架构部署
环境准备
主机名 | 角色 | 安装软件 | 外网ip | 内网ip |
---|---|---|---|---|
web01 | 网站服务 | nginx、php | 10.0.0.7 | 172.16.1.7 |
web02 | 网站服务 | nginx、php | 10.0.0.8 | 172.16.1.8 |
db01 | 数据库 | 数据库 | 10.0.0.51 | 172.16.1.51 |
nfs | 共享存储 | nfs-utils | 10.0.0.31 | 172.16.1.31 |
部署web01
# 1.安装nginx
[Thu Jul 22 15:03:12 root@web01 ~]
# yum install -y nginx
# 2.创建用户
[Thu Jul 22 15:11:42 root@web01 ~]
# groupadd www -g 666
[Thu Jul 22 15:12:25 root@web01 ~]
# useradd www -u 666 -g 666 -s /sbin/nologin -M
# 3.nginx主配置文件
[Thu Jul 22 15:13:07 root@web01 ~]
# vim /etc/nginx/nginx.conf
user www;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
#client_max_body_size 200m;(这个是新加进去的,为了优化上传的大小)
# 4.安装php
[Thu Jul 22 15:17:58 root@web01 ~]
# mkdir php
[Thu Jul 22 15:26:51 root@web01 ~]
# cd php/
把打包好的包上传到目录里
[Thu Jul 22 15:26:55 root@web01 ~/php]
# rz -E
rz waiting to receive.
[Thu Jul 22 15:32:16 root@web01 ~/php]
# tar xf php.tgz
[Thu Jul 22 15:33:33 root@web01 ~/php]
# rpm -Uvh *.rpm
# 5.修改php配置文件
[Thu Jul 22 15:37:02 root@web01 ~/php]
# vim /etc/php-fpm.d/www.conf
user = www
group = www
;listen = 127.0.0.1:9000
listen = /code/php71w.sock
# 6.写blog的配置文件
[Thu Jul 22 15:33:42 root@web01 ~/php]
# vim /etc/nginx/conf.d/blog.wk.com.conf
server{
listen 80;
server_name blog.wk.com;
root /code/wordpress;
location / {
index index.php index.html;
}
location ~ \.php$ {
fastcgi_pass unix:/code/php71w.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
# 7.写zh的配置文件
[Thu Jul 22 15:39:26 root@web01 ~/php]
# vim /etc/nginx/conf.d/zh.wk.com.conf
server{
listen 80;
server_name zh.wk.com;
root /code/zh;
location / {
index index.php index.html;
}
location ~ \.php$ {
fastcgi_pass unix:/code/php71w.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
# 8.创建code目录
[Thu Jul 22 15:44:34 root@web01 ~/php]
# mkdir /code
# 9.启动php和nginx服务并加入开机自启
[Thu Jul 22 15:45:10 root@web01 ~/php]
# systemctl start nginx php-fpm
[Thu Jul 22 15:45:43 root@web01 ~/php]
# systemctl enable nginx php-fpm
# 10.检查进程和端口
[Thu Jul 22 15:46:07 root@web01 ~/php]
# ps -ef|grep -E 'nginx|php'
root 8673 1 0 15:45 ? 00:00:00 php-fpm: master process (/etc/php-fpm.conf)
root 8678 1 0 15:45 ? 00:00:00 nginx: master process /usr/sbin/nginx
www 8679 8678 0 15:45 ? 00:00:00 nginx: worker process
www 8680 8673 0 15:45 ? 00:00:00 php-fpm: pool www
www 8681 8673 0 15:45 ? 00:00:00 php-fpm: pool www
www 8682 8673 0 15:45 ? 00:00:00 php-fpm: pool www
www 8683 8673 0 15:45 ? 00:00:00 php-fpm: pool www
www 8684 8673 0 15:45 ? 00:00:00 php-fpm: pool www
root 8705 7599 0 15:46 pts/1 00:00:00 grep --color=auto -E nginx|php
[Thu Jul 22 15:46:41 root@web01 ~/php] (因为PHP是通过sock去连接的 所以看不到端口 避免暴露)
# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 5757/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8678/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6686/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 6847/master
tcp6 0 0 :::111 :::* LISTEN 5757/rpcbind
tcp6 0 0 :::80 :::* LISTEN 8678/nginx: master
tcp6 0 0 :::22 :::* LISTEN 6686/sshd
tcp6 0 0 ::1:25 :::* LISTEN 6847/master
udp 0 0 0.0.0.0:111 0.0.0.0:* 5757/rpcbind
udp 0 0 0.0.0.0:797 0.0.0.0:* 5757/rpcbind
udp6 0 0 :::111 :::* 5757/rpcbind
udp6 0 0 :::797 :::* 5757/rpcbind
# 11.部署代码
[Thu Jul 22 15:47:10 root@web01 ~/php]
# cd /code/
[Thu Jul 22 15:51:19 root@web01 /code](把老师给的WordPress安装包和WeCenter_3-2-1安装包上传进去)
# rz -E
rz waiting to receive.
