web 服务搭建

白开水~不加糖 2024-09-01 14:33:01 阅读 85

目录

环境搭建

一、在Nginx服务器上搭建LNMP服务,并且能够对外提供Discuz论坛服务,在Web1、Web2服务器上搭建Tomcat 服务

(一)Nginx服务器上搭建LNMP服务

①编译安装nginx

②编译安装mysql

③ 编译安装php软件

④配置 Nginx支持PHP解析

验证数据库工作是否正常

⑤安装论坛

(二)Web1、Web2服务器上搭建Tomcat 服务

①安装Oracle JDK(即部署java环境)

②安装tomcat

二、为nginx服务配置虚拟主机,新增两个域名 www.kgc.com 和 www.benet.com,使用http://www.kgc.com/index.php可访问上一题的Discuz论坛页面。使用http://www.benet.com则访问/var/www/html目录中的index.html文件的内容,内容自定义

①nginx服务配置虚拟主机

②创建对应文件夹

③真机配置:

④检测:

三、对基于www.benet.com域名的虚拟机主机的nginx服务调优:隐藏nginx版本号,缓存静态图片网页时间为1天,设置防盗链功能

①配置文件

②客户机检测:

③防盗链检测:

四、网关服务器搭建NFS服务,提供的文件系统使用LVM类型,共享目录名称为/opt/nfs;要求根据日期对Discuz论坛服务的访问日志进行日志分割,要求每天生成一份日志文件,保存到NFS服务共享的目录内。

①文件系统使用LVM类型

方法一:新加盘做一个LVM类型

方法二:因为我们根本身就是逻辑卷;所以就不另外添加磁盘了,就在根下面做

②设置共享目录

③nginx 服务挂载共享目录

④日志分割

五、要求配置location匹配请求地址http://www.kgc.com/test/XXXX,使用户访问该路径下的文件时返回/var/share/nginx/html/目录下的文件内容。要求使用rewrite将使用域名www.benet.com 请求以 .php 结尾的访问都跳转到域名www.kgc.com上,而且后面的参数保持不变,比如访问http://www.benet.com/bbs/index.php跳转到http://www.kgc.com/bbs/index.php

①Nginx服务配置

②创建被访问文件内容

③检测:

六、在Nginx服务器上对基于www.benet.com域名的虚拟机主机设置动静分离由nginx提供静态页面服务,将对 .jsp文件的动态页面请求转发到Tomcat 服务器处理,并实现负载均衡

①Nginx服务器配置

②配置Tomcat服务器

③浏览器检测:

访问动态页面:

访问静态页面:

七、在网关服务器上设置SNAT/DNAT,使client使用网关服务器的ens36接口的IP地址访问也可实现上一题的效果。

①客户机地址配置

②网关服务器配置

③做SNAT与DNAT

④客户机浏览器检测


拓扑图:

环境搭建

Centos7-5作为Client(12.0.0.12/24);Centos7-1作为网关服务器(配置两块网卡ens33 192.168.246.7/24,ens36 12.0.0.1/24);Centos7-2作为Web1(192.168.246.8/24 提供web1服务);Centos7-3作为Web2(192.168.246.9/24 提供web2服务);Centos7-4作为Nginx服务器(192.168.246.10/24)

五台机器都关闭防火墙、防护

7-1网关服务器配置双网卡

<code>[root@localhost ~]#ifconfig

[root@localhost ~]#cd /etc/sysconfig/network-scripts/

[root@localhost network-scripts]#ls

ifcfg-ens33 ifdown-ipv6 ifdown-TeamPort ifup-ippp ifup-routes network-functions

ifcfg-lo ifdown-isdn ifdown-tunnel ifup-ipv6 ifup-sit network-functions-ipv6

ifdown ifdown-post ifup ifup-isdn ifup-Team

ifdown-bnep ifdown-ppp ifup-aliases ifup-plip ifup-TeamPort

ifdown-eth ifdown-routes ifup-bnep ifup-plusb ifup-tunnel

ifdown-ib ifdown-sit ifup-eth ifup-post ifup-wireless

ifdown-ippp ifdown-Team ifup-ib ifup-ppp init.ipv6-global

[root@localhost network-scripts]#cp ifcfg-ens33 ifcfg-ens36

[root@localhost network-scripts]#vim ifcfg-ens36

一、在Nginx服务器上搭建LNMP服务,并且能够对外提供Discuz论坛服务,在Web1、Web2服务器上搭建Tomcat 服务

(一)Nginx服务器上搭建LNMP服务

①编译安装nginx

<code>[root@zzzcentos4 ~]#yum -y install pcre-devel zlib-devel gcc gcc-c++ make

[root@zzzcentos4 ~]#cd /opt

[root@zzzcentos4 opt]#ls

rh

[root@zzzcentos4 opt]#rz -E

rz waiting to receive.

