web 服务搭建
白开水~不加糖 2024-09-01 14:33:01 阅读 85
目录
环境搭建
一、在Nginx服务器上搭建LNMP服务,并且能够对外提供Discuz论坛服务,在Web1、Web2服务器上搭建Tomcat 服务
(一)Nginx服务器上搭建LNMP服务
①编译安装nginx
②编译安装mysql
③ 编译安装php软件
④配置 Nginx支持PHP解析
验证数据库工作是否正常
⑤安装论坛
(二)Web1、Web2服务器上搭建Tomcat 服务
①安装Oracle JDK(即部署java环境)
②安装tomcat
二、为nginx服务配置虚拟主机,新增两个域名 www.kgc.com 和 www.benet.com,使用http://www.kgc.com/index.php可访问上一题的Discuz论坛页面。使用http://www.benet.com则访问/var/www/html目录中的index.html文件的内容,内容自定义
①nginx服务配置虚拟主机
②创建对应文件夹
③真机配置:
④检测:
三、对基于www.benet.com域名的虚拟机主机的nginx服务调优:隐藏nginx版本号,缓存静态图片网页时间为1天,设置防盗链功能
①配置文件
②客户机检测:
③防盗链检测:
四、网关服务器搭建NFS服务,提供的文件系统使用LVM类型,共享目录名称为/opt/nfs;要求根据日期对Discuz论坛服务的访问日志进行日志分割,要求每天生成一份日志文件,保存到NFS服务共享的目录内。
①文件系统使用LVM类型
方法一:新加盘做一个LVM类型
方法二:因为我们根本身就是逻辑卷;所以就不另外添加磁盘了,就在根下面做
②设置共享目录
③nginx 服务挂载共享目录
④日志分割
五、要求配置location匹配请求地址http://www.kgc.com/test/XXXX,使用户访问该路径下的文件时返回/var/share/nginx/html/目录下的文件内容。要求使用rewrite将使用域名www.benet.com 请求以 .php 结尾的访问都跳转到域名www.kgc.com上,而且后面的参数保持不变,比如访问http://www.benet.com/bbs/index.php跳转到http://www.kgc.com/bbs/index.php
①Nginx服务配置
②创建被访问文件内容
③检测:
六、在Nginx服务器上对基于www.benet.com域名的虚拟机主机设置动静分离由nginx提供静态页面服务,将对 .jsp文件的动态页面请求转发到Tomcat 服务器处理,并实现负载均衡
①Nginx服务器配置
②配置Tomcat服务器
③浏览器检测:
访问动态页面:
访问静态页面:
七、在网关服务器上设置SNAT/DNAT,使client使用网关服务器的ens36接口的IP地址访问也可实现上一题的效果。
①客户机地址配置
②网关服务器配置
③做SNAT与DNAT
④客户机浏览器检测
拓扑图:
环境搭建
Centos7-5作为Client(12.0.0.12/24);Centos7-1作为网关服务器(配置两块网卡ens33 192.168.246.7/24,ens36 12.0.0.1/24);Centos7-2作为Web1(192.168.246.8/24 提供web1服务);Centos7-3作为Web2(192.168.246.9/24 提供web2服务);Centos7-4作为Nginx服务器(192.168.246.10/24)
五台机器都关闭防火墙、防护
7-1网关服务器配置双网卡
<code>[root@localhost ~]#ifconfig
[root@localhost ~]#cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]#ls
ifcfg-ens33 ifdown-ipv6 ifdown-TeamPort ifup-ippp ifup-routes network-functions
ifcfg-lo ifdown-isdn ifdown-tunnel ifup-ipv6 ifup-sit network-functions-ipv6
ifdown ifdown-post ifup ifup-isdn ifup-Team
ifdown-bnep ifdown-ppp ifup-aliases ifup-plip ifup-TeamPort
ifdown-eth ifdown-routes ifup-bnep ifup-plusb ifup-tunnel
ifdown-ib ifdown-sit ifup-eth ifup-post ifup-wireless
ifdown-ippp ifdown-Team ifup-ib ifup-ppp init.ipv6-global
[root@localhost network-scripts]#cp ifcfg-ens33 ifcfg-ens36
[root@localhost network-scripts]#vim ifcfg-ens36
一、在Nginx服务器上搭建LNMP服务,并且能够对外提供Discuz论坛服务,在Web1、Web2服务器上搭建Tomcat 服务
(一)Nginx服务器上搭建LNMP服务
①编译安装nginx
<code>[root@zzzcentos4 ~]#yum -y install pcre-devel zlib-devel gcc gcc-c++ make
[root@zzzcentos4 ~]#cd /opt
[root@zzzcentos4 opt]#ls
rh
[root@zzzcentos4 opt]#rz -E
rz waiting to receive.
