keepalived项目实例

项目需求:
1.搭建一个LNMP架构网站

2.实现实时备份

3.实现全站https

4.当一台lb服务器宕机,不影响整个服务

5.优雅的跳转到错误页面

6.实现页面伪静态

keepalived项目实例_第1张图片

一、backup服务器

#安装rsync
[root@backup ~]# yum install -y rsync

#启动rsync服务端并加入开机自启
[root@backup ~]# systemctl enable --now rsyncd
Created symlink from /etc/systemd/system/multi-user.target.wants/rsyncd.service to /usr/lib/systemd/system/rsyncd.service.

#编辑rsync服务端配置文件
[root@backup ~]# vim /etc/rsyncd.conf 
#启动服务的用户
uid = www     
gid = www
#监听的端口号(默认873)
port = 873	 
#无需root用户登录
fake super = yes
#安全机制
use chroot = no
#最大连接数
max connections = 200
#超时时间
timeout = 600
#忽略错误
ignore errors   
#只读权限  
read only = false
#查看模块列表
list = false   
#定义虚拟用户   
auth users = yzl
#定义密码文件
secrets file = /etc/rsync.passwd
#定义日志文件
log file = /var/log/rsyncd.log
#模块名
[database]
#描述信息
comment = welcome to oldboyedu database!
#服务器真实路径
path = /backup/database

#创建配置文件中需要用到的普通用户
[root@backup ~]# useradd www -u1000

#创建密码文件并授权
[root@backup ~]# echo yzl:123 > /etc/rsync.passwd
[root@backup ~]# chmod 600 !$

#创建备份文件夹并授权
[root@backup ~]# mkdir -p /backup/database
[root@backup ~]# chown -R www.www !$
chown -R www.www /backup/database

二、nfs

#安装rsync、nfs、rpcbind
[root@nfs ~]# yum install -y rpcbind nfs-utils rsync

#创建客户端密码文件并授权
[root@nfs ~]# echo 123 > /etc/rsync.passwd
[root@nfs ~]# chmod 600 !$

#创建与backup中对应的用户
[root@nfs ~]# useradd www -u1000

#编辑挂载点配置文件(创建挂载点)
[root@nfs ~]# vim /etc/exports
/nfs/web 172.16.1.0/24(rw,sync,all_squash,anonuid=1000,anongid=1000)
/nfs/datase 172.16.1.0/24(rw,sync,all_squash,anonuid=1000,anongid=1000)
/nfs/conf 172.16.1.0/24(rw,sync,all_squash,anonuid=1000,anongid=1000)
/nfs/backup 172.16.1.0/24(rw,sync,all_squash,anonuid=1000,anongid=1000)

#创建可供挂载的目录并授权
[root@nfs ~]# mkdir -p /nfs/web
[root@nfs ~]# mkdir /nfs/database
[root@nfs ~]# mkdir /nfs/backup
[root@nfs ~]# mkdir /nfs/conf

[root@nfs ~]# chown -R www.www /nfs/web/
[root@nfs ~]# chown -R www.www /nfs/database/
[root@nfs ~]# chown -R www.www /nfs/backup/
[root@nfs ~]# chown -R www.www /nfs/conf/

#查看挂载点是否配置成功
[root@nfs ~]# showmount -e
Export list for nfs:
/nfs/backup 172.16.1.0/24
/nfs/conf   172.16.1.0/24
/nfs/datase 172.16.1.0/24
/nfs/web    172.16.1.0/24

#上传sersync压缩包并解压
[root@nfs ~]# cd /nfs
[root@nfs nfs]# rz -E
rz waiting to receive.
[root@nfs nfs]# tar -xf sersync.gz 

