目录
实现 Nginx 四层负载均衡
案例: LN M P
可道云
在两台web服务器上添加phpMyAdmin
编译安装 tengine -2.1.2
编译安装 openresty
在线安装JumpServer:
MySQL
Redis
Jumpserver
Nginx在1.9.0版本开始支持tcp模式的负载均衡,在1.9.13版本开始支持udp协议的负载,udp主要用于DNS的域名解析,其配置方式和指令和http 代理类似,其基于ngx_stream_proxy_module模块实现tcp负载,另外基于模块ngx_stream_upstream_module实现后端服务器分组转发、权重分配、状态测、调度算法等高级功能。
如果编译安装,需要指定 --with-stream 选项才能支持ngx_stream_proxy_module模块
vim /apps/nginx/conf/nginx.conf
include /apps/nginx/conf/tcp/*.conf; 加在最外面
mysql redis 在俩服务器的两个里面上注释掉仅主机链接
[mysqld]
default_authentication_plugin= mysql_native_password 在mysql配置文件里加上他这样有一些老程序才能链,不然他过不去
若是端口可用,服务器不可用则依然调度,他是靠tcp的三次握手的探测机制来判断
[root@ubuntu2004 tcp]#cat tcp.conf 跳转
stream{
upstream mysql {
hash $remote_addr consistent;一次性哈希算法之距离近得的优先,服务器可用有效,不可用则别家
server 10.0.0.101:3306;
server 10.0.0.102:3306;
}
upstream redis {
server 10.0.0.102:6379;
server 10.0.0.101:6379;
}
server {
listen 3306;
proxy_pass mysql;
}
server {
listen 6379;
proxy_pass redis;
}
}
[root@centos7 ~]# mysql -utest -p123456 -h10.0.0.100
mysql> set globai server_id=101; 在101里改下ip
[root@centos7 ~]# mysql -utest -p123456 -h10.0.0.100 -e 'select @@server_id'; 看看·
vim /apps/nginx/conf/nginx.conf
user www-data; 因为php是用www-data启动的,在同一台机器上尽量用一样的
worker_processes 1;pid /apps/nginx/logs/nginx.pid; 下面自行改
vim /lib/systemd/system/nginx.service 自定义安装和系统安装有的日志位置不一样,需要手动改 PIDFile=/apps/nginx/logs/nginx.pid
chown -R www-data:www-data /apps/nginx/ 修改路径后也需要修改用户权限
systemctl restart nginx.service 重启·一下
vim /etc/php/7.4/fpm/pool.d/www.conf 需要改一下
listen = 127.0.0.1:9000
pm.status_path = /php-status 开启在之后可以显示指定状态页
ping.path = /ping 开启之后可以用ping来探测好坏ping.response = pongpong 自定义返回
access.log = /var/log/$pool.access.log 开启访问日志#默认路径/usr/log不存在,服务启动失败
slowlog = log/$pool.log.slow 开启慢查询
[root@ubuntu2004 ~]#cat /apps/nginx/conf/nginx.conf 加上路径
http
.....
include /apps/nginx/conf.d/*.conf;
}[root@ubuntu2004 ~]#cat /apps/nginx/conf.d/php.conf 测试
[root@ubuntu2004 ~]#cat /apps/nginx/conf.d/php.conf server { listen 80; server_name www.wang.org; root /data/php; index index.php; location ~ \.php$|ping|php-status { root /data/php; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
[root@ubuntu2004 ~]#cat /data/html/index.html
www.wang.org[root@ubuntu2004 ~]#cat /data/php/test.php
phpinfo();
?>[root@ubuntu2004 ~]#cat /data/php/mysql.php
mysql> create user test@'10.0.0.%' identified by '123456'; 在102上创建此账号用来测试
http://www.wang.org/php-status 访问 显示状态页 ?full (每个进程单独统计) php-json(等都支持)
#nginx 安装
#包安装
[root@ubuntu2004 ~]#apt install php7.4-fpm php7.4-mysql php7.4-json php7.4-xml php7.4-mbstring php7.4-zip php7.4-gd php7.4-curl php-redis[root@ubuntu2004 ~]#grep -Ev "^;|^$" /etc/php/7.4/fpm/pool.d/www.conf
[www]
user = www-data #默认值
group = www-data #默认值
listen = 127.0.0.1:9000
pm.status_path = /php-status
ping.path = /ping
ping.response = duoduo
access.log = /var/log/$pool.access.log #默认路径/usr/log不存在,服务启动失败
slowlog = log/$pool.log.slow[root@ubuntu2004 ~]#cat /apps/nginx/conf/nginx.conf
http
.....