[root@zzzcentos4 opt]#rz -E
rz waiting to receive.
[root@zzzcentos4 opt]#rz -E
rz waiting to receive.
[root@zzzcentos4 opt]#rz -E
rz waiting to receive.
[root@zzzcentos4 opt]#ls
Discuz_X3.4_SC_UTF8.zip nginx-1.22.0.tar.gz rh
mysql-boost-5.7.20.tar.gz php-7.1.10.tar.bz2
[root@zzzcentos4 opt]#tar xf nginx-1.22.0.tar.gz
[root@zzzcentos4 opt]#cd nginx-1.22.0/
[root@zzzcentos4 nginx-1.22.0]#useradd -M -s /sbin/nologin nginx
[root@zzzcentos4 nginx-1.22.0]#./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
[root@zzzcentos4 nginx-1.22.0]#make -j 2
[root@zzzcentos4 nginx-1.22.0]#make install
[root@zzzcentos4 nginx-1.22.0]#echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
[root@zzzcentos4 nginx-1.22.0]#
[root@zzzcentos4 nginx-1.22.0]#ln -s /usr/local/nginx/sbin/nginx /usr/bin
#为了使用nginx命令可以补全 (做到$PATH下面就行)
[root@zzzcentos4 nginx-1.22.0]#tee /lib/systemd/system/nginx.service <<eof
> [Unit]
> Description=nginx
> After=network.target
> [Service]
> Type=forking
> PIDFile=/usr/local/nginx/logs/nginx.pid
> ExecStart=/usr/local/nginx/sbin/nginx
> ExecReload=/bin/kill -1 $MAINPID
> ExecStop=/bin/kill -3 $MAINPID
> PrivateTmp=true
> [Install]
> WantedBy=multi-user.target
> eof
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/bin/kill -1
ExecStop=/bin/kill -3
PrivateTmp=true
[Install]
WantedBy=multi-user.target
[root@zzzcentos4 nginx-1.22.0]#systemctl daemon-reload
[root@zzzcentos4 nginx-1.22.0]#systemctl enable --now nginx.service
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@zzzcentos4 nginx-1.22.0]#systemctl start nginx
[root@zzzcentos4 nginx-1.22.0]#systemctl status nginx
②编译安装mysql
<code>[root@zzzcentos4 nginx-1.22.0]#cd /opt
[root@zzzcentos4 opt]#ls
Discuz_X3.4_SC_UTF8.zip nginx-1.22.0 php-7.1.10.tar.bz2
mysql-boost-5.7.20.tar.gz nginx-1.22.0.tar.gz rh
[root@zzzcentos4 opt]#yum -y install \
> ncurses \
> ncurses-devel \
> bison \
> cmake
[root@zzzcentos4 opt]#yum -y install gcc gcc-c++ cmake bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel
[root@zzzcentos4 opt]#useradd -M -s /sbin/nologin mysql
[root@zzzcentos4 opt]#ls
Discuz_X3.4_SC_UTF8.zip nginx-1.22.0 php-7.1.10.tar.bz2
mysql-boost-5.7.20.tar.gz nginx-1.22.0.tar.gz rh
[root@zzzcentos4 opt]#tar xf mysql-boost-5.7.20.tar.gz
[root@zzzcentos4 opt]#ls
Discuz_X3.4_SC_UTF8.zip mysql-boost-5.7.20.tar.gz nginx-1.22.0.tar.gz rh
mysql-5.7.20 nginx-1.22.0 php-7.1.10.tar.bz2
[root@zzzcentos4 opt]#cd mysql-5.7.20/
[root@zzzcentos4 mysql-5.7.20]#
[root@zzzcentos4 mysql-5.7.20]#cmake \
> -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
> -DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \
> -DSYSCONFDIR=/etc \
> -DSYSTEMD_PID_DIR=/usr/local/mysql \
> -DDEFAULT_CHARSET=utf8 \
> -DDEFAULT_COLLATION=utf8_general_ci \
> -DWITH_EXTRA_CHARSETS=all \
> -DWITH_INNOBASE_STORAGE_ENGINE=1 \
> -DWITH_ARCHIVE_STORAGE_ENGINE=1 \
