Chinay 服务器系统架构

铭文龙羽

ChinaY是一家大学生个性社区网站，定位于全国2000万在校大学生，以严格的实名制为招牌，为用户提供博客、相册、校园问答、许愿、竞猜、测试、竞选、漂流瓶、物品、群落、招贴、讨论区等服务。

本文档描述ChinaY早期的系统架构, 旨在帮助大家技术交流和学习.

原文地址: http://enissue.com/archive/89


Chinay 服务器系统结构文档………………………………………………………………………………. 1

目录…………………………………………………………………………………………………………. 1

系统概述…………………………………………………………………………………………………… 1

动态集群web服务器………………………………………………………………………………….. 2

Apache 安装………………………………………………………………………………………. 2

Tomcat 安装…………………………………………………………………………………….. 2

Apache 与Tomcat集成……………………………………………………………………….. 5

Tomcat 的集群及其他相关配置……………………………………………………………… 7

数据中心服务…………………………………………………………………………………………… 28

Mysql 安装……………………………………………………………………………………….. 28

Mysql 启动……………………………………………………………………………………….. 28

Mysql 配置……………………………………………………………………………………….. 29

文件共享…………………………………………………………………………………………………. 33

NFS文件系统安装………………………………………………………………………………. 33

应用服务器配置………………………………………………………………………………….. 33

安全控制…………………………………………………………………………………………… 37

实施 (参见实施文档)
系统概述

Chinay 服务器系统是由最少4台服务器组成，建议使用RedHat Enterprise Linux AS 3 UP 4 操作系统。系统由Apache 结合多个Tomcat提供负载均衡的动态Web服务，多个Mysql提供分载请求的数据中心服务，NFS网络文件系统提供数据共享和数据一致性的文件共享服务组成。( 参见下图)

art.PNG

下面将按分为“动态集群web服务”、“数据中心服务”和“文件共享”三个部分阐述系统服务器的搭建。
动态集群web服务器
Apache 安装
一。所需软件

httpd-2.0.46-44.ent.rpm
二。安装方法

#rpm -ivh http-2.0.46-44.ent.rpm
三。启动方法

#chkconfig httpd on

#service httpd start
四。测试方法

# links http://127.0.0.1 可以看到Redhat web测试页
Tomcat 安装
一。所需软件

j2sdk-1_4_2

jakarta-tomcat-5.0
二。JAVA环境的安装

#rpm -ivh j2sdk-1_4_2_06-linux-i586.rpm

这样java sdk将安装到系统/usr/java/j2sdk1.4.2_06中
三。Tomcat的安装

#tar -zxvf jakarta-tomcat-5.0.26.tar.gz -C /home

这样 tomcat 将安装到系统/home/jakarta-tomcat-5.0.26中
四。配置Tomcat的启动

在/etc/init.d目录下重建脚本tomcat( 如果在同一台服务器上跑多个tomcat请保证启动脚本名有所区别)

#vi /etc/init.d/tomcat

#/bin/bash

#

# /etc/rc.d/init.d/tomcat

#

# Starts the tomcat daemon

# Write By Kevin Zou 2005/02/25

#

# chkconfig: 345 87 16

# description: Tomcat is a JAVA World Wide Web server. It is used to serve \

# JSP files .

# processname: tomcat or tomcatX

. /etc/init.d/functions

# Set default PATH

CATLAIR=”/home/jakarta-tomcat-5.0.26″

JAVA_HOME=”/usr/java/j2sdk1.4.2_06″

#Set other variable

UPTOMCAT=”$CATLAIR/bin/startup.sh”

DOWNTOMCAT=”$CATLAIR/bin/shutdown.sh”

CLASSPATH=”$JAVA_HOME/libJAVA_HOME/jre/lib”

CATALINA_BASE=”$CATLAIR”

CATALINA_HOME=”$CATLAIR”

PATH=”$JAVA_HOME/binJAVA_HOME/jre/binPATH”

#Set java 2D picture display

DISPLAY=211.157.1.230:1.0

CATALINA_OPTS=”-Djava.awt.headless=true”

export DISPLAY CATALINA_OPTS BASH_ENV PATH JAVA_HOME CLASSPATH CATALINA_BASE CATALINA_HOME JAVAHOME

prog=$(bashname $0)

RETVAL=0

#

# See how we were called.

#

start() {

echo $”Starting $prog: “

cd $CATLAIR ; $UPTOMCAT && success || failure

RETVAL=$?

echo

[ $RETVAL = 0 ] && touch /var/lock/subsys/$prog

return $RETVAL

}

stop() {

echo $”Stopping $prog: “

cd $CATLAIR ; $DOWNTOMCAT && success || failure

RETVAL=$?

echo

[ $RETVAL = 0 ] && rm -f /var/lock/subsys/$prog

}

restart() {

stop

echo $”Normal startup will continue in 3 seconds.”

sleep 3

start

}

case “$1″ in

start)

start

;;

stop)

stop

;;

restart)

restart

;;

status)

status java

;;

*)

echo $”Usage: $0 {start|stop|status|restart}”

exit 1

esac

exit $RETVAL

以上为tomcat启动脚本， 编辑存盘后执行以下操作

# chmod 766 /etc/init.d/tomcat

# chckconfig –add tomcat

# service tomcat start
五。测试方法

#links http://127.0.0.1:8080 查看是否有tomcat的测试页
Apache 与Tomcat集成
一。所需软件

jakarta-tomcat-connectors-jk2-src-current.tar.gz

与已安装httpd同版本的apache源码,以下以2.0.46为例
二。安装方法
编译apache 产生apxs文件

#tar zxvf httpd-2.0.46.tar.gz -C /tmp

#cd /tmp/httpd-2.0.46

#./configure -prefix=/usr/local/apache2 -enable-so

#make

#make install
编译 jk2 产生 mod_jk2.so

#tar zxvf jakarta-tomcat-connectors-jk2-src-current.tar.gz -C /tmp

#cd /tmp/jakarta-tomcat-connectors-jk2-src-current/jk/native2

#./configure –with-apxs2=/usr/local/apache2/bin/apxs

#make

#cd ../build/jk2/apache2

#/usr/local/apache2/bin/apxs -n jk2 -i mod_jk2.so

现在可以看到mod_jk2.so文件已经在你的/usr/lib/httpd/modules/ 中了

编辑/etc/httpd/conf/httpd.conf,添加

LoadModule jk2_module modules/mod_jk2.so

然后保存
集成配置文件workers2.properties

在/etc/httpd/conf/中新建文件workers2.properties

# vi workers2.properties

# Define the communication channel

[channel.socket:localhost:8009]

info=Ajp13 forwarding over socket

tomcatId=localhost:8009

# Map the Tomcat examples webapp to the Web server uri space

[uri:/*.jsp]

info=Map the whole webapp

三。启动方法

启动顺序时apache → tomcat

#service httpd start

#service tomcat start
四。测试方法

#links http://127.0.0.1 显示为RedHat apache测试页

#links http://127.0.0.1/index.jsp 显示为tomcat 测试页
Tomcat 的集群及其他相关配置
一。配置方法
修改集成配置文件

