Linux網路服務--LAMP+Nginx+Squid搭建web伺服器
一、專案名稱
LAMP+Nginx+Squid搭建web叢集環境
二、專案拓撲
三、專案描述
3.1 專案環境
某部隊為了滿足資訊化政治工作建設需要,用以豐富官兵日常生活內容,活化教育形式,更好的建設部隊人文環境,準備架設部隊內部的網站伺服器,並申請使用軍內公網IP:1.1.1.1
基於以上情況為該部提出以下解決方案。
3.2 實施方案
3.2.1 伺服器作業系統與軟體版本選擇
作業系統選擇RedHat企業版5.10;
Nginx選擇1.2.0版本原始碼安裝包
Squid選擇系統映象自帶的版本squid-2.6.STABLE21-6.el5
Apache選擇系統映象自帶的版本httpd-2.2.3-82.el5_9
PHP 選擇原始碼包
MySql代理選擇官方的免安裝版本mysql-proxy-0.8.3-linux-rhel5-x86-64bit
MySql選擇原始碼包版本為mysql-5.5.13
以下是IP規劃:
Server Name | Port | IP | Function |
client | eth0 | 1.1.1.2 | 模擬外部網路客戶端 |
Nginx_1 | eth0 | 1.1.1.1 | 負載均衡 |
eth1 | 192.168.1.254 | ||
Squid_1 | eth0 | 192.168.1.10 | 頁面快取 |
Squid_2 | eth0 | 192.168.1.20 | 頁面快取 |
Web_4 | eth0 | 192.168.1.30 | 提供web服務 |
Web_5 | eth0 | 192.168.1.40 | 提供web服務 |
Mysql_proxy6 | eth0 | 192.168.1.60 | 資料庫代理,讀寫分離 |
Mysql_master7 | eth0 | 192.168.1.70 | 主資料庫,可讀寫 |
Mysql_slave8 | eth0 | 192.168.1.80 | 從資料庫 |
Backup_9 | eth0 | 192.168.1.90 | 整個網路資料的備份 |
3.2.2 在名為nginx_1的服務上部署nginx,作為負載均衡器,把使用者訪問http://www.tarena.com的請求以輪詢的方式連線到伺服器squid_2和伺服器squid_3.。
3.2.3 squid_2和squid_3的伺服器作為頁面快取伺服器,能夠快取使用者訪問網站伺服器web_4、web_5上的網頁檔案。
3.2.4 伺服器mysql_master7 提供
3.2.5 為了減輕資料庫伺服器mysql_master7的壓力,在名為mysql_proxy6的主機上部署mysql代理服務。
3.2.6 backup_9伺服器做資料備份伺服器,備份網站伺服器web_4、web_5的網頁檔案。 web_4伺服器的網頁檔案備份到本機的 /backup/web_4目錄下;
web_5伺服器的網頁檔案備份到本機的 /backup/web_5目錄下;
每天凌晨3點開始備份網站伺服器web_4、web_5的網頁檔案;
同步資料時使用的使用者名稱都是webuser密碼都tarenapa55且使用者有上傳和下載的許可權;
說明:備份的資料會越來越大,為了避免儲存空間不足情況的發生,把使用者上傳的檔案儲存到backup_9伺服器的LV裝置裡,這樣可以隨時對儲存裝置做擴容操作。backup_9備份伺服器保持與源網站伺服器資料一致且儲存源伺服器上刪除的檔案。
3.2.7 在backup_9伺服器上部署pxe服務,為所有伺服器方便快捷地安裝rhel5 /rhel6 作業系統
3.2.8 為了保證資料庫的冗餘,在資料庫伺服器mysql_master7上每天23點執行備份指令碼mysqlbak.sh。
指令碼mysqlbak.sh的功能如下:備份每天新生成的binlog檔案,把備份的檔案打包並壓縮到系統的/dbbak目錄下;用系統日期做打包壓縮檔名;然後把打包壓縮的檔案上傳到backup_9伺服器的/backup/mysqlbak目錄下。
3.2.9 每週一早上7點,對伺服器mysql_slave8做完整備份;備份檔案存放到本地的/sdb1分割槽裡。
3.2.10 在nginx_1伺服器上編寫觸發更新網頁檔案的shell指令碼。程式設計師新新增的網頁檔案能夠及時的同步到2臺網站伺服器上。
四、配置過程
4.1 配置網站服務
4.1.1 安裝提供服務的軟體包
在web_4(192.168.1.40)和web_5(192.168.1.50)上分別做如下操作:
# yum -y install httpd httpd-devel
# yum -y install php php-*.x86_64
# service httpd restart
4.1.2 修改配置檔案
在web_4上寫個php測試網頁
[[email protected]_4 ~]# cat /var/www/html/test.php
<?php
echo"This is web_4";
?>
在web_5上寫個php測試網頁
[[email protected]_5 ~]# cat /var/www/html/test.php
<?php
echo"This is web_5";
?>
4.1.3 驗證服務配置
[[email protected]_4 ~]# elinks --dumphttp://localhost/test.php
Thisis web_4
[[email protected]_5 ~]# elinks --dumphttp://localhost/test.php
Thisis web_5
4.2 配置squid服務
4.2.1 安裝squid軟體包
分別在squid_2(192.168.1.20)和squid_3(192.168.1.30)上yum安裝squid和elinks,elinks作為網頁測試工具。
命令如下:
# yum -y install squid
# yum -y install elinks
4.2.2 修改配置檔案
