系统部署之mongodb安装

系统部署之mongodb安装

安装文件

  • mongodb-linux-x86_64-rhel70-3.4.5.tgz

解压安装

  1. tar -zxf mongodb-linux-x86_64-rhel70-3.4.5.tgz
  2. mv mongodb-linux-x86_64-rhel70-3.4.5 /usr/local/mongodb

创建用户

  1. mkdir /data/mongodb/{log,conf,data}
  2. groupadd mongodb
  3. useradd -g mongodb -s /sbin/nologin mongodb
  4. chown -R mongodb:mongodb /data/mongodb

修改配置

master

#master.conf
dbpath=/data/mongodb/data
logpath=/data/mongodb/log/master.log
pidfilepath=/data/mongodb/log/master.pid
directoryperdb=true
logappend=true
replSet=rs
bind_ip=本机IP
port=27017
oplogSize=10000
fork=true
noprealloc=true
#auth=true
#keyFile=/data/mongodb/mongodb-cluster-key

slave

#slaver.conf
dbpath=/data/mongodb/data
logpath=/data/mongodb/log/slaver.log
pidfilepath=/data/mongodb/log/slaver.pid
directoryperdb=true
logappend=true
replSet=rs
bind_ip=本机IP
port=27017
oplogSize=10000
fork=true
noprealloc=true
#auth=true
#keyFile=/data/mongodb/mongodb-cluster-key

arbiter

#arbiter.conf
dbpath=/data/mongodb/data
logpath=/data/mongodb/log/arbiter.log
pidfilepath=/data/mongodb/log/arbiter.pid
directoryperdb=true
logappend=true
replSet=rs
bind_ip=本机IP
port=27017
oplogSize=10000
fork=true
noprealloc=true
#auth=true
#keyFile=/data/mongodb/mongodb-cluster-key

系统服务

master-service

/lib/systemd/system/mongodb.service 

[Unit]
Description=mongodb
After=network.target

[Service]
Type=forking
User=mongodb
ExecStart=/usr/local/mongodb/bin/mongod --config /data/mongodb/conf/master.conf
Restart=on-failure

[Install]
WantedBy=multi-user.target

其他类似,修改配置文件地址即可

启动3台服务

集群配置

mongo 主IP:27017
use admin
cfg={ _id:"rs", members:[ {_id:0,host:'masterIP:27017',priority:2}, {_id:1,host:'slave ip:27017',priority:1},
{_id:2,host:'arbiter ip:27017',arbiterOnly:true}] };
rs.initiate(cfg) 

认证配置

mongo 主IP:27017
use admin
db.system.users.remove({})
db.system.version.remove({})
db.system.version.insert({ "_id" : "authSchema", "currentVersion" : 3 })
db.createUser({user:"admin",pwd:"admin",roles:[{role:"userAdminAnyDatabase",db:"admin"},{role:"dbAdminAnyDatabase",db:"admin"},{role:"readWriteAnyDatabase",db:"admin"}]})
db.grantRolesToUser('admin',["clusterManager",{role:"clusterManager",db:"admin"}])
use rfid
db.createUser({user:"rfid",pwd:"rfid",roles:[{role:"dbOwner",db:"rfid"},{role:"readWrite",db:"rfid"},{role:"dbAdmin",db:"rfid"}]})

生成集群认证KEY

  1. openssl rand -base64 741 > /data/mongodb/mongodb-cluster-key
  2. chmod 600 /data/mongodb/mongodb-cluster-key
  3. chown mongodb:mongodb /data/mongodb/mongodb-cluster-key

关闭服务,取消配置文件最后2行注释

系统部署之redis集群安装(sentinel)

系统部署之redis集群安装(sentinel)

安装文件

  • redis-3.2.9.tar.gz

编译安装

  1. yum install gcc
  2. make CFLAGS="-march=x86-64"
  3. make install PREFIX=/usr/local/redis
  4. mkdir /usr/local/redis/etc

创建用户

  1. groupadd redis
  2. useradd -g redis -d /var/lib/redis -s /sbin/nologin redis
  3. mkdir -p /var/lib/redis/{logs,data,sentinel_26379}
  4. chown -R redis:redis /var/lib/redis
  5. chown -R redis:redis /usr/local/redis/etc/