登录apache 所在服务器，并修改/etc/httpd/conf/workers2.properties

#vi /etc/httpd/conf/workers2.properties

#Shm file

[shm]

info=This is the Scoreboard.

debug=0

disabled=0

file=/var/log/httpd/jk2.shm

size=1048576

#First tomcat of cluster cation channel

[channel.socket:tomcat1]

port=8009

host=127.0.0.1

[ajp13:tomcat1]

channel=channel.socket:tomcat1

#Second tomcat of cluster cation channel

[channel.socket:tomcat2]

port=8010

host=127.0.0.1

[ajp13:tomcat2]

channel=channel.socket:tomcat2

#Nnd tomcat of cluster cation channel

#[channel.socket:tomcatN]

#port=80xx

#host=x.x.x.x

#[ajp13:tomcatN]

#channel=channel.socket:tomcatN

#Define your workers

[lb:lb1]

worker=ajp13:tomcat1

worker=ajp13:tomcat2

#worker=ajp13:tomcatN

#

# Map the Tomcat examples webapp to the Web server uri space

[uri:/*.jsp]

info=Map the whole webapp jsp

group=lb:lb1

[uri:/*.shtml]

info=Map the whole webapp shtml

group=lb:lb1
修改Tomcat Session同步配置文件

1.登录其中一台tomcat服务器，编辑$CATLAIR/conf/server.xml

#vi $CATLAIR/conf/server.xml

<!– These are more than one tomcat at one computer, set this port no same –>

<Server port=”8006″ shutdown=”SHUTDOWN” debug=”0″>

<Listener className=”org.apache.catalina.mbeans.ServerLifecycleListener”

debug=”0″/>

<Listener className=”org.apache.catalina.mbeans.GlobalResourcesLifecycleListener”

debug=”0″/>

<GlobalNamingResources>

<Environment name=”simpleValue” type=”java.lang.Integer” value=”30″/>

<Resource name=”UserDatabase” auth=”Container”

type=”org.apache.catalina.UserDatabase”

description=”User database that can be updated and saved”>

</Resource>

<ResourceParams name=”UserDatabase”>

<parameter>

<name>factory</name>

<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>

</parameter>

<parameter>

<name>pathname</name>

<value>conf/tomcat-users.xml</value>

</parameter>

</ResourceParams>

</GlobalNamingResources>

<Service name=”Catalina”>

<!– These are more than one tomcat at one computer, set this port no same –>

< Connector port=”8080″

maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″

enableLookups=”false” redirectPort=”8443″ acceptCount=”100″

debug=”0″ connectionTimeout=”20000″

disableUploadTimeout=”true” / >

<!– Set this port same as your apache workers.properties file set –>

<Connector port=”8009″

enableLookups=”false” redirectPort=”8443″ debug=”0″ URIEncoding=”GBK”

protocol=”AJP/1.3″ />

<Engine name=”Catalina” defaultHost=”localhost” debug=”0″>

<Logger className=”org.apache.catalina.logger.FileLogger”

prefix=”catalina_log.” suffix=”.txt”

timestamp=”true”/>

<Realm className=”org.apache.catalina.realm.UserDatabaseRealm”

debug=”0″ resourceName=”UserDatabase”/>

<Host name=”localhost” debug=”0″ appBase=”webapps”

unpackWARs=”true” autoDeploy=”true”

xmlValidation=”false” xmlNamespaceAware=”false”>

<Cluster

className=”org.apache.catalina.cluster.tcp.SimpleTcpCluster”

managerClassName=”org.apache.catalina.cluster.session.DeltaManager”

expireSessionsOnShutdown=”false”

useDirtyFlag=”true”>

<Membership

className=”org.apache.catalina.cluster.mcast.McastService”

mcastAddr=”228.0.0.4″

<!– Set this port no same –>

mcastPort=”45564″

mcastFrequency=”500″

mcastDropTime=”3000″/>

<Receiver

className=”org.apache.catalina.cluster.tcp.ReplicationListener”

tcpListenAddress=”10.10.10.133″

tcpListenPort=”4001″

tcpSelectorTimeout=”100″

tcpThreadCount=”6″/>

<Sender

className=”org.apache.catalina.cluster.tcp.ReplicationTransmitter”

replicationMode=”synchronous”/>

<Valve className=”org.apache.catalina.cluster.tcp.ReplicationValve”

filter=”.*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;”/>

<Deployer className=”org.apache.catalina.cluster.deploy.FarmWarDeployer”

tempDir=”/tmp/war-temp/”

deployDir=”/tmp/war-deploy/”

watchDir=”/tmp/war-listen/”

watchEnabled=”false”/>

</Cluster>

<Valve className=”org.apache.catalina.valves.AccessLogValve”

directory=”logs” prefix=”localhost_access_log.” suffix=”.txt”

pattern=”common” resolveHosts=”false”/>

<Logger className=”org.apache.catalina.logger.FileLogger”

directory=”logs” prefix=”localhost_log.” suffix=”.txt”

timestamp=”true”/>

</Host>

</Engine>

</Service>

</Server>

另一个tomcat 修改相应的部分就可了。

铭文龙羽

2.登录其中一台tomcat服务器，编辑$CATLAIR/conf/server.xml

<?xml version=”1.0″ encoding=”ISO-8859-1″?>

<!DOCTYPE web-app

PUBLIC “-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN”

