利用虚拟机模拟搭建LNMP架构
Posted magicsimba
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了利用虚拟机模拟搭建LNMP架构相关的知识,希望对你有一定的参考价值。
@魔力辛巴
利用虚拟机模拟搭建LNMP架构
- 先创建优化后的模板机,再通过模板机克隆产生其他服务器
yum install -y bash-completion* net-tools vim tree htop telnet lrzsz wget iftop iotop sl unzip nmap nc psmisc dos2unix sysstat httpd-tools procps-ng rsync nfs-utils redis mariadb-server lsyncd mailx sshpass epel-release yum-utils keepalived
nmcli connection modify eth0 ipv4.addresses 10.0.0.5/24 && nmcli connection modify eth1 ipv4.addresses 172.16.1.5/24 && hostnamectl set-hostname
1. Lsyncd服务 文件实时同步备份
服务端(Backup服务器)配置
yum install rsync -y
groupadd -g666 www && useradd -u666 -g666 www
systemctl start rsyncd
vim /etc/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsyncd.passwd
log file = /var/log/rsyncd.log
##############################
[backup]
path = /backup
[data]
path = /data
[root@bakup data]# echo ‘rsync_backup:1‘ > /etc/rsyncd.passwd
[root@bakup data]# chmod 600 /etc/rsyncd.passwd
[root@bakup data]# mkdir -p /backup /data
[root@bakup data]# chown -R www.www /backup /data
[root@bakup data]# systemctl restart rsyncd
[root@bakup data]# systemctl enable rsyncd
客户端(NFS服务器)配置
[root@nfs01 data]# yum install epel-release -y && yum install rsync lsyncd -y
[root@nfs01 data]# groupadd -g666 www && useradd -u666 -g666 www
[root@nfs01 data]# systemctl start rsyncd lsyncd
[root@nfs01 data]# mkdir /{backup,data}
[root@nfs01 data]# chown -R www.www /{backup,data}
[root@nfs01 data]# vim /etc/lsyncd.conf
settings {
logfile = "/var/log/lsyncd/lsyncd.log",
statusFile = "/var/log/lsyncd/lsyncd.status",
inotifyMode = "CloseWrite",
maxProcesses = 8,
}
sync {
default.rsync,
source = "/data",
target = "rsync_backup@172.16.1.41::data",
delete= true,
exclude = { ".*" },
delay = 5,
rsync = {
binary = "/usr/bin/rsync",
archive = true,
compress = true,
verbose = true,
password_file = "/etc/lsyncd.passwd",
_extra = {"--bwlimit=200"} --限速选项,单位MB,非常重要
} --不配置可能会让内网中其他服务器炸了
}
[root@nfs01 data]# echo ‘1‘ > /etc/lsyncd.passwd
[root@nfs01 data]# chmod 600 /etc/lsyncd.passwd
[root@nfs01 data]# lsyncd -nodaemon /etc/lsyncd.conf
[root@nfs01 data]# systemctl restart rsyncd lsyncd
[root@nfs01 data]# systemctl enable rsyncd lsyncd
2. Rsync服务 通过脚本实现定期备份
客户端(任意服务器)配置
- 上文已经配置好rsync,此处不再赘述
[root@nfs01 data]# mkdir /scripts
[root@nfs01 data]# vim /scripts/backup.sh
#! usr/bin/bash
Path=/backup
Host=$(hostname)
IP=$(ifconfig eth1 | awk ‘/inet / {print $2}‘)
Date=$(date +%F)
Dest=$Path/${Host}_${IP}_${Date}
mkdir -p $Dest
