#!/bin/bash
echo "
小绿叶技术博客--中央集成--外层公共能源控制系统--集群网络节点控制--主驱动
1.集群节点自动切换,2.自动生成nginx配置文件
"
# Define the list of IP addresses
ipListGroupDdoss=( 10.1.1.2 10.1.1.6 10.1.1.8 )
# home qinshi work phone
ipListGroupEisc=( 10.1.1.13 10.1.1.8 10.1.1.10)
# qinshi home work phone
historyHostIP=0.0.0.0 ; historyHostIPFlag=0;
ipList=${ipListGroupDdoss[*]}
failCount=0
failFlag=0
failMaxFlag=0
successCount=0
successMaxFlag=0
failMaxCount=3 # 稳定 5 次pin
successMaxCount=3 # 稳定 5 次pin
i=0
configDIR(){
if [ `id -un` != "root" ]
then
sudoc="sudo"
else
sudoc=""
fi
wwwconf=/datadisk/eisc/wwwconf/
$sudoc mkdir -p $wwwconf ; $sudoc rm -rf $wwwconf/*
xiangmuName=(
www work sou yundun guzheng zhoubao gcc xibin ai docker mail
)
peizhi=" ddoss.cn $ip 62000" # HOME
}
autoSSL()
{
$sudoc apt install snapd -y
$sudoc systemctl enable --now snapd.socket
$sudoc snap install core
$sudoc snap refresh core
$sudoc snap install --classic certbot
$sudoc ln -s /var/lib/snapd/snap /snap
$sudoc snap install --classic certbot
$sudoc ln -s /snap/bin/certbot /usr/bin/certbot
$sudoc certbot certonly --nginx
# 只获取证书
}
nginxMoude()
{
httpWeb80="
server{
listen 80;
server_name "$url";
location / {
proxy_pass http://$ip:$b;
# proxy_pass http://$url$request_uri; # test 研究后缀地址没有跟上参数
#---- 记录 IP 地址 ----#
# 开启文件浏览,不能记录ip,否则 出现 端口被加上
proxy_redirect off;
proxy_set_header Host \$http_host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
"
httpWeb301="
server{
listen 80;
server_name "$url";
location / {
return 301 https://$i.$yuming\$request_uri;
# 301 需要加参数 $request_uri
}
}
"
httpsWeb301="
server{
listen 443 ssl;
server_name "$url";
ssl_certificate /etc/letsencrypt/live/$url/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$url/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
return 301 https://$i.$yuming\$request_uri;
# 301 需要加参数 $request_uri
}
}
"
httpsWeb443="
server{
listen 443 ssl;
server_name "$url";
ssl_certificate /etc/letsencrypt/live/$url/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$url/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://$ip:$b ;
#---- 记录 IP 地址 ----#
proxy_redirect off;
proxy_set_header Host \$http_host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
"
}
create_www_conf(){
echo "案例: eisc.cn 0.0.0.0 62000"
# read -p " 请输入三个参数:" peizhi
buff=( $peizhi )
yuming=${buff[0]}
# 前端域名,增加到nginx 消息头部
ip=${buff[1]}
# 后端服务器ip
portmin=${buff[2]}
portmin=$[portmin-1]
# 设置最小端口,后面网站按照顺序自动加1
declare -A port
port["www"]="62010"
port["work"]="62011"
port["sou"]="62012"
port["yundun"]="62013"
port["guzheng"]="62014"
port["zhoubao"]="62015"
port["gcc"]="62016"
port["ai"]="62018"
port["docker"]="62019"
port["mail"]="62020"
cd $wwwconf; sudo chmod 777 -R $wwwconf $wwwconf/*
if [ ! -e eiscwwwconf.tar.gz ]
then
$sudoc tar -czvf eiscwwwconf.tar.gz *
$sudoc rm -rf `ls | grep -v eiscwwwconf.tar.gz`
fi
$sudoc rm -rf `ls | grep -v eiscwwwconf.tar.gz`
# file=(`ls $www | grep -vE "ssl|wwwconf|wwwroot|*.sh"`)
file=${xiangmuName[*]}
for i in ${file[*]}
do
manualConfigFlag=0
((a++))
b=$[portmin+a] ; portlist[$c]=$b ; ((c++))
# 打印一次变量,接收一个元素存入数组: portlist
if [ ! -e $www/$i/cgi-bin ]
then
sudo mkdir $www/$i/cgi-bin
fi
case $i in
"www") b=${port[www]} ; httpsFlag=1 ; echo "#------- www 被手动指定固定端口 $b -------#" ;;
"work") b=${port[work]} ; httpsFlag=0 ; echo "#------- work 被手动指定固定端口 $b -------#" ;;
"sou") b=${port[sou]} ; httpsFlag=0 ; echo "#------- sou 被手动指定固定端口 $b -------#";;
"yundun") b=${port[yundun]} ; httpsFlag=0 ; echo "#------- yundun 被手动指定固定端口 $b -------#";;
"guzheng") b=${port[guzheng]} ; httpsFlag=0 ; echo "#------- guzheng 被手动指定固定端口 $b -------#";;
"zhoubao") b=${port[zhoubao]} ; httpsFlag=0 ; echo "#------- zhoubao 被手动指定固定端口 $b -------#";;
