nginx基础架构实验

cd /etc/nginx/conf.d/
rm -rf *
vim lb.conf

upstream webcluster {
        server 192.168.8.30:80;
        server 192.168.8.40:80;
}
server {
        listen 80;
        server_name blog.benet.com;
        location / {
                proxy_pass      http://webcluster;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

systemctl restart nginx 
systemctl enable nginx 
scp -rp /etc/nginx/conf.d/lb.conf root@192.168.8.20:/etc/nginx/conf.d/

vim /etc/keepalived/keepalived.conf

global_defs {
   router_id lb1
}
vrrp_script check_nginx_proxy {
        script “/sh/check_nginx_proxy.sh”
        interval 2
        weight 5
        }
vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.8.254
    }
    track_script {
        check_nginx_proxy
    }
}

mkdir /sh 
vim /sh/check_nginx_proxy.sh
#！/bin/bash
killall  -0  nginx
if  [ $? -ne 0 ];then
  systemctl stop keepalived
fi
chmod  +x  /sh/check_nginx_proxy.sh
crontab -e
* * * * * /bin/bash /sh/check_nginx_proxy.sh

vim /etc/keepalived/keepalived.conf

global_defs {
   router_id lb2            
}
vrrp_instance VI_1 {
    state BACKUP            
    interface ens33
    virtual_router_id 51
    priority 99                
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.8.254    
    }
}

vim /etc/nginx/conf.d/blog.conf

server {
        listen 80;
        server_name blog.benet.com;
        root /wordpress;
        index index.php index.html;
        location ~ \.php$ {
                root /wordpress;
                fastcgi_pass 192.168.8.60:9000;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME documentrootdocument_rootfastcgi_script_name;
                include fastcgi_params;
        }
    }

mkdir -p /etc/nginx/ssl_key 
cd /etc/nginx/ssl_key
openssl genrsa -idea -out server.key 2048
openssl req -days 3650 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
vim /etc/nginx/conf.d/https.conf
server {
        listen 443 ssl;
        server_name blog.benet.com;
    ssl_certificate ssl_key/server.crt;
        ssl_certificate_key ssl_key/server.key;
        root /wordpress;
        index index.php index.html;
        location ~ \.php$ {
                root /wordpress;
                fastcgi_pass 192.168.8.60:9000;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME documentrootdocument_rootfastcgi_script_name;
                include fastcgi_params;
        }
    }
server {
        listen 80;
        server_name blog.benet.com;
        rewrite .* https://servernameservernameserver_name1 redirect;
}

mkdir -p /etc/nginx/ssl_key 
cd /etc/nginx/ssl_key
openssl genrsa -idea -out server.key 2048
openssl req -days 3650 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
vim /etc/nginx/conf.d/https.conf
server {
        listen 443 ssl;
        server_name blog.benet.com;
    ssl_certificate ssl_key/server.crt;
        ssl_certificate_key ssl_key/server.key;
        root /wordpress;
        index index.php index.html;
        location ~ \.php$ {
                root /wordpress;
                fastcgi_pass 192.168.8.60:9000;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME documentrootdocument_rootfastcgi_script_name;
                include fastcgi_params;
        }
    }
server {
        listen 80;
        server_name blog.benet.com;
        rewrite .* https://servernameservernameserver_name1 redirect;
}