Nginx反向代理+keepalived
环境两台LB(nginx)、两台web(nginx/apache都行)
安装httpd
web01
[root@web01 /]# /etc/init.d/iptables stop iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] [root@web01 /]# yum -y install httpd [root@web01 /]# vim /etc/httpd/conf/httpd.conf Servername 127.0.0.1 [root@web01 /]# echo "web01_192.168.119.130" > /var/www/html/index.html [root@web01 /]# /etc/init.d/httpd start Starting httpd: [ OK ] [root@web01 /]# curl 192.168.119.130 web01_192.168.119.130
web02
[root@web02 /]# /etc/init.d/iptables stop iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] [root@web02 /]# yum -y install httpd [root@web02 /]# vim /etc/httpd/conf/httpd.conf ServerName 127.0.0.1 [root@web02 /]# echo "web02_192.168.119.131" > /var/www/html/index.html [root@web02 /]# /etc/init.d/httpd start Starting httpd: [ OK ] [root@web02 /]# curl 192.168.119.131 web02_192.168.119.131
两台LB
lb01和lb02配置相同
环境准备
[root@lb01 /]# yum -y install pcre pcre-devel openssl openssl-devel gcc gcc-c++
下载软件
[root@lb01 /]# wget http://nginx.org/download/nginx-1.6.3.tar.gz
解压、配置、编译、安装
[root@lb01 conf]# useradd nginx -s /sbin/nologin -M
[root@lb01 /]# tar zxvf nginx-1.6.3.tar.gz [root@lb01 /]# cd nginx-1.6.3
[root@lb01 nginx-1.6.3]# ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_modul
[root@lb01 nginx-1.6.3]# make && make install [root@lb01 nginx-1.6.3]# ln -s /usr/local/nginx/sbin/* /usr/local/sbin/ [root@lb01 nginx-1.6.3]# cd /usr/local/nginx/conf/ [root@lb01 conf]# ll nginx.conf nginx.conf.default -rw-r--r--. 1 root root 2656 Sep 26 06:33 nginx.conf -rw-r--r--. 1 root root 2656 Sep 26 06:33 nginx.conf.default [root@lb01 conf]# egrep -v "#|^$" nginx.conf.default >nginx.conf [root@lb01 conf]# vim nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; upstream web_pools { server 192.168.119.130:80 weight=5; server 192.168.119.131:80 weight=5; } server { listen 80; server_name localhost; location / { root html; index index.html index.htm; proxy_pass http://web_pools; include proxy.conf; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } } [root@lb01 conf]# cat proxy.conf proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4K; proxy_buffers 3 32K; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k;
启动nginx
[root@lb01 conf]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@lb01 conf]# nginx [root@lb01 conf]# netstat -anpt | grep nginx tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3751/nginx
[root@lb01 conf]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.119.128 www.test.com
测试
[root@lb01 conf]# curl www.test.com web02_192.168.119.131 [root@lb01 conf]# curl www.test.com web01_192.168.119.130 [root@lb01 conf]# curl www.test.com web02_192.168.119.131 [root@lb01 conf]# curl www.test.com web01_192.168.119.130 [root@lb01 conf]# curl www.test.com web02_192.168.119.131
lb02配置与lb01相同步骤略、直接测试
[root@lb02 conf]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@lb02 conf]# nginx [root@lb02 conf]# echo "192.168.119.129 www.test.com" >> /etc/hosts [root@lb02 conf]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.119.129 www.test.com [root@lb02 conf]# curl www.test.com web01_192.168.119.130 [root@lb02 conf]# curl www.test.com web02_192.168.119.131 [root@lb02 conf]# curl www.test.com web01_192.168.119.130 [root@lb02 conf]# curl www.test.com web02_192.168.119.131 [root@lb02 conf]# curl www.test.com web01_192.168.119.130
两台LB安装都已完成
在两台LB上安装keepalived
环境配置
LB01和LB02配置相同
[root@lb01 /]# yum -y install kernel-devel
做个软连接 用tab键补全2.6.32-642.6.2.el6.x86_64
[root@lb01 /]# ln -s /usr/src/kernels/2.6.32-642.4.2.el6.x86_64/ /usr/src/linux [root@lb01 /]# ll /usr/src/ total 8 drwxr-xr-x. 2 root root 4096 Sep 23 2011 debug drwxr-xr-x. 3 root root 4096 Sep 26 07:16 kernels lrwxrwxrwx. 1 root root 43 Sep 26 07:17 linux -> /usr/src/kernels/2.6.32-642.4.2.el6.x86_64/
下载软件
