@TOC
项目实验:WordPress项目实现LVS_DB及HAProxy反向代理
环境
| 主机名称 | 服务 | IP地址\GW |
|---|---|---|
| server17 | NFS+MYSQL | 37.17\37.2 |
| server16 | Nginx+php+WordPress | 37.16\37.2 |
| server15 | Nginx+php+WordPress | 37.15\37.2 |
| server14 | HAProxy | 37.14\37.2 |
| server13 | HAProxy | 37.13\37.2 |
| server12 | LVS-DR | 37.12\37.2 |
| server11 | LVS-DR | 37.11\37.2 |
server17(NFS+MYSQL)
mysql-5.6.34-onekey-install.tar.gz下载
[root@server17 ~]# cd /usr/local/src/
[root@server17 src]# ll
mysql-5.6.34-onekey-install.tar.gz
#解压缩
[root@server17 src]# tar xvf mysql-5.6.34-onekey-install.tar.gz
./my.cnf
./mysql-5.6.34-linux-glibc2.5-x86_64.tar.gz
./mysql-install.sh
#运行脚本安装
[root@server17 src]# bash mysql-install.sh
[root@server17 src]# mysql
#创建库
mysql> CREATE DATABASE wordpress;
#授权
mysql> GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"192.168.37.%" IDENTIFIED BY "wordpress123";
[root@server17 src]# vim /etc/exports
/data/wordpress *(rw,no_root_squash)
[root@server17 src]# systemctl restart nfs
[root@server17 src]# systemctl enable nfs
#设置开机启动mysqld
[root@server17 src]# systemctl enable mysqld
[root@server17 src]# mkdir /data/wordpress
server15和server16(Nginx+php)
[root@server15 ~]# yum -y install unzip wget vim pcre pcre-devel openssl openssl-devel libicu-devel gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel ncurses ncurses-devel curl curl-devel krb5-devel libidn libidn-devel openldap openldap-devel nss_ldap jemalloc-devel cmake boost-devel bison automake libevent libevent-devel gd gd-devel libtool* libmcrypt libmcrypt-devel mcrypt mhash libxslt libxslt-devel readline readline-devel gmp gmp-devel libcurl libcurl-devel openjpeg-devel
[root@server15 ~]# cd /usr/local/src/
#创建用户
[root@server15 ~]# useradd www -s /sbin/nologin -u 2019
#编译安装nginx
[root@server15 src]# tar xvf nginx-1.16.1.tar.gz
[root@server15 src]# cd nginx-1.16.1/
[root@server15 nginx-1.16.1]# ./configure --prefix=/apps/nginx --user=www --group=www --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
[root@server15 nginx-1.16.1]# make
[root@server15 nginx-1.16.1]# make insall
#检查nginx语法
[root@server15 nginx-1.16.1]# /apps/nginx/sbin/nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
#启动nginx服务
[root@server15 nginx-1.16.1]# /apps/nginx/sbin/nginx
[root@server15 nginx-1.16.1]# cd /usr/local/src/
[root@server15 src]# tar xvf php-7.2.21.tar.gz
[root@server15 src]# cd php-7.2.21/
#编译安装php
[root@server15 php-7.2.21]# ./configure --prefix=/apps/php --enable-fpm --with-fpm-user=www --with-fpm-group=www --with-pear --with-curl --with-png-dir --with-freetype-dir --with-iconv --with-mhash --with-zlib --with-xmlrpc --with-xsl --with-openssl --with-mysqli --with-pdo-mysql --disable-debug --enable-zip --enable-sockets --enable-soap --enable-inline-optimization --enable-xml --enable-ftp --enable-exif --enable-wddx --enable-bcmath --enable-calendar --enable-shmop --enable-dba --enable-sysvsem --enable-sysvshm --enable-sysvmsg
[root@server15 php-7.2.21]# make -j 2
[root@server15 php-7.2.21]# make install
#创建数据库目录
[root@server15 php-7.2.21]# mkdir /data/nginx/wordpress -p
[root@server15 php-7.2.21]# cd /apps/php/etc/
[root@server15 etc]# cp php-fpm.conf.default php-fpm.conf
server15
[root@server15 etc]# cd php-fpm.d/
[root@server15 php-fpm.d]# cp www.conf.default www.conf
[root@server15 php-fpm.d]# vim www.conf
···
pm.max_children = 8 <--最大子进程
pm.start_servers = 4 <--起始子进程数量
pm.min_spare_servers = 4 <--最小空闲
pm.max_spare_servers = 8 <--最大空闲
···