> -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
> -DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \
> -DMYSQL_DATADIR=/usr/local/mysql/data \
> -DWITH_BOOST=boost \
> -DWITH_SYSTEMD=1
<code>[root@zzzcentos4 mysql-5.7.20]#vim /etc/my.cnf
[client]
port = 3306
socket=/usr/local/mysql/mysql.sock
[mysqld]
user = mysql
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data
port = 3306
character-set-server=utf8
pid-file = /usr/local/mysql/mysqld.pid
socket=/usr/local/mysql/mysql.sock
bind-address = 0.0.0.0
skip-name-resolve
max_connections=2048
default-storage-engine=INNODB
max_allowed_packet=16M
server-id = 1
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,
NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES
[root@zzzcentos4 mysql-5.7.20]#chown -R mysql:mysql /usr/local/mysql/
[root@zzzcentos4 mysql-5.7.20]#chown mysql:mysql /etc/my.cnf
[root@zzzcentos4 mysql-5.7.20]#
[root@zzzcentos4 mysql-5.7.20]#echo 'export PATH=/usr/local/mysql/bin:/usr/local/mysql/lib:$PATH' >> /etc/profile
[root@zzzcentos4 mysql-5.7.20]#source /etc/profile
[root@zzzcentos4 mysql-5.7.20]#cd /usr/local/mysql/bin/
[root@zzzcentos4 bin]#./mysqld \
> --initialize-insecure \
> --user=mysql \
> --basedir=/usr/local/mysql \
> --datadir=/usr/local/mysql/data
[root@zzzcentos4 bin]#cp /usr/local/mysql/usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/
[root@zzzcentos4 bin]#systemctl daemon-reload
[root@zzzcentos4 bin]#systemctl start mysqld.service
[root@zzzcentos4 bin]#systemctl status mysqld.service
③ 编译安装php软件
<code>[root@zzzcentos4 bin]#cd /opt
[root@zzzcentos4 opt]#ls
Discuz_X3.4_SC_UTF8.zip mysql-boost-5.7.20.tar.gz nginx-1.22.0.tar.gz rh
mysql-5.7.20 nginx-1.22.0 php-7.1.10.tar.bz2
[root@zzzcentos4 opt]#tar xf php-7.1.10.tar.bz2
[root@zzzcentos4 opt]#cd php-7.1.10/
[root@zzzcentos4 php-7.1.10]#yum -y install gd \
> libjpeg libjpeg-devel \
> libpng libpng-devel \
> freetype freetype-devel \
> libxml2 libxml2-devel \
> zlib zlib-devel \
> curl curl-devel \
> openssl openssl-devel
[root@zzzcentos4 php-7.1.10]#./configure \
> --prefix=/usr/local/php \
> --with-mysql-sock=/usr/local/mysql/mysql.sock \
> --with-mysqli \
> --with-zlib \
> --with-curl \
> --with-gd \
> --with-jpeg-dir \
> --with-png-dir \
> --with-freetype-dir \
> --with-openssl \
> --enable-fpm \
> --enable-mbstring \
> --enable-xml \
> --enable-session \
> --enable-ftp \
> --enable-pdo \
> --enable-tokenizer \
> --enable-zip
[root@zzzcentos4 php-7.1.10]#make -j 2
[root@zzzcentos4 php-7.1.10]#make install
<code>[root@zzzcentos4 etc]#ls
pear.conf php-fpm.conf php-fpm.conf.default php-fpm.d
[root@zzzcentos4 etc]#cd php-fpm.d/
[root@zzzcentos4 php-fpm.d]#ls
www.conf.default
[root@zzzcentos4 php-fpm.d]#cp www.conf.default www.conf
[root@zzzcentos4 php-fpm.d]#ls
www.conf www.conf.default
