Untitled


实验介绍
  本实验使用Nginx做为HTTP的反向代理服务器,实现动、静资源响应的分离和FastCGI服务器的负载均衡。使用一台Nginx服务器做反向代理,后端使用一台Nginx服务器存WEB静态资源,两台FastCGI(php-fpm)服务器做负载均衡,一台MySQL数据库服务器存储数据。


实验拓扑图

服务器名称 安装的服务 地址 备注
Client - 172.18.17.10 -
Proxy Server nginx 172.18.17.11, 192.168.17.11 作反向代理,实现动静分离和负载均衡
HTTP Server nginx 192.168.17.20 作HTTP服务器,响应静态资源
FastCGI Server php-fpm 192.168.17.21 作PHP服务器,响应HTTP动态资源,并从数据库中读取相应数据
FastCGI Server php-fpm 192.168.17.22 作PHP服务器,响应HTTP动态资源,并从数据库中读取相应数据
MySQL Server mariadb 192.168.17.23 作MySQL数据库服务器

Alt text


实验步骤

第一步 搭建实验环境

说明:实验中使用 pssh 命令来快速搭建实验环境。对于pssh命令的使用请参照我的另外一篇博客 DNS及bind 实验部分,有相对详细的描述。

  1. 按照拓扑图搭建好网络

  2. 关闭所有虚拟机的防火墙和SELinux

  3. 172.18.17.11192.168.17.20 上安装 nginx
[10@root ~]# pssh -H '172.18.17.11' -H '192.168.17.20' yum -y install nginx
  1. 192.168.17.21192.168.17.22 上安装 php-fpmphp-mysql
[10@root ~]# pssh -H '192.168.17.21' -H '192.168.17.22' yum -y install php-fpm



[10@root ~]# pssh -H '192.168.17.21' -H '192.168.17.22' yum -y install php-mysql
  1. 192.168.17.23 上安装 mariadb-server
[23@root ~]# yum -y install mariadb-server
  1. 配置两台 FastCGI-Server,监听所有本地IP的9000端口,并允许任何主机查询
# 两台 FastCGI-Server 一起配置

vim /etc/php-fpm.d/www.conf

listen = 9000

;listen.allowed_clients = 127.0.0.1 #注释或删除



# 启动服务器

[10@root ~]# pssh -H '192.168.17.21' -H '192.168.17.22' systemctl start php-fpm
  1. 初始化 MySQL-Server 并创建数据库 testdb 和用户 test
[23@root ~]# systemctl start mariadb

[23@root ~]# mysql_secure_installation 



# 创建数据库 `testdb` 和用户 `test`

[23@root ~]# mysql -u root -p

...

MariaDB [(none)]> create database testdb;

...

MariaDB [(none)]> grant all on testdb.* to 'test'@'192.168.17.%' identified by '123';

...

MariaDB [(none)]> quit


第二步 配置HTTP-Server

  1. 配置文件
[20@root ~]# cat /etc/nginx/conf.d/http_server.conf

log_format http_log "$http_x_forwarded_for"; 



server {

    listen 80;

    root /app/web;

    index index.html;



    sendfile on;

    server_tokens off;



    access_log /app/web/log/access.log http_log;

    open_log_file_cache max=1000 inactive=20s min_uses=2 valid=2;



    gzip on;

    gzip_comp_level 6;

    gzip_min_length 1024;

    gzip_http_version 1.0;

    gzip_buffers 32 4k;

    gzip_types text/xml text/plain txt/css application/javascript;

    gzip_vary on;

    gzip_proxied any;



    error_page 404 500 501 502 503 504 /404.html;



    location = /404.html {

        alias /app/web/error/404.html;

    }

}

Alt text

  1. 目录结构
/app/web

├── error

│   └── 404.html

├── index.html

└── log

    ├── access.log

    └── messages.txt


第三步 配置反向代理服务器Proxy-Server

  1. 配置文件
[11@root certs]# cat /etc/nginx/conf.d/proxy.conf 

upstream fastcgi_server {

    server 192.168.17.21:9000 weight=1 fail_timeout=10s max_fails=3;

    server 192.168.17.22:9000 weight=1 ;

    least_conn;

}



# Proxy and FastCGI Cache

proxy_cache_path /app/web/cache/proxy levels=1:2 keys_zone=pcache:10m max_size=1g; 

fastcgi_cache_path /app/web/cache/fastcig levels=1:1 keys_zone=fcache:10m max_size=1g;





# Virtual host based on 80 ports;

server {

    listen 80;

    server_name www.zhubiaook.com;

    location / {

        rewrite ^/(.*)$ https://www.zhubiaook.com/$1 redirect;

    }

}





# Virtual host based on 443 ports with ssl protocols;

server {

    listen 443 ssl default_server;

    server_name www.zhubiaook.com;



    ssl on; 

    ssl_certificate /etc/nginx/conf.d/ssl/zhubiaook.crt;

    ssl_certificate_key /etc/nginx/conf.d/ssl/zhubiaook.key;

    ssl_session_cache shared:SSL:1m;

    ssl_session_timeout 10m;



    add_header Proxy_Address $server_addr;

    add_header Proxy_Name $server_name;



    location ~* \.php$ {

        fastcgi_pass fastcgi_server;

        fastcgi_index index.php;

        fastcgi_param SCRIPT_FILENAME /app/php$fastcgi_script_name;

        include fastcgi_params;

        fastcgi_cache fcache;

        fastcgi_cache_key $request_uri;

        fastcgi_cache_min_uses 1;

    }



    location / {

        proxy_pass http://192.168.17.20:80;

        #proxy_set_header X-REAL-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_cache pcache;

        proxy_cache_key $request_uri;

        proxy_connect_timeout 50s;

        proxy_send_timeout 50s;

        proxy_read_timeout 50s;

    }

}

Alt text

  1. 反向代理主站点路径
[11@root certs]# tree /app/web/

/app/web/

├── cache

│   ├── fastcgi

│   └── proxy

└── index.html
  1. 反向代理服务器的证书路径
[11@root certs]# tree /etc/nginx/conf.d/ssl

/etc/nginx/conf.d/ssl

├── zhubiaook.crt

└── zhubiaook.key


第四步 配置两台 FastCGI-Server 并测试

  1. FastCGI-Server 主目录结构
/app/web/

├── error

│   └── 404.html

├── index.html

└── log

    └── access.log
  1. 测试主页
# 192.168.17.21

[22@root php]# cat /app/php/index.php 

<?php

    echo "FastCGI-SERVER: 192.168.17.21 <br/>";

?>



# 192.168.17.22

[22@root php]# cat /app/php/index.php 

<?php

    echo "FastCGI-SERVER: 192.168.17.22 <br/>";

?>



# 192.168.17.21 和 192.168.17.22

[22@root php]# cat /app/php/mysql_conn.php 

<?php

    $servername = "192.168.17.23";

    $username = "test";

    $password = "123"; 



    $conn = mysqli_connect($servername,$username,$password);



    if (!$conn) {

        die("connection failed: ".mysqli_connect_error());

    }else{

        echo "connection success!";

    }

?>


第五步 测试

Alt text

END