cd / && tar zcf $Dest/sysdate.tar.gz etc/fstab etc/hosts etc/passwd && tar zcf $Dest/scripts.tar.gz var/spool/cron scripta
md5sum $Path/*/*tar.gz > $Dest/flag_$Date
export RSYNC_PASSWORD=1
rsync -avz $Path/ rsync_backup@172.16.1.41::backup
find $Path/ -type d -mtime +7 | xargs rm -rf
[root@nfs01 data]# crontab -e
00 01 * * * sh /scripts/backup.sh &> /dev/null
服务端(Backup服务器)配置
- 上文已配置好rsync,此处不再赘述
[root@bakup data]# yum install mailx -y
[root@bakup data]# vim /etc/mail.rc
set from=xxx@qq.com
set smtp=smtps://smtp.qq.com:465
set smtp-auth-user=xxx@qq.com
set smtp-auth-password=XXX #XXX表示邮箱的授权码
set smtp-auth=login
set ssl-verify=ignore
set nss-config-dir=/etc/pki/nssdb/
[root@bakup data]# mkdir /scripts
[root@bakup data]# vim /scripts/chark.sh
#! usr/bin/bash
Path=/backup
Date=$(date +%F)
Dest=$Path/${Host}_${IP}_${Date}
md5sum -c $Path/*/flag_$Date > $Path/result_$Date
mail -s "rsync_backup_$Date" "xxx@qq.com" < $Path/result_$Date
find $Path/ -type d -mtime +180 | xargs rm -rf
[root@bakup data]# crontab -e
00 05 * * * sh /scripts/chark.sh &> /dev/null
3. NFS服务 统一挂载
- NFS的一些特性
- 简单易用,部署方便,数据可靠,服务稳定
- 数据都是明文,不会对数据进行任何校验,也没有任何密码保护,效率极高,安全性相当于没有,只建议内网使用
- 得益于高效率,多用于存储静态数据,减少后端存储压力
- 并不能带来性能上的提升
服务端(NFS服务器)配置
[root@nfs01 data]# yum install nfs-utils -y
[root@nfs01 data]# systemctl start nfs
[root@nfs01 data]# echo ‘/data 172.16.1.0/24(rw,all_squash,anonuid=666,anongid=666)‘ > /etc/exports
[root@nfs01 data]# mkidr -p /data
[root@nfs01 data]# groupadd -g666 www && useradd -u666 -g666 www
[root@nfs01 data]# chown -R www.www /data
[root@nfs01 data]# systemctl restart nfs
[root@nfs01 data]# systemctl enable nfs
- 相关参数
参数 | 功能 |
---|---|
rw | 读写权限 |
ro | 只读权限 |
root_squash | 当NFS客户端以root管理员访问时,压缩为NFS服务器的匿名用户 |
no_root_squash | 当NFS客户端以root管理员访问时,压缩为NFS服务器的root管理员 |
all_squash | 无论NFS客户端使用什么账户访问,都压缩为NFS服务器的匿名用户 |
no_all_squash | 无论NFS客户端使用什么账户访问,都不进行压缩 |
sync | 同时将数据写入内存与存储中,保证数据安全性,避免数据丢失 |
async | 优先将数据写入到内存中,然后写入存储中,效率更高,但安全性较低 |
anonuid | 当配置了all_squash时,指定此UID的NFS的用户,此用户必须存在在系统中 |
anongid | 当配置了all_squash时,指定此GID的NFS的用户,此用户必须存在在系统中 |
客户端(WEB服务器)配置
[root@web01 ~]# yum install nfs-utils -y
[root@web01 ~]# systemctl start nfs
[root@web01 ~]# groupadd -g666 www && useradd -u666 -g666 www
[root@web01 ~]# mkdir -p /data
[root@web01 ~]# chown -R www.www /data
[root@web01 ~]# systemctl restart nfs
[root@web01 ~]# systemctl enable nfs
[root@web01 ~]# showmount -e 172.16.1.31
[root@web01 ~]# mount -t nfs 172.16.1.31:/data /data
[root@web01 ~]# echo ‘172.16.1.31:/data /data nfs defaults 0 0‘ >> /etc/fstab
[root@web01 ~]# umount 172.16.1.31:/data
- NFS服务器故障后卸载方法
[root@web01 ~]# mount
......
