视频系统架构搭建文档 工作中部署视频电影架构。写个文档记录下。按照最低部署,后期流量上去了对应扩容就行
架构需要准备5台服务器,我用的微软云服务器 分别是
1台网关服务器,微软内网ip 172.19.16.10
1台部署Jar包服务器,微软内网ip 172.19.0.10
1台数据库服务器,微软内网ip 172.19.0.14
1台视频存储服务器 线下机房公网ip 142.4.10.65
1台图片存储服务器。 微软内网ip 172.19.16.15
如果需要开启app下载功能。还得部署一台视频下载服务器。
架构工作流程,APP视频软件通过app访问域名(网关服务器),进入到,==》Jar服务器,通过Jar包接口配置的数据库接口进行查询。包括对应的视频播放地址,和图片存放地址。
相关对应的域名: 网关域名 txdy78.tv 播放域名 fybofang.com 图片域名 txtupian.com 视频分享域名 txfx.tv
视频系统后台管理域名 txadminav.com
1. 部署网关服务器 首先基础的linux相关环境搭建好。我这里主要写下nginx相关配置文档
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 #我设置的配置文件目录 ls查看 /software/站点配置文件 db gateway-common gateway.conf share.conf ssl cat gateway.conf limit_req_zone $binary_remote_addr zone=mylimit:100 m rate=1 r/s; # 后端jar服务器地址接口 upstream bg-admin1 { server 172 .19 .0 .10 :8081 ; #server 10 .170 .15 .220 :8081 ; 后期需要加负载直接添加就行 } upstream bg-app1 { server 172 .19 .0 .10 :8082 ; #server 10 .170 .15 .220 :8082 ; } server { listen 80 ; server_name txdy78.tv www.txdy78.tv; # 具体代理配置 include /software/站点配置文件/gateway-common/common.conf; } server { listen 888 ssl http2; server_name txdy78.tv www.txdy78.tv; # SSL ssl_certificate /software/域名证书/txdy78.tv/txdy78.tv_chain.crt; ssl_certificate_key /software/域名证书/txdy78.tv/txdy78.tv_key.key; # security include /software/站点配置文件/ssl/ssl.conf; # 具体代理配置 include /software/站点配置文件/gateway-common/common.conf; }
gateway-common/common.conf 配置内容
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 cat gateway-common/common.conf # . files location ~ /\.(?!well-known) { deny all; } # favicon.ico location = /favicon.ico { log_not_found off; access_log off; } # restrict methods if ($request_method !~ ^(GET|POST|PUT|PATCH|DELETE|HEAD|CONNECT|OPTIONS|TRACE)$) { return '405 '; } # CORS location / { add_header Access-Control-Allow-Origin '*'; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'; add_header Access-Control-Allow-Headers 'content-type ,token,version,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If -Modified-Since,Cache-Control,Content-Type ,Authorization'; if ($request_method = 'OPTIONS') { return 204 ; } } location =/ { default_type text/plain; echo "ok"; } # 后台管理 location /videomanager { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300 ; proxy_http_version 1 .1 ; proxy_set_header Connection ""; proxy_pass http://bg-admin1; proxy_next_upstream error timeout http_500 http_502 http_503 http_504 non_idempotent; } # 支付接口服务器 location /videosite/pay/ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300 ; proxy_http_version 1 .1 ; proxy_set_header Connection ""; proxy_pass http://43 .154 .58 .46 :8082 ; #支付接口服务器 } # 限流 location /videosite/video/get/play-info { limit_req zone=mylimit burst=5 nodelay; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300 ; proxy_http_version 1 .1 ; proxy_set_header Connection ""; proxy_pass http://bg-app1; proxy_next_upstream error timeout http_500 http_502 http_503 http_504 non_idempotent; } # APP后台 location /videosite { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://bg-app1; proxy_connect_timeout 300 ; proxy_http_version 1 .1 ; proxy_set_header Connection ""; proxy_next_upstream error timeout http_500 http_502 http_503 http_504 non_idempotent; }
ssl/ssl.conf配置内容
里面的/etc/nginx/conf/dhparam.pem 文件直接本地通过命令生成即可
