通过LNMP架构实现kodcloud反向代理部署
网络架构图
环境准备
操作系统:rocky8.6
nginx: 1.22.0
mysql: 8.0.26
redis:5.0
192.168.247.61 kodcloud-nginx-01 2vcpu 2G 100G 192.168.247.62 kodcloud-web-01 2vcpu 2G 100G 192.168.247.63 kodcloud-web-02 2vcpu 2G 100G 192.168.247.64 kodcloud-mysql-redis-01 2vcpu 2G 100G 192.168.247.65 kodcloud-nfs-01 2vcpu 2G 100G
一、安装nginx
在nginx、web01、web02节点编译安装nginx服务
cat nginx-install.sh
#!/bin/bash NGINX_FILE=nginx-1.22.0 #NGINX_FILE=nginx-1.20.2 #NGINX_FILE=nginx-1.18.0 NGINX_URL=http://nginx.org/download/ TAR=.tar.gz SRC_DIR=/usr/local/src NGINX_INSTALL_DIR=/apps/nginx CPUS=`lscpu |awk '/^CPU\(s\)/{print $2}'` . /etc/os-release color () { RES_COL=60 MOVE_TO_COL="echo -en \\033[${RES_COL}G" SETCOLOR_SUCCESS="echo -en \\033[1;32m" SETCOLOR_FAILURE="echo -en \\033[1;31m" SETCOLOR_WARNING="echo -en \\033[1;33m" SETCOLOR_NORMAL="echo -en \E[0m" echo -n "$1" && $MOVE_TO_COL echo -n "[" if [ $2 = "success" -o $2 = "0" ] ;then ${SETCOLOR_SUCCESS} echo -n $" OK " elif [ $2 = "failure" -o $2 = "1" ] ;then ${SETCOLOR_FAILURE} echo -n $"FAILED" else ${SETCOLOR_WARNING} echo -n $"WARNING" fi ${SETCOLOR_NORMAL} echo -n "]" echo } check () { [ -e ${NGINX_INSTALL_DIR} ] && { color "nginx 已安装,请卸载后再安装" 1; exit; } cd ${SRC_DIR} if [ -e ${NGINX_FILE}${TAR} ];then color "相关文件已准备好" 0 else color '开始下载 nginx 源码包' 0 wget ${NGINX_URL}${NGINX_FILE}${TAR} [ $? -ne 0 ] && { color "下载 ${NGINX_FILE}${TAR}文件失败" 1; exit; } fi } install () { color "开始安装 nginx" 0 if id nginx &> /dev/null;then color "nginx 用户已存在" 1 else useradd -s /sbin/nologin -r nginx color "创建 nginx 用户" 0 fi color "开始安装 nginx 依赖包" 0 if [ $ID == "centos" ] ;then if [[ $VERSION_ID =~ ^7 ]];then yum -y install gcc make pcre-devel openssl-devel zlib-devel perl-ExtUtils-Embed elif [[ $VERSION_ID =~ ^8 ]];then yum -y install make gcc-c++ libtool pcre pcre-devel zlib zlib-devel openssl openssl-devel perl-ExtUtils-Embed else color '不支持此系统!' 1 exit fi elif [ $ID == "rocky" ];then yum -y install gcc make gcc-c++ libtool pcre pcre-devel zlib zlib-devel openssl openssl-devel perl-ExtUtils-Embed else apt update apt -y install gcc make libpcre3 libpcre3-dev openssl libssl-dev zlib1g-dev fi cd $SRC_DIR tar xf ${NGINX_FILE}${TAR} NGINX_DIR=`echo ${NGINX_FILE}${TAR}| sed -nr 's/^(.*[0-9]).*/\1/p'` cd ${NGINX_DIR} ./configure --prefix=${NGINX_INSTALL_DIR} --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module make -j $CPUS && make install [ $? -eq 0 ] && color "nginx 编译安装成功" 0 || { color "nginx 编译安装失败,退出!" 1 ;exit; } chown -R nginx.nginx ${NGINX_INSTALL_DIR} echo "PATH=${NGINX_INSTALL_DIR}/sbin:${PATH}" > /etc/profile.d/nginx.sh cat > /lib/systemd/system/nginx.service <<EOF [Unit] Description=The nginx HTTP and reverse proxy server After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=${NGINX_INSTALL_DIR}/logs/nginx.pid ExecStartPre=/bin/rm -f ${NGINX_INSTALL_DIR}/logs/nginx.pid ExecStartPre=${NGINX_INSTALL_DIR}/sbin/nginx -t ExecStart=${NGINX_INSTALL_DIR}/sbin/nginx ExecReload=/bin/kill -s HUP \$MAINPID KillSignal=SIGQUIT TimeoutStopSec=5 KillMode=process PrivateTmp=true LimitNOFILE=100000 [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable --now nginx &> /dev/null systemctl is-active nginx &> /dev/null || { color "nginx 启动失败,退出!" 1 ; exit; } color "nginx 安装完成" 0 } check install
执行脚本进行编译
# bash nginx-install.sh
二、安装配置MySQL、Redis
在mysql-redis节点安装配置mysql、redis
yum install mysql-server redis -y
echo "default_authentication_plugin=mysql_native_password" >> /etc/my.cnf.d/mysql-server.cnf
systemctl enable --now mysqld
