当前位置：首页 > news >正文

Linux系统——web服务拓展练习

news 2025/9/11 2:50:42

一、实验环境搭建

1. Centos 7-5——Client

2. Centos 7-1——网关服务器

3. Centos 7-2——Web1

4. Centos 7-3——Web2

5. Centos 7-4——Nginx

二、在Nginx服务器上搭建LNMP服务，并且能够对外提供Discuz论坛服务；在Web1、Web2服务器上搭建Tomcat 服务。

1.Nginx服务器——编译安装Nginx

2.Nginx服务器——搭建PHP

3.Nginx服务器——编译安装搭建Mysql

4.配置数据库

5.配置PHP测试页

6.安装论坛

7.Web1——搭建Tomcat

7.1安装Oracle JDK

7.2安装Tomcat

8.Web2——搭建Tomcat

8.1安装Oracle JDK

8.2安装Tomcat

三、为nginx服务配置虚拟主机，新增两个域名 www.kgc.com 和 www.benet.com，使用http://www.kgc.com/index.php可访问上一题的Discuz论坛页面。使用http://www.benet.com则访问/var/www/html目录中的index.html文件的内容，内容自定义。

1.Nginx服务器配置

2.客户端配置

3.测试

四、对基于www.benet.com域名的虚拟机主机的nginx服务调优：隐藏nginx版本号，缓存静态图片网页时间为1天，设置防盗链功能。

1.Nginx配置

2.测试

五、网关服务器搭建NFS服务，提供的文件系统使用LVM类型，共享目录名称为/mnt/nfs；要求根据日期对Discuz论坛服务的访问日志进行日志分割，要求每天生成一份日志文件，保存到NFS服务共享的目录内。

1.网关服务器配置——搭建NFS服务

2.Nginx服务器——共享目录

3.日志分割

六、要求配置location匹配请求地址http://www.kgc.com/test/XXXX，使用户访问该路径下的文件时返回/var/share/nginx/html/目录下的文件内容。

要求使用rewrite将使用域名www.benet.com 请求以 .php 结尾的访问都跳转到域名www.kgc.com上，而且后面的参数保持不变，比如访问http://www.benet.com/bbs/index.php跳转到http://www.kgc.com/bbs/index.php。

1.Nginx服务器配置

2.测试

七、在Nginx服务器上对基于www.benet.com域名的虚拟机主机设置动静分离由nginx提供静态页面服务，将对 .jsp文件的动态页面请求转发到Tomcat 服务器处理，并实现负载均衡

1.Nginx服务配置

2.Tomcat1服务器配置

3.Tomcat2服务器配置

4.测试

八、在网关服务器上设置SNAT/DNAT，使client使用网关服务器的ens36接口的IP地址访问也可实现上一题的效果。

1.代理服务器配置

2.测试

服务器IP地址规划：client：12.0.0.12/24，网关服务器：ens36:12.0.0.1/24、ens33：192.168.241.11/24，Web1：192.168.241.22/24，Web2：192.168.241.23/24，Nginx：192.168.241.24/24。

一、实验环境搭建

Centos7-5作为Client（12.0.0.12/24）；Centos7-1作为网关服务器（搭配两块网卡ens33 192.168.241.11/24，ens36 12.0.0.1/24）；Centos7-2作为Web1（192.168.241.22/24 提供web1服务）；Centos7-3作为Web2（192.168.241.23/24 提供web2服务）；Centos7-4作为Nginx服务器（192.168.241.24/24）

1. Centos 7-5——Client

2. Centos 7-1——网关服务器

[root@localhost ~]#vim /etc/sysconfig/network-scripts/ifcfg-ens33

[root@localhost ~]#cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens36
[root@localhost ~]#vim /etc/sysconfig/network-scripts/ifcfg-ens36

[root@localhost ~]#systemctl restart network
[root@localhost ~]#ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 192.168.241.11  netmask 255.255.255.0  broadcast 192.168.241.255inet6 fe80::de6f:32c8:5a64:a6b2  prefixlen 64  scopeid 0x20<link>ether 00:0c:29:51:4b:b5  txqueuelen 1000  (Ethernet)RX packets 2457  bytes 231114 (225.6 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 1289  bytes 162490 (158.6 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 12.0.0.1  netmask 255.255.255.0  broadcast 12.0.0.255inet6 fe80::8cb:b13b:40ac:6df1  prefixlen 64  scopeid 0x20<link>ether 00:0c:29:51:4b:bf  txqueuelen 1000  (Ethernet)RX packets 557  bytes 36406 (35.5 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 345  bytes 60396 (58.9 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536inet 127.0.0.1  netmask 255.0.0.0inet6 ::1  prefixlen 128  scopeid 0x10<host>loop  txqueuelen 1  (Local Loopback)RX packets 111  bytes 9742 (9.5 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 111  bytes 9742 (9.5 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255ether 52:54:00:53:c1:45  txqueuelen 1000  (Ethernet)RX packets 0  bytes 0 (0.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 0  bytes 0 (0.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

3. Centos 7-2——Web1

[root@node2 ~]#ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 192.168.241.22  netmask 255.255.255.0  broadcast 192.168.241.255inet6 fe80::d9cd:6857:3bdc:7454  prefixlen 64  scopeid 0x20<link>ether 00:0c:29:3e:a0:08  txqueuelen 1000  (Ethernet)RX packets 1702  bytes 169840 (165.8 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 674  bytes 72150 (70.4 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536inet 127.0.0.1  netmask 255.0.0.0inet6 ::1  prefixlen 128  scopeid 0x10<host>loop  txqueuelen 1  (Local Loopback)RX packets 64  bytes 5568 (5.4 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 64  bytes 5568 (5.4 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255ether 52:54:00:fe:22:f2  txqueuelen 1000  (Ethernet)RX packets 0  bytes 0 (0.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 0  bytes 0 (0.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