“http://java.sun.com/dtd/web-app_2_3.dtd”>

<web-app>

<servlet>

<servlet-name>default</servlet-name>

<servlet-class>

org.apache.catalina.servlets.DefaultServlet

</servlet-class>

<init-param>

<param-name>debug</param-name>

<param-value>0</param-value>

</init-param>

<init-param>

<param-name>listings</param-name>

<param-value>false</param-value>

</init-param>

<load-on-startup>1</load-on-startup>

</servlet>

<servlet>

<servlet-name>jsp</servlet-name>

<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>

<init-param>

<param-name>fork</param-name>

<param-value>false</param-value>

</init-param>

<init-param>

<param-name>xpoweredBy</param-name>

<param-value>false</param-value>

</init-param>

<load-on-startup>3</load-on-startup>

</servlet>

<servlet>

<servlet-name>ssi</servlet-name>

<servlet-class>

org.apache.catalina.ssi.SSIServlet

</servlet-class>

<init-param>

<param-name>buffered</param-name>

<param-value>1</param-value>

</init-param>

<init-param>

<param-name>debug</param-name>

<param-value>0</param-value>

</init-param>

<init-param>

<param-name>expires</param-name>

<param-value>666</param-value>

</init-param>

<init-param>

<param-name>isVirtualWebappRelative</param-name>

<param-value>1</param-value>

</init-param>

<load-on-startup>4</load-on-startup>

</servlet>

<!– The mapping for the default servlet –>

<servlet-mapping>

<servlet-name>default</servlet-name>

<url-pattern>/</url-pattern>

</servlet-mapping>

<!– The mapping for the invoker servlet –>

<!–

<servlet-mapping>

<servlet-name>invoker</servlet-name>

<url-pattern>/servlet/*</url-pattern>

</servlet-mapping>

–>

<!– The mapping for the JSP servlet –>

<servlet-mapping>

<servlet-name>jsp</servlet-name>

<url-pattern>*.jsp</url-pattern>

</servlet-mapping>

<servlet-mapping>

<servlet-name>jsp</servlet-name>

<url-pattern>*.jspx</url-pattern>

</servlet-mapping>

<!– The mapping for the SSI servlet –>

<servlet-mapping>

<servlet-name>ssi</servlet-name>

<url-pattern>*.shtml</url-pattern>

</servlet-mapping>

<!– The mapping for the CGI Gateway servlet –>

<!–

<servlet-mapping>

<servlet-name>cgi</servlet-name>

<url-pattern>/cgi-bin/*</url-pattern>

</servlet-mapping>

–>

<!– ==================== Default Session Configuration ================= –>

<!– You can set the default session timeout (in minutes) for all newly –>

<!– created sessions by modifying the value below. –>

<session-config>

<session-timeout>30</session-timeout>

</session-config>

<mime-mapping>

<extension>abs</extension>

<mime-type>audio/x-mpeg</mime-type>

</mime-mapping>

<mime-mapping>

<extension>ai</extension>

<mime-type>application/postscript</mime-type>

</mime-mapping>

<mime-mapping>

<extension>aif</extension>

<mime-type>audio/x-aiff</mime-type>

</mime-mapping>

<mime-mapping>

<extension>aifc</extension>

<mime-type>audio/x-aiff</mime-type>

</mime-mapping>

<mime-mapping>

<extension>aiff</extension>

<mime-type>audio/x-aiff</mime-type>

</mime-mapping>

<mime-mapping>

<extension>aim</extension>

<mime-type>application/x-aim</mime-type>

</mime-mapping>

<mime-mapping>

<extension>art</extension>

<mime-type>image/x-jg</mime-type>

</mime-mapping>

<mime-mapping>

<extension>asf</extension>

<mime-type>video/x-ms-asf</mime-type>

</mime-mapping>

<mime-mapping>

<extension>asx</extension>

<mime-type>video/x-ms-asf</mime-type>

</mime-mapping>

<mime-mapping>

<extension>au</extension>

<mime-type>audio/basic</mime-type>

</mime-mapping>

<mime-mapping>

<extension>avi</extension>

<mime-type>video/x-msvideo</mime-type>

</mime-mapping>

<mime-mapping>

<extension>avx</extension>

<mime-type>video/x-rad-screenplay</mime-type>

</mime-mapping>

<mime-mapping>

<extension>bcpio</extension>

<mime-type>application/x-bcpio</mime-type>

</mime-mapping>

<mime-mapping>

<extension>bin</extension>

<mime-type>application/octet-stream</mime-type>

</mime-mapping>

<mime-mapping>

<extension>bmp</extension>

<mime-type>image/bmp</mime-type>

</mime-mapping>

<mime-mapping>

<extension>body</extension>

<mime-type>text/html</mime-type>

</mime-mapping>

<mime-mapping>

<extension>cdf</extension>

<mime-type>application/x-cdf</mime-type>

</mime-mapping>

<mime-mapping>

<extension>cer</extension>

<mime-type>application/x-x509-ca-cert</mime-type>

</mime-mapping>

<mime-mapping>

<extension>class</extension>

<mime-type>application/java</mime-type>

</mime-mapping>

<mime-mapping>

<extension>cpio</extension>

<mime-type>application/x-cpio</mime-type>

</mime-mapping>

<mime-mapping>

<extension>csh</extension>

<mime-type>application/x-csh</mime-type>

</mime-mapping>

<mime-mapping>

<extension>css</extension>

<mime-type>text/css</mime-type>

</mime-mapping>

<mime-mapping>

<extension>dib</extension>

<mime-type>image/bmp</mime-type>

</mime-mapping>

<mime-mapping>

<extension>doc</extension>

<mime-type>application/msword</mime-type>