[root@zzzcentos4 php-fpm.d]#ln -s /usr/local/php/bin/* /usr/local/bin/
[root@zzzcentos4 php-fpm.d]#ln -s /usr/local/php/sbin/* /usr/local/sbin/
[root@zzzcentos4 php-fpm.d]#
[root@zzzcentos4 php-fpm.d]#cd /opt/php-7.1.10/sapi/fpm
[root@zzzcentos4 fpm]#cp php-fpm.service /usr/lib/systemd/system/php-fpm.service
[root@zzzcentos4 fpm]#systemctl daemon-reload
[root@zzzcentos4 fpm]#systemctl start php-fpm.service
[root@zzzcentos4 fpm]#systemctl status php-fpm.service
④配置 Nginx支持PHP解析
<code>[root@zzzcentos4 fpm]#vim /usr/local/nginx/conf/nginx.conf
<code>[root@zzzcentos4 fpm]#nginx -s reload
[root@zzzcentos4 fpm]#systemctl restart nginx.service
[root@zzzcentos4 fpm]#cd /usr/local/nginx/html/
[root@zzzcentos4 html]#vim /usr/local/nginx/html/index.php
[root@zzzcentos4 html]#cat /usr/local/nginx/html/index.php
<?php
phpinfo();
?>
[root@zzzcentos4 html]#
验证数据库工作是否正常
[root@zzzcentos4 html]#mysql -uroot -pabc123
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.7.20 Source distribution
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> CREATE DATABASE bbs;
Query OK, 1 row affected (0.02 sec)
mysql> GRANT all ON bbs.* TO 'bbsuser'@'%' IDENTIFIED BY 'admin123';
Query OK, 0 rows affected, 1 warning (0.03 sec)
mysql> GRANT all ON bbs.* TO 'bbsuser'@'localhost' IDENTIFIED BY 'admin123';
Query OK, 0 rows affected, 2 warnings (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
mysql> quit
Bye
[root@zzzcentos4 html]#vim /usr/local/nginx/html/index.php
<?php
$link=mysqli_connect('192.168.246.10','bbsuser','admin123');
if($link) echo "<h1>Success!!</h1>";
else echo "Fail!!";
?>
⑤安装论坛
<code>[root@zzzcentos4 opt]#ls
dir_SC_UTF8 mysql-5.7.20 nginx-1.22.0 php-7.1.10 rh
Discuz_X3.4_SC_UTF8.zip mysql-boost-5.7.20.tar.gz nginx-1.22.0.tar.gz php-7.1.10.tar.bz2 说明.htm
[root@zzzcentos4 opt]#cd dir_SC_UTF8/
[root@zzzcentos4 dir_SC_UTF8]#ls
readme upload utility
[root@zzzcentos4 dir_SC_UTF8]#cp -r upload/ /usr/local/nginx/html/bbs/
[root@zzzcentos4 dir_SC_UTF8]#cd /usr/local/nginx/html/bbs/
[root@zzzcentos4 bbs]#ls
admin.php archiver crossdomain.xml forum.php index.php member.php portal.php source uc_client
api config data group.php install misc.php robots.txt static uc_server
api.php connect.php favicon.ico home.php m plugin.php search.php template
[root@zzzcentos4 bbs]#chown -R nginx.nginx ./config/
[root@zzzcentos4 bbs]#chown -R nginx.nginx ./data/
[root@zzzcentos4 bbs]#chown -R nginx.nginx ./uc_client/
[root@zzzcentos4 bbs]#chown -R nginx.nginx ./uc_server/
[root@zzzcentos4 bbs]#chmod -R 777 ./config/
[root@zzzcentos4 bbs]#chmod -R 777 ./data/
[root@zzzcentos4 bbs]#chmod -R 777 ./uc_client/
[root@zzzcentos4 bbs]#chmod -R 777 ./uc_server/
[root@zzzcentos4 bbs]#
(二)Web1、Web2服务器上搭建Tomcat 服务
①安装Oracle JDK(即部署java环境)
<code>[root@zzzcentos2 ~]#cd /opt/
[root@zzzcentos2 opt]#ls
rh
[root@zzzcentos2 opt]#rz -E
rz waiting to receive.
