lnmp项目案例搭建

1、环境准备

2、优化所有的机器

1) 优化服务器的脚本

[root@web01 ~]# vim youhua.sh
#!/bin/bash

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

yum update -y

yum -y install python-setuptools python-pip gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel zipqunzip ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel openssl openssh openssl-develnss_ldap openldap openldap-devel openldap-clients openldap-servers libxslt-devel libevent-devel ntp libtool-ltdl bison libtool vim-enhanced python wget lsof iptraf strace lrzsz kernel-devel kernel-headers pam-devel tcl tk cmake ncurses-devel bisonsetuptool popt-devel net-snmp screen perl-devel pcre-devel net-snmp screen tcpdump rsync sysstat man iptables sudo libconfiggit bind-utils tmux elinks numactl iftop bwm-ng net-tools expect

setenforce 0

sed 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config

systemctl disable --now firewalld

echo '#Timing synchronization time' >>/var/spool/cron/root

echo '0 */1 * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null' >>/var/spool/cron/root

cat >>/etc/sysctl.conf <<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000    65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.ipv4.ip_forward = 1
EOF

sysctl -p

sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
systemctl restart sshd

groupadd miao -g 777
useradd miao -u777 -g777

systemctl disable abrt-ccpp.service
systemctl disable abrt-oops.service
systemctl disable abrt-vmcore.service
systemctl disable abrt-xorg.service
systemctl disable abrtd.service
systemctl disable accounts-daemon.service
systemctl disable atd.service
systemctl disable auditd.service
systemctl disable autovt@.service
systemctl disable avahi-daemon.service
systemctl disable bluetooth.service
systemctl disable cups.service
systemctl disable dbus-org.bluez.service
systemctl disable dbus-org.fedoraproject.FirewallD1.service
systemctl disable dbus-org.freedesktop.Avahi.service
systemctl disable dbus-org.freedesktop.ModemManager1.service
systemctl disable dbus-org.freedesktop.NetworkManager.service
systemctl disable dbus-org.freedesktop.nm-dispatcher.service
systemctl disable display-manager.service
systemctl disable dmraid-activation.service
systemctl disable firewalld.service
systemctl disable gdm.service
systemctl disable irqbalance.service
systemctl disable iscsi.service
systemctl disable ksm.service
systemctl disable ksmtuned.service
systemctl disable libstoragemgmt.service
systemctl disable libvirtd.service
systemctl disable lvm2-monitor.service
systemctl disable mcelog.service
systemctl disable mdmonitor.service
systemctl disable microcode.service
systemctl disable ModemManager.service
systemctl disable multipathd.service
systemctl disable NetworkManager-dispatcher.service
systemctl disable NetworkManager.service
systemctl disable postfix.service
systemctl disable qemu-guest-agent.service
systemctl disable rngd.service
systemctl disable rtkit-daemon.service
systemctl disable smartd.service
systemctl disable spice-vdagentd.service
systemctl disable systemd-readahead-collect.service
systemctl disable systemd-readahead-drop.service
systemctl disable systemd-readahead-replay.service
systemctl disable tuned.service
systemctl disable vgauthd.service
systemctl disable vmtoolsd.service

2) web集群安装nginx和php以及优化配置文件

# 安装nginx官方源
[root@web01 ~]# vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[root@web01 ~]# yum clean all
[root@web01 ~]# yum makecache

# 安装nginx
[root@web01 ~]# yum install -y nginx 

#写优化配置文件
[root@web01 ~]# cat etc/nginx/nginx.conf 
user miao;									
worker_processes auto;						 
worker_cpu_affinity auto;					  
error_log /var/log/nginx/error.log warn;	  
pid /run/nginx.pid;							
worker_rlimit_nofile 35535;					

events {
    use epoll;								
    worker_connections 10240;				 
}

http {
    include         mime.types;				  
    default_type      application/octet-stream;   
    charset utf-8;								 

