服务器炸了重配
Ch.1 前言
服务器炸了,重新配。
Ch.2 服务器配置信息
- 配置Nginx+PHP+MySQL。
- 配置防火墙。
- 配置BBR。
- 配置ShadowsocksR。
- 配置MySQL双主互备份。
- 配置RSync异地同步。
- 配置监控。
Ch.3 装软件
服务器软件在版本选择上将全部使用最新稳定版(Nginx 1.12,PHP 7.1.6,MySQL 5.7)。
Nginx
1.进入官网:https://nginx.org/en/download.html 选择稳定版:
2.安装前准备
注: zlib:nginx提供gzip模块,需要zlib库支持
openssl:nginx提供ssl功能
pcre:支持地址重写rewrite功能
shell> yum -y install zlib zlib-devel openssl openssl-devel pcre-devel gcc gcc-c++ git automake libtool unzip patch
3.为nginx建立专门的用户组
shell> groupadd -r nginx
shell> useradd -s /sbin/nologin -g nginx -r nginx
shell> id nginx
4.下载安装包到/tmp目录
shell> wget https://nginx.org/download/nginx-1.12.0.tar.gz
5. 解压
shell> tar -zxvf nginx-1.12.0.tar.gz
6. 编译
./configure --prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-pcre \
--with-ipv6 \
--with-http_realip_module \
--with-http_v2_module \
--with-http_ssl_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gzip_static_module \
--with-http_dav_module
编译:
make && make install
在/etc/profile文件中将php添加到环境变量中
export PATH=/usr/local/nginx/sbin:$PATH
保存后,输入命令,使其立即生效,使用export查看现在环境
shell> source /etc/profile
shell> export
8.nginx 开启 重启
shell> nginx -c /usr/local/nginx/conf/nginx.conf
shell> nginx -s reload
PHP
1.进入官网:http://php.net/downloads.php 选择稳定版:
2.安装前准备
shell> yum -y install libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers gd gd2 gd-devel gd2-devel perl-CPAN libmcrypt libmcrypt-devel
3. 下载安装包到/tmp目录
shell> wget http://cn2.php.net/get/php-7.0.9.tar.gz/from/this/mirror
4. 解压
shell> tar -zxvf php7.tar.gz
5. 编译前可以看看有哪些选项
shell> ./configure --help
6. 编译
shell> ./configure --prefix=/usr/local/php \
--enable-fpm \
--enable-zip \
--enable-ftp \
--enable-soap \
--enable-xml \
--enable-mbstring \
--disable-rpath \
--disable-debug \
--disable-fileinfo \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-pcre-regex \
--with-iconv \
--with-zlib \
--with-mcrypt \
--with-gd \
--with-openssl \
--with-mhash \
--with-xmlrpc \
--with-curl \
--enable-opcache=no \
--with-zlib-dir=/usr \
--with-libdir=lib64 \
--with-imap-ssl
编译:
make && make install
在/etc/profile文件中将php添加到环境变量中
export PATH=/usr/local/php/bin:$PATH
export PATH=/usr/local/php/sbin:$PATH
保存后,输入命令,使其立即生效,使用export查看现在环境
shell> source /etc/profile
shell> export
MySQL
MySQL采用官网推荐的YUM安装,教程如下(http://dev.mysql.com/doc/mysql-yum-repo-quick-guide/en/)
1.下载Yum Repo
http://dev.mysql.com/downloads/repo/yum/
2.安装repo
shell> rpm -Uvh mysql57-community-release-el6-8.noarch.rpm
shell> yum repolist all | grep mysql
shell> yum install mysql-community-server
shell> yum install mysql-tools-community
shell> yum install mysql-connectors-community
3. 开启服务
shell> service mysqld start
shell> service mysqld status
4.查看自动生成的密码
shell> grep 'temporary password' /var/log/mysqld.log
5.更新root密码
shell> mysql -uroot -p
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'Yu**********';
Ch.4 服务器防火墙配置
1. Centos7的自带防火墙是Firewalld,因为我比较习惯用iptables,所以就换回iptables
shell> systemctl disable firewalld
shell> yum install iptables-service
shell> systemctl enable iptables.service
2. 修改/etc/sysconfig/iptables
shell> vi /etc/sysconfig/iptables
3. 写入以下内容
# Generated by Authuir
*filter
:INPUT DROP
:FORWARD ACCEPT
:OUTPUT ACCEPT
# lo
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
# http/https
-A INPUT -p tcp -m multiport --dports 80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m multiport --sports 80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports 80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
# ssh
-A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
# mysql
-A INPUT -p tcp --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp --sport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT
# dns
-A OUTPUT -p udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
# ping
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
COMMIT
# Completed on Sat Jun 11 00:53:03 2016
4. 重启
shell> service iptables restart
Ch.5 开启BBR
1. 安装elrepo并升级内核
shell> rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
shell> rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
shell> yum --enablerepo=elrepo-kernel install kernel-ml -y
2. 更新grub文件并重启
shell> egrep ^menuentry /etc/grub2.cfg | cut -f 2 -d \'
shell> grub2-set-default 0
shell> reboot
3. 开启BBR
shell> vi /etc/sysctl.conf
添加:
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
加载系统参数:
sysctl -p
4. 确认已开启BBR(单线程下载从1MB/s飙到10MB/s)