[root@zzzcentos2 opt]#rz -E
rz waiting to receive.
[root@zzzcentos2 opt]#ls
apache-tomcat-9.0.16.tar.gz jdk-8u291-linux-x64.tar.gz rh
[root@zzzcentos2 opt]#ls
apache-tomcat-9.0.16.tar.gz jdk-8u291-linux-x64.tar.gz rh
[root@zzzcentos2 opt]#systemctl stop firewalld
[root@zzzcentos2 opt]#setenforce 0
setenforce: SELinux is disabled
[root@zzzcentos2 opt]#java -version
openjdk version "1.8.0_131"
OpenJDK Runtime Environment (build 1.8.0_131-b12)
OpenJDK 64-Bit Server VM (build 25.131-b12, mixed mode)
[root@zzzcentos2 opt]#tar xf jdk-8u291-linux-x64.tar.gz -C /usr/local/
[root@zzzcentos2 opt]#cd /usr/local/
[root@zzzcentos2 local]#ls
bin etc games include jdk1.8.0_291 lib lib64 libexec sbin share src
[root@zzzcentos2 local]#ln -s jdk1.8.0_291/ jdk
[root@zzzcentos2 local]#vim /etc/profile.d/jdk.sh
[root@zzzcentos2 local]#cat /etc/profile.d/jdk.sh
export JAVA_HOME=/usr/local/jdk
export PATH=$JAVA_HOME/bin:$PATH
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=$JAVA_HOME/lib/:$JRE_HOME/lib/
[root@zzzcentos2 local]#source /etc/pro
profile profile.d/ protocols
[root@zzzcentos2 local]#source /etc/profile.d/jdk.sh
[root@zzzcentos2 local]#java -version
java version "1.8.0_291"
Java(TM) SE Runtime Environment (build 1.8.0_291-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.291-b10, mixed mode)
[root@zzzcentos2 local]#
②安装tomcat
[root@zzzcentos2 local]#cd /opt/
[root@zzzcentos2 opt]#ls
apache-tomcat-9.0.16.tar.gz jdk-8u291-linux-x64.tar.gz rh
[root@zzzcentos2 opt]#tar xf apache-tomcat-9.0.16.tar.gz
[root@zzzcentos2 opt]#ls
apache-tomcat-9.0.16 apache-tomcat-9.0.16.tar.gz jdk-8u291-linux-x64.tar.gz rh
[root@zzzcentos2 opt]#cp -r apache-tomcat-9.0.16 /usr/local/
[root@zzzcentos2 opt]#cd /usr/local/
[root@zzzcentos2 local]#ls
apache-tomcat-9.0.16 bin etc games include jdk jdk1.8.0_291 lib lib64 libexec sbin share src
[root@zzzcentos2 local]#ln -s apache-tomcat-9.0.16/ tomcat
[root@zzzcentos2 local]#useradd -s /sbin/nologin -M tomcat
[root@zzzcentos2 local]#chown -R tomcat:tomcat tomcat/
[root@zzzcentos2 local]#vim /usr/lib/systemd/system/tomcat.service
[root@zzzcentos2 local]#cat /usr/lib/systemd/system/tomcat.service
[Unit]
Description=Tomcat
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/usr/local/tomcat/bin/startup.sh
ExecStop=/usr/local/tomcat/bin/shutdown.sh
RestartSec=3
PrivateTmp=true
User=tomcat
Group=tomcat
[Install]
WantedBy=multi-user.target
[root@zzzcentos2 local]#systemctl daemon-reload
[root@zzzcentos2 local]#systemctl start tomcat
[root@zzzcentos2 local]#systemctl status tomcat
