- Recently deployed a set of e-commerce platforms, the entire process is now a comb.
1. First identify the business process
- Project initiation
- Develop programmes
- System Installation
- Deploy Nginx, Tomcat
- Resolving domain Names
- Test
- Plus monitoring
- Backup
2. Implementing 1 of Content 2.1 programming
- Plan according to the project situation, the topology diagram is as follows
Idea, the previous segment uses hardware load balancer Banggoo, which will access the payload to Nginx,nginx and then reverse proxy the request to the back-end tomcat.
The server purchased a total of 4 units, of which 2 were database servers, and two used virtual machines, each with virtual 5 servers.
Each server configuration, operating system, partition, hostname, IP address, switch interface partition
2.2 System Installation skipped: After the system is installed, the Web application machine needs to be uniformly executed echo ' export histtimeformat= '%F%T ' whoami ' ' >>/etc/profile echo ' Export Prompt_comman D= ' {msg=$ (History 1 | {read x y; echo $y;}); Logger "[euid=$ (WhoAmI)]": $ (Who am I): [' pwd '] "$msg"; } ' >>/etc/profile
/etc/sysctl.conf
vm.swappiness=10
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_synack_retries = 2
Vm.overcommit_memory = 1
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_tw_recycle = 0
Net.ipv4.tcp_fin_timeout = 30
Net.ipv4.tcp_keepalive_time = 1800
Net.ipv4.tcp_max_syn_backlog = 8192
Net.ipv4.ip_local_port_range = 10000 65000
/etc/security/limits.conf
* Soft Nofile 102400
* Hard Nofile 102400
2.3 Deployment of Nginx, Tomcat
- Install Nginx before installing Pcre (perl Compatible Regular Expressions), Perl compatible regular expressions, official website for http://www.pcre.org
- Nginx has rewrite module modules, (HTTP rewrite module), pseudo-static URL rewriting needs it, rewrite need to Pcre library. So Nginx needs to install Pcre.
- Yum install-y pcre pcre-devel OpenSSL openssl-devel
Installing Nginx
Configure arguments:--prefix=/usr/local/nginx/--user=nginx--group=nginx--with-http_ssl_module--with-http_stub_ Status_module
Nginx Partial Modification configuration
Worker_processes 4;
Events {
worker_connections;
}
HTTP {
include mime.types;
Default_type application/octet-stream;
Log_format Main ' $remote _addr-$ Remote_user [$time _local] "$request" '
' $status $body _bytes_sent $request _time {$upstream _addr $upstream _status $ Upstream_http_content_length $upstream _response_time} '
' "$http _x_real_ip" "$http _x_forwarded_for" "$host";
Access_log Logs/access.log Main;
Sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
Keepalive_timeout 65;
#gzip on;
Upstream Dealer {
Ip_hash;
Server 192.168.1.54:8081;
Server 192.168.1.64:8081;
}
Upstream shop{
Ip_hash;
Server 192.168.1.55:8081;
Server 192.168.1.65:8081;
}
Upstream platform{
Ip_hash;
Server 192.168.1.56:8081;
Server 192.168.1.66:8081;
}
server {
Listen default;
server_name localhost;
Location/{
root HTML;
Index index.html index.htm;
}
}
server {
Listen 80;
server_name backend;
Access_log Logs/backend.access.log Main;
Location/{
Proxy_pass http://platform/;
Proxy_redirect off;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Proxy_pass_header user-agent;
Proxy_set_header Host $host;
Allow 192.168.0.0/16;
Deny all;
}
}
server {
Listen 443 SSL;
server_name dealer.tb.com;
Access_log Logs/dealer.access.log Main;
Server_tokens off;
SSL_CERTIFICATE/USR/LOCAL/NGINX/CONF/SERVER_2019.CRT;
Ssl_certificate_key/usr/local/nginx/conf/server_2019.key;
Ssl_session_cache shared:ssl:1m;
Ssl_session_timeout 5m;
Ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Ssl_prefer_server_ciphers on;
Rewrite ^/$/dealershop/redirect;
Location/{
Proxy_pass http://dealer/;
Proxy_redirect off;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Proxy_pass_header user-agent;
Proxy_set_header Host $host;
}
location/platform/captcha/getcaptchaimg.do {
Proxy_pass Http://platform;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Proxy_pass_header user-agent;
Proxy_set_header Host $host;
}
}
server {
Listen 443 SSL;
server_name shop.tb.com;
Access_log Logs/shop.access.log Main;
Server_tokens off;
SSL_CERTIFICATE/USR/LOCAL/NGINX/CONF/SERVER_2019.CRT;
Ssl_certificate_key/usr/local/nginx/conf/server_2019.key;
Ssl_session_cache shared:ssl:1m;
Ssl_session_timeout 5m;
Ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Ssl_prefer_server_ciphers on;
Rewrite ^/$/payonline/redirect;
Location/{