shell> sysctl net.ipv4.tcp_available_congestion_control
net.ipv4.tcp_available_congestion_control = bbr cubic reno
Ch.6 配置MySQL双主互备份
1. 首先将服务器Main同步到服务器SSR的状态
先加锁。
mysql> FLUSH TABLES WITH READ LOCK;
然后手动同步数据。
2. 修改MySQL配置
在ssr上的MySQL建立用于备份的用户
mysql> grant replication slave on *.* to 'backup_user'@'main.ip' identified by '123456';
修改ssr的my.cnf
shell> vi /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
server-id = 1
log_bin = mysql-bin
expire_logs_days = 15
max_binlog_size = 100M
binlog_format = mixed
binlog-ignore-db = mysql
binlog-ignore-db = information_schema
binlog-ignore-db = performance_schema
auto-increment-increment = 2
auto-increment-offset = 1
修改main的my.cnf
shell> vi /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
server-id = 2
log_bin = mysql-bin
expire_logs_days = 15
max_binlog_size = 100M
binlog_format = mixed
binlog-ignore-db = mysql
binlog-ignore-db = information_schema
binlog-ignore-db = performance_schema
relay_log = mysql-relay-bin
log-slave-updates = 1
重启两台MySQL服务器。
- 开启同步
进入SSR的mysql命令行输入以下命令:
mysql> show master status\G
记录File和Position
进入Main的mysql命令行输入以下命令:
mysql> CHANGE MASTER TO
MASTER_HOST='ssr.ip',
MASTER_USER='backup_user',
MASTER_PASSWORD='123456',
MASTER_LOG_FILE='mysql-bin.000005',
MASTER_LOG_POS=154;
重启MySQL,看看配置是否成功:
mysql> show slave status\G
解锁ssr的写入:
mysql> UNLOCK TABLES;
4. 开启反向同步
下面,此时,SSR->Main的单向同步备份已经完成,下面进行Main->SSR的备份,在SSR和Main的my.cnf下分别追加:。
SSR:
server-id = 1
log_bin = mysql-bin
expire_logs_days = 15
max_binlog_size = 100M
binlog_format = mixed
binlog-ignore-db = mysql
binlog-ignore-db = information_schema
binlog-ignore-db = performance_schema
auto-increment-increment = 2
auto-increment-offset = 1
replicate-ignore-db = mysql
replicate-ignore-db = information_schema
replicate-ignore-db = performance_schema
relay_log = mysql-relay-bin
log-slave-updates = ON
Main:
server-id = 2
log_bin = mysql-bin
expire_logs_days = 15
max_binlog_size = 100M
binlog_format = mixed
replicate-ignore-db = mysql
replicate-ignore-db = information_schema
replicate-ignore-db = performance_schema
relay_log = mysql-relay-bin
log-slave-updates = ON
binlog-ignore-db = mysql
binlog-ignore-db = information_schema
binlog-ignore-db = performance_schema
auto-increment-increment = 2
auto-increment-offset = 2
两边重启MySQL。
在Main上新建slave帐号,并查看状态:
mysql> grant replication slave on *.* to 'backup_user'@'ssr.ip' identified by '123456';
mysql> show master status\G
在SSR开启同步:
mysql> CHANGE MASTER TO
MASTER_HOST='main.ip',
MASTER_USER='backup_user',
MASTER_PASSWORD='123456',
MASTER_LOG_FILE='mysql-bin.000003',
MASTER_LOG_POS=1841;
重启MySQL,看看是否成功:
mysql> show slave status\G
搞定。
Ch.7 配置定时任务 将所有业务服务化
1. Nginx服务
写入:/usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx 服务
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
然后执行指令,加入service,使其自动重启,并启动任务
shell> systemctl enable nginx
shell> systemctl start nginx.service
如果中间修改了service,需要运行这个来重新加载
shell> systemctl daemon-reload
2. ShadowsocksR服务
写入:/usr/lib/systemd/system/ssr.service
[Unit]
Description=SSR 服务
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStart=/usr/bin/python /usr/local/shadowsocks/server.py -c /usr/local/shadowsocks/config.json -d start
ExecReload=/usr/bin/python /usr/local/shadowsocks/server.py -c /usr/local/shadowsocks/config.json -d stop && /usr/bin/python /usr/local/shadowsocks/server.py -c /usr/local/shadowsocks/config.json -d start
ExecStop=/usr/bin/python /usr/local/shadowsocks/server.py -c /usr/local/shadowsocks/config.json -d stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
然后执行指令,加入service,使其自动重启,并启动任务
shell> systemctl enable ssr
shell> systemctl start ssr.service
3. php-fpm服务
写入:/usr/lib/systemd/system/php.service
[Unit]
Description=PHP 服务
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStart=/usr/local/php/sbin/php-fpm -c /usr/local/php/lib/php.ini
ExecReload=/usr/bin/kill `pgrep -f "php-fpm: master process"` && sleep 1 && /usr/local/php/sbin/php-fpm -c /usr/local/php/lib/php.ini
ExecStop=/usr/bin/kill `pgrep -f "php-fpm: master process"`
PrivateTmp=true
[Install]
WantedBy=multi-user.target
然后执行指令,加入service,使其自动重启,并启动任务
shell> systemctl enable php
shell> systemctl start php.service
3. Crontab服务+定时运行certbot
每个月1号0点0分自动更新证书
shell> crontab -e
0 0 1 * * certbot renew
标签: 无标签
已有 7 条评论
2017年07月10日
日常重配
回复
2023年06月02日
1
回复
2023年06月02日
1
回复
2023年06月02日
1
回复
2023年06月02日
555
回复
2023年06月02日
1
回复
2023年06月02日
1
回复