[root@server15 php-fpm.d]# find /usr/local/src/php-7.2.21/ -name php.ini*
/usr/local/src/php-7.2.21/php.ini-production <--生产用的
/usr/local/src/php-7.2.21/php.ini-development <--开发用的
[root@server15 php-fpm.d]# cp /usr/local/src/php-7.2.21/php.ini-production /apps/php/etc/php.ini
[root@server15 php-fpm.d]# scp /apps/php/etc/php.ini 192.168.37.16:/apps/php/etc/php.ini
[root@server15 php-fpm.d]# scp /apps/php/etc/php-fpm.d/www.conf 192.168.37.16:/apps/php/etc/php-fpm.d/www.conf
server15和server16
#'-c'指定配置文件目录
[root@server15 php-fpm.d]# /apps/php/sbin/php-fpm -c /apps/php/etc/php.ini
server15
#查看有没有9000端口
[root@server15 php-fpm.d]# ss -ntl|grep 9000
LISTEN 0 128 127.0.0.1:9000 *:*
[root@server15 php-fpm.d]# vim /apps/nginx/conf/nginx.conf
...
location / {
root /data/nginx/wordpress;
index index.php index.html index.htm;
}
location ~ \.php$ {
#root /data/nginx/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/nginx/wordpress$fastcgi_script_name;
include fastcgi_params;
}
...
#检查语法
[root@server15 php-fpm.d]# /apps/nginx/sbin/nginx -t
#重新加载nginx
[root@server15 php-fpm.d]# /apps/nginx/sbin/nginx -s reload
#创建php测试页面
[root@server15 php-fpm.d]# vim /data/nginx/wordpress/index.php
<?php
phpinfo();
?>
#将网页测试文件拷贝过去
[root@server15 php-fpm.d]# scp /data/nginx/wordpress/index.php 192.168.37.16:/data/nginx/wordpress/index.php
#将nginx配置文件拷贝过去
[root@server15 php-fpm.d]# scp /apps/nginx/conf/nginx.conf 192.168.37.16:/apps/nginx/conf/nginx.conf
server16
#检查语法
[root@server16 etc]# /apps/nginx/sbin/nginx -t
#重新加载nginx
[root@server16 etc]# /apps/nginx/sbin/nginx -s reload
server15
[root@server15 php-fpm.d]# cd /data/nginx/wordpress/
[root@server15 wordpress]# unzip wordpress-5.2.2-zh_CN.zip
[root@server15 wordpress]# mv wordpress/* .
#这两个没有用了、可移动走或删除
[root@server15 wordpress]# mv wordpresss wordpress-5.2.2-zh_CN.zip /opt/
[root@server15 wordpress]# cp wp-config-sample.php wp-config.php
#看下图
[root@server15 wordpress]# vim wp-config.php
[root@server15 wordpress]# vim /apps/nginx/conf/nginx.conf
...
server {
listen 80;
server_name www.123.com; <--修改此行
...
[root@server15 wordpress]# /apps/nginx/sbin/nginx -t
[root@server15 wordpress]# /apps/nginx/sbin/nginx -s reload
[root@server15 wordpress]# scp /apps/nginx/conf/nginx.conf 192.168.37.16:/apps/nginx/conf/nginx.conf
server16
[root@server16 etc]# /apps/nginx/sbin/nginx -t
[root@server16 etc]# /apps/nginx/sbin/nginx -s reload
windows中更改/etc/hosts文件测试
server17
此时数据库中应该有表
]# mysql
mysql> use wordpress;
mysql> show tables;
+-----------------------+
| Tables_in_wordpress |
+-----------------------+
| wp_commentmeta |
| wp_comments |
| wp_links |
| wp_options |
| wp_postmeta |
| wp_posts |
| wp_term_relationships |
| wp_term_taxonomy |
| wp_termmeta |
| wp_terms |
| wp_usermeta |
| wp_users |
+-----------------------+
12 rows in set (0.01 sec)
server15
#把当前目录下所有文件、'-r'递归、拷贝到'37.16'
[root@server15 wordpress]# scp -r ./* 192.168.37.16:/data/nginx/wordpress/
windows
server13和server14(HAProxy)
[root@server13 ~]# yum install -y keepalived haproxy
server13
[root@server13 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
#加此项否则、地址会冲突
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 200
priority 100
#监听时间2分钟
advert_int 2
authentication {
auth_type PASS
#密码1111
auth_pass 1111
}
virtual_ipaddress {
192.168.37.248 dev eth0 label eth0:0
}
}
[root@server13 ~]# scp /etc/keepalived/keepalived.conf 192.168.37.14:/etc/keepalived/keepalived.conf
server14
#调整主从、优先级
[root@server14 ~]# vim /etc/keepalived/keepalived.conf
...