[root@zzzcentos4 opt]#rz -E

rz waiting to receive.

[root@zzzcentos4 opt]#rz -E

rz waiting to receive.

[root@zzzcentos4 opt]#rz -E

rz waiting to receive.

[root@zzzcentos4 opt]#ls

Discuz_X3.4_SC_UTF8.zip nginx-1.22.0.tar.gz rh

mysql-boost-5.7.20.tar.gz php-7.1.10.tar.bz2

[root@zzzcentos4 opt]#tar xf nginx-1.22.0.tar.gz

[root@zzzcentos4 opt]#cd nginx-1.22.0/

[root@zzzcentos4 nginx-1.22.0]#useradd -M -s /sbin/nologin nginx

[root@zzzcentos4 nginx-1.22.0]#./configure \

> --prefix=/usr/local/nginx \

> --user=nginx \

> --group=nginx \

> --with-http_stub_status_module

[root@zzzcentos4 nginx-1.22.0]#make -j 2

[root@zzzcentos4 nginx-1.22.0]#make install

[root@zzzcentos4 nginx-1.22.0]#echo $PATH

/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin

[root@zzzcentos4 nginx-1.22.0]#

[root@zzzcentos4 nginx-1.22.0]#ln -s /usr/local/nginx/sbin/nginx /usr/bin

#为了使用nginx命令可以补全 (做到$PATH下面就行)

[root@zzzcentos4 nginx-1.22.0]#tee /lib/systemd/system/nginx.service <<eof

> [Unit]

> Description=nginx

> After=network.target

> [Service]

> Type=forking

> PIDFile=/usr/local/nginx/logs/nginx.pid

> ExecStart=/usr/local/nginx/sbin/nginx

> ExecReload=/bin/kill -1 $MAINPID

> ExecStop=/bin/kill -3 $MAINPID

> PrivateTmp=true

> [Install]

> WantedBy=multi-user.target

> eof

[Unit]

Description=nginx

After=network.target

[Service]

Type=forking

PIDFile=/usr/local/nginx/logs/nginx.pid

ExecStart=/usr/local/nginx/sbin/nginx

ExecReload=/bin/kill -1

ExecStop=/bin/kill -3

PrivateTmp=true

[Install]

WantedBy=multi-user.target

[root@zzzcentos4 nginx-1.22.0]#systemctl daemon-reload

[root@zzzcentos4 nginx-1.22.0]#systemctl enable --now nginx.service

Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.

[root@zzzcentos4 nginx-1.22.0]#systemctl start nginx

[root@zzzcentos4 nginx-1.22.0]#systemctl status nginx

②编译安装mysql

<code>[root@zzzcentos4 nginx-1.22.0]#cd /opt

[root@zzzcentos4 opt]#ls

Discuz_X3.4_SC_UTF8.zip nginx-1.22.0 php-7.1.10.tar.bz2

mysql-boost-5.7.20.tar.gz nginx-1.22.0.tar.gz rh

[root@zzzcentos4 opt]#yum -y install \

> ncurses \

> ncurses-devel \

> bison \

> cmake

[root@zzzcentos4 opt]#yum -y install gcc gcc-c++ cmake bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel

[root@zzzcentos4 opt]#useradd -M -s /sbin/nologin mysql

[root@zzzcentos4 opt]#ls

Discuz_X3.4_SC_UTF8.zip nginx-1.22.0 php-7.1.10.tar.bz2

mysql-boost-5.7.20.tar.gz nginx-1.22.0.tar.gz rh

[root@zzzcentos4 opt]#tar xf mysql-boost-5.7.20.tar.gz

[root@zzzcentos4 opt]#ls

Discuz_X3.4_SC_UTF8.zip mysql-boost-5.7.20.tar.gz nginx-1.22.0.tar.gz rh

mysql-5.7.20 nginx-1.22.0 php-7.1.10.tar.bz2

[root@zzzcentos4 opt]#cd mysql-5.7.20/

[root@zzzcentos4 mysql-5.7.20]#

[root@zzzcentos4 mysql-5.7.20]#cmake \

> -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \

> -DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \

> -DSYSCONFDIR=/etc \

> -DSYSTEMD_PID_DIR=/usr/local/mysql \

> -DDEFAULT_CHARSET=utf8 \

> -DDEFAULT_COLLATION=utf8_general_ci \

> -DWITH_EXTRA_CHARSETS=all \

> -DWITH_INNOBASE_STORAGE_ENGINE=1 \

> -DWITH_ARCHIVE_STORAGE_ENGINE=1 \

> -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \

> -DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \

> -DMYSQL_DATADIR=/usr/local/mysql/data \

> -DWITH_BOOST=boost \

> -DWITH_SYSTEMD=1

<code>[root@zzzcentos4 mysql-5.7.20]#vim /etc/my.cnf

[client]

port = 3306

socket=/usr/local/mysql/mysql.sock

[mysqld]

user = mysql

basedir=/usr/local/mysql

datadir=/usr/local/mysql/data

port = 3306

character-set-server=utf8

pid-file = /usr/local/mysql/mysqld.pid

socket=/usr/local/mysql/mysql.sock

bind-address = 0.0.0.0

skip-name-resolve

max_connections=2048

default-storage-engine=INNODB

max_allowed_packet=16M

server-id = 1

sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,

NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES

[root@zzzcentos4 mysql-5.7.20]#chown -R mysql:mysql /usr/local/mysql/

[root@zzzcentos4 mysql-5.7.20]#chown mysql:mysql /etc/my.cnf

[root@zzzcentos4 mysql-5.7.20]#

[root@zzzcentos4 mysql-5.7.20]#echo 'export PATH=/usr/local/mysql/bin:/usr/local/mysql/lib:$PATH' >> /etc/profile

[root@zzzcentos4 mysql-5.7.20]#source /etc/profile

[root@zzzcentos4 mysql-5.7.20]#cd /usr/local/mysql/bin/

[root@zzzcentos4 bin]#./mysqld \

> --initialize-insecure \

> --user=mysql \

> --basedir=/usr/local/mysql \

> --datadir=/usr/local/mysql/data

[root@zzzcentos4 bin]#cp /usr/local/mysql/usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/