[root@kodcloud-mysql-redis-01 ~]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.26 Source distribution
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database kodbox;
Query OK, 1 row affected (0.00 sec)
mysql> create user kodbox@'192.168.247.%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
mysql>
mysql> grant all on kodbox.* to kodbox@'192.168.247.%';
Query OK, 0 rows affected (0.01 sec)
mysql>
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
mysql>
配置redis
vi /etc/redis.conf
systemctl enable --now redis
三、安装配置php
在web01、web02节点安装php相关包
yum install -y https://mirrors.tuna.tsinghua.edu.cn/remi/enterprise/remi-release-8.rpm yum install -y php74-php-fpm php74-php-mbstring php74-php-json php74-php-xml php74-php-gd php74-php-mysqlnd php74-php-cli php74-php-devel php74-php-pecl-redis
配置php
vim /etc/opt/remi/php74/php.ini
egrep -v "^;|^$" /etc/opt/remi/php74/php-fpm.d/www.conf
[www] user = nginx group = nginx listen = 127.0.0.1:9000 listen.acl_users = nginx listen.allowed_clients = 127.0.0.1 pm = dynamic pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.status_path = /status ping.path = /ping ping.response = duoduo access.log = log/$pool.access.log slowlog = /var/opt/remi/php74/log/php-fpm/www-slow.log php_admin_value[error_log] = /var/opt/remi/php74/log/php-fpm/www-error.log php_admin_flag[log_errors] = on php_value[session.save_handler] = files php_value[session.save_path] = /var/opt/remi/php74/lib/php/session php_value[soap.wsdl_cache_dir] = /var/opt/remi/php74/lib/php/wsdlcache
systemctl enable --now php74-php-fpm
配置web01、web02 nginx与php连接
cat /apps/nginx/conf/nginx.conf http ..... include /apps/nginx/conf.d/*.conf; }
#创建目录 mkdir /apps/nginx/conf.d/
cat /apps/nginx/conf.d/php.conf server { listen 80; server_name www.kodcloud-web1.org; root /data/php; index index.php; location ~ \.php$|ping|php-status { root /data/php; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
创建测试页面文件夹
mkdir /data/{html,php}
cat /apps/nginx/conf/nginx.conf http ..... include /apps/nginx/conf.d/*.conf; } #创建目录 mkdir /apps/nginx/conf.d/ cat /apps/nginx/conf.d/php.conf server { listen 80; server_name www.kodcloud-web2.org; root /data/php; index index.php; location ~ \.php$|ping|php-status { root /data/php; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } 创建测试页面文件夹 mkdir /data/{html,php}
配置测试页
cat /data/php/test.php <?php phpinfo(); ?> cat /data/php/mysql.php <?php $servername = "192.168.247.64"; $username = "kodbox"; $password = "123456"; // 创建连接 $conn = mysqli_connect($servername,$username, $password); // 检测连接 if (!$conn) { die("php连接MySQL数据库失败: " . mysqli_connect_error()); } echo "php连接MySQL数据库成功!"; ?>
四、安装可道云包
在web01节点下载kodcloud包,并解压到/data/php目录下
wget https://static.kodcloud.com/update/download/kodbox.1.34.zip unzip kodbox.1.34.zip -d /data/php/ chown -R nginx.nginx /data/php/ systemctl restart nginx
页面配置web01
将配置好的web01数据同步到web02
[root@kodcloud-web-01 ~]# rsync -av /data/php/ root@192.168.247.63:/data/php [root@kodcloud-web-02 ~]# systemctl start nginx
验证数据信息
[root@kodcloud-mysql-redis-01 ~]# redis-cli 127.0.0.1:6379> keys * 1) "a719a5ab14946805af534c2c9f9e2c2c" 2) "a4d09f162789270ea6515309e8b9db89" 3) "a6925d5eab96be59ea8cfebfc525847a" 4) "434d13089905938f2de454d10afda221" 5) "3e0dcbe773d4250f6c1594293459c535" 6) "959cbae136455c78bc1898e5c554ffbf" 7) "7f0f8e41551455cdc4e4b220c4758b34" 8) "b2ac0f3510bb92ea866c6ee55d797338" 9) "7827e4f111664842147a53e21d8f955c" 10) "8b4ab164c5cab2f5225b973dc9498f96" 11) "ab3990a959c8705c55e35db3e2a22133" 12) "8d15d7740b4ebcde126c71803c75e6f3" 13) "25637b396a458110d0c9b952bd2359e9" 