二、为nginx服务配置虚拟主机,新增两个域名 www.kgc.com 和 www.benet.com,使用http://www.kgc.com/index.php可访问上一题的Discuz论坛页面。使用http://www.benet.com则访问/var/www/html目录中的index.html文件的内容,内容自定义
①nginx服务配置虚拟主机
<code>[root@zzzcentos4 ~]#vim /usr/local/nginx/conf/nginx.conf
搭好论坛会生成它,注意题目访问www.kgc.com跳到论坛,注意位置,在www.kgc.com域名下面
再编辑域名www.benet.com
<code>server {
listen 80;
server_name www.benet.com;
root /var/www/html;
}
②创建对应文件夹
<code>[root@zzzcentos4 conf]#mkdir -p /var/www/html
[root@zzzcentos4 conf]#cd /var/www/html/
[root@zzzcentos4 html]#ls
[root@zzzcentos4 html]#echo hello /var/www/html/ > index.html
[root@zzzcentos4 html]#cat index.html
hello /var/www/html/
③真机配置:
C:\Windows\System32\drivers\etc
④检测:
使用http://www.benet.com则访问/var/www/html/目录中的index.html文件的内容
使用http://www.kgc.com/index.php可访问上一题的Discuz论坛页面
三、对基于www.benet.com域名的虚拟机主机的nginx服务调优:隐藏nginx版本号,缓存静态图片网页时间为1天,设置防盗链功能
①配置文件
<code>[root@zzzcentos4 ~]#vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name www.benet.com;
root /var/www/html;
expires 1d;
server_tokens off;
location ~* \.(jpg|gif|jepg|bmp|png)$ {
valid_referers none bloaced *.benet.com benet.com;
if ( $invalid_referer ) {
return 403;
}
}
}
②客户机检测:
③防盗链检测:
使用另一台机器检测,就随意选7-2吧
<code>[root@zzzcentos2 ~]#yum install httpd -y
[root@zzzcentos2 ~]#cd /var/www/html/
[root@zzzcentos2 html]#systemctl start httpd
[root@zzzcentos2 html]#vim index.html
[root@zzzcentos2 html]#cat index.html #检测页面
<html>
<body>
<h1>this is yun</h1>
<img src="http://www.benet.com/a.jpg"/>code>
</body>
</html>
[root@zzzcentos2 html]#systemctl restart httpd.service
[root@zzzcentos2 html]#rz -E
rz waiting to receive.
[root@zzzcentos2 html]#ls
c38f51c57937c53c60ebba856b53cc3.png index.html
[root@zzzcentos2 html]#mv c38f51c57937c53c60ebba856b53cc3.png a.jpg
[root@zzzcentos2 html]#ls
a.jpg index.html
[root@zzzcentos2 html]#
没设置反盗链的时候,是可以访问到图片的,设置放盗链后再次访问,返回设置的403
四、网关服务器搭建NFS服务,提供的文件系统使用LVM类型,共享目录名称为/opt/nfs;要求根据日期对Discuz论坛服务的访问日志进行日志分割,要求每天生成一份日志文件,保存到NFS服务共享的目录内。
Centos7-1作为网关服务器
①文件系统使用LVM类型
方法一:新加盘做一个LVM类型
<code>[root@localhost ~]#lsblk
[root@localhost ~]#echo "- - -" > /sys/class/scsi_host/host0/scan;echo "- - -" > /sys/class/scsi_host/host1/scan;echo "- - -" > /sys/class/scsi_host/host2/scan
[root@localhost ~]#lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 60G 0 disk
├─sda1 8:1 0 5G 0 part /boot
└─sda2 8:2 0 54G 0 part
├─centos-root 253:0 0 50G 0 lvm /
└─centos-swap 253:1 0 4G 0 lvm [SWAP]
sdb 8:16 0 20G 0 disk
sdc 8:32 0 20G 0 disk
sr0 11:0 1 4.2G 0 rom
[root@localhost ~]#pvcreate /dev/sdb /dev/sdc
#建物理卷
Physical volume "/dev/sdb" successfully created.
