锐客网

  1. 首页 > 生活百科 > it技术 > >

【frontend】前端frontend的安装与配置

一、实验环境

【frontend】前端frontend的安装与配置
文章图片
操作系统:CentOS7.2 Mininal
serverA:192.168.1.104
serverB:192.168.1.109
VIP:192.168.1.110
test:192.168.1.120
二、软件安装 在serverA 和 serverB 上
# yum-y installnginx bindntpkeepalived
# systemctlenablenamedntpdnginx keepalived
三、特殊配置 在serverA 和 serverB 上
# sysctl -w net.ipv4.ip_nonlocal_bind=1
# echo "net.ipv4.ip_nonlocal_bind=1" >> /etc/sysctl.conf
注:更改Linux系统控制文件,使得端口即使监听在不存在的IP上,也不报错
# setenforce 0
# sed -i 's/^SELINUX=.*/SELINUX=permissive/g'/etc/selinux/config


# systemctl stopfirewalld
# systemctl diable firewalld


三、serverA服务配置 # vim/etc/keepalived/keepalived.conf
【frontend】前端frontend的安装与配置
文章图片
##############################
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_script check {
script "/etc/keepalived/check.sh"
interval 5
}
vrrp_instance VI_1 {
state BACKUP
interface eno16777736
virtual_router_id 100
priority 100
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
check
}
virtual_ipaddress {
192.168.1.110
}
}
##############################
注意: vrrp_script{}中的interval时间需大于脚本中的sleep时间!
#vim /etc/keepalived/check.sh
【frontend】前端frontend的安装与配置
文章图片
##############################
#!/bin/bash
nginx_status1=$(ps -C nginx --no-heading|wc -l)
if [ "${nginx_status1}" = "0" ]; then
systemctl start nginx.service
sleep 3
nginx_status2=$(ps -C nginx --no-heading|wc -l)
if [ "${nginx_status2}" = "0" ]; then
systemctl stop keepalived.service
fi
fi
named_status1=$(ps -C named --no-heading|wc -l)
if [ "${named_status1}" = "0" ]; then
systemctl start named.service
sleep 3
named_status2=$(ps -C named --no-heading|wc -l)
if [ "${named_status2}" = "0" ]; then
systemctl stop keepalived.service
fi
fi
ntpd_status1=$(ps -C ntpd --no-heading|wc -l)
if [ "${ntpd_status1}" = "0" ]; then
systemctl start ntpd.service
sleep 3
ntpd_status2=$(ps -C ntpd --no-heading|wc -l)
if [ "${ntpd_status2}" = "0" ]; then
systemctl stop keepalived.service
fi
fi
#######################################
# chmod +x/etc/keepalived/check.sh
# vim/etc/ntp.conf
【frontend】前端frontend的安装与配置
文章图片
########################################
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
restrict 192.168.1.0 mask 255..255.255.0 nomodify notrap
server 192.168.1.110 iburst
server 127.127.1.0
fudge 127.127.1.0 stratum 10
interface ignorewildcard
interface listen192.168.1.110
interface listen127.0.0.1
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
##########################################
# vim /etc/named.conf
【frontend】前端frontend的安装与配置
文章图片
##########################################
options {
listen-on port 53 { 192.168.1.110; };
listen-on-v6 port 53 { ::1; };
directory"/var/named";
dump-file"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query{ any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
pid-file "/run/named/named.pid";
};
zone "test.com" IN {
type master;
file "test.com.zone";
};
###############################################
# cp-p/var/named/named.localhost/var/named/test.com.zone
# vim/var/named/test.com.zone
【frontend】前端frontend的安装与配置
文章图片




# vim /etc/nginx/nginx.conf
【frontend】前端frontend的安装与配置
文章图片
#########################################
#For more information on configuration, see:
#* Official English Documentation:http://nginx.org/en/docs/
#* Official Russian Documentation:http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections1024;
}
# stream转发
stream {
#hash $remote_addr consistent;
proxy_connect_timeout 3s;
include /etc/nginx/conf.d/stream_proxy.conf;
}
# http转发
http {
client_max_body_size500M;
includemime.types;
default_typeapplication/octet-stream;
server_tokensoff;
sendfileon;
keepalive_timeout65;
include /etc/nginx/conf.d/http_proxy.conf;
}
############################################
#vim/etc/nginx/conf.d/stream_proxy.conf
#############################################
upstream stream_service {
hash $remote_addr consistent;
server192.168.1.103:12345max_fails=1 fail_timeout=180s;
server 192.168.1.104:12345max_fails=1 fail_timeout=180s;