#编辑sersync配置文件
[root@nfs nfs]# vim GNU-Linux-x86/confxml.xml 
<?xml version="1.0" encoding="ISO-8859-1"?>
<head version="2.5">
    <host hostip="localhost" port="8008"></host>
    <debug start="false"/>
    <fileSystem xfs="false"/>
    <filter start="false">
        <exclude expression="(.*)\.svn"></exclude>
        <exclude expression="(.*)\.gz"></exclude>
        <exclude expression="^info/*"></exclude>
        <exclude expression="^static/*"></exclude>
    </filter>
    <inotify>
        <delete start="true"/>
        <createFolder start="true"/>
        <createFile start="true"/>
        <moveTo start="true"/>
        <attrib start="true"/>
        <modify start="true"/>
    </inotify>

    <sersync>
        <localpath watch="/nfs/database">
            <remote ip="172.16.1.41" name="database"/>
            <!--<remote ip="192.168.8.39" name="tongbu"/>-->
            <!--<remote ip="192.168.8.40" name="tongbu"/>-->
            <commonParams params="-az"/>
            <auth start="true" users="yzl" passwordfile="/etc/rsync.passwd"/>
            <userDefinedPort start="false" port="874"/><!-- port=874 -->
            <timeout start="false" time="100"/><!-- timeout=100 -->
            <ssh start="false"/>
        </rsync>
        <crontab start="false" schedule="600"><!--600mins-->
            <crontabfilter start="false">
                <exclude expression="*.php"></exclude>
                <exclude expression="info/*"></exclude>
            </crontabfilter>
    </sersync>
        <filter start="false">
            <include expression="(.*)\.php"/>
            <include expression="(.*)\.sh"/>
        </filter>
    </plugin>

    <plugin name="socket">
        <localpath watch="/opt/tongbu">
            <deshost ip="192.168.138.20" port="8009"/>
        </localpath>
    </plugin>
    <plugin name="refreshCDN">
        <localpath watch="/data0/htdocs/cms.xoyo.com/site/">
            <cdninfo domainname="ccms.chinacache.com" port="80" username="xxxx" passwd="xxxx"/>
            <sendurl base="http://pic.xoyo.com/cms"/>
            <regexurl regex="false" match="cms.xoyo.com/site([/a-zA-Z0-9]*).xoyo.com/images"/>
        </localpath>
    </plugin>
</head>

三、web服务器

#创建yum源
[root@web03 ~]# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
module_hotfixes=true

#安装nginx
[root@web03 ~]# yum install nginx -y

#编辑nginx配置文件
[root@web01 ~]# vim /etc/nginx/nginx.conf 
user  www;
......

#上传PHP压缩包
[root@web01 ~]# rz -E
rz waiting to receive.

#解压并安装
[root@web01 ~]# tar -xf php.tar.gz 
[root@web01 ~]# yum localinstall -y *.rpm

#编辑PHP配置文件
[root@web01 ~]# vim /etc/php-fpm.d/www.conf  
user=www
group=www
......

#创建项目存放目录
[root@web01 ~]# mkdir -p /www/discuz

#创建用户
[root@web01 ~]# useradd www -u1000

#授权
[root@web01 ~]# chown -R www.www /www

#安装nfs、rpcbind
[root@web01 ~]# yum install -y nfs-utils rpcbind

#挂载
[root@web01 ~]# mount -t nfs 172.16.1.31:/nfs/web /www
[root@web01 ~]# mount -t nfs 172.16.1.31:/nfs/conf /etc/nginx/conf.d/

#编辑网站配置文件
[root@web01 ~]# cd /etc/nginx/conf.d/
[root@web01 conf.d]# vim discuz.conf

server{
     
    listen 80;
    server_name www.discuz.com;
    root /www/discuz/upload;
    location /{
     
