【frontend】前端frontend的安装与配置

一、实验环境


【frontend】前端frontend的安装与配置_第1张图片

操作系统:CentOS7.2 Mininal

serverA:192.168.1.104

serverB:192.168.1.109

VIP:       192.168.1.110

test:      192.168.1.120

二、软件安装

在serverA 和 serverB 上

# yum  -y install  nginx bind  ntp  keepalived 

# systemctl  enable  named  ntpd  nginx keepalived

三、特殊配置

在serverA 和 serverB 上

# sysctl -w net.ipv4.ip_nonlocal_bind=1

# echo "net.ipv4.ip_nonlocal_bind=1" >> /etc/sysctl.conf

注:更改Linux系统控制文件,使得端口即使监听在不存在的IP上,也不报错

# setenforce 0

# sed -i 's/^SELINUX=.*/SELINUX=permissive/g'   /etc/selinux/config


# systemctl stop   firewalld

# systemctl diable firewalld


三、serverA服务配置

# vim  /etc/keepalived/keepalived.conf

【frontend】前端frontend的安装与配置_第2张图片

##############################

! Configuration File for keepalived

global_defs {

   router_id LVS_DEVEL

}

vrrp_script check { 

    script "/etc/keepalived/check.sh" 

    interval 5     

}   

vrrp_instance VI_1 {

    state BACKUP

    interface eno16777736

    virtual_router_id 100

    priority 100

    advert_int 1

    nopreempt

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    track_script {   

      check

    }   

    virtual_ipaddress {

        192.168.1.110

    }

}

##############################

注意: vrrp_script{}中的interval时间需大于脚本中的sleep时间!

#  vim /etc/keepalived/check.sh

【frontend】前端frontend的安装与配置_第3张图片

##############################

#!/bin/bash

nginx_status1=$(ps -C nginx --no-heading|wc -l)

if [ "${nginx_status1}" = "0" ]; then

  systemctl start nginx.service

  sleep 3

  nginx_status2=$(ps -C nginx --no-heading|wc -l)

  if [ "${nginx_status2}" = "0" ]; then

    systemctl stop keepalived.service

  fi

fi

named_status1=$(ps -C named --no-heading|wc -l)

if [ "${named_status1}" = "0" ]; then

  systemctl start named.service

  sleep 3

  named_status2=$(ps -C named --no-heading|wc -l)

  if [ "${named_status2}" = "0" ]; then

    systemctl stop keepalived.service

  fi

fi

ntpd_status1=$(ps -C ntpd --no-heading|wc -l)

if [ "${ntpd_status1}" = "0" ]; then

  systemctl start ntpd.service

  sleep 3

  ntpd_status2=$(ps -C ntpd --no-heading|wc -l)

  if [ "${ntpd_status2}" = "0" ]; then

    systemctl stop keepalived.service

  fi

fi

#######################################

# chmod +x  /etc/keepalived/check.sh

# vim  /etc/ntp.conf

【frontend】前端frontend的安装与配置_第4张图片

########################################

driftfile /var/lib/ntp/drift

restrict default nomodify notrap nopeer noquery

restrict 127.0.0.1

restrict ::1

restrict 192.168.1.0 mask 255..255.255.0 nomodify notrap

server 192.168.1.110 iburst

server 127.127.1.0

fudge 127.127.1.0 stratum 10

interface ignore  wildcard

interface listen  192.168.1.110

interface listen  127.0.0.1

includefile /etc/ntp/crypto/pw

keys /etc/ntp/keys

disable monitor

##########################################

# vim /etc/named.conf

【frontend】前端frontend的安装与配置_第5张图片

##########################################

options {

        listen-on port 53 { 192.168.1.110; };

        listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { any; };

        recursion yes;

        dnssec-enable yes;

        dnssec-validation yes;

        pid-file "/run/named/named.pid";

};

zone "test.com" IN {

        type master;

        file "test.com.zone";

};

###############################################

# cp  -p  /var/named/named.localhost    /var/named/test.com.zone

# vim  /var/named/test.com.zone

【frontend】前端frontend的安装与配置_第6张图片



# vim /etc/nginx/nginx.conf

【frontend】前端frontend的安装与配置_第7张图片

#########################################

#    For more information on configuration, see:

#   * Official English Documentation:http://nginx.org/en/docs/

#   * Official Russian Documentation:http://nginx.org/ru/docs/

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events {

    worker_connections  1024;

}

# stream转发

stream {

#    hash $remote_addr consistent;

    proxy_connect_timeout 3s;

    include /etc/nginx/conf.d/stream_proxy.conf;

}

# http转发

http {

    client_max_body_size     500M;

    include                             mime.types;

    default_type                     application/octet-stream;

    server_tokens                   off;

    sendfile                            on;

    keepalive_timeout           65;

    include /etc/nginx/conf.d/http_proxy.conf;