vrrp_instance VI_1 {
state BACKUP <--从
interface eth0
virtual_router_id 200
priority 80 <--优先级
...
server13和server14(HAProxy)
#启动keepalived
[root@server13 ~]# systemctl start keepalived
#开机启动keepalived
[root@server13 ~]# systemctl enable keepalived
server13
[root@server13 ~]# vim /etc/haproxy/haproxy.cfg
...
maxconn 3000 <--删除此行下面所有内容、改成下面信息
listen web-80
bind 192.168.37.248:80
server web1 192.168.37.15:80 check inter 3s fall 3 rise 5
server web2 192.168.37.16:80 check inter 3s fall 3 rise 5
...
[root@server13 ~]# systemctl restart haproxy
[root@server13 ~]# systemctl enable haproxy
windows
[root@server13 ~]# scp /etc/haproxy/haproxy.cfg 192.168.37.14:/etc/haproxy/haproxy.cfg
server14
[root@server14 ~]# systemctl restart haproxy
[root@server14 ~]# systemctl enable haproxy
[root@server14 ~]# vim /etc/sysctl.conf
...
net.ipv4.ip_nonlocal_bind = 1
...
#生效
[root@server14 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
#拷贝到'37.13'
[root@server14 ~]# scp /etc/sysctl.conf 192.168.37.13:/etc/
#重启
[root@server14 ~]# systemctl restart haproxy
#查看端口
[root@server14 ~]# ss -ntlp|grep haproxy
LISTEN 0 128 192.168.37.248:80 *:* users:(("haproxy",pid=9567,fd=5))
server13
如果13服务器挂了、14服务器应该能继续访问
#生效
[root@server13 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@server13 ~]# systemctl stop haproxy keepalived
server14
[root@server14 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:27:de:e1 brd ff:ff:ff:ff:ff:ff
inet 192.168.37.14/24 brd 192.168.37.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.37.248/32 scope global eth0:0 <--地址飘过来了
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe27:dee1/64 scope link
valid_lft forever preferred_lft forever
server11和server12(LVS-DR)
[root@server11 ~]# yum install keepalived ipvsadm -y
[root@server11 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables #加此项否则、地址会冲突
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_2 { #VI_2
state MASTER
interface eth0
virtual_router_id 202 #202
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111 #密码1111
}
virtual_ipaddress {
192.168.37.249 dev eth0 label eth0:0 #地址
}
}
virtual_server 192.168.37.249 80 { #地址
delay_loop 6
lb_algo rr
lb_kind DR #类型DR
persistence_timeout 50
protocol TCP
real_server 192.168.37.13 80 { #HAProxy1
weight 1 #权重
TCP_CHECK {
connect_timeout 5 #超时时间
nb_get_retry 3 #重试次数
delay_before_retry 3 #重连间隔时间
connect_port 80 #端口80
}
}
real_server 192.168.37.14 80 { #HAProxy2
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
[root@server11 ~]# systemctl restart keepalived
[root@server11 ~]# systemctl enable keepalived
#查看是否有'37.249'
[root@server11 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:23:4b:86 brd ff:ff:ff:ff:ff:ff
inet 192.168.37.11/24 brd 192.168.37.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.37.249/32 scope global eth0:0 <--37.249
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe23:4b86/64 scope link
valid_lft forever preferred_lft forever
#查看当前配置的虚拟服务和各个RS的权重