</mime-mapping>

<mime-mapping>

<extension>dtd</extension>

<mime-type>text/plain</mime-type>

</mime-mapping>

<mime-mapping>

<extension>dv</extension>

<mime-type>video/x-dv</mime-type>

</mime-mapping>

<mime-mapping>

<extension>dvi</extension>

<mime-type>application/x-dvi</mime-type>

</mime-mapping>

<mime-mapping>

<extension>eps</extension>

<mime-type>application/postscript</mime-type>

</mime-mapping>

<mime-mapping>

<extension>etx</extension>

<mime-type>text/x-setext</mime-type>

</mime-mapping>

<mime-mapping>

<extension>exe</extension>

<mime-type>application/octet-stream</mime-type>

</mime-mapping>

<mime-mapping>

<extension>gif</extension>

<mime-type>image/gif</mime-type>

</mime-mapping>

<mime-mapping>

<extension>gtar</extension>

<mime-type>application/x-gtar</mime-type>

</mime-mapping>

<mime-mapping>

<extension>gz</extension>

<mime-type>application/x-gzip</mime-type>

</mime-mapping>

<mime-mapping>

<extension>hdf</extension>

<mime-type>application/x-hdf</mime-type>

</mime-mapping>

<mime-mapping>

<extension>hqx</extension>

<mime-type>application/mac-binhex40</mime-type>

</mime-mapping>

<mime-mapping>

<extension>htc</extension>

<mime-type>text/x-component</mime-type>

</mime-mapping>

<mime-mapping>

<extension>htm</extension>

<mime-type>text/html</mime-type>

</mime-mapping>

<mime-mapping>

<extension>html</extension>

<mime-type>text/html</mime-type>

</mime-mapping>

<mime-mapping>

<extension>hqx</extension>

<mime-type>application/mac-binhex40</mime-type>

</mime-mapping>

<mime-mapping>

<extension>ief</extension>

<mime-type>image/ief</mime-type>

</mime-mapping>

<mime-mapping>

<extension>jad</extension>

<mime-type>text/vnd.sun.j2me.app-descriptor</mime-type>

</mime-mapping>

<mime-mapping>

<extension>jar</extension>

<mime-type>application/java-archive</mime-type>

</mime-mapping>

<mime-mapping>

<extension>java</extension>

<mime-type>text/plain</mime-type>

</mime-mapping>

<mime-mapping>

<extension>jnlp</extension>

<mime-type>application/x-java-jnlp-file</mime-type>

</mime-mapping>

<mime-mapping>

<extension>jpe</extension>

<mime-type>image/jpeg</mime-type>

</mime-mapping>

<mime-mapping>

<extension>jpeg</extension>

<mime-type>image/jpeg</mime-type>

</mime-mapping>

<mime-mapping>

<extension>jpg</extension>

<mime-type>image/jpeg</mime-type>

</mime-mapping>

<mime-mapping>

<extension>js</extension>

<mime-type>text/javascript</mime-type>

</mime-mapping>

<mime-mapping>

<extension>jsf</extension>

<extension>jsf</extension>

<mime-type>text/plain</mime-type>

</mime-mapping>

<mime-mapping>

<extension>jspf</extension>

<mime-type>text/plain</mime-type>

</mime-mapping>

<mime-mapping>

<extension>kar</extension>

<mime-type>audio/x-midi</mime-type>

</mime-mapping>

<mime-mapping>

<extension>latex</extension>

<mime-type>application/x-latex</mime-type>

</mime-mapping>

<mime-mapping>

<extension>m3u</extension>

<mime-type>audio/x-mpegurl</mime-type>

</mime-mapping>

<mime-mapping>

<extension>mac</extension>

<mime-type>image/x-macpaint</mime-type>

</mime-mapping>

<mime-mapping>

<extension>man</extension>

<mime-type>application/x-troff-man</mime-type>

</mime-mapping>

<mime-mapping>

<extension>me</extension>

<mime-type>application/x-troff-me</mime-type>

</mime-mapping>

<mime-mapping>

<extension>mid</extension>

<mime-type>audio/x-midi</mime-type>

</mime-mapping>

<mime-mapping>

<extension>midi</extension>

<mime-type>audio/x-midi</mime-type>

</mime-mapping>

<mime-mapping>

<extension>mif</extension>

<mime-type>application/x-mif</mime-type>

</mime-mapping>

<mime-mapping>

<extension>mov</extension>

<mime-type>video/quicktime</mime-type>

</mime-mapping>

<mime-mapping>

<extension>movie</extension>

<mime-type>video/x-sgi-movie</mime-type>

</mime-mapping>

<mime-mapping>

<extension>mp1</extension>

<mime-type>audio/x-mpeg</mime-type>

</mime-mapping>

<mime-mapping>

<extension>mp2</extension>

<mime-type>audio/x-mpeg</mime-type>

</mime-mapping>

<mime-mapping>

<extension>mp3</extension>

<mime-type>audio/x-mpeg</mime-type>

</mime-mapping>

<mime-mapping>

<extension>mpa</extension>

<mime-type>audio/x-mpeg</mime-type>

</mime-mapping>

<mime-mapping>

<extension>mpe</extension>

<mime-type>video/mpeg</mime-type>

</mime-mapping>

<mime-mapping>

<extension>mpeg</extension>

<mime-type>video/mpeg</mime-type>

</mime-mapping>

<mime-mapping>

<extension>mpega</extension>

<mime-type>audio/x-mpeg</mime-type>

</mime-mapping>

<mime-mapping>

<extension>mpg</extension>

<mime-type>video/mpeg</mime-type>

</mime-mapping>

<mime-mapping>

<extension>mpv2</extension>

<mime-type>video/mpeg2</mime-type>

</mime-mapping>

<mime-mapping>

<extension>ms</extension>

<mime-type>application/x-wais-source</mime-type>

</mime-mapping>

<mime-mapping>

<extension>nc</extension>

<mime-type>application/x-netcdf</mime-type>

</mime-mapping>

<mime-mapping>

