针对5000并发连接、1500-3000 QPS的中小型电商/资讯/SAAS类网站,采用高可用分层架构,兼顾稳定性、成本与可扩展性,符合大厂运维规范,无冗余、无短板,可直接上线部署。- 高可用保障:负载均衡双机热备,数据库主从复制,单点故障自动切换,可用性≥99.9%
- 性能目标:页面响应时间≤300ms,接口超时率≤0.1%,支持突发流量弹性扩容
- 机器规划:6台CentOS 7/Rocky Linux 8服务器,内网互通,配置标准化
架构亮点:全程内网通信、无公网暴露风险;分层解耦,单节点故障不影响全局;配置极简,运维成本低,符合大厂中小流量场景部署标准。提升文件句柄、TCP参数,解决高并发下端口耗尽、连接超时问题,一键复制执行即可。# 1. 优化文件描述符限制
cat >> /etc/security/limits.conf <<EOF
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
EOF
# 2. 内核TCP参数优化
cat >> /etc/sysctl.conf <<EOF
fs.file-max = 65535
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
EOF
# 3. 生效配置
sysctl -p
# 关闭防火墙与SELinux(生产环境可精细化放行端口)
systemctl stop firewalld && systemctl disable firewalld
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
1. Nginx主配置 /etc/nginx/nginx.confuser nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 65535;
useepoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off; # 高并发关闭访问日志,提升性能
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
gzip_types text/plain text/css application/json application/javascript;
# Web集群配置
upstream web_cluster {
server 192.168.1.20:80 max_fails=3 fail_timeout=10s;
server 192.168.1.21:80 max_fails=3 fail_timeout=10s;
ip_hash; # 会话保持,适配登录业务
}
server {
listen 80;
server_name _; # 适配所有域名
# 反向代理Web集群
location / {
proxy_pass http://web_cluster;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 3s;
proxy_read_timeout 10s;
}
}
}
2. Keepalived主配置 /etc/keepalived/keepalived.confglobal_defs {
router_id LB01
}
# Nginx健康检查脚本
vrrp_script check_nginx {
script "/etc/keepalived/check_nginx.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface eth0 # 改为实际网卡名(ens33等)
virtual_router_id 51
priority 150 # 优先级高于备机
advert_int 1
authentication {
auth_type PASS
auth_pass 666666
}
virtual_ipaddress {
192.168.1.100/24
}
track_script {
check_nginx
}
}
3. Nginx健康检查脚本 /etc/keepalived/check_nginx.sh#!/bin/bash
# 检测Nginx进程,不存在则关闭Keepalived触发VIP漂移
if ! pgrep nginx >/dev/null; then
systemctl stop keepalived
fi
# 赋权并启动服务
chmod +x /etc/keepalived/check_nginx.sh
systemctl start nginx keepalived
systemctl enable nginx keepalived
Nginx配置与lb01完全一致,仅修改Keepalived配置,实现备机切换。Keepalived备配置 /etc/keepalived/keepalived.confglobal_defs {
router_id LB02
}
vrrp_script check_nginx {
script "/etc/keepalived/check_nginx.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interfaceeth0
virtual_router_id 51
priority 100 # 优先级低于主机
advert_int 1
authentication{
auth_type PASS
auth_pass 666666
}
virtual_ipaddress {
192.168.1.100/24
}
track_script {
check_nginx
}
}
# 启动服务
chmod +x /etc/keepalived/check_nginx.sh
systemctl start nginx keepalived
systemctl enable nginx keepalived
(三)Web节点 web01/web02 配置(两台完全一致)yum install -y nginx php php-fpm php-mysqlnd php-opcache php-gd php-mbstring php-xml
2. Nginx配置 /etc/nginx/nginx.confuser nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections65535;
useepoll;
}
http {
include mime.types;
default_type application/octet-stream;
sendfileon;
keepalive_timeout65;
server {
listen80;
root /var/www/html;
index index.php index.html;
# 解析PHP请求
location~ .php$ {
fastcgi_pass127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# 静态资源缓存
location~* .(jpg|png|css|js|ico)$ {
expires7d;
access_logoff;
}
}
}
3. PHP-FPM配置 /etc/php-fpm.d/www.confuser = nginx
group = nginx
listen = 127.0.0.1:9000
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
# 进程池优化(适配8核16G)
pm = dynamic
pm.max_children = 128
pm.start_servers = 32
pm.min_spare_servers = 16
pm.max_spare_servers = 48
pm.max_requests = 1000# 防止内存泄漏
request_terminate_timeout = 30s
slowlog = /var/log/php-fpm/slow.log
request_slowlog_timeout = 5s
4. PHP核心配置 /etc/php.ini(关键修改)user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 65535;
useepoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off; # 高并发关闭访问日志,提升性能
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
gzip_types text/plain text/css application/json application/javascript;
# Web集群配置
upstream web_cluster {
server 192.168.1.20:80 max_fails=3 fail_timeout=10s;
server 192.168.1.21:80 max_fails=3 fail_timeout=10s;
ip_hash; # 会话保持,适配登录业务
}
server {
listen 80;
server_name _; # 适配所有域名
# 反向代理Web集群
location / {
proxy_pass http://web_cluster;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 3s;
proxy_read_timeout 10s;
}
}
}0
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 65535;
useepoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off; # 高并发关闭访问日志,提升性能
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
