nginx+keepalived高可用
准备工作:
yum install -y gcc openssl-devel pcre-devel install iptables-services setenforce 0 sed -ri 's/^(SELINUX=).*/\1disabled/' /etc/selinux/config systemctl stop firewalld systemctl disable firewalld systemctl enable iptables systemctl start iptables vim /etc/sysconfig/iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT -A INPUT -d 224.0.0.0/8 -p vrrp -j ACCEPT -A OUTPUT -d 224.0.0.0/8 -p vrrp -j ACCEPT systemctl restart iptables
安装nginx两个机器安装方式一样
#上传tengine-2.1.2.tar.gz /tmp
#安装
cd /tmp
yum install -y gcc openssl-devel pcre-devel
tar -xf tengine-2.1.2.tar.gz
mkdir -p /opt/platform/nginx/logs
cd tengine-2.1.2
./configure --prefix=/opt/platform/nginx --with-http_ssl_module --with-http_stub_status_module
make && make install
#替换nginx.conf
cd /opt/platform/nginx/conf
mv nginx.conf nginx.conf.bak
上传nginx.conf
#user ops; worker_processes auto; worker_cpu_affinity auto; error_log logs/error.log error; pid logs/nginx.pid; worker_rlimit_nofile 65535; events { use epoll; worker_connections 65535; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format json '{"@timestamp":"$time_iso8601",' '"remote_addr":"$remote_addr",' '"remote_user":"$remote_user",' '"http_host":"$http_host",' '"request":"$request",' '"status":"$status",' '"body_bytes_sent":$body_bytes_sent,' '"http_referer":"$http_referer",' '"http_user_agent":"$http_user_agent",' '"http_x_frowarded_for":"$http_x_forwarded_for",' '"upstream_status":"$upstream_status",' '"upstream_addr":"$upstream_addr",' '"upstream_response_time":"$upstream_response_time",' '"request_time":$request_time}'; access_log logs/access.log json; sendfile on; #tcp_nopush on; keepalive_timeout 65; client_header_buffer_size 20m; large_client_header_buffers 4 2048k; client_max_body_size 20m; proxy_buffer_size 64k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_ignore_client_abort on; #让代理服务端不要主动关闭客户端的连接。 gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/jpeg image/gif image/png application/javascript; gzip_proxied any; gzip_disable "MSIE [1-6]\."; server { listen 80 default; server_name _; return 499; } include /opt/platform/nginx/conf/vhosts/*.conf; }
#增加web应用负载均衡配置文件
mkdir -p vhosts
cd vhosts
上传ken.conf
upstream ken { server ip:port weight=4 max_fails=2 fail_timeout=30s; server ip:port weight=4 max_fails=2 fail_timeout=30s; } server { listen 8080; server_name _; access_log logs/ken.log json; location / { proxy_pass http://ken; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 10s; proxy_send_timeout 150s; proxy_read_timeout 150s; proxy_next_upstream error timeout invalid_header http_404 http_500 http_502 http_504; } }
#配置文件生效
/opt/platform/nginx/sbin/nginx -s reload
安装keepalived
#上传tengine-2.1.2.tar.gz 在目录/tmp
#主机安装
cd /tmp
tar -xvf keepalived-nginx.tar.gz -C /opt/platform/
/opt/platform/keepalived/etc/keepalived/keepalived.conf
! Configuration File for keepalived global_defs { router_id ken } vrrp_script check_nginx { script "/opt/platform/keepalived/bin/check.sh" interval 2 timeout 2 fall 2 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 215 priority 99 nopreempt advert_int 1 authentication { auth_type PASS auth_pass ken@215 } track_script { check_nginx } virtual_ipaddress { vip/24 brd mask } notify_master "/opt/platform/keepalived/bin/notify.sh master" notify_backup "/opt/platform/keepalived/bin/notify.sh backup" notify_fault "/opt/platform/keepalived/bin/notify.sh fault" notify_stop "/opt/platform/keepalived/bin/notify.sh stop" }
另外一台机器安装方式一样,但是需要修改keepalived.conf的一个参数
priority 150 #将99调整为150
启动keepalived
cd /opt/platform/keepalived/sbin
sh startup.sh