```* 基于LNMP+HAproxy+Keepalived搭建高可用小型站点
前端服务器
192.168.55.7VIP 192.168.55.100 haproxy keepalived
192.168.55.10VIP 192.168.55.100 haproxy keepalived
后端服务器
192.168.55.5 php-7.1.30.tar.gznginx-1.14.2.tar.gz
192.168.55.6 php-7.1.30.tar.gznginx-1.14.2.tar.gz
mysql
192.168.55.8 mysql nfs
前端服务器
192.168.55.7 和 192.168.55.10
1、yum 安装keepalived (可编译安装)
yum install keepalived -y
2、编辑配置文件
vim /etc/keepalived/keepalived.conf
--------------------------------------------------------------------------------
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from localhost.localdomain
smtp_server 172.22.0.1
smtp_connect_timeout 30
router_id localhost.localdomain1
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_haproxy {
script /etc/keepalived/chk_haproxy.sh
interval 2
weight -50
fall 3
rise 5
timeout 2
}
vrrp_instance VIP1 {
state BACKUP #从配置换成这个MASTER
interface ens37
virtual_router_id 36
priority 100
advert_int 2
nopreempt
unicast_src_ip 192.168.55.7
unicast_peer {
192.168.55.10
}
authentication {
auth_type PASS
auth_pass linux36
}
virtual_ipaddress {
172.20.200.200 dev ens37 label ens37:1
172.20.200.201 dev ens37 label ens37:2
}
notify_master "/etc/keepalived/ping.sh"
}
--------------------------------------------------------------------------------
配置中的脚本
cat /etc/keepalived/chk_haproxy.sh
#!/bin/bash
if ! killall -0 haproxy &>/dev/null;then
systemctl restart haproxy
sleep 1
if ! killall -0 haproxy &>/dev/null;then
systemctl stop keepalived
fi
fi
--------------------------------------------------------------------------------
cat /etc/keepalived/ping.sh
#!/bin/bash
ping -c 2 172.22.0.1 &> /dev/null
if [ $? -eq 0 ];then
exit 0
else
exit 2
fi
--------------------------------------------------------------------------------
注:这俩个脚本起检测作用
编译安装haproxy
yum install gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel net-tools vim iotop bc zip unzip zlib-devel lrzsz tree screen lsof tcpdump wget ntpdate -y
解压安装包
cd /usr/local/src/
tar xvf haproxy-1.8.20.tar.gz
编译安装
进入目录
cd haproxy-1.8.20
开始编译
make ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/usr/local/haproxy
生成目录
make install PREFIX=/usr/local/haproxy
查看版本
./haproxy -h
拷贝主文件
cp /usr/local/src/haproxy-1.8.20/haproxy /usr/sbin/
创建启动脚本:
--------------------------------------------------------------------------------
vim /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
--------------------------------------------------------------------------------
创建目录和用户:
mkdir /etc/haproxy
mkdir /var/lib/haproxy
useradd haproxy -s /sbin/nologin
chown haproxy.haproxy /var/lib/haproxy/ -R
--------------------------------------------------------------------------------
vim /etc/haproxy/haproxy.cfg
--------------------------------------------------------------------------------
global
maxconn 65536
chroot /usr/local/haproxy
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 1001
gid 1001
daemon
nbthread 2
nbproc 2
cpu-map 1 0
cpu-map 2 1
#cpu-map 3 2
#cpu-map 4 3
spread-checks 5
pidfile /run/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
option forwardfor
option redispatch
option abortonclose
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
bind :9999
stats enable
# stats hid-version
stats uri /haproxy-status
stats realm HAPorxy\ Stats\ Page
stats auth haadmin:123456
stats auth admin:123456
stats auth lvze:123456
stats refresh 30s
# stats admin if TRUE
listen web_port
bind 0.0.0.0:8080
mode http
log global
server web1 127.0.0.1:8080 check inter 3000 fall 2 rise 5
listen WEB_PORT_80
mode tcp
bind 192.168.55.7:80
server web1 192.168.55.6:80 cookie web-103 weight 2 check inter 3000 fall 3 rise 5
server web2 192.168.55.5:80 cookie web-104 weight 1 check inter 3000 fall 3 rise 5
listen MySQL_PORT
bind 192.168.55.8:3306
mode tcp
server web1 192.168.55.8:3306 cookie web-103 weight 1 check inter 3000 fall 3 rise 5
--------------------------------------------------------------------------------
启动HAProxy:
systemctl start haproxy 启动
systemctl restart haproxy 重启
systemctl enable haproxy 开机自启动
后端服务器