4. Centos 7-3——Web2

[root@node3 ~]#ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 192.168.241.23  netmask 255.255.255.0  broadcast 192.168.241.255inet6 fe80::f11e:5019:be57:47b8  prefixlen 64  scopeid 0x20<link>ether 00:0c:29:6b:71:15  txqueuelen 1000  (Ethernet)RX packets 1174  bytes 121065 (118.2 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 246  bytes 25828 (25.2 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536inet 127.0.0.1  netmask 255.0.0.0inet6 ::1  prefixlen 128  scopeid 0x10<host>loop  txqueuelen 1  (Local Loopback)RX packets 36  bytes 4212 (4.1 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 36  bytes 4212 (4.1 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255ether 52:54:00:9d:e9:ac  txqueuelen 1000  (Ethernet)RX packets 0  bytes 0 (0.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 0  bytes 0 (0.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

5. Centos 7-4——Nginx

[root@G ~]#ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 192.168.241.24  netmask 255.255.255.0  broadcast 192.168.241.255inet6 fe80::871f:7f65:7279:5914  prefixlen 64  scopeid 0x20<link>ether 00:0c:29:8c:91:84  txqueuelen 1000  (Ethernet)RX packets 1407  bytes 140138 (136.8 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 481  bytes 45344 (44.2 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536inet 127.0.0.1  netmask 255.0.0.0inet6 ::1  prefixlen 128  scopeid 0x10<host>loop  txqueuelen 1  (Local Loopback)RX packets 64  bytes 5248 (5.1 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 64  bytes 5248 (5.1 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255ether 52:54:00:d2:18:b8  txqueuelen 1000  (Ethernet)RX packets 0  bytes 0 (0.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 0  bytes 0 (0.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

二、在Nginx服务器上搭建LNMP服务，并且能够对外提供Discuz论坛服务；在Web1、Web2服务器上搭建Tomcat 服务。

Nginx搭建LNMP架构

1.Nginx服务器——编译安装Nginx

[root@G ~]#yum -y install pcre-devel zlib-devel gcc gcc-c++ make
#安装依赖环境
[root@G ~]#useradd -M -s /sbin/nologin nginx
#创建程序管理用户Nginx
[root@G opt]#cd /opt
[root@G opt]#wget http://nginx.org/download/nginx-1.18.0.tar.gz
#下载压缩文件
[root@G opt]#ls
nginx-1.18.0.tar.gz
[root@G opt]#tar xf nginx-1.18.0.tar.gz 
[root@G opt]#cd nginx-1.18.0/
[root@G nginx-1.18.0]#./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
[root@G nginx-1.18.0]#make -j2
[root@G nginx-1.18.0]#make install
[root@G nginx-1.18.0]#ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
[root@G nginx-1.18.0]#vim /lib/systemd/system/nginx.service
[root@G nginx-1.18.0]#cat /lib/systemd/system/nginx.service 
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/bin/kill -1 $MAINPID
ExecStop=/bin/kill -3 $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
[root@G nginx-1.18.0]#systemctl daemon-reload
[root@G nginx-1.18.0]#systemctl enable --now nginx.service
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@G nginx-1.18.0]#systemctl status nginx.service 
● nginx.service - nginxLoaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)Active: active (running) since 六 2024-03-09 12:37:29 CST; 4s agoProcess: 39778 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=0/SUCCESS)Main PID: 39779 (nginx)CGroup: /system.slice/nginx.service├─39779 nginx: master process /usr/local/nginx/sbin/nginx└─39780 nginx: worker process3月 09 12:37:29 G.D systemd[1]: Starting nginx...
3月 09 12:37:29 G.D systemd[1]: Started nginx.
[root@G nginx-1.18.0]#chown -R nginx:nginx /usr/local/nginx/

2.Nginx服务器——搭建PHP

[root@G ~]#cd /opt
[root@G ~]#yum -y install gd \
> libjpeg libjpeg-devel \
> libpng libpng-devel \
> freetype freetype-devel \
> libxml2 libxml2-devel \
> zlib zlib-devel \
> curl curl-devel \
> openssl openssl-devel
[root@G opt]#rz -E
rz waiting to receive.
[root@G opt]#ls
nginx-1.18.0  nginx-1.18.0.tar.gz  php-7.1.10.tar.bz2
[root@G opt]#tar xf php-7.1.10.tar.bz2 
[root@G opt]#cd php-7.1.10/
[root@G php-7.1.10]#./configure \
--prefix=/usr/local/php \
--with-mysql-sock=/usr/local/mysql/mysql.sock \
--with-mysqli \
--with-zlib \
--with-curl \
--with-gd \
--with-jpeg-dir \
--with-png-dir \
--with-freetype-dir \
--with-openssl \
--enable-fpm \
--enable-mbstring \
--enable-xml \
--enable-session \
--enable-ftp \
--enable-pdo \
--enable-tokenizer \
--enable-zip
[root@G php-7.1.10]#make -j2
[root@G php-7.1.10]#make install
[root@G php-7.1.10]#ln -s /usr/local/php/bin/* /usr/local/bin/
[root@G php-7.1.10]#ln -s /usr/local/php/sbin/* /usr/local/sbin/
#优化路径#调整进程服务配置文件
[root@G php-7.1.10]#cp /opt/php-7.1.10/php.ini-development /usr/local/php/lib/php.ini
[root@G php-7.1.10]#vim /usr/local/php/lib/php.ini-1170G-  mysqli.default_socket =  /usr/local/mysql/mysql.sock-939G-   date.timezone = Asia/Shangha[root@G php-7.1.10]#sed -n '939p;1170p' /usr/local/php/lib/php.ini 
date.timezone = Asia/Shanghai
mysqli.default_socket =  /usr/local/mysql/mysql.sock
[root@G php-7.1.10]#cd /usr/local/php/etc/
[root@G etc]#cp  php-fpm.conf.default php-fpm.conf
[root@G etc]#vim php-fpm.conf
[root@G etc]#sed -n '17p' php-fpm.conf
pid = run/php-fpm.pid#调整扩展配置文件
[root@G etc]#cd /usr/local/php/etc/php-fpm.d/
[root@G php-fpm.d]#cp www.conf.default www.conf
[root@G php-fpm.d]#ls
www.conf  www.conf.default#启动PHP
[root@G php-fpm.d]#cp /opt/php-7.1.10/sapi/fpm/php-fpm.service /usr/lib/systemd/system/php-fpm.service
[root@G php-fpm.d]#systemctl restart php-fpm.service 
[root@G php-fpm.d]#systemctl status php-fpm.service 
● php-fpm.service - The PHP FastCGI Process ManagerLoaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)Active: active (running) since 六 2024-03-09 13:01:36 CST; 5s agoMain PID: 47397 (php-fpm)CGroup: /system.slice/php-fpm.service├─47397 php-fpm: master process (/usr/local/php/etc/php-fpm.con...├─47400 php-fpm: pool www└─47401 php-fpm: pool www3月 09 13:01:36 G.D systemd[1]: Started The PHP FastCGI Process Manager.
3月 09 13:01:36 G.D systemd[1]: Starting The PHP FastCGI Process Manager...
Hint: Some lines were ellipsized, use -l to show in full.

