基于Keepalived+Varnish+Nginx实现的高可用LAMP架构
注意: 各节点的时间需要同步(ntpdate ntp1.aliyun.com),关闭firewalld(systemctl stop firewalld.service,systemctl disable firewalld.service),设置selinux为permissive(setenforce 0 或 vim /etc/selinux/config);同时确保DR1和DR2节点的网卡支持MULTICAST(多播)通信。通过命令ifconfig可以查看到是否开启了MULTICAST:
搭建RS1(RS1提供mariadb服务和静态资源)
[root@RS1 Desktop]# yum -y install mariadb-server httpd
[root@RS1 Desktop]# vim /etc/my.cnf
[mysqld]
...
skip-name-resolve=ON
innodb-file-per-table=ON
...
[root@RS1 Desktop]# systemctl start mariadb
[root@RS1 Desktop]# mysql_secure_installation #进行数据库相关安全设置
...
[root@RS1 Desktop]# mysql -uroot -p
Enter password:
MariaDB [(none)]> create database wordpress;
MariaDB [(none)]> grant all on wordpress.* to 'wpuser'@'10.10.0.%' identified by '123456';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit;
[root@RS1 Desktop]# wget https://cn.wordpress.org/wordpress-4.9.4-zh_CN.tar.gz
[root@RS1 Desktop]# tar xf wordpress-4.9.4-zh_CN.tar.gz -C /var/www/html
[root@RS1 Desktop]# vim /var/www/html/index.html
<h1>10.10.0.21 server</h1>
[root@RS1 Desktop]# vim /etc/httpd/conf.d/vhost.conf
<virtualhost *:80>
servername www.test.org
DirectoryIndex index.html index.php
Documentroot /var/www/html
ProxyRequests off
ProxyPassMatch ^/(.*\.php)$ fcgi://10.10.0.22:9000/var/www/html/$1
ProxyPassMatch ^/(ping|status)$ fcgi://10.10.0.22:9000/$1
<Directory />
options FollowSymlinks
Allowoverride none
Require all granted
</Directory>
</virtualhost>
[root@RS1 Desktop]# systemctl start httpd
[root@RS1 Desktop]# /var/www/html/wordpress/wp-config-sample.php /var/www/html/wordpress/wp-config.php
[root@RS1 Desktop]# vim /var/www/html/wordpress/wp-config.php #关联wordpress数据库
define('DB_NAME', 'wordpress');
define('DB_USER', 'wpuser');
define('DB_PASSWORD', '123456');
define('DB_HOST', '10.10.0.21');
[root@RS1 Desktop]# scp /var/www/html/wordpress 10.10.0.22:/var/www/html/ #复制wordpress到22的主机
搭建RS2(RS2提供动态资源)
[root@RS2 Desktop]# yum -y httpd php-fpm php-mysql php-mbstring php-mcrypt
[root@RS2 Desktop]# vim /var/www/html/index.html
<h1>10.10.0.22 server</h1>
[root@RS2 Desktop]# vim /etc/httpd/conf.d/vhost.conf
<virtualhost *:80>
servername www.test.org
DirectoryIndex index.html index.php
Documentroot /var/www/html
ProxyRequests off
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1
ProxyPassMatch ^/(ping|status)$ fcgi://127.0.0.1:9000/$1
<Directory />
options FollowSymlinks
Allowoverride none
Require all granted
</Directory>
</virtualhost>
[root@RS2 Desktop]# systemctl start httpd
[root@RS2 Desktop]# vim /etc/php-fpm.d/www.conf
listen = 0.0.0.0:9000
; listen.allowed_clients = 127.0.0.1 #注释此句,允许其他主机远程访问
pm.status_path = /status
ping.path = /ping
ping.response = pong
[root@RS2 Desktop]# chown apache:apache /var/lib/php/session
[root@RS2 Desktop]# systemctl start php-fpm
搭建DR1
[root@DR1 Desktop]# yum install -y nginx keepalived
[root@DR1 Desktop]# vim /etc/nginx/nginx/conf #配置nginx反代
http {
...
upstream websrvs {
server 10.10.0.21:80;
server 10.10.0.22:80;
server 127.0.0.1:80 backup;
}
server {
listen 80;
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://websrvs;
proxy_set_header host $http_host;
proxy_set_header X-Forward-For $remote_addr;
}
...
