Nginx的操作命令
vim /usr/local/nginx/conf/nginx.conf # 将端口由80修改为10001,修改内容如下: listen 10001 default_server; # 具体配置可参考下面的nginx配置文件 # 重启Nginx,并查看其状态; service nginx restart & service nginx status
Nginx的配置文件(Web服务器需要修改的配置,仅用参考)
user www www; worker_processes auto; error_log /home/wwwlogs/nginx_error.log crit; pid /usr/local/nginx/logs/nginx.pid; #Specifies the value for maximum file descriptors that can be opened by this process. worker_rlimit_nofile 51200; events { use epoll; worker_connections 51200; multi_accept on; } http { include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 50m; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 256k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss; gzip_vary on; gzip_proxied expired no-cache no-store private auth; gzip_disable "MSIE [1-6]\."; #limit_conn_zone $binary_remote_addr zone=perip:10m; ##If enable limit_conn_zone,add "limit_conn perip 10;" to server section. server_tokens off; access_log off; server { # 端口根据自己的情况修改 listen 10001 default_server; server_name _; index index.html index.htm index.php default.html default.htm default.php; # 站点根目录 root /home/wwwroot/publishPath; include rewrite/laravel.conf; #error_page 404 /404.html; # Deny access to PHP files in specific directory #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; } include enable-php.conf; location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location ~ /.well-known { allow all; } location ~ /\. { deny all; } access_log off; } # 可以加载自己的配置文件,这里我把配置文件中的内容直接替换了原本的server节点配置; # include vhost/*.conf; }
MySQL的操作命令
vim /etc/my.cnf service mysql restart & service mysql status lnmp restart
MySQL的配置文件(DB服务器需要修改的配置,仅用参考)
[client] port = 10002 socket = /tmp/mysql.sock [mysqld] port = 10002 socket = /tmp/mysql.sock # 数据库文件存放位置 datadir = /home/lnmp/mysql/data skip-external-locking key_buffer_size = 128M max_allowed_packet = 1M table_open_cache = 512 sort_buffer_size = 2M net_buffer_length = 8K read_buffer_size = 2M read_rnd_buffer_size = 512K myisam_sort_buffer_size = 32M thread_cache_size = 64 query_cache_size = 64M tmp_table_size = 64M performance_schema_max_table_instances = 4000 explicit_defaults_for_timestamp = true #skip-networking max_connections = 500 max_connect_errors = 100 open_files_limit = 65535 log-bin=mysql-bin binlog_format=mixed server-id = 51 lower_case_table_names = 1 expire_logs_days = 10 replicate_wild_do_table=lgd_system.% # relay_log=mysqld-relay-bin log-slave-updates=YES default_storage_engine = InnoDB innodb_file_per_table = 1 innodb_data_home_dir = /home/lnmp/mysql/data innodb_data_file_path = ibdata1:10M:autoextend innodb_log_group_home_dir = /home/lnmp/mysql/data innodb_buffer_pool_size = 512M innodb_log_file_size = 128M innodb_log_buffer_size = 8M innodb_flush_log_at_trx_commit = 1 innodb_lock_wait_timeout = 50 [mysqldump] # 数据库备份账户,自行创建并分配相应的权限 user=bakuser password=ZXdfty^& quick max_allowed_packet = 16M [mysql] no-auto-rehash [myisamchk] key_buffer_size = 128M sort_buffer_size = 2M read_buffer = 2M write_buffer = 2M [mysqlhotcopy] interactive-timeout
HAProxy的操作命令
