一、环境准备预设
节点名
操作系统
IP地址
用途
软件安装
web1-qjx
CentOs7.9
192.168.10.10/24
web应用服务器1
PHP7.4;Nginx1.20.1
web2-qjx
CentOs7.9
192.168.10.20/24
web应用服务器2
PHP7.4;Nginx1.20.1
store-qjx
CentOs7.9
192.168.10.30/24
存储服务器
MySQL5.7;Redis7.0.5
lvs-qjx
CentOs7.9
外网:192.168.20.100/24内网:192.168.10.40/24
负载均衡调节器
ipvsadm
二、基础环境搭建 1、搭建web应用服务器 (1)虚拟机设置
(2)修改主机名 1 2 3 [root@localhost ~]# hostnamectl set-hostname web1-qjx [root@localhost ~]# bash [root@web1-qjx ~]#
(3)修改网卡配置 web1服务器
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [root@web1-qjx ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static IPADDR=192.168.20.10 GATEWAY=192.168.20.2 NETMASK=255.255.255.0 PREFIX=24 DNS1=8.8.8.8 DNS2=114.114.114.114 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=69df4dde-342a-4ef7-a14c-a0d2e977af8a DEVICE=ens33 ONBOOT=yes
web2服务器
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [root@web2-qjx ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static IPADDR=192.168.20.20 GATEWAY=192.168.20.2 NETMASK=255.255.255.0 PREFIX=24 DNS1=8.8.8.8 DNS2=114.114.114.114 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=69df4dde-342a-4ef7-a14c-a0d2e977af8a DEVICE=ens33 ONBOOT=yes
此时的网络需要联通外网,直到web应用服务器所需的PHP与Nginx安装好才能让其不与外网相通
(4)重启网卡 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [root@web1-qjx ~]# systemctl restart network [root@web1-qjx ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:0c:12:e7 brd ff:ff:ff:ff:ff:ff inet 192.168.20.10/24 brd 192.168.20.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::fd24:eede:5ece:baff/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:9b:7c:e1 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:9b:7c:e1 brd ff:ff:ff:ff:ff:ff
(5)关闭防火墙及selinux 关闭防火墙
1 2 3 4 [root@web1-qjx ~]# systemctl stop firewalld [root@web1-qjx ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
临时关闭selinux
1 2 3 [root@web1-qjx ~]# setenforce 0 [root@web1-qjx ~]# getenforce Permissive
永久关闭selinux,永久关闭需要重启虚拟机才能生效
1 2 3 4 5 6 7 8 9 10 11 12 [root@web1-qjx ~]# vim /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
(6)关闭swap 临时关闭
1 [root@web1-qjx ~]# swapoff -a
永久关闭
1 [root@web1-qjx ~]# sed -i "s/\/dev\/mapper\/centos-swap/\#\/dev\/mapper\/centos-swap/g" /etc/fstab
永久关闭需要重启虚拟机生效
(7)编译安装PHP7.4 安装相关依赖
1 [root@web1-qjx ~]# yum install gd zlib zlib-devel openssl openssl-devel libxml2 libxml2-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libmcrypt libmcrypt-devel -y
安装gcc
1 [root@web1-qjx ~]# yum install gcc -y
安装sqlite-devel
1 [root@web1-qjx ~]# yum install sqlite-devel -y
安装 oniguruma oniguruma-devel
1 2 [root@web1-qjx ~]# yum -y install http://down.24kplus.com/linux/oniguruma/oniguruma-6.7.0-1.el7.x86_64.rpm [root@web1-qjx ~]# yum -y install http://down.24kplus.com/linux/oniguruma/oniguruma-devel-6.7.0-1.el7.x86_64.rpm
安装libzip
libzip的版本必须大于0.11 且 不能等于1.3.1或者1.7.0
安装所需依赖
1 [root@web1-qjx ~]# yum install perl perl-devels -y
卸载旧的版本
1 [root@web1-qjx ~]# yum remove libzip -y
https://libzip.org/download/libzip-1.3.2.tar.gz下载源码包,将源码包上传到虚拟机进行编译安装
1 2 3 4 5 [root@web1-qjx ~]# tar -zxvf libzip-1.3.2.tar.gz [root@web1-qjx ~]# cd libzip-1.3.2 [root@web1-qjx libzip-1.3.2]# ./configure [root@web1-qjx libzip-1.3.2]# make && make install [root@web1-qjx libzip-1.3.2]# export PKG_CONFIG_PATH="/usr/local/lib/pkgconfig/"
编译安装PHP7.4.27
