Linux系统Keepalive Nginx做前置机配置
- 1、软件官网下载
https://www.keepalived.org/download.html
http://nginx.org/download/
选择软件版本如下
[root@ZE-NGXFR01 data]# ll
total 1960
-rw------- 1 sysadm sysadm 927631 Nov 15 10:34 keepalived-2.0.10.tar.gz
-rw------- 1 sysadm sysadm 1073322 Nov 15 11:01 nginx-1.22.0.tar.gz
- 2、服务器地址规划
IP地址信息
VIP:10.64.137.50
host1:10.64.137.51
host2:10.64.137.52
目录配置
/usr/local 本地系统管理员软件安装目录(安装系统级的应用)
/etc 存放系统管理和配置文件
操作系统版本
# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
- 3、keepalived软件安装
[root@ZE-NGXFR01 data]# tar -zxf keepalived-2.0.10.tar.gz
[root@ZE-NGXFR01 data]# cd keepalived-2.0.10/
[root@ZE-NGXFR01 keepalived-2.0.10]# ./configure --prefix=/usr/local/keepalived --sysconf=/etc
● prefix:keepalived安装的位置
● sysconf:keepalived核心配置文件所在位置,固定位置,改成其他位置则keepalived启动不了,/var/log/messages中会报错
configure: error:
!!! OpenSSL is not properly installed on your system. !!!
!!! Can not include OpenSSL headers files. !!!
[root@ZE-NGXFR01 keepalived-2.0.10]# yum install -y openssl openssl-devel gcc gcc-c++ libnfnetlink-devel libnl libnl-devel
[root@ZE-NGXFR01 keepalived-2.0.10]# ./configure --prefix=/usr/local/keepalived --sysconf=/etc
[root@ZE-NGXFR01 keepalived-2.0.10]# make && make install
3.2 编辑两个节点的keepalived.conf配置文件
节点1(host1):
[root@ZE-NGXFR01 keepalived-2.0.10]# vi /etc/keepalived/keepalived.conf
# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_MASTER #路由id:当前安装keepalived的节点主机标识符,保证全局唯一
script_user root
enable_script_security
}
vrrp_script check_nginx {
script "/etc/keepalived/check_nginx.sh"
interval 2 # 每隔两秒运行上一行脚本
weight -5 # 如果脚本运行成功,则升级权重+5 ; weight -5 # 如果脚本运行失败,则升级权重-5
fall 2 #检测连续两次失败才算真的失败
rise 1 #检测1次成功就算成功
}
vrrp_instance VI_1 {
state MASTER # 表示状态是MASTER主机还是备用机BACKUP
interface ens192 # 该实例绑定的网卡名称
virtual_router_id 50 # 保证主备节点一致即可
priority 100 # 权重,master权重一般高于backup,如果有多个,那就是选举,谁的权重高,谁就当选
advert_int 1 # 主备之间同步检查时间间隔,单位秒
authentication { # 认证权限密码,防止非法节点进入
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { # 虚拟出来的ip,可以有多个(vip)
10.64.137.50/24 dev ens192 label ens192:1
}
unicast_src_ip 10.64.137.51
unicast_peer {
10.64.137.52
}
track_script {
check_nginx # 追踪nginx脚本
}
}
节点2(host2):
[root@ZE-NGXFR02 keepalived-2.0.10]# vi /etc/keepalived/keepalived.conf
# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
# 路由id:当前安装keepalived的节点主机标识符,保证全局唯一
router_id LVS_BACKUP
script_user root
enable_script_security
}
vrrp_script check_nginx {
script "/etc/keepalived/check_nginx.sh"
interval 2 # 每隔两秒运行上一行脚本
weight -5 # 如果脚本运行成功,则升级权重+5 ; weight -5 # 如果脚本运行失败,则升级权重-5
fall 2 #检测连续两次失败才算真的失败
rise 1 #检测1次成功就算成功
}
vrrp_instance VI_1 {
state BACKUP # 表示状态是MASTER主机还是备用机BACKUP
interface ens192 # 该实例绑定的网卡名称
virtual_router_id 50 # 保证主备节点一致即可
priority 80 # 权重,master权重一般高于backup,如果有多个,那就是选举,谁的权重高,谁就当选
advert_int 1 # 主备之间同步检查时间间隔,单位秒
authentication { # 认证权限密码,防止非法节点进入
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { # 虚拟出来的ip,可以有多个(vip)
10.64.137.50/24 dev ens192 label ens192:1
}
unicast_src_ip 10.64.137.52
unicast_peer {
10.64.137.51
}
track_script {
check_nginx # 追踪nginx脚本
}
}
3.3 编辑Nginx检测脚本
