第十一周作业
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了第十一周作业相关的知识,希望对你有一定的参考价值。
1、源码编译安装LNMP架构环境;
1.1安装nginx服务
配置管理的用户组
groupadd -r nginx
useradd -r -g niginx nginx
编译安装文件
yum install pcre-devel #安装必须的包
cd /pkg/ningx-1.6.1
./configure \
--prefix=/usr/local/nginx \
--sbin-path=/usr/local/nginx/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_flv_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--http-client-body-temp-path=/var/tmp/nginx/client/ \
--http-proxy-temp-path=/var/tmp/nginx/proxy/ \
--http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ \
--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \
--http-scgi-temp-path=/var/tmp/nginx/scgi \
--with-pcre
make && make install
提供启动脚本并修改主配置文件
新建文件/etc/rc.d/init.d/nginx,内容如下:
#!/bin/bash
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /var/run/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/sbin/nginx" #ngxin命令所在的位置
prog=$(basename $nginx)
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx # 必须与安装时的LOCKFILE一致
make_dirs() {
# make required directories
user=`nginx -V 2>&1 | grep "configure arguments:" | sed ‘s/[^*]*--user=\([^ ]*\).*/\1/g‘ -`
options=`$nginx -V 2>&1 | grep ‘configure arguments:‘`
for opt in $options; do
if [ `echo $opt | grep ‘.*-temp-path‘` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
chmod +x /etc/rc.d/init.d/nginx 增加脚本的执行权限
chkconfig --add nginx 添加启动
chkconfig nginx on
修改主配置文件vim /etc/ngxin/ngxin.conf
配置用到的用户名和组
配置PID文件的位置
增加use epoll模型
启动服务
echo "export PATH=/usr/local/nginx/sbin:$PATH" > /etc/profile.d/nginx
service nginx start
1.2安装mariad服务器
配置管理的用户组
groupadd -r mysql
useradd -r -g mysql mysql -s /sbin/nologin -d /mydata/data
将软件包解压到/usr/local/
软连接文件到/usr/local/mysql
ln -sv /usr/local/mariadb /usr/local/mysql
创建数据库的数据目录
mkdir /mydata/data
chown -R mysql:mysql /mydata/data
编译安装文件
cd /usr/local/mysql
chown -R root:mysql .
scripts/mysql_install_db --user=mysql --datadir=/mydata/data
提供启动脚本并修改主配置文件
cp support-files/my.large.cnf /etc/mariadb/my.cnf
修改配置文件
datadir = /mydata/data
innodb_file_per_table=on
skip_name_resovle=on
提供脚本
cp support-files/mysqld.service /etc/rc.d/init.d/mysqld
启动服务
echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysqld
service mysqld start
1.3安装php
安装依赖的包
yum install libmcrypt-2.5.8-4.el5.centos.i386.rpm
yum install libmcrypt-devel-2.5.8-4.el5.centos.i386.rpm
yum install mhash-0.9.9-1.el5.centos.i386.rpm
yum install mhash-devel-0.9.9-1.el5.centos.i386.rpm
yum install mcrypt-2.6.8-1.el5.i386.rpm
yum install libxml2-devel
yum install libxml2
