器 保持一致
priority 90 //权重,要比主机器小的数值
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux>com
}
virtual_ipaddress {
192.168.66.100 VIP和主上一致
}
track_script {
chk_nginx
}
}
nginx配置和脚本和130机器同样最后测试访问VIP三个站点正常便可
相关文章
- 1. 20180807 入驻博客园
- 2. 做业——12 hadoop大做业
- 3. Python大做业
- 4. 大做业
- 5. MySQL大做业
- 6. android大做业
- 7. java大做业
- 8. 01.AirSim环境搭建-Windows-20180807
- 9. DS博客做业04--树大做业
- 10. 大一期末大做业
- 更多相关文章...
- • Docker 命令大全 - Docker教程
- • PHP PDO 大对象 (LOBs) - PHP参考手册
- • JDK13 GA发布:5大特性解读
- • TiDB 在摩拜单车在线数据业务的应用和实践
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
欢迎关注本站公众号,获取更多信息
相关文章
- 1. 20180807 入驻博客园
- 2. 做业——12 hadoop大做业
- 3. Python大做业
- 4. 大做业
- 5. MySQL大做业
- 6. android大做业
- 7. java大做业
- 8. 01.AirSim环境搭建-Windows-20180807
- 9. DS博客做业04--树大做业
- 10. 大一期末大做业