[root@zzzcentos4 bin]#systemctl daemon-reload

[root@zzzcentos4 bin]#systemctl start mysqld.service

[root@zzzcentos4 bin]#systemctl status mysqld.service

③ 编译安装php软件

<code>[root@zzzcentos4 bin]#cd /opt

[root@zzzcentos4 opt]#ls

Discuz_X3.4_SC_UTF8.zip mysql-boost-5.7.20.tar.gz nginx-1.22.0.tar.gz rh

mysql-5.7.20 nginx-1.22.0 php-7.1.10.tar.bz2

[root@zzzcentos4 opt]#tar xf php-7.1.10.tar.bz2

[root@zzzcentos4 opt]#cd php-7.1.10/

[root@zzzcentos4 php-7.1.10]#yum -y install gd \

> libjpeg libjpeg-devel \

> libpng libpng-devel \

> freetype freetype-devel \

> libxml2 libxml2-devel \

> zlib zlib-devel \

> curl curl-devel \

> openssl openssl-devel

[root@zzzcentos4 php-7.1.10]#./configure \

> --prefix=/usr/local/php \

> --with-mysql-sock=/usr/local/mysql/mysql.sock \

> --with-mysqli \

> --with-zlib \

> --with-curl \

> --with-gd \

> --with-jpeg-dir \

> --with-png-dir \

> --with-freetype-dir \

> --with-openssl \

> --enable-fpm \

> --enable-mbstring \

> --enable-xml \

> --enable-session \

> --enable-ftp \

> --enable-pdo \

> --enable-tokenizer \

> --enable-zip

[root@zzzcentos4 php-7.1.10]#make -j 2

[root@zzzcentos4 php-7.1.10]#make install

<code>[root@zzzcentos4 etc]#ls

pear.conf php-fpm.conf php-fpm.conf.default php-fpm.d

[root@zzzcentos4 etc]#cd php-fpm.d/

[root@zzzcentos4 php-fpm.d]#ls

www.conf.default

[root@zzzcentos4 php-fpm.d]#cp www.conf.default www.conf

[root@zzzcentos4 php-fpm.d]#ls

www.conf www.conf.default

[root@zzzcentos4 php-fpm.d]#ln -s /usr/local/php/bin/* /usr/local/bin/

[root@zzzcentos4 php-fpm.d]#ln -s /usr/local/php/sbin/* /usr/local/sbin/

[root@zzzcentos4 php-fpm.d]#

[root@zzzcentos4 php-fpm.d]#cd /opt/php-7.1.10/sapi/fpm

[root@zzzcentos4 fpm]#cp php-fpm.service /usr/lib/systemd/system/php-fpm.service

[root@zzzcentos4 fpm]#systemctl daemon-reload

[root@zzzcentos4 fpm]#systemctl start php-fpm.service

[root@zzzcentos4 fpm]#systemctl status php-fpm.service

④配置 Nginx支持PHP解析

<code>[root@zzzcentos4 fpm]#vim /usr/local/nginx/conf/nginx.conf

<code>[root@zzzcentos4 fpm]#nginx -s reload

[root@zzzcentos4 fpm]#systemctl restart nginx.service

[root@zzzcentos4 fpm]#cd /usr/local/nginx/html/

[root@zzzcentos4 html]#vim /usr/local/nginx/html/index.php

[root@zzzcentos4 html]#cat /usr/local/nginx/html/index.php

<?php

phpinfo();

?>

[root@zzzcentos4 html]#

验证数据库工作是否正常

[root@zzzcentos4 html]#mysql -uroot -pabc123

mysql: [Warning] Using a password on the command line interface can be insecure.

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 5

Server version: 5.7.20 Source distribution

Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> CREATE DATABASE bbs;

Query OK, 1 row affected (0.02 sec)

mysql> GRANT all ON bbs.* TO 'bbsuser'@'%' IDENTIFIED BY 'admin123';

Query OK, 0 rows affected, 1 warning (0.03 sec)

mysql> GRANT all ON bbs.* TO 'bbsuser'@'localhost' IDENTIFIED BY 'admin123';

Query OK, 0 rows affected, 2 warnings (0.00 sec)

mysql> flush privileges;

Query OK, 0 rows affected (0.01 sec)

mysql> quit

Bye

[root@zzzcentos4 html]#vim /usr/local/nginx/html/index.php

<?php

$link=mysqli_connect('192.168.246.10','bbsuser','admin123');

if($link) echo "<h1>Success!!</h1>";

else echo "Fail!!";

?>

⑤安装论坛

<code>[root@zzzcentos4 opt]#ls

dir_SC_UTF8 mysql-5.7.20 nginx-1.22.0 php-7.1.10 rh

Discuz_X3.4_SC_UTF8.zip mysql-boost-5.7.20.tar.gz nginx-1.22.0.tar.gz php-7.1.10.tar.bz2 说明.htm

[root@zzzcentos4 opt]#cd dir_SC_UTF8/

[root@zzzcentos4 dir_SC_UTF8]#ls

readme upload utility

[root@zzzcentos4 dir_SC_UTF8]#cp -r upload/ /usr/local/nginx/html/bbs/

[root@zzzcentos4 dir_SC_UTF8]#cd /usr/local/nginx/html/bbs/

[root@zzzcentos4 bbs]#ls

admin.php archiver crossdomain.xml forum.php index.php member.php portal.php source uc_client

api config data group.php install misc.php robots.txt static uc_server

api.php connect.php favicon.ico home.php m plugin.php search.php template

[root@zzzcentos4 bbs]#chown -R nginx.nginx ./config/

[root@zzzcentos4 bbs]#chown -R nginx.nginx ./data/

[root@zzzcentos4 bbs]#chown -R nginx.nginx ./uc_client/

[root@zzzcentos4 bbs]#chown -R nginx.nginx ./uc_server/

[root@zzzcentos4 bbs]#chmod -R 777 ./config/

[root@zzzcentos4 bbs]#chmod -R 777 ./data/

[root@zzzcentos4 bbs]#chmod -R 777 ./uc_client/

[root@zzzcentos4 bbs]#chmod -R 777 ./uc_server/

[root@zzzcentos4 bbs]#

(二)Web1、Web2服务器上搭建Tomcat 服务

①安装Oracle JDK(即部署java环境)

<code>[root@zzzcentos2 ~]#cd /opt/

[root@zzzcentos2 opt]#ls

rh

[root@zzzcentos2 opt]#rz -E

rz waiting to receive.