squid_2上的配置:
[[email protected]_2 ~]# cd /etc/squid/
[[email protected]_2 squid]# egrep -v"^#|^$" squid.conf.default > squid.conf
[[email protected]_2~]# cat /etc/squid/squid.conf
......
http_access allow all
icp_accessallow all
http_port80 vhost
cache_peer192.168.1.40 parent 80 0 originserver
cache_peer192.168.1.50 parent 80 0 originserver
cache_dirufs /var/spool/squid 200 16 256
cache_mem150 MB
visible_hostnamesquid_2.example.com
access_log/var/log/squid/access.log squid
......
[[email protected]_2~]# service squid restart
[[email protected]_2~]# chkconfig squid on
Squid_3上的配置:
[[email protected]_3~]# yum -y install squid
[[email protected]_3~]# scp 192.168.1.20:/etc/squid/squid.conf /etc/squid/squid.conf
[[email protected]_3~]# vim /etc/squid/squid.conf
......
http_accessallow all
icp_accessallow all
http_port80 vhost
cache_peer192.168.1.40 parent 80 0 originserver
cache_peer192.168.1.50 parent 80 0 originserver
cache_dirufs /var/spool/squid 200 16 256
cache_mem150 MB
visible_hostnamesquid_3.example.com
access_log/var/log/squid/access.log squid
......
[[email protected]_3~]# service squid restart
[[email protected]_3~]# chkconfig squid on
4.2.3 驗證服務配置
[[email protected]_2 ~]# elinks --dumphttp://localhost/test.php
[[email protected]_3 ~]# elinks --dumphttp://localhost/test.php
在web_4上關閉httpd服務,檢查是否自動切換到web_5
[[email protected]_4 ~]# service httpd stop
[[email protected]_2 ~]# elinks --dumphttp://localhost/test.php
[[email protected]_3~]# elinks --dump http://localhost/test.php
4.3 配置nginx代理服務
4.3.1 安裝提供服務的軟體包
在192.168.1.254上原始碼安裝nginx
[[email protected]_1nginx-1.2.0]# useradd -s/sbin/nologin -M nginx
[[email protected]_1nginx-1.2.0]# ./configure \
>--prefix=/usr/local/nginx \
>--pid-path=/usr/local/nginx/nginx.pid \
> --user=nginx --group=nginx \
>--with-http_ssl_module --with-http_flv_module \
>--with-http_stub_status_module \
>--with-http_gzip_static_module \
[[email protected]_1nginx-1.2.0]#make
[[email protected]_1nginx-1.2.0]#make install
[[email protected]_1~]# ls /usr/local/nginx/
conf htmllogs sbin
4.3.2 修改配置檔案
[[email protected]_1 ~]# cat/usr/local/nginx/conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_typeapplication/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream "webgroup" {
server 192.168.1.20:80;
server 192.168.1.30:80;
}
server {
listen 80;
server_name www.tarena.com;
location / {
proxy_pass http://webgroup;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
4.3.3 驗證服務配置
啟動nginx服務
[[email protected]_1~]# /usr/local/nginx/sbin/nginx
訪問nginx服務
[[email protected]_1~]# elinks --dump http://localhost
Welcome tonginx!