[Thu Jul 22 15:52:00 root@web01 /code]
# tar xf wordpress.tgz
[Thu Jul 22 16:02:25 root@web01 /code]
# unzip WeCenter_3-2-1.zip
[Thu Jul 22 16:02:25 root@web01 /code]
# mv WeCenter_3-2-1 zh
再删除code目录下其他不用的包 保留剩下的
[Thu Jul 22 16:04:28 root@web01 /code]
# ll
total 8
srw-rw----. 1 root root 0 Jul 22 15:45 php71w.sock
drwxr-xr-x. 6 www www 4096 Jul 22 2021 wordpress
drwx------. 14 root root 4096 Jun 4 2018 zh
# 12.授权
[Thu Jul 22 16:08:40 root@web01 /code]
# chown -R www.www /code/
# 13.域名解析
10.0.0.7 blog.wk.com zh.wk.com
10.0.0.8 blog.wk.com zh.wk.com
# 14.打开浏览器
访问:http://blog.wk.com
访问:http://zh.wk.com
部署db01
# 1.安装mariadb
[Thu Jul 22 23:03:40 root@db01 ~]
# yum install -y mariadb-server
# 2.启动并加入开机自启
[Fri Jul 23 00:29:06 root@db01 ~]
# systemctl start mariadb
[Fri Jul 23 00:29:47 root@db01 ~]
# systemctl enable mariadb
# 3.连接数据库
[Fri Jul 23 00:30:01 root@db01 ~]
# mysql
# 4.创建数据库
MariaDB [(none)]> create database wordpress charset utf8;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> create database zh charset utf8;
Query OK, 1 row affected (0.00 sec)
# 5.创建用户
MariaDB [(none)]> grant all on wordpress.* to wordpress_user@'%' identified by '123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all on zh.* to zh_user@'%' identified by '123';
Query OK, 0 rows affected (0.00 sec)
# 6.检查库是否创建,用户是否创建
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
| wordpress |
| zh |
+--------------------+
6 rows in set (0.00 sec)
MariaDB [(none)]> select user,host from mysql.user;
+----------------+-----------+
| user | host |
+----------------+-----------+
| wordpress_user | % |
| zh_user | % |
| root | 127.0.0.1 |
| root | ::1 |
| | db01 |
| root | db01 |
| | localhost |
| root | localhost |
+----------------+-----------+
8 rows in set (0.00 sec)
网页配置wordpress
如果出现这种目录形式的情况需要授权
网页配置zh
部署web02
# 1.安装nginx
[Thu Jul 22 15:03:22 root@web02 ~]
# yum install -y nginx
# 2.安装php
[Thu Jul 22 16:52:49 root@web01 ~]
# scp -rp php 172.16.1.8:/root
[Thu Jul 22 16:54:42 root@web02 ~]
# cd php/
[Thu Jul 22 16:55:02 root@web02 ~/php]
# rpm -Uvh *.rpm
# 3.创建用户
[Thu Jul 22 16:55:30 root@web02 ~/php]
# groupadd www -g 666
[Thu Jul 22 16:56:04 root@web02 ~/php]
# useradd www -u 666 -g 666 -s /sbin/nologin -M
# 4.拷贝各种被修改的配置文件及站点目录
[Thu Jul 22 16:53:10 root@web01 ~]
# scp /etc/nginx/nginx.conf 172.16.1.8:/etc/nginx/
[Thu Jul 22 16:57:13 root@web01 ~]
# scp /etc/nginx/conf.d/* 172.16.1.8:/etc/nginx/conf.d/
[Thu Jul 22 16:58:37 root@web01 ~]
# scp /etc/php-fpm.d/www.conf 172.16.1.8:/etc/php-fpm.d/
[Thu Jul 22 17:00:13 root@web01 ~]
# scp -rp /code 172.16.1.8:/
# 5.启动并加入开机自启
[Thu Jul 22 16:56:24 root@web02 ~/php]
# systemctl start nginx php-fpm
[Thu Jul 22 17:01:14 root@web02 ~/php]
# systemctl enable nginx php-fpm
# 6.授权
[Thu Jul 22 17:01:42 root@web02 ~/php]
# chown -R www.www /code/
部署nfs
# 1.安装nfs
[Thu Jul 22 17:03:05 root@nfs ~]
# yum install -y nfs-utils
# 2.创建用户
[Thu Jul 22 17:03:05 root@nfs ~]