}
server {
listen 192.168.1.110:54321;
proxy_pass stream_service;
}
#####################################################
#vim /etc/nginx/conf.d/http_proxy.conf
#####################################################
upstream http_service {
server 192.168.1.107:443max_fails=1 fail_timeout=180s;
server 192.168.1.108:443max_fails=1 fail_timeout=180s;


}
server {
listen 192.168.1.110:443 ssl;
ssl_certificate/etc/nginx/ssl/nginx-selfsigned.crt;
ssl_certificate_key/etc/nginx/ssl/nginx-selfsigned.key;
location / {
proxy_connect_timeout3;
proxy_send_timeout600;
proxy_read_timeout600;
send_timeout600;
proxy_set_headerX-Real-IP $remote_addr;
proxy_set_headerX-Forwarded-For $proxy_add_x_forwarded_for;
proxy_passhttps://http_service;
}
}
#################################################################
# mkdir/etc/nginx/ssl
# openssl req-x509-nodes \
-newkey rsa:2048 \
-days 365 \
-subj "/C=CN/ST=Gunagdong/L=Shenzhen/O=TEST/OU=TEST/CN=www.test.com" \
-keyout /etc/nginx/ssl/nginx-selfsigned.key \
-out /etc/nginx/ssl/nginx-selfsigned.crt
四、serverB服务配置 # vim/etc/keepalived/keepalived.conf
【frontend】前端frontend的安装与配置
文章图片
##########################
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_script check {
script "/etc/keepalived/check.sh"
interval 5
}
vrrp_instance VI_1 {
state BACKUP
interface eno16777736
virtual_router_id 100
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
check
}
virtual_ipaddress {
192.168.1.110
}
}
##############################
注意: vrrp_script{}中的interval时间需大于脚本中的sleep时间!
#vim /etc/keepalived/check.sh


【frontend】前端frontend的安装与配置
文章图片
##############################
#!/bin/bash
nginx_status1=$(ps -C nginx --no-heading|wc -l)
if [ "${nginx_status1}" = "0" ]; then
systemctl start nginx.service
sleep 3
nginx_status2=$(ps -C nginx --no-heading|wc -l)
if [ "${nginx_status2}" = "0" ]; then
systemctl stop keepalived.service
fi
fi
named_status1=$(ps -C named --no-heading|wc -l)
if [ "${named_status1}" = "0" ]; then
systemctl start named.service
sleep 3
named_status2=$(ps -C named --no-heading|wc -l)
if [ "${named_status2}" = "0" ]; then
systemctl stop keepalived.service
fi
fi
ntpd_status1=$(ps -C ntpd --no-heading|wc -l)
if [ "${ntpd_status1}" = "0" ]; then
systemctl start ntpd.service
sleep 3
ntpd_status2=$(ps -C ntpd --no-heading|wc -l)
if [ "${ntpd_status2}" = "0" ]; then
systemctl stop keepalived.service
fi
fi
#######################################
# chmod +x/etc/keepalived/check.sh
# vim/etc/ntp.conf
【frontend】前端frontend的安装与配置
文章图片
########################################
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
restrict 192.168.1.0 mask 255..255.255.0 nomodify notrap
server 192.168.1.110 iburst
server 127.127.1.0
fudge 127.127.1.0 stratum 10
interface ignorewildcard
interface listen192.168.1.110
interface listen127.0.0.1
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
##########################################
# vim /etc/named.conf
【frontend】前端frontend的安装与配置
文章图片
##########################################
options {
listen-on port 53 { 192.168.1.110; };
listen-on-v6 port 53 { ::1; };
directory"/var/named";
dump-file"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query{ any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
pid-file "/run/named/named.pid";
};
zone "test.com" IN {
type master;
file "test.com.zone";
};
###############################################
# cp-p/var/named/named.localhost/var/named/test.com.zone
# vim/var/named/test.com.zone
【frontend】前端frontend的安装与配置
文章图片