}

############################################

#  vim  /etc/nginx/conf.d/stream_proxy.conf

#############################################

upstream stream_service {

    hash $remote_addr consistent;

    server192.168.1.103:12345        max_fails=1 fail_timeout=180s;

    server 192.168.1.104:12345       max_fails=1 fail_timeout=180s;


}

server {

    listen 192.168.1.110:54321;

    proxy_pass stream_service;

}

#####################################################

#  vim /etc/nginx/conf.d/http_proxy.conf

#####################################################

upstream http_service {

    server 192.168.1.107:443      max_fails=1 fail_timeout=180s;

    server 192.168.1.108:443       max_fails=1 fail_timeout=180s;


  }

server {

    listen 192.168.1.110:443 ssl;

    ssl_certificate          /etc/nginx/ssl/nginx-selfsigned.crt;

    ssl_certificate_key  /etc/nginx/ssl/nginx-selfsigned.key;

    location / {

        proxy_connect_timeout     3;

        proxy_send_timeout         600;

        proxy_read_timeout          600;

        send_timeout                    600;

        proxy_set_header            X-Real-IP $remote_addr;

        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;

         proxy_pass  https://http_service;

    }

}

#################################################################

# mkdir  /etc/nginx/ssl

# openssl req  -x509  -nodes \

    -newkey rsa:2048 \

    -days 365 \

    -subj "/C=CN/ST=Gunagdong/L=Shenzhen/O=TEST/OU=TEST/CN=www.test.com" \

    -keyout /etc/nginx/ssl/nginx-selfsigned.key \

    -out /etc/nginx/ssl/nginx-selfsigned.crt

四、serverB服务配置

# vim  /etc/keepalived/keepalived.conf

【frontend】前端frontend的安装与配置_第8张图片

##########################

! Configuration File for keepalived

global_defs {

   router_id LVS_DEVEL

}

vrrp_script check { 

    script "/etc/keepalived/check.sh" 

    interval 5     

}   

vrrp_instance VI_1 {

    state BACKUP

    interface eno16777736

    virtual_router_id 100

    priority 90

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    track_script {   

      check

    }   

    virtual_ipaddress {

        192.168.1.110

    }

}

##############################

注意: vrrp_script{}中的interval时间需大于脚本中的sleep时间!

#  vim /etc/keepalived/check.sh


【frontend】前端frontend的安装与配置_第9张图片

##############################

#!/bin/bash

nginx_status1=$(ps -C nginx --no-heading|wc -l)

if [ "${nginx_status1}" = "0" ]; then

  systemctl start nginx.service

  sleep 3

  nginx_status2=$(ps -C nginx --no-heading|wc -l)

  if [ "${nginx_status2}" = "0" ]; then

    systemctl stop keepalived.service

  fi

fi

named_status1=$(ps -C named --no-heading|wc -l)

if [ "${named_status1}" = "0" ]; then

  systemctl start named.service

  sleep 3

  named_status2=$(ps -C named --no-heading|wc -l)

  if [ "${named_status2}" = "0" ]; then

    systemctl stop keepalived.service

  fi

fi

ntpd_status1=$(ps -C ntpd --no-heading|wc -l)

if [ "${ntpd_status1}" = "0" ]; then

  systemctl start ntpd.service

  sleep 3

  ntpd_status2=$(ps -C ntpd --no-heading|wc -l)

  if [ "${ntpd_status2}" = "0" ]; then

    systemctl stop keepalived.service

  fi

fi

#######################################

# chmod +x  /etc/keepalived/check.sh

# vim  /etc/ntp.conf

【frontend】前端frontend的安装与配置_第10张图片

########################################

driftfile /var/lib/ntp/drift

restrict default nomodify notrap nopeer noquery

restrict 127.0.0.1

restrict ::1

restrict 192.168.1.0 mask 255..255.255.0 nomodify notrap

server 192.168.1.110 iburst

server 127.127.1.0

fudge 127.127.1.0 stratum 10

interface ignore  wildcard

interface listen  192.168.1.110

interface listen  127.0.0.1

includefile /etc/ntp/crypto/pw

keys /etc/ntp/keys

disable monitor

##########################################

# vim /etc/named.conf

【frontend】前端frontend的安装与配置_第11张图片

##########################################

options {

        listen-on port 53 { 192.168.1.110; };

        listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { any; };

        recursion yes;

        dnssec-enable yes;

        dnssec-validation yes;

        pid-file "/run/named/named.pid";

};

zone "test.com" IN {

        type master;

        file "test.com.zone";

};