编译安装文件
./configure --prefix=/usr/local/php \
--with-mysql=/usr/local/mysql \
--with-openssl \
--enable-fpm \
--enable-sockets \
--enable-sysvshm \
--with-mysqli=/usr/local/mysql/bin/mysql_config \
--enable-mbstring \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib-dir \
--with-libxml-dir=/usr \
--enable-xml \
--with-mhash \
--with-mcrypt \
--with-config-file-path=/etc \
--with-config-file-scan-dir=/etc/php.d \
--with-bz2 \
--with-curl \
--with-mcrypt
make
make install
提供主配置文件
cp php.ini-production /etc/php.ini
提供PHP-FPM脚本的配置
cp sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm
chmod +x /etc/rc.d/init.d/php-fpm
配置PHP-FPM
# vim /usr/local/php/etc/php-fpm.conf
pm.max_children = 150
pm.start_servers = 8
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pid = /usr/local/php/var/run/php-fpm.pid
启动服务
chkconfig --add php-fpm
chkconfig php-fpm on
1.4整合nginx和PHP5
1、编辑/etc/nginx/nginx.conf,启用如下选项:
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
2、编辑/etc/nginx/fastcgi_params,将其内容更改为如下内容:
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
并在所支持的主页面格式中添加php格式的主页,类似如下:
location / {
root html;
index index.php index.html index.htm;
}
而后重新载入nginx的配置文件:
# service nginx reload
3、在/usr/html新建index.php的测试页面,测试php是否能正常工作:
# cat > /usr/local/nginx/html/index.php << EOF
<?php
phpinfo();
?>
EOF
1.5安装PHP加速器xcache
/usr/local/php/bin/phpize
./configure --enable-xcache --with-php-config=/usr/lcoal/php/bin/php-config
make && make install
mkdir /etc/php.d
cp xcache.ini /etc/php.d
vim /etc/php.d/xcache.ini
zend_extension = /usr/local/php/lib/php/extensions/no-debug-zts-20100525/xcache.so
service php-fpm restart
---------------------------------------------------------------
2、编写一个脚本完成以下功能:
(1)、一键搭建LNMP源码编译环境;
(2)、可通过在脚本后面跟上一些参数来自定义安装目录等其他选项。
需要提供的文件
将解压后的nginx ,mariadb , php xcache文件放到一个目录中
文件的组织 (主配置文件为实现配置好的已经提供基本功能的源主配置文件的修改)
脚本用到的目录说明
主目录为/pkg/{nginx,mysql,php,xcache}
文件名命名规则:
程序名-主版本号.此版本号.修订号 这个目录下的文件为解压存放的位置
程序名.start 为启动脚本
程序名.conf为配置文件
程序名.oter 其它用途的包
用到的程序包为
nginx
mysql
php
xcache
该脚本为centos6使用
#!/bin/bash
#
#usage :
# install_lamp.sh nginx_user nginx_group nginx_dir mysql_user mysql_group mysql_dir mysql_data php_dir
# example :
# intsll -anginx -bnginx
# or
# intall --nginx_u=nginx --mysql_u=mysql
# if you do not give any argument , it will use the default argument
# read the options
TEMP=`getopt -o a::b::c::m::l::n::o::p:: --long nginx_u::,nginx_g::,nginx_dir::,mysql_u::,mysql_g::,mysql_dir::,mysql_data::,php_dir:: -n ‘test8.sh‘ -- "[email protected]"`
eval set -- "$TEMP"
