搭建LNMP网站+nginx搭建web站点实现负载均衡(https+upstream+fastcgi)
OS | ip |
---|---|
Red Hat Enterprise Linux 7 64 | 192.168.199.100 172.16.0.100 |
Windows server 2008 R2 | 192.168.199.200 172.16.0.200 |
准备:安装nginx、php-fpm、mariadb-server服务,导入wordpress模块
配置nginx服务
配置文件名为wordpress.conf,放置在/etc/nginx/conf.d目录下
server {
listen 192.168.199.100:80;
server_name www.zrp.com; #使用域名www.zrp.com访问
location / {
root /data/web_data; #网站根目录为/data/web_data
index index.html index.php;
}
location ~ .php$ {
root /data/web_data;
fastcgi_pass 127.0.0.1:9000; #启用fastcgi功能,让nginx能够解析到php请求
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
在网站指定根目录/data/web_data下导入wordpress模块
如果未配置DNS服务,可以现在/etc/hosts下添加一条解析记录
访问http://www.zrp.com/wordpress,成功访问到php页面
配置mariadb服务
修改/etc/my.cnf文件
[mysqld]
datadir=/data/database #数据库存储位置为/data/database
bind-address=192.168.199.100 #服务仅监听在192.168.199.100上
skip_name_resolve=on #关闭数据库域名解析功能
innodb_file_per_table=on #innodb开启独立表空间模式
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
将存储目录授权给mysql
chown -R mysql:mysql /data/database/
进入数据库,wordpress数据库授权wordpress用户通过192.168.199.%主机执行所有操作
创建wordpress数据库
将wordpress数据库授权给wordpress用户
开始安装wordpress
进行安装,就可以搭建站点
成功搭建wordpress站点
实现web负载均衡以及为web站点提供https证书服务
创建存放证书的目录
生成nginx的私钥nginx.key
生成nginx请求证书nginx.csr(向windows发送csr请求)
[root@localhost ~]# mkdir /etc/nginx/ssl
[root@localhost ~]# cd /etc/nginx/ssl
[root@localhost ssl]# openssl genrsa -out nginx.key
Generating RSA private key, 2048 bit long modulus
............................................+++
................................................+++
e is 65537 (0x10001)
[root@localhost ssl]# openssl req -new -key nginx.key -out nginx.csr -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ".", the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:fj
Locality Name (eg, city) [Default City]:fz
Organization Name (eg, company) [Default Company Ltd]:mj
Organizational Unit Name (eg, section) []:sf
Common Name (eg, your name or your server"s hostname) []:www.zrp.com
Email Address []:
Please enter the following "extra" attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
通过samba服务共享nginx.csr文件给windows
配置samba服务
[root@localhost samba]# mv smb.conf smb.conf.bak
[root@localhost samba]# cat smb.conf.bak | grep -v "#" | grep -v ";" | grep -v "^$" > smb.conf
[root@localhost samba]# vim smb.conf
[global]
workgroup = MYGROUP
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
load printers = yes
cups options = raw
[webdata] #共享名为webdata
path = /data/web_data #共享目录为/data/web_data
browseable = yes
writable = yes
valid users=apache
admin users=apache #管理用户为apache
hosts allow =192.168.199.200 #仅允许192.168.199.200的主机访问
hosts deny =all
把nginx.csr放到共享目录
windows上安装证书服务为redhat颁发证书
申请证书
提交nginx.csr中的编码
颁发证书
导出证书,提供给redhat使用,注意导出格式
访问192.168.199.100将导出的证书nginx.cer文件传输给redhat
修改权限
[root@localhost web_data]# chown -R root:root nginx.cer
[root@localhost web_data]# ll
total 12
-rwxr--r--. 1 root root 1430 Nov 27 20:43 nginx.cer
-rw-r--r--. 1 root root 980 Nov 27 20:16 nginx.csr
drwxr-xr-x. 5 apache apache 4096 Nov 27 07:50 wordpress
[root@localhost web_data]# mv nginx.cer /etc/nginx/ssl/nginx.crt
[root@localhost web_data]# cd /etc/nginx/ssl/
[root@localhost ssl]# ll
total 12
-rwxr--r--. 1 root root 1430 Nov 27 20:43 nginx.crt
-rw-r--r--. 1 root root 980 Nov 27 20:16 nginx.csr
-rw-r--r--. 1 root root 1679 Nov 27 20:15 nginx.key
配置nginx的代理功能
使用upstream模块配置负载均衡功能,配置https功能
将来自172.16.0.100ip地址的80和443端口的流量转发至upstream定义的后端主机
[root@localhost conf.d]# pwd
/etc/nginx/conf.d
[root@localhost conf.d]# vim proxy.conf
upstream web {
server 192.168.199.100;
server 192.168.199.200;
}
server {
listen 172.16.0.100:80;
server_name www.zrp.com;
location / {
proxy_pass http://web;
}
}
server {
listen 172.16.0.100:443;
server_name www.zrp.com;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key "/etc/nginx/ssl/nginx.key";
location / {
proxy_pass http://web;
}
}
在windows上搭建简单的web站点,创建index.html文件写入172.16.0.200
访问172.16.0.100,实现负载均衡,轮询访问