1.基础架构搭建

环境准备:配置ip,关闭防火墙和selinux
lb1:192.168.8.10
lb2:192.168.8.20
web1:192.168.8.30
web2:192.168.8.40
mysql: 192.168.8.50
php: 192.168.8.60


ifdown ens33;ifup ens33
systemctl stop firewalld
systemctl disable firewalld
setenforce 0

1.lb1、lb2、web1、web2安装nginx

yum -y install epel-release
yum -y install nginx 
 

2.配置lb1:192.168.8.10

cd /etc/nginx/conf.d/
rm -rf *
vim lb.conf 
添加:
upstream webcluster {
        server 192.168.8.30:80;
        server 192.168.8.40:80;
}
server {
        listen 80;
        server_name blog.benet.com;

        location / {
                proxy_pass      http://webcluster;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

保存退出 
systemctl restart nginx 
systemctl enable nginx 

scp -rp /etc/nginx/conf.d/lb.conf root@192.168.8.20:/etc/nginx/conf.d/

配置lb2: 192.168.8.20
systemctl restart nginx 
systemctl enable nginx 

3.配置keepalived高可用

两台lb都安装keepalived
yum -y install keepalived

lb1:配置keepalived
vim /etc/keepalived/keepalived.conf 
修改:
global_defs {
   router_id lb1
}
vrrp_script check_nginx_proxy {
        script “/sh/check_nginx_proxy.sh”
        interval 2
        weight 5
        }
vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.8.254
    }
    track_script {
        check_nginx_proxy
    }
}
保存退出 

mkdir /sh 
vim /sh/check_nginx_proxy.sh
#!/bin/bash
killall  -0  nginx
if  [ $? -ne 0 ];then
  systemctl stop keepalived
fi

chmod  +x  /sh/check_nginx_proxy.sh

crontab -e
* * * * * /bin/bash /sh/check_nginx_proxy.sh


lb2:配置keepalived
vim /etc/keepalived/keepalived.conf
修改为:
global_defs {
   router_id lb2            
}

vrrp_instance VI_1 {
    state BACKUP            
    interface ens33
    virtual_router_id 51
    priority 99                
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.8.254    
    }
}
保存退出

systemctl restart keepalived
systemctl enable keepalived


4.配置web节点

web1: 配置nginx,安装blog
(2)复制wordpress安装包,到虚拟机/,解压并赋权
    unzip wordpress-4.9.4-zh_CN.zip
    chmod -R 777 /wordpress
    scp -rp /wordpress root@192.168.8.60:/
    
(3)创建虚拟主机配置文件
    vim /etc/nginx/conf.d/blog.conf
    添加:
    server {
        listen 80;
        server_name blog.benet.com;
        root /wordpress;
        index index.php index.html;

        location ~ \.php$ {
                root /wordpress;
                fastcgi_pass 192.168.8.60:9000;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }
    }
    保存退出
    systemctl reload nginx
    
    

5.安装mysql:192.168.8.50

复制mysql-rpm包到虚拟机
cd mysql-rpm 
yum -y localinstall *.rpm 
systemctl restart mysqld
systemctl enable mysqld

登录并创建blog库和用户:
mysql 
create database blog;
grant all on blog.* to lisi@'%' identified by '123.com';


6.安装php:192.168.8.60

复制php-rpm到虚拟机
cd php-rpm 
yum -y localinstall *.rpm 

vim /etc/php-fpm.d/www.conf
定位并修改为:
listen = 192.168.8.60:9000
listen.allowed_clients = 192.168.8.30,192.168.8.40
保存退出  
systemctl restart php-fpm
systemctl enable php-fpm

7.客户端浏览器访问web1:192.168.8.30,安装blog 

安装成功后,复制web1的配置文件和wordpress目录到web2:
scp -rp /wordpress root@192.168.8.40:/
scp -rp /etc/nginx/conf.d/* root@192.168.8.40:/etc/nginx/conf.d/
web2: systemctl restart nginx
测试能通过访问192.168.8.40成功

8.客户端通过域名或192.168.8.254虚拟地址访问,查看轮询
9.配置ssl加密

web1: 创建证书 
mkdir -p /etc/nginx/ssl_key 
cd /etc/nginx/ssl_key
openssl genrsa -idea -out server.key 2048
openssl req -days 3650 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt

vim /etc/nginx/conf.d/https.conf
server {
        listen 443 ssl;
        server_name blog.benet.com;
    ssl_certificate ssl_key/server.crt;
        ssl_certificate_key ssl_key/server.key;
        root /wordpress;
        index index.php index.html;

        location ~ \.php$ {
                root /wordpress;
                fastcgi_pass 192.168.8.60:9000;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }
    }
server {
        listen 80;
        server_name blog.benet.com;
        rewrite .* https://$server_name$1 redirect;
}
保存退出 

scp -rp /etc/nginx/ssl_key root@192.168.8.40:/etc/nginx/ 
scp -rp /etc/nginx/ssl_key root@192.168.8.10:/etc/nginx/ 
scp -rp /etc/nginx/ssl_key root@192.168.8.20:/etc/nginx/ 

lb1和lb2:
vim /etc/nginx/conf.d/lb.conf 
upstream webcluster {
        server 192.168.8.30:443;
        server 192.168.8.40:443;
}
server {
        listen 443 ssl;
        server_name blog.benet.com;
        ssl_certificate ssl_key/server.crt;
        ssl_certificate_key ssl_key/server.key;
        location / {
                proxy_pass      https://webcluster;
        }
}
server {
        listen 80;
        server_name blog.benet.com;
        return 302 https://$server_name$1;
}
保存退出  

systemctl restart nginx  
 

Logo

华为开发者空间,是为全球开发者打造的专属开发空间,汇聚了华为优质开发资源及工具,致力于让每一位开发者拥有一台云主机,基于华为根生态开发、创新。

更多推荐