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 # 切换目录 [root@web1-qjx ~]# cd /usr/local/src # 下载源码包 [root@web1-qjx src]# wget --no-check-certificate https://www.php.net/distributions/php-7.4.27.tar.gz # 解压软件包 [root@web1-qjx src]# tar -zxvf php-7.4.27.tar.gz # 创建PHP安装目录 [root@web1-qjx src]# mkdir /usr/local/php # 进入解压后的PHP源码目录 [root@web1-qjx src]# cd php-7.4.27 # 预编译 [root@web1-qjx php-7.4.27]# ./configure --prefix=/usr/local/php --enable-gd --enable-mysqlnd --enable-mbstring --enable-fpm --enable-pcntl --enable-xml --with-freetype --with-pdo-mysql=mysqlnd --with-openssl --with-zip --with-jpeg --without-pear --with-mysqli --with-zlib --with-pdo-sqlite --with-kerberos --disable-phar # 编译安装 [root@web1-qjx php-7.4.27]# make && make install
./configure 预编译参数说明
prefix=/usr/local/php-7.4.27 指定编译安装的目录
安装完成后的配置
1 2 3 4 5 6 7 8 9 10 11 # 将PHP源码包中的 php.ini-development 或 php.ini-production 复制到安装好的PHP lib目录中并改名为 php.ini [root@web1-qjx php-7.4.27]# cp php.ini-development /usr/local/php/lib/php.ini # 添加环境变量,编辑 /etc/profile 文件 [root@web1-qjx php-7.4.27]# vim /etc/profile # 此处为编辑内容,末尾处添加 PATH=$PATH:/usr/local/php/bin export PATH # 环境变量生效 [root@web1-qjx php-7.4.27]# source /etc/profile
php-fpm
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 # 进入安装好的 etc 目录 ,复制一份 php-fpm 配置文件 [root@web1-qjx php-7.4.27]# cd /usr/local/php/etc/ [root@web1-qjx etc]# cp php-fpm.conf.default php-fpm.conf # 进入安装好的 etc/php-fpm.d 目录,复制一份 www.conf 配置文件 [root@web1-qjx etc]# cd php-fpm.d [root@web1-qjx php-fpm.d]# cp www.conf.default www.conf # 设置 php-fpm 软链接 [root@web1-qjx php-fpm.d]# ln -s /usr/local/php/sbin/php-fpm /usr/sbin/ # 启动 php-fpm [root@web1-qjx php-fpm.d]# php-fpm # 查看进程 [root@web1-qjx php-fpm.d]# ps -ef | grep php-fpm root 58506 1 0 22:50 ? 00:00:00 php-fpm: master process (/usr/local/php/etc/php-fpm.conf) nobody 58507 58506 0 22:50 ? 00:00:00 php-fpm: pool www nobody 58508 58506 0 22:50 ? 00:00:00 php-fpm: pool www root 58524 9403 0 22:51 pts/0 00:00:00 grep --color=auto php-fpm [root@web1-qjx php-fpm.d]# ps -aux | grep php-fpm root 58506 0.0 0.2 193332 4020 ? Ss 22:50 0:00 php-fpm: master process (/usr/local/php/etc/php-fpm.conf) nobody 58507 0.0 0.2 195416 3904 ? S 22:50 0:00 php-fpm: pool www nobody 58508 0.0 0.2 195416 3904 ? S 22:50 0:00 php-fpm: pool www root 58532 0.0 0.0 112824 988 pts/0 R+ 22:51 0:00 grep --color=auto php-fpm # 查看相关进程数量 [root@web1-qjx php-fpm.d]# ps -ef | grep php-fpm | grep -v grep | wc -l 3 # 查看端口 [root@web1-qjx php-fpm.d]# netstat -tnl | grep 9000 tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN
配置 php-fpm 开机启动,将 php-fpm 添加至 service 服务
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 # 将源码目录 sapi/fpm 下的 init.d.php-fpm 复制到 /etc/init.d 目录下并改名为 php [root@web1-qjx php-fpm.d]# cp /usr/local/src/php-7.4.27/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm [root@web1-qjx php-fpm.d]# chmod +x /etc/init.d/php-fpm # 添加系统服务 [root@web1-qjx php-fpm.d]# chkconfig --add php-fpm # 开启服务 [root@web1-qjx php-fpm.d]# chkconfig php-fpm on # 查看是否添加成功 [root@web1-qjx php-fpm.d]# chkconfig --list php-fpm 注:该输出结果只显示 SysV 服务,并不包含 原生 systemd 服务。SysV 配置数据 可能被原生 systemd 配置覆盖。 要列出 systemd 服务,请执行 'systemctl list-unit-files'。 查看在具体 target 启用的服务请执行 'systemctl list-dependencies [target]'。 php-fpm 0:关 1:关 2:开 3:开 4:开 5:开 6:关
php-fpm service 相关命令
1 2 3 4 5 6 7 8 # php-fpm 启动命令 service php-fpm start # php-fpm 停止命令 service php-fpm stop # php-fpm 重启命令 service php-fpm restart
如果启动PHP提示:Starting php-fpm [28-Aug-2023 22:56:51] ERROR: unable to bind listening socket for address ‘127.0.0.1:9000’: Address already in use (98)
输入killall php-fpm停止进程再启动PHP
1 2 [root@web1-qjx php-fpm.d]# service php-fpm start Starting php-fpm done
验证版本
1 2 3 4 [root@web1-qjx ~]# php -v PHP 7.4.27 (cli) (built: Aug 28 2023 22:44:10) ( NTS ) Copyright (c) The PHP Group Zend Engine v3.4.0, Copyright (c) Zend Technologies
安装拓展