include /apps/nginx/conf.d/*.conf;
}
[root@ubuntu2004 ~]#cat /apps/nginx/conf.d/php.conf
server {
listen 80;
server_name www.wang.org;
root /data/php;
index index.php;
location ~ \.php$|ping|php-status {
root /data/php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on; #如果是前端代理采用https,当前后端http服务器需要include fastcgi_params;
}
}vim /apps/nginx/conf/conf.d/www.wang.org.conf 转发的
upstream rrup { server 10.0.0.101; server 10.0.0.102; } server { listen 80; server_name mm.wang.com; root /data/nginx/html/pc; index index.php; access_log /apps/nginx/logs/www.wang.org_access.log main; location / { proxy_pass http://rrup; proxy_set_header Host $http_host; } }
chown -R www-data. /data/php
[root@centos8 ~]#yum -y install mysql-server
[root@centos8 ~]#systemctl enable --now mysqld
[root@centos8 ~]#mysql
mysql> create database kodbox;
Query OK, 1 row affected (0.00 sec)mysql> create user kodbox@'10.0.0.%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)mysql> grant all on kodbox.* to kodbox@'10.0.0.%';
Query OK, 0 rows affected (0.00 sec)rsync -a /data/php 10.0.0.101:/data/php 把数据传过去。以防数据覆盖
ln -s /apps/nginx/sbin/nginx /usr/local/sbin/ 不知啥原因链接用不了;但是软件没问题
#nfs服务器
[root@ubuntu2004 ~]#apt -y install mysql-server redis nfs-kernel-server
[root@ubuntu2004 ~]#vim /etc/mysql/mysql.conf.d/mysqld.cnf
[mysqld]
default_authentication_plugin=mysql_native_password#bind-address = 127.0.0.1
#mysqlx-bind-address = 127.0.0.1[root@ubuntu2004 ~]#vim /etc/redis/redis.conf
bind 0.0.0.0[root@ubuntu2004 ~]#cat /etc/exports
/data/www *(rw) #/data/www创建这个目录已www-data下授权(因为1和2都是他)rsync -av /data/php/data/files/ 10.0.0.103:/data/www/ 将其数据文件拷过去av保留属性hosts文件解析
#web1和web2
[root@ubuntu2004 ~]#apt install nfs-common -y #挂在用[root@ubuntu2004 ~]#cat /etc/fstab
nfs.wang.org:/data/www/ /data/php/data/files/ nfs _netdev 0 0 #指定挂在12root@ubuntu2004 ~]#mount -a #执行挂在
[root@ubuntu2004 ~]#mkdir /data/php2
[root@ubuntu2004 ~]#wget https://files.phpmyadmin.net/phpMyAdmin/5.2.0/phpMyAdmin-5.2.0-all-languages.zip
[root@ubuntu2004 php2]#unzip phpMyAdmin-5.2.0-all-languages.zip -d /data/php2/
[root@ubuntu2004 php2]#mv phpMyAdmin-5.2.0-all-languages/* .
