discuz项目

web

三台web挂载nfs端的conf与web

[root@web01 nginx]# mount -t nfs 172.16.1.31:/conf /etc/nginx/conf.d/
[root@web01 web]# mount -t nfs 172.16.1.31:/web /web/

#查看挂载
[root@web01 web]# df -h
Filesystem               Size  Used Avail Use% Mounted on
172.16.1.31:/conf         99G  2.7G   97G   3% /etc/nginx/conf.d
172.16.1.31:/web          99G  2.7G   97G   3% /web

编写Nginx配置文件

[root@web01 conf.d]# cat discuz.conf 
server {
        listen 80;
        server_name luntan123.com;
        root /web/DiscuzX/upload;

        location / {
        index index.php;
        }

        location ~* .php$ {
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                #fastcgi_param HTTPS ON;
                include fastcgi_params;
        }
}

上传代码至web目录并解压

[root@web01 web]# ll
total 16616
drwxrwxrwx  6 www www       95 Apr 23 14:08 DiscuzX
drwxr-xr-x 13 www www     4096 May  6 20:28 phpMyAdmin-5.1.0-all-languages
-rw-rw-r--  1 www www 17005138 May  6 23:02 web.tar.gz
drwxr-xr-x  5 www www     4096 May  6 23:05 wordpres

#注：如果安装DiscuzX出现不可写，授权777站点目录

三个web分别用ip访问测试

#db01增加一个discuz的数据库
#创建用户并登录
[root@db01 ~]# mysqladmin -uroot password '***'
[root@db01 ~]# mysql -uroot -p***

#创建数据库
MariaDB [(none)]> create database discuz;
Query OK, 1 row affected (0.00 sec)

# 创建用户给予web以及其它网站使用
MariaDB [mysql]> grant all privileges on *.* to baimo@'%' identified by 'baimo';
Query OK, 0 rows affected (0.01 sec)

MariaDB [mysql]> flush privileges;#刷新
Query OK, 0 rows affected (0.00 sec)

#按照流程安装

配置伪静态

[root@web01 conf.d]# cat discuz.conf 
server {
	listen 80;
	server_name luntan123.com;
	root /web/DiscuzX/upload;
	rewrite ^([^.]*)/topic-(.+).html$ $1/portal.php?mod=topic&topic=$2 last;
rewrite ^([^.]*)/article-([0-9]+)-([0-9]+).html$ $1/portal.php?mod=view&aid=$2&page=$3 last;
rewrite ^([^.]*)/forum-(w+)-([0-9]+).html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
rewrite ^([^.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+).html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
rewrite ^([^.]*)/group-([0-9]+)-([0-9]+).html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
rewrite ^([^.]*)/space-(username|uid)-(.+).html$ $1/home.php?mod=space&$2=$3 last;
rewrite ^([^.]*)/blog-([0-9]+)-([0-9]+).html$ $1/home.php?mod=space&uid=$2&do=blog&id=$3 last;
rewrite ^([^.]*)/archiver/(fid|tid)-([0-9]+).html$ $1/archiver/index.php?action=$2&value=$3 last;
rewrite ^([^.]*)/([a-z]+[a-z0-9_]*)-([a-z0-9_-]+).html$ $1/plugin.php?id=$2:$3 last;
if (!-e $request_filename) {
	return 404;
}

	location / {
	index index.php;
	}

	location ~* .php$ {
		fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_param HTTPS ON;	#http返回的给https乱码开启
                include fastcgi_params;
	}
}

配置负载均衡lb01

需求分析：

1、有证书ssl

2、负载均衡

3、用户访问(.*)的时候自动跳转到https；

生成证书

[root@lb01 nginx]# mkdir ssl_key
[root@lb01 nginx]# cd ssl_key/
[root@lb01 ssl_key]# openssl genrsa -idea -out server.key 2048
[root@lb01 ssl_key]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt

[root@lb01 ssl_key]# ll
-rw-r--r-- 1 root root 1220 May  9 14:57 server.crt
-rw-r--r-- 1 root root 1704 May  9 14:57 server.key