192.168.55.8
创建共享目录
yum install nfs-utils -y
mkdir /nfsdata/wordpress -p
vi /etc/exports
/nfsdata/wordpress *(rw,no_root_squash)
systemctl start nfs
systemctl enable nfs
二进制安装mariadb
1 准备用户和组
groupadd -r -g 336 mysql
useradd -r -g mysql -u 336 -s /sbin/nologin -d /data/mysql mysql
2 准备二进制程序文件和相关文件属性
tar xvf mariadb-10.2.23-linux-x86_64.tar.gz -C /usr/local/
cd /usr/local/
ln -s mariadb-10.2.23-linux-x86_64/ mysql
chown -R root.root /usr/local/mysql/
3 PATH变量
cat /etc/profile.d/mysql.sh
vim /etc/profile.d/mysql.sh 编辑文件
PATH=/usr/local/mysql/bin:$PATH 写入变量
source /etc/profile.d/mysql.sh 激活变量
echo $PATH 查看变量
4 准备数据库数据目录和数据--改成逻辑卷
mkdir /data/mysql -pv
chown mysql.mysql /data/mysql/
cd /usr/local/mysql
./scripts/mysql_install_db --datadir=/data/mysql --user=mysql
5 准备Mysql的服务器端的配置文件
mkdir /etc/mysql
cp /usr/local/mysql/support-files/my-huge.cnf /etc/mysql/my.cnf
vim /etc/mysql/my.cnf
[mysqld]
datadir=/data/mysql 加一行
6 准备服务启动脚本
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
查看服务 chkconfig --list
添加服务 chkconfig --add mysqld
service mysqld start 或 service myseqld rstart
7 安全加固
mysql_secure_installation
8 授权用户,用来博客连接数据库
mysql -uroot -p 123456
CREATE DATABASE wordpress;
GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"192.168.55.%" IDENTIFIED BY "123456";
flush privileges;
192.168.55.5 192.168.55.6
php-7.1.18.tar.ba2
nginx-1.14.2.tar.gz
源码编译php
下载需要的软件
yum -y install wget vim pcre pcre-devel openssl openssl-devel libicu devel gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2- devel ncurses ncurses-devel curl curl-devel krb5-devel libidn libidn-devel openldap openldap-devel nss_ldap jemalloc-devel cmake boost-devel bison automake libevent libevent-devel gd gd-devel libtool* libmcrypt libmcrypt-devel mcrypt mhash libxslt libxslt-devel readline readline-devel gmp gmp-devel libcurl libcurl-devel openjpeg devel
进入目录 解压包
cd //usr/local/src/
tar xvf php-7.1.18.tar.ba2
开始编译
cd php-7.1.18.tar.bz2
./configure --prefix=/app/php \--enable-mysqlnd \--with-mysqli=mysqlnd \--with-pdo-mysql=mysqlnd \--with-openssl \--with-freetype-dir \--with-jpeg-dir \--with-png-dir \--with-zlib \--with-libxml-dir=/usr \--with-config-file-path=/etc \--with-config-file-scan-dir=/etc/php.d \--enable-mbstring \--enable-xml \--enable-sockets \--enable-fpm \--enable-maintainer-zts \--disable-fileinfo
make -j 2
make install
修改配置文件
cp /app/php/etc/php-fpm.conf.default /app/php/etc/www.conf
创建用户www
useradd www -u 2019
进入编译安装的目录备份并改名配置文件
cd /app/php/etc/php-fpm.d
cp www.conf.default www.conf
grep -v ";" www.conf |grep -v "^$"
cd /app/php/etc
cp php-fpm.conf.default php-fpm.conf
启动php
/app/php/sbin/php-fpm -v
/app/php/sbin/php-fpm -t
/app/php/sbin/php-fpm -c /app/php/etc/php.ini
ps -ef | grep php-fpm
ss -ntl
创建php测试页面
mkdir /data/nginx/wordpress -p
vim /data/nginx/wordpress/index.php
<?php
phpinfo();
?>
编译nginx-1.14.2
tar xvf nginx-1.14.2.tar.gz -C /usr/local/src/
cd /usr/local/src/nginx-1.14.2
./configure --prefix=/apps/nginx \--user=nginx \--group=nginx \--with-http_ssl_module \--with-http_v2_module \--with-http_realip_module \--with-http_stub_status_module \--with-http_gzip_static_module \--with-pcre \--with-stream \--with-stream_ssl_module \--with-stream_realip_module
make
make install
ln -s /apps/nginx/sbin/nginx /sbin/
修改配置文件
vim /apps/nginx/conf/nginx.conf
user www www;
include /apps/nginx/conf/server/*.conf;
--------------------------------------------------------------------------------
创建副配置目录
mkdir /apps/nginx/conf/server -pv
--------------------------------------------------------------------------------
vim /apps/nginx/conf/server/www.magedu.net.conf
server {
listen 80;
server_name www.magedu.net;
location / {
root /data/nginx/woedpress;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /data/nginx/woedpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
nginx -t
测试
后端服务器配置
192.168.55.5 192.168.55.6
wordpress-5.0.3-zh_CN.tar.gz
cd /data/nginx/woedpress/
tar xvf wordpress-5.0.3-zh_CN.tar.gz
mv index.php wordpress-5.0.3-zh_CN.tar.gz /opt
mv wordpress/* .