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 openssl dhparam -out /etc/nginx/conf/dhparam.pem 2048 #生成dhparam.pem文件 cat ssl/ssl.conf # SSL ssl_session_timeout 1 d; ssl_session_cache shared:SSL:10 m; ssl_session_tickets off; # Diffie-Hellman parameter for DHE ciphersuites ssl_dhparam /etc/nginx/conf/dhparam.pem; # Mozilla Intermediate configuration ssl_protocols TLSv1.2 TLSv1.3 ; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; # OCSP Stapling ssl_stapling on; ssl_stapling_verify on; resolver 1 .1 .1 .1 1 .0 .0 .1 8 .8 .8 .8 8 .8 .4 .4 208 .67 .222 .222 208 .67 .220 .220 valid=60 s; resolver_timeout 2 s; # security headers add_header X-XSS-Protection "1 ; mode =block" always; add_header X-Content-Type -Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always; add_header Permissions-Policy "interest-cohort=()" always; # HSTS #add_header Strict-Transport-Security "max-age=31536000 ; includeSubDomains; preload" always; # . files location ~ /\.(?!well-known) { deny all; }
db/db.conf配置内容
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 stream { # Logging log_format main '[$time_local] $protocol $remote_addr ' '$status $bytes_sent $bytes_received ' '$session_time "$upstream_addr" "$upstream_bytes_sent" ' '"$upstream_bytes_received" "$upstream_connect_time"'; access_log logs/tcp-access.log main; error_log logs/tcp-error.log; upstream mysql { server 172.19.0.14:3368 weight=1; } upstream redis { server 172.19.0.14:6380 weight=1; } server { listen 3368; proxy_connect_timeout 3s; proxy_pass mysql; } server { listen 6380; proxy_connect_timeout 3s; proxy_pass redis; } }
share.conf 分享域名配置文件内容
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 cat share.conf server { listen 80 ; server_name txfx.tv www.txfx.tv; location / { return 301 https://txfx.tv:88 $request_uri; } } server { listen 443 ssl http2; listen 88 ssl http2; server_name txfx.tv www.txfx.tv; root /software/share; default_type text/html; # SSL ssl_certificate /software/域名证书/txfx.tv/txfx.tv_chain.crt; ssl_certificate_key /software/域名证书/txfx.tv/txfx.tv_key.key; # security include /software/站点配置文件/ssl/ssl.conf; # index.html fallback location / { try_files $uri $uri/ /proc.html?u=$uri; } location /redirect { content_by_lua_block { if not ngx.var.arg_u then ngx.redirect("/"); end local http = require "resty.http"; local httpc = http.new(); local res, err = httpc:request_uri("http://txdy78.tv/videosite/short-link/getShortLink2/"..ngx.var.arg_u); if not res then ngx.log(ngx.ERR, "not res:" .. err); ngx.exit (ngx.ERROR); end if 200 ~= res.status then ngx.exit (res.status); end local json = require("cjson.safe"); local t = json.decode(res.body); if not t or t.data == json.null or not t.data.longs then ngx.exit (404 ); end ngx.redirect("https://tx888.tv/?"..t.data.longs); } } }
分享家目录内容 /software/share
1 2 3 4 ls /software/share/ index.html proc.html qq.html wx.html 里面的具体内容请参考我另外的文章 https://yc6.cool /2021/07/31/nginx %E5 %88%A4 %E6 %96%AD %E5 %BE %AE %E4 %BF %A1 %E7 %AB %AF %E8 %B7 %B3 %E8 %BD %AC %E4 %B8 %8D %E5 %90%8C %E9 %A1 %B5 %E9 %9D %A2 /
2. 部署Jar服务器。 这台服务器首先需要部署docker环境以及docker-compose
