手头有一台遗留的Web站点,使用LAMP和Nodejs技术架构的展示站点。因为技术栈老旧,还是使用17年左右的野生部署脚本编译安装的,后期维护困难较大,所以需要做一下迁移。原始版本是使用CentOS 7.9以及PHP 7.3.13、MySQL 5.7、NodeJS 16,部署于本地虚拟化系统。因为外网访问量不大,但又是必须对外展示的一部分,所以就由本地虚机向阿里云主机迁移。规划数据库使用RDS,搭配ECS(RockyLinux 9.5 )和CDN来使用。

这里就记录一下迁移的部署方式,以作备案。

2024.09 北京·延庆·航空工业博物馆

环境准备

System

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# 开启网络BBR模块
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p

# 打开连接数限制
echo "* hard nofile 64000" >> /etc/security/limits.conf
echo "* soft nofile 64000" >> /etc/security/limits.conf
echo "root hard nofile 64000" >> /etc/security/limits.conf
echo "root soft nofile 64000" >> /etc/security/limits.conf

# 配置vimrc
cat >> ~/.vimrc <<EOF
set autoindent
set nobackup
set tabstop=2
set shiftwidth=2
set softtabstop=2
set expandtab
set number
set ruler
set nocompatible
set syntax=on
set noeb
EOF

# 系统更新
dnf update -y
dnf install -y wget curl zip unzip vim mailx mlocate telnet bash-completion 
dnf install -y epel-release
dnf install -y htop tree lrzsz unzip
dnf install -y device-mapper-persistent-data lvm2 psmisc net-tools
dnf install -y mysql unzip mlocate
dnf install -y bind-utils python3-dnf-plugin-versionlock
dnf remove -y podman*
updatedb

# 配置防火墙
systemctl enable --now firewalld.service 
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-prot={8010/tcp,8080/tcp}
firewall-cmd --reload

MySQL

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 这里使用阿里的RDS,需要在阿里云上配置RDS的版本、数据库、访问用户和访问白名单
# 导出数据库
[root@sites]mysqldump --skip-lock-tables -uexample -p db_example >~/mysql.sql
# 将原有数据库导入RDS
[root@Web ~]# mysql -uexample -hrm-example.mysql.rds.aliyuncs.com -p
Enter password: 
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| db_example         |
| mysql              |
+--------------------+
3 rows in set (0.00 sec)

mysql> use db_examples;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> source /root/mysql.sql;

中间件环境

Httpd

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# 安装Apache
dnf install -y httpd

# 修改模块配置,让Apache运行在8080端口
sed -i 's/#LoadModule mpm_prefork_module/LoadModule mpm_prefork_module/g' /etc/httpd/conf.modules.d/00-mpm.conf 
sed -i 's/LoadModule mpm_event_module/#LoadModule mpm_event_module/g' /etc/httpd/conf.modules.d/00-mpm.conf
sed -i 's/#LoadModule heartmonitor_module/LoadModule heartmonitor_module/g' /etc/httpd/conf.modules.d/00-optional.conf
sed -i 's/LoadModule/#LoadModule/g' /etc/httpd/conf.modules.d/10-proxy_h2.conf
sed -i 's/LoadModule/#LoadModule/g' /etc/httpd/conf.modules.d/10-h2.conf
sed -i 's/80/8080/g' /etc/httpd/conf/httpd.conf
sed -i 's/index.html/index.php/g' /etc/httpd/conf/httpd.conf

cat >> /etc/httpd/conf/httpd.conf <<EOF
ServerName apiweb
EOF

cat >> /etc/httpd/conf.d/php.conf <<EOF
AddType application/x-httpd-php .php
EOF

cat > /etc/httpd/conf.d/localapi.conf <<EOF
<VirtualHost *:8080>
    ServerAdmin sujx@live.cn
    ServerName api.example.com
    DocumentRoot "/var/www/html/public"
    
    ErrorLog /var/log/httpd/api.example-error.log
    CustomLog /var/log/httpd/api.example-access.log combined
    
    <Directory "/var/www/html/public">
        Options -Indexes +FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

