Open stanleyyylau opened 7 years ago
机器:175 操作:安装NFS客户端工具,测试组员配置的NFS服务器
sudo yum install -y nfs-utils
showmount -e 192.168.14.182
显示结果如下
Export list for 192.168.14.182:
/share 192.168.0.0/20
sudo mount -t nfs -o nfsvers=3 192.168.14.182:/share/ /mnt/
df -h
显示挂载成功
sudo mkdir /mnt/share /mnt/backup
ls
机器:175 操作:安装PHP环境,Java环境
cd /usr/local/src/
sudo yum install screen
sudo yum install -y wget
screen -S lnmp
sudo wget -c http://soft.vpser.net/lnmp/lnmp1.4.tar.gz && sudo tar zxf lnmp1.4.tar.gz && cd lnmp1.4 && sudo ./install.sh lnmp
安装按照默认的,PHP安装5.2的
官网下载地址 http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html 下载jdk8,放到/usr/local/src/目录下 tar zxvf jdk-8u144-linux-x64.tar.gz mv jdk1.8.0_144 /usr/local/jdk1.8 vi /etc/profile //最后面增加
JAVA_HOME=/usr/local/jdk1.8/
JAVA_BIN=/usr/local/jdk1.8/bin
JRE_HOME=/usr/local/jdk1.8/jre
PATH=$PATH:/usr/local/jdk1.8/bin:/usr/local/jdk1.8/jre/bin
CLASSPATH=/usr/local/jdk1.8/jre/lib:/usr/local/jdk1.8/lib:/usr/local/jdk1.8/jre/lib/charsets.jar
source /etc/profile java -version
sudo chown aminglinux:aminglinux src/
sudo chown -R aminglinux:aminglinux /usr/local/tomcat
cd /usr/local/src
sudo wget http://mirrors.shuosc.org/apache/tomcat/tomcat-8/v8.5.20/bin/apache-tomcat-8.5.20.tar.gz
sudo tar zxvf apache-tomcat-8.5.20.tar.gz
sudo mv apache-tomcat-8.5.20 /usr/local/tomcat
sudo chown aminglinux:aminglinux /usr/local/tomcat/bin/startup.sh
解决权限问题,不然会出现404
sudo chown -R aminglinux:aminglinux /data
/usr/local/tomcat/bin/startup.sh
ps aux|grep tomcat 启动的是tomcat,但是会出现java的进程
netstat -lntp |grep java
sudo vi /usr/local/tomcat/conf/server.xml
增加虚拟主机,编辑server.xml
,在</Host>
下面增加如下内容
<Host name="www.team7blog.com" appBase=""
unpackWARs= "true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Context path="" docBase="/data/wwwroot/123.cn/" debug="0" reloadable="true" crossContext="true"/>
</Host>
zrlog wget http://dl.zrlog.com/release/zrlog-1.7.1-baaecb9-release.war
mv zrlog-1.7.1-baaecb9-release.war /usr/local/tomcat/webapps/
mv /usr/local/tomcat/webapps/zrlog-1.7.1-baaecb9-release /usr/local/tomcat/webapps/zrlog
mv /usr/local/tomcat/webapps/zrlog/* /data/wwwroot/123.cn/
开启反向代理,放80端口可以访问tomcat的8080
server
{
listen 80;
#listen [::]:80;
server_name www.team7blog.com;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/www.team7blog.com;
include none.conf;
#error_page 404 /404.html;
location / {
proxy_pass http://192.168.14.175:8080/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
access_log off;
}
访问web端完成安装
sudo chown aminglinux:aminglinux DedeCMS-V5.7-UTF8-SP2-Full sudo cp -r DedeCMS-V5.7-UTF8-SP2-Full/uploads/* . rm -rf DedeCMS-V5.7-UTF8-SP2-Full sudo find /home/wwwroot/www.team7dedecms.com -type d -exec chmod 775 {} \; sudo find /home/wwwroot/www.team7dedecms.com -type f -exec chmod 644 {} \; sudo chown -R www:www www.team7dedecms.com/