        index index.php;
        #将网站页面做成伪静态 
        rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last;
        rewrite ^([^\.]*)/article-([0-9]+)-([0-9]+)\.html$ $1/portal.php?mod=view&aid=$2&page=$3 last;
        rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
        rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
        rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
        rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last;
        rewrite ^([^\.]*)/blog-([0-9]+)-([0-9]+)\.html$ $1/home.php?mod=space&uid=$2&do=blog&id=$3 last;
        rewrite ^([^\.]*)/(fid|tid)-([0-9]+)\.html$ $1/archiver/index.php?action=$2&value=$3 last;
        rewrite ^([^\.]*)/([a-z]+[a-z0-9_]*)-([a-z0-9_\-]+)\.html$ $1/plugin.php?id=$2:$3 last;
    #出现错误以后跳转到指定页面
    error_page 404 403 /error/index.html;
    }
#绑定PHP(nginx无法处理动态请求,所以需要PHP来处理)
    include php.params;
    
}

#编辑PHP的配置文件
[root@web01 ~]# vim /etc/nginx/php.params
location ~* \.php$ {
     
    fastcgi_pass 127.0.0.1:9000;
    #开启https模式
    fastcgi_param HTTPS on;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;  
    
    
 #上传项目压缩包并解压
[root@web01 ~]# cd /www/discuz
[root@web01 www]# rz -E
rz waiting to receive.
[root@web01 ~]# unzip Discuz_X3.4_SC_UTF8_20210320.zip 

#创建错误跳转的页面
[root@web01 ~]# cd /www/discuz/upload
[root@web01 ~]# mkdir error
[root@web01 ~]# echo this is a error page! > error/index.html

#将存放用户数据的目录与nfs挂载,并让nfs备份到backup上
[root@web01 ~]# mount -t nfs 172.16.1.31:/nfs/database /www/discuz/upload/data/attachment/forum/

#检查nginx配置
[root@web01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

#启动nginx并加入开机自启
[root@web01 ~]# systemctl enable --now nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.

#启动PHP并加入开机自启
[root@web01 ~]# systemctl enable --now php-fpm
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.

四、db01

#安装mysql服务
[root@db01 ~]# yum install -y mariadb-server

#启动Mariadb并加入开机自启
[root@db01 ~]# systemctl enable --now mariadb

#为数据库设置密码
[root@db01 ~]# mysqladmin -uroot password '123'

#登录数据库
[root@db01 ~]# mysql -uroot -p123

#创建项目所需的数据库
MariaDB [(none)]> create database discuz;
Query OK, 1 row affected (0.00 sec)

#让yzl用户对discuz数据库下的任意表拥有所有权限,并将密码设为123
MariaDB [(none)]>  grant all on discuz.* to yzl@'%' identified by '123';
Query OK, 0 rows affected (0.08 sec)

五、lb01

#创建秘钥
[root@lb01 nginx]# ssh-keygen
.....

#将创建的公钥发送到需要免密登录的远程机器上
[root@lb01 ~]# cd 
[root@lb01 ~]# ssh-copy-id -i .ssh/id_rsa.pub [email protected]
....

#同上
[root@lb02 ~]# ssh-keygen
.....
[root@lb02 ~]# ssh-copy-id -i .ssh/id_rsa.pub [email protected]
......

#编写nginx的yum源
[root@lb01 ~]# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
module_hotfixes=true

#安装nginx
[root@lb01 ~]# yum install nginx -y

#编辑nginx配置文件
[root@lb01 ~]# vim /etc/nginx/nginx.conf 
user=www

#创建配置文件需要的用户
[root@lb01 ~]# useradd www -u1000

#创建证书存放目录
[root@lb01 ~]# mkdir /etc/nginx/ssl_key
[root@lb01 ~]# cd /!$
cd //etc/nginx/ssl_key

#创建证书
[root@lb01 ssl_key]# openssl genrsa -idea -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.......................+++
............+++
e is 65537 (0x10001)
Enter pass phrase for server.key:123456
Verifying - Enter pass phrase for server.key:123456
[root@lb01 ssl_key]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
Generating a 2048 bit RSA private key
.............+++
.......+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hn
Locality Name (eg, city) [Default City]:zhengzhou
Organization Name (eg, company) [Default Company Ltd]:oldboy
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:oldboy
Email Address []:[email protected]