[root@lb01 /]# wget http://www.keepalived.org/software/keepalived-1.2.16.tar.gz --2016-09-26 06:44:40-- http://www.keepalived.org/software/keepalived-1.2.16.tar.gz Resolving www.keepalived.org... 37.59.63.157, 2001:41d0:8:7a9d::1 Connecting to www.keepalived.org|37.59.63.157|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 346920 (339K) [application/x-gzip] Saving to: “keepalived-1.2.16.tar.gz” 100%[=================================================>] 346,920 7.96K/s in 2m 30s 2016-09-26 06:47:14 (2.27 KB/s) - “keepalived-1.2.16.tar.gz” saved [346920/346920] [root@lb01 /]# ll keepalived-1.2.16.tar.gz -rw-r--r--. 1 root root 346920 Mar 31 2015 keepalived-1.2.16.tar.gz
解压、配置、编译、安装
[root@lb01 /]# tar zxvf keepalived-1.2.16.tar.gz [root@lb01 /]# cd keepalived-1.2.16 [root@lb01 keepalived-1.2.16]# ./configure Keepalived configuration ------------------------ Keepalived version : 1.2.16 Compiler : gcc Compiler flags : -g -O2 Extra Lib : -lssl -lcrypto -lcrypt Use IPVS Framework : Yes IPVS sync daemon support : Yes IPVS use libnl : No fwmark socket support : Yes Use VRRP Framework : Yes Use VRRP VMAC : Yes SNMP support : No SHA1 support : No Use Debug flags : No [root@lb01 keepalived-1.2.16]# make && make install
配置规范启动
[root@lb01 keepalived-1.2.16]# cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/ #生成启动脚本 [root@lb01 keepalived-1.2.16]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ #配置启动脚本的参数 [root@lb01 keepalived-1.2.16]# mkdir /etc/keepalived #创建默认的keepalived配置文件路径 [root@lb01 keepalived-1.2.16]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/ #把keepalived.conf模板拷贝到/etckeepalived下 [root@lb01 keepalived-1.2.16]# cp /usr/local/sbin/keepalived /usr/sbin/ [root@lb01 keepalived-1.2.16]# /etc/init.d/keepalived start Starting keepalived: [ OK ] [root@lb01 keepalived-1.2.16]# ps -ef | grep keep root 3490 1 0 11:36 ? 00:00:00 keepalived -D root 3492 3490 0 11:36 ? 00:00:00 keepalived -D root 3493 3490 0 11:36 ? 00:00:00 keepalived -D root 3496 1537 0 11:36 pts/0 00:00:00 grep keep [root@lb01 keepalived-1.2.16]# /etc/init.d/keepalived stop Stopping keepalived: [ OK ]
修改配置文件
先备份一个配置文件
lb01配置文件
[root@lb01 keepalived-1.2.16]# cd /etc/keepalived/ [root@lb01 keepalived]# cp keepalived.conf keepalived.conf.bak [root@lb01 keepalived]# vim keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_01 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.119.150/24 } }
lb02配置文件
[root@lb02 keepalived-1.2.16]# cd /etc/keepalived/ [root@lb02 keepalived]# cp keepalived.conf keepalived.conf.bak [root@lb02 keepalived]# vim keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_02 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.119.150/24 } }
启动keepalived
[root@lb01 keepalived]# /etc/init.d/keepalived start Starting keepalived: [ OK ] [root@lb02 keepalived]# /etc/init.d/keepalived start Starting keepalived: [ OK ]
在master(lb01)查看虚拟IP(192.168.119.150)
提示:使用ifconfig是查不到的;使用 ip add查询
[root@lb01 keepalived]# ip add | grep 192.168.119.150 inet 192.168.119.150/24 scope global secondary eth0 [root@lb01 keepalived]#
在backup(lb02)查看(没有虚拟IP)
[root@lb02 keepalived]# ip add | grep 192.168.119.150
把master的keepalived服务down、虚拟IP就会自动切换到backup
[root@lb01 keepalived]# /etc/init.d/keepalived stop Stopping keepalived: [ OK ] [root@lb01 keepalived]# ip add | grep 192.168.119.150 [root@lb01 keepalived]#
backup查询
[root@lb02 keepalived]# ip add | grep 192.168.119.150 [root@lb02 keepalived]# ip add | grep 192.168.119.150 [root@lb02 keepalived]# ip add | grep 192.168.119.150 [root@lb02 keepalived]# ip add | grep 192.168.119.150 [root@lb02 keepalived]# ip add | grep 192.168.119.150 inet 192.168.119.150/24 scope global secondary eth0 [root@lb02 keepalived]# ip add | grep 192.168.119.150 inet 192.168.119.150/24 scope global secondary eth0
当master的keepalived服务启动时、虚拟IP会自动从backup切回到master
测试web是否正常
[root@lb01 keepalived]# curl 192.168.119.150 web01_192.168.119.130 [root@lb01 keepalived]# curl 192.168.119.150 web02_192.168.119.131 [root@lb01 keepalived]# curl 192.168.119.150 web01_192.168.119.130 [root@lb01 keepalived]# curl 192.168.119.150 web02_192.168.119.131 [root@lb01 keepalived]# curl 192.168.119.150 web01_192.168.119.130 [root@lb01 keepalived]# curl 192.168.119.150 web02_192.168.119.131 [root@lb01 keepalived]# curl 192.168.119.150 web01_192.168.119.130