Linux企业部分学习笔记一
预备
Linux6.5(企业版)
镜像版本:rhel-server-6.5-x86_64-dvd.iso
封装:
[[email protected] ~]# virt-manager
#配置yum源
[[email protected] ~]# vi /etc/yum.repos.d/rhel-source.repo
[[email protected] ~]# yum clean all
[[email protected] ~]# yum install vim openssh-clients -y
[[email protected] ~]# cd /etc/udev/rules.d/
[[email protected] rules.d]# rm -f 70-persistent-net.rules
#配置网络
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
#IPADDR=172.25.X.X
#PREFIX=24
#解析
[[email protected] ~]# vim /etc/hosts
[[email protected] ~]# cd /etc/ssh/
[[email protected] ssh]# rm -f ssh_host_*
[[email protected] ~]# cd /etc/sysconfig/
[[email protected] sysconfig]# rm -f ip
[[email protected] sysconfig]# rm -f iptables
[[email protected] sysconfig]# chkconfig iptables off
#修改selinux
[[email protected] ~]# vim /etc/sysconfig/selinux
SELINUX=disabled
安装虚拟机:
[[email protected] ~]# cd /var/lib/libvirt/images
[[email protected] images]# qemu-img create -f qcow2 -b base.qcow2 vm1
#修改Hostname
#配置yum源
[[email protected] ~]# vim /etc/yum.repos.d/rhel-source.repo
[[email protected] ~]# yum clean all
#配置网络
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
BOOTPROTO="static"
ONBOOT="yes"
IPADDR=172.25.X.X
PREFIX=24
#重启网络
[[email protected] ~]# /etc/init.d/network restart
Varnish
[SERVER1]
#安装varnish
[[email protected] ~]# yum install varnish-3.0.5-1.el6.x86_64.rpm varnish-libs-3.0.5-1.el6.x86_64.rpm
#配置varnish
[[email protected] ~]# cd /etc/varnish/
[[email protected] varnish]# vim default.vcl
acl westos {
"127.0.0.1";
"172.25.17.0"/24;
}
#定义多个不同域名站点的后端服务器
backend web1 {
.host = "172.25.17.2"; #主机地址
.port = "80"; #端口
}
backend web2 {
.host = "172.25.17.3";
.port = "80";
}
#定义负载均衡
director lb round-robin { #把多个后端聚合为一个组,并检测后端健康状况
{ .backend = web1; }
{ .backend = web2; }
}
#bansys 的http工作模式需要对 varnish做以下设置:
sub vcl_recv {
if (req.request == "BAN") {
if (!client.ip ~ westos) {
error 405 "Not allowed.";
}
ban("req.url ~ " + req.url);
error 200 "ban added";
}
#当访问 www.westos.org 域名通过负载均衡lb取数据时,访问bbs.westos.org 域名时到web1 取数据,访问其他页面报错404。
if (req.http.host ~ "^(www.)?westos.org") {
set req.http.host = "www.westos.org";
set req.backend = lb;
#return (pass); #不进行缓存
} elsif (req.http.host ~ "^bbs.westos.org") {
set req.backend = web1;
} else {error 404 "westos cache";
}
}
#查看缓存命中情况
sub vcl_deliver {
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT from westos cache"; #命中
}
else {
set resp.http.X-Cache = "MISS from westos cache"; #未命中
}
return (deliver);
}
[[email protected] ~]# vim /etc/sysconfig/varnish
VARBISH_LISTEN_PORT=80
[[email protected] varnish]# /etc/init.d/varnish reload#(不关闭服务)重启服务
[SERVER2]
[[email protected] ~]# yum install httpd -y
[[email protected] ~]# /etc/init.d/httpd start
[[email protected] ~]# vim /etc/httpd/conf/httpd.conf#配置http
990 NameVirtualHost *:80
1011 <VirtualHost *:80>
1012 DocumentRoot /var/www/html
1013 ServerName server2
1014 </VirtualHost>
1015
1016 <VirtualHost *:80>
1017 DocumentRoot /www/bbs
1018 ServerName bbs.westos.org
1019 </VirtualHost>
1020
1021 <VirtualHost *:80>
1022 DocumentRoot /www/westos
1023 ServerName www.westos.org
1024 </VirtualHost>
[[email protected] ~]# mkdir /www/bbs -p
[[email protected] ~]# mkdir /www/westos
[[email protected] ~]# cd /www/bbs/
[[email protected] bbs]# vim index.html
[[email protected] bbs]# cat index.html
<h1>bbs.westos.org</h1>
[[email protected] bbs]# cd ..