# use the default varible
nginx_user=‘nginx‘
nginx_group=‘nginx‘
nginx_install_dir=‘/usr/local/nginx‘
mysql_user=‘mysql‘
mysql_group=‘mysql‘
mysql_install_dir=‘/usr/local/mysql‘
mysql_data_dir=‘/mydata/data‘
php_install_dir=‘/usr/local/php‘
#the program version that must be same the pkg path
temp_mysql=mariadb-5.5.36
temp_nginx=nginx-1.6.1
temp_php=php-5.4.26
temp_xcache=xcache-3.1.0
# extract options and their arguments into variables.
while true ; do
case "$1" in
-a | --nginx_u)
case "$2" in
"") shift 2 ;;
*) nginx_user=$2 ; shift 2 ;;
esac ;;
-b | --nginx_g)
case "$2" in
"") shift 2 ;;
*) nginx_group=$2 ; shift 2 ;;
esac ;;
-c | --nginx_dir)
case "$2" in
"") shift 2 ;;
*) nginx_install_dir=$2 ; shift 2 ;;
esac ;;
-m | --mysql_u)
case "$2" in
"") shift 2 ;;
*) mysql_user=$2 ; shift 2 ;;
esac ;;
-l | --mysql_g)
case "$2" in
"") shift 2 ;;
*) mysql_group=$2 ; shift 2 ;;
esac ;;
-n | --mysql_dir)
case "$2" in
"") shift 2 ;;
*) mysql_install_dir=$2 ; shift 2 ;;
esac ;;
-o | --mysql_data)
case "$2" in
"") shift 2 ;;
*) mysql_data_dir=$2 ; shift 2 ;;
esac ;;
-p | --php_dir)
case "$2" in
"") shift 2 ;;
*) php_install_dir=$2 ; shift 2 ;;
esac ;;
--) shift ; break ;;
*) echo "Internal error!" ; exit 1 ;;
esac
done
# list the user enter or default
echo "please check , you enter is list:"
echo "-----------------------------"
echo "nginx ===== user=$nginx_user, group=$nginx_group, dir=$nginx_install_dir"
echo "------------------------------"
echo "mysql ===== user=$mysql_user, group=$mysql_group, dir=$mysql_install_dir, date=$mysql_data_dir"
echo "-------------------------------"
echo "php ======== dir=$php_install_dir"
# check the argument
read -p "Do you sure all this above is right ? enter----quit----to exit , other to continue: " sigle
if [ $sigle == quit ] ;then
exit 0
fi
#check the enter if there are no existed ,it will be created
echo "-----------------------------------"
echo "check the nginx "
id -gn $nginx_group || groupadd -r $nginx_group && && echo "the group was created"
id -un $nginx_user || useradd -r $nginx_user -g $nginx_group && echo "the user was created"
[[ -d `dirname $nginx_install_dir` ]] || mkdir -pv $(dirname $nginx_install_dir) && echo " echo path was created"
echo "-----------------------------------"
echo "check the msyql "
id -gn $mysql_group || groupadd -r $mysql_grup && echo "the group was created"
id -un $mysql_user || useradd -r $mysql_user -g $mysql_group -s /sbin/nologin && echo "the user was create"
# the mysql must be link to /usr/local/mysql ,if this path to be use ,the program will be stop
[[ -e /usr/local/mysql ]] && echo " the dir is existed , please check the path" && exit 0
[[ -d `dirname $mysql_install_dir` ]] || mkdir -pv $(dirname $mysql_install_dir) && echo " echo path was created"
[[ -d $mysql_data_dir ]] || mkdir -pv $mysql_data_dir && chwon -R ${mysql_user}:${mysql_group} $mysql_data_dir && echo " echo path was created"
echo "-----------------------------------"
echo "check the php "
[[ -d `dirname $nginx_install_dir` ]] || mkdir -pv $(dirname $nginx_install_dir) && echo " echo path was created"
# begin to install
echo "+++++++++++++++++++++++++++++++++++++++++++++++++"
echo "+++++++++++++++++++++++++++++++++++++++++++++++++"
echo "Begin to install nginx"
yum -y install pcre-devel &> /dev/null
cd /pkg/nginx/${temp_nginx}
echo "0" > /pkg/temp.nginx
./configure --prefix=$nginx_install_dir --sbin-path=$nginx_dir/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/subsys/nginx.lock --user=$nginx_user --group=$nginx_group --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --http-client-body-temp-path=/var/tmp/nginx/client/ --http-proxy-temp-path=/var/tmp/nginx/proxy/ --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-pcre >> /pkg/temp.nginx
make && make install >> /pkg/temp.nginx
echo "------------------------"
echo "the complied is completed"
# modfile the chown
chown -R root:$nginx_user /var/tmp/nginx
#provide the start scripts
cp /pkg/nginx/nginx.start /etc/rc.d/init.d/nginx
chmod +x /etc/rc.d/init.d/nginx
chkconfig --add nginx
chkconfig nginx on
echo "export PATH=/usr/local/nginx/sbin:$PATH" > /etc/profile.d/nginx
source /etc/profile.d/nginx
chown -R root:$nginx_user /var/tmp/nginx
service nginx start > /dev/null
netstat -tnl | grep :80 && echo "the nginx install completed " || echo "the nginx is fail " && exit 0
echo "+++++++++++++++++++++++++++++++++++++++++++++++++"
echo "+++++++++++++++++++++++++++++++++++++++++++++++++"
echo "Begin to install mysql"
echo "0" > /pkg/temp.mysql
cp -r /pkg/mysql/${temp_mysql} $(dirname $mysql_install_dir) &>> /pkg/temp.mysql
cd $(dirname $mysql_install_dir) &>> /pkg/temp.mysql
ln -sv $temp_mysql /usr/local/mysql
cd /usr/local/mysql &>> /pkg/temp.mysql
chown -R root:mysql .