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=47968k,mode=700)
172.16.1.31:/data on /mnt type nfs4 (rw,relatime,vers=4.1,rsize=65536,wsize=65536,
namlen=255,hard,proto=tcp,timeo=600,retrans=2,
sec=sys,clientaddr=172.16.1.7,local_lock=none,addr=172.16.1.31)
[root@web01 ~]# umount -lf 172.16.1.31:/data
4.NFS服务器故障时快速切换Backup服务器
Backup服务器配置
[root@bakup data]# yum install nfs-utils -y
[root@bakup data]# systemctl start nfs
[root@bakup data]# echo ‘/data 172.16.1.0/24(rw,all_squash,anonuid=666,anongid=666)‘ >> /etc/exports
[root@bakup data]# systemctl restart nfs
[root@bakup data]# systemctl enable nfs
WEB服务器配置
[root@web01 ~]# umount -lf 172.16.1.31:/data
[root@web01 ~]# mount -t nfs 172.16.1.41:/data /var/www/html/data/User/admin/home/video/
[root@web01 ~]# sed -i ‘s#172.16.1.31#172.16.1.41#g‘ /etc/fstab
5. 安装nginx和php
[root@web01 ~]# vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[root@web01 ~]# yum install nginx -y
[root@web01 ~]# yum install epel-release yum-utils -y
[root@web01 ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
[root@web01 ~]# yum install php72w php72w-cli php72w-common php72w-devel php72w-embedded php72w-gd php72w-mbstring php72w-pdo php72w-xml php72w-fpm php72w-mysqlnd php72w-opcache php72w-mcrypt php72w-pecl-memcached php72w-pecl-mongodb php72w-pecl-redis php72w-pecl-zip php72w-bcmath -y
6. Nginx反向代理 搭建负载均衡
[root@lb01 ~]# systemctl start nginx
[root@lb01 ~]# vim /etc/nginx/conf.d/proxy_simba.com.conf
upstream wordpress {
server 172.16.1.7:80 max_conns=1000 max_fails=3 fail_timeout=10s;
server 172.16.1.8:80 max_conns=1000 max_fails=3 fail_timeout=10s;
server 172.16.1.9:80 backup;
keepalive 16;
keepalive_timeout 100s;
keepalive_requests 50;
}
server {
listen 80;
server_name simba.com;
client_max_body_size 20m;
location / {
proxy_pass http://wordpress;
include proxy_params;
}
}
[root@lb01 ~]# vim /etc/nginx/conf.d/proxy_phpmyadmin.com.conf
upstream myadmin {
server 172.16.1.7:80 max_conns=1000 max_fails=3 fail_timeout=10s;
server 172.16.1.8:80 max_conns=1000 max_fails=3 fail_timeout=10s;
server 172.16.1.9:80 backup;
keepalive 16;
keepalive_timeout 100s;
keepalive_requests 50;
}
server {
listen 80;
server_name phpmyadmin.com;
client_max_body_size 20m;
location / {
proxy_pass http://myadmin;
include proxy_params;
}
}
[root@lb01 ~]# vim /etc/nginx/proxy_params
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_connect_timeout 30s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
[root@lb01 ~]# systemctl restart nginx
[root@lb01 ~]# systemctl enable nginx
- 一些参数的含义
参数 | 含义 |
---|---|
down | 标识server不参与负载均衡 |
backup | 标识server作为备份服务器预留 |
max_conns | 限制最大的接收连接数 |
max_fails | 允许请求失败的次数 |
fail_timeout | max_fails的超时时间,发生请求失败后开始计时 |
keepalive | 最大空闲连接数 |
keepalive_timeout | 空闲连接超时时间 |
keepalive_requests | 一个连接的最大请求数 |
- nginx_http_proxy模块
命令 | 值 | 功能 | 作用域 |
---|---|---|---|
proxy_connect_timeout | 30s | nginx与upstream server建立连接的超时时间 | http server location |
proxy_send_timeout | 60s | nginx发送数据至upstream server的超时时间 | http server location |
proxy_read_timeout | 60s | nginx接收upstream server数据的超时时间 | http server location |
proxy_buffering | on off |
启用当前服务器的缓冲功能 禁用当前服务器的缓冲功能 |
http server location |
proxy_buffer_size | 32k | 限定从upstream server取得的Response Headers大小 | http server location |
