Practical tutorial on online project configuration of Linux system cluster architecture (I): linux practice
Project Overview
The entire project includes the following application projects:
1. User APP
2. Merchant APP
3. Business Platform management background
4. Business Management Background
5. Official Website
The overall project planning and design are as follows:
1. the user's APP is deployed in a JAVA environment and two servers are deployed in the initial environment to achieve load balancing and high availability. The front-end load uses nginx for load balancing.
2. The Merchant APP is deployed in a JAVA environment and two servers are deployed in the initial environment to achieve load balancing and high availability. The front-end load uses nginx for load balancing.
3. The business platform management background is deployed in a JAVA environment. A server is deployed in the initial environment, and nginx reverse proxy is used in the front end. The business traffic will expand in the future and the architecture will be expanded again.
4. The management background of the merchant platform is deployed in the JAVA environment. A server is deployed in the initial environment, and nginx reverse proxy is used in the front end. The business traffic will expand in the future and the architecture will be expanded again.
5. The official website uses some static pages and nginx deployment. The WEB Service also installs the FTP server and uploads some static Resources in the business management background.
6. The database uses the Mysql master-slave replication architecture, implements read/write sharing on the program, and enables binlog from the database for backup.
7. All backup data of the entire network is synchronized to the professional Intranet backup server, and all business backup data is retained for 30 days.
8. All server monitoring (basic monitoring and service monitoring) across the network adopts zabbix monitoring
The server IP address is planned as follows:
Server environment and application software version
Server Environment
[root@centos ~]# cat /etc/redhat-releaseCentOS release 6.8 (Final)[root@centos ~]# uname -r2.6.32-642.el6.x86_64
Application version
Nginx 1.12.1
Mysql 5.7.17
Jdk 1.8
Tomcat 8.5.9
Zabbian 3.0
Yum source 163, Alibaba Cloud, sohu domestic sources are available, choose your own
Redis 4.0.1
Server logic architecture
Configure the YUM source in China. Take 163 as an example.
[root@centos ~]# cd /etc/yum.repos.d/[root@centos yum.repos.d]# wget http://mirrors.163.com/.help/CentOS6-Base-163.repo[root@centos yum.repos.d]# mv CentOS-Base.repo CentOS-Base.repo.bak[root@centos yum.repos.d]# mv CentOS6-Base-163.repo CentOS-Base.repo
Install required software packages
[root@centos ~]# yum install lsof vim telnet dos2unix lrzsz tree –y
Disable services that do not need to be started
[root@centos ~]#for service in chkconfig --list|grep 3:on|awk '{print $1}';do chkconfig —level 3 $service off;done[root@centos ~]#for service in crond network sshd rsyslog;do chkconfig —level 3 $service on;done[root@centos ~]# chkconfig —list|grep 3:on
Modify the default configuration of the SSH service
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.baksed -i ‘s%#Port 22%Port 2233%g’ /etc/ssh/sshd_configsed -i ‘s%#PermitRootLogin yes%PermitRootLogin no%g’ /etc/ssh/sshd_configsed -i ‘s%#PermitEmptyPasswors no%PermitEmptyPasswors no%g’ /etc/ssh/sshd_configsed -i ‘s%#UseDNS yes%UseDNS no%g’ /etc/ssh/sshd_configegrep “UseDNS|2233|RootLogin|EmptyPass” /etc/ssh/sshd_config/etc/init.d/sshd reload
Disable selinux
Configuration file/etc/selinux/config
sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#g’ /etc/selinux/configegrep “SELINUX=” /etc/selinux/config
Disable Firewall
If the firewall is not directly disabled for an internet server, it is recommended that you enable the firewall if you have an Internet address and allow the relevant service ports. For a high-concurrency server, you do not need to enable the firewall, which may affect the performance.
/etc/invited/pintables stop/etc/invited/pintables statuspintables: Firewall is not running.
Lock key system files
for file in /etc/passed /etc/shadow /etc/services /etc/initial /etc/rc.localdochattr +i $filedone
Configure full-network server time synchronization
/usr/sbin/ntpdate time.windows.comcat>>/var/spool/cron/root<#this cron is for ntpdate/5 * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1#cron config endEOF
Configure the hosts file of the whole network server
Cat>>/etc/hosts<10.0.0.1 nginx-lb10.0.0.2 nginx-proxy10.0.0.3 nginx10.0.0.4 userapp10.0.0.5 sjapp10.0.0.6 admin10.0.0.7 shangjia10.0.0.8 web10.0.0.9 mysql-m10.0.0.10 mysql-s10.0.0.11 ftp-backup10.0.0.12 redis10.0.0.13 backup-server10.0.0.14 zabbixEOF
Standardize all server directories (the actual production environment is important)
[root@centos ~]# mkdir /download/tools/ -p[root@centos ~]# mkdir /app/logs -p[root@centos ~]# mkdir /app -p[root@centos ~]# mkdir /server/{scripts,backup} –p
Now the basic server Optimization Configuration is complete, and the next step is to install various services.