./scripts/mysql_install_db --user=$mysql_user --datadir=$mysql_data_dir
cp support-files/my-large.cnf /etc/my.cnf
cp support-files/mysql.service /etc/rc.d/init.d/mysqld
echo "export PATH=/usr/local/mysql/sbin:$PATH" > /etc/profile.d/mysql
source /etc/profile.d/mysql
chown ${mysql_user}:${mysql_group} ${mysql_data}
chkconfig --add mysqld
chkconfig mysqld on
echo "+++++++++++++++++++++++++++++++++++++++++++++++++"
echo "+++++++++++++++++++++++++++++++++++++++++++++++++"
echo "Begin to install php"
#install the necessay package
yum install -y libmcrypt-2.5.8-4.el5.centos.i386.rpm &> /dev/null
yum install -y libmcrypt-devel-2.5.8-4.el5.centos.i386.rpm &> /dev/null
yum install -y mhash-0.9.9-1.el5.centos.i386.rpm &> /dev/null
yum install -y mhash-devel-0.9.9-1.el5.centos.i386.rpm &> /dev/null
yum install -y mcrypt-2.6.8-1.el5.i386.rpm &> /dev/null
yum install -y libxml2-devel.x86_64 &> /dev/null
yum install -y libxml2.x86_64 &> /dev/null
yum install -y libcurl-devel.x86_64 &> /dev/null
cd /pkg/php/$temp_php
echo "0" > /pkg/temp.php
./configure --prefix=$php_install_dir --with-mysql=/usr/local/mysql --with-openssl --enable-fpm --enable-sockets --enable-sysvshm --with-mysqli=/usr/local/mysql/bin/mysql_config --enable-mbstring --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib-dir --with-libxml-dir=/usr --enable-xml --with-mhash --with-mcrypt --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 --with-curl --with-mcrypt &>> /temp.php
make -j 4 && make install -j 4 >> /temp.php
#provide the PHP configure
cp php.ini-production /etc/php.ini
#provide the PHP-FPM start scripts
cp sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm
chmod +x /etc/rc.d/init.d/php-fpm
#modify the PHP-FPM
cat > $php_install_dir/etc/php-fpm.conf << EOF
pm.max_children = 150
pm.start_servers = 8
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pid = $php_install_dir/var/run/php-fpm.pid
EOF
chkconfig --add php-fpm
chkconfig php-fpm on
cat > /etc/nginx/nginx.conf << EOF
# this is for PHP start , please modfile this
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
location / {
root html;
index index.php index.html index.htm;
}
# this is for php end
EOF
cp /etc/nginx/fastcgi_param /etc/nginx/fastcgi_param.back
echo "0" > /etc/nginx/fastcgi_param
cat > /etc/nginx/fastcgi_params << EOF
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
cat > /usr/html/index.php << EOF
<?php
phpinfo();
?>
echo "+++++++++++++++++++++++++++++++++++++++++++++++++"
echo "+++++++++++++++++++++++++++++++++++++++++++++++++"
echo "Begin to install xcache"