Physical volume "/dev/sdc" successfully created.
[root@localhost ~]#vgcreate vg /dev/sdb /dev/sdc
#建卷组
Volume group "vg" successfully created
[root@localhost ~]#lvcreate -n lvm -L 10G /dev/vg
#建逻辑卷 指定名称lvm 指定大小30G 存放在/dev/vg下
Logical volume "lvm" created.
[root@localhost ~]#mkfs.xfs /dev/vg/lvm
meta-data=/dev/vg/lvm isize=512 agcount=4, agsize=655360 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=2621440, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@localhost ~]#mount /dev/vg/lvm /opt
[root@localhost ~]#mkdir /opt/nfs
[root@localhost ~]#vim /etc/exports
/opt/nfs *
[root@localhost ~]#cat /etc/exports
/opt/nfs *
[root@localhost ~]#exportfs -r
exportfs: No options for /opt/nfs *: suggest *(sync) to avoid warning
[root@localhost ~]#exportfs -v
/opt/nfs <world>(ro,sync,wdelay,hide,no_subtree_check,sec=sys,secure,root_squash,no_all_squash)
[root@localhost ~]#hostname zzzcentos1
[root@localhost ~]#su
[root@zzzcentos1 ~]#
方法二:因为我们根本身就是逻辑卷;所以就不另外添加磁盘了,就在根下面做
②设置共享目录
<code>[root@zzcentos1 ~]#mkdir /opt/nfs
[root@zzcentos1 ~]#vim /etc/exports
[root@zzcentos1 ~]#cat /etc/exports
/opt/nfs *
[root@zzcentos1 ~]#exportfs -r
exportfs: No options for /opt/nfs *: suggest *(sync) to avoid warning
[root@zzcentos1 ~]#exportfs -v
/opt/nfs <world>(ro,sync,wdelay,hide,no_subtree_check,sec=sys,secure,root_squash,no_all_squash)
[root@zzcentos1 ~]#
③nginx 服务挂载共享目录
④日志分割
编辑脚本:
<code>#!/bin/bash
pid=`cat /usr/local/nginx/logs/nginx.pid`
cd /opt
mv benet.log /mnt/`date +%F`
touch benet.log
kill -USR1 ${pid}
再去页面访问:
编写crontab计划
绝对路径加脚本有执行权限,如上图就可以执行,到此结束
方法二:脚本也可以如下写法
<code>#!/bin/bash
day=`date "+%Y-%m-%d"`
log="/usr/local/nginx/logs"code>
pid=`cat /usr/local/nginx/logs/nginx.pid`
mv /${log}/access.log /opt/${day}
kill -USR1 ${pid}
sed -i '/.*bbs.*/!p' /opt/${day}
五、要求配置location匹配请求地址http://www.kgc.com/test/XXXX,使用户访问该路径下的文件时返回/var/share/nginx/html/目录下的文件内容。
要求使用rewrite将使用域名www.benet.com 请求以 .php 结尾的访问都跳转到域名www.kgc.com上,而且后面的参数保持不变,比如访问http://www.benet.com/bbs/index.php跳转到http://www.kgc.com/bbs/index.php
(1)要求配置location匹配请求地址http://www.kgc.com/test/XXXX,使用户访问该路径下的文件时返回/var/share/nginx/html/目录下的文件内容
①Nginx服务配置
<code>location /test {
alias /var/share/nginx/html;
}
②创建被访问文件内容
③检测:
(2)要求使用rewrite将使用域名www.benet.com 请求以 .php 结尾的访问都跳转到域名www.kgc.com上,而且后面的参数保持不变,比如访问http://www.benet.com/bbs/index.php跳转到http://www.kgc.com/bbs/index.php
①Nginx服务配置
<code>location ~* \.php$ {
rewrite ^/(.*) http://www.kgc.com/$1 permanent;
}
②去浏览器检测:
成功跳转
六、在Nginx服务器上对基于www.benet.com域名的虚拟机主机设置动静分离由nginx提供静态页面服务,将对 .jsp文件的动态页面请求转发到Tomcat 服务器处理,并实现负载均衡
①Nginx服务器配置
<code>upstream tomcat {
server 192.168.246.8:8080;
