1.基础架构搭建
环境准备:配置ip,关闭防火墙和selinux lb1:192.168.8.10 lb2:192.168.8.20 web1:192.168.8.30 web2:192.168.8.40 mysql: 192.168.8.50 php: 192.168.8.60 ifdown ens33;ifup ens33 systemctl stop firewalld systemctl disable firewalld setenforce 0 1.lb1、lb2、web1、web2安装nginx yum -y install epel-release yum -y install nginx
2.配置lb1:192.168.8.10
cd /etc/nginx/conf.d/ rm -rf * vim lb.conf 添加: upstream webcluster { server 192.168.8.30:80; server 192.168.8.40:80; } server { listen 80; server_name blog.benet.com; location / { proxy_pass http://webcluster; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } 保存退出 systemctl restart nginx systemctl enable nginx scp -rp /etc/nginx/conf.d/lb.conf root@192.168.8.20:/etc/nginx/conf.d/ 配置lb2: 192.168.8.20 systemctl restart nginx systemctl enable nginx
3.配置keepalived高可用
两台lb都安装keepalived yum -y install keepalived lb1:配置keepalived vim /etc/keepalived/keepalived.conf 修改: global_defs { router_id lb1 } vrrp_script check_nginx_proxy { script “/sh/check_nginx_proxy.sh” interval 2 weight 5 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.8.254 } track_script { check_nginx_proxy } } 保存退出 mkdir /sh vim /sh/check_nginx_proxy.sh #!/bin/bash killall -0 nginx if [ $? -ne 0 ];then systemctl stop keepalived fi chmod +x /sh/check_nginx_proxy.sh crontab -e * * * * * /bin/bash /sh/check_nginx_proxy.sh lb2:配置keepalived vim /etc/keepalived/keepalived.conf 修改为: global_defs { router_id lb2 } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.8.254 } } 保存退出 systemctl restart keepalived systemctl enable keepalived
4.配置web节点
web1: 配置nginx,安装blog
(2)复制wordpress安装包,到虚拟机/,解压并赋权
unzip wordpress-4.9.4-zh_CN.zip chmod -R 777 /wordpress scp -rp /wordpress root@192.168.8.60:/
(3)创建虚拟主机配置文件
vim /etc/nginx/conf.d/blog.conf 添加: server { listen 80; server_name blog.benet.com; root /wordpress; index index.php index.html; location ~ \.php$ { root /wordpress; fastcgi_pass 192.168.8.60:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME documentrootdocument_rootfastcgi_script_name; include fastcgi_params; } } 保存退出 systemctl reload nginx
5.安装mysql:192.168.8.50
复制mysql-rpm包到虚拟机 cd mysql-rpm yum -y localinstall *.rpm systemctl restart mysqld systemctl enable mysqld 登录并创建blog库和用户: mysql create database blog; grant all on blog.* to lisi@'%' identified by '123.com';
6.安装php:192.168.8.60
复制php-rpm到虚拟机 cd php-rpm yum -y localinstall *.rpm vim /etc/php-fpm.d/www.conf 定位并修改为: listen = 192.168.8.60:9000 listen.allowed_clients = 192.168.8.30,192.168.8.40 保存退出 systemctl restart php-fpm systemctl enable php-fpm 7.客户端浏览器访问web1:192.168.8.30,安装blog 安装成功后,复制web1的配置文件和wordpress目录到web2: scp -rp /wordpress root@192.168.8.40:/ scp -rp /etc/nginx/conf.d/* root@192.168.8.40:/etc/nginx/conf.d/ web2: systemctl restart nginx 测试能通过访问192.168.8.40成功
8.客户端通过域名或192.168.8.254虚拟地址访问,查看轮询
9.配置ssl加密
web1: 创建证书 mkdir -p /etc/nginx/ssl_key cd /etc/nginx/ssl_key openssl genrsa -idea -out server.key 2048 openssl req -days 3650 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt vim /etc/nginx/conf.d/https.conf server { listen 443 ssl; server_name blog.benet.com; ssl_certificate ssl_key/server.crt; ssl_certificate_key ssl_key/server.key; root /wordpress; index index.php index.html; location ~ \.php$ { root /wordpress; fastcgi_pass 192.168.8.60:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME documentrootdocument_rootfastcgi_script_name; include fastcgi_params; } } server { listen 80; server_name blog.benet.com; rewrite .* https://servernameserver_name1 redirect; } 保存退出 scp -rp /etc/nginx/ssl_key root@192.168.8.40:/etc/nginx/ scp -rp /etc/nginx/ssl_key root@192.168.8.10:/etc/nginx/ scp -rp /etc/nginx/ssl_key root@192.168.8.20:/etc/nginx/ lb1和lb2: vim /etc/nginx/conf.d/lb.conf upstream webcluster { server 192.168.8.30:443; server 192.168.8.40:443; } server { listen 443 ssl; server_name blog.benet.com; ssl_certificate ssl_key/server.crt; ssl_certificate_key ssl_key/server.key; location / { proxy_pass https://webcluster; } } server { listen 80; server_name blog.benet.com; return 302 https://servernameserver_name1; } 保存退出 systemctl restart nginx