cd /pkg/xcache/$temp_xcache
./configure --enable-xcache --with-php-config=${php_install_dir}/bin/php-config
make && make install
mkdir /etc/php.d
cp xcache.ini /etc/php.d
cat > /etc/php.d/xcache.ini << EOF
extension = /usr/local/php/lib/php/extensions/no-debug-zts-20100525/xcache.so
EOF
启动安装的程序
程序出错的检查
配置文件由于需要提前配置所以提供的配置文件为默认的配置当用户改变了默认的配置需要手动修改
中间出错可以到相应的安装文件中查找
Nginx 为/pkg/temp.nginx
MySQL为/pkg/temp.mysql
php为 /pkg/temp.php
-------------------------------------------------------------------------------------------
3、结合图形描述LVS的工作原理;
lvs 工作在四层,来实现负载均衡
当用户请求应用时,发送包到达LVS服务器所在的交换机。
首先接收用户响应的为DR即调度服务器,调度服务器接收到用户发来的数据包,发给RS即后端服务器
当在进行转发时,DR根据RS即后端服务器状态并依据配置的调度算法来转发请求
DR相当于一个代理服务器,用户并不知道转发的过程,对用户透明。
RS处理完用户的请求后依据不同的LVS模型进行相应的转发。
------------------------------------------------------------------------------------
4、阐述varnish的功能及其应用场景,并通过实际的应用案例来描述配置、测试、调试过程。
4.1常见缓存工具
nginx , cache (disk)
squid 在负载较重时使用效果好,逐步被varnish替代
varnish(disk,memory) 轻量级环境中,年轻态的产品,
推荐使用varnish作为专用的缓存
4.2使用
varnish 为开源的缓存服务器解决方案;
是DSL的编程语言;
对CPU性能要求不够但对I/O要求高;
缓存请求页面的可缓存页面,并依据页面的新鲜度来确定时候向后端服务器取数据;
常布置在后端服务器与前端服务器主机作为缓存服务器,来加快用户的请求访问速度;
能够根据不同的请求方法采用不同的策略来决定请求的流向;
4.3配置
安装LNMP服务,并安装VARNISH服务
vim /etc/varnish/default.vcl
配置服务器
配置的选项
ACL的配置,用来允许一部分用户来进行管理的操作
配置需要缓存的服务的相关参数
配置接收到的ACL的处理,如只允许标准化组织定义的操作,而拒绝其他操作
配置需要分类处理的,如动静分离,而采用不同的缓存。或者不需缓存的数据
配置可进行purge的管理IP,防止其他人误操作使缓存清空
acl purge {
"localhost";
"127.0.0.1";
"192.168.188.0"/24;
}
后端服务器
backend web1 {
.host = "192.168.188.100";
.port = "80";
.connect_timeout = 1s; #连接超时时间
.first_byte_timeout = 8s;
.between_bytes_timeout = 5s;
.probe = {
.url = "/test1.html";
}
}
backend web2 {
.host = "192.168.188.101";
.port = "80";
.connect_timeout = 1s; #连接超时时间
.first_byte_timeout = 8s;
.between_bytes_timeout = 5s;
.probe = {
.url = "/test1.html";
}
}
定义集群
director realserver random {
{
.backend = web1;
.weight = 5;
}
{
.backend = web2;
.weight = 6;
}
}
缓存服务器接收到请求后的处理
sub vcl_recv {
如果请求为PURGE则只允许授权的访问
if (req.request == "PURGE") {
if (!client.ip ~ purge)
{
error 405 "Not allowed.";
}
return(lookup);
}
if (req.request == "REPURGE") {
if (!client.ip ~ purge) {
error 405 "Not allowed.";
}
ban("req.http.host == " + req.http.host + " && req.url ~ " + req.url);
error 200 "Ban OK";
}
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
}
else {
set req.http.X-Forwarded-For = client.ip;
}
}
if (req.request != "GET" &&
req.request != "HEAD" &&
req.request != "PUT" &&
req.request != "POST" &&
req.request != "TRACE" &&
req.request != "OPTIONS" &&
req.request != "DELETE") {
/* Non-RFC2616 or CONNECT which is weird. */