基础搭建环境我这里就不详细写文档了。主要写下部署文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 vim docker-compose.yml version: "3" services: site: build: ./video_site container_name: video_site tty: true restart: always network_mode: "host" volumes: - /etc/localtime:/etc/localtime - /var/log/video-box:/var/log/video-box logging: driver: "json-file" options: max-file: "20" max-size: "10G" manager: build: ./video_manager container_name: video_manager tty: true restart: always network_mode: "host" volumes: - /etc/localtime:/etc/localtime - /var/log/video-box:/var/log/video-box logging: driver: "json-file" options: max-file: "20" max-size: "10G"
部署运行命令
1 2 docker-compose up -d --build #运行 docker-compose down #停止
视频系统的后台管理也是部署这台。配文件内容是
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 cat manager.conf # txadminav.com server { listen 443 ssl http2; server_name txadminav.com; root /software/admin; # SSL ssl_certificate /software/域名证书/txadminav.com/txadminav.com_chain.crt; ssl_certificate_key /software/域名证书/txadminav.com/txadminav.com_key.key; # security headers add_header X-XSS-Protection "1 ; mode =block" always; add_header X-Content-Type -Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always; add_header Permissions-Policy "interest-cohort=()" always; add_header Strict-Transport-Security "max-age=31536000 ; includeSubDomains" always; # . files location ~ /\.(?!well-known) { deny all; } # index.html fallback location / { try_files $uri $uri/ /index.html; } # reverse proxy location /apis/ { proxy_pass http://www.txdy78.tv/; proxy_http_version 1 .1 ; proxy_cache_bypass $http_upgrade; # Proxy headers proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Forwarded $proxy_add_forwarded; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; # Proxy timeouts proxy_connect_timeout 60 s; proxy_send_timeout 60 s; proxy_read_timeout 120 s; } # favicon.ico location = /favicon.ico { log_not_found off; access_log off; } # robots.txt location = /robots.txt { log_not_found off; access_log off; } # assets, media location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ { expires 7 d; access_log off; } # svg, fonts location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ { add_header Access-Control-Allow-Origin "*"; expires 7 d; access_log off; } } # HTTP redirect server { listen 80 ; server_name txadminav.com; return 301 https://txadminav.com$request_uri; }
3. 数据库服务器部署 首先也是搭建好docker环境,redis数据库通过docker部署就行了
1 2 docker run --name redis --restart=unless-stopped -v /etc/localtime:/etc/localtime:ro -v redis-data:/data -v redis-conf:/etc/redis -p 6380 :6379 -d redis:6 .2 .6 redis-server --appendonly yes --requirepass "wuji..!@#redis..#@! abc"
mysql数据直接在服务器搭建就好了。具体搭建文档请参考我之前的文章
1 2 #文章地址 https://yc6.cool /2020/08/03/mysql %E5 %9F %BA %E7 %A1 %80/
4. 部署视频存储系统和图片存储系统 部署这两台服务器。我都是通过fdfs文件系统部署的。
1 2 具体部署的详细步骤,参考我以前的文章 https://yc6.cool/2020/08/04/FastdFS%E9%83%A8%E7%BD%B2%E8%AF%A6%E8%A7%A3/
下面是更新后的fdfs部署文档
FastDFS部署 一、安装依赖 1 yum install git gcc gcc-c++ make automake autoconf libtool pcre pcre-devel zlib zlib-devel openssl-devel wget vim ncurses-devel libevent-devel -y
二、安装FastDFS 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 mkdir /data/fdfs/{storage,client,tracker}/{data,logs} -p mkdir /fdfs cd /fdfsgit clone https://github.com/happyfish100/fastdfs git clone https://github.com/happyfish100/libfastcommon cd /fdfs/libfastcommon ./make.sh && ./make.sh install cd /fdfs/fastdfs./make.sh && ./make.sh install ./setup.sh /etc/fdfs/ systemctl daemon-reload
1、配置Tracker
编辑配置文件
vim /etc/fdfs/tracker.conf
1 2 3 base_path=/home/yuqing/fastdfs reserved_storage_space = 20% use_storage_id = false