server 192.168.246.9:8080;
}
<code>location / {
root /var/www/html;
index index.html index.htm;
}
location ~*\.jsp$ {
proxy_pass http://tomcat;
}
②配置Tomcat服务器
tomcat 7-2配置:
tomcat 7-3配置:
<code>[root@zzzcentos3 ~]#systemctl stop firewalld
[root@zzzcentos3 ~]#setenforce 0
[root@zzzcentos3 ~]#cd /usr/local/tomcat/webapps/ROOT/
[root@zzzcentos3 ROOT]#ls
asf-logo-wide.svg bg-middle.png bg-upper.png index.jsp tomcat.css tomcat.png tomcat.svg
bg-button.png bg-nav.png favicon.ico RELEASE-NOTES.txt tomcat.gif tomcat-power.gif WEB-INF
[root@zzzcentos3 ROOT]#cp index.jsp index.jsp.bak #先备份
[root@zzzcentos3 ROOT]#ls
asf-logo-wide.svg bg-nav.png index.jsp tomcat.css tomcat-power.gif
bg-button.png bg-upper.png index.jsp.bak tomcat.gif tomcat.svg
bg-middle.png favicon.ico RELEASE-NOTES.txt tomcat.png WEB-INF
[root@zzzcentos3 ROOT]#echo tomcat 7-3 > index.jsp #输入内容
[root@zzzcentos3 ROOT]#cat index.jsp
tomcat 7-3
[root@zzzcentos3 ROOT]#
③浏览器检测:
访问动态页面:
访问静态页面:
七、在网关服务器上设置SNAT/DNAT,使client使用网关服务器的ens36接口的IP地址访问也可实现上一题的效果。
理解:
我们想要 客户机 用 网关服务器的ens36接口IP地址(12.0.0.1)去访问www.benet.com/index.jsp,从而得到我们在 Tomcat服务器中配置的 动态页面;
所以这是外网(7-5 IP:12.0.0.12)可以访问内网(7-1 ip: 192.168.246.7),所以我们需要配置的是DNAT
①客户机地址配置
②网关服务器配置
<code>[root@zzcentos1 network-scripts]#sysctl -a |grep "ip_forward"
net.ipv4.ip_forward = 0
net.ipv4.ip_forward_use_pmtu = 0
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sctl: reading key "net.ipv6.conf.default.stable_secret"
?ysctl: reading key "net.ipv6.conf.ens33.stable_secret"
sysctl: reading key "net.ipv6.conf.ens36.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
sysctl: reading key "net.ipv6.conf.virbr0.stable_secret"
sysctl: reading key "net.ipv6.conf.virbr0-nic.stable_secret"
[root@zzcentos1 network-scripts]#vim /etc/sysctl.conf
[root@zzcentos1 network-scripts]#sysctl -p
net.ipv4.ip_forward = 1
[root@zzcentos1 network-scripts]#
③做SNAT与DNAT
[root@zzcentos1 network-scripts]#iptables -t nat -A POSTROUTING -o ens36 -s 192.168.246.0/24 -j SNAT --to 12.0.0.1
[root@zzcentos1 network-scripts]#
[root@zzcentos1 network-scripts]#iptables -t nat -A PREROUTING -i ens36 -d 12.0.0.1 -p tcp --dport 80 -j DNAT --to 192.168.246.7
[root@zzcentos1 network-scripts]#iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 1 packets, 71 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- ens36 * 0.0.0.0/0 12.0.0.1 tcp dpt:80 to:192.168.246.7
Chain INPUT (policy ACCEPT 1 packets, 71 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * ens36 192.168.246.0/24 0.0.0.0/0 to:12.0.0.1
[root@zzcentos1 network-scripts]#
④客户机浏览器检测:
声明
本文内容仅代表作者观点,或转载于其他网站,本站不以此文作为商业用途
如有涉及侵权,请联系本站进行删除
转载本站原创文章,请注明来源及作者。