Nginx综合案例

 2024/08/18 

环境：
PVE 8.1-2
CentOS Linux release 7.9.2009 (Core)
mysql-5.7.22
nginx-1.18
php-7.2.29
DiscuzX-3.4

地址规划
192.168.10.102 nfs
192.168.10.112 backup
192.168.10.125 mysql-1
192.168.10.126 mysql-2
192.168.10.127 mysql-3
192.168.10.161 web1
192.168.10.162 web2
192.168.10.163 web3
192.168.10.164 nginx1
192.168.10.165 nginx2
nginx-VIP 192.168.10.50/24

nfs服务器

yum -y install nfs-utils
mkdir /root/data/web-html/ -p
echo "/root/data/web-html/ 192.168.10.0/24(rw,sync)" >> /etc/exports
mkdir /root/data/web-vhost/ -p
echo "/root/data/web-vhost/ 192.168.10.0/24(rw,sync)" >> /etc/exports
systemctl enable nfs --now
exportfs -arv
#exporting 192.168.10.0/24:/root/data/web-vhost
#exporting 192.168.10.0/24:/root/data/web-html
unzip Discuz_X3.4.zip -d /root/data/web-html/
ch
cat > /root/data/web-vhost/it.conf << 'EOF'
    server {
        listen       80;
        server_name  www.it.com;
        location / {
            root   /usr/local/nginx/html/it/upload;
            index  index.html index.php;
        }
        location ~ \.php$ {
		        fastcgi_pass   127.0.0.1:9000;
			      fastcgi_index  index.php;
			      fastcgi_param  SCRIPT_FILENAME  /usr/local/nginx/html/it/upload$fastcgi_script_name;
			      include        fastcgi_params;
        }
		}
EOF
chmod -R 777 /root/data/
#编译安装php,过程略过，参考《搭建lnmp笔记》
/etc/init.d/php-fpm restart
netstat -tunlp | grep 9000
#tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      5662/php-fpm: maste

web服务器基础功能

systemctl disable firewalld.service --now
sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
setenforce 0

#安装nginx过程略过，参考《搭建lnmp笔记》
cat > /usr/local/nginx/conf/nginx.conf <<EOF
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include /usr/local/nginx/conf/vhost/*.conf;
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
}
EOF
yum -y install nfs-utils rsync
mkdir /usr/local/nginx/conf/vhost -p
mount -t nfs 192.168.10.102:/root/data/web-vhost /usr/local/nginx/conf/vhost/
mkdir /usr/local/nginx/html/it -p
mount -t nfs 192.168.10.102:/root/data/web-html /usr/local/nginx/html/it
/usr/local/nginx/sbin/nginx

在第一台web上安装完，数据库指向192.168.10.125即可

此时三台web服务器都可以正常访问了，接下来配置负载均衡

nginx服务器负载均衡与动静分离

cat > /usr/local/nginx/conf/nginx.conf <<'EOF'
worker_processes  1;
events {
    worker_connections  1024;
}
http {
		upstream web {
				server 192.168.10.161:80 max_fails=3 fail_timeout=20s;
				server 192.168.10.162:80 max_fails=3 fail_timeout=20s;
				server 192.168.10.163:80 max_fails=3 fail_timeout=20s;
				ip_hash;
				}
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       80;
        server_name  www.it.com;
        location ~* \.(html|gif|jpg|png|js|css|bmp|ico|htm)$ {
		        root /static/upload;
		        #try_files $uri $uri/ =404;
        }
        location ~* \.(php|jsp|cgi)$ {
            proxy_pass http://web;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;  
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  
            proxy_set_header X-Forwarded-Proto $scheme;  
        }
        location / {
            proxy_pass http://web;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;  
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  
            proxy_set_header X-Forwarded-Proto $scheme;  
        }
    }
}
EOF

\cp /usr/local/nginx/sbin/nginx /bin/
nginx -t
nginx -s reload
nginx
nginx -s reload

测试动静分离

mkdir /static
mount -t nfs 192.168.10.102:/root/data/web-html /static/
可以正常访问网页

nginx服务器keepalived高可用

systemctl disable firewalld.service --now
sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
setenforce 0

yum -y install keepalived.x86_64 #编译安装也可以，无所谓
# 主节点
cat > /etc/keepalived/keepalived.conf <<EOF
! Configuration File for keepalived
global_defs {
        router_id lb01
}
vrrp_script check_nginx {
    script "/etc/keepalived/check_nginx.sh"
}
vrrp_instance it {
    state MASTER
    interface ens18
    virtual_router_id 51
    priority 110
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.10.50/24
    }
    track_script {
        check_nginx
    } 
}
EOF