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 # 添加软链接使phpize全局使用 [root@web1-qjx ~]# ln -s /usr/local/php/bin/phpize /usr/local/bin/phpize # 安装依赖环境 yum install m4 autoconf -y # 安装socket [root@web1-qjx ~]# cd /usr/local/src/php-7.4.27/ext/sockets/ phpize ./configure --prefix=/usr/local/php --with-php-config=/usr/local/php/bin/php-config --enable-sockets make && make install # 修改 php.ini,默认可以不更改 extension_dir='./' 的值,而只是去掉 extension=sockets 前面的分号注释,使其生效。保存后,重新启动 php-fpm (假设php-fpm在安装后的默认路径下) vim /usr/local/php/lib/php.ini extension=sockets # 安装pecl yum install libevent-devel -y wget http://pecl.php.net/get/event-3.0.8.tgz tar -xvzf event-3.0.8.tgz cd event-3.0.8 phpize ./configure --with-php-config=/usr/local/php/bin/php-config make && make install vim /usr/local/php/lib/php.ini extension=event.so # 安装redis扩展 wget http://pecl.php.net/get/redis-4.1.1.tgz tar -xvzf redis-4.1.1.tgz cd redis-4.1.1 phpize ./configure --with-php-config=/usr/local/php/bin/php-config make && make install vim /usr/local/php/lib/php.ini extension=redis.so # 安装exif cd /usr/local/src/php-7.4.27/ext/exif/ phpize ./configure --prefix=/usr/local/php --with-php-config=/usr/local/php/bin/php-config make && make install vim /usr/local/php/lib/php.ini extension=exif.so # 安装libcurl yum install libcurl-devel -y # 安装libsodium yum install libsodium -y # 安装curl cd /usr/local/src/php-7.4.27/ext/curl/ phpize ./configure --prefix=/usr/local/php --with-php-config=/usr/local/php/bin/php-config make && make install vim /usr/local/php/lib/php.ini extension=curl.so
编辑配置文件
1 2 3 vim /usr/local/php/lib/php.ini # 312行设置为 disable_functions = passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_waitpid,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
重启服务生效
(8)在线安装Nginx1.20.1 安装CentOS7扩展包
1 [root@web1-qjx ~]# yum install epel-release -y
安装nginx1.20.1
1 [root@web1-qjx ~]# yum install nginx -y
验证nginx
1 2 [root@web1-qjx ~]# nginx -v nginx version: nginx/1.20.1
(9)将网络设置为内网,无法访问外网 web1服务器
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [root@web1-qjx ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 # 将dns注释掉,将网关改成lvs负载均衡调度器的内网IP TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static IPADDR=192.168.10.10 GATEWAY=192.168.10.40 NETMASK=255.255.255.0 PREFIX=24 # DNS1=8.8.8.8 # DNS2=114.114.114.114 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=69df4dde-342a-4ef7-a14c-a0d2e977af8a DEVICE=ens33 ONBOOT=yes
重启网卡
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [root@web1-qjx ~]# systemctl restart network [root@web1-qjx ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:0c:12:e7 brd ff:ff:ff:ff:ff:ff inet 192.168.10.10/24 brd 192.168.10.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::fd24:eede:5ece:baff/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:9b:7c:e1 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:9b:7c:e1 brd ff:ff:ff:ff:ff:ff
web2服务器
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [root@web2-qjx ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static IPADDR=192.168.10.20 GATEWAY=192.168.10.40 NETMASK=255.255.255.0 PREFIX=24 # DNS1=8.8.8.8 # DNS2=114.114.114.114 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=69df4dde-342a-4ef7-a14c-a0d2e977af8a DEVICE=ens33 ONBOOT=yes
重启网卡
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [root@web2-qjx ~]# systemctl restart network [root@web2-qjx ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:00:c7:30 brd ff:ff:ff:ff:ff:ff inet 192.168.10.20/24 brd 192.168.10.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::fd24:eede:5ece:baff/64 scope link tentative noprefixroute dadfailed valid_lft forever preferred_lft forever inet6 fe80::57e2:6e65:f0e4:911f/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:9b:7c:e1 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:9b:7c:e1 brd ff:ff:ff:ff:ff:ff