<extension>oda</extension>

<mime-type>application/oda</mime-type>

</mime-mapping>

<mime-mapping>

<extension>pbm</extension>

<mime-type>image/x-portable-bitmap</mime-type>

</mime-mapping>

<mime-mapping>

<extension>pct</extension>

<mime-type>image/pict</mime-type>

</mime-mapping>

<mime-mapping>

<extension>pdf</extension>

<mime-type>application/pdf</mime-type>

</mime-mapping>

<mime-mapping>

<extension>pgm</extension>

<mime-type>image/x-portable-graymap</mime-type>

</mime-mapping>

<mime-mapping>

<extension>pic</extension>

<mime-type>image/pict</mime-type>

</mime-mapping>

<mime-mapping>

<extension>pict</extension>

<mime-type>image/pict</mime-type>

</mime-mapping>

<mime-mapping>

<extension>pls</extension>

<mime-type>audio/x-scpls</mime-type>

</mime-mapping>

<mime-mapping>

<extension>png</extension>

<mime-type>image/png</mime-type>

</mime-mapping>

<mime-mapping>

<extension>pnm</extension>

<mime-type>image/x-portable-anymap</mime-type>

</mime-mapping>

<mime-mapping>

<extension>pnt</extension>

<mime-type>image/x-macpaint</mime-type>

</mime-mapping>

<mime-mapping>

<extension>ppm</extension>

<mime-type>image/x-portable-pixmap</mime-type>

</mime-mapping>

<mime-mapping>

<extension>ppt</extension>

<mime-type>application/powerpoint</mime-type>

</mime-mapping>

<mime-mapping>

<extension>ps</extension>

<mime-type>application/postscript</mime-type>

</mime-mapping>

<mime-mapping>

<extension>psd</extension>

<mime-type>image/x-photoshop</mime-type>

</mime-mapping>

<mime-mapping>

<extension>qt</extension>

<mime-type>video/quicktime</mime-type>

</mime-mapping>

<mime-mapping>

<extension>qti</extension>

<mime-type>image/x-quicktime</mime-type>

</mime-mapping>

<mime-mapping>

<extension>qtif</extension>

<mime-type>image/x-quicktime</mime-type>

</mime-mapping>

<mime-mapping>

<extension>ras</extension>

<mime-type>image/x-cmu-raster</mime-type>

</mime-mapping>

<mime-mapping>

<extension>rgb</extension>

<mime-type>image/x-rgb</mime-type>

</mime-mapping>

<mime-mapping>

<extension>rm</extension>

<mime-type>application/vnd.rn-realmedia</mime-type>

</mime-mapping>

<mime-mapping>

<extension>roff</extension>

<mime-type>application/x-troff</mime-type>

</mime-mapping>

<mime-mapping>

<extension>rtf</extension>

<mime-type>application/rtf</mime-type>

</mime-mapping>

<mime-mapping>

<extension>rtx</extension>

<mime-type>text/richtext</mime-type>

</mime-mapping>

<mime-mapping>

<extension>sh</extension>

<mime-type>application/x-sh</mime-type>

</mime-mapping>

<mime-mapping>

<extension>shar</extension>

<mime-type>application/x-shar</mime-type>

</mime-mapping>

<mime-mapping>

<extension>smf</extension>

<mime-type>audio/x-midi</mime-type>

</mime-mapping>

<mime-mapping>

<extension>sit</extension>

<mime-type>application/x-stuffit</mime-type>

</mime-mapping>

<mime-mapping>

<extension>snd</extension>

<mime-type>audio/basic</mime-type>

</mime-mapping>

<mime-mapping>

<extension>src</extension>

<mime-type>application/x-wais-source</mime-type>

</mime-mapping>

<mime-mapping>

<extension>sv4cpio</extension>

<mime-type>application/x-sv4cpio</mime-type>

</mime-mapping>

<mime-mapping>

<extension>sv4crc</extension>

<mime-type>application/x-sv4crc</mime-type>

</mime-mapping>

<mime-mapping>

<extension>swf</extension>

<mime-type>application/x-shockwave-flash</mime-type>

</mime-mapping>

<mime-mapping>

<extension>t</extension>

<mime-type>application/x-troff</mime-type>

</mime-mapping>

<mime-mapping>

<extension>tar</extension>

<mime-type>application/x-tar</mime-type>

</mime-mapping>

<mime-mapping>

<extension>tcl</extension>

<mime-type>application/x-tcl</mime-type>

</mime-mapping>

<mime-mapping>

<extension>tex</extension>

<mime-type>application/x-tex</mime-type>

</mime-mapping>

<mime-mapping>

<extension>texi</extension>

<mime-type>application/x-texinfo</mime-type>

</mime-mapping>

<mime-mapping>

<extension>texinfo</extension>

<mime-type>application/x-texinfo</mime-type>

</mime-mapping>

<mime-mapping>

<extension>tif</extension>

<mime-type>image/tiff</mime-type>

</mime-mapping>

<mime-mapping>

<extension>tiff</extension>

<mime-type>image/tiff</mime-type>

</mime-mapping>

<mime-mapping>

<extension>tr</extension>

<mime-type>application/x-troff</mime-type>

</mime-mapping>

<mime-mapping>

<extension>tsv</extension>

<mime-type>text/tab-separated-values</mime-type>

</mime-mapping>

<mime-mapping>

<extension>txt</extension>

<mime-type>text/plain</mime-type>

</mime-mapping>

<mime-mapping>

<extension>ulw</extension>

<mime-type>audio/basic</mime-type>

</mime-mapping>

<mime-mapping>

<extension>ustar</extension>

<mime-type>application/x-ustar</mime-type>

</mime-mapping>

<mime-mapping>

<extension>xbm</extension>

<mime-type>image/x-xbitmap</mime-type>

</mime-mapping>

<mime-mapping>

<extension>xht</extension>

<mime-type>application/xhtml+xml</mime-type>