4.4 配置資料庫服務
4.4.1 安裝提供服務的軟體包
準備mysql執行賬戶:
[[email protected]_master7 ~]# useradd -M -u49 -s /sbin/nologin mysql
[[email protected]_master7 ~]# tar zxfmysql-5.1.62.tar.gz
[[email protected]_master7 ~]# cd mysql-5.1.62
[[email protected]_master7 mysql-5.1.62]#./configure \
> --prefix=/usr/local/mysql \
> --with-charset=utf8 \
>--with-collation=utf8_general_ci \
>--with-extra-charset=gbk,gb2312
[[email protected]_master7 mysql-5.1.62]#make && make install
[[email protected]_master7 mysql-5.1.62]#cd /usr/local/mysql/
[[email protected]_master7 mysql]#./bin/mysql_install_db --user=mysql
調整mysql目錄許可權:
[[email protected]_master7 ~]#chown -R root:mysql /usr/local/mysql/
[[email protected]_master7 ~]# chown -R mysql/usr/local/mysql/var/
mysql執行優化、新增庫路徑:
[[email protected]_master7 ~]# cp -f /usr/local/mysql/share/mysql/my-medium.cnf/etc/my.cnf
[[email protected]_master7 ~]# ln -sf/usr/local/mysql/bin/* /usr/bin/
[[email protected]_master7 ~]# vim/etc/ld.so.conf.d/mysql-64.conf
/usr/local/mysql/lib/mysql
[[email protected]_master7 ~]# ldconfig -v
建立mysql控制指令碼:
[[email protected]_master7 ~]# cp -f/usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysqld
[[email protected]_master7 ~]# chmod +x/etc/init.d/mysqld
[[email protected]_master7 ~]# chkconfig --addmysqld
[[email protected]_master7 ~]# chkconfig --listmysqld
mysqld 0:off 1:off2:on 3:on 4:on5:on 6:off
修改root登入密碼
[[email protected]_master7 ~]# mysqladmin -u rootpassword tarenapa55
重啟服務:
[[email protected]_master7 ~]# service mysqldrestart
MySQL manager or server PID file could not befound! [FAILED]
Starting MySQL. [ OK ]
在mysql_salve8(192.168.1.80)上做以上同樣操作。
4.4.2 修改配置檔案
Master(192.168.1.70)上的配置如下:
[[email protected]_master7 ~]# vim/etc/my.cnf
[mysqld]
log-bin=master //binlog日誌名稱字首
server-id=7 //id號,必須唯一
... ...
[[email protected]_master7 ~]# servicemysqld restart
Stopping mysqld:[ OK ]
Starting mysqld:[ OK ]
[[email protected]_master7 ~]# mysql-uroot -ptarenapa55
mysql> GRANT REPLICATION SLAVEON *.* TO[email protected]"192.168.1.80" IDENTIFIED BY"tarenapa55"; //授權使用者,用於slave訪問
Query OK, 0 rows affected (0.00sec)
Slave(192.168.1.80)上的配置如下:
[[email protected]_salve8 ~]# mysqladmin-u root password tarenapa55
[[email protected]_salve8 ~]# vim/etc/my.cnf
[mysqld]
log-bin=slave
server_id=8
... ...