2、搭建存储端服务器 (1)虚拟机设置
(2)修改主机名 1 2 [root@localhost ~]# hostnamectl set-hostname store-qjx [root@localhost ~]# bash
(3)关闭防火墙及selinux 关闭防火墙
1 2 3 4 [root@store-qjx ~]# systemctl stop firewalld [root@store-qjx ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
临时关闭selinux
1 2 3 [root@store-qjx ~]# setenforce 0 [root@store-qjx ~]# getenforce Permissive
永久关闭selinux,需重启生效
1 2 3 4 5 6 7 8 9 10 11 12 [root@store-qjx ~]# vim /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
(4)关闭swap 临时关闭
1 [root@store-qjx ~]# swapoff -a
永久关闭
1 [root@store-qjx ~]# sed -i "s/\/dev\/mapper\/centos-swap/\#\/dev\/mapper\/centos-swap/g" /etc/fstab
重启
(5)在线安装MySQL 5.7 卸载原有的MySQL:
1 2 3 4 5 [root@store-qjx ~]# rpm -qa | grep mysql [root@store-qjx ~]# rpm -qa|grep -i mariadb mariadb-libs-5.5.68-1.el7.x86_64 [root@store-qjx ~]# rpm -qa|grep mariadb|xargs rpm -e --nodeps [root@store-qjx ~]# rpm -qa|grep -i mariadb
下载MySQL源码:
1 [root@store-qjx ~]# wget https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm
1 [root@store-qjx ~]# yum localinstall mysql80-community-release-el7-3.noarch.rpm -y
已经加载的MySQL仓库
1 [root@store-qjx ~]# yum repolist enabled | grep "mysql.*-community.*"
查看所有可安装的MySQL版本
1 [root@store-qjx ~]# yum repolist all | grep mysql
指定版本安装:
1 2 3 4 5 6 7 8 # 关闭MySQL8.0 [root@store-qjx ~]# yum-config-manager --disable mysql80-community # 开启MySQL5.7 [root@store-qjx ~]# yum-config-manager --enable mysql57-community # 查看当前启用的MySQL版版本 [root@store-qjx ~]# yum repolist enabled | grep mysql
安装MySQL:
1 [root@store-qjx ~]# yum install -y mysql-community-server
出现此情况,请执行以下命令
1 [root@store-qjx ~]# rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
执行好后再次执行安装命令
1 [root@store-qjx ~]# yum install -y mysql-community-server
安装成功后启动MySQL并设置自启动:
1 [root@store-qjx ~]# systemctl start mysqld && systemctl enable mysqld
初始化MySQL
查看初始密码:
1 [root@store-qjx ~]# grep 'temporary password' /var/log/mysqld.log
使用初始密码登录:
1 2 [root@store-qjx ~]# mysql -u root -p Enter password: 2o&a9DpwMfw?
初始化密码:
1 2 mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'daasan7ujm^YHN'; Query OK, 0 rows affected (0.00 sec)
设置MySQL密码策略
查询MySQL初始密码策略:
1 2 3 4 5 6 7 8 9 10 11 12 13 mysql> SHOW VARIABLES LIKE 'validate_password%'; +--------------------------------------+--------+ | Variable_name | Value | +--------------------------------------+--------+ | validate_password_check_user_name | OFF | | validate_password_dictionary_file | | | validate_password_length | 8 | | validate_password_mixed_case_count | 1 | | validate_password_number_count | 1 | | validate_password_policy | MEDIUM | | validate_password_special_char_count | 1 | +--------------------------------------+--------+ 7 rows in set (0.01 sec)
修改密码验证强度:
1 2 mysql> set global validate_password_policy=LOW; Query OK, 0 rows affected (0.00 sec)
修改密码长度:
1 2 mysql> set global validate_password_length=6; Query OK, 0 rows affected (0.00 sec)
修改密码:
1 2 mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY '013519'; Query OK, 0 rows affected (0.00 sec)
设置MySQL远程连接:
1 2 mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '013519' WITH GRANT OPTION; Query OK, 0 rows affected, 1 warning (0.00 sec)
刷新权限:
1 2 mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec)
(6)编译安装Redis7.0.5 安装python3:
1 [root@store-qjx ~]# yum install python3 -y
验证版本
1 [root@store-qjx ~]# python3 -V && pip3 -V
升级pip版本:
1 [root@store-qjx ~]# python3 -m pip install --upgrade pip
安装 virtualenv:
1 [root@store-qjx ~]# pip3 install virtualenv -i https://pypi.douban.com/simple/
建立软连接:
1 [root@store-qjx ~]# ln -s /usr/local/python3/bin/virtualenv /usr/bin/virtualenv
验证版本