3.Nginx服务器——编译安装搭建Mysql

[root@G opt]#yum -y install \
> ncurses \
> ncurses-devel \
> bison \
> cmake
#环境依赖包
[root@G opt]#yum -y install gcc gcc-c++ cmake bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel   ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel
#安装依赖环境
[root@G opt]#useradd -M -s /sbin/nologin  mysql
#创建运行用户
[root@G opt]#rz -E
rz waiting to receive.
[root@G opt]#ls
mysql-boost-5.7.20.tar.gz  nginx-1.18.0.tar.gz  php-7.1.10.tar.bz2
nginx-1.18.0               php-7.1.10
[root@G opt]#tar xf mysql-boost-5.7.20.tar.gz 
[root@G opt]#cd mysql-5.7.20/
[root@G mysql-5.7.20]#cmake \
> -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
> -DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \
> -DSYSCONFDIR=/etc \
> -DSYSTEMD_PID_DIR=/usr/local/mysql \
> -DDEFAULT_CHARSET=utf8  \
> -DDEFAULT_COLLATION=utf8_general_ci \
> -DWITH_EXTRA_CHARSETS=all \
> -DWITH_INNOBASE_STORAGE_ENGINE=1 \
> -DWITH_ARCHIVE_STORAGE_ENGINE=1 \
> -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
> -DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \
> -DMYSQL_DATADIR=/usr/local/mysql/data \
> -DWITH_BOOST=boost \
> -DWITH_SYSTEMD=1
[root@G mysql-5.7.20]#make -j4
[root@G mysql-5.7.20]#make install
[root@G mysql-5.7.20]#vim /etc/my.cnf
#修改mysql配置文件
[root@G mysql-5.7.20]#cat /etc/my.cnf
[client]
port = 3306
socket=/usr/local/mysql/mysql.sock[mysqld]
user = mysql
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data
port = 3306
character-set-server=utf8
pid-file = /usr/local/mysql/mysqld.pid
socket=/usr/local/mysql/mysql.sock
bind-address = 0.0.0.0
skip-name-resolve
max_connections=2048
default-storage-engine=INNODB
max_allowed_packet=16M
server-id = 1sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES
[root@G mysql-5.7.20]#chown -R mysql:mysql /usr/local/mysql/
[root@G mysql-5.7.20]#chown mysql:mysql /etc/my.cnf
#更改mysql安装目录和配置文件的属主属组[root@G mysql-5.7.20]#echo 'export PATH=/usr/local/mysql/bin:/usr/local/mysql/lib:$PATH' >> /etc/profile
#设置路径环境变量
[root@G mysql-5.7.20]#echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
[root@G mysql-5.7.20]#source /etc/profile
[root@G mysql-5.7.20]#echo $PATH
/usr/local/mysql/bin:/usr/local/mysql/lib:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin[root@G mysql-5.7.20]#cd /usr/local/mysql/bin/
[root@G bin]#./mysqld \
> --initialize-insecure \
> --user=mysql \
> --basedir=/usr/local/mysql \
> --datadir=/usr/local/mysql/data
#初始化数据库[root@G bin]#cp /usr/local/mysql/usr/lib/systemd/system/mysqld.service 
/usr/lib/systemd/system/
#添加mysqld系统服务
[root@G bin]#systemctl daemon-reload
[root@G bin]#systemctl start mysqld.service
[root@G bin]#systemctl enable mysqld
Created symlink from /etc/systemd/system/multi-user.target.wants/mysqld.service to /usr/lib/systemd/system/mysqld.service.
[root@G bin]#systemctl status mysqld.service
● mysqld.service - MySQL ServerLoaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)Active: active (running) since 六 2024-03-09 13:46:17 CST; 8s agoDocs: man:mysqld(8)http://dev.mysql.com/doc/refman/en/using-systemd.htmlMain PID: 66268 (mysqld)CGroup: /system.slice/mysqld.service└─66268 /usr/local/mysql/bin/mysqld --daemonize --pid-file=/usr...3月 09 13:46:17 G.D mysqld[66265]: 2024-03-09T05:46:17.637646Z 0 [Warni...e.
3月 09 13:46:17 G.D mysqld[66265]: 2024-03-09T05:46:17.637658Z 0 [Warni...e.
3月 09 13:46:17 G.D mysqld[66265]: 2024-03-09T05:46:17.637661Z 0 [Warni...e.
3月 09 13:46:17 G.D mysqld[66265]: 2024-03-09T05:46:17.637667Z 0 [Warni...e.
3月 09 13:46:17 G.D mysqld[66265]: 2024-03-09T05:46:17.638510Z 0 [Warni...e.
3月 09 13:46:17 G.D mysqld[66265]: 2024-03-09T05:46:17.638519Z 0 [Warni...e.
3月 09 13:46:17 G.D mysqld[66265]: 2024-03-09T05:46:17.642575Z 0 [Note]...ts
3月 09 13:46:17 G.D mysqld[66265]: 2024-03-09T05:46:17.642946Z 0 [Note]...s.
3月 09 13:46:17 G.D mysqld[66265]: Version: '5.7.20'  socket: '/usr/loc...on
3月 09 13:46:17 G.D systemd[1]: Started MySQL Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@G ~]#mysql -uroot -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.7.20 Source distributionCopyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> ^DBye