[root@zzzcentos2 opt]#rz -E

rz waiting to receive.

[root@zzzcentos2 opt]#ls

apache-tomcat-9.0.16.tar.gz jdk-8u291-linux-x64.tar.gz rh

[root@zzzcentos2 opt]#ls

apache-tomcat-9.0.16.tar.gz jdk-8u291-linux-x64.tar.gz rh

[root@zzzcentos2 opt]#systemctl stop firewalld

[root@zzzcentos2 opt]#setenforce 0

setenforce: SELinux is disabled

[root@zzzcentos2 opt]#java -version

openjdk version "1.8.0_131"

OpenJDK Runtime Environment (build 1.8.0_131-b12)

OpenJDK 64-Bit Server VM (build 25.131-b12, mixed mode)

[root@zzzcentos2 opt]#tar xf jdk-8u291-linux-x64.tar.gz -C /usr/local/

[root@zzzcentos2 opt]#cd /usr/local/

[root@zzzcentos2 local]#ls

bin etc games include jdk1.8.0_291 lib lib64 libexec sbin share src

[root@zzzcentos2 local]#ln -s jdk1.8.0_291/ jdk

[root@zzzcentos2 local]#vim /etc/profile.d/jdk.sh

[root@zzzcentos2 local]#cat /etc/profile.d/jdk.sh

export JAVA_HOME=/usr/local/jdk

export PATH=$JAVA_HOME/bin:$PATH

export JRE_HOME=$JAVA_HOME/jre

export CLASSPATH=$JAVA_HOME/lib/:$JRE_HOME/lib/

[root@zzzcentos2 local]#source /etc/pro

profile profile.d/ protocols

[root@zzzcentos2 local]#source /etc/profile.d/jdk.sh

[root@zzzcentos2 local]#java -version

java version "1.8.0_291"

Java(TM) SE Runtime Environment (build 1.8.0_291-b10)

Java HotSpot(TM) 64-Bit Server VM (build 25.291-b10, mixed mode)

[root@zzzcentos2 local]#

②安装tomcat

[root@zzzcentos2 local]#cd /opt/

[root@zzzcentos2 opt]#ls

apache-tomcat-9.0.16.tar.gz jdk-8u291-linux-x64.tar.gz rh

[root@zzzcentos2 opt]#tar xf apache-tomcat-9.0.16.tar.gz

[root@zzzcentos2 opt]#ls

apache-tomcat-9.0.16 apache-tomcat-9.0.16.tar.gz jdk-8u291-linux-x64.tar.gz rh

[root@zzzcentos2 opt]#cp -r apache-tomcat-9.0.16 /usr/local/

[root@zzzcentos2 opt]#cd /usr/local/

[root@zzzcentos2 local]#ls

apache-tomcat-9.0.16 bin etc games include jdk jdk1.8.0_291 lib lib64 libexec sbin share src

[root@zzzcentos2 local]#ln -s apache-tomcat-9.0.16/ tomcat

[root@zzzcentos2 local]#useradd -s /sbin/nologin -M tomcat

[root@zzzcentos2 local]#chown -R tomcat:tomcat tomcat/

[root@zzzcentos2 local]#vim /usr/lib/systemd/system/tomcat.service

[root@zzzcentos2 local]#cat /usr/lib/systemd/system/tomcat.service

[Unit]

Description=Tomcat

After=syslog.target network.target

[Service]

Type=forking

ExecStart=/usr/local/tomcat/bin/startup.sh

ExecStop=/usr/local/tomcat/bin/shutdown.sh

RestartSec=3

PrivateTmp=true

User=tomcat

Group=tomcat

[Install]

WantedBy=multi-user.target

[root@zzzcentos2 local]#systemctl daemon-reload

[root@zzzcentos2 local]#systemctl start tomcat

[root@zzzcentos2 local]#systemctl status tomcat

二、为nginx服务配置虚拟主机,新增两个域名 www.kgc.com 和 www.benet.com,使用http://www.kgc.com/index.php可访问上一题的Discuz论坛页面。使用http://www.benet.com则访问/var/www/html目录中的index.html文件的内容,内容自定义