# 从节点
yum -y install keepalived.x86_64
cat > /etc/keepalived/keepalived.conf <<EOF
! Configuration File for keepalived
global_defs {
        router_id lb02
}
vrrp_script check_nginx {
    script "/etc/keepalived/check_nginx.sh"
}
vrrp_instance it {
    state SLAVE
    interface ens18
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    ****}
    virtual_ipaddress {
        192.168.10.50/24
    }
    track_script {
        check_nginx
    } 
}
EOF

#check_nginx.sh脚本内容
cat > /etc/keepalived/check_nginx.sh <<'EOF'
#!/bin/bash
counter=$(ps -ef |grep nginx | grep sbin | egrep -cv "grep|$$" )
if [ $counter -eq 0 ]; then
    nginx
    echo "${date +%F} nginx重启" >> /etc/keepalived/check.log
    sleep 2
		counter=$(ps -ef |grep nginx | grep sbin | egrep -cv "grep|$$" )
    if [ $counter -eq 0 ]; then
        systemctl stop keepalived
        echo "$(hostname)主机nginx服务异常，vip已切换" | mail -s "keepalived告警" alertwarning@163.com
    fi
fi
ip a | grep -q 192.168.10.50
if [ $? -eq 0 ];then
		ssh nginx1 "ip a | grep -q 192.168.10.50"
		if [ $? -eq 0 ];then
		echo "$(date +%F) 脑裂" >> /etc/keepalived/check.log
		echo "出现脑裂" | mail -s "keepalived脑裂警告" alertwarning@163.com
        systemctl stop keepalived
		fi
fi
EOF

systemctl daemon-reload
systemctl enable keepalived.service --now
systemctl restart keepalived.service

测试高可用

主：
ip a | grep ens18 -A 5| grep -w inet
#    inet 192.168.10.164/24 brd 192.168.10.255 scope global noprefixroute ens18
#    inet 192.168.10.50/24 scope global secondary ens18
从：
ip a | grep ens18 -A 5| grep -w inet
#    inet 192.168.10.165/24 brd 192.168.10.255 scope global noprefixroute ens18

主：停止nginx服务
此时vip会漂移到从节点

测试nginx拉活

主：
ps -ef | grep nginx -c
#5
nginx -s stop
ps -ef | grep nginx -c
#5

nfs服务器使用rsync+inotify备份

backup服务器rsync部分

#backup服务器
ssh-copy-id 192.168.10.102
yum -y install rsync autoconf automake libtool
useradd rsync -M -s /sbin/nologin
cat > /etc/rsyncd.conf <<'EOF'
uid=rsync
gid=rsync
fake super=yes
max connections = 100
timeout=300
pid file=/var/run/rsyncd.pid
lock file=/var/run/rsync.lock
log file=/var/log/rsyncd.log
ignore errors
read only=false
hosts allow=192.168.10.0/24
auth users=backup
secrets file=/var/rsync.password
[web_backup]
path=/root/backup
EOF
echo "backup:123456" > /var/rsync.password
chmod 600 /etc/rsyncd.conf
chmod 600 /var/rsync.password
mkdir /root/backup
chown -R rsync.rsync /root/backup

#nfs服务器
useradd rsync -M -s /sbin/nologin
systemctl disable firewalld.service --now
sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
yum -y install rsync
echo "123456" > /var/rsync.password
chmod 600 /var/rsync.password

nfs服务器inotify与定时任务

wget https://github.com/inotify-tools/inotify-tools/archive/refs/tags/3.22.6.0.tar.gz
tar -xf 3.22.6.0.tar.gz
cd inotify-tools-3.22.6.0/
./autogen.sh
./configure --prefix=/usr/local/inotify
make && make install
\cp /usr/local/inotify/bin/* /bin
cat > /root/rsync.sh <<'EOF'
#!/bin/bash
inotifywait -mrq --format '%w%f' -e create,delete,close_write /root/data | while read file
do
rsync -az --delete /root/data backup@192.168.10.112::web_backup --password-file=/var/rsync.password >> /dev/null 2>&1
echo "$(date +%F-%H:%M)${file} is rsynced" >> /var/log/rsyncd.log
done
EOF
chmod +x /root/rsync.sh
sh /root/rsync.sh

rsync脚本测试

/bin/bash /root/rsync.sh
#第二终端
touch /root/data/test.txt
rm -rf test.txt
cat /var/log/rsyncd.log
#2024-08-18-20:01/root/data/test.txt is rsynced
#2024-08-18-20:01/root/data/test.txt is rsynced
#2024-08-18-20:01/root/data/test.txt is rsynced ，因为create也算close_write的一种