4.配置数据库

[root@G ~]#mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.7.20 Source distributionCopyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> CREATE DATABASE bbs;
Query OK, 1 row affected (0.00 sec)mysql> GRANT all ON bbs.* TO 'bbsuser'@'%' IDENTIFIED BY 'admin123';
Query OK, 0 rows affected, 1 warning (0.00 sec)mysql> GRANT all ON bbs.* TO 'bbsuser'@'localhost' IDENTIFIED BY 'admin123';
Query OK, 0 rows affected, 2 warnings (0.00 sec)mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)mysql> ^DBye

5.配置PHP测试页

[root@G ~]#vim /usr/local/nginx/conf/nginx.conf
[root@G ~]#sed -n '65,71p' /usr/local/nginx/conf/nginx.conflocation ~ \.php$ {root           html;fastcgi_pass   127.0.0.1:9000;fastcgi_index  index.php;fastcgi_param  SCRIPT_FILENAME  /usr/local/nginx/html$fastcgi_script_name;include        fastcgi_params;}
[root@G ~]#systemctl restart nginx
[root@G ~]#systemctl status nginx.service
● nginx.service - nginxLoaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)Active: active (running) since 六 2024-03-09 13:53:04 CST; 5s agoProcess: 1844 ExecStop=/bin/kill -3 $MAINPID (code=exited, status=0/SUCCESS)Process: 1849 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=0/SUCCESS)Main PID: 1851 (nginx)CGroup: /system.slice/nginx.service├─1851 nginx: master process /usr/local/nginx/sbin/nginx└─1852 nginx: worker process3月 09 13:53:04 G.D systemd[1]: Starting nginx...
3月 09 13:53:04 G.D systemd[1]: Started nginx.
[root@G ~]#vim /usr/local/nginx/html/index.php
[root@G ~]#cat /usr/local/nginx/html/index.php 
<?php
$link=mysqli_connect('192.168.241.24','bbsuser','admin123');
if($link) echo "<h1>Success!!</h1>";
else echo "Fail!!";
?>
[root@G ~]#systemctl restart nginx

6.安装论坛

[root@G ~]#cd /opt
[root@G opt]#unzip Discuz_X3.4_SC_UTF8.zip
[root@G opt]#ls
dir_SC_UTF8              mysql-boost-5.7.20.tar.gz  php-7.1.10
Discuz_X3.4_SC_UTF8.zip  nginx-1.18.0               php-7.1.10.tar.bz2
mysql-5.7.20             nginx-1.18.0.tar.gz        说明.htm
[root@G opt]#cd dir_SC_UTF8/
[root@G dir_SC_UTF8]#cp -r upload/ /usr/local/nginx/html/bbs
[root@G dir_SC_UTF8]#cd /usr/local/nginx/html/bbs/
[root@G bbs]#ls
admin.php  connect.php      group.php  member.php  search.php  uc_server
api        crossdomain.xml  home.php   misc.php    source
api.php    data             index.php  plugin.php  static
archiver   favicon.ico      install    portal.php  template
config     forum.php        m          robots.txt  uc_client
[root@G bbs]#chown -R nginx.nginx ./config/
[root@G bbs]#chown -R nginx.nginx ./data/
[root@G bbs]#chown -R nginx.nginx ./uc_client/
[root@G bbs]#chown -R nginx.nginx ./uc_server/
[root@G bbs]#chmod -R 777 ./config/
[root@G bbs]#chmod -R 777 ./data/
[root@G bbs]#chmod -R 777 ./uc_client/
[root@G bbs]#chmod -R 777 ./uc_server/
[root@G bbs]#vim /usr/local/nginx/conf/nginx.conf
[root@G bbs]#sed -n '43,46p' /usr/local/nginx/conf/nginx.conflocation / {root   html;index  index.html index.htm index.php;}

7.Web1——搭建Tomcat

7.1安装Oracle JDK

[root@node2 ~]#cd /opt
[root@node2 opt]#rm -rf *
[root@node2 opt]#ls
[root@node2 opt]#rz -E
rz waiting to receive.
[root@node2 opt]#ls
jdk-8u291-linux-x64.tar.gz
[root@node2 opt]#tar xf jdk-8u291-linux-x64.tar.gz -C /usr/local/
[root@node2 opt]#cd /usr/local/
[root@node2 local]#ls
bin  games    jdk1.8.0_291  lib64    sbin   src
etc  include  lib           libexec  share
[root@node2 local]#ln -s jdk1.8.0_291/ jdk
[root@node2 local]#ls
bin  games    jdk           lib    libexec  share
etc  include  jdk1.8.0_291  lib64  sbin     src
[root@node2 local]#vim /etc/profile.d/jdk.sh
[root@node2 local]#cat /etc/profile.d/jdk.sh 
export JAVA_HOME=/usr/local/jdk
export PATH=$JAVA_HOME/bin:$PATH
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=$JAVA_HOME/lib/:$JRE_HOME/lib/
[root@node2 local]#. /etc/profile.d/jdk.sh 
[root@node2 local]#java -version
java version "1.8.0_291"
Java(TM) SE Runtime Environment (build 1.8.0_291-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.291-b10, mixed mode)