[root@server11 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.37.249:80 rr persistent 50
-> 192.168.37.13:80 Route 1 0 0
-> 192.168.37.14:80 Route 1 0 0
server13和server14
[root@server13 ~]# vim /etc/haproxy/haproxy.cfg
listen web-80
# bind 192.168.37.11:80,192.168.37.249:80 <--
bind 192.168.37.13:80 <--
[root@server14 ~]# vim /etc/haproxy/haproxy.cfg
listen web-80
# bind 192.168.37.249:80 <--
bind 192.168.37.14:80 <--
#重启服务
systemctl restart haproxy
[root@server13 ~]# cat lvs-dr.sh
#!/bin/sh
#LVS DR模式初始化脚本
#Zhang:2017
#注意IP地址
LVS_VIP=192.168.37.249
source /etc/rc.d/init.d/functions
case "$1" in
start)
/sbin/ifconfig lo:0 $LVS_VIP netmask 255.255.255.255 broadcast $LVS_VIP
/sbin/route add -host $LVS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del $LVS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
[root@server13 ~]# bash lvs-dr.sh start
RealServer Start OK
server11
#文件拷贝到'37.12'
[root@server11 ~]# scp /etc/keepalived/keepalived.conf 192.168.37.12:/etc/keepalived/keepalived.conf
server12
[root@server12 ~]# vim /etc/keepalived/keepalived.conf
...
vrrp_instance VI_2 {
state BACKUP <--从
interface eth0
virtual_router_id 202
priority 80 <--权重
...
#重启服务
[root@server12 ~]# systemctl restart keepalived
server14
[root@server14 ~]# vim /etc/haproxy/haproxy.cfg
...
listen web-80
bind 192.168.37.249:80,192.168.37.14:80 <--监听地址
server web1 192.168.37.15:80 check inter 3s fall 3 rise 5
server web2 192.168.37.16:80 check inter 3s fall 3 rise 5
...
#重启'haproxy'服务
[root@server14 ~]# systemctl restart haproxy
server13
[root@server13 ~]# vim /etc/haproxy/haproxy.cfg
...
listen web-80
bind 192.168.37.249:80,192.168.37.13:80 <--监听地址
server web1 192.168.37.15:80 check inter 3s fall 3 rise 5
server web2 192.168.37.16:80 check inter 3s fall 3 rise 5
...
#重启'haproxy'服务
[root@server13 ~]# systemctl restart haproxy
windows
此时还不能上传图片、需要在'server15和server16'更改属主属组权限
server15和server16
#'-R'递归、更改属主属组权限
[root@server15 wordpress]# chown www.www /data/nginx/wordpress/ -R
server15
图片在server15、server16没有此图片、此时需要把图片拷贝到NFS服务器上
[root@server15 wordpress]# ll wp-content/uploads/2022/08/20210425035243.png
-rw-r--r-- 1 www www 108433 Aug 19 06:59 wp-content/uploads/2022/08/20210425035243.png
[root@server15 wordpress]# cd ..
[root@server15 nginx]# cd wordpress/wp-content/
[root@server15 wp-content]# mount -t nfs 192.168.37.17:/data/wordpress /mnt/
#拷贝'NFS'
[root@server15 wp-content]# cp -r uploads/* /mnt/
[root@server15 wp-content]# mount -t nfs 192.168.37.17:/data/wordpress /data/nginx/wordpress/wp-content/uploads/
server16
[root@server16 wordpress]# mount -t nfs 192.168.37.17:/data/wordpress /data/nginx/wordpress/wp-content/uploads/
[root@server16 wordpress]# chown www.www /data/nginx/wordpress/ -R
此时无论在那个服务器访问图片都可以显示。
server13和server14
#添加执行权限
[root@server13 ~]# chmod a+x lvs-dr.sh
#设置开机启动
[root@server13 ~]# vim /etc/rc.d/rc.local
bash /root/lvs-dr.sh start <--
[root@server13 ~]# chmod a+x /etc/rc.d/rc.local
此时、已经完成。如果server13或server14挂掉其中一个,仍可以访问"www.123.com",且图片可以看到。
