nginx+tomcat+pgsql+redis离线部署过程

gcc pcre-devel openssl-devel zlib-devel离线安装包: 包含云盘地址.txt

离线部署java+nginx+tomcat+pgsql+redis.zip:

• 城通网盘: https://url86.ctfile.com/f/15666686-859830438-baa3a9?p=2048 (访问密码: 2048)

• 阿里云网盘(城通速度慢可以选这个): https://www.aliyundrive.com/s/EjCHtEJyCbu

阿里云分享云盘不允许分享压缩包, 我是通过勾选创建自释放程序压缩出来的exe, 而后改的后缀名. 如果遇到解压不出, 可以将后缀名改回exe尝试一下

方法参考: https://www.bilibili.com/read/cv17830919

nginx

• 复制 gcc-and-other 目录到/opt下

• 其中包括gcc pcre-devel openssl-devel zlib-devel, 安装redis和nginx过程需要编译

• 进入gcc-and-other目录下, 执行rpm -ivh *.rpm --nodeps --force

• 复制nginx-1.22.1.tar.gz到/opt/下

• 移动至opt下: cd /opt

• 解压: tar -zxvf nginx-1.22.1.tar.gz

• 进入: cd nginx-1.22.1/

• 配置: ./configure

• 编译: make

• 安装: make install, 默认安装目录在/usr/local/nginx

• 切换到安装目录: cd /usr/local/nginx

• 修改配置文件: vim /conf/nginx.conf

  • 添加upstream mysservers节点

  # http下与server同级的地方
  upstream myservers {
  	# 可多个
  	# 输入ip端口和权重
  	server loocalhost:80 weight=1;
  }
  

  • 在server节点下的location中注入

  server {
  	listen 80;
  	server_name: localhost;
  
  	location / {
  		proxy_pass http://myservers;
  		proxy_redirect default;
  		#root html;
  		#index index.html index.htm;
  	}
  }
  

• 注册service

  • 添加服务文件: vim /etc/systemd/system/nginx.service

  [Unit]
  Description=Nginx HTTP Server
  After=network.target
  
  [Service]
  Type=forking
  PIDFile=/usr/local/nginx/logs/nginx.pid
  ExecStartPre=/usr/local/nginx/sbin/nginx -t
  ExecStart=/usr/local/nginx/sbin/nginx
  ExecReload=/usr/local/nginx/sbin/nginx -s reload
  ExecStop=/usr/local/nginx/sbin/nginx -s stop
  PrivateTmp=true
  
  [Install]
  WantedBy=multi-user.target
  

  • 可通过一下命令控制nginx

    • 刷新service的配置: systemctl daemon-reload

    • 开机自启: systemctl enable nginx

    • 启动: systemctl start nginx

    • 重新加载配置文件: systemctl reload nginx

    • 关闭: systemctl stop nginx

    • 查看运行状态: systemctl status nginx

• 防火墙放行

  • 查看防火墙状态: systemctl status firewalld, 未启动的话启动一下

  • 添加端口放行: firewall-cmd --add-port=80/tcp --permanent

  • 刷新防火墙配置: firewall-cmd --reload

• 启动nginx后在浏览器进行访问查看是否转发到目标服务器上; 也可以在配置转发之前查看启动是否正常, 但是修改配置文件后需要重启获取使用reload指令进行配置文件重载才可.

keepalived

参考:

• 去https://www.keepalived.org/download.html上下载最新安装包

• 复制到/opt下

• 解压: tar -zxvf keepalived-2.2.7.tar.gz

• 进入目录: cd keepalived-2.2.7/

• 配置: ./configure --prefix=/usr/local/keepalived, 指定安装目录

• 编译: make

• 安装: make install

• 进入安装目录: cd /usr/local/keepalived/

会自动生成:

drwxr-xr-x. 2 root root 21 May  5 03:19 bin
drwxr-xr-x. 4 root root 41 May  5 03:19 etc
drwxr-xr-x. 2 root root 24 May  5 03:19 sbin
drwxr-xr-x. 5 root root 40 May  5 03:19 share

• 新建配置文件(同目录下有配置文件的demo可参考): vim ./etc/keepalived/keepalived.conf

  备用服务器上的state 填入BACK_UP, 优先级小一点. 其他一样

  ! Configuration File for keepalived
  
  # 定义虚拟路由, 必须叫VI_1
  vrrp_instance VI_1 {
  	state MASTER #设置为主服务器, 备份服务器设置为BACKUP
  	interface eth0 #监控的网络接口(ifconfig或者ip addr指令找出网卡)
  	priority 100 #(优先级, 主机大一点, 备份机小一点)
  	virtual_router_id 99 #同一个vrrp_instance下routerId必须是一致的
  
  	authentication {
  		auth_type PASS #vrrp认证方式主备必须一致
  		auth_pass 12345 #密码
  	}
  
  	virtual_ipaddress {
  		127.0.0.88 #虚拟ip, 主从一致, 可配置多个
  	}
  }
  

• 修改service

  使用离线方式安装keepalived后会自动生成keepalived.service文件位置在: /usr/lib/systemd/system/keepalived.service

  注: 一般系统的或者安装程序自动生成的service文件会在/usr/lib/systemd/system下

  用户自己配置的service一般会放在/etc/systemd/system/下, 两个目录下都可以用systemctl命令操作到.