7.2安装Tomcat

[root@node2 local]#cd /opt
[root@node2 opt]#ls
jdk-8u291-linux-x64.tar.gz
[root@node2 opt]#rz -E
rz waiting to receive.
[root@node2 opt]#ls
apache-tomcat-9.0.16.tar.gz  jdk-8u291-linux-x64.tar.gz
[root@node2 opt]#tar xf apache-tomcat-9.0.16.tar.gz -C /usr/local/
[root@node2 opt]#cd /usr/local/
[root@node2 local]#ls
apache-tomcat-9.0.16  etc    include  jdk1.8.0_291  lib64    sbin   src
bin                   games  jdk      lib           libexec  share
[root@node2 local]#mv apache-tomcat-9.0.16/ tomcat
[root@node2 local]#ls
bin  games    jdk           lib    libexec  share  tomcat
etc  include  jdk1.8.0_291  lib64  sbin     src
[root@node2 local]#cd tomcat/
[root@node2 tomcat]#ls
bin           CONTRIBUTING.md  logs       RELEASE-NOTES  webapps
BUILDING.txt  lib              NOTICE     RUNNING.txt    work
conf          LICENSE          README.md  temp
[root@node2 tomcat]#useradd -M -s /sbin/nologin tomcat
[root@node2 tomcat]#cat > /usr/lib/systemd/system/tomcat.service <<EOF
> [Unit]
> Description=Tomcat
> After=syslog.target network.target
> 
> [Service]
> Type=forking
> ExecStart=/usr/local/tomcat/bin/startup.sh
> ExecStop=/usr/local/tomcat/bin/shutdown.sh
> RestartSec=3
> PrivateTmp=true
> User=tomcat
> Group=tomcat
> 
> [Install]
> WantedBy=multi-user.target
> 
> EOF
[root@node2 tomcat]#cat /usr/lib/systemd/system/tomcat.service 
[Unit]
Description=Tomcat
After=syslog.target network.target[Service]
Type=forking
ExecStart=/usr/local/tomcat/bin/startup.sh
ExecStop=/usr/local/tomcat/bin/shutdown.sh
RestartSec=3
PrivateTmp=true
User=tomcat
Group=tomcat[Install]
WantedBy=multi-user.target
[root@node2 tomcat]#chown -R tomcat:tomcat ../tomcat
[root@node2 tomcat]#systemctl daemon-reload
[root@node2 tomcat]#systemctl start tomcat
[root@node2 tomcat]#systemctl status tomcat
● tomcat.service - TomcatLoaded: loaded (/usr/lib/systemd/system/tomcat.service; disabled; vendor preset: disabled)Active: active (running) since Sat 2024-03-09 00:16:33 EST; 4s agoProcess: 4938 ExecStart=/usr/local/tomcat/bin/startup.sh (code=exited, status=0/SUCCESS)Main PID: 4954 (catalina.sh)CGroup: /system.slice/tomcat.service├─4954 /bin/sh /usr/local/tomcat/bin/catalina.sh start└─4955 /usr/bin/java -Djava.util.logging.config.file=/usr/local...Mar 09 00:16:33 node2.localdomain systemd[1]: Starting Tomcat...
Mar 09 00:16:33 node2.localdomain systemd[1]: Started Tomcat.

8.Web2——搭建Tomcat

8.1安装Oracle JDK

[root@node3 ~]#cd /opt
[root@node3 opt]#rm -rf *
[root@node3 opt]#ls
[root@node3 opt]#rz -E
rz waiting to receive.
[root@node3 opt]#rz -E
rz waiting to receive.
[root@node3 opt]#ls
apache-tomcat-9.0.16.tar.gz  jdk-8u291-linux-x64.tar.gz
[root@node3 opt]#tar xf jdk-8u291-linux-x64.tar.gz -C /usr/local/
[root@node3 opt]#cd /usr/local/
[root@node3 local]#ls
bin  games    jdk1.8.0_291  lib64    sbin   src
etc  include  lib           libexec  share
[root@node3 local]#ln -s jdk1.8.0_291/ jdk
[root@node3 local]#ls
bin  games    jdk           lib    libexec  share
etc  include  jdk1.8.0_291  lib64  sbin     src
[root@node3 local]#vim /etc/profile.d/jdk.sh
[root@node3 local]#cat /etc/profile.d/jdk.sh 
export JAVA_HOME=/usr/local/jdk
export PATH=$JAVA_HOME/bin:$PATH
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=$JAVA_HOME/lib/:$JRE_HOME/lib/
[root@node3 local]#. /etc/profile.d/jdk.sh 
[root@node3 local]#java -version
java version "1.8.0_291"
Java(TM) SE Runtime Environment (build 1.8.0_291-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.291-b10, mixed mode)

