从零开始搭建双主模型的nginx proxy高可用集群

实验简介

本文主要介绍双主模型的nginx proxy高可用集群的搭建方式。
实验环境:

  • 使用nfs/ftp服务器,nfs提供页面数据共享,ftp提供程序下载
  • 使用单独的mariadb服务器提供关系型数据库
  • 使用两台httpd服务器提供页面服务,包括静态的html和动态的php(phpmyadmin、wordpress、phpinfo)
  • 使用两台nginx作为两台httpd的负载均衡器
  • 对两台nginx配置keepalived保证集群的高可用

拓扑图

从零开始搭建双主模型的nginx proxy高可用集群

配置

nfs/ftp 192.168.45.201

#修改主机名
hostnamectl set-hostname nfs.easy.com

#同步时间
yum install -y ntp
ntpdate

#搭建nfs
yum install -y nfs-utils
mkdir /data/html -pv
vim /etc/exports
    /data/html 192.168.45.0/24(rw)
systemctl start nfs
showmount -e

#搭建ftp
yum install -y vsftpd
yum install -y lrzsz
cd /var/ftp/pub
rz
上传phpMyAdmin-4.0.10.20-all-languages.zip
上传wordpress-4.7.4-zh_CN.tar.gz

mariadb 192.168.45.202

#修改主机名
hostnamectl set-hostname mydb.easy.com

#同步时间    
yum install -y ntp
ntpdate

#搭建mariadb
yum install -y mariadb-server
vim /etc/my.cnf.d/server.cnf
    [mysqld] 
    skip_name_resolve=1
    log-bin=mysql-bin
    innodb_file_per_table = 1
systemctl start mariadb.service

#简单配置mariadb
mysql_secure_installation
mysql -uroot -peasy
    GRANT ALL ON *.* TO 'root'@'192.168.45.%' IDENTIFIED BY 'easy'; 
    CREATE DATABASE wordpress;

    SELECT * FROM mysql.user \G ;
    SHOW DATABASES;

web1 192.168.45.11

#修改主机名
hostnamectl set-hostname web1.easy.com

#同步时间
yum install -y ntp
ntpdate
yum install -y httpd php php-mysql php-mcrypt php-mbstring

#挂载nfs
yum install -y nfs-utils
mkdir /data/html -pv
mount 192.168.45.201:/data/html /var/www/html

#创建phpMyAdmin wordpress
yum install -y wget
wget ftp://192.168.45.201/pub/phpMyAdmin-4.0.10.20-all-languages.zip
wget ftp://192.168.45.201/pub/wordpress-4.7.4-zh_CN.tar.gz 
tar xf wordpress-4.7.4-zh_CN.tar.gz
yum install -y unzip  
unzip phpMyAdmin-4.0.10.20-all-languages.zip 
mv /root/wordpress /var/www/html/wordpress-4.7.4  
mv /root/phpMyAdmin-4.0.10.20-all-languages /var/www/html
cd /var/www/html
ln -sv phpMyAdmin-4.0.10.20-all-languages pma
ln -sv wordpress-4.7.4 wp
ls /var/www/html

#创建主页
vim /var/www/html/index.php
    <h1>This is index pages</h1>
    <?php
        phpinfo();
    ?>

#创建负载均衡测试页
mkdir /var/www/lbtest
echo "web server1">> /var/www/lbtest/test.html
cat /var/www/lbtest/test.html

#配置httpd虚拟主机
vim /etc/httpd/conf.d/vhost.conf
    listen 8080
    <VirtualHost 192.168.45.11:80>
        DocumentRoot /var/www/html
        Servername www.easy.com
        <Directory '/var/www/html'>
            Options FollowsymLinks
            AllowOverride None
            Require all granted
        </Directory>
    </VirtualHost>        
    <VirtualHost 192.168.45.11:8080>
       DocumentRoot /var/www/lbtest
            <Directory '/var/www/lbtest'>
            Options None
            AllowOverride None
            Require all granted
            </Directory>
    </VirtualHost>
systemctl start httpd

#配置php-mysql
vim /etc/php.ini
    mysqli.default_host = 192.168.45.202
    mysqli.default_user = root
    mysqli.default_pw = easy
systemctl restart httpd

#配置phpMyAdmin
cd /var/www/html/pma
cp config.sample.inc.php config.inc.php 
vim config.inc.php 
    $cfg['blowfish_secret'] = 'a8baskdljalskd7c6d';
    $cfg['Servers'][$i]['host'] = '192.168.45.202';

#配置wordpress
cd /var/www/html/wp
cp wp-config-sample.php wp-config.php
vim wp-config.php
    define('DB_NAME', 'wordpress');
    define('DB_USER', 'root');
    define('DB_PASSWORD', 'easy');
    define('DB_HOST', '192.168.45.202');

web2 192.168.45.12

#修改主机名
hostnamectl set-hostname web2.easy.com

#同步时间
yum install -y ntp
ntpdate
yum install -y httpd php php-mysql php-mcrypt php-mbstring

