In order to facilitate understanding, we can compare a small and medium-sized website structure to a hotel. The hotel (website structure) consists of the following parts:
(Hotel) Small and medium-sized website structure composition :
(Customer) -----
-User: the person who visits the website (security) ------ firewall firewalld: access policy control
(welcome guests) ------ load balancing server nginx: scheduling processing of the user's access request
(waiter)- -----web server nginx: process user requests
(cook) ------ database server mysql: store character data
(cook) ------ storage server nfs: store pictures , Audio, video, attachments and other data information
(chef) ------ backup server (rsync+crond) regular backup rsync+sersync real-time backup: store important data on all servers of the website
(chef) ------ cache Server Redis: Store data information in memory to reduce server pressure
(Manager)------Batch management server ansble: Batch management server host
as shown below:
Deploy the website architecture:
1. The single point problem of the website architecture needs to be solved:
load balancing: high availability service----keepalived
database: high availability service----mha
storage service: high availability service----Keepalived realizes
high availability Service-Distributed Storage
Backup Service:
Interview Question: How to backup the company's data?
1) Use open source software for data backup such as rsync (free)
2) Use (paid software) enterprise network disk for data backup such as: Qiniu Cloud Storage, Ali Cloud Storage, etc.
3) Use self-built backup storage architecture: PetroChina: Two places Three-center solution
Cache service: high-availability service-----cache service cluster/sentinel mode
2. How do internal employees remotely access architecture
1) Deploy and build VPN server PPTP VPN
build VPN server
Internal employee operation management architecture server must be audited
2) Jumpserver Jumpserver Jumpserver
website
4) If there is a problem with the server in the architecture, it needs to be notified in advance.
Deploy the monitoring server
zabbix
https://www.zabbix.com/cn/
Mid-term structure planning:
主机名称和ip地址规划
1、防火墙服务器 firewalld 192.168.1.100(外网地址) 172.16.8.100(内网地址) 软件:firewalld
2、负载均衡服务器 lb01 192.168.1.5
172.16.8.5 软件:nginx keepalived(高可用)
3、负载均衡服务器 lb02 192.168.1.6
172.16.8.6 软件:nginx keepalived(高可用)
4、Web服务器 web01 192.168.1.7
172.16.8.7 软件:nginx
5、Web服务器 web02 192.168.1.8
172.16.8.8 软件:nginx
6、Web服务器 web01 192.168.1.9
172.16.8.9 软件:nginx
7、数据库服务器 db01 192.168.1.51
172.16.8.51 软件:mysql(时间久复杂)
8、存储服务器 nfs01 192.168.1.31
172.16.8.31 软件:nfs
9、备份服务器 backup 192.168.1.41
172.16.8.41 软件:rsync
10、批量管理服务器 m01 192.168.1.61
172.16.8.61 软件:ansible
11、跳板机服务器 jumpserver 192.168.1.71
172.16.8.71 软件:jumpserver
12、监控服务器 zabbix 192.168.1.72
172.16.8.72 软件:zabbix
若因为硬件问题储存不足,可使用以下方案节省资源
(1)将10/11/12合并为一台服务器
(2)将8/9合并为一台服务器
(3)将1放入2或3上减少一台服务器
Optimize the configuration template host
1) Perform network configuration: Let each host have two network cards (external network network card, internal network network card) without self-adding
2) The minimum memory is set to 1G,
System optimization process
1. Template machine optimization configuration-hosts file configuration cp /et/hosts{...bak}
cat>/etc/hosts<<EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5 lb01
172.16.1.6 lb02
172.16.17 web01
172.16.1.8 web02
172.16.1.9 web03
172.16.1.51 db01 db01.etiantian.org
172.16.1.31 nfs01
172.161.41 backup
172.16.1.61 m01
EOF
2. Change the yum source: add the basic yum source (base) to the local, add epel to the local
3. Turn off selinux
4. Turn off the firewall
5. Time synchronization
yum install -y ntpdate
echo'#time sync by lidao at 2017-03 -08' >>/var/cron/root
echo'*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1' >>/var/spool/cron/root
crontab -1
6, increase the file descriptor
Architecture access process
User access process:
1. The user enters the domain name in the browser
2. The browser takes the domain name to resolve the DNS server
3. The dns server returns the resolved ip to the browser
4. The browser accesses the real server according to the IP
5. The firewall to access the real server
6 , The firewall will pass the request to the load balancer through the intranet switch.
7. The load balancer will evenly distribute the request to the back-end web server.
8. The web server will determine whether it is a dynamic request or a static request.
9. If it is a static request, the web server will go to the file. The server obtains data
10. If it is a dynamic request, the web server will go to the database or cache to obtain the data through the program.
11. The data is returned from the database or nfs server to the web server, the web server returns the data to the load balancer, and the load balancer transmits the data through the firewall Back to browser
Operation and maintenance access process:
1. The administrator connects to the jumper or VPN
2. Connects to the intranet server through the jumper or VPN
3. Checks the server status through zabbix monitoring
4. If there is a problem, connect to the corresponding machine to solve the problem
5. Daily inspections, check the server configuration
6 、Manage backup and backup
data7、Log phone and organize display