 	log_format access_json '{"@timestamp":"$time_iso8601",'
                           '"host":"$server_addr",'
                           '"clientip":"$remote_addr",'
                           '"size":$body_bytes_sent,'
                           '"responsetime":$request_time,'
                           '"upstreamtime":"$upstream_response_time",'
                           '"upstreamhost":"$upstream_addr",'
                           '"http_host":"$host",'
                           '"url":"$uri",'
                           '"domain":"$host",'
                           '"xff":"$http_x_forwarded_for",'
                           '"referer":"$http_referer",'
                           '"status":"$status"}';

    access_log  /var/log/nginx/access.log  access_json; 
    server_tokens off;
    client_max_body_size 200m;					  
    sendfile            on;						 
    tcp_nopush          on;										
    keepalive_timeout   65;						
    gzip on;									  
    gzip_disable "MSIE [1-6].";					
    gzip_http_version 1.1;							
    gzip_comp_level 4;								
    gzip_buffers 16 8k;							
    gzip_min_length 1024;							
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/jpeg;		
    include /etc/nginx/conf.d/*.conf;				
}

# 启动
[root@web01 ~]# systemctl enable --now nginx

# 安装php官方源
[root@web01 ~]# vim /etc/yum.repos.d/php.repo
[php-webtatic]
name = PHP Repository
baseurl = http://us-east.repo.webtatic.com/yum/el7/x86_64/
gpgcheck = 0
[root@web01 ~]# yum clean all
[root@web01 ~]# yum makecache
[root@web01 ~]# yum remove php-mysql-5.4 php php-fpm php-common
[root@web01 ~]# yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb

# 修改配置文件
[root@web01 ~]# vim /etc/php-fpm.d/www.conf 
user = miao
group = miao
;php_value[session.save_handler] = files
;php_value[session.save_path]    = /var/lib/php/session

#php配置文件优化
[root@web01 ~]# vim /etc/php.ini
... ...
#原配置
#session.save_handler = files
session.save_handler = redis
#;session.save_path = "/tmp"
session.save_path = "tcp://172.16.1.51:6379"

expose_php = Off                       
display_error = Off                   
error_reporting = E_ALL                
log_errors = On                        
error_log = /var/log/php_error.log      
date.timezone = Asia/Shanghai           

file_uploads = On          
upload_max_filesize = 300M  
post_max_size = 300M        
max_file_uploads = 20       
memory_limit = 128M      

# 启动php
[root@web01 ~]# systemctl enable --now php-fpm.service 

3、搭建backup服务器

# 安装rsync
[root@backup ~]#  yum install rsync -y

# 编写配置文件（前端代码仓库、数据库备份、上传文件的备份）
[root@backup ~]# vim /etc/rsyncd.conf 
uid=miao
gid=miao
port=873
fake super=yes
use chroot=no
max connection=200
timeuot=600
ignore errors
read only=false
list=false
auth users=dan
secrets file=/etc/rsync.passwd
log file=/var/log/rsyncd/log
###################################
[web]
comment="前端代码仓库"
path=/backup/web
[database]
comment="数据库备份"
path=/backup/database
[conf]
comment="上传文件备份"
path=/backup/conf

# 创建仓库真实目录
[root@backup ~]# mkdir -p /backup/{web,database,conf}

# 授权
[root@backup ~]# chown miao.miao -R /backup/

# 创建密码文件
[root@backup ~]# echo "dan：111" > /etc/rsync.passwd
[root@backup ~]# chmod 600 /etc/rsync.passwd

# 启动
[root@backup ~]# systemctl enable --now rsyncd

4、开启NFS服务

# 安装软件  nfs-utils rpcbind
[root@nfs ~]# yum install nfs-utils rpcbind -y

# 创建挂载点
[root@nfs ~]# mkdir -p /nfs/{web,database,conf}

# 授权
[root@nfs ~]# chown miao.miao -R /nfs/

# 设置挂载点
[root@nfs ~]# vim /etc/exports
/nfs/web      172.16.1.0/20(rw,sync,all_squash,anonuid=777,anongid=777)
/nfs/database 172.16.1.0/20(rw,sync,all_squash,anonuid=777,anongid=777)
/nfs/conf     172.16.1.0/20(rw,sync,all_squash,anonuid=777,anongid=777)