1 [root@store-qjx ~]# virtualenv --version
安装依赖环境:
1 [root@store-qjx redis]# yum install openssl-devel pcre-devel gcc -y
创建Redis源码下载目录:
1 [root@store-qjx ~]# mkdir -p /usr/software/redis && cd /usr/software/redis
下载源码包:
1 [root@store-qjx redis]# wget https://download.redis.io/redis-stable.tar.gz
解压到/usr/local/目录:
1 [root@store-qjx redis]# tar -xzf /usr/software/redis/redis-stable.tar.gz -C /usr/local/
编译安装:
1 2 3 4 [root@store-qjx redis]# cd /usr/local/redis-stable/ [root@store-qjx redis-stable]# make -C /usr/local/redis-stable/ install # 查看/usr/local/redis-stable/src/目录下是否编译生成 redis-server 和 redis-cli 可执行文件 [root@store-qjx redis-stable]# ls /usr/local/redis-stable/src/
创建一个用于存储Redis配置文件目录:
1 [root@store-qjx redis-stable]# mkdir /etc/redis && mkdir /var/redis
新建开机自启脚本:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 [root@store-qjx redis-stable]# cp /usr/local/redis-stable/src/redis-server /usr/local/bin/ cp:是否覆盖"/usr/local/bin/redis-server"? y # 创建redis没有设置默认用户密码的restart脚本 [root@store-qjx redis-stable]# vim /etc/init.d/redis_6379 # 内容如下: # !/bin/sh # # as it does use of the /proc filesystem. # # Provides: redis_6379 # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Redis data structure server # Description: Redis data structure server. See https://redis.io # REDISPORT=6379 EXEC=/usr/local/bin/redis-server CLIEXEC=/usr/local/bin/redis-cli PIDFILE=/var/run/redis_${REDISPORT}.pid CONF="/etc/redis/${REDISPORT}.conf" case "$1" in start) if [ -f $PIDFILE ] then echo "$PIDFILE exists, process is already running or crashed" else echo "Starting Redis server..." $EXEC $CONF fi ;; stop) if [ ! -f $PIDFILE ] then echo "$PIDFILE does not exist, process is not running" else PID=$(cat $PIDFILE) echo "Stopping ..." $CLIEXEC -p $REDISPORT shutdown while [ -x /proc/${PID} ] do echo "Waiting for Redis to shutdown ..." sleep 1 done echo "Redis stopped" fi ;; restart) "$0" stop sleep 3 "$0" start ;; *) echo "Please use start or stop as first argument" ;; esac # 修改为可执行文件 [root@store-qjx redis-stable]# chmod +x /etc/init.d/redis_6379
复制 redis-stable 目录下的模板配置文件 redis.conf 到 /etc/redis 目录下,同时重命名为 6379.conf:
1 [root@store-qjx redis-stable]# cp /usr/local/redis-stable/redis.conf /etc/redis/6379.conf
在 /var/redis 目录中创建一个目录 6379,该目录将用作 Redis 的数据和工作目录:
1 [root@store-qjx redis-stable]# mkdir /var/redis/6379
修改配置文件6379.conf参数默认值:使用sed替换配置文件 /etc/redis/6379.conf 中参数默认的值。反斜杠“\”代表转义符,即将某些特殊字符转义。
1 2 3 4 5 [root@store-qjx redis-stable]# sed -i 's/bind 127.0.0.1 -::1/bind * -::*/' /etc/redis/6379.conf [root@store-qjx redis-stable]# sed -i 's/daemonize no/daemonize yes/' /etc/redis/6379.conf [root@store-qjx redis-stable]# sed -i 's/logfile \"\"/logfile \/var\/log\/redis_6379.log/' /etc/redis/6379.conf [root@store-qjx redis-stable]# sed -i 's/dir \.\//dir \/var\/redis\/6379/' /etc/redis/6379.conf [root@store-qjx redis-stable]# sed -i 's/\# requirepass foobared/requirepass 013519/' /etc/redis/6379.conf
设置开机启动执行 redis_6379 初始化脚本文件
推荐的一种方式(Centos下可行):rc.local 文件里写入执行redis_6379初始化脚本的指令。一定要更改 /etc/rc.d/rc.local 文件为 可执行(x)权限,默认 /etc/rc.d/rc.local 没有可执行(x)权限,即使软链接 /etc/rc.local 有可执行(x)权限也没有用,不然开机是无法自启动Redis服务的。
1 2 [root@store-qjx redis-stable]# echo "sudo /etc/init.d/redis_6379 start &" >> /etc/rc.local [root@store-qjx redis-stable]# chmod +x /etc/rc.d/rc.local
Redis启动停止命令
1 2 3 4 5 6 # 启动 /etc/init.d/redis_6379 start # 重启 /etc/init.d/redis_6379 restart # 停止 /etc/init.d/redis_6379 stop
(7)安装NFS 安装 nfs-utils、rpcbind 软件包
1 2 3 4 5 6 7 8 [root@store-qjx ~]# yum install nfs-utils rpcbind -y # 启动服务 [root@store-qjx ~]# systemctl start rpcbind.service [root@store-qjx ~]# systemctl start nfs.service [root@store-qjx ~]# systemctl enable nfs.service Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service. [root@store-qjx ~]# systemctl enable rpcbind.service