[[email protected] www]# cd westos/
[[email protected] westos]# vim index.html
[[email protected] westos]# cat index.html
<h1>server2:www.westos.org</h1>
[[email protected] ~]# vim /etc/hosts #解析
172.25.17.1 server1
172.25.17.2 server2 bbs.westos.org www.westos.org
[SERVER3]
[[email protected] ~]# yum install httpd -y
[[email protected] ~]# /etc/init.d/httpd start
[[email protected] ~]# cd /var/www/html/
[[email protected] html]# vim index.html
[[email protected] html]# cat index.html
<h1>server3:www.westos.org</h1>
[测试]
#测试缓存命中 [[email protected] ~]# curl -I IP/域名
[[email protected] ~]# curl -I www.westos.org
HTTP/1.1 200 OK
Server: Apache/2.2.15 (Red Hat)
Last-Modified: Tue, 18 Jul 2017 09:01:39 GMT
ETag: "df2e3-20-55493c37406c1"
Content-Type: text/html; charset=UTF-8
Content-Length: 32
Accept-Ranges: bytes
Date: Thu, 20 Jul 2017 02:37:12 GMT
X-Varnish: 1453255801
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS from westos cache #缓存未命中
[[email protected] ~]# curl -I www.westos.org
HTTP/1.1 200 OK
Server: Apache/2.2.15 (Red Hat)
Last-Modified: Tue, 18 Jul 2017 09:01:39 GMT
ETag: "df2e3-20-55493c37406c1"
Content-Type: text/html; charset=UTF-8
Content-Length: 32
Accept-Ranges: bytes
Date: Thu, 20 Jul 2017 02:37:13 GMT
X-Varnish: 1453255802 1453255801
Age: 1
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT from westos cache #缓存命中
#清除缓存
[[email protected] ~]# varnishadm ban.url .*$#清除所有
[[email protected] ~]# varnishadm ban.url /index.html #清除index.html 页面缓存
[[email protected] ~]# varnishadm ban.url /admin/$#清除 admin目录缓存
#测试轮询
[[email protected] ~]# curl www.westos.org
<h1>server2:www.westos.org</h1>
[[email protected] ~]# varnishadm ban.url .*$
[[email protected] ~]# curl www.westos.org
<h1>server3:www.westos.org</h1>
[[email protected] ~]# varnishadm ban.url .*$
[[email protected] ~]# curl www.westos.org
<h1>server2:www.westos.org</h1>
[varnish 推送平台]
#安装uzip
[[email protected] ~]# yum install uzip -y
[[email protected] ~]# unzip bansys.zip -d /var/www/html
#安装php支持
[[email protected] ~]# yum install php -y
[[email protected] ~]# /etc/init.d/httpd start
#编辑php
[[email protected] mnt]# cd /var/www/html/
[[email protected] html]# cd bansys/
[[email protected] bansys]# mv * .. #移动当前目录所有内容到上一级目录
[[email protected] bansys]# cd .. #返回上级目录
[[email protected] html]# rm -fr bansys/
[[email protected] html]# vim config.php
//varnish主机列表
//可定义多个主机列表
$var_group1 = array(
'host' => array('172.25.17.1',),
'port'=>'80',
);
//varnish群组定义
//对主机列表进行绑定
$VAR_CLUSTER = array(
'www.westos.org' => $var_group1,
);
//varnish版本
//2.x和3.x推送命令不一样
$VAR_VERSION = "3";
?>
[[email protected] ~]# vim /etc/varnish/default.vcl
见[SERVER1]
#bansys 的http工作模式需要对 varnish做以下设置:
[[email protected] ~]# vim /etc/httpd/conf/httpd.conf
136 Listen 8080
[[email protected] ~]# /etc/init.d/httpd restart
浏览器访问:
172.25.17.1:8080 #推送页面
www.westos.org/index.html #测试页
Nginx
#安装Nginx
[[email protected] ~]# tar zxf nginx-1.12.0.tar.gz
#建立nginx用户
[[email protected] ~]# useradd -M -d /usr/local/lnmp/nginx/ -s /sbin/nologin -u 1000 nginx
[[email protected] ~]# id nginx
uid=1000(nginx) gid=1000(nginx) groups=1000(nginx)
#隐藏版本
[[email protected] ~]# cd nginx-1.12.0/src/core/
[[email protected] core]# vim nginx.h
14 #define NGINX_VER "nginx"
#禁止debug
[[email protected] ~]# cd nginx-1.12.0/auto/cc/
[[email protected] cc]# vim gcc
172 #CFLAGS="$CFLAGS -g" #注释掉这行,去掉debug模式编译,编译以后程序只有几百k
[[email protected] nginx-1.12.0]# ./configure --prefix=/usr/local/lnmp/nginx/ --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_status_module
[[email protected] nginx-1.12.0]# yum install -y pcre-devel openssl-devel
[[email protected] nginx-1.12.0]# ./configure --prefix=/usr/local/lnmp/nginx/ --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_status_module
[[email protected] nginx-1.12.0]# make && make install
#运行
[[email protected] nginx]# cd sbin/
[[email protected] sbin]# ./nginx
[[email protected] sbin]# ln -s /usr/local/lnmp/nginx/sbin/nginx /sbin/#软链接 可以在任意目录下执行
[[email protected] sbin]# curl localhost -I