[[email protected]_salve8 ~]# servicemysqld restart
Stopping mysqld:[ OK ]
Starting mysqld:[ OK ]
[[email protected]_salve8 ~]# mysql-uroot -ptarenapa55
mysql> CHANGE MASTER TO
-> MASTER_HOST="192.168.1.70",
-> MASTER_USER="webuser",
-> MASTER_PASSWORD="tarenapa55",
-> MASTER_LOG_FILE="master.000001",
-> MASTER_LOG_POS=1;
Query OK, 0 rows affected (0.03sec)
mysql> START SLAVE;
Query OK, 0 rows affected (0.00sec)
mysql> SHOW SLAVE STATUS\G;
Slave_IO_Running: Yes //確保為Yes才算成功
Slave_SQL_Running: Yes //確保為Yes才算成功
4.4.3 驗證服務配置
在主伺服器上新建stu庫:
[[email protected]_master7 ~]# mysql -uroot -ptarenapa55
mysql> CREATE DATABASE stu;
Query OK, 1 row affected (0.00 sec)
mysql> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| stu |
| test |
+--------------------+
4 rows in set (0.01 sec)
在從伺服器上可以檢視到stu庫,表示主從同步正常:
[[email protected]_salve8 ~]# mysql -uroot -ptarenapa55
mysql> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| stu |
| test |
+--------------------+
4 rows in set (0.00 sec)
4.5 配置資料庫代理服務
4.5.1 安裝提供服務的軟體包
[[email protected]_proxy6 ~]# tar zxfmysql-proxy-0.8.3-linux-rhel5-x86-64bit.tar.gz -C /usr/local/
[[email protected]_proxy6 ~]# cd /usr/local/
[[email protected]_proxy6 local]# mvmysql-proxy-0.8.3-linux-rhel5-x86-64bit/ mysql-proxy
[[email protected]_proxy6 local]# cdmysql-proxy/
[[email protected]_proxy6 mysql-proxy]# chmod+x share/doc/mysql-proxy/rw-splitting.lua
4.5.2 啟動服務
[[email protected]_proxy6 mysql-proxy]#./bin/mysql-proxy \
> -P 192.168.1.60:3306 \ //代理的IP地址和埠
> -b 192.168.1.70:3306 \ //進行寫操作資料庫的IP地址和埠
> -r 192.168.1.80:3306 \ //進行讀操作資料庫的IP地址和埠
> -s rw-splitting.lua & //指定讀寫分離的指令碼檔案
[[email protected]_proxy6 mysql-proxy]# netstat-anptu | grep :3306
tcp0 0 192.168.1.60:3306 0.0.0.0:* LISTEN8872/mysql-proxy
在主伺服器(192.168.1.70)上授權使用者對stu庫有完全讀寫許可權:
[[email protected]_master7 ~]# mysql -uroot -ptarenapa55
mysql> GRANT ALL ON stu.* [email protected]"192.168.1.%" IDENTIFIED BY "pwd123";
Query OK, 0 rows affected (0.00 sec)
4.5.3 驗證服務配置
在主伺服器上的stu庫新建表info
mysql> USE stu;
Database changed
mysql> CREATE TABLE info( id int(2) ,name varchar(10) );
Query OK, 0 rows affected (0.01 sec)
停掉從伺服器上的從服務
mysql> STOP SLAVE;
Query OK, 0 rows affected (0.00 sec)
在主伺服器上插入一條資料:
mysql> INSERT INTO info VALUES(1,"master");
Query OK, 1 row affected (0.00 sec)
mysql> SELECT * FROM stu.info;
+------+--------+
| id| name |
+------+--------+
|1 | master |
+------+--------+
1 row in set (0.00 sec)
在從伺服器上插入一條資料,並開啟從服務:
mysql> USE stu;
Database changed
mysql> INSERT INTO info VALUES(1,"slave");
Query OK, 1 row affected (0.01 sec)
mysql> START SLAVE;
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT * FROM stu.info;