return (pipe);
}
if (req.request != "GET" && req.request != "HEAD") {
/* We only deal with GET and HEAD by default */
return (pass);
}
if (req.http.Authorization) {
/* Not cacheable by default */
return (pass);
}
# set req.grace = 4h;
if (req.request != "GET" && req.request != "HEAD") {
return(pipe);
}
elseif (req.url ~ ".(php|cgi)($|?)") #动态页面直接通过,不缓存
{
return(pass);
}
return(lookup);
}
命中后的处理
sub vcl_hit {
if (req.request == "PURGE") {
set obj.ttl = 0s;
error 200 "Purged.";
}
}
没有命中的处理
sub vcl_miss
{
return (fetch);
}
取数据
sub vcl_fetch
{
##对访问中get有包含jpg,png等格式的文件进行缓存,缓存时间为7天,s为秒
if (req.request == "GET" && req.url ~ ".(js|css|mp3|jpg|png|gif|swf|jpeg|ico)$")
{
set beresp.ttl = 7d;
}
##对访问get中包含htm等静态页面,缓存300秒
if (req.request == "GET" && req.url ~ "/[0-9].htm$")
{
set beresp.ttl = 300s;
}
return (deliver);
}
添加在页面head头信息中查看缓存命中情况
sub vcl_deliver
{
set resp.http.x-hits = obj.hits ;
if (obj.hits > 0)
{
set resp.http.X-Cache = "HIT cqtel-bbs";
}
else
{
set resp.http.X-Cache = "MISS cqtel-bbs";
}
}
登录浏览器打开网页查看是否缓存,根据配置的obj
如果缓存可以使用F5强制刷新不使用缓存
------------------------------------------------------------------------------------
5、搭建一套LVS-DR模型的高性能集群,并用Keepalived实现nginx与lvs的高可用集群,同时实现以下功能:
(1)、wordpress程序通过nfs共享给各个realserver;
(2)、后端realserver中的nginx和php分离
一、配置前的说明:
1.1用到的设备
前端两台服务用来调度,
后端两台RS用来提供服务,
由于NGING和PHP分离故提供另外的一台主机安装PHP
由于PHP需要数据库所以安装MySQL,
为了共享安装NFS文件共享服务
workpress也安装在这台服务器上
二、配置说明
2.1集群配置前的准备
1、同步时间(所有机器的时间向一台服务器同步),也可以配置NTP服务器来同步时间
ntpdate 192.168.188.31
2、配置集群服务的主机名
hostname dr1.magedu.com
hostname dr2.magedu.com
hostname rs1.mangedu.com
hostname rs2.magedu.com
hostname backen.magedu.com
3、配置/etc/hosts文件,加快域名的解析速度
192.168.80.131 dr1.magedu.com
192.168.80.132 dr1.magedu.com
192.168.80.133 rs1.mangedu.com
192.168.80.135 rs2.magedu.com
192.168.80.136 backen.magedu.com
2.3、共享用户的配置(在RS 和 BACKEN 服务器上配置, 配置的内容要相同以方便共享访问)
groupadd -r -g 498 nginx
useradd -r -g 498 -u 498 nginx
2.4、在后端服务器上安装NFS ,PHP , MYSQL , 如要加快PHP的访问可以安装xcache
安装nfs服务(在backed的服务器上安装)
创建共享的目录并配置用户和组为nginx
mkdir -pv /data/wordpress
chown nginx:ngxin /data/wordpress
vim /etc/exports
/data/wordpress (rw,no_root_squash)
service nfs start
安装MYSQL服务
仅为配置PHP服务一般安装即可
安装php 服务
配置服务通过fastcgi接口与远端的NGINX服务联系
vim /usr/local/php/etc/php-fpm.conf
listen = 192.168.80.136:9000 #监听物理网卡地址,供其它机器调用
user = nginx ##php-fpm以nginx用户运行
group = nginx
在共享目录下放置wordpress
修改wordpress配置
cp -a workpress /data/wordpress
cp wp-config-sample.php wp-config.php
vim wp-config.php
define name wpdb
define user wpuser
define db passwd wppasswd
登录数据库MYSQL创建用户并允许远端访问