</mime-mapping>

<mime-mapping>

<extension>xhtml</extension>

<mime-type>application/xhtml+xml</mime-type>

</mime-mapping>

<mime-mapping>

<extension>xml</extension>

<mime-type>text/xml</mime-type>

</mime-mapping>

<mime-mapping>

<extension>xpm</extension>

<mime-type>image/x-xpixmap</mime-type>

</mime-mapping>

<mime-mapping>

<extension>xsl</extension>

<mime-type>text/xml</mime-type>

</mime-mapping>

<mime-mapping>

<extension>xwd</extension>

<mime-type>image/x-xwindowdump</mime-type>

</mime-mapping>

<mime-mapping>

<extension>wav</extension>

<mime-type>audio/x-wav</mime-type>

</mime-mapping>

<mime-mapping>

<extension>svg</extension>

<mime-type>image/svg+xml</mime-type>

</mime-mapping>

<mime-mapping>

<extension>svgz</extension>

<mime-type>image/svg+xml</mime-type>

</mime-mapping>

<mime-mapping>

<extension>vsd</extension>

<mime-type>application/x-visio</mime-type>

</mime-mapping>

<mime-mapping>

<!– Wireless Bitmap –>

<extension>wbmp</extension>

<mime-type>image/vnd.wap.wbmp</mime-type>

</mime-mapping>

<mime-mapping>

<!– WML Source –>

<extension>wml</extension>

<mime-type>text/vnd.wap.wml</mime-type>

</mime-mapping>

<mime-mapping>

<!– Compiled WML –>

<extension>wmlc</extension>

<mime-type>application/vnd.wap.wmlc</mime-type>

</mime-mapping>

<mime-mapping>

<!– WML Script Source –>

<extension>wmls</extension>

<mime-type>text/vnd.wap.wmlscript</mime-type>

</mime-mapping>

<mime-mapping>

<!– Compiled WML Script –>

<extension>wmlscriptc</extension>

<mime-type>application/vnd.wap.wmlscriptc</mime-type>

</mime-mapping>

<mime-mapping>

<extension>wrl</extension>

<mime-type>x-world/x-vrml</mime-type>

</mime-mapping>

<mime-mapping>

<extension>Z</extension>

<mime-type>application/x-compress</mime-type>

</mime-mapping>

<mime-mapping>

<extension>z</extension>

<mime-type>application/x-compress</mime-type>

</mime-mapping>

<mime-mapping>

<extension>zip</extension>

<mime-type>application/zip</mime-type>

</mime-mapping>

<!–you wish to include. –>

<welcome-file-list>

<welcome-file>index.html</welcome-file>

<welcome-file>index.htm</welcome-file>

<welcome-file>index.jsp</welcome-file>

</welcome-file-list>

<distributable/>

</web-app>

为使tomcat 解析*.shtml支持,按tomcat手册将servlets-ssi.renametojar改名。

另一个tomcat同样设置就可以了。

三。启动方法

启动顺序： apache (httpd) -> tomcat 1

-> tomcat 2

重启任意tomcat无需重启apache, 重启apache后无须重启tomcat.

四。测试方法

在tomcat1上的$CATLAIR/webapps/tomcat-docs/目录下编辑test.jsp文件

#vi test.jsp

<html>

<body bgcolor=”red”>

<center>

<%= request.getSession().getId() %>

<h1>Tomcat 1</h1>

</body>

</html>

在 tomcat2上的$CATLAIR/webapps/tomcat-docs/目录下编辑test.jsp文件

#vi test.jsp

<html>

<body bgcolor=”blue”>

<center>

<%= request.getSession().getId() %>

<h1>Tomcat 2</h1>

</body>

</html>

然后在测试机用图形浏览器访问apache 服务器的如下网址：

http://your_apache_ip/tomcat-docs/test.jsp

然后刷新，可以看到红蓝交错的出现分别显示“Tomcat 1″和“Tomcat 2″，但有字符串保持一致。

铭文龙羽

数据中心服务
Mysql 安装
下载mysql 二进制文件

连接www.mysql.com下载最新推荐版本的rpm包，下面以4.0.21版本为例。
安装mysql并将其添加入自启动脚本

#rpm -ivh MySQL-server-4.0.21-0.i386.rpm

#chkconfig –add mysql

#chkconfig mysql on

#rpm -ivh MySQL-client-4.0.21-0.i386.rpm

如果需要动态连接库，还要安装以下rpm包

MySQL-shared-compat-4.0.20-0.i386.rpm

如果需要开发基于此版本mysql的程序，还要安装以下rpm包

MySQL-devel-4.0.20-0.i386.rpm
Mysql 启动

启动mysql请使用RedHat 推荐方式

#service mysql start

关闭mysql请使用RedHat 推荐方式

#service mysql stop
Mysql 配置
一。设置mysql root密码

登录mysql所在服务器，登录mysql服务

#mysql -h localhost -u root

mysql>use mysql

mysql>update user set password=password(”new_pass”) where user=”root”;

mysql>flush privileges;
二。设置用户权限

登录mysql所在服务器，登录mysql服务

mysql>grant 权限1,权限2 on 数据库.* to 用户名@登录主机 identified by “密码“;

mysql>flush privileges;
三。设置my.cnf文件

MySQL服务器的许多参数会影响服务器的性能表现，而且我们可以把这些参数保存到配置文件，使得每次MySQL服务器启动时这些参数都自动发挥作用。这个配置文件就是my.cnf。

MySQL服务器提供了my.cnf文件的几个示例，它们可以在/usr/share/mysql/目录下找到，名字分别为my-small.cnf、my-medium.cnf、my-large.cnf、my-huge.cnf以及my-innodb-heavy-4G.cnf。文件名字中关于规模的说明描述了该配置文件适用的系统类型。例如，如果运行MySQL服务器的系统内存不多，而且MySQL只是偶尔使用，那么使用my-small.cnf配置文件最为理想，这个配置文件告诉mysqld daemon使用最少的系统资源。反之，如果MySQL服务器用于支持一个大规模的在线商场，系统拥有2G的内存，那么使用mysql-huge.cnf 最为合适。

我们的系统服务器基本为标准的Dell 1750或1850服务器，系统为双cup、2G内存。所以建议以my-huge.cnf为模板配置my.cnf文件

所有my.cnf中配置的参数都对MySQL服务器有着全局性的影响，但同时每一个参数都和MySQL的特定部分关系较为密切。例如，max_connections参数属于mysqld一类。

#vi /etc/my.cnf

# Example MySQL config file for very large systems.

#

# This is for a large system with memory of 1G-2G where the system runs mainly

# MySQL.

#

# You can copy this file to

# /etc/my.cnf to set global options,

# mysql-data-dir/my.cnf to set server-specific options (in this

# installation this directory is /var/lib/mysql) or

# ~/.my.cnf to set user-specific options.

#

# In this file, you can use all long options that a program supports.

# If you want to know which options a program supports, run the program

# with the “–help” option.

# The following options will be passed to all MySQL clients

[client]