#挂载nfs
yum install -y nfs-utils
mkdir /data/html -pv
mount 192.168.45.201:/data/html /var/www/html

#创建负载均衡测试页
mkdir /var/www/lbtest
echo "web server2">> /var/www/lbtest/test.html
cat /var/www/lbtest/test.html

#配置httpd虚拟主机
vim /etc/httpd/conf.d/vhost.conf
    listen 8080
    <VirtualHost 192.168.45.12:80>
        DocumentRoot /var/www/html
        Servername www.easy.com
        <Directory '/var/www/html'>
            Options FollowsymLinks
            AllowOverride None
            Require all granted
        </Directory>
    </VirtualHost>        
    <VirtualHost 192.168.45.12:8080>
       DocumentRoot /var/www/lbtest
            <Directory '/var/www/lbtest'>
            Options None
            AllowOverride None
            Require all granted
            </Directory>
    </VirtualHost>
systemctl start httpd

#配置php-mysql
vim /etc/php.ini
    mysqli.default_host = 192.168.45.202
    mysqli.default_user = root
    mysqli.default_pw = easy
systemctl restart httpd

nginx1 192.168.45.201

#修改主机名    
hostnamectl set-hostname nginx1.easy.com

#同步时间
yum install -y ntp
ntpdate
yum install -y psmisc #killall指令安装

#配置nginx负载均衡
yum install -y nginx
vim /etc/nginx/nginx.conf
http {
    upstream backend {
        server 192.168.45.11:80;
        server 192.168.45.12:80;
    }
    upstream lbtest {
        server 192.168.45.11:8080;
        server 192.168.45.12:8080;
    }
    server{
        location / {
            proxy_pass http://backend;
        }
        location ~* 'test.html$' {
            proxy_pass http://lbtest;
        }
    }
}    
systemctl start nginx

#配置keepalived
yum install -y keepalived
mv /etc/keepalived/keepalived.conf{,.bak}
vim /etc/keepalived/keepalived.conf
    !Configuration File for keepalived
    global_defs {
        notification_email {
            root@localhost;
            }
        notification_email_from keepadmin@localhost
        smtp_server 127.0.0.1
        smtp_connect_timeout 30
        route_id nginx1
        vrrp_mcast_group4 224.51.151.251
    }        
    vrrp_instance VI_1{
        state MASTER
        priority 100
        interface ens37
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass SWF5FW2DF
        }
        virtual_ipaddress {
            172.16.51.1/16 dev ens37 label ens37:0
        }
        notify_master "/etc/keepalived/notify.sh master"
        notify_bachup "/etc/keepalived/notify.sh backup"
        notify_fault "/etc/keepalived/notify.sh fault"
    }
    vrrp_instance VI_2{
        state BACKUP
        interface ens37
        virtual_router_id 52
        priority 96
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 7D2SS5DF
        }
        virtual_ipaddress {
            172.16.51.2/16 dev ens37 label ens37:1
        }
        track_script {
            chk_down
            chk_nginx
        }
        notify_master "/etc/keepalived/notify.sh master"
        notify_bachup "/etc/keepalived/notify.sh backup"
        notify_fault "/etc/keepalived/notify.sh fault"
    }

#配置通知脚本
vim /etc/keepalived/notify.sh
    #!/bin/bash
    #
    contact='root@localhost'
    notify(){
            local mailsubject="$(hostname) to be $1 ,vip floating"
            local mailbody="$(date +'%F $T'):vrrp transition,$(hostname) changed to be $1"
            echo "$mailbody" |mail -s "$mailsubject" $contact
    }
    case $1 in
    master)
            systemctl start nginx.service
            notify master
            ;;
    backup)
            systemctl start nginx.service
            notify backup
            ;;
    fault)
            systemctl stop nginx.service
            notify fault
            ;;
    *)
            echo "ERROR"
            exit 1
            ;;
    esac

nginx2 192.168.45.202

#修改主机名
hostnamectl set-hostname nginx2.easy.com

#同步时间
yum install -y ntp
ntpdate
yum install -y psmisc #killall指令安装

#配置nginx负载均衡
yum install -y nginx
mv /etc/nginx/nginx.conf{,.bak}
接受nginx1传送配置后
systemctl start nginx