# vim /etc/nginx/nginx.conf
【frontend】前端frontend的安装与配置
文章图片
#########################################
#For more information on configuration, see:
#* Official English Documentation:http://nginx.org/en/docs/
#* Official Russian Documentation:http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections1024;
}
# stream转发
stream {
#hash $remote_addr consistent;
proxy_connect_timeout 3s;
include /etc/nginx/conf.d/stream_proxy.conf;
}
# http转发
http {
client_max_body_size500M;
includemime.types;
default_typeapplication/octet-stream;
server_tokensoff;
sendfileon;
keepalive_timeout65;
include /etc/nginx/conf.d/http_proxy.conf;
}
############################################
#vim/etc/nginx/conf.d/stream_proxy.conf
#############################################
upstream stream_service {
hash $remote_addr consistent;
server192.168.1.103:12345max_fails=1 fail_timeout=180s;
server 192.168.1.104:12345max_fails=1 fail_timeout=180s;
}
server {
listen 192.168.1.110:54321;
proxy_pass stream_service;
}
#####################################################
#vim /etc/nginx/conf.d/http_proxy.conf
#####################################################
upstream http_service {
server 192.168.1.107:443max_fails=1 fail_timeout=180s;
server 192.168.1.108:443max_fails=1 fail_timeout=180s;
}
server {
listen 192.168.1.110:443 ssl;
ssl_certificate/etc/nginx/ssl/nginx-selfsigned.crt;
ssl_certificate_key/etc/nginx/ssl/nginx-selfsigned.key;
location / {
proxy_connect_timeout3;
proxy_send_timeout600;
proxy_read_timeout600;
send_timeout600;
proxy_set_headerX-Real-IP $remote_addr;
proxy_set_headerX-Forwarded-For $proxy_add_x_forwarded_for;
proxy_passhttps://http_service;
}
}
#################################################################
# mkdir/etc/nginx/ssl
# openssl req-x509-nodes \
-newkey rsa:2048 \
-days 365 \
-subj "/C=CN/ST=Gunagdong/L=Shenzhen/O=TEST/OU=TEST/CN=www.test.com" \
-keyout /etc/nginx/ssl/nginx-selfsigned.key \
-out /etc/nginx/ssl/nginx-selfsigned.crt
五、启动服务 在serverA 和 serveB上
# systemctlstart namedntpdnginx keepalived
六、查看服务状态 在serverA
【frontend】前端frontend的安装与配置
文章图片
【frontend】前端frontend的安装与配置
文章图片
【frontend】前端frontend的安装与配置
文章图片
【frontend】前端frontend的安装与配置
文章图片
在serverB


【frontend】前端frontend的安装与配置
文章图片
【frontend】前端frontend的安装与配置
文章图片
【frontend】前端frontend的安装与配置
文章图片
【frontend】前端frontend的安装与配置
文章图片
七、在test服务器上测试 反向代理测试:
https://192.168.1.110:443
DNS测试:
# vim/etc/resolv.conf
【frontend】前端frontend的安装与配置
文章图片
######################
nameserver 192.168.1.110
# Generated by NetworkManager
nameserver 202.96.128.166
nameserver 202.96.134.133
#####################
# ping www.test.com
# ping mysql.test.com
【frontend】前端frontend的安装与配置
文章图片
NTP测试:
# ntpdate 192.168.1.110
【frontend】前端frontend的安装与配置
文章图片
# vim/etc/ntp.conf


【frontend】前端frontend的安装与配置
文章图片
#########################
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
server 192.168.1.110 iburst
restrict 192.168.1.110 nomodify notrap noquery
server 127.127.1.0
fudge 127.127.1.0 stratum 10
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
#########################
# systemctl startntpd
# systemctl enable ntpd
八、前端的高可用性测试 在 serverA
# systemctlrestart keepalived
# systemctlstatus keepalived
# ip addr list
【frontend】前端frontend的安装与配置
文章图片
在 serverB
# systemctlstatus keepalived
# ip addr list
【frontend】前端frontend的安装与配置
文章图片
【【frontend】前端frontend的安装与配置】可以看到,重启serverA的keepalived,VIP成功漂移了,实际上,VIP所在的服务器上的 nginx、named 、ntpd任何一个服务出问题,keepalived的检测脚本就会停其keepalived服务,使得VIP漂移,服务基本不受影响,实现高可用!

    推荐阅读


    上一篇:不要从别人的口中听说我

    下一篇:写于D3008次列车,旅途