#password = your_password

port = 3306

socket = /var/lib/mysql/mysql.sock

# Here follows entries for some specific programs

# The MySQL server

[mysqld]

port = 3306

socket = /var/lib/mysql/mysql.sock

skip-locking

key_buffer = 384M

max_allowed_packet = 1M

table_cache = 512

sort_buffer_size = 2M

read_buffer_size = 2M

myisam_sort_buffer_size = 64M

thread_cache = 8

query_cache_size = 32M

# Try number of CPU’s*2 for thread_concurrency

thread_concurrency = 4

# Don’t listen on a TCP/IP port at all. This can be a security enhancement,

# if all processes that need to connect to mysqld run on the same host.

# All interaction with mysqld must be made via Unix sockets or named pipes.

# Note that using this option without enabling named pipes on Windows

# (via the “enable-named-pipe” option) will render mysqld useless!

#

#skip-networking

# Replication Master Server (default)

# binary logging is required for replication

log-bin

# required unique id between 1 and 2^32 - 1

# defaults to 1 if master-host is not set

# but will not function as a master if omitted

server-id = 1

# Replication Slave (comment out master section to use this)

#

# To configure this host as a replication slave, you can choose between

# two methods :

#

# 1) Use the CHANGE MASTER TO command (fully described in our manual) -

# the syntax is:

#

# CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>,

# MASTER_USER=<user>, MASTER_PASSWORD=<password> ;

#

# where you replace <host>, <user>, <password> by quoted strings and

# <port> by the master’s port number (3306 by default).

#

# Example:

#

# CHANGE MASTER TO MASTER_HOST=’125.564.12.1′, MASTER_PORT=3306,

# MASTER_USER=’joe’, MASTER_PASSWORD=’secret’;

#

# OR

#

# 2) Set the variables below. However, in case you choose this method, then

# start replication for the first time (even unsuccessfully, for example

# if you mistyped the password in master-password and the slave fails to

# connect), the slave will create a master.info file, and any later

# change in this file to the variables’ values below will be ignored and

# overridden by the content of the master.info file, unless you shutdown

# the slave server, delete master.info and restart the slaver server.

# For that reason, you may want to leave the lines below untouched

# (commented) and instead use CHANGE MASTER TO (see above)

#

# required unique id between 2 and 2^32 - 1

# (and different from the master)

# defaults to 2 if master-host is set

# but will not function as a slave if omitted

#server-id = 2

#

# The replication master for this slave - required

#master-host = <hostname>

#

# The username the slave will use for authentication when connecting

# to the master - required

#master-user = <username>

#

# The password the slave will authenticate with when connecting to

# the master - required

#master-password = <password>

#

# The port the master is listening on.

# optional - defaults to 3306

#master-port = <port>

#

# binary logging - not required for slaves, but recommended

#log-bin

# Point the following paths to different dedicated disks

#tmpdir = /tmp/

#log-update = /path-to-dedicated-directory/hostname

# Uncomment the following if you are using BDB tables

#bdb_cache_size = 384M

#bdb_max_lock = 100000

# Uncomment the following if you are using InnoDB tables

#innodb_data_home_dir = /var/lib/mysql/

#innodb_data_file_path = ibdata1:2000M;ibdata2:10M:autoextend

#innodb_log_group_home_dir = /var/lib/mysql/

#innodb_log_arch_dir = /var/lib/mysql/

# You can set .._buffer_pool_size up to 50 - 80 %

# of RAM but beware of setting memory usage too high

#innodb_buffer_pool_size = 384M

#innodb_additional_mem_pool_size = 20M

# Set .._log_file_size to 25 % of buffer pool size

#innodb_log_file_size = 100M

#innodb_log_buffer_size = 8M

#innodb_flush_log_at_trx_commit = 1

#innodb_lock_wait_timeout = 50

[mysqldump]

quick

max_allowed_packet = 16M

[mysql]

no-auto-rehash

# Remove the next comment character if you are not familiar with SQL

#safe-updates

[isamchk]

key_buffer = 256M

sort_buffer_size = 256M

read_buffer = 2M

write_buffer = 2M

[myisamchk]

key_buffer = 256M

sort_buffer_size = 256M

read_buffer = 2M

write_buffer = 2M

[mysqlhotcopy]

interactive-timeout

铭文龙羽

文件共享
NFS文件系统安装

RedHat 系统默认会安装nfs系统，但nfs和portmap服务默认是不开启的，需要我们手工开启。

#chkconfig portmap on

#chkconfig nfs on

#service portmap start

#service nfs start

应用服务器配置
一。NFS简介

NFS-Network FileSystem的缩写，NFS是由Sun开发并发展起来的一项用于在不同机器，不同操作系统之间通过网络互相分享各自的文件。NFS server也可以看作是一个FILE SERVER,它可以让你的服务器通过网络将远端得NFS SERVER共享出来的档案MOUNT到自己的系统中，在CLIENT看来使用NFS的远端文件就象是在使用本地文件一样。

NFS协议从诞生到现在为止，已经有多个版本，如NFS V2（rfc1094）,NFS V3（rfc1813）（最新的版本是V4（rfc3010），RedHat 在其EL2.1 、EL3 和EL4版本中不支持NFS V4)
二、各NFS协议版本的主要区别

V3相对V2的主要区别：

1、文件尺寸

V2最大只支持32BIT的文件大小(4G),而NFS V3新增加了支持64BIT文件大小的技术。

2、文件传输尺寸

V3没有限定传输尺寸，V2最多只能设定为8k，可以使用-rsize and -wsize 来进行设定。

3、完整的信息返回

V3增加和完善了许多错误和成功信息的返回，对于服务器的设置和管理能带来很大好处。

4、增加了对TCP传输协议的支持

V2只提供了对UDP协议的支持，在一些高要求的网络环境中有很大限制，V3增加了对TCP协议的支持

*5、异步写入特性

6、改进了SERVER的mount性能

7、有更好的I/O WRITES 性能。

9、更强网络运行效能，使得网络运作更为有效。

10、更强的灾难恢复功能。

三。V3异步写入特性介绍

这是可选择的一种特性。NFS V3客户端发发送一个异步写入请求到服务器，在给客户端答复之前服务器并不是必须要将数据写入到存储器中（稳定的）。服务器能确定何时去写入数据或者将多个写入请求聚合到一起并加以处理，然后写入。客户端能保持一个数据的copy以防万一服务器不能完整的将数据写入。当客户端希望释放这个copy的时候，它会向服务器通过这个操作过程，以确保每个操作步骤的完整。异步写入能够使服务器去确定最好的同步数据的策略。使数据能尽可能的同步的提交何到达。与V2 比较来看，这样的机制能更好的实现数据缓冲和更多的平行（平衡）。而NFS V2的SERVER在将数据写入存储器之前不能再相应任何的写入请求。
四。RPC（Remote Procedure Call）

NFS本身没有提供信息传输的协议和功能，之所以能让我们通过网络进行资料的分享，是因为NFS使用了一些其它的传输协议–RPC,可以说NFS本身就是使用RPC的一个程序。或者说NFS也是一个RPC SERVER.所以只要用到NFS的地方都要启动RPC服务，不论是NFS SERVER或者NFS CLIENT。这样SERVER和CLIENT才能通过RPC来实现PROGRAM PORT的对应。可以这么理解RPC和NFS的关系：NFS是一个文件系统，而RPC是负责负责信息的传输。

