Loading

Nginx反向代理+keepalived

环境两台LB(nginx)、两台web(nginx/apache都行)

安装httpd

web01

[root@web01 /]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]

[root@web01 /]# yum -y install httpd
[root@web01 /]# vim /etc/httpd/conf/httpd.conf 
Servername 127.0.0.1
[root@web01 /]# echo "web01_192.168.119.130" > /var/www/html/index.html
[root@web01 /]# /etc/init.d/httpd start
Starting httpd:                                            [  OK  ]
[root@web01 /]# curl 192.168.119.130
web01_192.168.119.130

web02

 

[root@web02 /]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
[root@web02 /]# yum -y install httpd
[root@web02 /]# vim /etc/httpd/conf/httpd.conf
ServerName 127.0.0.1
[root@web02 /]# echo "web02_192.168.119.131" > /var/www/html/index.html
[root@web02 /]# /etc/init.d/httpd start
Starting httpd:                                            [  OK  ]
[root@web02 /]# curl 192.168.119.131
web02_192.168.119.131

 

两台LB

lb01和lb02配置相同

环境准备

[root@lb01 /]# yum -y install pcre pcre-devel openssl openssl-devel gcc gcc-c++

 

下载软件

[root@lb01 /]# wget http://nginx.org/download/nginx-1.6.3.tar.gz

 

解压、配置、编译、安装

[root@lb01 conf]# useradd nginx -s /sbin/nologin -M
[root@lb01 /]# tar zxvf nginx-1.6.3.tar.gz [root@lb01 /]# cd nginx-1.6.3

[root@lb01 nginx-1.6.3]# ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_modul
[root@lb01 nginx-1.6.3]# make && make install
[root@lb01 nginx-1.6.3]# ln -s /usr/local/nginx/sbin/* /usr/local/sbin/
[root@lb01 nginx-1.6.3]# cd /usr/local/nginx/conf/
[root@lb01 conf]# ll nginx.conf nginx.conf.default 
-rw-r--r--. 1 root root 2656 Sep 26 06:33 nginx.conf
-rw-r--r--. 1 root root 2656 Sep 26 06:33 nginx.conf.default
[root@lb01 conf]# egrep -v "#|^$" nginx.conf.default >nginx.conf
[root@lb01 conf]# vim nginx.conf
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
upstream web_pools {
    server 192.168.119.130:80 weight=5;
    server 192.168.119.131:80 weight=5;

}
    server {
        listen       80;
        server_name  localhost;
        location / {
            root   html;
            index  index.html index.htm;
        proxy_pass http://web_pools;
        include  proxy.conf;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}

[root@lb01 conf]# cat proxy.conf 
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4K;
proxy_buffers 3 32K;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

 启动nginx

[root@lb01 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@lb01 conf]# nginx
[root@lb01 conf]# netstat -anpt | grep nginx
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      3751/nginx        

 

[root@lb01 conf]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.119.128 www.test.com

 测试

[root@lb01 conf]# curl www.test.com
web02_192.168.119.131
[root@lb01 conf]# curl www.test.com
web01_192.168.119.130
[root@lb01 conf]# curl www.test.com
web02_192.168.119.131
[root@lb01 conf]# curl www.test.com
web01_192.168.119.130
[root@lb01 conf]# curl www.test.com
web02_192.168.119.131

 

lb02配置与lb01相同步骤略、直接测试

[root@lb02 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@lb02 conf]# nginx

[root@lb02 conf]# echo "192.168.119.129 www.test.com" >> /etc/hosts
[root@lb02 conf]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.119.129 www.test.com

[root@lb02 conf]# curl www.test.com
web01_192.168.119.130
[root@lb02 conf]# curl www.test.com
web02_192.168.119.131
[root@lb02 conf]# curl www.test.com
web01_192.168.119.130
[root@lb02 conf]# curl www.test.com
web02_192.168.119.131
[root@lb02 conf]# curl www.test.com
web01_192.168.119.130

 

两台LB安装都已完成

 

在两台LB上安装keepalived

环境配置

LB01和LB02配置相同

[root@lb01 /]# yum -y install kernel-devel

 

 做个软连接  用tab键补全2.6.32-642.6.2.el6.x86_64

[root@lb01 /]# ln -s /usr/src/kernels/2.6.32-642.4.2.el6.x86_64/ /usr/src/linux
[root@lb01 /]# ll /usr/src/
total 8
drwxr-xr-x. 2 root root 4096 Sep 23  2011 debug
drwxr-xr-x. 3 root root 4096 Sep 26 07:16 kernels
lrwxrwxrwx. 1 root root   43 Sep 26 07:17 linux -> /usr/src/kernels/2.6.32-642.4.2.el6.x86_64/

下载软件

[root@lb01 /]# wget http://www.keepalived.org/software/keepalived-1.2.16.tar.gz
--2016-09-26 06:44:40--  http://www.keepalived.org/software/keepalived-1.2.16.tar.gz
Resolving www.keepalived.org... 37.59.63.157, 2001:41d0:8:7a9d::1
Connecting to www.keepalived.org|37.59.63.157|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 346920 (339K) [application/x-gzip]
Saving to: “keepalived-1.2.16.tar.gz”

100%[=================================================>] 346,920     7.96K/s   in 2m 30s  

