基于Keepalived+Varnish+Nginx实现的高可用LAMP架构

基于Keepalived+Varnish+Nginx实现的高可用LAMP架构

注意：各节点的时间需要同步（ntpdate ntp1.aliyun.com），关闭firewalld（systemctl stop firewalld.service，systemctl disable firewalld.service），设置selinux为permissive（setenforce 0 或 vim /etc/selinux/config）；同时确保DR1和DR2节点的网卡支持MULTICAST（多播）通信。通过命令ifconfig可以查看到是否开启了MULTICAST：

搭建RS1（RS1提供mariadb服务和静态资源）

[root@RS1 Desktop]# yum -y install mariadb-server httpd
[root@RS1 Desktop]# vim /etc/my.cnf
    [MySQLd]
    ...
    skip-name-resolve=ON
    innodb-file-per-table=ON
    ...
[root@RS1 Desktop]# systemctl start mariadb
[root@RS1 Desktop]# mysql_secure_installation  #进行数据库相关安全设置
    ...
[root@RS1 Desktop]# mysql -uroot -p
    Enter password:
    MariaDB [(none)]> create database wordpress;
    MariaDB [(none)]> grant all on wordpress.* to 'wpuser'@'10.10.0.%' identified by '123456';
    MariaDB [(none)]> flush privileges;
    MariaDB [(none)]> exit;
[root@RS1 Desktop]# wget https://cn.wordpress.org/wordpress-4.9.4-zh_CN.tar.gz
[root@RS1 Desktop]# tar xf wordpress-4.9.4-zh_CN.tar.gz -C /var/www/html
[root@RS1 Desktop]# vim /var/www/html/index.html
    <h1>10.10.0.21 server</h1>
[root@RS1 Desktop]# vim /etc/httpd/conf.d/vhost.conf
    <virtualhost *:80>
        servername
        DirectoryIndex index.html index.php
        Documentroot /var/www/html
        ProxyRequests off
        ProxyPassMatch ^/(.*\.php)$ fcgi://10.10.0.22:9000/var/www/html/$1
        ProxyPassMatch ^/(ping|status)$ fcgi://10.10.0.22:9000/$1
        <Directory />
            options FollowSymlinks
            Allowoverride none
            Require all granted
        </Directory>
    </virtualhost>
[root@RS1 Desktop]# systemctl start httpd
[root@RS1 Desktop]# /var/www/html/wordpress/wp-config-sample.php /var/www/html/wordpress/wp-config.php
[root@RS1 Desktop]# vim /var/www/html/wordpress/wp-config.php  #关联wordpress数据库
    define('DB_NAME', 'wordpress');
    define('DB_USER', 'wpuser');
    define('DB_PASSWORD', '123456');
    define('DB_HOST', '10.10.0.21');
[root@RS1 Desktop]# scp /var/www/html/wordpress 10.10.0.22:/var/www/html/  #复制wordpress到22的主机

搭建RS2（RS2提供动态资源）

 

[root@RS2 Desktop]# yum -y httpd php-fpm php-mysql php-mbstring php-mcrypt
[root@RS2 Desktop]# vim /var/www/html/index.html
    <h1>10.10.0.22 server</h1>
[root@RS2 Desktop]# vim /etc/httpd/conf.d/vhost.conf
    <virtualhost *:80>
        servername
        DirectoryIndex index.html index.php
        Documentroot /var/www/html
        ProxyRequests off
        ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1
        ProxyPassMatch ^/(ping|status)$ fcgi://127.0.0.1:9000/$1
        <Directory />
            options FollowSymlinks
            Allowoverride none
            Require all granted
        </Directory>
    </virtualhost>
[root@RS2 Desktop]# systemctl start httpd
[root@RS2 Desktop]# vim /etc/php-fpm.d/www.conf
    listen = 0.0.0.0:9000
    ; listen.allowed_clients = 127.0.0.1  #注释此句，允许其他主机远程访问
    pm.status_path = /status
    ping.path = /ping
    ping.response = pong
[root@RS2 Desktop]# chown apache:apache /var/lib/php/session
[root@RS2 Desktop]# systemctl start php-fpm

搭建DR1

[root@DR1 Desktop]# yum install -y nginx keepalived
[root@DR1 Desktop]# vim /etc/nginx/nginx/conf  #配置nginx反代
    http {
        ...
        upstream websrvs {
            server 10.10.0.21:80;
            server 10.10.0.22:80;
            server 127.0.0.1:80 backup;
        }
   
        server {
            listen 80;
            include /etc/nginx/default.d/*.conf;
            location / {
                proxy_pass ;
                proxy_set_header host $http_host;
                proxy_set_header X-Forward-For $remote_addr;
            }
        ...
    }
[root@DR1 Desktop]# vim /etc/nginx/conf.d/localhost.conf  #配置nginx本地服务
    server{
        listen 127.0.0.1:80;
        root /usr/share/nginx/html;
        index index.html;
    }
[root@DR1 Desktop]# vim /usr/share/nginx/html/index.html
    <h1>Balance Server DR1</h1>
[root@DR1 Desktop]# nginx -t  #检查nginx语法
[root@DR1 Desktop]# systemctl start nginx
[root@DR1 Desktop]# vim /etc/keepalived/keepalived.conf  #配置keepalived
    global_defs {
      notification_email {
            root@localhost
      }
      notification_email_from keepalived@localhost
      smtp_server 127.0.0.1
      smtp_connect_timeout 30
      router_id dr1
      vrrp_skip_check_adv_addr
      vrrp_mcast_group4 224.0.0.111
    }
   
    vrrp_script chk_ngx {    #检查此服务器的nginx进程是否存在，如果不存在则减权
      #kill -0 PID，0信号量不发送任何信号但系统会进行错误检查，经常用来检查一个进程是否存在，存在返回0，不存在返回1
      script "killall -0 nginx 2> /dev/null && exit 0 || exit 1"
      weight -10
      interval 1
      fall 3
      rise 3
    }
   
    vrrp_instance VIP_1 {
        state MASTER
        interface eno16777736
        virtual_router_id 1
        priority 100
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 1111@#$%
        }
        track_script {
            chk_ngx
        }
        virtual_ipaddress {
            192.168.4.120/24 dev eno16777736 label eno16777736:0
        }
[root@DR1 Desktop]# systemctl start keepalived.service

搭建DR2，参考DR1自行搭建 客户端测试