这也就是为什么我们要启动portmap服务。

五。服务器端的设定

1.服务器端的设定都是在/etc/exports这个文件中进行设定的，设定格式如下：

/your/share/dir host1|ip1|domain1|ip/mask(option1，option2，…..）

可以设定的参数主要有以下这些：

rw：可读写的权限；

ro：只读的权限；

no_root_squash：登入到NFS主机的用户如果是ROOT用户，他就拥有ROOT的权限，此参数很不安全，建议不要使用。

root_squash：在登入 NFS 主机使用分享之目录的使用者如果是 root 时，那么这个使用者的权限将被压缩成为匿名使用者，通常他的 UID 与 GID 都会变成 nobody 那个身份；

all_squash：不管登陆NFS主机的用户是什么都会被重新设定为nobody。

anonuid：将登入NFS主机的用户都设定成指定的user id,此ID必须存在于/etc/passwd中。

anongid：同 anonuid ，但是變成 group ID 就是了！

sync：资料同步写入存储器中。

async：资料会先暂时存放在内存中，不会直接写入硬盘。

insecure 允许从这台机器过来的非授权访问。

例如可以编辑/etc/exports为：

/tmp　　　　　*(rw,no_root_squash)

/home/public　192.168.0.*(rw)　　 *(ro)

/home/test　　192.168.0.100(rw)

/home/linux　 *.the9.com(rw,all_squash,anonuid=40,anongid=40)

2. 设置nfs服务器只支持V3协议

#vi /etc/sysconfig/nfs

MOUNTD_NFS_V2=”no”

设定好后可以使用以下命令启动NFS:

#service portmap start

#service nfs start

修改/etc/exports并不需要重启nfs服务，只需要使用exportfs reload就可以了：

#exportfs -r
六。客户端设置

在客户端同样也需要起portmap和nfs服务器。

为使客户端在系统启动时就挂接nfs文件系统，应该把挂接项写入/etc/fstab。例如

#vi /etc/fstab

Nfserv:/show/dir /locale/dir nfs option1,option2,.. 0 0
具体介绍可用参数：

rsize和wsize：

文件传输尺寸设定：V3没有限定传输尺寸，V2最多只能设定为8k，可以使用-rsize and -wsize 来进行设定。这两个参数的设定对于NFS的执行效能有较大的影响

bg：在执行mount时如果无法顺利mount上时，系统会将mount的操作转移到后台并继续尝试mount，直到mount成功为止。（通常在设定/etc/fstab文件时都应该使用bg，以避免可能的mount不上而影响启动速度）

fg：和bg正好相反，是默认的参数

nfsvers＝n:设定要使用的NFS版本，默认是使用2，这个选项的设定还要取决于server端是否支持NFS VER 3

mountport：设定mount的端口

port：根据server端export出的端口设定，例如如果server使用5555端口输出NFS,那客户端就需要使用这个参数进行同样的设定

timeo=n:设置超时时间，当数据传输遇到问题时，会根据这个参数尝试进行重新传输。默认值是7/10妙（0.7秒）。如果网络连接不是很稳定的话就要加大这个数值，并且推荐使用HARD MOUNT方式，同时最好也加上INTR参数，这样你就可以终止任何挂起的文件访问。

intr 允许通知中断一个NFS调用。当服务器没有应答需要放弃的时候有用处。

udp：使用udp作为nfs的传输协议（NFS V2只支持UDP)

tcp：使用tcp作为nfs的传输协议

namlen=n：设定远程服务器所允许的最长文件名。这个值的默认是255

acregmin=n：设定最小的在文件更新之前cache时间，默认是3

acregmax=n：设定最大的在文件更新之前cache时间，默认是60

acdirmin=n：设定最小的在目录更新之前cache时间，默认是30

acdirmax=n：设定最大的在目录更新之前cache时间，默认是60

actimeo=n：将acregmin、acregmax、acdirmin、acdirmax设定为同一个数值，默认是没有启用。

retry=n：设定当网络传输出现故障的时候，尝试重新连接多少时间后不再尝试。默认的数值是10000 minutes

noac:关闭cache机制。

同时使用多个参数的方法：mount -t nfs -o timeo=3,udp,hard 192.168.0.30:/tmp /nfs

请注意，NFS客户机和服务器的选项并不一定完全相同，而且有的时候会有冲突。比如说服务器以只读的方式导出，客户端却以可写的方式mount,虽然可以成功mount上，但尝试写入的时候就会发生错误。一般服务器和客户端配置冲突的时候，会以服务器的配置为准。

建议参数为： rsize=16384,wsize=16384,nfsvers=3,bg,intr,udp,rw

安全控制
NFS的不安全性主要体现

1、NFS的访问控制机制难于做到得心应手,控制目标的精确性难以实现

2、NFS没有真正的用户验证机制,而只有对RPC/Mount请求的过程验证机制

3、较早的NFS可以使未授权用户获得有效的文件句柄

4、在RPC远程调用中,一个SUID的程序就具有超级用户权限.

加强NFS安全

1、合理的设定/etc/exports中共享出去的目录，最好能使用anonuid，anongid以使MOUNT到NFS SERVER的CLIENT仅仅有最小的权限，最好不要使用root_squash。

2、使用IPTABLE防火墙限制能够连接到NFS SERVER的机器范围

iptables -A INPUT -i eth0 -p TCP -s !192.168.0.0/24 –dport 111 -j DROP

iptables -A INPUT -i eth0 -p UDP -s !192.168.0.0/24 –dport 111 -j DROP

3、为了防止可能的Dos攻击，需要合理设定NFSD 的COPY数目。

4、修改/etc/hosts.allow和/etc/hosts.deny达到限制CLIENT的目的

/etc/hosts.allow

portmap: 192.168.0.0/255.255.255.0

/etc/hosts.deny

portmap: ALL

网站架构华人社区其宗旨是为系统架构师，系统进阶管理者服务，增进系统架构与技术交流，我们期望大家在这一社区获得最大程度的技术成长与积累。

有任何疑问或建议请联系webmaster: admin {at} enissue.com
同时也希望你能积极参与协作，共享技术精华.
注册帐号或将文章发至如下Mail: khan.chan {at} enissue.com