基础架构搭建
环境准备：配置ip，关闭防火墙和selinux
lb1:192.168.8.10
lb2:192.168.8.20
web1:192.168.8.30
web2:192.168.8.40
mysql: 192.168.8.50
php: 192.168.8.60

ifdown ens33;ifup ens33
systemctl stop firewalld
systemctl disable firewalld
setenforce 0

1.lb1、lb2、web1、web2安装nginx

yum -y install epel-release
yum -y install nginx

2.配置lb1:192.168.8.10
cd /etc/nginx/conf.d/
rm -rf *
vim lb.conf
添加：
upstream webcluster {
server 192.168.8.30:80;
server 192.168.8.40:80;
}
server {
listen 80;
server_name blog.benet.com;

    location / {
            proxy_pass      http://webcluster;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

保存退出
systemctl restart nginx
systemctl enable nginx

scp -rp /etc/nginx/conf.d/lb.conf root@192.168.8.20:/etc/nginx/conf.d/

配置lb2: 192.168.8.20
systemctl restart nginx
systemctl enable nginx

3.配置keepalived高可用
两台lb都安装keepalived
yum -y install keepalived

lb1:配置keepalived
vim /etc/keepalived/keepalived.conf
修改：
global_defs {
router_id lb1
}
vrrp_script check_nginx_proxy {
script “/sh/check_nginx_proxy.sh”
interval 2
weight 5
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.8.254
}
track_script {
check_nginx_proxy
}
}
保存退出

mkdir /sh
vim /sh/check_nginx_proxy.sh

！/bin/bash

killall -0 nginx
if [ $? -ne 0 ];then
systemctl stop keepalived
fi

chmod +x /sh/check_nginx_proxy.sh

crontab -e

• • • • • /bin/bash /sh/check_nginx_proxy.sh

lb2:配置keepalived
vim /etc/keepalived/keepalived.conf
修改为：
global_defs {
router_id lb2
}

vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.8.254
}
}
保存退出

systemctl restart keepalived
systemctl enable keepalived

4.配置web节点
web1: 配置nginx，安装blog
（2）复制wordpress安装包，到虚拟机/，解压并赋权
unzip wordpress-4.9.4-zh_CN.zip
chmod -R 777 /wordpress
scp -rp /wordpress root@192.168.8.60:/

（3）创建虚拟主机配置文件
vim /etc/nginx/conf.d/blog.conf
添加：
server {
listen 80;
server_name blog.benet.com;
root /wordpress;
index index.php index.html;

    location ~ \.php$ {
            root /wordpress;
            fastcgi_pass 192.168.8.60:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
    }
}
保存退出
systemctl reload nginx

5.安装mysql：192.168.8.50
复制mysql-rpm包到虚拟机
cd mysql-rpm
yum -y localinstall *.rpm
systemctl restart mysqld
systemctl enable mysqld

登录并创建blog库和用户：
mysql
create database blog;
grant all on blog.* to lisi@'%' identified by '123.com';

6.安装php:192.168.8.60
复制php-rpm到虚拟机
cd php-rpm
yum -y localinstall *.rpm

vim /etc/php-fpm.d/www.conf
定位并修改为：
listen = 192.168.8.60:9000
listen.allowed_clients = 192.168.8.30,192.168.8.40
保存退出
systemctl restart php-fpm
systemctl enable php-fpm

7.客户端浏览器访问web1：192.168.8.30，安装blog
安装成功后，复制web1的配置文件和wordpress目录到web2:
scp -rp /wordpress root@192.168.8.40:/
scp -rp /etc/nginx/conf.d/* root@192.168.8.40:/etc/nginx/conf.d/
web2: systemctl restart nginx
测试能通过访问192.168.8.40成功

8.客户端通过域名或192.168.8.254虚拟地址访问，查看轮询

9.配置ssl加密
web1: 创建证书
mkdir -p /etc/nginx/ssl_key
cd /etc/nginx/ssl_key
openssl genrsa -idea -out server.key 2048
openssl req -days 3650 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt

vim /etc/nginx/conf.d/https.conf
server {
listen 443 ssl;
server_name blog.benet.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
root /wordpress;
index index.php index.html;

    location ~ \.php$ {
            root /wordpress;
            fastcgi_pass 192.168.8.60:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
    }
}

server {
listen 80;
server_name blog.benet.com;
rewrite .* https://$server_name$1 redirect;
}
保存退出

scp -rp /etc/nginx/ssl_key root@192.168.8.40:/etc/nginx/
scp -rp /etc/nginx/ssl_key root@192.168.8.10:/etc/nginx/
scp -rp /etc/nginx/ssl_key root@192.168.8.20:/etc/nginx/

lb1和lb2:
vim /etc/nginx/conf.d/lb.conf
upstream webcluster {
server 192.168.8.30:443;
server 192.168.8.40:443;
}
server {
listen 443 ssl;
server_name blog.benet.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass https://webcluster;
}
}
server {
listen 80;
server_name blog.benet.com;
return 302 https://$server_name$1;
}
保存退出

systemctl restart nginx