#!/bin/bash # 集群节点自动切换 # Define the list of IP addresses ipListGroupDdoss=( 10.1.1.3 10.1.1.7 10.1.1.2 ) # home qinshi work phone ipListGroupEisc=( 10.1.1.13 10.1.1.8 10.1.1.10) # qinshi home work phone ipList=${ipListGroupDdoss[*]} failCount=0 failFlag=0 failMaxFlag=0 successCount=0 successMaxFlag=0 failMaxCount=3 # 稳定 5 次pin successMaxCount=3 # 稳定 5 次pin i=0 configDIR(){ if [ `id -un` != "root" ] then sudoc="sudo" else sudoc="" fi wwwconf=/datadisk/eisc/wwwconf/ $sudoc mkdir -p $wwwconf ; $sudoc rm -rf $wwwconf/* xiangmuName=( www work sou enchantment guzheng zhoubao gcc xibin mail ) peizhi=" ddoss.cn $ip 62000" # HOME } autoSSL() { $sudoc apt install snapd -y $sudoc systemctl enable --now snapd.socket $sudoc snap install core $sudoc snap refresh core $sudoc snap install --classic certbot $sudoc ln -s /var/lib/snapd/snap /snap $sudoc snap install --classic certbot $sudoc ln -s /snap/bin/certbot /usr/bin/certbot $sudoc certbot certonly --nginx # 只获取证书 } nginxMoude() { httpWeb80=" server{ listen 80; server_name "$url"; location / { proxy_pass http://$ip:$b; # proxy_pass http://$url$request_uri; # test 研究后缀地址没有跟上参数 #---- 记录 IP 地址 ----# # 开启文件浏览,不能记录ip,否则 出现 端口被加上 proxy_redirect off; proxy_set_header Host \$http_host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; } } " httpsWeb443=" server{ listen 443 ssl; server_name "$url"; ssl_certificate /etc/letsencrypt/live/$url/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/$url/privkey.pem; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_pass https://$ip:$b ; #---- 记录 IP 地址 ----# proxy_redirect off; proxy_set_header Host \$http_host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; } } " } create_www_conf(){ echo "案例: eisc.cn 0.0.0.0 62000" # read -p " 请输入三个参数:" peizhi buff=( $peizhi ) yuming=${buff[0]} # 前端域名,增加到nginx 消息头部 ip=${buff[1]} # 后端服务器ip portmin=${buff[2]} portmin=$[portmin-1] # 设置最小端口,后面网站按照顺序自动加1 declare -A port port["www"]="62010" port["work"]="62011" port["sou"]="62012" port["enchantment"]="62013" port["guzheng"]="62014" port["zhoubao"]="62015" port["gcc"]="62016" port["xibin"]="62100" port["mail"]="80" cd $wwwconf; sudo chmod 777 -R $wwwconf $wwwconf/* if [ ! -e eiscwwwconf.tar.gz ] then $sudoc tar -czvf eiscwwwconf.tar.gz * $sudoc rm -rf `ls | grep -v eiscwwwconf.tar.gz` fi $sudoc rm -rf `ls | grep -v eiscwwwconf.tar.gz` # file=(`ls $www | grep -vE "ssl|wwwconf|wwwroot|*.sh"`) file=${xiangmuName[*]} for i in ${file[*]} do manualConfigFlag=0 ((a++)) b=$[portmin+a] ; portlist[$c]=$b ; ((c++)) # 打印一次变量,接收一个元素存入数组: portlist if [ ! -e $www/$i/cgi-bin ] then sudo mkdir $www/$i/cgi-bin fi case $i in "www") b=${port[www]} ; httpsFlag=1 ; echo "#------- www 被手动指定固定端口 $b -------#" ;; "work") b=${port[work]} ; httpsFlag=0 ; echo "#------- work 被手动指定固定端口 $b -------#" ;; "sou") b=${port[sou]} ; httpsFlag=0 ; echo "#------- sou 被手动指定固定端口 $b -------#";; "enchantment") b=${port[enchantment]} ; httpsFlag=0 ; echo "#------- enchantment 被手动指定固定端口 $b -------#";; "guzheng") b=${port[guzheng]} ; httpsFlag=0 ; echo "#------- guzheng 被手动指定固定端口 $b -------#";; "zhoubao") b=${port[zhoubao]} ; httpsFlag=0 ; echo "#------- zhoubao 被手动指定固定端口 $b -------#";; "gcc") b=${port[gcc]} ; httpsFlag=0 ; echo "#------- zhoubao 被手动指定固定端口 $b -------#";; "xibin") b=${port[xibin]} ; httpsFlag=0 ; echo "#------- xibin 被手动指定固定端口 $b -------#";; "mail") b=${port[mail]} ; httpsFlag=1 ; echo "#------- xibin 被手动指定固定端口 $b -------#";; esac echo " $i 创建web网站 的端口: $b 前端域名 + $i.$yuming + 后端ip port + $ip:$b + c++ cgi 解析目录: $i/cgi-bin" echo " $i 创建web网站 的端口: $b 前端域名 + $i.$yuming + 后端ip port + $ip:$b + c++ cgi 解析目录: $i/cgi-bin" >> log_www_conf.txt #--------- 生成前端转发 子站点文件 -----------# $sudoc mkdir -p $wwwconf/nginxzhuanfa ; $sudoc chmod 777 $wwwconf/nginxzhuanfa url=$i.$yuming confPath=$wwwconf/nginxzhuanfa/$i-$b.conf if [ "$i" = "www" ] then manualConfigFlag=1 #--- 修改 http 模块 ---# url="$yuming $i.