新建共享目录
1 [root@store-qjx ~]# mkdir /share/
将web应用的源码包上传到/share/目录下
解压文件:
1 [root@store-qjx share]# unzip sparkshop.zip
(8)修改网卡配置 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [root@store-qjx ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 # 将DNS注释掉,网关改为LVS负载均衡调节器的内网IP TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static IPADDR=192.168.10.30 GATEWAY=192.168.10.40 NETMASK=255.255.255.0 PREFIX=24 # DNS1=8.8.8.8 # DNS2=114.114.114.114 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=cfb75684-c3c1-43aa-a60d-582fb1049b60 DEVICE=ens33 ONBOOT=yes
重启网卡
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [root@store-qjx share]# systemctl restart network [root@store-qjx share]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:a8:8f:ef brd ff:ff:ff:ff:ff:ff inet 192.168.10.30/24 brd 192.168.10.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::1da5:baa4:fc5b:80ae/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:f6:09:a4 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:f6:09:a4 brd ff:ff:ff:ff:ff:ff
(9)修改共享配置文件,设置共享策略 修改配置文件
1 2 3 4 5 [root@store-qjx ~]# vim /etc/exports /share/sparkshop 192.168.10.0/24(rw,sync) # 全局生效 [root@store-qjx ~]# exportfs -rv exporting 192.168.10.0/24:/share/sparkshop
启动两个服务,查看本机的 NFS 共享目录:
1 2 3 4 5 [root@store-qjx ~]# systemctl start rpcbind [root@store-qjx ~]# systemctl start nfs [root@store-qjx ~]# showmount -e Export list for store-qjx: /share/sparkshop 192.168.10.0/24
3、搭建LVS负责均衡调节器 (1)虚拟机设置
(2)修改主机名 修改主机名为lvs-qjx
1 2 [root@localhost ~]# hostnamectl set-hostname lvs-qjx [root@localhost ~]# bash
(3)修改网卡配置 其中ens33作为外网网卡,ens34作为内网网卡
修改en33网卡配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [root@lvs-qjx ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 # 内容如下 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static IPADDR=192.168.20.100 GATEWAY=192.168.20.2 NETMASK=255.255.255.0 PREFIX=24 DNS1=8.8.8.8 DNS2=114.114.114.114 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=e402b8fb-47df-4ec5-8ea8-d516a8e3dcff DEVICE=ens33 ONBOOT=yes
修改ens34网卡配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static IPADDR=192.168.10.40 GATEWAY=192.168.20.2 NETMASK=255.255.255.0 PREFIX=24 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens34 UUID=05fdf508-9fe2-4527-9e64-91e4058dec4c DEVICE=ens34 ONBOOT=yes
重启网卡
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 [root@lvs-qjx ~]# systemctl restart network [root@lvs-qjx ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:e7:eb:ec brd ff:ff:ff:ff:ff:ff inet 192.168.20.100/24 brd 192.168.20.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::c59b:be:5baf:d824/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:e7:eb:f6 brd ff:ff:ff:ff:ff:ff inet 192.168.10.40/24 brd 192.168.10.255 scope global noprefixroute ens34 valid_lft forever preferred_lft forever inet6 fe80::2753:386e:6d2d:a2ee/64 scope link tentative noprefixroute valid_lft forever preferred_lft forever 4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:d8:17:2d brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:d8:17:2d brd ff:ff:ff:ff:ff:ff
(4)关闭防火墙及selinux 关闭防火墙
1 2 3 4 [root@lvs-qjx ~]# systemctl stop firewalld [root@lvs-qjx ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
关闭selinux
1 [root@lvs-qjx ~]# vim /etc/sysconfig/selinux
(5)测试网络联通性 lvs ping web1 web2 store
web1 ping web2 store lvs
web2 ping web1 store lvs
store ping web1 web2 lvs
结果显示四台虚拟机都是能够连通的
(6)开启路由转发功能 修改配置文件
1 2 3 4 5 6 [root@lvs-qjx ~]# vim /etc/sysctl.conf # 文末添加 net.ipv4.ip_forward = 1 # 配置生效 [root@lvs-qjx ~]# sysctl -p net.ipv4.ip_forward = 1
