keepalived雙主模式實作nginx高可用及LNAMMP架構
一、利用keepalived實作nginx排程器高可用;
二、建構LNAMMP架構:
1) Nginx既是前端排程器,又是緩存伺服器;
2) 将php的session緩存于memcached中;
3) 在Apache和php上部署Discuz論壇程式;
4) 使用https連接配接,即使使用者使用的是http協定也可以以https協定進行通路;
一、
實驗規劃:
director1: ip(172.16.1.8),虛拟ip(172.16.1.100)
director2: ip(172.16.1.9),虛拟ip(172.16.1.200)
RS1: rip(172.16.1.3)
RS2: rip(172.16.1.6)
1.首先關閉所有節點上iptables和selinux,同時進行時間同步。
2.在兩個後端RS上分别添加一個網頁
echo "www1.zrs.com" > /var/www/html/index.html
echo "www2.zrs.com" > /var/www/html/index.html
3.兩個director配置
安裝keepalived
yum -y install keepalived
4.安裝nginx
此次用EPEL源的安裝包,也可以編譯安裝
~]# cd /etc/yum.repos.d/
~]# vim nginx.repo
[nginx]
name=nginx repo
gpgcheck=0
enabled=1
~]# yum install -y nginx
5.在nginx.conf配置檔案中的http段内添加upstream内容,将後端兩台RS加入到該upstream中
upstream webservers {
}
server {
6.配置keepalived的主配置檔案,實作對nginx的雙主模式的高可用:
keepalived的配置檔案1:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
! Configuration File for keepalived
global_defs {
<a href="mailto:br/"></a>
<a href="mailto:br/">keepalived的配置檔案2: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39</a>
<a href="mailto:br/">7.開啟核心轉發功能</a>
<a href="mailto:br/">echo 1 > /proc/sys/net/ipv4/ip_forward</a>
<a href="mailto:br/">檢視keepalived狀态</a>
<a href="mailto:br/">c3ed3a4a25d8acccae25049a84c0d7d0.png</a>
<a href="mailto:br/">a929f05bf4a0cd2921d740b6e2bd3482.png</a>
<a href="mailto:br/">測試一下</a>
<a href="mailto:br/">f32512fcd1689d00569d1629569b9fd2.png</a>
<a href="mailto:br/">關閉一個後端RS的httpd服務</a>
<a href="mailto:br/">5804c2c7050f6449899024c65ea9085c.png</a>
<a href="mailto:br/">重新打開那個httpd服務</a>
<a href="mailto:br/">62977c9d158ec7f8fe04d36e441d2950.png</a>
<a href="mailto:br/">用戶端檢視,由于是輪詢模式,是以兩個後端RS主機交替通路,分别檢視兩個虛拟ip位址,如下</a>
<a href="mailto:br/">76a842516604d375ff9df916c0a98d56.png</a>
<a href="mailto:br/">b9e643330f695e0da34a77d7d05c5743.png</a>
<a href="mailto:br/">55440fdfc6659cbb1bb6bc2a83d8198b.png</a>
<a href="mailto:br/">d07f1de7b29cf61261d5ca8f18f8ba73.png</a>
<a href="mailto:br/">二、</a>
<a href="mailto:br/">LNAMMP架構:Linux+Nginx+Apache+MySQL+Memcached+PHP</a>
<a href="mailto:br/">1.在兩個後端RS上建立資料庫</a>
<a href="mailto:br/">MariaDB [(none)]> create database dzdb;</a>
<a href="mailto:br/">MariaDB [(none)]> grant all on dzdb.*TO 'dzuser'@'172.16.%.%'IDENTIFIED BY'123456';</a>
<a href="mailto:br/">MariaDB [(none)]> FLUSH PRIVILEGES;</a>
<a href="mailto:br/">在兩個後端RS上導入Discuz程式包,并解壓,将解壓出來的upload檔案包移動到指定目錄,并賦予必要的權限</a>
<a href="mailto:br/">cp -R ./upload /var/www/html</a>
<a href="mailto:br/">cd /var/www/html</a>
<a href="mailto:br/">chown apache:apache -R ./upload</a>