创建配置

master配置

/usr/local/redis/etc/redis.conf

daemonize yes
pidfile /var/lib/redis/logs/redis.pid
port 6379
timeout 0
loglevel notice
logfile /var/lib/redis/logs/redis.log
databases 16
save 60 100000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /var/log/redis/data
slave-serve-stale-data yes
slave-read-only yes
slave-priority 100
appendonly no
appendfsync no
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-entries 512
list-max-ziplist-value 64
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
min-slaves-to-write 1
min-slaves-max-lag 10
masterauth 123456
requirepass 123456
/usr/local/redis/etc/sentinel_26379.conf

port 26379
dir "/var/lib/redis/sentinel_26379"
logfile "/var/log/redis/logs/sentinel_26379.log"
daemonize yes
protected-mode no
sentinel monitor 51master 主IP 主端口 2
sentinel down-after-milliseconds 51master 5000
sentinel failover-timeout 51master 120000
sentinel auth-pass 51master 123456

slave配置

/usr/local/redis/etc/redis.conf

daemonize yes
pidfile /var/lib/redis/logs/redis.pid
port 6379
timeout 0
loglevel notice
logfile /var/lib/redis/logs/redis.log
databases 16
save 60 100000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /var/lib/redis/data
slave-serve-stale-data yes
slave-read-only yes
slave-priority 100
appendonly no
appendfsync no
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-entries 512
list-max-ziplist-value 64
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
min-slaves-to-write 1
min-slaves-max-lag 10
masterauth 123456
requirepass 123456
slaveof 主IP 端口
/usr/local/redis/etc/sentinel_26379.conf

port 26379
dir "/var/lib/redis/sentinel_26379"
logfile "/var/log/redis/logs/sentinel_26379.log"
daemonize yes
protected-mode no
sentinel monitor 51master 主IP 主端口 2
sentinel down-after-milliseconds 51master 5000
sentinel failover-timeout 51master 120000
sentinel auth-pass 51master 123456

slave2配置

同slave1配置

系统服务(3台相同)

sentinel

/lib/systemd/system/redis_26379.service
 
[Unit]
Description=redis-sentinel
After=network.target,redis.target

[Service]
Type=forking
User=redis
ExecStart=/usr/local/redis/bin/redis-sentinel /usr/local/redis/etc/sentinel_26379.conf
Restart=on-failure

[Install]
WantedBy=multi-user.target

redis

/lib/systemd/system/redis.service

[Unit]
Description=redis
After=network.target

[Service]
Type=forking
User=redis
ExecStart=/usr/local/redis/bin/redis-server /usr/local/redis/etc/redis.conf
Restart=on-failure

[Install]
WantedBy=multi-user.target

系统部署之keepalived安装

系统部署之keepalived安装

安装文件

  • keepalived-1.3.5.tar.gz

编译安装

./configure
make && make install

修改配置

机器1

/etc/keepalived/keepalived.conf 

! Configuration File for keepalived
global_defs {
    notification_email {
        root@localhost
    }
    notification_email_from www@example.com
    smtp_server mail.example.com
    smtp_connect_timeout 30
    router_id LVS_DEVEL
}
vrrp_script chk_nginx {
    script "/etc/keepalived/check_nginx.sh" 
    interval 2 
    weight -5 
    fall 3  
    rise 2 
}
vrrp_instance VI_1 {
    state MASTER
    interface 网卡接口名
    virtual_router_id 51
    priority 101
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        虚拟地址1
    }
    track_script {
       chk_nginx 
    }
}
vrrp_instance VI_2 {
    state BACKUP
    interface 网卡接口名
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        虚拟地址2
    }
    track_script {
       chk_nginx
    }
}

机器2

! Configuration File for keepalived
global_defs {
    notification_email {
        root@localhost
    }
    notification_email_from www@example.com
    smtp_server mail.example.com
    smtp_connect_timeout 30
    router_id LVS_DEVEL
}
vrrp_script chk_nginx {
    script "/etc/keepalived/check_nginx.sh" 
    interval 2 
    weight -5 
    fall 3  
    rise 2 
}
vrrp_instance VI_1 {
    state BACKUP
    interface 网卡接口名
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        虚拟地址1
    }
    track_script {
       chk_nginx 
    }
}
vrrp_instance VI_2 {
    state MASTER
    interface 网卡接口名
    virtual_router_id 52
    priority 101
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        虚拟地址2
    }
    track_script {
       chk_nginx
    }
}

nginx检查脚本

check_nginx.sh 

#!/bin/bash
counter=$(ps -C nginx --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
    /usr/local/nginx/sbin/nginx
    sleep 2
    counter=$(ps -C nginx --no-heading|wc -l)
    if [ "${counter}" = "0" ]; then
        service keepalived stop
    fi
fi