mysql
GRADN ALL ON wpdb.* TO ‘‘wpuser‘@‘localhost‘ IDENTIFIED BY ‘wppasswd‘;
GRADN ALL ON wpdb.* TO ‘‘wpuser‘@‘192.168.%.%‘ IDENTIFIED BY ‘wppasswd‘;
CREATE DATABASE wpdb;
FLUSH PRIVILEGES
EXIT
2.5、安装nginx服务器(两台RS服务器上安装)
挂在后端服务器共享的目录(两台RS都要挂载)
mkdir -pv /www/wordpress
mount -t nfs 192.168.188.136:/data/wordpress /www/wordpress
编译安装nginx一定要启用fastcgi能于远端的PHP配合
并修改主配置文件
用户为nginx 组为nginx
并启用php, 配置监听的服务地址为php服务器的地址
location / {
root /www;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /www;
fastcgi_pass 192.168.188.136:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
修改两台服务器的内核参数来配置LVS-dr模型
推荐使用脚本修改
DR类型RS脚本示例:
#!/bin/bash
#
vip=192.168.80.100
interface="lo:0"
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $interface $vip broadcast $vip netmask 255.255.255.255 up
route add -host $vip dev $interface
;;
stop)
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $interface down
;;
status)
if ifconfig lo:0 |grep $vip &> /dev/null; then
echo "ipvs is running."
else
echo "ipvs is stopped."
fi
;;
*)
echo "Usage: `basename $0` {start|stop|status}"
exit 1
esac
需要时启用脚本不需要时,恢复内核参数
2.6、安装sorry server和 keepalive LVS-DR(在两台调度器上安装,一台为主一台为从)
两台DR提供SORRY server
直接安装HTTPD服务即可,提供一个SORRY SERVER页面
echo "this is for sorry server" > /var/www/html/index.html
安装keepalive (两台前端调度服务都需要安装)
yum install keepalive
配置示例:
(rs1.magedu.com和rs2.magedu.com的配置基本相同相同
配置一台另一台直接拷贝配置,以减少出错
但要注意一台实例配置为主,另一台配置为从
)
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_mcast_group 224.0.1.100
}
vrrp_script chk_mt {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 84ae57f7f4f6
}
virtual_ipaddress {
192.168.80.100/16 dev eth0 label eth0:1
}
track_script {
chk_mt
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.80.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.0.0
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.80.133 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.80.135 80 {
weight 2
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
启动服务
service keepalived start
提供keepalive服务转换的脚本
通知脚本:(编写的脚本保存到/etc/keepalived/notify.sh)
#!/bin/bash
vip=192.168.80.100
contact=‘[email protected]‘
notify() {
mailsubject="`hostname` to be $1: $vip floating"
mailbody="`date ‘+%F %H:%M:%S‘`: vrrp transition, `hostname` changed to be $1"
echo $mailbody | mail -s "$mailsubject" $contact
}
case "$1" in
master)
notify master
exit 0
;;
backup)
notify backup
exit 0
;;
fault)
notify fault
exit 0
;;
*)
echo ‘Usage: `basename $0` {master|backup|fault}‘
exit 1
;;
esac
chmod +x /etc/keepalived/notify.sh
以上是关于第十一周作业的主要内容,如果未能解决你的问题,请参考以下文章