<a href="mailto:br/">cd upload/</a>
<a href="mailto:br/">chmod -R 777 config</a>
<a href="mailto:br/">chmod -R 777 data</a>
<a href="mailto:br/">chmod -R 777 uc_client</a>
<a href="mailto:br/">chmod -R 777 uc_server</a>
<a href="mailto:br/">打開浏覽器檢視</a>
<a href="mailto:br/">96ff40fbd037067a42b7b2c370af4f90.png</a>
<a href="mailto:br/">a19484574395d99115c51126f3bfa145.png</a>
<a href="mailto:br/">2.進行緩存設定,因為Nginx既是前端排程器,又是緩存伺服器,是以選取其中一個排程器172.16.1.9作為這次的緩存伺服器</a>
<a href="mailto:br/">在172.16.1.9上安裝并開啟服務</a>
<a href="mailto:br/">yum install -y memcached</a>
<a href="mailto:br/">systemctl start memcached</a>
<a href="mailto:br/">在後端兩個RS上安裝php和其連接配接memcache必要的擴充程式</a>
<a href="mailto:br/">yum install -y php php-pecl-memcache</a>
<a href="mailto:br/">修改/etc/php.ini該配置檔案中的[Session]段中的緩存路徑為如下,</a>
<a href="mailto:br/">session.save_handler = memcache</a>
<a href="mailto:br/">session.save_handler = "tcp://172.16.1.9:11211"</a>
<a href="mailto:br/">重載httpd</a>
<a href="mailto:br/">systemctl reload httpd</a>
<a href="mailto:br/">配置一個測試頁面,以測試緩存設定是否正常</a>
<a href="mailto:br/">[root@zj03 upload]# cd /var/www/html</a>
<a href="mailto:br/">[root@zj03 html]# vim sessstore.php</a>
<a href="mailto:br/">配置内容如下</a>
<a href="mailto:br/"><?php</a>
<a href="mailto:br/">$mem = new Memcache;</a>
<a href="mailto:br/">$mem->connect("172.16.1.9", 11211) or die("Could not connect");</a>
<a href="mailto:br/">$version = $mem->getVersion();</a>
<a href="mailto:br/">echo "Server's version: ".$version."<br/>\n";</a>
<a href="mailto:br/">$mem->set('hellokey', 'Hello World', 0, 600) or die("Failed to save data at the memcached server");</a>
<a href="mailto:br/">echo "Store data in the cache (data will expire in 600 seconds)<br/>\n";</a>
<a href="mailto:br/">$get_result = $mem->get('hellokey');</a>
<a href="mailto:br/">echo "$get_result is from memcached server.";</a>
<a href="mailto:br/">?></a>
<a href="mailto:br/">打開浏覽器通路虛拟ip檢視</a>
<a href="mailto:br/">92e8441e7910da8e3f07d2b316113ae7.png</a>
<a href="mailto:br/">ba0327fceddf713876202c4f114c710e.png</a>
<a href="mailto:br/">3.設定https協定通路</a>
<a href="mailto:br/">後端RS配置虛拟主機及密鑰,安裝https必要的程式包</a>
<a href="mailto:br/">yum install -y mod_ssl</a>
<a href="mailto:br/">前端nginx伺服器上配置rewrite功能,在server子產品中的location中添加如下</a>
添加server配置段
listen 443 ssl;
server_name www1.zrs.com;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
浏覽器測試
ed09c2e40f77d25cc50a834cb92819e3.png
本文轉自Vincent一馬 51CTO部落格,原文連結:http://blog.51cto.com/mazhenbo/2084372,如需轉載請自行聯系原作者
![修改or隐藏nginx版本号[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)