# 启动
[root@nfs ~]# systemctl enable --now nfs-server.service 
Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.

# 检测
[root@nfs ~]# showmount -e
ok

#下载sersync
##修改sersync的配置文件
[root@m01 sersync2]# cat confxml.xml 
...
    <inotify>
	<delete start="true"/>
	<createFolder start="true"/>
	<createFile start="true"/>
	<closeWrite start="true"/>
	<moveFrom start="true"/>
	<moveTo start="true"/>
	<attrib start="true"/>
	<modify start="true"/>
    </inotify>

    <sersync>
	<localpath watch="/data_wp"> # 另外一台 /data_web
	    <remote ip="172.16.1.41" name="data"/>
	    <!--<remote ip="192.168.8.39" name="tongbu"/>-->
	    <!--<remote ip="192.168.8.40" name="tongbu"/>-->
	</localpath>
	<rsync>
	    <commonParams params="-az"/>
	    <auth start="true" users="rsync_mm" passwordfile="/etc/rsync.passwd"/>
[root@m01 sersync2]# /usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml

挂载nfs(web集群)

[root@web02 ~]# mkdir /code
[root@web02 ~]# chown -R miao.miao /code/
[root@web02 ~]# mount  -t nfs 172.16.1.31:/nfs/web /code
[root@web02 ~]# mount -t nfs 172.16.1.31:/nfs/conf /etc/nginx/conf.d/
[root@web02 ~]# systemctl restart nginx

搭建ec

[root@web02 opt]# 上传包 并解压到/code,改名ec
[root@web02 ~]# vim /etc/nginx/conf.d/ec.conf 
server {
        listen 80;
        server_name ec.com;
        root /code/ecjia-daojia;
        
        location / {
                index index.php;
        }
        location ~* .php$ {
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }
}
[root@web02 ~]# systemctl restart nginx

5、搭建数据库（mariadb）

# 安装软件
[root@db01 ~]# yum install mariadb* -y

# 启动
[root@db01 ~]# systemctl enable --now mariadb

# 创建密码并登陆数据库
[root@db01 ~]# mysqladmin -uroot password '123'
[root@db01 ~]# mysql -uroot -p123

# 创建用户给予web以及其它网站使用（授权）
MariaDB [mysql]>create database ec；

MariaDB [mysql]> grant all privileges on *.* to dan@'%' identified by '123';
Query OK, 0 rows affected (0.01 sec)

#重载数据库
MariaDB [mysql]> flush privileges; 
Query OK, 0 rows affected (0.00 sec)

#备份数据库
[root@db01 ~]# mysqldump -uroot -p123 --all-databases --single-transaction > mysql-all.sql

# 编写每天备份脚本
[root@db01 ~]# vim mysql_dump.sh   
#!/bin/bash
DATE=`date +%F`
BACKUP="/database"
cd $BACKUP
mysqldump -uroot -p123 --all-databases --single-transaction > mysql-all-${DATE}.sql
tar -czf mysql-all-${DATE}.tar.gz mysql-all-${DATE}.sql
rm -rf mysql-all-${DATE}.sql

[root@db01 ~]# chmod 600 mysql_dump.sh   #授权
[root@db01 ~]# mkdir /database          #创建目录
[root@db01 ~]# chown miao.miao /database/
[root@db01 ~]# mount -t nfs 172.16.1.31:/nfs/database /database/    
# 脚本加入定时任务
[root@db01 ~]# crontab -e
01 00 * * *  /database/mysql_dump.sh

6、数据备份与同步

#上传实时备份软件sersync
[root@nfs opt]# rz -E
rz waiting to receive.
[root@nfs opt]# tar -xf sersync.gz -C /usr/local
[root@nfs opt]# cd /usr/local
[root@nfs local]# cd GNU-Linux-x86/
[root@nfs GNU-Linux-x86]# vim confxml1.xml
... ...
    <inotify>
	<delete start="true"/>
	<createFolder start="true"/>
	<createFile start="true"/>
	<closeWrite start="true"/>
	<moveFrom start="true"/>
	<moveTo start="true"/>
	<attrib start="true"/>
	<modify start="true"/>
    </inotify>