①nginx服务配置虚拟主机

<code>[root@zzzcentos4 ~]#vim /usr/local/nginx/conf/nginx.conf

搭好论坛会生成它,注意题目访问www.kgc.com跳到论坛,注意位置,在www.kgc.com域名下面

再编辑域名www.benet.com

<code>server {

listen 80;

server_name www.benet.com;

root /var/www/html;

}

②创建对应文件夹

<code>[root@zzzcentos4 conf]#mkdir -p /var/www/html

[root@zzzcentos4 conf]#cd /var/www/html/

[root@zzzcentos4 html]#ls

[root@zzzcentos4 html]#echo hello /var/www/html/ > index.html

[root@zzzcentos4 html]#cat index.html

hello /var/www/html/

③真机配置:

C:\Windows\System32\drivers\etc

④检测:

使用http://www.benet.com则访问/var/www/html/目录中的index.html文件的内容

使用http://www.kgc.com/index.php可访问上一题的Discuz论坛页面

三、对基于www.benet.com域名的虚拟机主机的nginx服务调优:隐藏nginx版本号,缓存静态图片网页时间为1天,设置防盗链功能

①配置文件

<code>[root@zzzcentos4 ~]#vim /usr/local/nginx/conf/nginx.conf

server {

listen 80;

server_name www.benet.com;

root /var/www/html;

expires 1d;

server_tokens off;

location ~* \.(jpg|gif|jepg|bmp|png)$ {

valid_referers none bloaced *.benet.com benet.com;

if ( $invalid_referer ) {

return 403;

}

}

}

②客户机检测:

③防盗链检测:

使用另一台机器检测,就随意选7-2吧

<code>[root@zzzcentos2 ~]#yum install httpd -y

[root@zzzcentos2 ~]#cd /var/www/html/

[root@zzzcentos2 html]#systemctl start httpd

[root@zzzcentos2 html]#vim index.html

[root@zzzcentos2 html]#cat index.html #检测页面

<html>

<body>

<h1>this is yun</h1>

<img src="http://www.benet.com/a.jpg"/>code>

</body>

</html>

[root@zzzcentos2 html]#systemctl restart httpd.service

[root@zzzcentos2 html]#rz -E

rz waiting to receive.

[root@zzzcentos2 html]#ls

c38f51c57937c53c60ebba856b53cc3.png index.html

[root@zzzcentos2 html]#mv c38f51c57937c53c60ebba856b53cc3.png a.jpg

[root@zzzcentos2 html]#ls

a.jpg index.html

[root@zzzcentos2 html]#

没设置反盗链的时候,是可以访问到图片的,设置放盗链后再次访问,返回设置的403

四、网关服务器搭建NFS服务,提供的文件系统使用LVM类型,共享目录名称为/opt/nfs;要求根据日期对Discuz论坛服务的访问日志进行日志分割,要求每天生成一份日志文件,保存到NFS服务共享的目录内。

Centos7-1作为网关服务器

文件系统使用LVM类型

方法一:新加盘做一个LVM类型

<code>[root@localhost ~]#lsblk

[root@localhost ~]#echo "- - -" > /sys/class/scsi_host/host0/scan;echo "- - -" > /sys/class/scsi_host/host1/scan;echo "- - -" > /sys/class/scsi_host/host2/scan

[root@localhost ~]#lsblk

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT

sda 8:0 0 60G 0 disk

├─sda1 8:1 0 5G 0 part /boot

└─sda2 8:2 0 54G 0 part

├─centos-root 253:0 0 50G 0 lvm /

└─centos-swap 253:1 0 4G 0 lvm [SWAP]

sdb 8:16 0 20G 0 disk

sdc 8:32 0 20G 0 disk

sr0 11:0 1 4.2G 0 rom

[root@localhost ~]#pvcreate /dev/sdb /dev/sdc

#建物理卷

Physical volume "/dev/sdb" successfully created.

Physical volume "/dev/sdc" successfully created.

[root@localhost ~]#vgcreate vg /dev/sdb /dev/sdc

#建卷组

Volume group "vg" successfully created

[root@localhost ~]#lvcreate -n lvm -L 10G /dev/vg

#建逻辑卷 指定名称lvm 指定大小30G 存放在/dev/vg下

Logical volume "lvm" created.