# 负载状态监测: # Web服务器HAProxy - http://192.168.6.111:8080/web # DB服务器HAProxy - http://192.168.6.211:8080/db # 如果需要通过外网访问,需要把8080端口映射到外网端口即可。 # 常用命令: vim /etc/haproxy/haproxy.cfg service haproxy restart & service haproxy status
HAProxy的配置文件(Web服务器)
#--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # 全局的日志配置,使用log关键字,指定使用127.0.0.1上的syslog服务中的local0日志设备,记录日志等级为info的日志 log 127.0.0.1 local3 # 软件工作目录 chroot /var/lib/haproxy # haproxy的pid存放路径,启动进程的用户必须有权限访问此文件 pidfile /usr/local/haproxy/haproxy.pid # 最大连接数,默认4000 maxconn 30000 # 所属用户 user haproxy # 所属组 group haproxy # 以守护进程方式运行haproxy daemon # turn on stats unix socket # stats socket /var/lib/haproxy/stats # socket路径 #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http # 默认的模式mode { tcp|http|health },tcp是4层,http是7层,health只会返回OK log global # 采用全局定义的日志 option httplog # 启用日志记录HTTP请求,默认haproxy日志记录是不记录HTTP请求日志 option dontlognull # 不记录健康检查的日志信息 option http-server-close # 每次请求完毕后主动关闭http通道 # 如果后端服务器需要获得客户端真实ip需要配置的参数,可以从Http Header中获得客户端ip option forwardfor except 127.0.0.0/8 option redispatch # serverId对应的服务器挂掉后,强制定向到其他健康的服务器 retries 3 # 3次连接失败就认为服务不可用,也可以通过后面设置 timeout http-request 10s # http请求超时时间 timeout queue 1m # 一个请求在队列里的超时时间 timeout connect 10s # 连接超时 timeout client 1m # 客户端连接超时 timeout server 1m # 服务器连接超时 timeout http-keep-alive 10s # 设置http-keep-alive的超时时间 timeout check 10s # 检测超时 maxconn 3000 # 最大连接数 #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- # 前端配置 frontend main *:80 acl url_static path_beg -i /static /images /javascript /stylesheets acl url_static path_end -i .jpg .gif .png .css .js use_backend static if url_static default_backend servers #--------------------------------------------------------------------- # static backend for serving up images, stylesheets and such #--------------------------------------------------------------------- # 后台静态文件服务配置 backend static balance roundrobin server static1 192.168.6.100:10001 check inter 2000 fall 3 weight 50 server static2 192.168.6.110:10001 check inter 2000 fall 3 weight 50 #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- # 后台服务配置 backend servers balance roundrobin # 添加cookie配置,将某客户端引导到之前为其服务过的后端服务器上,即和后端某服务器保持联系,防止登录验证失效 cookie app_cook insert nocache server app1 192.168.6.100:10001 check inter 2000 fall 3 weight 50 cookie server1 server app2 192.168.6.110:10001 check inter 2000 fall 3 weight 50 cookie server2 # HAProxy状态监控服务配置 listen stats # 绑定端口 bind *:8080 mode http # stats enable # 访问地址:192.168.6.100:8080/web 和 192.168.6.110:8080/web stats uri /web stats realm Global\ statistics # 管理员账户 stats auth hapadmin:1qazse$#2
HAProxy的配置文件(DB服务器)
#--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global pidfile /var/run/haproxy.pid maxconn 30000 user haproxy group haproxy daemon nbproc 1 #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode tcp option redispatch retries 3 timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout check 10s maxconn 4096 option abortonclose frontend main bind *:3306 default_backend servers backend servers server mysql1 192.168.6.200:10002 check inter 3000 fall 3 weight 50 server mysql2 192.168.6.210:10002 check inter 3000 fall 3 weight 50 # 监控访问地址:192.168.6.210:8080/db 和 192.168.6.200:8080/db listen stats mode http bind 0.0.0.0:8080 stats enable stats uri /db stats realm Global\ statistics stats auth dbadmin:1qazse$#2