proxy_buffers | 4 128k | 缓冲区的数量和大小 从upstream server取得的Response会放置到这里 |
http server location |
proxy_http_version | 1.1 | 使用HTTP1.1版本 需配合proxy_set_header Connection ""使用 |
http server location |
7. 负载均衡 HTTP升级HTTPs
- 因为是虚拟机模拟搭建,所以此处自行制作一个证书
[root@lb01 ~]# mkdir /etc/nginx/ssl_key -p
[root@lb01 ~]# cd /etc/nginx/ssl_key
[root@lb01 ssl_key]# openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=/ST=/L=/O=/OU=/CN=simba"
[root@lb01 ssl_key]# openssl x509 -req -sha256 -days 36500 -in server.csr -signkey server.key -out server.crt
[root@lb01 ~]# vim /etc/nginx/conf.d/proxy_simba.com.conf
upstream wordpress {
server 172.16.1.7:80;
server 172.16.1.8:80;
server 172.16.1.9:80;
}
server {
listen 443 ssl;
server_name simba.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
client_max_body_size 20m;
location / {
proxy_pass http://wordpress;
include proxy_params;
}
}
server {
listen 80;
server_name simbao.com;
return 302 https://$http_host$request_uri;
}
[root@lb01 ~]# vim /etc/nginx/conf.d/proxy_phpmyadmin.com.conf
upstream myadmin {
server 172.16.1.7:80;
server 172.16.1.8:80;
server 172.16.1.9:80;
}
server {
listen 443 ssl;
server_name phpmyadmin.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
client_max_body_size 20m;
location / {
proxy_pass http://myadmin;
include proxy_params;
}
}
server {
listen 80;
server_name phpmyadmin.com;
return 302 https://$http_host$request_uri;
}
[root@web01 ~]# systemctl restart nginx
8. Keepalived 负载均衡高可用
配置负载均衡lb01
[root@lb01 ~]# yum install keepalived -y
[root@lb01 ~]# systemctl start keepalived
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf
- 抢占式
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
- 非抢占式
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 150
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@lb01 ~]# systemctl restart keepalived
[root@lb01 ~]# systemctl enable keepalived
配置负载均衡lb02
[root@lb02 ~]# systemctl start nginx
[root@lb02 ~]# rsync -avz --delete 172.16.1.5:/etc/nginx/ /etc/nginx/
[root@lb02 ~]# nginx -t
[root@lb02 ~]# systemctl restart nginx
[root@lb02 ~]# systemctl enable nginx
[root@lb02 ~]# yum install keepalived -y
[root@lb02 ~]# systemctl start keepalived
[root@lb02 ~]# vim /etc/keepalived/keepalived.conf
- 抢占式
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
- 非抢占式
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 100
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@lb02 ~]# systemctl restart keepalived
[root@lb02 ~]# systemctl enable keepalived
9. Keepalived故障自动转移
[root@lb01 ~]# mkdir /scripts
[root@lb01 ~]# vim /scripts/check_web.sh
#! /usr/bin/bash
Nginx_Process_Number=$(ps -C nginx --no-header|wc -l)
if [ $Nginx_Process_Number -lt 2 ];then
systemctl restart nginx &>/dev/null
sleep 3
Nginx_Process_Number=$(ps -C nginx --no-header|wc -l)
if [ $Nginx_Process_Number -lt 2 ];then
pkill keepalived
fi
fi
[root@lb01 ~]# chmod +x /scripts/check_web.sh
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
vrrp_script check_web {
script "/scripts/check_web.sh"
interval 3
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
track_script {
check_web
}
}
[root@lb01 ~]# systemctl restart keepalived
10. 博客网站搭建
WEB服务器配置
[root@web01 ~]# groupadd -g666 www && useradd -u666 -g666 www