[root@ubuntu2004 data]#chown -R www-data. php2
[root@Ubuntu2004 php2]#cp config.sample.inc.php config.inc.php
[root@Ubuntu2004 php2]#vim config.inc.php
$cfg['Servers'][$i]['host'] = '10.0.0.204';
[root@Ubuntu2004 data]#vim /etc/php/7.4/fpm/pool.d/www.conf
php_value[session.save_handler] = redis
php_value[session.save_path] = "tcp://10.0.0.204:6379"
[root@Ubuntu2004 data]#systemctl restart php7.4-fpm.service
[root@ubuntu2004 conf.d]#vim mydaim.conf
server {
listen 80;
server_name www.shuhong.vip;
root /data/php2;
client_max_body_size 200M;
index index.php index.html;
location ~ \.php$|ping|php-status {
root /data/php2;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@ubuntu2004 conf.d]#nginx -s reload
#10.0.0.201修改配置,添加代理和负载均衡
[root@Ubuntu2004 ~]#vim /etc/nginx/conf.d/proxy-www.shuhong.com.conf
server {
listen 80;
server_name www.shuhong.vip;
root /data/www/pc;
location / {
proxy_pass http://webservers;
proxy_set_header Host $http_host;
}
}
注意: 不支持CentOS8
[root@centos7 ~]#yum -y install gcc pcre-devel openssl-devel
[root@centos7 ~]#useradd -r -s /sbin/nologin nginx
[root@centos7 ~]#cd /usr/local/src
[root@centos7 src]#wget http://tengine.taobao.org/download/tengine-2.1.2.tar.gz
[root@centos7 src]#tar xf tengine-2.1.2.tar.gz
[root@centos7 src]#cd tengine-2.1.2/
[root@centos7 tengine-2.1.2]#./configure --prefix=/apps/tengine-2.1.2 --
user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-
http_realip_module --with-http_stub_status_module --with-http_gzip_static_module
--with-pcre
[root@centos7 tengine-2.1.2]#make && make install
[root@centos7 tengine-2.1.2]#tree /apps/tengine-2.1.2/6 directories, 101 files
[root@centos7 tengine-2.1.2]#ln -s /apps/tengine-2.1.2/sbin/* /usr/sbin/
[root@centos7 tengine-2.1.2]#nginx -v
Tengine version: Tengine/2.1.2 (nginx/1.6.2)
[root@centos7 tengine-2.1.2]#nginx
[root@centos7 ~]#ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
[root@centos7 ~]#curl 10.0.0.7
root@centos8 ~]#dnf -yq install gcc pcre-devel openssl-devel perl
[root@centos8 ~]#groupadd --gid 666 -r nginx
[root@centos8 ~]#useradd -g nginx -u 666 -r -s /sbin/nologin nginx
[root@centos8 ~]#cd /usr/local/src
[root@centos8 src]#wget https://openresty.org/download/openresty-1.21.4.1.tar.gz
#[root@centos8 src]#wget https://openresty.org/download/openresty-
1.17.8.2.tar.gz
[root@centos8 src]#tar xf openresty-1.17.8.2.tar.gz
[root@centos8 src]#cd openresty-1.17.8.2/
[root@centos8 openresty-1.17.8.2]#./configure --prefix=/apps/openresty --
user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-
http_realip_module --with-http_stub_status_module --with-http_gzip_static_module
--with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
[root@centos8 openresty-1.17.8.2]#make && make install
[root@centos8 openresty-1.17.8.2]#tree /apps/openresty/
./apps/openresty/3 directories, 313 files
[root@centos8 openresty-1.17.8.2]#
[root@centos8 openresty-1.17.8.2]#ln -s /apps/openresty/bin/* /usr/bin/
[root@centos8 openresty-1.17.8.2]#openresty -v
nginx version: openresty/1.17.8.2
[root@centos8 openresty-1.17.8.2]#openresty
[root@centos8 openresty-1.17.8.2]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer
Address:Port
LISTEN 0 128 0.0.0.0:80
0.0.0.0:*
LISTEN 0 128 0.0.0.0:22
0.0.0.0:*
