# 架构拓扑说明
[root@architect ~]# cat > /root/ha-web-architecture.txt << 'EOF' 高可用Web架构拓扑 ================ +------------------+ | DNS轮询/CDN | +--------+---------+ | +--------------+--------------+ | | +---------v---------+ +---------v---------+ | LB1 (Keepalived) | | LB2 (Keepalived) | | VIP: 10.0.0.100 |<------->| Backup LB |
+———+———+ +———+———+
| |
+————–+————–+
|
+——————–+——————–+
| | |
+——-v——-+ +——-v——-+ +——-v——-+
| Web Server 1 | | Web Server 2 | | Web Server 3 |
| Nginx+PHP | | Nginx+PHP | | Nginx+PHP |
+——-+——-+ +——-+——-+ +——-+——-+
| | |
+——————–+——————–+
|
+——————–+——————–+
| | |
+——-v——-+ +——-v——-+ +——-v——-+
| Redis Master | | MySQL Master | | NFS Storage |
+——-+——-+ +——-+——-+ +—————+
| |
+——-v——-+ +——-v——-+
| Redis Slave | | MySQL Slave |
+—————+ +—————+

服务器规划：
– LB1/LB2: 192更多学习教程公众号风哥教程itpux_com.168.1.10/1from PG视频:www.itpux.com1 (负载均衡)
– Web1/2/3: 192.168.1.20/21/22 (Web服务器)
– Redis: 192.168.1.30/31 (缓存服务器)
– MySQL: 192.168.1.40/41 (数据库服务器)
– NFS: 192.168.1.50 (共享存储)
EOF

# LB1主节点配置
[root@lb1 ~]# cat > /etc/keepalived/keepalived.conf << 'EOF' global_defs { router_id LB1 script_user root enable_script_security } vrrp_script check_nginx { script "/usr/local/bin/check_nginx.sh" interval 2 weight -20 fall 3 rise 2 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.1.100 } track_script { check_nginx } } EOF # Nginx健康检查脚本 [root@lb1 ~]# cat > /usr/local/bin/check_nginx.sh << 'EOF' #!/bin/bash if [ $(ps -C nginx --no-header | wc -l) -eq 0 ]; then systemctl start nginx sleep 2 if [ $(ps -C nginx --no-header | wc -l) -eq 0 ]; then exit 1 fi fi exit 0 EOF [root@lb1 ~]# chmod +x /usr/local/bin/check_nginx.sh # LB2备节点配置 [root@lb2 ~]# cat > /etc/keepalived/keepalived.conf << 'EOF' global_defs { router_id LB2 script_user root enable_script_security } vrrp_script check_nginx { script "/usr/local/bin/check_nginx.sh" interval 2 weight -20 fall 3 rise 2 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.1.100 } track_script { check_nginx } } EOF # 启动Keepalived [root@lb1 ~]# systemctl enable --now keepalived [root@lb2 ~]# systemctl enable --now keepalived # 验证VIP [root@lb1 ~]# ip addr show eth0 2: eth0: mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/24 brd 192.168.1.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.1.100/32 scope global eth0
valid_lft forever preferred_lft forever

# 配置Nginx负载均衡
[root@lb1 ~]# cat > /etc/nginx/nginx.conf << 'EOF' user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; events { worker_connections 10240; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; upstream webcluster { least_conn; server 192.168.1.20:80 weight=3; server 192.168.1.21:80 weight=2; server 192.168.1.22:80 weight=1; keepalive 32; } server { listen 80; server_name www.fgedu.net.cn; location / { proxy_pass http://webcluster; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Connection ""; proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; } location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; deny all; } } } EOF # 测试配置 [root@lb1 ~]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful # 重启Nginx [root@lb1 ~]# systemctl restart nginx

# 安装Nginx和PHP
[root@web1 ~]# dnf install -y nginx php-fpm php-mysqlnd php-gd php-xml php-mbstring

# 配置PHP-FPM
[root@web1 ~]# cat > /etc/php-fpm.d/www.conf << 'EOF' [www] user = nginx group = nginx listen = /run/php-fpm/www.sock listen.owner = nginx listen.group = nginx pm = dynamic pm.max_children = 50 pm.start_servers = 10 pm.min_spare_servers = 5 pm.max_spare_servers = 20 pm.max_requests = 500 php_admin_value[error_log] = /var/log/php-fpm/www-error.log php_admin_flag[log_errors] = on php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/session EOF # 配置Nginx [root@web1 ~]# cat > /etc/nginx/conf.d/default.conf << 'EOF' server { listen 80; server_name _; root /var/www/html; index index.php index.html; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { fastcgi_pass unix:/run/php-fpm/www.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } } EOF # 挂载NFS共享 [root@web1 ~]# mkdir -p /var/www/html [root@web1 ~]# echo "192.168.1.更多视频教程www.fgedu.net.cn50:/var/www/html /var/www/html nfs defaults 0 0" >> /etc/fstab
[root@web1 ~]# mount -a

# 启动服务
[root@web1 ~]# systemctl enable –now nginx php-fpm

# 创建测试页面
[root@web1 ~]# cat > /var/www/html/index.php << 'EOF'
EOF

# 测试访问
[root@lb1 ~]# curl http://192.168.1.100/index.php | head

…