$yuming" ; echo "#----------------------------------#"; echo $url nginxMoude echo "$httpWeb80" > $confPath NR=`cat -n $confPath | grep proxy_pass | grep -vE "https|test" | awk -F" " '{print $1}'` ; echo $NR sed -i " $NR a return 301 https://$i.$yuming; " $confPath sed -i " $NR d " $confPath sed -i "/proxy_set_header/d" $confPath sed -i "/proxy_redirect/d" $confPath #--- https ---# url="$yuming" nginxMoude echo "$httpsWeb443" >> $confPath NR=`cat -n $confPath | grep proxy_pass | grep "https" | awk -F" " '{print $1}'` ; echo $NR ; sed -i " $NR a return 301 https://$i.$yuming; " $confPath sed -i " $NR d " $confPath sed -i "/proxy_set_header/d" $confPath sed -i "/proxy_redirect/d" $confPath #--- www https ---# url="$i.$yuming" nginxMoude echo "$httpsWeb443" >> $confPath NR=`cat -n $confPath | grep proxy_pass | grep "https" | awk -F" " '{print $1}'` ; echo $NR ; sed -i "$NR s/https/http/g " $confPath cat $confPath fi if [ $manualConfigFlag = "0" ]; then nginxMoude if [ "$httpsFlag" = "1" ] ;then echo -e "$httpWeb80" > $confPath echo -e "$httpsWeb443" >> $confPath else echo -e "$httpWeb80" > $confPath fi # httpsFlag 优先级高; echo -e 保持换行格式 fi if [ "$i" = "mail" ] then NR=`cat -n $confPath | grep proxy_pass | grep -v test | grep "https" | awk -F" " '{print $1}'` ; echo $NR sed -i " $NR a return 301 https://$url; " $confPath sed -i " $NR d " $confPath fi #---------- 端口对端口 ----------# $sudoc mkdir -p $wwwconf/portconf ; $sudoc chmod 777 $wwwconf/portconf echo " server{ listen $b; location / { proxy_pass http://$ip:$b; #---- 记录 IP 地址 ----# # proxy_redirect off; # proxy_set_header Host \$http_host; # proxy_set_header X-Real-IP \$remote_addr; # proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; } } " > $wwwconf/portconf/$i-$b.conf if [ "$i" = "www" ] then echo " server{ listen $b; location / { proxy_pass http://$ip:$b; } } " > $wwwconf/portconf/$i-$b.conf fi if [ "$i" = "gcc" ] then echo " server{ listen $b; location / { proxy_pass http://$ip:$b; } } " > $wwwconf/portconf/$i-$b.conf fi #---------- 后端转发子站点 ----------# echo " server { listen $b; root $www/$i; index index.php index.html index.htm index; add_header 'yuming is ' '$i.$yuming'; add_header 'ipport is ' '$ip:$b'; location ~ \.php { # fastcgi_pass unix:/var/run/php-fpm811.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; include fastcgi_params; } location /cgi-bin { fastcgi_pass unix:/var/run/fcgiwrap.socket; include fastcgi.conf; } } " > $wwwconf/$b.$i.conf done echo "[ok]创建网站日志存放在: $wwwconf/log_www_conf.txt" echo "[ok]前端转发 nginx 子文件目录: $wwwconf/nginxzhuanfa" } MainNginxconf() { echo "[ok] 通讯正常,正在切换到节点 ip= $ip" ; sleep 5 configDIR create_www_conf /etc/init.d/shell/pytcp.py sudo nginx -s reload } # Main function main() { local initFlag=1 while true; do for ip in ${ipList[*]} do failCount=0 successCount=0 for((;;)) do ping -c1 -W2 $ip | grep from > /dev/null if [ $? -ne 0 ]; then # 0 正常; -ne 不等于0; ping -c1 发 1 个包, -W2 延时为 2 秒 failFlag=1 else failFlag=0 sleep 0.2 fi echo "Checking network status for $ip failFlag=$failFlag failCount=$failCount successMaxFlag=$successMaxFlag successCount=$successCount" if [ $failFlag -eq 1 ]; then ((failCount++)) fi if [ $failFlag -eq 0 ]; then ((successCount++)) fi if [ $failCount -gt $failMaxCount ]; then failMaxFlag=1 successCount=0 successMaxFlag=0 break else failMaxFlag=0 fi if [ $successCount -gt $successMaxCount ]; then successMaxFlag=1; failCount=0 failMaxFlag=0 break else successMaxFlag=0; fi done if [ $successCount -gt $successMaxCount ]; then break fi done if [ $successMaxFlag -eq 1 ];then MainNginxconf fi done } main # 一键下载: wget ddoss.cn/file/ubuntu/shell/server/grouphost.sh
Powered by ddoss.cn 12.0
©2015 - 2024 ddoss
渝公网安备50011302222260号 渝ICP备2024035333号 【实验平台安全承诺书】 小绿叶技术社区,优化网络中,点击查看配置信息
您的IP:192.168.122.82,2024-10-10 19:08:53,Processed in 0.02215 second(s).