# groupadd www -g 666
[Thu Jul 22 17:04:03 root@nfs ~]
# useradd www -u 666 -g 666 -s /sbin/nologin -M
# 3.修改配置文件
[Thu Jul 22 17:04:23 root@nfs ~]
# vim /etc/exports
/data/wp_data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/zh_data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
# 4.创建共享目录
[Thu Jul 22 17:05:54 root@nfs ~]
# mkdir /data/{zh,wp}_data/ -p
# 5.授权
[Thu Jul 22 17:06:57 root@nfs ~]
# chown -R www.www /data/{zh,wp}_data/
# 6.启动服务并加入开机自启
[Thu Jul 22 17:07:21 root@nfs ~]
# systemctl start nfs
[Thu Jul 22 17:07:57 root@nfs ~]
# systemctl enable nfs
web挂载nfs
# 1.查看挂载点
[Thu Jul 22 17:00:13 root@web01 ~]
# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/data/zh_data 172.16.1.0/24
/data/wp_data 172.16.1.0/24
# 2.挂载uploads目录
[Thu Jul 22 17:09:19 root@web01 ~]
# mkdir -p /code/wordpress/wp-content/uploads/
[Thu Jul 22 17:10:12 root@web01 ~]
# mount -t nfs 172.16.1.31:/data/wp_data /code/wordpress/wp-content/uploads/
[Thu Jul 22 17:02:08 root@web02 ~/php]
# mkdir -p /code/wordpress/wp-content/uploads/
[Thu Jul 22 17:13:57 root@web02 ~/php]
# mount -t nfs 172.16.1.31:/data/wp_data /code/wordpress/wp-content/uploads/
[Thu Jul 22 17:13:14 root@web01 ~]
# mount -t nfs 172.16.1.31:/data/zh_data /code/zh/uploads/
[Thu Jul 22 17:14:26 root@web02 ~/php]
# mount -t nfs 172.16.1.31:/data/zh_data /code/zh/uploads/
Nginx进阶反向代理
Nginx的反向代理
正向代理
反向代理
反向代理模块
反向代理模式 | Nginx配置模块 |
---|---|
http、websocket、https | ngx_http_proxy_module |
fastcgi | ngx_http_fastcgi_module |
uwsgi | ngx_http_uwsgi_module |
grpc | ngx_http_v2_module |
环境准备
主机名 | 角色 | 外网ip | 内网ip |
---|---|---|---|
lb01 | 反向代理服务器 | 10.0.0.5 | 172.16.1.5 |
web01 | 被代理的服务器 | 10.0.0.7 | 10.0.0.7 |
部署代理服务器
# 1.安装nginx
[Fri Jul 23 04:29:40 root@lb01 ~]
# yum install -y nginx
# 2.修改nginx的配置文件
[Fri Jul 23 04:29:40 root@lb01 ~]
# vim /etc/nginx/conf.d/proxy.conf
server{
listen 80;
server_name blog.wk.com;
location / {
proxy_pass http://172.16.1.7:80;
}
}
# 3.本地域名解析C:\Windows\System32\drivers\etc\hosts
10.0.0.5 blog.wk.com
## 代理172.16.1.7的80端口
proxy_pass http://172.16.1.7:80;
## 存在问题,后端网站是通过IP访问的,没有通过域名
proxy_set_header Host $http_host; ## 将域名放入请求头中,带到后端
server{
listen 80;
server_name zh.wk.com;
location / {
proxy_pass http://172.16.1.7:80;
proxy_set_header Host $http_host;
}
}
## 存在问题,后端无法获取真实用户IP,只能获取代理服务器IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## 透传用户的真实ip到web服务
器
server{
listen 80;
server_name zh.wk.com;
location / {
proxy_pass http://172.16.1.7:80;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
[Fri Jul 23 04:55:58 root@lb01 ~]
# vim /etc/nginx/proxy_params
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_connect_timeout 60;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
#(这是把优化的内容全部放到一个目录下,在带进配置文件中)
[Fri Jul 23 05:11:32 root@lb01 ~]
# vim /etc/nginx/conf.d/proxy.conf
server{
listen 80;
server_name zh.wk.com;
location / {
proxy_pass http://172.16.1.7:80;
include /etc/nginx/proxy_params;
}
}