2016-09-26 06:47:14 (2.27 KB/s) - “keepalived-1.2.16.tar.gz” saved [346920/346920]


[root@lb01 /]# ll keepalived-1.2.16.tar.gz 
-rw-r--r--. 1 root root 346920 Mar 31  2015 keepalived-1.2.16.tar.gz

 

 

解压、配置、编译、安装

[root@lb01 /]# tar zxvf keepalived-1.2.16.tar.gz
[root@lb01 /]# cd keepalived-1.2.16
[root@lb01 keepalived-1.2.16]# ./configure 
Keepalived configuration
------------------------
Keepalived version       : 1.2.16
Compiler                 : gcc
Compiler flags           : -g -O2
Extra Lib                : -lssl -lcrypto -lcrypt 
Use IPVS Framework       : Yes
IPVS sync daemon support : Yes
IPVS use libnl           : No
fwmark socket support    : Yes
Use VRRP Framework       : Yes
Use VRRP VMAC            : Yes
SNMP support             : No
SHA1 support             : No
Use Debug flags          : No

[root@lb01 keepalived-1.2.16]# make && make install

 

配置规范启动

[root@lb01 keepalived-1.2.16]# cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/      #生成启动脚本
[root@lb01 keepalived-1.2.16]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/   #配置启动脚本的参数
[root@lb01 keepalived-1.2.16]# mkdir /etc/keepalived   #创建默认的keepalived配置文件路径
[root@lb01 keepalived-1.2.16]# cp /usr/local/etc/keepalived/keepalived.conf  /etc/keepalived/   #把keepalived.conf模板拷贝到/etckeepalived下
[root@lb01 keepalived-1.2.16]# cp /usr/local/sbin/keepalived /usr/sbin/
[root@lb01 keepalived-1.2.16]# /etc/init.d/keepalived start
Starting keepalived:                                       [  OK  ]
[root@lb01 keepalived-1.2.16]# ps -ef | grep keep
root      3490     1  0 11:36 ?        00:00:00 keepalived -D
root      3492  3490  0 11:36 ?        00:00:00 keepalived -D
root      3493  3490  0 11:36 ?        00:00:00 keepalived -D
root      3496  1537  0 11:36 pts/0    00:00:00 grep keep
[root@lb01 keepalived-1.2.16]# /etc/init.d/keepalived stop
Stopping keepalived:                                       [  OK  ]

修改配置文件

先备份一个配置文件

lb01配置文件

[root@lb01 keepalived-1.2.16]# cd /etc/keepalived/
[root@lb01 keepalived]# cp keepalived.conf keepalived.conf.bak
[root@lb01 keepalived]# vim keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_01
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.119.150/24
    }
}

lb02配置文件

[root@lb02 keepalived-1.2.16]# cd /etc/keepalived/
[root@lb02 keepalived]# cp keepalived.conf keepalived.conf.bak
[root@lb02 keepalived]# vim keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_02
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.119.150/24
    }
}

启动keepalived

[root@lb01 keepalived]# /etc/init.d/keepalived start
Starting keepalived:                                       [  OK  ]
[root@lb02 keepalived]# /etc/init.d/keepalived start
Starting keepalived:                                       [  OK  ]

 

在master(lb01)查看虚拟IP(192.168.119.150)

提示:使用ifconfig是查不到的;使用 ip add查询

[root@lb01 keepalived]# ip add | grep 192.168.119.150
    inet 192.168.119.150/24 scope global secondary eth0
[root@lb01 keepalived]# 

 

在backup(lb02)查看(没有虚拟IP)

[root@lb02 keepalived]# ip add | grep 192.168.119.150

 

把master的keepalived服务down、虚拟IP就会自动切换到backup

[root@lb01 keepalived]# /etc/init.d/keepalived stop
Stopping keepalived:                                       [  OK  ]
[root@lb01 keepalived]# ip add | grep 192.168.119.150
[root@lb01 keepalived]# 

 

backup查询

[root@lb02 keepalived]# ip add | grep 192.168.119.150
[root@lb02 keepalived]# ip add | grep 192.168.119.150
[root@lb02 keepalived]# ip add | grep 192.168.119.150
[root@lb02 keepalived]# ip add | grep 192.168.119.150
[root@lb02 keepalived]# ip add | grep 192.168.119.150
    inet 192.168.119.150/24 scope global secondary eth0
[root@lb02 keepalived]# ip add | grep 192.168.119.150
    inet 192.168.119.150/24 scope global secondary eth0

 

当master的keepalived服务启动时、虚拟IP会自动从backup切回到master

 

测试web是否正常

[root@lb01 keepalived]# curl 192.168.119.150
web01_192.168.119.130
[root@lb01 keepalived]# curl 192.168.119.150
web02_192.168.119.131
[root@lb01 keepalived]# curl 192.168.119.150
web01_192.168.119.130
[root@lb01 keepalived]# curl 192.168.119.150
web02_192.168.119.131
[root@lb01 keepalived]# curl 192.168.119.150
web01_192.168.119.130
[root@lb01 keepalived]# curl 192.168.119.150
web02_192.168.119.131
[root@lb01 keepalived]# curl 192.168.119.150
web01_192.168.119.130

 

 

posted @ 2016-11-17 17:24  KubeSec  阅读(1017)  评论(1编辑  收藏  举报