  • 默认的keepalived.service文件

  [Unit]
  Description=LVS and VRRP High Availability Monitor
  After=network-online.target syslog.target
  Wants=network-online.target
  Documentation=man:keepalived(8)
  Documentation=man:keepalived.conf(5)
  Documentation=man:genhash(1)
  Documentation=https://keepalived.org
  
  [Service]
  Type=forking
  PIDFile=/run/keepalived.pid
  KillMode=process
  EnvironmentFile=-/usr/local/keepalived/etc/sysconfig/keepalived
  ExecStart=/usr/local/keepalived/sbin/keepalived  $KEEPALIVED_OPTIONS
  ExecReload=/bin/kill -HUP $MAINPID
  
  [Install]
  WantedBy=multi-user.target
  

  • 修改后的keepalived.service文件

  需要修改ExecStart命令后指向配置文件位置. -f /path/to/keepalived.conf

  (因为默认的配置文件都在/usr/local/keepalived/etc/内, 就没有往/etc/keepalived/内复制)

  [Unit]
  Description=LVS and VRRP High Availability Monitor
  After=network-online.target syslog.target
  Wants=network-online.target
  Documentation=man:keepalived(8)
  Documentation=man:keepalived.conf(5)
  Documentation=man:genhash(1)
  Documentation=https://keepalived.org
  
  [Service]
  Type=forking
  PIDFile=/run/keepalived.pid
  KillMode=process
  EnvironmentFile=-/usr/local/keepalived/etc/sysconfig/keepalived
  ExecStart=/usr/local/keepalived/sbin/keepalived  $KEEPALIVED_OPTIONS -f /usr/local/keepalived/etc/keepalived/keepalived.conf
  ExecReload=/bin/kill -HUP $MAINPID
  
  [Install]
  WantedBy=multi-user.target
  

• 使用systemctl控制

  • 重新加载service文件: systemctl daemon-reload

  • 设置开机自启: systemctl enable keepalived

  • 启动: systemctl start keepalived

  • 重启: systemctl restart keepalived

  • 关闭: systemctl stop keepalived

  • 查看运行状态: systemctl status keepalived

• keepalived的默认日志在/var/log/messages下, 修改日志方法参考https://jingyan.baidu.com/article/c146541357d2fa4afdfc4c02.html, 此处就不修改了, 将服务器交给systemctl管理后, 看systemctl的日志即可.

• 防火墙放行vrrp通信: firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent

• 防火墙重载: firewall-cmd --reload

• 检查通信是否正常: tcpdump -i eth0-nn host 224.0.0.18, 只有一个等级高为正常

• 通过访问虚拟ip查看是否由正在工作的主或备来处理ip内的请求.

• 具体安装步骤见另一篇博客: keepalived的简单使用

pgsql14

• 复制pgsql文件夹到/opt/下

• 安装libicu, 指令: rpm -ivh libicu-50.2-4.el7_7.x86_64.rpm

• 安装pgsql, 按照顺序执行

  • rpm -ivh postgresql14-libs-14.4-1PGDG.rhel7.x86_64.rpm

  • rpm -ivh postgresql14-14.4-1PGDG.rhel7.x86_64.rpm

  • rpm -ivh postgresql14-server-14.4-1PGDG.rhel7.x86_64.rpm

• 初始化数据库: /usr/pgsql-14/bin/postgresql-14-setup initdb

• 启动

  • systemctl enable postgresql-14

  • systemctl start postgresql-14

• 修改密码

  • 切换用户: su postgres

  • 切换sql模式: psql

  • 修改密码: alter user postgres with password 'admin123';

  • 退出: \q

  • 切换会root: su root

• 修改配置文件

  • 监听和端口 vim /var/lib/pgsql/14/data/postgresql.conf

    • 监听修改成*: listen_addresses = '*'