#查看证书是否齐全
[root@lb01 ssl_key]# ls
server.crt  server.key

#将lb01与lb02配置同步
[root@lb01 conf.d]# scp -r /etc/nginx/ssl_key 172.16.1.6:/etc/nginx/
[root@lb01 conf.d]# scp -r /etc/nginx/conf.d/ 172.16.1.6:/etc/nginx/
[root@lb01 ssl_key]# cd /etc/nginx/conf.d/

#编写nginx配置文件
[root@lb01 conf.d]# vim discuz.conf 
upstream discuz {
    server 172.16.1.7:80;
    server 172.16.1.8:80;
    server 172.16.1.9:80;

}
server {
    listen 443 ssl;
    server_name www.discuz.com;
    ssl_certificate /etc/nginx/ssl_key/server.crt;
    ssl_certificate_key /etc/nginx/ssl_key/server.key;
    location / {
        proxy_pass http://discuz;
        include proxy_params;
    }
}
server{
    listen 80;
    server_name www.discuz.com;
    rewrite ^(.*)$ https://$server_name$request_uri;
}

#编写优化配置文件
[root@lb01 nginx]# vim proxy_params;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 20s;
proxy_read_timeout 20s;
proxy_send_timeout 20s;
proxy_buffering on;
proxy_buffer_size 8k;
proxy_buffers 8 8k;
proxy_next_upstream error timeout http_500 http_502 http_503 http_504;

#安装高可用软件
[root@lb01 ~]# yum install -y keepalived

#查看配置文件
[root@lb01 ~]# rpm -qc keepalived
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived

#编写keepalived配置文件
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf 
global_defs {
   router_id lb01
}
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.3
    }
}

#编写解决脑裂问题的脚本(此脚本针对的是两台高可用服务器都在抢vip)
[root@lb01 ~]# vim /etc/nginx/check_naolie.sh
#!/bin/bash
# 做免密
VIP="192.168.15.3"
MASTERIP="172.16.1.6"
BACKUPIP="172.16.1.5"

while true; do
    # 探测VIP
    PROBE='ip a | grep "${VIP}"'
    ssh ${MASTERIP}  "${PROBE}" > /dev/null
    MASTER_STATU=$?
    ssh ${BACKUPIP}  "${PROBE}" > /dev/null
    BACKUP_STATU=$?
    if [[ $MASTER_STATU -eq 0 && $BACKUP_STATU -eq 0 ]];then
        ssh ${BACKUPIP}  "systemctl stop keepalived.service"
    fi
    sleep 2
done

#编写解决脑裂问题的脚本(此脚本针对的是一台高可用服务器nginx出现故障)
[root@lb01 ~]# vim /etc/nginx/check_web.sh
#!/bin/bash
nginxnum=`ps -ef | grep [n]ginx | wc -l`

if [ $nginxnum -eq 0 ];then
  systemctl start nginx
  sleep 3
  nginxnum=`ps -ef | grep [n]ginx | wc -l`

  if [ $nginxnum -eq 0 ];then
    systemctl stop keepalived.service
  fi
fi

#编辑配置文件(将脚本加入配置文件中)
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf 
global_defs {
     
   router_id lb01
}

vrrp_script check_web {
     
    script "/etc/nginx/check_web.sh"
    interval 5

}
vrrp_instance VI_1 {
     
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
     
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
     
        192.168.1.3
    }
    track_script {
     
        check_web
    }  
}

#重启nginx和keepalived
[root@lb01 ~]# systemctl restart nginx
[root@lb01 ~]# systemctl restart keepalived

六、测试

在本地hosts文件中添加:
192.168.1.3 www.discuz.com
在浏览器输入:www.discuz.com即可

注意:

上述web01服务器的操作,web02、web03也需要操作
上述lb01服务器的操作,lb02也需要操作

你可能感兴趣的:(Linux架构篇)