0.建立www使用者
[root@web01 ~]# groupadd -g 666 www
[root@web01 ~]# useradd -u666 -g666 www
1.配置YUM源碼(Nginx PHP)
[root@web01 ~]# cat /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
2.安裝擴充源【HTTPS】
[root@nginx ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
[root@nginx ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
3.安裝Nginx+PHP
[root@web01 ~]# # yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb nginx
4.配置web站點【wordpress|wecenter】
[root@web01 ~]# sed -i '/^user/c user www;' /etc/nginx/nginx.conf
[root@web01 ~]# sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf
[root@web01 ~]# sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf
[root@web01 conf.d]# cat wecenter.conf
server {
server_name zh.oldboy.com;
listen 80;
root /code/zh;
index index.php index.html;
location ~ \.php$ {
root /code/zh;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web01 conf.d]# cat wordpress.conf
server_name blog.oldboy.com;
root /code/wordpress;
root /code/wordpress;
fastcgi_param HTTPS on; (用以https通路)
}
##啟動服務,并加入開機自啟動
[root@web01 ~]# systemctl enable nginx php-fpm
[root@web01 ~]# systemctl start nginx php-fpm
5.準備對應的代碼
[root@web01 ~]# mkdir /code
[root@web01 ~]# cd /code
[root@web01 code]# wget https://wordpress.org/latest.tar.gz
##解壓
[root@web01 code]# unzip WeCenter_v3.2.2.zip
[root@web01 code]# tar xf latest.tar.gz
##改名
[root@web01 code]# mv WeCenter322/ zh
##授權
[root@web01 ~]# chown -R www.www /code/
6.配置資料庫db01
[root@db01 ~]# rpm -ivh http://repo.mysql.com/yum/mysql-5.7-community/el/7/x86_64/mysql57-community-release-el7-10.noarch.rpm
[root@db01 ~]# yum install mysql-community-server -y
[root@db01 ~]# systemctl enable mysqld
[root@db01 ~]# systemctl start mysqld
[root@db01 ~]# mysql -uroot -p$(awk '/temporary password/{print $NF}' /var/log/mysqld.log)
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'Bgx123.com';
mysql> create database wordpress;
mysql> create database zh;
mysql> create database jpress;
mysql> grant all privileges on *.* to 'all'@'%' identified by 'Bgx123.com';
mysql> flush privileges;
#####################################################################################
7.配置windows的hosts解析,安裝網站
web02快速擴充一台
[root@web02 ~]# groupadd -g 666 www
[root@web02 ~]# useradd -u666 -g666 www
##安裝nignx與php
[root@web02 ~]# scp [email protected]:/etc/yum.repos.d/* /etc/yum.repos.d/
[root@web02 ~]# yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb nginx
##同步nginx與php配置
[root@web02 ~]# rsync -avz --delete [email protected]:/etc/nginx /etc/
[root@web02 ~]# rsync -avz --delete [email protected]:/etc/php-fpm.d/* /etc/php-fpm.d/
##在web01上打包code
[root@web01 ~]# tar czf code.tar.gz /code/
##同步web01的站點目錄
[root@web02 ~]# rsync -avz [email protected]:~/code.tar.gz ./
[root@web02 ~]# tar xf code.tar.gz -C /
[root@web02 ~]# systemctl enable nginx php-fpm
[root@web02 ~]# systemctl start nginx php-fpm
web03 JAVA站點
[root@web03 ~]# yum install java -y
[root@web03 ~]# mkdir /code
[root@web03 ~]# cd /code
[root@web03 code]# wget http://mirrors.shu.edu.cn/apache/tomcat/tomcat-9/v9.0.12/bin/apache-tomcat-9.0.12.tar.gz
[root@web03 code]# tar xf apache-tomcat-9.0.12.tar.gz
[root@web03 code]# ln -s /code/apache-tomcat-9.0.12 /code/tomcat
下載下傳jpress
[root@web03 ~]# cd /code/tomcat/webapps
[root@web03 ~]# rz 上傳jpress的war
啟動Tomcat服務
[root@web03 ~]# /code/tomcat/bin/startup.sh
nfs共享存儲
[root@nfs ~]# groupadd -g 666 www
[root@nfs ~]# useradd -g 666 -u666 www
#準備共享配置
[root@nfs ~]# cat /etc/exports
/data/blog 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/zh 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/jpress 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
# 建立目錄并授權
[root@nfs ~]# mkdir /data/{blog,zh,jpress} -p
[root@nfs ~]# chown -R www.www /data
[root@nfs ~]# systemctl enable nfs-server
[root@nfs ~]# systemctl start nfs-server
web01和web02執行挂載wordpress【wecenter和jpress自行完成】
[root@web02 wp-content]# mv uploads/ uploads_bak
[root@web02 wp-content]# mkdir uploads
[root@web02 wp-content]# mount -t nfs 172.16.1.31:/data/blog /code/wordpress/wp-content/uploads
[root@web02 wp-content]# cp -rp uploads_bak/* uploads/