配置 SNAT 策略(如果内网想主动连接外网的话,需要配置 SNAT 策略)
1 2 3 4 5 6 7 [root@lvs-qjx ~]# iptables -t nat -F [root@lvs-qjx ~]# iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o ens33 -j SNAT --to 192.168.20.100 # 查看设置的规则 [root@lvs-qjx ~]# iptables -nL POSTROUTING -t nat Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 192.168.10.0/24 0.0.0.0/0 to:192.168.20.100
(7)加载LVS,并安装ipvsadm保存负载均衡规则 加载LVS内核模块,并查看ipvs版本
1 2 3 4 5 [root@lvs-qjx ~]# modprobe ip_vs [root@lvs-qjx ~]# cat /proc/net/ip_vs IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn
加载ipvs所有调度算法
1 2 3 4 5 6 7 8 9 10 11 12 13 14 [root@lvs-qjx ~]# for i in $(ls /usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o "^[^.]*");do echo $i; /sbin/modinfo -F filename $i >/dev/null 2>&1 && /sbin/modprobe $i;done ip_vs_dh ip_vs_ftp ip_vs ip_vs_lblc ip_vs_lblcr ip_vs_lc ip_vs_nq ip_vs_pe_sip ip_vs_rr ip_vs_sed ip_vs_sh ip_vs_wlc ip_vs_wrr
安装 ipvsadm 管理工具,开启服务
1 2 3 4 [root@lvs-qjx ~]# yum install -y ipvsadm # 开启服务前必须保存负载分配策略,生成/etc/sysconfig/ipvsadm 文件。如果该文件不存在,服务无法启动 [root@lvs-qjx ~]# ipvsadm-save >/etc/sysconfig/ipvsadm [root@lvs-qjx ~]# systemctl start ipvsadm.service
配置负载分配策略(NAT 模式只需要在负载器上配置,节点服务器不需要特殊配置)
1 2 3 4 5 6 7 # 清空原有规则 [root@lvs-qjx ~]# ipvsadm -C # 指定 VIP 地址及 TCP 端口,-s rr 指定负载调度策略为轮询 [root@lvs-qjx ~]# ipvsadm -A -t 192.168.20.100:80 -s rr # 先指定虚拟服务器再添加真实服务器地址,-r 指定真实服务器地址,-m 指定 nat 模式。-w 指定权重值,权重为 1 时可省略不写 [root@lvs-qjx ~]# ipvsadm -a -t 192.168.20.100:80 -r 192.168.10.10:80 -m -w 1 [root@lvs-qjx ~]# ipvsadm -a -t 192.168.20.100:80 -r 192.168.10.20:80 -m -w 1
查看策略
1 2 3 4 5 6 7 [root@lvs-qjx ~]# ipvsadm IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP lvs-qjx:http rr -> 192.168.10.10:http Masq 1 0 0 -> 192.168.10.20:http Masq 1 0 0
保存负载均衡策略
1 2 3 4 5 6 7 8 9 10 [root@lvs-qjx ~]# ipvsadm-save >/etc/sysconfig/ipvsadm [root@lvs-qjx ~]# systemctl restart ipvsadm.service # 以数字形式查看策略,Masq 表示 NAT 模式 [root@lvs-qjx ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.20.100:80 rr -> 192.168.10.10:80 Masq 1 0 0 -> 192.168.10.20:80 Masq 1 0 0
4、设置主机映射及时间同步 (1)主机映射 四台虚拟机的/etc/hosts文件内容如下
1 2 3 4 5 6 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.40 lvs-qjx 192.168.10.10 web1-qjx 192.168.10.20 web2-qjx 192.168.10.30 store-qjx
(2)配置时间同步 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 # 四台虚拟机都需要安装chrony,一般来说会自带安装 yum install chrony -y # 主节点(LVS)修改/etc/chrony.conf文件,注释默认NTP服务器,指定上游公共NTP服务器,并允许其他节点同步时间 [root@lvs-qjx ~]# sed -i 's/^server/#&/' /etc/chrony.conf [root@lvs-qjx ~]# cat >> /etc/chrony.conf << EOF > local stratum 10> server master iburst > allow all > EOF # 主节点(LVS)重启chronyd服务并设为开机启动,开启网络时间同步功能。 [root@lvs-qjx ~]# systemctl enable chronyd && systemctl restart chronyd [root@lvs-qjx ~]# timedatectl set-ntp true # 另外节点配置chrony.conf文件,修改/etc/chrony.conf文件,指定内网主节点(LVS)为上游NTP服务器,重启服务并设为开机启动。 sed -i 's/^server/#&/' /etc/chrony.conf echo server 192.168.10.40 iburst >> /etc/chrony.conf #IP为master节点地址 systemctl enable chronyd && systemctl restart chronyd # 所有节点执行chronyc sources命令,查询结果中如果存在以“^*”开头的行,即说明已经同步成功。 chronyc sources
5、负载均衡实现 (1)修改nginx默认主页内容 web1
进入web1的nginx默认主页目录
1 2 3 [root@web1-qjx ~]# cd /usr/share/nginx/html [root@web1-qjx html]# vim index.html [root@web1-qjx html]# systemctl restart nginx
web2
1 2 3 [root@web2-qjx ~]# cd /usr/share/nginx/html [root@web2-qjx html]# vim index.html [root@web2-qjx html]# systemctl restart nginx
单独输入IP查看
web1
web2
(2)外部浏览器查看 第一次输入192.168.20.100
另一个浏览器输入192.168.20.100
停掉web1服务器的nginx,模拟服务器故障,浏览器再次输入192.168.20.100
开启web1服务器的nginx,停掉web2服务器的网络,模拟网络故障,浏览器再次输入192.168.20.100
(3)网络配置如下