"gcc") b=${port[gcc]} ; httpsFlag=0 ; echo "#------- zhoubao 被手动指定固定端口 $b -------#";;
"ai") b=${port[ai]} ; httpsFlag=0 ; echo "#------- xibin 被手动指定固定端口 $b -------#";;
"docker") b=${port[docker]} ; httpsFlag=0 ; echo "#------- xibin 被手动指定固定端口 $b -------#";;
"mail") b=${port[mail]} ; httpsFlag=1 ; echo "#------- xibin 被手动指定固定端口 $b -------#";;
esac
echo " $i 创建web网站 的端口: $b 前端域名 + $i.$yuming + 后端ip port + $ip:$b + c++ cgi 解析目录: $i/cgi-bin"
echo " $i 创建web网站 的端口: $b 前端域名 + $i.$yuming + 后端ip port + $ip:$b + c++ cgi 解析目录: $i/cgi-bin" >> log_www_conf.txt
#--------- 生成前端转发 子站点文件 -----------#
$sudoc mkdir -p $wwwconf/nginxzhuanfa ; $sudoc chmod 777 $wwwconf/nginxzhuanfa
url=$i.$yuming
confPath=$wwwconf/nginxzhuanfa/$i-$b.conf
if [ "$i" = "www" ];then
manualConfigFlag=1
#--- 修改 http 模块 ---#
url="$yuming $i.$yuming"
nginxMoude
echo "$httpWeb80" > $confPath
#--- 根域名 https 301 ---#
url="$yuming"
nginxMoude
echo "$httpsWeb301">> $confPath
#--- www https ---#
url="$i.$yuming"
nginxMoude
echo "$httpsWeb443" >> $confPath
fi
#--- 除了 有两个域名外,走通用配置 ---#
if [ $manualConfigFlag = "0" ]; then
nginxMoude
if [ "$httpsFlag" = "1" ] ;then
echo -e "$httpWeb301" > $confPath
echo -e "$httpsWeb443" >> $confPath
# 一般情况ssl 配置流程: http 301 > https 结束
else
echo -e "$httpWeb80" > $confPath
fi
# httpsFlag 优先级高; echo -e 保持换行格式
fi
#---------- 端口对端口 ----------#
$sudoc mkdir -p $wwwconf/portconf ; $sudoc chmod 777 $wwwconf/portconf
echo "
server{
listen $b;
location / {
proxy_pass http://$ip:$b;
#---- 记录 IP 地址 ----#
# proxy_redirect off;
# proxy_set_header Host \$http_host;
# proxy_set_header X-Real-IP \$remote_addr;
# proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
" > $wwwconf/portconf/$i-$b.conf
if [ "$i" = "www" ]
then
echo "
server{
listen $b;
location / {
proxy_pass http://$ip:$b;
}
}
" > $wwwconf/portconf/$i-$b.conf
fi
if [ "$i" = "gcc" ]
then
echo "
server{
listen $b;
location / {
proxy_pass http://$ip:$b;
}
}
" > $wwwconf/portconf/$i-$b.conf
fi
#---------- 后端转发子站点 ----------#
echo "
server {
listen $b;
root $www/$i;
index index.php index.html index.htm index;
add_header 'yuming is ' '$i.$yuming';
add_header 'ipport is ' '$ip:$b';
location ~ \.php {
# fastcgi_pass unix:/var/run/php-fpm811.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
include fastcgi_params;
}
location /cgi-bin {
fastcgi_pass unix:/var/run/fcgiwrap.socket;
include fastcgi.conf;
}
}
" > $wwwconf/$b.$i.conf
done
echo "[ok]创建网站日志存放在: $wwwconf/log_www_conf.txt" ; sleep 0.2
echo "[ok]前端转发 nginx 子文件目录: $wwwconf/nginxzhuanfa" ; sleep 0.2
echo "[running] 正在查看自动生成的 nginx 子站点配置文件" ; sleep 0.5 ; cat $wwwconf/nginxzhuanfa/www-62010.conf
echo "[running] 正在查看 www 站点配置文件" ;
}
MainNginxconf()
{
echo "[ok] 通讯正常,正在切换到节点 ip= $ip" ;
configDIR
create_www_conf
/etc/init.d/shell/pytcp.py $ip
sudo nginx -s reload
}
# Main function
main() {
local initFlag=1
while true; do
for ip in ${ipList[*]}
do
failCount=0
successCount=0
failMaxCount=3 # 失败3次
for((;;))
do
ping -c1 -W2 $ip | grep from > /dev/null
if [ $? -ne 0 ]; then # 0 正常; -ne 不等于0; ping -c1 发 1 个包, -W1 延时为 1 秒
failFlag=1
((failCount++))
else
failFlag=0
failCount=0
failMaxFlag=0
break
fi
if [ "$failCount" -gt $failMaxCount ]; then
failMaxFlag=1
break
fi
done
if [ "$failMaxFlag" == "0" ]; then
break
fi
done
if [ $failMaxFlag -eq 0 ];then
if [ "$ip" != "$historyHostIP" ];then
echo "[warring] 当前节点 $historyHostIP 网络故障 或者由于优先级原因自动往前切换节点,正在切换节点到 $ip" ; sleep 3
historyHostIP=$ip
else
historyHostIPFlag=1
echo "网络正常,但是ip没有变化,没有切换到下一个节点,还是当前节点。退出下面自动生成作业。"
continue
fi
MainNginxconf
fi
done
}
main
# 一键下载: wget ddoss.cn/file/ubuntu/shell/server/daili/grouphost-daili.sh -O grouphost-daili.sh ; sudo chmod +x grouphost-daili.sh ; ./grouphost-daili.sh
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。