修改storage_ids.conf
vim /etc/fdfs/storage_ids.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 100001 group1 116.202.174.78 100002 group1 192.168.0.197
配置开机自启
systemctl enable fdfs_trackerd
启动trakcer
systemctl start fdfs_trackerd
查看tracker日志
tailf /data/fdfs/tracker/logs/trackerd.log
配置openresty
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 mkdir /software/站点配置文件/ -p cat <<EOF >/software/站点配置文件/fdfs.conf upstream fdfs_group1 { server 47.56.185.141:8888 weight=1 max_fails=2 fail_timeout=30s; } server { listen 80; server_name 47.75.70.29; add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' ; add_header Access-Control-Allow-Headers 'content-type,token,version,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization' ; if (\$request_method = 'OPTIONS' ) { return 204; } location /group1/M00 { proxy_next_upstream http_502 http_504 error timeout invalid_header; proxy_pass http://fdfs_group1; expires 30d; } } EOF openresty -s reload
2、配置Storage
编辑配置文件
vim /etc/fdfs/storage.conf
主要配置以下几项
1 2 3 4 5 group_name=group1 base_path=/home/yuqing/fastdfs store_path0=/home/yuqing/fastdfs tracker_server=192.168.209.121:22122 tracker_server=192.168.209.122:22122
编译安装openresty及fastdfs-nginx-module
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 cd /fdfsgit clone https://github.com/happyfish100/fastdfs-nginx-module git clone https://github.com/google/ngx_brotli cd ngx_brotli && git submodule update --initcd /fdfswget https://openresty.org/download/openresty-1.19.9.1.tar.gz tar xf openresty-1.19.9.1.tar.gz cd openresty-1.19.9.1/./configure --prefix=/usr/local /openresty --with-pcre-jit --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_v2_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module --with-http_realip_module --with-http_addition_module --with-http_auth_request_module --with-http_secure_link_module --with-http_random_index_module --with-http_gzip_static_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-threads --with-http_ssl_module --with-compat --add-module=/fdfs/fastdfs-nginx-module/src --add-module=/fdfs/ngx_brotli gmake && gmake install systemctl restart openresty
配置开机自启
systemctl enable fdfs_storaged
启动storage
systemctl start fdfs_storaged
查看storage日志
tailf /data/fdfs/storage/logs/storaged.log
配置mod_fastdfs.conf
cp /fdfs/fastdfs-nginx-module/src/mod_fastdfs.conf /etc/fdfs/
vim /etc/fdfs/mod_fastdfs.conf
主要配置以下几项
1 2 3 4 5 tracker_server=tracker:22122 group_name=group1 url_have_group_name = false store_path0=/home/yuqing/fastdfs response_mode=proxy
修改mime.types
1 2 video/mp2t ts application/vnd.apple.mpegurl m3u8
配置openresty
1 2 3 4 5 6 7 8 9 10 11 mkdir /software/站点配置文件/ -p cat <<EOF >/software/站点配置文件/fdfs.conf server { listen 8888; server_name 47.56.185.141; location /group1/M00 { ngx_fastdfs_module; } } EOF openresty -s reload
3、配置client vim /etc/fdfs/client.conf
主要配置以下几项
1 2 3 base_path=/home/yuqing/fastdfs tracker_server=192.168.209.121:22122 tracker_server=192.168.209.122:22122
三、测试 1、查看FastDFS集群状态 fdfs_monitor /etc/fdfs/client.conf
2、上传文件测试 1 2 [root@Tracker ~]$ fdfs_upload_file /etc/fdfs/client.conf /fdfs/fastdfs/README_zh.md group1/M00/00/00/Lzi5jV3hBsGAB4RaAAAGpOD9zYI2054.md
若返回 fid 则上传成功
3、文件访问测试 使用浏览器访问http://<storage ip>:8888/group1/M00/00/00/Lzi5jV3hBsGAB4RaAAAGpOD9zYI2054.md若能正常下载,即集群正常工作。
视频存储服务器搭建好后交给专门上传视频的人员进行上传。