[root@localhost ~]#mkfs.xfs /dev/vg/lvm

meta-data=/dev/vg/lvm isize=512 agcount=4, agsize=655360 blks

= sectsz=512 attr=2, projid32bit=1

= crc=1 finobt=0, sparse=0

data = bsize=4096 blocks=2621440, imaxpct=25

= sunit=0 swidth=0 blks

naming =version 2 bsize=4096 ascii-ci=0 ftype=1

log =internal log bsize=4096 blocks=2560, version=2

= sectsz=512 sunit=0 blks, lazy-count=1

realtime =none extsz=4096 blocks=0, rtextents=0

[root@localhost ~]#mount /dev/vg/lvm /opt

[root@localhost ~]#mkdir /opt/nfs

[root@localhost ~]#vim /etc/exports

/opt/nfs *

[root@localhost ~]#cat /etc/exports

/opt/nfs *

[root@localhost ~]#exportfs -r

exportfs: No options for /opt/nfs *: suggest *(sync) to avoid warning

[root@localhost ~]#exportfs -v

/opt/nfs <world>(ro,sync,wdelay,hide,no_subtree_check,sec=sys,secure,root_squash,no_all_squash)

[root@localhost ~]#hostname zzzcentos1

[root@localhost ~]#su

[root@zzzcentos1 ~]#

方法二:因为我们根本身就是逻辑卷;所以就不另外添加磁盘了,就在根下面做

②设置共享目录

<code>[root@zzcentos1 ~]#mkdir /opt/nfs

[root@zzcentos1 ~]#vim /etc/exports

[root@zzcentos1 ~]#cat /etc/exports

/opt/nfs *

[root@zzcentos1 ~]#exportfs -r

exportfs: No options for /opt/nfs *: suggest *(sync) to avoid warning

[root@zzcentos1 ~]#exportfs -v

/opt/nfs <world>(ro,sync,wdelay,hide,no_subtree_check,sec=sys,secure,root_squash,no_all_squash)

[root@zzcentos1 ~]#

③nginx 服务挂载共享目录

④日志分割

编辑脚本:

<code>#!/bin/bash

pid=`cat /usr/local/nginx/logs/nginx.pid`

cd /opt

mv benet.log /mnt/`date +%F`

touch benet.log

kill -USR1 ${pid}

再去页面访问:

编写crontab计划

绝对路径加脚本有执行权限,如上图就可以执行,到此结束

方法二:脚本也可以如下写法

<code>#!/bin/bash

day=`date "+%Y-%m-%d"`

log="/usr/local/nginx/logs"code>

pid=`cat /usr/local/nginx/logs/nginx.pid`

mv /${log}/access.log /opt/${day}

kill -USR1 ${pid}

sed -i '/.*bbs.*/!p' /opt/${day}

五、要求配置location匹配请求地址http://www.kgc.com/test/XXXX,使用户访问该路径下的文件时返回/var/share/nginx/html/目录下的文件内容。

要求使用rewrite将使用域名www.benet.com 请求以 .php 结尾的访问都跳转到域名www.kgc.com上,而且后面的参数保持不变,比如访问http://www.benet.com/bbs/index.php跳转到http://www.kgc.com/bbs/index.php

(1)要求配置location匹配请求地址http://www.kgc.com/test/XXXX,使用户访问该路径下的文件时返回/var/share/nginx/html/目录下的文件内容

①Nginx服务配置

<code>location /test {

alias /var/share/nginx/html;

}

②创建被访问文件内容

③检测:

(2)要求使用rewrite将使用域名www.benet.com 请求以 .php 结尾的访问都跳转到域名www.kgc.com上,而且后面的参数保持不变,比如访问http://www.benet.com/bbs/index.php跳转到http://www.kgc.com/bbs/index.php

①Nginx服务配置

<code>location ~* \.php$ {

rewrite ^/(.*) http://www.kgc.com/$1 permanent;

}

②去浏览器检测:

成功跳转

六、在Nginx服务器上对基于www.benet.com域名的虚拟机主机设置动静分离由nginx提供静态页面服务,将对 .jsp文件的动态页面请求转发到Tomcat 服务器处理,并实现负载均衡