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 20 Jul 2017 03:48:27 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 19 Jul 2017 05:48:52 GMT
Connection: keep-alive
ETag: "596ef2c4-264"
Accept-Ranges: bytes
#配置nginx
[[email protected] ~]# cd /usr/local/lnmp/nginx/conf/
[[email protected] conf]# vim nginx.conf
3 worker_processes 2; #指定工作衍生进程数
4
5 worker_cpu_affinity 01 10; #CPU和进程绑定
14 events {
15 worker_connections 65535; #允许的连接数
16 }
[[email protected] conf]# vim /etc/security/limits.conf
52 nginx - nofile 65535
[[email protected] conf]# usermod -s /bin/bash nginx
[[email protected] conf]# su - nginx
-bash-4.1$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 14867
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 65535#修改成功
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 1024
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
-bash-4.1$ exit
logout
[[email protected] conf]# usermod -s /sbin/nologin nginx
#配置nginx
[[email protected] conf]# vim nginx.conf
server { #设置虚拟主机
listen 80;
server_name www.westos.org;
location / {
root /web1;
index index.html;
}
[[email protected] conf]# nginx -t #检测语法错误
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[[email protected] conf]# nginx -s reload ##重启nginx服务
[[email protected] conf]# mkdir /web1
[[email protected] conf]# cd /web1/
[[email protected] web1]# vim index.html
[[email protected] web1]# cat index.html
<h1>Nginx:WWW.WESTOS.ORG</h1>
浏览器访问:
172.25.17.1
[认证证书]
#配置nginx
[[email protected] conf]# vim nginx.conf
server {
listen 443 ssl;
server_name localhost;
ssl_certificate cert.pem; #需要手工生成
ssl_certificate_key cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /web1;
index index.html index.htm;
}
[[email protected] conf]# /etc/pki/tls/private/
[[email protected] private]# openssl genrsa 2048 > locakhost.key
[[email protected] tls]# cd certs/
[[email protected] certs]# make cert.pem
[[email protected] certs]# mv cert.pem /usr/local/lnmp/nginx/conf/
[[email protected] certs]# cd /usr/local/lnmp/nginx/conf
[[email protected] conf]# nginx -t
[[email protected] conf]# nginx -s reload
[[email protected] conf]# netstat -antlp #查看443端口是否开启
浏览器访问:
[查看Nginx状态]
#配置nginx
[[email protected] conf]# vim nginx.conf
location /status {
stub_status on;
access_log off;
allow 127.0.0.1; #允许本机
deny all; #禁止其他主机
}
[[email protected] conf]# curl localhost/status
[地址重写]
#配置nginx
[[email protected] conf]# vim nginx.conf
server {
listen 80;
server_name www.westos.org;
rewrite ^(.*)$ https://www.westos.org$1 permanent;#永久重写
# rewrite ^(.*)$ https://www.westos.org$1 redirect; #临时重写
}
[[email protected] conf]# cd /web1/
[[email protected] conf]# mkdir admin
[[email protected] admin]# vim index.html
[[email protected] admin]# cat index.html
<h1>admin page</h1>
浏览器访问:
[负载均衡]
#配置nginx
[[email protected] conf]# vim nginx.conf
http { #要写在http下
upstream westos {
#ip_hash; #hash算法
server 172.25.17.2:80 weight=2; #weight-权重
server 172.25.17.3:8080;
server 127.0.0.1:8000 backup; #若172.25.17.2和 172.25.172.3均挂掉,则执行这条指令
}
server {
listen 80;
server_name www.westos.org;
# rewrite ^(.*)$ https://www.westos.org$1 permanent;
# rewrite ^(.*)$ https://www.westos.org$1 redirect;
location / { #反向代理
proxy_pass http://westos;
}
}
#执行server 127.0.0.1:8000 backup 访问的页面
[[email protected] conf]# cd /var/www/html/
[[email protected] html]# rm -fr *
[[email protected] html]# vim index.html
[[email protected] html]# cat index.html
服务器维护中,请稍后访问。
#测试1:
[[email protected] html]# for i in {1..10}; do curl www.westos.org; done
<h1>server2</h1>
<h1>server3:www.westos.org</h1>
<h1>server2</h1>
<h1>server2</h1>
<h1>server2</h1>
<h1>server3:www.westos.org</h1>
<h1>server3:www.westos.org</h1>
<h1>server2</h1>
<h1>server2</h1>
<h1>server3:www.westos.org</h1>
#测试2:
[[email protected] ~]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
[[email protected] ~]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
[[email protected] conf]# for i in {1..10}; do curl www.westos.org; done
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。
服务器维护中,请稍后访问。