Proxy_pass http://shop/;
Proxy_redirect off;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Proxy_pass_header user-agent;
Proxy_set_header Host $host;
}
Location ~/payonline/paysuccess {
if ($uri ~ ([\w]+.xhtml) $) {
Set $d _path $;
Rewrite. xhtml/payonline/#/$d _path redirect;
}
Proxy_pass Http://shop;
}
Location ~/payonline/payfail {
if ($uri ~ ([\w]+.xhtml) $) {
Set $d _path $;
Rewrite. xhtml/payonline/#/$d _path redirect;
}
Proxy_pass Http://shop;
}
Location ~/payonline {
if ($uri ~ ([\w]+.xhtml) $) {
Set $d _path $;
Rewrite. xhtml$/payonline/#/$d _path redirect;
}
Proxy_pass Http://shop;
}
}
server {
Listen 80;
Listen 443 SSL;
server_name tmail.tb.com;
Access_log Logs/tmail.access.log Main;
Server_tokens off;
SSL_CERTIFICATE/USR/LOCAL/NGINX/CONF/SERVER_2019.CRT;
Ssl_certificate_key/usr/local/nginx/conf/server_2019.key;
Ssl_session_cache shared:ssl:1m;
Ssl_session_timeout 5m;
Ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Ssl_prefer_server_ciphers on;
Rewrite ^/$/cherryhomepage/home.html redirect;
Location/{
Proxy_pass http://dealer/;
Proxy_redirect off;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Proxy_pass_header user-agent;
Proxy_set_header Host $host;
}
}
}
Note: The certificate is used here, and it is turned off by 80, using 443, and the upload file size is adjusted. when rewrite is used, it is
Redirect,The service requires a temporary redirect, otherwise it is not OK. Note that the log format and log for each module are recorded separately. You must not log the log to a file by default. Nginx modified after the SBING/NGIINX-T to detect the correct configuration, sbinx/nginx-s reload to overload.
Nginx is configured with Ip_hash, each request according to the hash result of the access IP allocation, so that each visitor fixed access to a back-end server, can solve the session problem. So the problem comes, all fixed access to the backend a server, but also load balancing why???? This is only a back-end server outage before it is load-balanced to another server. So this is a disadvantage, but solves the problem of the session. Initially confirmed that do not need the session, are deployed after the test is OK, and then suddenly said the need to session, and then have a ip_hash, this is the origin of it. Since the system backend storage uses Redis, consider saving the session to Redis, after the communication is confirmed, development can temporarily not modify the business code, the session will be credited to Redis or MySQL.
Tomcat requires a Java environment, configuring environment variables to install 64-bit systems, using 32-bit JDK, business requirements 32-bit write-in to/etc/profilejava_home=/usr/java/jdk1.7.0_79/path= $JAVA _home/bin: $PATHclasspath= $JAVA _home/jre/lib/ext: $JAVA _home/lib/tools.jarexport Java_home PATH CLASSPATH
- Database MySQL Mongodb master-Slave installation deployment
Mysql uses version of the server version:5.5.50 installation process slightly over MongoDB using version MongoDB Shell version:2.6.12, originally installed in MongoDB 3.0 version, because of the performance on 3.0 Fling 2.0 Several streets, but after a period of testing and then swapped back to the 2.0 version, 3.0 of the version of the program cannot write data. Later wait for the program to modify and then upgrade the MongoDB version. Mongodb master and slave use of 2 servers, and did not press the official 3 servers to do. Redis version: redis-3.0.7 2.4 Parse domain 2.5 test test needs corresponding to look at the log and system IO situation 2.6 plus monitoring Zabbix monitoring host status, Zabbix very powerful, but the URL of the monitoring of individuals more inclined To Nagion. Nagion monitoring URL, Nagios is mostly free and flexible. 2.7 Backup Business system is mainly written in the MySQL database, writing scripts every morning to full backup, while opening the Binglog. The new environment recommends deployment management using Saltstack for reasons of unified deployment, parallel execution, and remote management. If you need a network backup system, it is recommended to use Bacula, and Web management recommends using Webacula. The software may be a bit of a hassle during the pre-deployment phase, but it is good to use in the application, especially when using the Web interface to operate backup and recovery. Individuals are more inclined to Bacula than Amanda.
E-commerce platform construction process carding