本教程介绍了使用ISPConfig 3控制面板在Debian 8上安装用于冗余,高可用性和负载平衡的群集Web,电子邮件,数据库和DNS服务器。 MySQL Master / Master复制将用于在服务器之间复制MySQL客户端数据库,Unison将用于同步/ var / www (网站),邮件将与Dovecot同步 。
1总则
在这个设置中,将有一个主服务器(运行ISPConfig控制面板界面)和一个从服务器镜像Web(apache),电子邮件(Postfix和dovecot),dns(绑定)和数据库(MySQL或MariaDB)服务的主服务器。
要安装群集设置,我们需要两个服务器,其中包含Debian 8.4最低安装和相同的ISPConfig版本。
在我的例子中,我使用以下两个服务器的主机名和IP地址:
主服务器
主机名: server1.example.tld
IP地址: 192.168.0.105
IPv6地址: 2001:db8 :: 1
从服务器
主机名: server2.example.tld
IP地址: 192.168.0.106
IPv6地址: 2001:db8 :: 2
无论这些主机名或IP地址发生在下一个安装步骤中,您都必须更改它们以匹配服务器的IP和主机名。
所有命令必须以root用户身份运行。 如果您需要使用MySQL的root密码更改MySQL登录到MySQL中:
mysql -u root -p
2安装主服务器
首先我们需要在主服务器上安装ISPConfig。 如果您已经在此服务器上安装了ISPConfig,则可以跳过安装( 确保现有安装是最新的 )。
根据The Perfect Server - Debian 8.4 Jessie(Apache2,BIND,Dovecot,ISPConfig 3.1)在主服务器上安装ISPConfig。
将从服务器添加到/ etc / hosts文件
vi /etc/hosts
所以看起来像:
127.0.0.1 localhost 192.168.0.105 server1.example.tld server1
2001:db8::1 server1.example.tld server1 192.168.0.106 server2.example.tld
2001:db8::2 server2.example.tld # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts
3准备从服务器
从完美的服务器 - Debian 8.4 Jessie(Apache2,BIND,Dovecot,ISPConfig 3.1)运行第1步 - 19 。
不要在server2上安装ISPConfig。
将主服务器添加到/ etc / hosts文件
vi /etc/hosts
所以看起来像:
127.0.0.1 localhost 192.168.0.105 server1.example.tld
2001:db8::1 server1.example.tld 192.168.0.106 server2.example.tld server2
2001:db8::2 server2.example.tld server2 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts
4无钥匙从Server1登录到Server2
在server2上:
我们允许使用密码临时登录到server2。 打开/ etc / sshd_config:
vi /etc/ssh/sshd_config
并改变
PermitRootLogin without-password
至
PermitRootLogin yes
之后重新启动ssh-daemon:
service ssh restart
在server1上:
创建私钥/公钥对:
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): <-- ENTER
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): <-- ENTER
Enter same passphrase again: <-- ENTER
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
f3:d0:62:a7:24:6f:f0:1e:d1:64:a9:9f:12:6c:98:5a root@server1
The key's randomart image is:
+---[RSA 2048]----+
| |
| . |
| + |
| + * |
| E S + |
| o O @ . |
| . B + |
| o o |
| . |
+-----------------+
重要的是,您不要输入密码,否则在没有人工交互的情况下镜像将无法正常工作,因此只需按ENTER键!
接下来,我们将公钥复制到server2.example.tld:
ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.0.106
The authenticity of host '192.168.0.106 (192.168.0.106)' can't be established.
ECDSA key fingerprint is 25:d8:7a:ee:c2:4b:1d:92:a7:3d:16:26:95:56:62:4e.
Are you sure you want to continue connecting (yes/no)? <-- yes(you will see this only if this is the first time you connect to server2)
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.0.106's password: <- enter root password from server2
现在尝试登录机器:
ssh root@192.168.0.106
并检查/root/.ssh/authorized_keys以确保我们没有添加您不期待的额外的密钥。
cat /root/.ssh/authorized_keys
ssh-dss AAAAB3NzaC1kc3MAAACBAPhiAexgEBexnw0rFG8lXwAuIsca/V+lhmv5lhF3BqUfAbL7e2sWlQlGhxZ8I2UnzZK8Ypffq6Ks+lp46yOs7MMXLqb7JBP9gkgqxyEWqOoUSt5hTE9ghupcCvE7rRMhefY5shLUnRkVH6hnCWe6yXSnH+Z8lHbcfp864GHkLDK1AAAAFQDddQckbfRG4C6LOQXTzRBpIiXzoQAAAIEAleevPHwi+a3fTDM2+Vm6EVqR5DkSLwDM7KVVNtFSkAY4GVCfhLFREsfuMkcBD9Bv2DrKF2Ay3OOh39269Z1rgYVk+/MFC6sYgB6apirMlHj3l4RR1g09LaM1OpRz7pc/GqIGsDt74D1ES2j0zrq5kslnX8wEWSHapPR0tziin6UAAACBAJHxgr+GKxAdWpxV5MkF+FTaKcxA2tWHJegjGFrYGU8BpzZ4VDFMiObuzBjZ+LrUs57BiwTGB/MQl9FKQEyEV4J+AgZCBxvg6n57YlVn6OEA0ukeJa29aFOcc0inEFfNhw2jAXt5LRyvuHD/C2gG78lwb6CxV02Z3sbTBdc43J6y root@server1.example.tld
使用密码禁用root登录。 打开/ etc / sshd_config:
vi /etc/ssh/sshd_config
并改变
PermitRootLogin yes
至
PermitRootLogin without-password
之后重新启动ssh-daemon:
service ssh restart
从server2注销:
exit
logout
Connection to 192.168.0.106 closed.
我们现在回到server1。