14) "0452ea2c631be5e6012acd9c72a3cfd1" 15) "89f706eac7320581223fa27913f06dcc" 16) "9e94a22489460c0813493544af0840c7" 17) "a3b4f75d79996635f3414e472ff0f3bf" 18) "3be483bef56bd545c646a8d26cbb7f3e" 19) "ae2d27a63b0749ecb98af234c763b174" 20) "475fa0360696c2a07d21108587ce0b7c" 21) "ba9cb8a61c2290a6e7ac0f1b21dabef2" 22) "f16f14617716a88bf7154a3517e509f5" 23) "1743bd57eac2cbf0352caac17528346e" 24) "19e612b535e4eab0b6f93c28d2c341e5" 25) "28afac066500945d6882e8cf66b400ae" 26) "b646a2806af989b88a8a3418a0cb6d0f" 27) "ae6e45206fca04a341344ac4c8eac46f" 28) "06cde4f7bf8a814a07be09828bce56bb" 29) "500b5dcaebf3c2c51c4921012c87d8c4" 127.0.0.1:6379> [root@kodcloud-mysql-redis-01 ~]# mysql Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 68 Server version: 8.0.26 Source distribution Copyright (c) 2000, 2021, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> use kodbox; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +-------------------+ | Tables_in_kodbox | +-------------------+ | comment | | comment_meta | | comment_praise | | group | | group_meta | | io_file | | io_file_contents | | io_file_meta | | io_source | | io_source_auth | | io_source_event | | io_source_history | | io_source_meta | | io_source_recycle | | share | | share_report | | share_to | | system_log | | system_option | | system_session | | user | | user_fav | | user_group | | user_meta | | user_option | +-------------------+ 25 rows in set (0.00 sec) mysql>
五、配置nginx反向代理
ssl证书导入,域名注册需要自己购买
1、在自己购买的域名下添加一条dns解析,ip地址可以暂时随便填写
2、申请免费的域名证书
3、下载并导入到自己nginx服务器
[root@kodcloud-nginx-01 ~]# mkdir /apps/nginx/conf/conf.d/ssl/ -p
[root@kodcloud-nginx-01 ~]# unzip m50.cyhsre.com_nginx.zip -d mkdir /apps/nginx/conf/conf.d/ssl/
检查nginx是否支持ssl模块,如果不支持,需要再次编译,并加入ssl相关模块
[root@kodcloud-nginx-01 ~]# nginx -V nginx version: nginx/1.22.0 built by gcc 8.5.0 20210514 (Red Hat 8.5.0-10) (GCC) built with OpenSSL 1.1.1k FIPS 25 Mar 2021 TLS SNI support enabled configure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module [root@kodcloud-nginx-01 ~]#
[root@kodcloud-nginx-01 ~]# mkdir /apps/nginx/conf.d/
[root@kodcloud-nginx-01 ~]# vi /apps/nginx/conf/nginx.conf
[root@kodcloud-nginx-01 ~]# egrep -v "^$|^#|^[[:space:]]+#" /apps/nginx/conf/nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; sendfile on; keepalive_timeout 65; server { listen 80; server_name localhost; location / { root html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } include /apps/nginx/conf.d/*.conf; } [root@kodcloud-nginx-01 ~]# [root@kodcloud-nginx-01 ~]# [root@kodcloud-nginx-01 ~]# cat /apps/nginx/conf.d/www.kodcloud.org.conf upstream webservers { server 192.168.247.62; server 192.168.247.63; } server { listen 80; server_name www.kodcloud.org; root /data/nginx/html/pc; access_log /apps/nginx/logs/www.kodcloud.org_access.log main; return 302 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name www.kodcloud.org; ssl_certificate /apps/nginx/conf/conf.d/ssl/8496193_m50.cyhsre.com.pem; ssl_certificate_key /apps/nginx/conf/conf.d/ssl/8496193_m50.cyhsre.com.key; ssl_session_cache shared:sslcache:20m; ssl_session_timeout 10m; location / { proxy_pass http://webservers; proxy_set_header Host $http_host; } } [root@kodcloud-nginx-01 ~]# [root@kodcloud-nginx-01 ~]# [root@kodcloud-nginx-01 ~]# nginx -t nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok nginx: configuration file /apps/nginx/conf/nginx.conf test is successful [root@kodcloud-nginx-01 ~]# systemctl restart nginx [root@kodcloud-nginx-01 ~]#
在web01上配置