+------+-------+
| id |name |
+------+-------+
| 1 | slave |
+------+-------+
1 row in set (0.01 sec)
在web_4上訪問資料庫代理192.168.1.60:
[[email protected]_proxy6~]# mysql -h192.168.1.60 -uuser02 -ppwd123
mysql> SELECT* FROM stu.info;
+------+-------+
| id | name|
+------+-------+
| 1 | slave | //看出讀資料用的是從伺服器
+------+-------+
1 row in set(0.00 sec)
插入資料成功:
mysql> INSERTINTO stu.info VALUES(2,"slave2");
Query OK, 1 rowaffected (0.01 sec)
當停掉主伺服器上的mysql服務
mysql> SELECT* FROM stu.info;
+------+--------+
| id | name |
+------+--------+
| 1 | slave |
+------+--------+
1 row in set(0.00 sec)
插入資料不成功
mysql> INSERTINTO stu.info VALUES(2,"slave2");
ERROR 2013(HY000): Lost connection to MySQL server during query
4.5.4 測試網站與資料庫的連線
在兩臺網站伺服器編寫連線資料庫伺服器的測試檔案
[[email protected]_4 ~]# cat /var/www/html/test.php
<?php
echo "This isweb_5....";
$links=mysql_connect("192.168.1.60","user02","pwd123");
if($links){
echo "link dbok!!!";
}
else{
echo "link dbno!!!";
}
?>
[[email protected]_4 ~]# scp /var/www/html/test.php192.168.1.50:/var/www/html/
當停掉web_4的httpd服務,可以自動連線到web_5就成功了:
[[email protected]_4 ~]# service httpd stop
Stopping httpd:[ OK ]
4.6 搭建rsync服務,實現web_4和web_5觸發同步網頁檔案
4.6.1 安裝提供服務的軟體包
[[email protected]_5 ~]# yum -y install rsync
[[email protected]_5 ~]# yum -y install xinetd
[[email protected]_5 ~]# service xinetd restart
Stopping xinetd:[FAILED]
Starting xinetd: [ OK ]
[[email protected]_5 ~]# chkconfig xinetd on
[[email protected]_5 ~]# chkconfig rsync on
[[email protected]_4 ~]# tar zxfinotify-tools-3.14.tar.gz
[[email protected]_4 ~]# cd inotify-tools-3.14
[[email protected]_4 inotify-tools-3.14]# ./configure
[[email protected]_4 inotify-tools-3.14]# make&& make install
4.6.2 修改配置檔案
[[email protected]_5 ~]# vim /etc/rsyncd.conf
uid = nobody
gid = nobody
use chroot = yes
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
[web]
path = /var/www/html
comment = Apache sync
read only = no
dont compress = *.gz *.bz2 *.tgz *.zip
[[email protected]_4 ~]# vim /root/ruser.pass
[[email protected]_4 ~]# chmod 600 /root/ruser.pass
4.6.3 測試
[[email protected]_4 ~]# inotifywait -mrq-emodify,move,create,delete,attrib /var/www/html | while read X Y Z ; dorsync -avz --password-file=pass.txt /var/www/html/ [email protected]::web&>/etc/null; done &
[[email protected]_4 ~]# ls /var/www/html
index.htmltest.php
[[email protected]_5 ~]# ls /var/www/html
index.htmltest.php
[[email protected]_4 ~]# touch /var/www/html/123.html
[[email protected]_4 ~]# ls /var/www/html/
123.htmlindex.html test.php
[[email protected]_5 ~]# ls /var/www/html/
123.htmlindex.html test.php
驗證成功後讓命令開機在後臺執行
[[email protected]_4 ~]# vim /etc/rc.local
......