①Nginx服务器配置

<code>upstream tomcat {

server 192.168.246.8:8080;

server 192.168.246.9:8080;

}

<code>location / {

root /var/www/html;

index index.html index.htm;

}

location ~*\.jsp$ {

proxy_pass http://tomcat;

}

②配置Tomcat服务器

tomcat 7-2配置:

tomcat 7-3配置:

<code>[root@zzzcentos3 ~]#systemctl stop firewalld

[root@zzzcentos3 ~]#setenforce 0

[root@zzzcentos3 ~]#cd /usr/local/tomcat/webapps/ROOT/

[root@zzzcentos3 ROOT]#ls

asf-logo-wide.svg bg-middle.png bg-upper.png index.jsp tomcat.css tomcat.png tomcat.svg

bg-button.png bg-nav.png favicon.ico RELEASE-NOTES.txt tomcat.gif tomcat-power.gif WEB-INF

[root@zzzcentos3 ROOT]#cp index.jsp index.jsp.bak #先备份

[root@zzzcentos3 ROOT]#ls

asf-logo-wide.svg bg-nav.png index.jsp tomcat.css tomcat-power.gif

bg-button.png bg-upper.png index.jsp.bak tomcat.gif tomcat.svg

bg-middle.png favicon.ico RELEASE-NOTES.txt tomcat.png WEB-INF

[root@zzzcentos3 ROOT]#echo tomcat 7-3 > index.jsp #输入内容

[root@zzzcentos3 ROOT]#cat index.jsp

tomcat 7-3

[root@zzzcentos3 ROOT]#

③浏览器检测:

访问动态页面:

访问静态页面:

七、在网关服务器上设置SNAT/DNAT,使client使用网关服务器的ens36接口的IP地址访问也可实现上一题的效果

理解:

我们想要 客户机 用 网关服务器的ens36接口IP地址(12.0.0.1)去访问www.benet.com/index.jsp,从而得到我们在  Tomcat服务器中配置的 动态页面;

所以这是外网(7-5 IP:12.0.0.12)可以访问内网(7-1 ip: 192.168.246.7),所以我们需要配置的是DNAT

①客户机地址配置

②网关服务器配置

<code>[root@zzcentos1 network-scripts]#sysctl -a |grep "ip_forward"

net.ipv4.ip_forward = 0

net.ipv4.ip_forward_use_pmtu = 0

sysctl: reading key "net.ipv6.conf.all.stable_secret"

sctl: reading key "net.ipv6.conf.default.stable_secret"

?ysctl: reading key "net.ipv6.conf.ens33.stable_secret"

sysctl: reading key "net.ipv6.conf.ens36.stable_secret"

sysctl: reading key "net.ipv6.conf.lo.stable_secret"

sysctl: reading key "net.ipv6.conf.virbr0.stable_secret"

sysctl: reading key "net.ipv6.conf.virbr0-nic.stable_secret"

[root@zzcentos1 network-scripts]#vim /etc/sysctl.conf

[root@zzcentos1 network-scripts]#sysctl -p

net.ipv4.ip_forward = 1

[root@zzcentos1 network-scripts]#

③做SNAT与DNAT

[root@zzcentos1 network-scripts]#iptables -t nat -A POSTROUTING -o ens36 -s 192.168.246.0/24 -j SNAT --to 12.0.0.1

[root@zzcentos1 network-scripts]#

[root@zzcentos1 network-scripts]#iptables -t nat -A PREROUTING -i ens36 -d 12.0.0.1 -p tcp --dport 80 -j DNAT --to 192.168.246.7

[root@zzcentos1 network-scripts]#iptables -t nat -vnL

Chain PREROUTING (policy ACCEPT 1 packets, 71 bytes)

pkts bytes target prot opt in out source destination

0 0 DNAT tcp -- ens36 * 0.0.0.0/0 12.0.0.1 tcp dpt:80 to:192.168.246.7

Chain INPUT (policy ACCEPT 1 packets, 71 bytes)

pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

0 0 SNAT all -- * ens36 192.168.246.0/24 0.0.0.0/0 to:12.0.0.1

[root@zzcentos1 network-scripts]#

④客户机浏览器检测:



声明

本文内容仅代表作者观点,或转载于其他网站,本站不以此文作为商业用途
如有涉及侵权,请联系本站进行删除
转载本站原创文章,请注明来源及作者。