mv wordpress /opt/
cp wp-config-sample.php wp-config.php
vim /data/nginx/woedpress/wp-config.php
// ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
/** WordPress数据库的名称 */
define(‘DB_NAME‘, ‘wordpress‘);
/** MySQL数据库用户名 */
define(‘DB_USER‘, ‘wordpress‘);
/** MySQL数据库密码 */
define(‘DB_PASSWORD‘, ‘123456‘);
/** MySQL主机 */
define(‘DB_HOST‘, ‘centos7.magedu.com‘);
define(‘DB_CHARSET‘, ‘utf8‘);
define(‘DB_COLLATE‘, ‘‘);
define(‘DB_COLLATE‘, ‘‘);
* 或者直接访问{@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org密钥生成服务}
define(‘AUTHKEY‘, ‘<dWC,ujj+=eMzSkU~w` 5?Tt-NUnW|CTvRF`>S XT j5R<(4+.ku`1#CN:D1Xjrb‘);
define(‘SECUREAUTHKEY‘, ‘v&:.i|%(6CsL[jU,5+TU-cAvm+A}2{V/(=(3Cks]L~|g+ljE5m=B/{}:oq.w<‘);
define(‘LOGGEDINKEY‘, ‘d~a,Lt#-)ykANn;TW=!sXd#+o>a]+KTYWK un|=eLGHVyYYGD+aKkm};8|raW+@d‘);
define(‘NONCEKEY‘, ‘zr$LcVo|!pPr@ 4Q1~i8>S]<QK2e;SBT g>VN{<@/Q;=eJ`Q|9N`kAHKy}e$Kxw#‘);
define(‘AUTHSALT‘, ‘{`+8c/igV^=SW#[QW+%Kf:0v^F=~##C70ao#J1yO[W&XWnsd.|6nxTGyD+hx>u8‘);
define(‘SECUREAUTHSALT‘, ‘|rp0)=Qs91]+^M/XFG{2q#K(&)c)z45P7-@@nyiU8.t}%kDGl8# u+uo?n-U‘);
define(‘LOGGEDINSALT‘, ‘cP!+/s^urC-LQ3mw<A#ro6v$h^d+@k!WA66;9TU%=|#|MW1J^u4t0io<#M+7w‘);
define(‘NONCESALT‘, ‘0mPY(C:&c<Q&[$k[YOWt9;]U6Fo-4ZglmZoke`(&BrnPx|ExQ5Xyw!E5|#MXgG‘);*
注:mysql主机可以写mysql的机器的主机名字,但一定要在本主机的hosts文件写解析 ,也可以写mysql主机的IP地址
在下面的红色字体的网站是生成密钥的意思,建议打开网站把人家生成的密钥与本配置文件的密钥更换掉,这样做更安全**
--------------------------------------------------------------------------------
vim /etc/hosts
192.168.55.8 centos7.magedu.com
chown www.www /data/nginx/woedpress/ -R
192.168.55.5 192.168.55.7上操作
yum install nfs-utils -y
挂载共享目录 数据实时同步
mount -t nfs 192.168.55.8:/nfsdata/wordpress /data/nginx/woedpress/wp-content/uploads/
www.magedu.net/wp-admin基于LNMP+HAproxy+Keepalived搭建高可用小型站点
原文:https://blog.51cto.com/14234910/2406897