Nginx-Keepalived实现高可用
1、准备环境架构
2、安装部署keepalived软件 (lb01 lb02)
yum install -y keepalived
3、编写keepalived配置文件
vim /etc/keepalived/keepalived.conf
GLOBAL CONFIGURATION --- 全局配置部分
VRRPD CONFIGURATION --- VRRP协议配置部分
LVS CONFIGURATION --- LVS服务管理配置部分
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs { --- 全局配置部分
notification_email { --- 设置发送邮件信息的收件人
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from test@163.com --- 设置连接的邮件服务器信息
smtp_server 163.smtp.xxx_
smtp_connect_timeout 30
router_id LVS_DEVEL --- 高可用集群主机身份标识(集群中主机身份标识名称不能重复)
}
vrrp_instance keep { --- Vrrp协议家族 keep
state MASTER --- 标识所在家族中的身份 (MASTER/BACKUP)
interface eth0 --- 指定虚拟IP地址出现在什么网卡上
virtual_router_id 51 --- 标识家族身份信息 多台高可用服务配置要一致
priority 100 --- 设定优先级 优先级越高,就越有可能成为主
advert_int 1 --- 定义组播包发送的间隔时间(秒) 主和备一样
authentication { --- 实现通讯需要有认证过程
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { --- 配置虚拟IP地址信息
192.168.200.16
192.168.200.17
192.168.200.18
}
}
lb01配置信息:
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance keep01 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24
}
lb02配置信息:
! Configuration File for keepalived
[root@lb0\2 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance keep02 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24
}
}
3、启动keepalived进程
4、修改解析配置文件
5、网页测试配合抓包软件一起使用
测试:
当两台keepalived都在运行时访问www.test.com:
[root@web03 ~]# curl www.test.com
10.0.0.7 www.test.com
[root@web03 ~]# curl www.test.com
10.0.0.8 www.test.com
[root@web03 ~]# curl www.test.com
10.0.0.9 www.test.com
数据包访问方向:
将keepalived主服务器stop时:
[root@web03 ~]# curl www.test.com
10.0.0.9 www.test.com
[root@web03 ~]# curl www.test.com
10.0.0.8 www.test.com
[root@web03 ~]# curl www.test.com
10.0.0.7 www.test.com
数据包访问方向:
高可用集群双主配置
说明:
双主模式是将所有keepalived服务器全部启用,例如有两个不同页面的网站,www.test1.com www.test2.com
当用户访问test1时将解析为10.0.0.3(10.0.0.5)去访问web服务器,这时10.0.0.6keepalived服务器作为10.0.0.5的备胎
当用户访问test2时将解析为10.0.0.4(10.0.0.6)去访问web服务器,这时10.0.0.5keepalived服务器作为10.0.0.6的备胎
1、编写lb01服务器keepalived配置文件
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance keep01 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24
}
}
vrrp_instance keep02 {
state BACKUP
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.4/24
}
}
2、编写lb02服务器keepalived配置文件
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance keep01 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24
}
}
vrrp_instance keep02 {
state MASTER
interface eth0
virtual_router_id 52
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.4/24
}
}
3、编写域名和IP地址解析信息
高可用服务安全访问配置(负载均衡服务)
3.1、修改nginx负载均衡文件
upstream test {
server 10.0.0.7:80;
server 10.0.0.8:80;
server 10.0.0.9:80;
}
server {
listen 10.0.0.3:80;
server_name www.test.com;
location / {
proxy_pass http://test;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_next_upstream error timeout http_404 http_502 http_403;
}
}
server {
listen 10.0.0.4:80;
server_name bbs.test.com;
location / {
proxy_pass http://oldboy;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
3.2、修改内核文件
异常问题:
设置监听网卡上没有的地址
解决: 需要修改内核信息
echo 'net.ipv4.ip_nonlocal_bind = 1' >>/etc/sysctl.conf
sysctl -p
3.3、重启nginx负载均衡服务
systemctl restart nginx(配置文件中涉及到修改ip时必须重启服务,而不能平滑重启)
