基础架构搭建
环境准备:配置ip,关闭防火墙和selinux
lb1:192.168.8.10
lb2:192.168.8.20
web1:192.168.8.30
web2:192.168.8.40
mysql: 192.168.8.50
php: 192.168.8.60
ifdown ens33;ifup ens33
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
1.lb1、lb2、web1、web2安装nginx
yum -y install epel-release
yum -y install nginx
2.配置lb1:192.168.8.10
cd /etc/nginx/conf.d/ rm -rf * vim lb.conf
添加:
upstream webcluster { server 192.168.8.30:80; server 192.168.8.40:80; } server { listen 80; server_name blog.benet.com; location / { proxy_pass http://webcluster; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
保存退出
systemctl restart nginx systemctl enable nginx scp -rp /etc/nginx/conf.d/lb.conf root@192.168.8.20:/etc/nginx/conf.d/
配置lb2: 192.168.8.20
systemctl restart nginx
systemctl enable nginx
3.配置keepalived高可用
两台lb都安装keepalived
yum -y install keepalived
lb1:配置keepalived
vim /etc/keepalived/keepalived.conf
修改:
global_defs { router_id lb1 } vrrp_script check_nginx_proxy { script “/sh/check_nginx_proxy.sh” interval 2 weight 5 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.8.254 } track_script { check_nginx_proxy } }
保存退出
mkdir /sh vim /sh/check_nginx_proxy.sh #!/bin/bash killall -0 nginx if [ $? -ne 0 ];then systemctl stop keepalived fi chmod +x /sh/check_nginx_proxy.sh crontab -e * * * * * /bin/bash /sh/check_nginx_proxy.sh
lb2:配置keepalived
vim /etc/keepalived/keepalived.conf
修改为:
global_defs { router_id lb2 } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.8.254 } }
保存退出
systemctl restart keepalived
systemctl enable keepalived
4.配置web节点
web1: 配置nginx,安装blog
(2)复制wordpress安装包,到虚拟机/,解压并赋权
unzip wordpress-4.9.4-zh_CN.zip
chmod -R 777 /wordpress
scp -rp /wordpress root@192.168.8.60:/
(3)创建虚拟主机配置文件
vim /etc/nginx/conf.d/blog.conf
添加:
server { listen 80; server_name blog.benet.com; root /wordpress; index index.php index.html; location ~ \.php$ { root /wordpress; fastcgi_pass 192.168.8.60:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME documentrootdocument_rootfastcgi_script_name; include fastcgi_params; } }
保存退出
systemctl reload nginx
5.安装mysql:192.168.8.50
复制mysql-rpm包到虚拟机
cd mysql-rpm
yum -y localinstall *.rpm
systemctl restart mysqld
systemctl enable mysqld
登录并创建blog库和用户:
mysql
create database blog;
grant all on blog.* to lisi@'%' identified by '123.com';
6.安装php:192.168.8.60
复制php-rpm到虚拟机
cd php-rpm
yum -y localinstall *.rpm
vim /etc/php-fpm.d/www.conf
定位并修改为:
listen = 192.168.8.60:9000
listen.allowed_clients = 192.168.8.30,192.168.8.40
保存退出
systemctl restart php-fpm
systemctl enable php-fpm
7.客户端浏览器访问web1:192.168.8.30,安装blog
安装成功后,复制web1的配置文件和wordpress目录到web2:
scp -rp /wordpress root@192.168.8.40:/
scp -rp /etc/nginx/conf.d/* root@192.168.8.40:/etc/nginx/conf.d/
web2: systemctl restart nginx
测试能通过访问192.168.8.40成功
8.客户端通过域名或192.168.8.254虚拟地址访问,查看轮询
9.配置ssl加密
web1: 创建证书
mkdir -p /etc/nginx/ssl_key cd /etc/nginx/ssl_key openssl genrsa -idea -out server.key 2048 openssl req -days 3650 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt vim /etc/nginx/conf.d/https.conf server { listen 443 ssl; server_name blog.benet.com; ssl_certificate ssl_key/server.crt; ssl_certificate_key ssl_key/server.key; root /wordpress; index index.php index.html; location ~ \.php$ { root /wordpress; fastcgi_pass 192.168.8.60:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME documentrootdocument_rootfastcgi_script_name; include fastcgi_params; } } server { listen 80; server_name blog.benet.com; rewrite .* https://servernameservernameserver_name1 redirect; }
保存退出
scp -rp /etc/nginx/ssl_key root@192.168.8.40:/etc/nginx/
scp -rp /etc/nginx/ssl_key root@192.168.8.10:/etc/nginx/
scp -rp /etc/nginx/ssl_key root@192.168.8.20:/etc/nginx/
lb1和lb2:
mkdir -p /etc/nginx/ssl_key cd /etc/nginx/ssl_key openssl genrsa -idea -out server.key 2048 openssl req -days 3650 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt vim /etc/nginx/conf.d/https.conf server { listen 443 ssl; server_name blog.benet.com; ssl_certificate ssl_key/server.crt; ssl_certificate_key ssl_key/server.key; root /wordpress; index index.php index.html; location ~ \.php$ { root /wordpress; fastcgi_pass 192.168.8.60:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME documentrootdocument_rootfastcgi_script_name; include fastcgi_params; } } server { listen 80; server_name blog.benet.com; rewrite .* https://servernameservernameserver_name1 redirect; }
保存退出
systemctl restart nginx