nginx+keepalived高可用

准备工作:

yum install -y gcc openssl-devel pcre-devel install iptables-services

setenforce 0
sed -ri 's/^(SELINUX=).*/\1disabled/' /etc/selinux/config

systemctl stop firewalld
systemctl disable firewalld
systemctl enable iptables
systemctl start iptables

vim /etc/sysconfig/iptables
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -d 224.0.0.0/8 -p vrrp -j ACCEPT
-A OUTPUT -d 224.0.0.0/8 -p vrrp -j ACCEPT
systemctl restart iptables

 

安装nginx两个机器安装方式一样
#上传tengine-2.1.2.tar.gz /tmp

#安装
cd /tmp
yum install -y gcc openssl-devel pcre-devel
tar -xf tengine-2.1.2.tar.gz
mkdir -p /opt/platform/nginx/logs
cd tengine-2.1.2
./configure --prefix=/opt/platform/nginx --with-http_ssl_module --with-http_stub_status_module
make && make install

#替换nginx.conf
cd /opt/platform/nginx/conf
mv nginx.conf nginx.conf.bak
上传nginx.conf

#user  ops;
worker_processes  auto;
worker_cpu_affinity auto;

error_log  logs/error.log  error;

pid        logs/nginx.pid;

worker_rlimit_nofile 65535;

events {
	use epoll;
    worker_connections  65535;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

	log_format  json  '{"@timestamp":"$time_iso8601",'
                      '"remote_addr":"$remote_addr",'
                      '"remote_user":"$remote_user",'
                      '"http_host":"$http_host",'
                      '"request":"$request",'
                      '"status":"$status",'
                      '"body_bytes_sent":$body_bytes_sent,'
                      '"http_referer":"$http_referer",'
                      '"http_user_agent":"$http_user_agent",'
                      '"http_x_frowarded_for":"$http_x_forwarded_for",'
   		      '"upstream_status":"$upstream_status",'
                      '"upstream_addr":"$upstream_addr",'
                      '"upstream_response_time":"$upstream_response_time",'
                      '"request_time":$request_time}';


    access_log  logs/access.log  json;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    client_header_buffer_size    20m;
    large_client_header_buffers  4 2048k;
    client_max_body_size 20m;
    proxy_buffer_size 64k;
    proxy_buffers   4 32k;
    proxy_busy_buffers_size 64k;
    proxy_temp_file_write_size 64k;

    proxy_ignore_client_abort  on;  #让代理服务端不要主动关闭客户端的连接。

    gzip  on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/jpeg image/gif image/png application/javascript;
    gzip_proxied any;
    gzip_disable "MSIE [1-6]\.";

server {
        listen 80 default;
        server_name _;
        return 499;
        }

include /opt/platform/nginx/conf/vhosts/*.conf;
}

  

#增加web应用负载均衡配置文件
mkdir -p vhosts
cd vhosts
上传ken.conf

upstream ken {
        server ip:port weight=4 max_fails=2 fail_timeout=30s;
        server ip:port weight=4 max_fails=2 fail_timeout=30s;
}

server {
        listen       8080;
        server_name  _;
        access_log  logs/ken.log json;

    location / {
        proxy_pass         http://ken;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_connect_timeout   10s;
        proxy_send_timeout      150s;
        proxy_read_timeout      150s;
        proxy_next_upstream error timeout invalid_header http_404 http_500 http_502 http_504;
    }
}

  

#配置文件生效
/opt/platform/nginx/sbin/nginx -s reload

 

安装keepalived
#上传tengine-2.1.2.tar.gz 在目录/tmp
#主机安装
cd /tmp
tar -xvf keepalived-nginx.tar.gz -C /opt/platform/


/opt/platform/keepalived/etc/keepalived/keepalived.conf

! Configuration File for keepalived

  global_defs {
  router_id ken  
}

vrrp_script check_nginx {
    script "/opt/platform/keepalived/bin/check.sh"
    interval 2
    timeout 2
    fall 2
}

vrrp_instance VI_1 {
   state BACKUP
   interface eth0
   virtual_router_id 215
   priority 99
   nopreempt
   advert_int 1
   authentication {
       auth_type PASS
       auth_pass ken@215
   }

    track_script { 
        check_nginx
    }

   virtual_ipaddress {
       vip/24 brd mask
   }

   notify_master "/opt/platform/keepalived/bin/notify.sh master"
   notify_backup "/opt/platform/keepalived/bin/notify.sh backup"
   notify_fault "/opt/platform/keepalived/bin/notify.sh fault"
   notify_stop "/opt/platform/keepalived/bin/notify.sh stop"
}

  

另外一台机器安装方式一样,但是需要修改keepalived.conf的一个参数
priority 150 #将99调整为150

启动keepalived
cd /opt/platform/keepalived/sbin
sh startup.sh

 

posted @ 2018-05-29 10:17  风子陈  阅读(142)  评论(0编辑  收藏  举报