[root@kodcloud-web-01 ~]# egrep -v "^$|^#|^[[:space:]]+#" /apps/nginx/conf/nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; sendfile on; keepalive_timeout 65; server { listen 80; server_name localhost; location / { root html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } include /apps/nginx/conf.d/*.conf; } [root@kodcloud-web-01 ~]# [root@kodcloud-web-01 ~]# cat /apps/nginx/conf.d/php.conf server { listen 80; server_name www.kodcloud.org; root /data/php; index index.php; location ~ \.php$|ping|php-status { root /data/php; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on; include fastcgi_params; } } [root@kodcloud-web-01 ~]# nginx -t nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok nginx: configuration file /apps/nginx/conf/nginx.conf test is successful [root@kodcloud-web-01 ~]# systemctl restart nginx [root@kodcloud-web-01 ~]#
配置web02
[root@kodcloud-web-02 ~]# egrep -v "^$|^#|^[[:space:]]+#" /apps/nginx/conf/nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; sendfile on; keepalive_timeout 65; server { listen 80; server_name localhost; location / { root html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } include /apps/nginx/conf.d/*.conf; } [root@kodcloud-web-02 ~]# [root@kodcloud-web-02 ~]# cat /apps/nginx/conf.d/php.conf server { listen 80; server_name www.kodcloud.org; root /data/php; index index.php; location ~ \.php$|ping|php-status { root /data/php; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on; include fastcgi_params; } } [root@kodcloud-web-02 ~]# [root@kodcloud-web-02 ~]# nginx -t nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok nginx: configuration file /apps/nginx/conf/nginx.conf test is successful [root@kodcloud-web-02 ~]# systemctl restart nginx [root@kodcloud-web-02 ~]#
测试域名访问
本地机器添加hosts解析
查看签发证书机构
六、部署nfs共享存储
在nfs节点安装nfs
挂载200G数据盘
创建分区并格式化
parted /dev/nvme0n2 mklab gpt parted /dev/nvme0n2 mkpart primary 0% 100% mkfs.xfs /dev/nvme0n2p1
把磁盘挂载/data目录 [root@kodcloud-nfs-01 ~]# cat /etc/fstab # # /etc/fstab # Created by anaconda on Mon Jun 27 17:36:12 2022 # # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. # UUID=cb82a616-12ed-487c-b265-adb37a93fc45 / xfs defaults 0 0 UUID=487d792d-7b02-40ae-87f4-bda5d668daf0 /boot xfs defaults 0 0 UUID=a8c7fbf0-f54a-440b-b28b-d8d94e4771c7 /data xfs defaults 0 0 [root@kodcloud-nfs-01 ~]# [root@kodcloud-nfs-01 ~]# mount -a [root@kodcloud-nfs-01 ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT nvme0n1 259:0 0 100G 0 disk ├─nvme0n1p1 259:1 0 500M 0 part /boot └─nvme0n1p2 259:2 0 90G 0 part / nvme0n2 259:3 0 200G 0 disk └─nvme0n2p1 259:5 0 200G 0 part /data [root@kodcloud-nfs-01 ~]#
安装nfs
yum install rsync nfs-utils -y systemctl enable --now nfs-server cat /etc/exports /data 192.168.247.0/24(rw,all_squash,anonuid=48,anongid=48) #48是web01、web02节点apache服务id与组id exportfs -r showmount -e
在web01、web02节点安装nfs-client并挂载nfs 数据盘
yum install nfs-utils -y echo "192.168.247.65:/data /data/php/data/files/ nfs _netdev 0 0" >> /etc/fstab mount -a
[root@kodcloud-web-02 files]# scp -r ./* root@192.168.247.65:/data/ [root@kodcloud-web-01 ~]# id nginx uid=994(nginx) gid=989(nginx) groups=989(nginx) [root@kodcloud-web-01 ~]# [root@kodcloud-nfs-01 data]# [root@kodcloud-nfs-01 data]# groupadd -g 989 nginx [root@kodcloud-nfs-01 data]# useradd -u 994 -g nginx nginx [root@kodcloud-nfs-01 data]# chown -R nginx.nginx . [root@kodcloud-nfs-01 data]# ll -h total 0 drwxr-xr-x 3 nginx nginx 25 Sep 20 11:55 202209 -rwxr-xr-x 1 nginx nginx 0 Sep 20 11:55 index.html [root@kodcloud-nfs-01 data]# [root@kodcloud-web-01 ~]# mount -a [root@kodcloud-web-02 ~]# mount -a
上传文件测试