</VirtualHost>
EOF

systemctl daemon-reload
systemctl enable --now httpd

PHP

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# 安装PHP,由于原始PHP站点使用7.3版本,尽量不涉及大版本升级
dnf install -y http://rpms.remirepo.net/enterprise/remi-release-9.rpm
dnf module enable php:remi-7.4
dnf install -y php php-fpm php-cli
dnf install -y php-xmlrpc php-intl
dnf install -y php-{mysqlnd,curl,gd,mcrypt,json,pear,common,xml,ftp,opcache,zip,xsl,soap,bcmath,mbstring,gettext,imagick}

systemctl daemon-reload
systemctl enable --now php-fpm

# 安装memcached
dnf install -y memcached php-memcached php-pecl-memcache
systemctl enable --now memcached

# 安装Redis
dnf install -y redis php-phpiredis php-componere php-pecl-redis6
systemctl enable --now redis

# 重启PHP
systemctl restart php-fpm httpd
netstat -tlnp

Nginx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# 安装Nginx
cat > /etc/yum.repos.d/nginx.repo <<EOF
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF

dnf update -y
dnf install -y nginx

# 准备SSL证书和配置
mkdir /etc/nginx/ssl
touch /etc/nginx/ssl/ssld.conf
cat > /etc/nginx/ssl/ssld.conf <<EOF
ssl_certificate			/etc/nginx/ssl/fullchain-example.com.pem;
ssl_certificate_key		/etc/nginx/ssl/certkey-example.pem;
ssl_prefer_server_ciphers	on;
ssl_protocols			TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers			HIGH:!aNULL:!MD5;
add_header 			X-Frame-Options DENY;
add_header 			X-Content-Type-Options nosniff;
add_header 			X-Xss-Protection 1;

gzip on;
gzip_types text/plain text/css application/javascript application/xml application/json;
gzip_proxied any;
gzip_comp_level 5;
gzip_min_length 1k;
EOF

cat > /etc/nginx/conf.d/example.conf <<EOF
server {
   listen 80;
   server_name  www.example.com;
   return 301 https://www.example.com$request_uri;
}

server {
    listen 443 ssl;
    include /etc/nginx/ssl/ssld.conf;

    location / {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:8010;

        proxy_set_header  Host                $http_host;
        proxy_set_header  X-Real-IP           $remote_addr;
        proxy_set_header  X-Forwarded-Ssl     on;
        proxy_set_header  X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto   $scheme;
        proxy_set_header  X-Frame-Options     SAMEORIGIN;

        client_max_body_size        100m;
        client_body_buffer_size     128k;

        proxy_buffer_size           4k;
        proxy_buffers               4 32k;
        proxy_busy_buffers_size     64k;
        proxy_temp_file_write_size  64k;
    }
}
EOF

systemctl enable --now nginx

Nodejs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# 安装Nodejs
cd ~
curl -sL https://rpm.nodesource.com/setup_18.x -o nodesource_setup.sh

cat > /etc/systemd/system/nodejs.service << EOF
[Unit]
Description=NodeJS Server

[Service]
Restart=always
User=root
Group=root
Environment=PORT=8010
Environment=PATH=/usr/bin:/usr/local/bin
Environment=NODE_ENV=production
WorkingDirectory=/var/www/express/
ExecStart=/usr/bin/node ./bin/www
StandarOutput=syslog
StandarError=syslog
SyslogIdentifier=nodejs

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable --now nodejs

站点配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# 将备份站点程序复制到指定位置
cp -r ~/api/* /var/www/html/
chown -R apache:apache /var/www/html
cp -r ~/express /var/www/

# 将PHP程序的短写修复为正常模式
find /var/www/html -type f -name "*.php" -exec perl -pi -e 's/<\?(?!php)/<?php/g' {} \;

# 修改站点程序的MySQL配置
vim /var/www/html/src/YY/Config/app.php
# 修改API连接Node的配置
vim /var/www/express/config.js

# 重启服务器
sync
ldconfig
systemctl reboot

收尾检查

1
2
3
4
5
6
7
8
# 清理升级后的内核
dnf remove -y --oldinstallonly --setopt installonly_limt=1 kernel

# 检查服务运行状态
netstat -tlnp
tail -f -n 45 /var/logs/httpd/api-example.log

# 经业务部门检查之后,再配置CDN