8.2安装Tomcat

[root@node3 local]#cd /opt
[root@node3 opt]#ls
apache-tomcat-9.0.16.tar.gz  jdk-8u291-linux-x64.tar.gz
[root@node3 opt]#tar xf apache-tomcat-9.0.16.tar.gz -C /usr/local/
[root@node3 opt]#ls
apache-tomcat-9.0.16.tar.gz  jdk-8u291-linux-x64.tar.gz
[root@node3 opt]#cd /usr/local/
[root@node3 local]#ls
apache-tomcat-9.0.16  etc    include  jdk1.8.0_291  lib64    sbin   src
bin                   games  jdk      lib           libexec  share
[root@node3 local]#mv apache-tomcat-9.0.16/ tomcat
[root@node3 local]#ls
bin  games    jdk           lib    libexec  share  tomcat
etc  include  jdk1.8.0_291  lib64  sbin     src
[root@node3 local]#cd tomcat/
[root@node3 tomcat]#ls
bin           CONTRIBUTING.md  logs       RELEASE-NOTES  webapps
BUILDING.txt  lib              NOTICE     RUNNING.txt    work
conf          LICENSE          README.md  temp
[root@node3 tomcat]#useradd -M -s /sbin/nologin tomcat
[root@node3 tomcat]#cat > /usr/lib/systemd/system/tomcat.service <<EOF
> [Unit]
> Description=Tomcat
> After=syslog.target network.target
> 
> [Service]
> Type=forking
> ExecStart=/usr/local/tomcat/bin/startup.sh
> ExecStop=/usr/local/tomcat/bin/shutdown.sh
> RestartSec=3
> PrivateTmp=true
> User=tomcat
> Group=tomcat
> 
> [Install]
> WantedBy=multi-user.target
> 
> EOF
[root@node3 tomcat]#cat /usr/lib/systemd/system/tomcat.service 
[Unit]
Description=Tomcat
After=syslog.target network.target[Service]
Type=forking
ExecStart=/usr/local/tomcat/bin/startup.sh
ExecStop=/usr/local/tomcat/bin/shutdown.sh
RestartSec=3
PrivateTmp=true
User=tomcat
Group=tomcat[Install]
WantedBy=multi-user.target
[root@node3 tomcat]#chown -R tomcat:tomcat ../tomcat
[root@node3 tomcat]#systemctl daemon-reload
[root@node3 tomcat]#systemctl start tomcat
[root@node3 tomcat]#systemctl status tomcat
● tomcat.service - TomcatLoaded: loaded (/usr/lib/systemd/system/tomcat.service; disabled; vendor preset: disabled)Active: active (running) since 六 2024-03-09 13:23:13 CST; 3s agoProcess: 37632 ExecStart=/usr/local/tomcat/bin/startup.sh (code=exited, status=0/SUCCESS)Main PID: 37647 (catalina.sh)CGroup: /system.slice/tomcat.service├─37647 /bin/sh /usr/local/tomcat/bin/catalina.sh start└─37648 /usr/bin/java -Djava.util.logging.config.file=/usr/loca...3月 09 13:23:13 node3.node3 systemd[1]: Starting Tomcat...
3月 09 13:23:13 node3.node3 startup.sh[37632]: Using CATALINA_BASE:   /us...
3月 09 13:23:13 node3.node3 startup.sh[37632]: Using CATALINA_HOME:   /us...
3月 09 13:23:13 node3.node3 startup.sh[37632]: Using CATALINA_TMPDIR: /us...
3月 09 13:23:13 node3.node3 startup.sh[37632]: Using JRE_HOME:        /usr
3月 09 13:23:13 node3.node3 startup.sh[37632]: Using CLASSPATH:       /us...
3月 09 13:23:13 node3.node3 systemd[1]: Started Tomcat.
Hint: Some lines were ellipsized, use -l to show in full.

三、为nginx服务配置虚拟主机，新增两个域名 www.kgc.com 和 www.benet.com，使用http://www.kgc.com/index.php可访问上一题的Discuz论坛页面。使用http://www.benet.com则访问/var/www/html目录中的index.html文件的内容，内容自定义。

1.Nginx服务器配置

[root@G bbs]#vim /usr/local/nginx/conf/nginx.conf
[root@G bbs]#sed -n '35,38p' /usr/local/nginx/conf/nginx.confserver {listen       80;server_name  www.kgc.com;root /usr/local/nginx/html;
[root@G bbs]#vim /usr/local/nginx/conf/nginx.conf
[root@G bbs]#sed -n '80,84p' /usr/local/nginx/conf/nginx.conf
server {listen 80;server_name www.benet.com;root /usr/local/nginx/html;
}
[root@G bbs]#cat /usr/local/nginx/html/index.html
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>body {width: 35em;margin: 0 auto;font-family: Tahoma, Verdana, Arial, sans-serif;}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p><p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p>
</body>
</html>

2.客户端配置

[root@localhost ~]#vim /etc/hosts
[root@localhost ~]#cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.241.24 www.kgc.com www.benet.com

C:\Windows\System32\drivers\etc/hosts

3.测试

[root@localhost ~]#curl www.benet.com
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>body {width: 35em;margin: 0 auto;font-family: Tahoma, Verdana, Arial, sans-serif;}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p><p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p>
</body>
</html>

四、对基于www.benet.com域名的虚拟机主机的nginx服务调优：隐藏nginx版本号，缓存静态图片网页时间为1天，设置防盗链功能。

1.Nginx配置

[root@G bbs]#vim /usr/local/nginx/conf/nginx.conf

[root@G bbs]#systemctl restart nginx

2.测试

五、网关服务器搭建NFS服务，提供的文件系统使用LVM类型，共享目录名称为/mnt/nfs；要求根据日期对Discuz论坛服务的访问日志进行日志分割，要求每天生成一份日志文件，保存到NFS服务共享的目录内。