gzip_types text/plain text/css application/json application/javascript;
# Web集群配置
upstream web_cluster {
server 192.168.1.20:80 max_fails=3 fail_timeout=10s;
server 192.168.1.21:80 max_fails=3 fail_timeout=10s;
ip_hash; # 会话保持,适配登录业务
}
server {
listen 80;
server_name _; # 适配所有域名
# 反向代理Web集群
location / {
proxy_pass http://web_cluster;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 3s;
proxy_read_timeout 10s;
}
}
}1
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 65535;
useepoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off; # 高并发关闭访问日志,提升性能
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
gzip_types text/plain text/css application/json application/javascript;
# Web集群配置
upstream web_cluster {
server 192.168.1.20:80 max_fails=3 fail_timeout=10s;
server 192.168.1.21:80 max_fails=3 fail_timeout=10s;
ip_hash; # 会话保持,适配登录业务
}
server {
listen 80;
server_name _; # 适配所有域名
# 反向代理Web集群
location / {
proxy_pass http://web_cluster;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 3s;
proxy_read_timeout 10s;
}
}
}2
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 65535;
useepoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off; # 高并发关闭访问日志,提升性能
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
gzip_types text/plain text/css application/json application/javascript;
# Web集群配置
upstream web_cluster {
server 192.168.1.20:80 max_fails=3 fail_timeout=10s;
server 192.168.1.21:80 max_fails=3 fail_timeout=10s;
ip_hash; # 会话保持,适配登录业务
}
server {
listen 80;
server_name _; # 适配所有域名
# 反向代理Web集群
location / {
proxy_pass http://web_cluster;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 3s;
proxy_read_timeout 10s;
}
}
}3
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 65535;
useepoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off; # 高并发关闭访问日志,提升性能
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
gzip_types text/plain text/css application/json application/javascript;
# Web集群配置
upstream web_cluster {
server 192.168.1.20:80 max_fails=3 fail_timeout=10s;
server 192.168.1.21:80 max_fails=3 fail_timeout=10s;
ip_hash; # 会话保持,适配登录业务
}
server {
listen 80;
server_name _; # 适配所有域名
# 反向代理Web集群
location / {
proxy_pass http://web_cluster;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 3s;
proxy_read_timeout 10s;
}
}
}4
1. MySQL安装与主库一致,修改配置 /etc/my.cnfuser nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 65535;
useepoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off; # 高并发关闭访问日志,提升性能
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
gzip_types text/plain text/css application/json application/javascript;
# Web集群配置
upstream web_cluster {
server 192.168.1.20:80 max_fails=3 fail_timeout=10s;
server 192.168.1.21:80 max_fails=3 fail_timeout=10s;
ip_hash; # 会话保持,适配登录业务
}
server {
listen 80;
server_name _; # 适配所有域名
# 反向代理Web集群
location / {
proxy_pass http://web_cluster;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 3s;
proxy_read_timeout 10s;
}
}
}5
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 65535;
useepoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off; # 高并发关闭访问日志,提升性能
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
gzip_types text/plain text/css application/json application/javascript;
# Web集群配置
upstream web_cluster {
server 192.168.1.20:80 max_fails=3 fail_timeout=10s;
server 192.168.1.21:80 max_fails=3 fail_timeout=10s;
ip_hash; # 会话保持,适配登录业务
}
server {
listen 80;
server_name _; # 适配所有域名
# 反向代理Web集群
location / {
proxy_pass http://web_cluster;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 3s;
proxy_read_timeout 10s;
}
}
}6
在web01/web02创建测试文件,验证全链路连通性:user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 65535;
useepoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off; # 高并发关闭访问日志,提升性能
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
gzip_types text/plain text/css application/json application/javascript;
# Web集群配置
upstream web_cluster {
server 192.168.1.20:80 max_fails=3 fail_timeout=10s;
server 192.168.1.21:80 max_fails=3 fail_timeout=10s;
ip_hash; # 会话保持,适配登录业务
}
server {
listen 80;
server_name _; # 适配所有域名
# 反向代理Web集群
location / {
proxy_pass http://web_cluster;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 3s;
proxy_read_timeout 10s;
}
}
}7
访问 http://192.168.1.100/test.php,页面正常显示即部署成功。- 监控告警:部署Prometheus+Grafana,监控CPU、内存、连接数、MySQL主从延迟
- 数据备份:从库每日定时全量备份,保留7天,防止数据丢失
- 扩容方案:并发上涨时,直接新增Web节点,添加至Nginx upstream即可
- 安全加固:生产环境开启防火墙,仅放行80、3306、22端口,修改默认端口
还没有评论,来说两句吧...