    <sersync>
	<localpath watch="/nfs/conf">
	    <remote ip="172.16.1.41" name="conf"/>
	    <!--<remote ip="192.168.8.39" name="tongbu"/>-->
	    <!--<remote ip="192.168.8.40" name="tongbu"/>-->
	</localpath>
	<rsync>
	    <commonParams params="-artuz"/>
	    <auth start="true" users="dan" passwordfile="/etc/rsync.passwd"/>
... ...
[root@nfs GNU-Linux-x86]# vim confxml2.xml
... ...
    <inotify>
	<delete start="true"/>
	<createFolder start="true"/>
	<createFile start="true"/>
	<closeWrite start="true"/>
	<moveFrom start="true"/>
	<moveTo start="true"/>
	<attrib start="true"/>
	<modify start="true"/>
    </inotify>

    <sersync>
	<localpath watch="/nfs/web">
	    <remote ip="172.16.1.41" name="web"/>
	    <!--<remote ip="192.168.8.39" name="tongbu"/>-->
	    <!--<remote ip="192.168.8.40" name="tongbu"/>-->
	</localpath>
	<rsync>
	    <commonParams params="-artuz"/>
	    <auth start="true" users="dan" passwordfile="/etc/rsync.passwd"/>
... ...
[root@nfs GNU-Linux-x86]# echo "111"> /etc/rsync.passwd
[root@nfs GNU-Linux-x86]# ./sersync2 -dro confxml1.xml 
[root@nfs GNU-Linux-x86]# ./sersync2 -dro confxml2.xml 

配置https

[root@web01 ~]# nginx -V
--with-http_ssl_module 
[root@web01 ~]# mkdir /etc/nginx/ssl_key
[root@web01 ~]# cd /etc/nginx/ssl_key/
[root@web01 ssl_key]# openssl genrsa -idea -out server.key 2048
[root@web01 ssl_key]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt

使用redis实现session共享

[root@db01 ~]# yum install -y redis
[root@db01 ~]# vim /etc/redis.conf
bind 127.0.0.1 172.16.1.51
[root@db01 ~]# systemctl start redis

# web集群
[root@web01 conf.d]# vim /etc/php.ini
#原内容 session.save_handler = files
session.save_handler = redis
#原内容 ;session.save_path = "/tmp"
session.save_path = "tcp://172.16.1.51:6379"

[root@web01 conf.d]# vim /etc/php-fpm.d/www.conf
#注释原内容 
;php_value[session.save_handler] = files
;php_value[session.save_path]    = /var/lib/php/session

systemctl restart php-fpm

7、配置keepalived

1)先配置七层负载均衡

# 配置 负载均衡两个端的配置文件
[root@lb01 ~]# vim /etc/nginx/conf.d/ec.conf 
upstream ec_http {
    server 192.168.15.7;
    server 192.168.15.8;
    server 192.168.15.9;
}

server {
    listen 80;
    server_name ec.com;
    
    rewrite (.*) http://$server_name$1;
}
     server {
    listen 443 ssl;
    server_name ec.com;
    ssl_certificate /etc/nginx/ssl_key/server.crt;
    ssl_certificate_key /etc/nginx/ssl_key/server.key;

    location / {
        proxy_pass http://ec_http;
        include proxy_params;
    }
}

#配置代理的优化文件，lb1与lb2同步
[root@lb01 ~]# cat /etc/nginx/proxy_params 
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;

proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;

2)配置keepalived

#安装软件
[root@lb01 ~]# yum install -y keepalived
[root@lb02 ~]# yum install -y keepalived

#配置主节点的文件
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
    router_id lb01
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 50
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.15.3
    }
}

# 配置备节点
[root@lb02 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
    router_id lb02
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 50
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.15.3
    }
}

#启动服务
[root@lb01 ~]# systemctl start keepalived.service
[root@lb02 ~]# systemctl start keepalived.service

# keepalived开启日志
[root@lb01 ~]# vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -d -S 0"         # 大S

#配置rsyslog抓取日志
[root@lb01 ~]# vim /etc/rsyslog.conf
local0.*		/var/log/keepalived.log    
#!local0 ,0代表是配置日志里面的KEEPALIVED_OPTIONS="-D -d -S 0"末尾的数字。数字要对应

#重启服务
[root@lb01 ~]# systemctl restart keepalived.service rsyslog