1.网关服务器配置——搭建NFS服务

[root@localhost ~]#alias
alias cp='cp -i'
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'
alias grep='grep --color=auto'
alias l.='ls -d .* --color=auto'
alias ll='ls -l --color=auto'
alias ls='ls --color=auto'
alias mv='mv -i'
alias rm='rm -i'
alias scan='echo "- - -" > /sys/class/scsi_host/host0/scan;echo "- - -" > /sys/class/scsi_host/host1/scan;echo "- - -" > /sys/class/scsi_host/host2/scan'
alias which='alias | /usr/bin/which --tty-only --read-alias --show-dot --show-tilde'
[root@localhost ~]#
[root@localhost ~]#scan
[root@localhost ~]#lsblk
NAME            MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda               8:0    0   60G  0 disk 
├─sda1            8:1    0    5G  0 part /boot
└─sda2            8:2    0   54G  0 part ├─centos-root 253:0    0   50G  0 lvm  /└─centos-swap 253:1    0    4G  0 lvm  [SWAP]
sdb               8:16   0   20G  0 disk 
sdc               8:32   0   20G  0 disk 
sr0              11:0    1  4.2G  0 rom
[root@localhost ~]#pvcreate /dev/sdb /dev/sdc
#建物理卷Physical volume "/dev/sdb" successfully created.Physical volume "/dev/sdc" successfully created.
[root@localhost ~]#vgcreate vg /dev/sdb /dev/sdc
#建卷组Volume group "vg" successfully created
[root@localhost ~]#lvcreate -n lvm -L 30G /dev/vg
#建逻辑卷  指定名称lvm  指定大小30G  存放在/dev/vg下Logical volume "lvm" created.
[root@localhost ~]#mkfs.xfs /dev/vg/lvm
#文件系统xfs格式
meta-data=/dev/vg/lvm            isize=512    agcount=4, agsize=1966080 blks=                       sectsz=512   attr=2, projid32bit=1=                       crc=1        finobt=0, sparse=0
data     =                       bsize=4096   blocks=7864320, imaxpct=25=                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=1
log      =internal log           bsize=4096   blocks=3840, version=2=                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
[root@localhost ~]#mount /dev/vg/lvm  /mnt
#挂载
[root@localhost ~]#mkdir /mnt/nfs
[root@localhost ~]#vim /etc/exports
[root@localhost ~]#cat /etc/exports
/mnt/nfs *
[root@localhost ~]#systemctl start nfs
[root@localhost ~]#exportfs -v
/mnt/nfs      	<world>(ro,sync,wdelay,hide,no_subtree_check,sec=sys,secure,root_squash,no_all_squash)

2.Nginx服务器——共享目录

[root@G bbs]#showmount -e 192.168.241.11
Export list for 192.168.241.11:
/mnt/nfs *
[root@G bbs]#mount 192.168.241.11:/mnt/nfs /mnt/
[root@G bbs]#df
文件系统                   1K-块     已用     可用 已用% 挂载点
/dev/mapper/centos-root 52403200 12697156 39706044   25% /
devtmpfs                  917604        0   917604    0% /dev
tmpfs                     933524        0   933524    0% /dev/shm
tmpfs                     933524     9144   924380    1% /run
tmpfs                     933524        0   933524    0% /sys/fs/cgroup
/dev/sda1                6281216   182368  6098848    3% /boot
tmpfs                     186708        0   186708    0% /run/user/0
tmpfs                     186708       12   186696    1% /run/user/42
192.168.241.11:/mnt/nfs 31441920    32768 31409152    1% /mnt

3.日志分割

[root@G ~]#vim split-log.sh
[root@G ~]#cat split-log.sh 
#!/bin/bash
day=`date "+%Y-%m-%d"`
log="/usr/local/nginx/logs"
pid=`cat /usr/local/nginx/logs/nginx.pid`mv /$(log)/access.log /opt/${day}
kill -USR1 ${pid}
sed -i '/.*bbs.*/!p' /opt/${day}
[root@G ~]#crontab -e
no crontab for root - using an empty one
crontab: installing new crontab
[root@G ~]#crontab -l
59 23 * * * bash ~/split-log.sh

六、要求配置location匹配请求地址http://www.kgc.com/test/XXXX，使用户访问该路径下的文件时返回/var/share/nginx/html/目录下的文件内容。

要求使用rewrite将使用域名www.benet.com 请求以 .php 结尾的访问都跳转到域名www.kgc.com上，而且后面的参数保持不变，比如访问http://www.benet.com/bbs/index.php跳转到http://www.kgc.com/bbs/index.php。

1.Nginx服务器配置

[root@G ~]#vim /usr/local/nginx/conf/nginx.conf

[root@G ~]#mkdir /var/share/nginx/html -p
[root@G ~]#nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@G ~]#nginx -s reload

2.测试

七、在Nginx服务器上对基于www.benet.com域名的虚拟机主机设置动静分离由nginx提供静态页面服务，将对 .jsp文件的动态页面请求转发到Tomcat 服务器处理，并实现负载均衡

1.Nginx服务配置

[root@G html]#vim /usr/local/nginx/conf/nginx.conf

[root@G html]#nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@G html]#nginx -s reload

[root@G php]#cd /usr/local/nginx/html/
[root@G html]#ls
50x.html  bbs  index.html
[root@G html]#mv index.html ..
[root@G html]#ls
50x.html  bbs
[root@G html]#echo Welcome back > index.html
[root@G html]#cat index.html 
Welcome back

2.Tomcat1服务器配置

[root@node2 ROOT]#ls
asf-logo-wide.svg  bg-upper.png       tomcat.css        tomcat.svg
bg-button.png      favicon.ico        tomcat.gif        WEB-INF
bg-middle.png      index.jsp          tomcat.png
bg-nav.png         RELEASE-NOTES.txt  tomcat-power.gif
[root@node2 ROOT]#mv index.jsp ..
[root@node2 ROOT]#ls
asf-logo-wide.svg  bg-upper.png       tomcat.gif        WEB-INF
bg-button.png      favicon.ico        tomcat.png
bg-middle.png      RELEASE-NOTES.txt  tomcat-power.gif
bg-nav.png         tomcat.css         tomcat.svg
[root@node2 ROOT]#echo Tomcat1 > index.jsp
[root@node2 ROOT]#cat index.jsp 
Tomcat1
[root@node2 ROOT]#systemctl start tomcat