}
[root@DR1 Desktop]# vim /etc/nginx/conf.d/localhost.conf #配置nginx本地服务
server{
listen 127.0.0.1:80;
root /usr/share/nginx/html;
index index.html;
}
[root@DR1 Desktop]# vim /usr/share/nginx/html/index.html
<h1>Balance Server DR1</h1>
[root@DR1 Desktop]# nginx -t #检查nginx语法
[root@DR1 Desktop]# systemctl start nginx
[root@DR1 Desktop]# vim /etc/keepalived/keepalived.conf #配置keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id dr1
vrrp_skip_check_adv_addr
vrrp_mcast_group4 224.0.0.111
}
vrrp_script chk_ngx { #检查此服务器的nginx进程是否存在,如果不存在则减权
#kill -0 PID,0信号量不发送任何信号但系统会进行错误检查,经常用来检查一个进程是否存在,存在返回0,不存在返回1
script "killall -0 nginx 2> /dev/null && exit 0 || exit 1"
weight -10
interval 1
fall 3
rise 3
}
vrrp_instance VIP_1 {
state MASTER
interface eno16777736
virtual_router_id 1
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111@#$%
}
track_script {
chk_ngx
}
virtual_ipaddress {
192.168.4.120/24 dev eno16777736 label eno16777736:0
}
[root@DR1 Desktop]# systemctl start keepalived.service
搭建DR2,参考DR1自行搭建
客户端测试
[root@client Desktop]# for i in {1..20}; do curl http://192.168.4.120; done
<h1>10.10.0.21 server</h1>
<h1>10.10.0.22 server</h1>
<h1>10.10.0.21 server</h1>
<h1>10.10.0.22 server</h1>
<h1>10.10.0.21 server</h1>
<h1>10.10.0.22 server</h1>
<h1>10.10.0.21 server</h1>
<h1>10.10.0.22 server</h1>
<h1>10.10.0.21 server</h1>
<h1>10.10.0.22 server</h1>
<h1>10.10.0.21 server</h1>
<h1>10.10.0.22 server</h1>
<h1>10.10.0.21 server</h1>
<h1>10.10.0.22 server</h1>
<h1>10.10.0.21 server</h1>
<h1>10.10.0.22 server</h1>
<h1>10.10.0.21 server</h1>
<h1>10.10.0.22 server</h1>
<h1>10.10.0.21 server</h1>
<h1>10.10.0.22 server</h1>
[root@client Desktop]# ab -c 100 -n 10000 http://192.168.4.120/wordpress #对动态页面进行压测
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.4.120 (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Completed 10000 requests
Finished 10000 requests
Server Software: nginx/1.12.2
Server Hostname: 192.168.4.120
Server Port: 80
Document Path: /wordpress
Document Length: 239 bytes
Concurrency Level: 100
Time taken for tests: 4.685 seconds
Complete requests: 10000
Failed requests: 0
Write errors: 0
Non-2xx responses: 10000
Total transferred: 4600000 bytes
HTML transferred: 2390000 bytes
Requests per second: 2134.44 [#/sec] (mean)
Time per request: 46.851 [ms] (mean)
Time per request: 0.469 [ms] (mean, across all concurrent requests)
Transfer rate: 958.83 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 1 4.8 0 51
Processing: 10 45 7.4 46 67
Waiting: 1 44 7.8 46 67
Total: 12 47 6.5 46 89
Percentage of the requests served within a certain time (ms)
50% 46
66% 47
75% 48
80% 49
90% 53
95% 58
98% 63
99% 67
100% 89 (longest request)
配置Varnish服务器
[root@Varnish Desktop]# yum install varnish
[root@Varnish Desktop]# vim /etc/varnish/varnish.params
RELOAD_VCL=1
VARNISH_VCL_CONF=/etc/varnish/default.vcl
VARNISH_LISTEN_PORT=6081
VARNISH_ADMIN_LISTEN_ADDRESS=10.10.0.23