    • 端口放开: port=5432

  • 添加ipv4规则: vim /var/lib/pgsql/14/data/pg_hba.conf, 添加一行

    host        all        all        0.0.0.0/0       md5
    

• 重新启动: systemctl restart postgres-14

• 端口放行

  • 放行: firewall-cmd --add-port=5432/tcp --permanent

  • 重载: firewall-cmd --reload

• navicat测试链接

mysql8

安装参考: https://blog.csdn.net/millery22/article/details/124410947

• 下载离线安装包 https://downloads.mysql.com/archives/community/

  • 版本: 8.0.32(安装时最新版本)
  • 操作系统: Red Hat Enterprise Linux / Oracle Linux
  • 系统版本: Red Hat Enterprise Linux 7 / Oracle Linuc 7 (x86, 64-bit)(centos 7.9 64位)
  • 安装包: Compressed TAR Archive (mysql-8.0.32-el7-x86_64.tar.gz)

• 准备工作

  • 将安装包mysql-8.0.32-el7-x86_64.tar.gz复制到服务器上的/opt内

  • 解压: tar -zxvf mysql-8.0.32-el7-x86_64.tar.gz

  • 重命名: mv mysql-8.0.32-el7-x86_64 mysql

  • 移动到/usr/local下: mv mysql /usr/local

• 卸载mariadb

  • 查看是否存在: rpm -qa | grep mariadb

  • 卸载: rpm -e --nodeps mariadb-libs

• 创建mysql用户和用户组

  • groupadd mysql

  • useradd -g mysql mysql

• 给/usr/local/mysql 目录付给mysql用户权限权限: chown -R mysql:mysql mysql/

• 创建配置文件: vim /etc/my.cnf, 其中local_case_table_names=1是忽略大小写

  [mysql]
  default-character-set=utf8mb4
  [client]
  #port=3306
  socket=/var/lib/mysql/mysql.sock
  
  [mysqld]
  user=mysql
  general_log = 1
  general_log_file= /var/log/mysql/mysql.log
  socket=/var/lib/mysql/mysql.sock
  basedir=/usr/local/mysql/
  datadir=/usr/local/mysql/data
  log-bin=/usr/local/mysql/data/mysql-bin
  innodb_data_home_dir=/usr/local/mysql/data
  innodb_log_group_home_dir=/usr/local/mysql/data/
  character-set-server=utf8mb4
  lower_case_table_names=1
  autocommit=1
  default_authentication_plugin=mysql_native_password
  
  symbolic-links=0
  # Disabling symbolic-links is recommended to prevent assorted security risks
  # Settings user and group are ignored when systemd is used.
  # If you need to run mysqld under a different user or group,
  # customize your systemd unit file for mariadb according to the
  # instructions in http://fedoraproject.org/wiki/Systemd
  
  [mysqld_safe]
  log-error=/usr/local/mysql/data/mysql.log
  pid-file=/usr/local/mysql/data/mysql.pid
  
  #
  # include all files from the config directory
  

• 配置文件设置权限: chown 777 /etc/my.cnf

• 环境变量

  • 打开: vim /etc/profile

  • 最后添加: export PATH=$PATH:/usr/local/mysql/bin:/usr/local/mysql/lib

  • 生效: source /etc/profile

• 初始化: /usr/local/mysql/bin/mysqld --user=mysql --basedir=/usr/local/mysql/ --datadir=/usr/local/mysql/data/ --initialize

  输出日志:

  2023-04-18T06:52:34.464698Z 0 [Warning] [MY-011070] [Server] 'Disabling symbolic links using --skip-symbolic-links (or equivalent) is the default. Consider not using this option as it' is deprecated and will be removed in a future release.
  2023-04-18T06:52:34.464786Z 0 [Warning] [MY-010918] [Server] 'default_authentication_plugin' is deprecated and will be removed in a future release. Please use authentication_policy instead.
  2023-04-18T06:52:34.464809Z 0 [System] [MY-013169] [Server] /usr/local/mysql/bin/mysqld (mysqld 8.0.32) initializing of server in progress as process 11924
  2023-04-18T06:52:34.480151Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
  2023-04-18T06:52:34.946560Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
  2023-04-18T06:52:36.589592Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: fGzmjdZXj0<p
  

  最后一行是默认密码

• 复制mysql 执行文件, 并赋予执行权限, 先进去cd ./mysql

  cp -a ./support-files/mysql.server /etc/init.d/mysql 
  cp -a ./support-files/mysql.server /etc/init.d/mysqld
  chmod +x /etc/init.d/mysql
  chmod +x /etc/init.d/mysqld
  

• mysql socket文件

  • 创建目录: mkdir /var/lib/mysql

  • 赋用户: chown -R mysql:mysql /var/lib/mysql

• 通过service操作 (start | stop | restart | reload | force-reload | status)

  • 启动: service mysql start

  • 重启: service mysql restart

  • 停止: service mysql stop

• 启动起来, 修改密码

  • 进去MySQL: /usr/local/mysql/bin/mysql -p 回车输入密码(初始化数据时有)

  • 修改密码: ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'admin123';

  • 刷新: flush privileges;

  • exit退出, 再次连接测试密码

• 配置远程连接, 需要是登录进状态

  • 进去mysql库: use mysql;