访问web端完成安装
先挂载共享盘 sudo mount -t nfs -o nfsvers=3 192.168.14.177:/share/ /mnt/share
再挂载备份盘 sudo mount -t nfs -o nfsvers=3 192.168.14.182:/share/ /mnt/backup
分别创建目录放dedecms和zrlog的共享文件 需要共享的静态文件目录如下
uploads images
mkdir /mnt/share/dedecms/uploads mkdir /mnt/share/dedecms/images
sudo cp -r ./images/ /mnt/share/dedecms/images/ sudo cp -r ./uploads/ /mnt/share/dedecms/uploads/
删除原dedecms里面的文件夹,开始建立软连接
sudo ln -s /mnt/share/dedecms/uploads /home/wwwroot/www.team7dedecms.com/uploads sudo ln -s /mnt/share/dedecms/images /home/wwwroot/www.team7dedecms.com/images
把属主改回nginx sudo chown -R www:www images sudo chown -R www:www uploads
sudo yum install nfs-utils sudo yum install rpcbind
关闭防火墙 sudo systemctl stop firewalld.service sudo setenforce 0
编辑配置文件,准备共享 sudo vi /etc/exports
/home/wwwroot 192.168.0.0/20(rw,sync,no_root_squash)
开启服务 sudo systemctl start rpcbind.service sudo systemctl enable rpcbind.service sudo systemctl start nfs.service sudo systemctl enable nfs.service
测试 showmount -e 192.168.14.175
机器:176 操作:安装PHP环境,Java环境,挂载web1的网站程序文件
环境安装同上
只挂载共享盘就行了,备份数据全部由web1传送给备份服务器
先挂载静态NFS,再挂载web1 sudo mount -t nfs -o nfsvers=3 192.168.14.182:/share/ /mnt/backup sudo mkdir /mnt/web1
删除原来/home/wwwroot/www.team7dedecms.com 文件夹并创建软连接 sudo ln -s /mnt/web1/www.team7dedecms.com /home/wwwroot/www.team7dedecms.com sudo chown -R www:www www.team7dedecms.com/
修改host文件然后访问www.team7dedecms.com 测试成功
直接挂载 sudo mount -t nfs -o nfsvers=3 192.168.14.175:/data/wwwroot/123.cn /mnt/web1_123.cn
sudo ln -s /mnt/web1_123.cn /data/wwwroot/123.cn
机器:173,174 操作:配置nginx负载均衡
查看nginx配置路径 /etc/init.d/nginx -v
sudo cp /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak sudo vi /usr/local/nginx/conf/nginx.conf
最底部改成这样
upstream backend
{
server 192.168.14.175:80;
server 192.168.14.176:80;
}
server
{
listen 80;
server_name www.team7dedecms.com www.team7blog.com;
location / {
proxy_pass http://backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
sudo /etc/init.d/nginx configtest sudo /etc/init.d/nginx reload curl -x192.168.14.17 www.team7blog.com -I
机器:175 操作:安装Discuz
机器:175, 176 操作:密钥登陆,禁止root远程登陆,配置sudo和简易的审计系统
密钥登录
创建aminglinux用户, 密码为7组内部统一密码
useradd aminglinux && passwd aminglinux
添加生成的私钥
mkdir /home/aminglinux/.ssh && vi /home/aminglinux/.ssh/authorized_keys
相关权限修改
禁止root远程登陆
vi /etc/ssh/sshd_config
找到PasswordAuthentication
和PermitRootLogin
这两行 关掉注释并分别修改为保存文件并重启sshd
配置sudo
配置简易审计
打开
/etc/profile
在最下面复制下面内容保存并执行
source /etc/profile
最后为了让其他用户能记录,需求给其实用户加上写权限
chmod 646 /var/log/audit.log