配置discuz.conf解析

[root@lb01 conf.d]# cat discuz.conf 
upstream web {
	server 172.16.1.7:80;
	server 172.16.1.8:80;
	server 172.16.1.9:80;
}	#代理转发的链接池

server {
	listen 80;
	server_name luntan123.com;
	rewrite (.*) https://$server_name$request_uri;
}	#监听80端口和域名，任何请求过来都转发给 https://luntan123.com


server {
	listen 443 ssl;	#http默认端口
	server_name luntan123.com;
    ssl_certificate /etc/nginx/ssl_key/server.crt;
    ssl_certificate_key /etc/nginx/ssl_key/server.key;#证书


	location / {	#接收到请求后负载均衡转发
		proxy_pass http://web;#转发给链接池的ip
		proxy_set_header host $http_host;#携带域名一起转发
	}
}

配置代码

[root@lb01 conf.d]# cat /etc/nginx/conf.d/discuz.conf 
upstream web {
	server 172.16.1.7:80;
	server 172.16.1.8:80;
	server 172.16.1.9:80;
}

server {
	listen 80;
	server_name luntan123.com;
	return 302 https://$server_name$request_uri;

}

server {
	listen 443 ssl;
	server_name luntan123.com;

        ssl_certificate /ssl_key/server.crt;
        ssl_certificate_key /ssl_key/server.key;

	location / {
		proxy_pass http://web;
                include proxy_params;
	}
}

配置hosts访问

#访问成功

keepalived

lb02

#配置与lb01一样的证书和conf文件
[root@lb01 ssl_key]# yum install -y keepalived
[root@lb02 ssl_key]# yum install -y keepalived

#查看配置文件
[root@lb01 ssl_key]# rpm -qc keepalived
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived 

抢占式主节点

#配置keepalived
#配置主节点配置文件
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf 
global_defs {					#全局配置
   router_id lb01				#身份验证
}

vrrp_instance VI_1 {
    state MASTER				#状态，只有MASTER和BACKUP，MASTER是主，BACKUP是备
    interface eth0				#网卡绑定，心跳检测
    virtual_router_id 51		#虚拟路由标识，组id，把master和backup判断为一组
    priority 100				#优先级（真正判断是主是从的条件）（值越大优先级越高）
    advert_int 3				#检测状态间隔时间（单位是秒）
    authentication {			#认证
        auth_type PASS			#认证方式
        auth_pass 1111			#认证密码指定
    }
    virtual_ipaddress {
        10.0.0.3				#虚拟的VIP地址
    }
}

#配置主节点配置文件
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf

global_defs {
   router_id lb01
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 3
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.0.0.3
    }
}

抢占式备节点

global_defs {
   router_id lb02
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 90
    advert_int 3
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.15.3
    }
}

启动服务并查看

#先启动备节点
[root@lb02 ssl_key]# systemctl start keepalived.service 

#查看ip
[root@lb02 ssl_key]# ip addr
inet 192.168.15.3/32 scope global eth0

#启动主节点
[root@lb01 ssl_key]# systemctl start keepalived.service

#查看lb01的ip
[root@lb01 ssl_key]# ip addr
inet 192.168.15.3/32 scope global eth0
#查看lb02的ip已经没有了192.168.15.3/32

keepalived绑定日志

#配置keepalived
[root@lb01 ssl_key]# vim /etc/sysconfig/keepalived 
KEEPALIVED_OPTIONS="-D -d -S 0"

#配置rsyslog来抓取日志
[root@lb01 ssl_key]# vim /etc/rsyslog.conf 
local0.*             /var/log/keepalived/log

#重启服务
[root@lb01 ssl_key]# systemctl restart keepalived.service rsyslog.service 

非抢占式

我们一般配置的都是非抢占式的，因为宕机这种行为一次就够了QAQ

主

global_defs {
   router_id lb01
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    nopreempt
    virtual_router_id 51
    priority 100
    advert_int 3
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.0.0.3
    }
}

备

global_defs {
   router_id lb01
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    nopreempt
    virtual_router_id 51
    priority 90
    advert_int 3
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.0.0.3
    }
}