LISTEN 0 100 127.0.0.1:25
0.0.0.0:*
LISTEN 0 128 [::]:22
[::]:*
LISTEN 0 100 [::1]:25
[::]:*
[root@centos8 openresty-1.17.8.2]#ps -ef |grep nginx
root 16682 1 0 13:50 ? 00:00:00 nginx: master process
openresty
nginx 16683 16682 0 13:50 ? 00:00:00 nginx: worker process
root 16692 1195 0 13:51 pts/1 00:00:00 grep --color=auto nginx
[root@centos8 ~]#curl 10.0.0.18
仅需两步快速安装 JumpServer:
curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.25.4/quick_start.sh | bash
https://docs.jumpserver.org/zh/master/install/setup_by_fast/
[root@ubuntu2004 ~]#echo '{"registry-mirrors": ["https://frc3mkbl.mirror.aliyuncs.com"]}'> /etc/docker/daemon.json #加速器
[root@ubuntu2004 ~]#cat /etc/docker/daemon.json
{"registry-mirrors": ["https://frc3mkbl.mirror.aliyuncs.com"]}
[root@ubuntu2004 ~]#docker info 查看是否成功(加速)
docker run --rm --name mysql -e MYSQL_ROOT_PASSWORD=123456 -e MYSQL_DATABASE=jumpserver -e MYSQL_USER=jumpserver -e MYSQL_PASSWORD=123456 -d -p 3306:3306 mysql:5.7.30
[root@ubuntu2004 ~]#apt install mysql-client
[root@ubuntu2004 ~]#mkdir -p /etc/mysql/mysql.conf.d/
[root@ubuntu2004 ~]#mkdir -p /etc/mysql/conf.d/#生成服务器配置文件,指定字符集
[root@ubuntu2004 ~]#tee /etc/mysql/mysql.conf.d/mysqld.cnf <[mysqld]
pid-file= /var/run/mysqld/mysqld.pid
socket= /var/run/mysqld/mysqld.sock
datadir= /var/lib/mysql
symbolic-links=0
character-set-server=utf8 #添加此行,指定字符集
EOF#生成客户端配置文件,指定字符集
[root@ubuntu2004 ~]#tee /etc/mysql/conf.d/mysql.cnf <[mysql]
default-character-set=utf8 #添加此行,指定字符集
EOFdocker run -d -p 3306:3306 --name mysql --restart always \
-e MYSQL_ROOT_PASSWORD=123456 \
-e MYSQL_DATABASE=jumpserver \
-e MYSQL_USER=jumpserver \
-e MYSQL_PASSWORD=123456 \
-v /data/mysql:/var/lib/mysql \
-v /etc/mysql/mysql.conf.d/mysqld.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf \
-v /etc/mysql/conf.d/mysql.cnf:/etc/mysql/conf.d/mysql.cnf mysql:5.7.30docker rm -f mysql
[root@ubuntu2004 ~]#docker run -d -p 6379:6379 --name redis --restart always redis:6.2.7
if [ ! "$SECRET_KEY" ]; then
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`;
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc;
echo SECRET_KEY=$SECRET_KEY;
else
echo SECRET_KEY=$SECRET_KEY;
fi
if [ ! "$BOOTSTRAP_TOKEN" ]; then
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`;
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc;
echo BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN;
else
echo BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN;
fi
生成的复制下来
SECRET_KEY=Qy4tINeDjnfMl4EImTQtUOfPsFAEA8vNNOhhNdZRiH7ogENsZr
BOOTSTRAP_TOKEN=87UrzD4vmNYr1MnO 把下面的替换掉 这俩
docker run --name jms_all -d \
-v /opt/jumpserver/core/data:/opt/jumpserver/data \
-v /opt/jumpserver/koko/data:/opt/koko/data \
-v /opt/jumpserver/lion/data:/opt/lion/data \
-p 80:80 \
-p 2222:2222 \
-e SECRET_KEYSECRET_KEYSECRET_KEY=Qy4tINeDjnfMl4EImTQtUOfPsFAEA8vNNOhhNdZRiH7ogENsZr \
-e BOOTSTRAP_TOKEN=87UrzD4vmNYr1MnO \
-e LOG_LEVEL=ERROR \
-e DB_HOST=10.0.0.100 \
-e DB_PORT=3306 \
-e DB_USER=jumpserver \
-e DB_PASSWORD=123456 \
-e DB_NAME=jumpserver \
-e REDIS_HOST=10.0.0.100 \
-e REDIS_PORT=6379 \
-e REDIS_PASSWORD='' \
--privileged=true \
jumpserver/jms_all:v2.25.5 #不写默认最新版
做个域名解析用IP地址,这样用ip地址访问
[root@ubuntu2004 ~]#docker logs -f jms_all 用这个命令来结果 (密码自己输,复制用是错)