web1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static IPADDR=192.168.10.10 GATEWAY=192.168.10.40 NETMASK=255.255.255.0 PREFIX=24 # DNS1=8.8.8.8 # DNS2=114.114.114.114 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=69df4dde-342a-4ef7-a14c-a0d2e977af8a DEVICE=ens33 ONBOOT=yes
web2
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static IPADDR=192.168.10.20 GATEWAY=192.168.10.40 NETMASK=255.255.255.0 PREFIX=24 # DNS1=8.8.8.8 # DNS2=114.114.114.114 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=69df4dde-342a-4ef7-a14c-a0d2e977af8a DEVICE=ens33 ONBOOT=yes
LVS
外网
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static IPADDR=192.168.20.100 GATEWAY=192.168.20.2 NETMASK=255.255.255.0 PREFIX=24 DNS1=8.8.8.8 DNS2=114.114.114.114 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=e0090490-032c-44e4-9b6f-8555dd0308a1 DEVICE=ens33 ONBOOT=yes
内网
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static IPADDR=192.168.10.40 GATEWAY=192.168.20.100 NETMASK=255.255.255.0 PREFIX=24 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens34 UUID=1e4c010f-d3da-46c0-952d-5dda2c102161 DEVICE=ens34 ONBOOT=yes
store
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static IPADDR=192.168.10.30 GATEWAY=192.168.10.40 NETMASK=255.255.255.0 PREFIX=24 # DNS1=8.8.8.8 # DNS2=114.114.114.114 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=cfb75684-c3c1-43aa-a60d-582fb1049b60 DEVICE=ens33 ONBOOT=yes
三、web应用安装 1、web服务器挂载站点 永久挂载NFS共享目录
(1)web1 1 2 3 4 5 6 7 8 9 10 # 创建挂载目录 [root@web1-qjx ~]# mkdir -p /web/www/sparkshop # 修改/etc/fstab文件 [root@web1-qjx ~]# vim /etc/fstab # 文末加上以下内容 192.168.10.30:/share/sparkshop/ /web/www/sparkshop nfs defaults,_netdev 0 0 # 挂载 [root@web1-qjx ~]# mount -a
查看是否挂载成功
(2)web2 1 2 3 4 5 6 7 8 9 10 # 创建挂载目录 [root@web2-qjx ~]# mkdir -p /web/www/sparkshop # 修改/etc/fstab文件 [root@web2-qjx ~]# vim /etc/fstab # 文末加上以下内容 192.168.10.30:/share/sparkshop/ /web/www/sparkshop nfs defaults,_netdev 0 0 # 挂载 [root@web2-qjx ~]# mount -a
查看是否挂载成功
2、修改站点文件权限 在存储端(store-qjx)修改站点文件权限,将其权限设置为755
1 2 [root@store-qjx ~]# cd /share [root@store-qjx share]# chmod -R 777 sparkshop/*
web端(web1-qjx,web2-qjx)查看其权限修改是否同步
web1
web2
3、修改nginx配置文件 (1)web1的nginx配置文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 [root@web1-qjx ~]# cd /etc/nginx/ [root@web1-qjx nginx]# vim nginx.conf # 主要修改模块 server { listen 80; listen [::]:80; server_name _; root /web/www/sparkshop/public; index index.php index.html index.htm; # Load configuration files for the default server block. include /etc/nginx/default.d/thinkphp.conf; #伪静态文件 #开启PHP location ~ .php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } error_page 404 /404.html; location = /404.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } }
配置伪静态文件
1 2 3 4 5 6 7 8 9 10 11 [root@web1-qjx nginx]# cd default.d/ [root@web1-qjx default.d]# vim thinkphp.conf # 内容如下 location ~* (runtime|application)/{ return 403; } location / { if (!-e $request_filename){ rewrite ^(.*)$ /index.php?s=$1 last; break; } }
重启nginx服务
1 [root@web1-qjx default.d]# systemctl restart nginx
4、创建数据库 存储端(store-qjx),进入数据库,创建名为sparkshop的数据库
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [root@store-qjx ~]# mysql -uroot -p013519 mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.7.43 MySQL Community Server (GPL) Copyright (c) 2000, 2023, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> create database sparkshop; Query OK, 1 row affected (0.00 sec) mysql> exit Bye [root@store-qjx ~]#
5、安装web应用 进入浏览器,输入192.168.20.100
点击同意协议
点击下一步
数据库主机填写存储端(store-qjx)的IP:192.168.10.30,数据库用户名填写root,密码为013519
Redis地址也填写存储端(store-qjx)的IP:192.168.10.30,密码013519
管理员为网站管理员,密码任意,账号是admin
安装完成
进入前台
进入后台
微信
支付宝