3.Tomcat2服务器配置

[root@node3 tomcat]#ls
bin           CONTRIBUTING.md  logs       RELEASE-NOTES  webapps
BUILDING.txt  lib              NOTICE     RUNNING.txt    work
conf          LICENSE          README.md  temp
[root@node3 tomcat]#cd webapps/ROOT/
[root@node3 ROOT]#ls
asf-logo-wide.svg  bg-upper.png       tomcat.css        tomcat.svg
bg-button.png      favicon.ico        tomcat.gif        WEB-INF
bg-middle.png      index.jsp          tomcat.png
bg-nav.png         RELEASE-NOTES.txt  tomcat-power.gif
[root@node3 ROOT]#mv index.jsp ..
[root@node3 ROOT]#ls
asf-logo-wide.svg  bg-upper.png       tomcat.gif        WEB-INF
bg-button.png      favicon.ico        tomcat.png
bg-middle.png      RELEASE-NOTES.txt  tomcat-power.gif
bg-nav.png         tomcat.css         tomcat.svg
[root@node3 ROOT]#echo Tomcat2 > index.jsp
[root@node3 ROOT]#cat index.jsp 
Tomcat2
[root@node3 ROOT]#systemctl start tomct
Failed to start tomct.service: Unit not found.
[root@node3 ROOT]#systemctl start tomcat

4.测试

八、在网关服务器上设置SNAT/DNAT，使client使用网关服务器的ens36接口的IP地址访问也可实现上一题的效果。

1.代理服务器配置

[root@localhost ~]#vim /etc/sysctl.conf 
[root@localhost ~]#tail -n1 /etc/sysctl.conf 
net.ipv4.ip_forward = 1
[root@localhost ~]#sysctl -p
net.ipv4.ip_forward = 1
[root@localhost ~]#vim /etc/hosts
[root@localhost ~]#cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.241.24 www.kgc.com www.benet.com
[root@localhost ~]#iptables -F
[root@localhost ~]#iptables -t nat -A POSTROUTING -s 192.168.241.11/24 -o ens36 -p tcp --dport 80 -j SNAT --to 12.0.0.1
[root@localhost ~]#iptables -t nat -A PREROUTING -d 12.0.0.1/24 -i ens36 -p tcp --dport 80 -j DNAT --to 192.168.241.11      
[root@localhost ~]#iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)pkts bytes target     prot opt in     out     source               destination         0     0 DNAT       tcp  --  ens36  *       0.0.0.0/0            12.0.0.0/24          tcp dpt:80 to:192.168.241.11Chain INPUT (policy ACCEPT 0 packets, 0 bytes)pkts bytes target     prot opt in     out     source               destination         Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)pkts bytes target     prot opt in     out     source               destination         Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)pkts bytes target     prot opt in     out     source               destination         4   260 RETURN     all  --  *      *       192.168.122.0/24     224.0.0.0/24        0     0 RETURN     all  --  *      *       192.168.122.0/24     255.255.255.255     0     0 MASQUERADE  tcp  --  *      *       192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-655350     0 MASQUERADE  udp  --  *      *       192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-655350     0 MASQUERADE  all  --  *      *       192.168.122.0/24    !192.168.122.0/24    0     0 SNAT       tcp  --  *      ens36   192.168.241.0/24     0.0.0.0/0            tcp dpt:80 to:12.0.0.1

一、实验环境搭建

1. Centos 7-5——Client

2. Centos 7-1——网关服务器

3. Centos 7-2——Web1

4. Centos 7-3——Web2

5. Centos 7-4——Nginx

二、在Nginx服务器上搭建LNMP服务，并且能够对外提供Discuz论坛服务；在Web1、Web2服务器上搭建Tomcat 服务。

1.Nginx服务器——编译安装Nginx

2.Nginx服务器——搭建PHP

3.Nginx服务器——编译安装搭建Mysql

4.配置数据库

5.配置PHP测试页

6.安装论坛

7.Web1——搭建Tomcat

7.1安装Oracle JDK

7.2安装Tomcat

8.Web2——搭建Tomcat

8.1安装Oracle JDK

8.2安装Tomcat

三、为nginx服务配置虚拟主机，新增两个域名 www.kgc.com 和 www.benet.com，使用http://www.kgc.com/index.php可访问上一题的Discuz论坛页面。使用http://www.benet.com则访问/var/www/html目录中的index.html文件的内容，内容自定义。

1.Nginx服务器配置

2.客户端配置

3.测试

四、对基于www.benet.com域名的虚拟机主机的nginx服务调优：隐藏nginx版本号，缓存静态图片网页时间为1天，设置防盗链功能。

1.Nginx配置

2.测试

五、网关服务器搭建NFS服务，提供的文件系统使用LVM类型，共享目录名称为/mnt/nfs；要求根据日期对Discuz论坛服务的访问日志进行日志分割，要求每天生成一份日志文件，保存到NFS服务共享的目录内。

1.网关服务器配置——搭建NFS服务

2.Nginx服务器——共享目录

3.日志分割

六、要求配置location匹配请求地址http://www.kgc.com/test/XXXX，使用户访问该路径下的文件时返回/var/share/nginx/html/目录下的文件内容。

要求使用rewrite将使用域名www.benet.com 请求以 .php 结尾的访问都跳转到域名www.kgc.com上，而且后面的参数保持不变，比如访问http://www.benet.com/bbs/index.php跳转到http://www.kgc.com/bbs/index.php。

1.Nginx服务器配置

2.测试

七、在Nginx服务器上对基于www.benet.com域名的虚拟机主机设置动静分离由nginx提供静态页面服务，将对 .jsp文件的动态页面请求转发到Tomcat 服务器处理，并实现负载均衡

1.Nginx服务配置

2.Tomcat1服务器配置

3.Tomcat2服务器配置

4.测试

八、在网关服务器上设置SNAT/DNAT，使client使用网关服务器的ens36接口的IP地址访问也可实现上一题的效果。

1.代理服务器配置

2.测试

相关文章：