#配置keepalived
yum install -y keepalived
mv /etc/keepalived/keepalived.conf{,.bak}
vim /etc/keepalived/keepalived.conf
    !Configuration File for keepalived        
    global_defs {
        notification_email {
            root@localhost;
            }
        notification_email_from keepadmin@localhost
        smtp_server 127.0.0.1
        smtp_connect_timeout 30
        route_id nginx2
        vrrp_mcast_group4 224.51.151.251
    }        
    vrrp_script chk_down{
        script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0 "
        interval 1
        weight -5
        fall 1
        rise 1
    }        
    vrrp_script chk_nginx{
        script "killall -0 nginx && exit 0 || exit 1"
        interval 1
        weight -5
        fall 2
        rise 2
    }
    vrrp_instance VI_1{
        state BACKUP
        interface ens37
        virtual_router_id 51
        priority 96
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass SWF5FW2DF
        }
        virtual_ipaddress {
            172.16.51.1/16 dev ens37 label ens37:0
        }
        track_script {
            chk_down
            chk_nginx
        }
        notify_master "/etc/keepalived/notify.sh master"
        notify_bachup "/etc/keepalived/notify.sh backup"
        notify_fault "/etc/keepalived/notify.sh fault"
    }
    vrrp_instance VI_2{
        state MASTER
        interface ens37
        virtual_router_id 52
        priority 100
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 7D2SS5DF
        }
        virtual_ipaddress {
            172.16.51.2/16 dev ens37 label ens37:1
        }
        track_script {
            chk_down
            chk_nginx
        }
        notify_master "/etc/keepalived/notify.sh master"
        notify_bachup "/etc/keepalived/notify.sh backup"
        notify_fault "/etc/keepalived/notify.sh fault"
    }

#配置通知脚本
vim /etc/keepalived/notify.sh
    #!/bin/bash
    #
    contact='root@localhost'
    notify(){
            local mailsubject="$(hostname) to be $1 ,vip floating"
            local mailbody="$(date +'%F $T'):vrrp transition,$(hostname) changed to be $1"
            echo "$mailbody" |mail -s "$mailsubject" $contact
    }
    case $1 in
    master)
            systemctl start nginx.service
            notify master
            ;;
    backup)
            systemctl start nginx.service
            notify backup
            ;;
    fault)
            systemctl stop nginx.service
            notify fault
            ;;
    *)
            echo "ERROR"
            exit 1
            ;;
    esac

实验总结

BUG

  • 该环境配置完成后出现BUG,chk_nginx脚本并不会真正的检测nginx,来对keepalived权重进行调整

待完善

  • 该实验环境只是实现基本功能,部分配置存在安全隐患
  • 该环境单点状况过多,需要提升页面资源的nfs服务器和关系型数据库mariadb服务器的高可用性
  • httpd服务器没有实现动静分离
  • httpd服务器负载均衡不能保持会话,需要增加session服务器
  • 增加cache服务器可以大幅度提高浏览速度

原创文章,作者:easyTang,如若转载,请注明出处:http://www.178linux.com/78553

(0)
easyTangeasyTang
上一篇 2017-06-25
下一篇 2017-06-26

相关推荐

  • 磁盘管理

      磁盘管理是一项计算机使用时的常规任务,它是以一组磁盘管理应用程序的形式提供给用户的,它们位于"计算机管理"控制台中.它包括查错程序和磁盘碎片整理程序以及磁盘整理程序。   一磁盘分区     1为什么要分区?     •优化I…

    Linux干货 2016-09-02
  • 更改CentOS7 默认网卡eno16777736为eth0

        安装完CentOS7,它的默认网卡名为eno16777736 看着不爽!习惯了eth0的命名方式。 编辑 /etc/sysconfig/grub 在“GRUB_CMDLINE_LINUX”里添加net.ifnames=0 biosdevname=0 保存退出 如图: 然后执行 grub2-mkconfig -o…

    系统运维 2015-12-19
  • LAMP的分布式实现——安装wordpress、phpMyAdmin

    题目:分别用三台centos 7主机分别部署 httpd, php-fpm, mariadb 第一台 10.1.43.101 –>httpd 第二台 10.1.43.102 –>php-fpm    分别在2台虚拟主机上部署wordpress和phpmyadmin 第三台 10.1.43.103 &#8…

    Linux干货 2016-10-12
  • lamp的搭建

    方法一编译安装amp:   1.系统环境:CentOS 6,7       CentOS6:apr,apr-util的版本为1.3.9,不适合httpd-2.4    CentOS7:apr,apr-util的版本为1.4+2.开发环境需要安装:    Developm…

    Linux干货 2016-10-16
  • shell编程之循环及函数

    for 循环 for 变量名 in 列表;do    循环体 done   执行机制: 依次将列表中的元素赋值给“变量名”; 每次赋值后即执行一次循环体; 直到列表中 的元素耗尽,循环结束   列表生成方式: (1)直接给出列表 (2)整数列表: (a) {start..end} (b) $(seq [start [s…

    Linux干货 2016-08-24
  • 系统无法正常启动的解决之道

    先来看下配置文件的格式: [root@centos6 ~]# uname -r 2.6.32-642.el6.x86_64 [root@centos6 ~]# cat /boot/grub/grub.conf  # Note that you do&…

    Linux干货 2016-09-19