系统服务

/lib/systemd/system/keepalived.service

[Unit]
Description=LVS and VRRP High Availability Monitor
After=syslog.target network.target

[Service]
Type=simple
PIDFile=/usr/local/var/run/keepalived.pid
KillMode=process
EnvironmentFile=-/usr/local/etc/sysconfig/keepalived
ExecStart=/usr/local/sbin/keepalived --dont-fork -D
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

测试

尝试关闭一台keepalived服务,查看另一台网络端口情况

注意事项

  • 防火墙启用状态下执行
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 \
  --in-interface enp0s8 --destination 224.0.0.18 --protocol vrrp -j ACCEPT

firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 \
  --out-interface enp0s8 --destination 224.0.0.18 --protocol vrrp -j ACCEPT

firewall-cmd --reload

系统部署之nginx安装

系统部署之nginx安装

安装文件

  • nginx-1.12.0.tar.gz
  • gd-devel-2.0.35-26.el7.x86_64.rpm

安装依赖

yum install gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel libxml2 libxml2-devel libxslt libxslt-devel gd-devel geoip geoip-devel -y

yum install gd fontconfig-devel freetype-devel libX11-devel libXpm-devel libjpeg-devel libpng-devel -y

创建用户

useradd -M -s /sbin/nologin nginx

编译安装

./configure \
 --prefix=/usr/local/nginx \
 --user=nginx \
 --group=nginx \
 --with-pcre \
 --with-http_ssl_module \
 --with-http_v2_module \
 --with-http_realip_module \
 --with-http_addition_module \
 --with-http_sub_module \
 --with-http_dav_module \
 --with-http_flv_module \
 --with-http_mp4_module \
 --with-http_gunzip_module \
 --with-http_gzip_static_module \
 --with-http_random_index_module \
 --with-http_secure_link_module \
 --with-http_stub_status_module \
 --with-http_auth_request_module \
 --with-http_image_filter_module \
 --with-mail \
 --with-mail_ssl_module \
 --with-stream_ssl_module

 make && make install

系统服务

vi /usr/lib/systemd/system/nginx.service

[Unit]
 Description=The nginx HTTP and reverse proxy server
 After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
 Type=forking
 PIDFile=/usr/local/nginx/logs/nginx.pid
 ExecStartPre=/usr/local/nginx/sbin/nginx -t
 ExecStart=/usr/local/nginx/sbin/nginx
 ExecReload=/bin/kill -s HUP /usr/local/nginx/logs/nginx.pid
 ExecStop=/bin/kill -s QUIT /usr/local/nginx/logs/nginx.pid
 PrivateTmp=true

[Install]
 WantedBy=multi-user.target

配置自启动

配置开机自动启动
systemctl enable nginx

启动服务
systemctl start nginx

停止服务
systemctl stop nginx

搭建图片服务(三)

为图片服务增加jwt认证

安装依赖

  • lua-resty-jwt-0.1.11.tar.gz
  1. 解压
   tar -zxf lua-resty-jwt-0.1.11.tar.gz

  1. 安装
   cd cd lua-resty-jwt-0.1.11/lib/
   cp -R resty /usr/local/luajit/lib/lua
  • basexx
  1. 下载
  https://github.com/aiq/basexx/blob/master/lib/basexx.lua
  1. 安装
cp basexx.lua /usr/local/nginx/lua_lib

  • nginx-jwt.lua
  1. 下载
   https://github.com/auth0/nginx-jwt/blob/master/nginx-jwt.lua
  1. 安装
   cp nginx-jwt.lua /usr/local/nginx/lua_lib/
  1. 修改
   47行 local jwt_obj = jwt:verify(secret, token, 0)
   修改为 local jwt_obj = jwt:verify(secret, token)

配置环境变量

   export JWT_SECRET=4Tz7JuEERJkrIsU=
   export JWT_SECRET_IS_BASE64_ENCODED=true

配置nginx.conf

   location /upload {
        access_by_lua '
            local jwt = require "nginx-jwt"
            jwt.auth()
        ';
        error_log logs/upload_err.log;
        content_by_lua_file lua_lib/nginx_upload.lua;
   } 

完。