[root@web01 ~]# systemctl start php-fpm nginx
[root@web01 ~]# sed -i ‘/^user/c user www;‘ /etc/nginx/nginx.conf
[root@web01 ~]# sed -i ‘/^user/c user = www‘ /etc/php-fpm.d/www.conf
[root@web01 ~]# sed -i ‘/^group/c group = www‘ /etc/php-fpm.d/www.conf
[root@web01 ~]# vim /etc/nginx/conf.d/simba.com.conf
server {
listen 80;
server_name simba.com;
root /simba/wordpress;
client_max_body_size 20m;
location / {
index index.html index.php;
}
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 ~]# nginx -t
[root@web01 ~]# mkdir -p /simba/wordpress/wp-content/uploads
[root@web01 ~]# cd /simba
[root@web01 simba]# unzip wordpress-5.3-zh_CN.zip
[root@web01 simba]# chown -R www.www /simba
[root@web01 simba]# systemctl restart php-fpm nginx
[root@web01 simba]# systemctl enable php-fpm nginx
DB服务器配置
[root@db ~]# yum install mariadb-server -y
[root@db ~]# systemctl start mariadb
[root@db ~]# systemctl enable mariadb
[root@db ~]# mysqladmin password ‘123456‘
[root@db ~]# mysql -uroot -p123456
MariaDB [(none)]> create database wordpress;
MariaDB [(none)]> use wordpress;
MariaDB [(none)]> grant all privileges on *.* to ‘all‘@‘%‘ identified by ‘123456‘;
[root@db ~]# systemctl restart mariadb
网页配置
- 数据库名填写
wordpress
- 用户名
all
与密码123456
- 数据库主机
1720.16.1.51
- 配置安装完成后,自行完成站点信息配置即可
11. 镜像网站搭建
[root@web02 ~]# mkdir -p /mirrors/{centos,ubuntu,redhat}
[root@web02 ~]# yum install httpd-tools -y
[root@web02 ~]# htpasswd -bc /etc/nginx/auth_conf simba 123456
[root@web02 ~]# vim /etc/nginx/conf.d/mirrors.com.conf
[root@web02 ~]# vim /mirrors/index.html
<h1> simba mirrors.com </h1>
<ul><li><a href="http://mirrors.com/centos" target="_blank">centos系统</a
></li> </ul>
<ul><li><a href="http://mirrors.com/ubuntu" target="_blank">ubuntu系统</a
></li> </ul>
<ul><li><a href="http://mirrors.com/redhat" target="_blank">redhat系统</a
></li> </ul>
对网站进行访问控制
- 10.0.0.1 仅允许访问 centos系统目录
- 10.0.0.100 拒绝访问 ubuntu系统目录 , 其他的IP都允许
- 需使用用户名与密码访问 redhat系统目录
- nginx_http_autoindex模块
命令 | 值 | 功能 | 作用域 |
---|---|---|---|
autoindex | on off |
开启列出目录功能 关闭列出目录功能 |
http server location |
autoindex_exact_size | on off |
显示文件详细大小,单位 bytes 显示文件大概大小,单位 *B |
http server location |
autoindex_localtime | on off |
显示的文件时间为文件的服务器时间 显示的文件时间为GMT时间 |
http server location |
autoindex_format | html xml json jsonp |
用这几个风格展示目录 | http server location |
[root@web02 ~]# vim /etc/nginx/conf.d/mirrors.com.conf
server {
listen 80;
server_name mirrors.com;
charset utf8; #设置字符集为utf8,防止中文乱码
root /mirrors
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
autoindex_format html;
location / {
index index.html;
}
location /centos {
allow 10.0.0.1/32;
deny all;
}
location /ubuntu {
allow all;
deny 10.0.0.100/32;
}
location /redhat {
auth_basic "simba Site";
auth_basic_user_file /etc/nginx/auth_conf;
}
}
对网站设置访问限制
[root@web02 ~]#
[root@web02 ~]#
[root@web02 ~]#
[root@web02 ~]#
[root@web02 ~]#
[root@web02 ~]#
12. Redis服务 实现session共享
WEB服务器上搭建phpMyadmin
- phpMyadmin同样需要解包,此处不再赘述
[root@web01 ~]# ln -s /simba/phpMyAdmin-5.0.0-rc1-all-languages/ /simba/phpMyAdmin
[root@web01 ~]# chown -R www.www /simba
[root@web01 ~]# chown -R www.www /var/lib/php/session
[root@web01 ~]# cp /simba/phpMyAdmin/config.sample.inc.php /simba/phpMyAdmin/config.inc.php
[root@web01 ~]# sed -i ‘32s#localhost#172.16.1.51#g‘ /simba/phpMyAdmin/config.inc.php