Keeplived的操作命令
# 查看已安装的Keepalived的版本: keepalived -v # 查看配置: cat /etc/keepalived/keepalived.conf # 编辑配置文件: vim /etc/keepalived/keepalived.conf # 测试高可用的远程访问: mysql -h 远程数据库ip地址 -P 端口 -u 用户名 -p mysql -h 192.168.6.200 -P 3306 -u dbuser -p # 开通服务器间的 vrrp 协议通信,用于Keepalived通信: firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface 网卡名称 --destination 224.0.0.18 --protocol vrrp -j ACCEPT; firewall-cmd --reload; # 服务器的网卡名称请根据自己的情况修改, # INPUT代表接收224.0.0.18的报文。 # 在VIP服务器上测试VIP漂移: ip addr | grep 网卡名称 # 停止VIP所在服务器的keepalived服务,并查看VIP是否移除,并查看备用服务器是否获取到VIP: service keepalived stop && service keepalived status ip addr | grep 网卡名称 # 在之前停止keepalived服务的服务器上开启keepalived服务,查看VIP是否已取回: service keepalived start && service keepalived status ip addr | grep 网卡名称
Keeplived的配置(Web服务器)
Web主服务器的配置:
# Master的配置内容: ! Configuration File for keepalived global_defs { notification_email { example@domain.com # 收邮件人,可以定义多个 } notification_email_from HaproxyMaster@web.haproxy # 发件人,可伪装 smtp_server 127.0.0.1 # 发送邮件的服务器地址 smtp_connect_timeout 30 # 连接超时时间 no_email_faults router_id WebMaster vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_script chk_haproxy { # HAProxy服务监测脚本 script '/etc/keepalived/check_haproxy.sh' interval 2 weight 2 } vrrp_instance VI_1 { # 每一个vrrp_instance就是定义一个虚拟路由器 state MASTER # 由初始状态状态转换为master状态 interface 网卡名称 # 网卡名称,如eth0,根据自己的情况修改 virtual_router_id 100 # 虚拟路由的id号,一般不能大于255的 priority 100 # 优先级,数字越大,优先级越高,主比次大 advert_int 1 # 初始化通告 authentication { # 认证机制 auth_type PASS auth_pass 666 # 密码,自行更改,主备一致即可 } track_script { chk_haproxy } virtual_ipaddress { # Web服务的虚拟ip地址:vip,前面提到的备用的虚拟IP。 #<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPT> label <LABEL> #192.168.200.18/24 dev eth2 label eth2:1 192.168.6.111 } notify_master '/etc/keepalived/clean_arp.sh 192.168.6.111' }
Web备服务器的配置:
# Backup的配置内容: ! Configuration File for keepalived global_defs { notification_email { example@domain.com # 收邮件人,可以定义多个 } notification_email_from HaproxyBackup@web.haproxy # 发件人,可伪装 smtp_server 127.0.0.1 # 发送邮件的服务器地址 smtp_connect_timeout 30 # 连接超时时间 no_email_faults router_id WebBackup vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_script chk_haproxy { # HAProxy服务监测脚本 script '/etc/keepalived/check_haproxy.sh' interval 2 weight 2 } vrrp_instance VI_1 { # 每一个vrrp_instance就是定义一个虚拟路由器 state BACKUP # 由初始状态状态转换为backup状态 interface 网卡名称 # 网卡名称,如eth0,根据自己的情况修改 virtual_router_id 100 # 虚拟路由的id号,一般不能大于255的 priority 90 # 优先级,数字越大,优先级越高,主比次大 advert_int 1 # 初始化通告 authentication { # 认证机制 auth_type PASS auth_pass 666 # 密码,自行更改,主备一致即可 } track_script { chk_haproxy } virtual_ipaddress { # Web服务的虚拟ip地址:vip,前面提到的备用的虚拟IP。 #<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPT> label <LABEL> #192.168.200.18/24 dev eth2 label eth2:1 192.168.6.111 } notify_master '/etc/keepalived/clean_arp.sh 192.168.6.111' }
Keeplived的配置(DB服务器)
DB主服务器的配置:
# Master的配置内容: ! Configuration File for keepalived global_defs { notification_email { example@domain.com # 收邮件人,可以定义多个 } notification_email_from HaproxyMaster@db.haproxy # 发件人,可伪装 smtp_server 127.0.0.1 # 发送邮件的服务器地址 smtp_connect_timeout 30 # 连接超时时间 no_email_faults router_id DBMaster vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_script chk_haproxy { # HAProxy服务监测脚本 script '/etc/keepalived/check_haproxy.sh' interval 2 weight 2 } vrrp_instance VI_1 { # 每一个vrrp_instance就是定义一个虚拟路由器 state MASTER # 由初始状态状态转换为master状态 interface 网卡名称 # 网卡名称,如eth0,根据自己的情况修改 virtual_router_id 99 # 虚拟路由的id号,一般不能大于255的 priority 100 # 优先级,数字越大,优先级越高,主比次大 advert_int 1 # 初始化通告 authentication { # 认证机制 auth_type PASS auth_pass 666 # 密码,自行更改,主备一致即可 } track_script { chk_haproxy } virtual_ipaddress { # DB服务的虚拟ip地址:vip,前面提到的备用的虚拟IP。 #<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPT> label <LABEL> #192.168.200.18/24 dev eth2 label eth2:1 192.168.6.211 } notify_master '/etc/keepalived/clean_arp.sh 192.168.6.211' }
DB备服务器的配置:
# Backup的配置内容: ! Configuration File for keepalived global_defs { notification_email { example@domain.com # 收邮件人,可以定义多个 } notification_email_from HaproxyBackup@db.haproxy # 发件人,可伪装 smtp_server 127.0.0.1 # 发送邮件的服务器地址 smtp_connect_timeout 30 # 连接超时时间 no_email_faults router_id DBBackup vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_script chk_haproxy { # HAProxy服务监测脚本 script '/etc/keepalived/check_haproxy.sh' interval 2 weight 2 } vrrp_instance VI_1 { # 每一个vrrp_instance就是定义一个虚拟路由器 state BACKUP # 由初始状态状态转换为master状态 interface 网卡名称 # 网卡名称,如eth0,根据自己的情况修改 virtual_router_id 99 # 虚拟路由的id号,一般不能大于255的 priority 90 # 优先级,数字越大,优先级越高,主比次大 advert_int 1 # 初始化通告 authentication { # 认证机制 auth_type PASS auth_pass 666 # 密码,自行更改,主备一致即可 } track_script { chk_haproxy } virtual_ipaddress { # DB服务的虚拟ip地址:vip,前面提到的备用的虚拟IP。 #<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPT> label <LABEL> #192.168.200.18/24 dev eth2 label eth2:1 192.168.6.211 } notify_master '/etc/keepalived/clean_arp.sh 192.168.6.211' }
创建Keepalived调用的脚本
操作命令
mkdir /etc/keepalived/ echo '' > /etc/keepalived/check_haproxy.sh echo '' > /etc/keepalived/clean_arp.sh chmod +x /etc/keepalived/*.sh # 然后编辑两个脚本的内容,如下
/etc/keepalived/check_haproxy.sh
#!/bin/bash # 判断haproxy是否已经启动 if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then # 如果没有启动,则启动haproxy程序 haproxy -f /etc/haproxy/haproxy.cfg fi # 睡眠两秒钟,等待haproxy完全启动 sleep 2 # 判断haproxy是否已经启动 if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then # 如果haproxy没有启动起来,则将keepalived停掉,则VIP自动漂移到另外一台haproxy机器,实现了对haproxy的高可用 service keepalived stop
/etc/keepalived/clean_arp.sh
#!/bin/sh VIP=$1 GATEWAY=192.168.6.255 # 本机的网卡网关地址 /sbin/arping -I ens160 -c 5 -s $VIP $GATEWAY &>/dev/null
发布文件的配置
# 站点根目录赋权 chmod -R 777 /home/wwwroot/publishPath # PHP环境配置 vim /home/wwwroot/publishPath/.env # 编辑配置内容: APP_DEBUG=false # Web的内网VIP,如需外网访问,则需要将192.168.6.111映射到外网,然后将该处的IP改成外网IP APP_URL=http://192.168.6.111 DB_CONNECTION=mysql # DB的内网VIP DB_HOST=192.168.6.211 # DB的内网端口 DB_PORT=3306 # 数据库名称 DB_DATABASE=dbName # 数据库用户名 DB_USERNAME=dbuser # 数据库密码 DB_PASSWORD=dbpwd # 其他配置选项使用默认设置,这里省略。 # 配置保存退出后重启php服务: service php-fpm restart
- 关于IP的说明
以上说到的IP都是内网IP,所有的配置都使用内网IP即可。如需外网访问,只需要把两个虚拟IP和端口映射到外网即可(注意修改php配置的APP_URL
)。