  • 更改访问限制: update user set host='%' where user = 'root';

  • 退出, 重启服务: service mysql restart

• 端口放行

  • 放行: firewall-cmd --add-port=3306/tcp --permanent

  • 重载: firewall-cmd --reload

• navicat测试连接

• 配置service, 创建mysql.service: vim /etc/systemd/system/mysql.service

  [Unit]
  Description=MySQL Server
  After=network.target
  
  [Service]
  Type=forking
  User=mysql
  ExecStart=/etc/init.d/mysql start
  ExecStop=/etc/init.d/mysql stop
  
  [Install]
  WantedBy=multi-user.target
  

• 关闭之前的mysql: service mysql stop

• 重载: systemctl daemon-reload

• 配置自启: systemctl enable mysql

• 启动: syatemctl start mysql

redis7

• 复制 gcc-and-other 目录到/opt下

其中包括gcc pcre-devel openssl-devel zlib-devel, 安装redis过程需要编译

• 进入gcc-and-other目录下, 执行rpm -ivh *.rpm --nodeps --force

• 复制redis-7.0.4.tar.gz到/opt下

• 解压: tar -zxvf redis-7.0.4.tar.gz

• 进入目录: cd redis-7.0.4

• 编译: make

• 安装: make install PREFIX=/usr/local/redis, 会在/usr/local/redis下生成bin目录

• 复制一份redis配置文件: cp redis.conf /usr/local/redis/bin/

• 修改配置文件 vim /usr/local/redis/bin/redis.conf

  • 守护进程: daemonize yes

  • 关闭只允许本地: # bind 127.0.0.1 或者改成 0.0.0.0

  • 关闭保护模式: protected-mode no

  • 端口: port 6379

  • 密码: requirepass admin123

  • 日志: logfile "/usr/local/redis/bin/redislog" // 路径不存在需要手动创建

• 配置redis.service

  • vim /etc/systemd/system/redis.service

    [Unit]
    Description=redis-server
    After=network.target
    
    [Service]
    Type=forking
    ExecStart=/usr/local/redis/bin/redis-server /usr/local/redis/bin/redis.conf
    PrivateTmp=true
    
    [Install]
    WantedBy=multi-user.target
    

• systemctl 相关指令

  • 刷新: systemctl daemon-reload

  • 启动: systemctl start redis

  • 关闭: systemctl stop redis

  • 重启: systemctl restart redis

  • 自启: systemctl enable redis

  • 关闭自启: systemctl disable redis

  • 查看状态: systemctl status redis

  • 查看redis.service日志: journalctl -u redis.service

  • 查看脚本内容: systemctl cat redis或cat dir/redis.service

• 端口放行

  • 放行: firewall-cmd --add-port=6379/tcp --permanent

  • 重载: firewall-cmd --reload

• redis图形操作测试, 如rdm: https://codor.lanzoue.com/idvHXprxrpc

tomcat8

• 复制文件apache-tomcat-8.5.81.tar.gz到/usr/local下

• 解压文件apache-tomcat-8.5.81.tar.gz, 指令tar -zxvf apache-tomcat-8.5.81.tar.gz

• 重命名mv apache-tomcat-8.5.81.tar.gz tomcat

• 创建tomcat.service, vi /etc/systemd/system/tomcat.service, 并输入:

  [Unit]
  Description=Tomcat Web Application Container
  After=syslog.target network.target
  
  [Service]
  Type=forking
  
  Environment=JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.181-7.b13.el7.x86_64/
  Environment=CATALINA_PID=/usr/local/tomcat/temp/tomcat.pid
  Environment=CATALINA_HOME=/usr/local/tomcat/
  Environment=CATALINA_BASE=/usr/local/tomcat/
  Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
  
  ExecStart=/usr/local/tomcat/bin/startup.sh
  ExecStop=/usr/local/tomcat/bin/shutdown.sh
  
  User=root
  Group=root
  UMask=0007
  RestartSec=10
  Restart=always
  
  [Install]
  WantedBy=multi-user.target
  

• 常用指令

  • 启用: systemctl enable tomcat

  • 开启: systemctl start tomcat

  • 查看状态: systemctl status tomcat

  • 停止: systemctl stop tomcat

  • 重启: systemctl restart tomcat

• 检查是否启动成功:curl localhost:8080

• 查看日志 tail /usr/local/tomcat/logs/catalina.out

• 修改session时间, /usr/local/tomcat/conf/web.xml(修改此文件不需要重启tomcat)

  <session-config>
      <!-- change by codor and from 30 -->
      <session-timeout>720</session-timeout>
  </session-config>
  

• 端口放行

  • 放行 firewall-cmd --add-port=8080/tcp --permanent

  • 重启 firewall-cmd --reload

  • 检查, 同局域网内其他机器上curl ip:8080