VARNISH_ADMIN_LISTEN_PORT=6082
VARNISH_SECRET_FILE=/etc/varnish/secret
VARNISH_STORAGE="file,/data/cache,1G" #需要先创建好/data目录
VARNISH_USER=varnish
VARNISH_GROUP=varnish
[root@Varnish Desktop]# vim /etc/varnish/default.vcl #修改配置文件,添加VCL规则
vcl 4.0;
import directors;
probe web_healthchk { #定义后端健康监测机制
.url="/index.html";
.interval=2s;
.timeout=1s;
.window=5;
.threshold=3;
}
backend RS1 { #定义后端RS1
.host="10.10.0.21";
.port="80";
.probe=web_healthchk;
}
backend RS2 { #定义后端RS2
.host="10.10.0.22";
.port="80";
.probe=web_healthchk;
}
sub vcl_init { #初始化服务器
new WEBGROUP=directors.round_robin();
WEBGROUP.add_backend(RS1);
WEBGROUP.add_backend(RS2);
}
acl PURGERS { #定义可用于purge操作的ip来源
"127.0.0.1";
"10.10.0.0"/24;
}
sub vcl_recv {
if(req.http.Authorization || req.http.Cookie) { #认证及cookie不缓存
return(pass);
}
if(req.method != "GET" && req.method != "HEAD") { #除了get和head以外的请求方法不缓存
return(pass);
}
if(req.url ~ "index.php") { #动态资源不缓存
return(pass);
}
if(req.method == "PURGE") { #purge方法清理缓存
if(client.ip ~ PURGERS) {
return(purge);
}
}
if(req.http.X-Forward-For) { #为发往后端主机添加的请求报文添加X-Forward-For的首部
set req.http.X-Forward-For = req.http.X-Forward-For+","+client.ip;
}else {
set req.http.X-Forward-For = client.ip;
}
set req.backend_hint = WEBGROUP.backend(); #调用服务器组
return(hash);
}
sub vcl_hash {
hash_data(req.url);
}
sub vcl_backend_response { #自定义缓存时长
if(bereq.url ~ "\.(jpg|jpeg|gif|png)$") {
set beresp.ttl = 1d;
}
if(bereq.url ~ "\.(html|css|js)$") {
set beresp.ttl = 12h;
}
if(beresp.http.Set-Cookie) {
set beresp.grace = 600s;
return(deliver);
}
}
sub vcl_deliver {
if(obj.hits > 0) { #为响应报文添加X-Cache的首部,标识缓存是否命中
set resp.http.X-Cache = "Hit from "+server.ip;
}else {
set resp.http.X-Cache = "Miss";
}
}
[root@Varnish Desktop]# systemctl start varnish.service
[root@Varnish Desktop]# ss -tan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:631 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:6081 *:*
LISTEN 0 10 10.10.0.23:6082 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 ::1:631 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 :::6081 :::*
修改DR1和DR2定义的代理服务器组(DR2的修改参考DR1)
[root@DR1 Desktop]# vim /etc/nginx/nginx.conf
...
upstream websrvs {
#server 10.10.0.21:80;
#server 10.10.0.22:80;
server 10.10.0.23:6081; #转发到Varnish服务器
server 127.0.0.1:80 backup;
}
...
[root@DR2 Desktop]# systemctl reload nginx.service
客户端再次测试
Linux公社的RSS地址: https://www.linuxidc.com/rssFeed.aspx
本文永久更新链接地址: https://www.linuxidc.com/Linux/2018-09/154248.htm
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
Web Applications (Hacking Exposed)
Joel Scambray、Mike Shema / McGraw-Hill Osborne Media / 2002-06-19 / USD 49.99
Get in-depth coverage of Web application platforms and their vulnerabilities, presented the same popular format as the international bestseller, Hacking Exposed. Covering hacking scenarios across diff......一起来看看 《Web Applications (Hacking Exposed)》 这本书的介绍吧!