/usr/local/bin/inotifywait -mrq -emodify,move,create,delete,attrib /var/www/html | while read X Y Z ; do/usr/bin/rsync -avz --password-file=pass.txt --delete /var/www/html/[email protected]::web &>/etc/null; done &
4.7 將資料備份到backup_9
4.7.1 備份網頁檔案
[[email protected]_9 ~]# yum -y install rsync
建立同步賬號檔案
[[email protected]_9 ~]# vim/etc/rsyncd_users.db
webuser:tarenapa55
建立 /etc/rsyncd.conf 共享設定
[[email protected]_9 ~]# chmod 600/etc/rsyncd_users.db
[[email protected]_9 ~]# vim /etc/rsyncd.conf
uid = nobody
gid = nobody
use chroot = yes
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
[web4]
path = /backup/server4
comment = Rsync web4
read only = no
dont compress = *.gz *.bz2 *.tgz *.zip
auth users = webuser
secrets file = /etc/rsyncd_users.db
[web5]
path = /backup/server5
comment = Rsync web5
read only = no
dont compress = *.gz *.bz2 *.tgz *.zip
auth users = webuser
secrets file = /etc/rsyncd_users.db
給backup_9劃分個邏輯卷,並且掛載到/backup
[[email protected]_9 ~]# mkdir -m 777 /backup
[[email protected]_9 ~]# mount /dev/vgdata/lvdata /backup/
[[email protected]_9 ~]# mkdir -p -m 777/backup/server{4,5}
啟用 rsync --daemon 服務
[[email protected]_9 ~]# yum -y install xinetd
[[email protected]_9 ~]# chkconfig rsync on
[[email protected]_9 ~]# chkconfig xinetd on
[[email protected]_9 ~]# service xinetd restart
在web4(192.168.1.50)和web5(192.168.1.50)分別做如下從操作
# vim /root/sync.pass //存放同步時的密碼
tarenapa55
# chmod 600 /root/sync.pass
# crontab -e //編輯週期性任務
00 3 * * * /usr/bin/rsync -avz --delete--password-file=/root/sync.pass /var/www/html/ [email protected]::web4&>/dev/null
[[email protected]_4 ~]# chkconfig crond on
4.7.2 備份資料庫檔案
[[email protected]_9~]# mkdir -m 777 /backup/mysqlbak
[[email protected]_9~]# vim /etc/rsyncd.conf
......
[mysql]
path = /backup/mysqlbak
comment = Rsync mysql
read only = no
dont compress = *.gz *.bz2 *.tgz *.zip
auth users = webuser
secrets file = /etc/rsyncd_users.db
[[email protected]_master7~]# echo "tareanapa55" >/root/sync.pass
[[email protected]_master7~]# chmod 600 /root/sync.pass
[[email protected]_master7~]# vim /root/mysqlbak.sh
#!/bin/bash
dbdir=/var/lib/mysql
index=`grep"log-bin" /etc/my.cnf | awk -F"=" '{print $2}'`
bindir=/binlogdir
tardir=/dbbak
if [ ! -d$bindir ];then
mkdir $bindir
fi
if [ ! -d$tardir ];then
mkdir $tardir
fi
lastname=`tail-1 $dbdir/$index.index | awk -F"/" '{print $2}'`
for i in `cat$dbdir/$index.index`
do
logname=`echo $i | awk -F"/"'{print $2}'`
cd $dbdir
if [ -e $bindir/$logname ];then
continue
else
if [ $logname != $lastname ];then
cp $logname $bindir
fi
fi
done
tar zcf/dbbak/`date +%Y%m%d`.tgz $tardir/
rsync -az--password-file=/root/sync.pass /dbbak/ [email protected]::mysql
[[email protected]_master7~]# crontab -e
00 23 * * */bin/bash /root/mysqlbak.sh
五、專案總結
專案缺陷:
1. Nginx和mysql代理容易出現單點故障,只要nginx和mysql代理任意一臺宕機,web服務不能正常訪問
2. 兩臺mysql伺服器只做了主從,一旦主伺服器宕機,就不能寫入資料,只能讀資料。可換成互為主從的架構。
轉載於:https://blog.51cto.com/erick0608/1561924