web01上面直接挂載即可
[root@web01 ~]# mkdir /code/wordpress/wp-content/uploads
[root@web01 ~]# mount -t nfs 172.16.1.31:/data/blog /code/wordpress/wp-content/uploads
記得加入開機自啟動
lb01操作
[root@lb01 ~]# scp -rp [email protected]:/etc/yum.repos.d/nginx.repo /etc/yum.repos.d/
[root@lb01 ~]# yum install nginx -y
[root@lb01 ~]# rm -f /etc/nginx/conf.d/*
[root@lb01 ~]# cat /etc/nginx/conf.d/blog_proxy.conf
upstream blog {
server 172.16.1.7:80;
server 172.16.1.8:80;
server_name blog.oldboy.com;
listen 80;
location / {
proxy_pass http://blog;
include proxy_params;
}
[root@lb01 ~]# cat /etc/nginx/conf.d/zh_proxy.conf
upstream zh {
server_name zh.oldboy.com;
proxy_pass http://zh;
[root@lb01 ~]# cat /etc/nginx/conf.d/jpress_proxy.conf
upstream java {
server 172.16.1.9:8080;
server_name jpress.oldboy.com;
proxy_pass http://java;
##共有優化配置檔案
[root@lb01 ~]# cat /etc/nginx/proxy_params
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
[root@lb01 ~]# systemctl enable nginx
[root@lb01 ~]# systemctl start nginx
lb01操作HTTPS
1.生成ssl
[root@lb01 ~]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
//OpenSSL 必須是1.0.2
//nginx 必須有子產品
[root@lb01 ~]# nginx -V
--with-http_ssl_module
[root@lb01 ~]# mkdir /etc/nginx/ssl_key -p
[root@lb01 ~]# cd /etc/nginx/ssl_key
[root@lb01 ~]# openssl req -days 36500 -x509 \
> -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
2.配置nginx的負載均衡支援https
[root@lb01 conf.d]# cat blog_proxy.conf
return 302 https://$server_name$request_uri;
listen 443;
ssl on;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
[root@lb01 conf.d]# cat zh_proxy.conf
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location /{
配置備份rsync
[root@backup ~]# yum install rsync -y
[root@backup ~]# cat /etc/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
comment = welcome to oldboyedu backup!
path = /backup
[data]
comment = welcome to oldboyedu data!
path = /data
##準備目錄
[root@backup ~]# groupadd -g666 www
[root@backup ~]# useradd -u666 -g666 www
[root@backup ~]# chown -R www.www /{backup,data}
##準備密碼檔案
[root@backup ~]# echo 'rsync_backup:123' > /etc/rsync.passwd
[root@backup ~]# chmod 600 /etc/rsync.passwd
##啟動服務并加入開機自啟動
[root@backup ~]# systemctl enable rsyncd
[root@backup ~]# systemctl start rsyncd
#######################其他機器準備推送腳本
[root@lb01 scripts]# mkdir /server/scripts -p
[root@lb01 ~]# cat /server/scripts/client_rsync_backup.sh
#批量建立資料檔案
#!/usr/bin/bash
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#1.定義變量
Host=$(hostname)
Addr=$(ifconfig eth1|awk 'NR==2{print $2}')
Date=$(date +%F)
Dest=${Host}_${Addr}_${Date}
Path=/backup
#2.建立備份目錄
[ -d $Path/$Dest ] || mkdir -p $Path/$Dest
#3.備份對應的檔案
cd / && \
[ -f $Path/$Dest/system.tar.gz ] || tar czf $Path/$Dest/system.tar.gz etc/fstab etc/rsyncd.conf && \
[ -f $Path/$Dest/log.tar.gz ] || tar czf $Path/$Dest/log.tar.gz var/log/messages var/log/secure && \
#4.攜帶md5驗證資訊
[ -f $Path/$Dest/flag ] || md5sum $Path/$Dest/*.tar.gz >$Path/$Dest/flag
#4.推送本地資料至備份伺服器
export RSYNC_PASSWORD=123
rsync -avz $Path/ [email protected]::backup
#5.本地保留最近7天的資料
find $Path/ -type d -mtime +7|xargs rm -rf
##測試腳本
[root@lb01 ~]# chmod +x /server/scripts/client_rsync_backup.sh
[root@lb01 ~]# sh /server/scripts/client_rsync_backup.sh
##編寫定時任務
[root@lb01 ~]# echo '00 00 * * * sh /server/scripts/client_rsync_backup.sh >&/dev/null' >> /var/spool/cron/root
#######################Backup伺服器上的校驗腳本
[root@backup ~]# mkdir /server/scripts -p
[root@backup ~]# vim /server/scripts/check_backup.sh
#1.定義全局的變量
#2.定義局部變量
#3.檢視flag檔案,并對該檔案進行校驗, 然後将校驗的結果儲存至result_時間
find $Path/*_${Date} -type f -name "flag"|xargs md5sum -c >$Path/result_${Date}
#4.将校驗的結果發送郵件給管理者
mail -s "Rsync Backup $Date" [email protected] <$Path/result_${Date}
#5.删除超過7天的校驗結果檔案, 删除超過180天的備份資料檔案
find $Path/ -type f -name "result*" -mtime +7|xargs rm -f
find $Path/ -type d -mtime +180|xargs rm -rf
## 服務端實作郵件功能
[root@backup ~]# yum install mailx -y
[root@backup ~]# vim /etc/mail.rc
set smtp=smtps://smtp.qq.com:465
set smtp-auth-password=fsutdpigtgidfbgd
set smtp-auth=login
set ssl-verify=ignore
set nss-config-dir=/etc/pki/nssdb/