搭建LNMP网站+nginx搭建web站点实现负载均衡(https+upstream+fastcgi)

Valky
阅读43 喜欢1 linux 更新2019-11-28


OS    ip
  Red Hat Enterprise Linux 7 64 192.168.199.100 172.16.0.100
 Windows server 2008 R2  192.168.199.200  172.16.0.200 

准备:安装nginx、php-fpm、mariadb-server服务,导入wordpress模块

配置nginx服务

配置文件名为wordpress.conf,放置在/etc/nginx/conf.d目录下

server {
        listen      192.168.199.100:80;
        server_name  www.zrp.com;         #使用域名www.zrp.com访问

        location / {
                root /data/web_data;      #网站根目录为/data/web_data
                index    index.html index.php;
                }

        location ~ .php$ {
                root /data/web_data;
                fastcgi_pass 127.0.0.1:9000;    #启用fastcgi功能,让nginx能够解析到php请求
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
                }
}

在网站指定根目录/data/web_data下导入wordpress模块


如果未配置DNS服务,可以现在/etc/hosts下添加一条解析记录

访问http://www.zrp.com/wordpress,成功访问到php页面


配置mariadb服务

修改/etc/my.cnf文件

[mysqld]
datadir=/data/database            #数据库存储位置为/data/database
bind-address=192.168.199.100      #服务仅监听在192.168.199.100上
skip_name_resolve=on              #关闭数据库域名解析功能
innodb_file_per_table=on          #innodb开启独立表空间模式
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd

[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid

#
# include all files from the config directory
#
!includedir /etc/my.cnf.d

将存储目录授权给mysql

chown -R mysql:mysql /data/database/

进入数据库,wordpress数据库授权wordpress用户通过192.168.199.%主机执行所有操作

创建wordpress数据库


将wordpress数据库授权给wordpress用户


开始安装wordpress


进行安装,就可以搭建站点


成功搭建wordpress站点



实现web负载均衡以及为web站点提供https证书服务

创建存放证书的目录

生成nginx的私钥nginx.key

生成nginx请求证书nginx.csr(向windows发送csr请求)

[root@localhost ~]# mkdir /etc/nginx/ssl    
[root@localhost ~]# cd /etc/nginx/ssl
[root@localhost ssl]# openssl genrsa -out nginx.key 
Generating RSA private key, 2048 bit long modulus
............................................+++
................................................+++
e is 65537 (0x10001)
[root@localhost ssl]# openssl req -new -key nginx.key -out nginx.csr -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ".", the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:fj
Locality Name (eg, city) [Default City]:fz
Organization Name (eg, company) [Default Company Ltd]:mj
Organizational Unit Name (eg, section) []:sf
Common Name (eg, your name or your server"s hostname) []:www.zrp.com
Email Address []:

Please enter the following "extra" attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:


通过samba服务共享nginx.csr文件给windows

配置samba服务

[root@localhost samba]# mv smb.conf smb.conf.bak
[root@localhost samba]# cat smb.conf.bak | grep -v "#" | grep -v ";" | grep -v "^$" > smb.conf
[root@localhost samba]# vim smb.conf
[global]
	workgroup = MYGROUP
	server string = Samba Server Version %v
	log file = /var/log/samba/log.%m
	max log size = 50
	security = user
	passdb backend = tdbsam
	load printers = yes
	cups options = raw
[webdata]                             #共享名为webdata
	path = /data/web_data         #共享目录为/data/web_data
	browseable = yes 
	writable = yes
	valid users=apache            
	admin users=apache            #管理用户为apache
	hosts allow =192.168.199.200  #仅允许192.168.199.200的主机访问
	hosts deny =all

把nginx.csr放到共享目录


windows上安装证书服务为redhat颁发证书


申请证书


提交nginx.csr中的编码


颁发证书


导出证书,提供给redhat使用,注意导出格式


访问192.168.199.100将导出的证书nginx.cer文件传输给redhat


修改权限

[root@localhost web_data]# chown -R root:root nginx.cer 
[root@localhost web_data]# ll
total 12
-rwxr--r--. 1 root   root   1430 Nov 27 20:43 nginx.cer
-rw-r--r--. 1 root   root    980 Nov 27 20:16 nginx.csr
drwxr-xr-x. 5 apache apache 4096 Nov 27 07:50 wordpress

[root@localhost web_data]# mv nginx.cer /etc/nginx/ssl/nginx.crt
[root@localhost web_data]# cd /etc/nginx/ssl/
[root@localhost ssl]# ll
total 12
-rwxr--r--. 1 root root 1430 Nov 27 20:43 nginx.crt
-rw-r--r--. 1 root root  980 Nov 27 20:16 nginx.csr
-rw-r--r--. 1 root root 1679 Nov 27 20:15 nginx.key


配置nginx的代理功能

使用upstream模块配置负载均衡功能,配置https功能

将来自172.16.0.100ip地址的80和443端口的流量转发至upstream定义的后端主机

[root@localhost conf.d]# pwd
/etc/nginx/conf.d
[root@localhost conf.d]# vim proxy.conf 
upstream web {
        server 192.168.199.100;
        server 192.168.199.200;
}

server {
        listen 172.16.0.100:80;
        server_name www.zrp.com;


        location / {
        proxy_pass http://web;
}
}

server {
        listen 172.16.0.100:443;
        server_name www.zrp.com;

        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key "/etc/nginx/ssl/nginx.key";

        location / {
        proxy_pass http://web;
        }
}


在windows上搭建简单的web站点,创建index.html文件写入172.16.0.200


访问172.16.0.100,实现负载均衡,轮询访问