###############################################

# cp  -p  /var/named/named.localhost    /var/named/test.com.zone

# vim  /var/named/test.com.zone

【frontend】前端frontend的安装与配置_第12张图片


# vim /etc/nginx/nginx.conf

【frontend】前端frontend的安装与配置_第13张图片

#########################################

#    For more information on configuration, see:

#   * Official English Documentation:http://nginx.org/en/docs/

#   * Official Russian Documentation:http://nginx.org/ru/docs/

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events {

    worker_connections  1024;

}

# stream转发

stream {

#    hash $remote_addr consistent;

    proxy_connect_timeout 3s;

    include /etc/nginx/conf.d/stream_proxy.conf;

}

# http转发

http {

    client_max_body_size     500M;

    include                             mime.types;

    default_type                     application/octet-stream;

    server_tokens                   off;

    sendfile                            on;

    keepalive_timeout           65;

    include /etc/nginx/conf.d/http_proxy.conf;

}

############################################

#  vim  /etc/nginx/conf.d/stream_proxy.conf

#############################################

upstream stream_service {

    hash $remote_addr consistent;

    server192.168.1.103:12345        max_fails=1 fail_timeout=180s;

    server 192.168.1.104:12345       max_fails=1 fail_timeout=180s;

}

server {

    listen 192.168.1.110:54321;

    proxy_pass stream_service;

}

#####################################################

#  vim /etc/nginx/conf.d/http_proxy.conf

#####################################################

upstream http_service {

    server 192.168.1.107:443      max_fails=1 fail_timeout=180s;

    server 192.168.1.108:443       max_fails=1 fail_timeout=180s;

  }

server {

    listen 192.168.1.110:443 ssl;

    ssl_certificate          /etc/nginx/ssl/nginx-selfsigned.crt;

    ssl_certificate_key  /etc/nginx/ssl/nginx-selfsigned.key;

    location / {

        proxy_connect_timeout     3;

        proxy_send_timeout         600;

        proxy_read_timeout          600;

        send_timeout                    600;

        proxy_set_header            X-Real-IP $remote_addr;

        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass  https://http_service;

    }

}

#################################################################

# mkdir  /etc/nginx/ssl

# openssl req  -x509  -nodes \

    -newkey rsa:2048 \

    -days 365 \

    -subj "/C=CN/ST=Gunagdong/L=Shenzhen/O=TEST/OU=TEST/CN=www.test.com" \

    -keyout /etc/nginx/ssl/nginx-selfsigned.key \

    -out /etc/nginx/ssl/nginx-selfsigned.crt

五、启动服务

在serverA 和 serveB上

# systemctl  start named  ntpd  nginx keepalived

六、查看服务状态

在serverA

【frontend】前端frontend的安装与配置_第14张图片
【frontend】前端frontend的安装与配置_第15张图片
【frontend】前端frontend的安装与配置_第16张图片
【frontend】前端frontend的安装与配置_第17张图片

在serverB


【frontend】前端frontend的安装与配置_第18张图片
【frontend】前端frontend的安装与配置_第19张图片
【frontend】前端frontend的安装与配置_第20张图片
【frontend】前端frontend的安装与配置_第21张图片

七、在test服务器上测试

反向代理测试:

https://192.168.1.110:443

DNS测试:

# vim   /etc/resolv.conf

【frontend】前端frontend的安装与配置_第22张图片

######################

nameserver 192.168.1.110

# Generated by NetworkManager

nameserver 202.96.128.166

nameserver 202.96.134.133

#####################

# ping www.test.com

# ping mysql.test.com

【frontend】前端frontend的安装与配置_第23张图片

NTP测试:

# ntpdate 192.168.1.110

# vim  /etc/ntp.conf


【frontend】前端frontend的安装与配置_第24张图片

#########################

driftfile /var/lib/ntp/drift

restrict default nomodify notrap nopeer noquery

restrict 127.0.0.1

restrict ::1

server 192.168.1.110 iburst

restrict 192.168.1.110 nomodify notrap noquery

server 127.127.1.0

fudge 127.127.1.0 stratum 10

includefile /etc/ntp/crypto/pw

keys /etc/ntp/keys

disable monitor

#########################

# systemctl start   ntpd

# systemctl enable ntpd

八、前端的高可用性测试

在 serverA

# systemctl  restart keepalived

# systemctl  status keepalived

# ip addr list

【frontend】前端frontend的安装与配置_第25张图片

在 serverB

# systemctl  status keepalived

# ip addr list

【frontend】前端frontend的安装与配置_第26张图片

可以看到,重启serverA的keepalived,VIP成功漂移了,实际上,VIP所在的服务器上的 nginx、named 、ntpd任何一个服务出问题,keepalived的检测脚本就会停其keepalived服务,使得VIP漂移,服务基本不受影响,实现高可用!

你可能感兴趣的:(【frontend】前端frontend的安装与配置)