[root@web01 ~]# vim /etc/nginx/conf.d/phpmyadmin.com.conf
server {
listen 80;
server_name phpmyadmin.com;
root /simba/phpMyAdmin;
location / {
index index.php;
}
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 ~]# vim /etc/php.ini #替换原来的内容
session.save_handler = redis
session.save_path = "tcp://172.16.1.51:6379?weight=1&timeout=2.5"
[root@web01 ~]# vim /etc/php-fpm.d/www.conf #将目标内容注释
;php_value[session.save_handler] = files
;php_value[session.save_path] = /var/lib/php/session
[root@web01 ~]# systemctl restart nginx php-fpm
DB服务器配置Redis
[root@db ~]# yum install redis -y
[root@db ~]# systemctl start redis
[root@db ~]# sed -i ‘/^bind/c bind 127.0.0.1 172.16.1.51‘ /etc/redis.conf
[root@db ~]# systemctl restart redis
[root@db ~]# systemctl enable redis
[root@db ~]# redis-cli
127.0.0.1:6379> KEYS * #查看所有session信息
13. NFS服务 整合WEB节点静态资源至NFS服务器
NFS服务器配置
- 此处以wordpress的图片资源为例
[root@nfs ~]# echo ‘/data/wordpress 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)‘ >> /etc/exports
[root@nfs ~]# mkdir -p /data/wordpress
[root@nfs ~]# chown -R www.www /data/wordpress
[root@nfs ~]# systemctl restart nfs
web节点配置
[root@web01 ~]# mount -t nfs 172.16.1.31:/data/wordpress /simba/wordpress/wp-content/uploads/
[root@web01 ~]# echo ‘172.16.1.31:/data/wordpress /simba/wordpress/wp-content/uploads/ nfs defaults 0 0‘ >> /etc/fstab
14. WEB集群 扩展web节点整合成WEB集群
[root@web02 ~]# groupadd -g666 www && useradd -u666 -g666 www
[root@web02 ~]# systemctl start php-fpm nginx
[root@web02 ~]# scp 172.16.1.7:/etc/yum.repos.d/* /etc/yum.repos.d/
[root@web02 ~]# yum install nginx -y
[root@web02 ~]# rpm -e $(rpm -qa php*)
[root@web02 ~]# yum install php72w php72w-cli php72w-common php72w-devel php72w-embedded php72w-gd php72w-mbstring php72w-pdo php72w-xml php72w-fpm php72w-mysqlnd php72w-opcache php72w-mcrypt php72w-pecl-memcached php72w-pecl-mongodb php72w-pecl-redis php72w-pecl-zip php72w-bcmath -y
[root@web02 ~]# rsync -avz --delete 172.16.1.7:/etc/nginx/ /etc/nginx/
[root@web02 ~]# rsync -avz 172.16.1.7:/etc/php.ini /etc/php.ini
[root@web02 ~]# rsync -avz 172.16.1.7:/etc/php-fpm.d/www.conf /etc/php-fpm.d/www.conf
[root@web02 ~]# rsync -avz --delete 172.16.1.7:/simba /
[root@web02 ~]# rsync -avz --delete 172.16.1.7:/etc/fstab /etc/
[root@web02 ~]# nginx -t
[root@web02 ~]# php-fpm -t
[root@web02 ~]# systemctl restart php-fpm nginx
[root@web02 ~]# systemctl enable php-fpm nginx
15. 跳板机 SSH秘钥对配置
跳板机Manager服务器
- 通过sshpass与脚本配合实现免交互推送公钥,但需要目标主机密码统一
[root@manager ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #秘钥存储路径,默认即可
Created directory ‘/root/.ssh‘.
Enter passphrase (empty for no passphrase): #创建秘钥的密码,不创建
Enter same passphrase again: #回车确认即可
[root@manager ~]# yum install sshpass -y
[root@manager ~]# sed -i ‘/^# StrictHostKeyChecking/c StrictHostKeyChecking no‘ /etc/ssh/ssh_config
[root@manager ~]# mkdir /scripts
[root@manager ~]# vim /scripts/ssh_copy.sh
#! usr/bin/bash
for IP in 172.16.1.{5,6,7,8,9,31,41,51,175}
do
sshpass -p 1 ssh-copy-id -i ~/.ssh/id_rsa.pub root@$IP &> /dev/null
done
[root@manager ~]# ssh root@172.16.1.5 #测试连接其他服务器
Last login: Mon Dec 2 15:08:27 2019 from 10.0.0.1
[root@lb01 ~]# #服务器连接成功
openssh-clients – ssh 客户端 | openssh-server – sshd 服务端
以上是关于利用虚拟机模拟搭建LNMP架构的主要内容,如果未能解决你的问题,请参考以下文章