vi /etc/keepalived/check_nginx.sh
#!/bin/bash
A=`ps -C nginx --no-header |wc -l`
# 判断nginx是否宕机,如果宕机了,尝试重启
if [ $A -eq 0 ];then
systemctl start nginx
# 等待一小会再次检查nginx,如果没有启动成功,则停止keepalived,使其启动备用机
sleep 3
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
systemctl stop keepalived
fi
fi
并增加脚本的执行权限
chmod +x /etc/keepalived/check_nginx.sh
[root@ZE-NGXFR01 keepalived]# systemctl start keepalived
[root@ZE-NGXFR01 keepalived]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2023-11-15 14:33:41 CST; 1s ago
Process: 52431 ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 52432 (keepalived)
CGroup: /system.slice/keepalived.service
├─52432 /usr/local/keepalived/sbin/keepalived -D
└─52433 /usr/local/keepalived/sbin/keepalived -D
Nov 15 14:33:41 ZE-NGXFR01 systemd[1]: Started LVS and VRRP High Availability Monitor.
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: Registering Kernel netlink reflector
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: Registering Kernel netlink command channel
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: Opening file '/etc/keepalived/keepalived.conf'.
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: Assigned address 10.64.137.51 for interface ens192
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: Assigned address fe80::a14f:df56:7a0f:347f for interface ens192
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: Registering gratuitous ARP shared channel
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: (VI_1) removing VIPs.
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: (VI_1) Entering BACKUP STATE (init)
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: VRRP sockpool: [ifindex(2), family(IPv4), proto(112), unicast(0), fd(10,11)]
[root@ZE-NGXFR01 keepalived]#
[root@ZE-NGXFR01 keepalived]# hostname -I
10.64.137.51 10.64.137.50
两个节点配置keepalived开机自启动:systemctl enable keepalived
4、Nginx软件安装
[root@ZE-NGXFR01 data]# tar -zxvf nginx-1.22.0.tar.gz
[root@ZE-NGXFR01 data]# cd nginx-1.22.0/
#安装编译工具和库文件
[root@ZE-NGXFR01 data]# yum -y install make zlib zlib-devel gcc-c++ libtool openssl openssl-devel
[root@ZE-NGXFR01 data]# yum install -y pcre pcre-devel
#配置ssl模块、配置gzip的gzip_static配置,需要安装–with-http_gzip_static_module模块
[root@ZE-NGXFR01 data]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-stream
[root@ZE-NGXFR01 data]# make && make install
[root@ZE-NGXFR01 nginx-1.22.0]# /usr/local/nginx/sbin/nginx -v
nginx version: nginx/1.22.0
3.1把nginx配置为系统服务
创建 /usr/lib/systemd/system/nginx.service文件
1 [Unit] 2 Description=nginx 3 After=network.target 4 [Service] 5 Type=forking 6 ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf 7 ExecReload=/usr/local/nginx/sbin/nginx -s reload 8 ExecStop=/usr/local/nginx/sbin/nginx -s quit 9 PrivateTmp=true 10 [Install] 11 WantedBy=multi-user.target
授权:chmod 755 /usr/lib/systemd/system/nginx.service
重新加载:systemctl daemon-reload
启动Nginx服务
systemctl start nginx
systemctl status nginx
3.2 Nginx配置多端口转发代理
# cat /usr/local/nginx/conf/nginx.conf|grep -Ev "(#|^$)"
worker_processes 1;
error_log logs/error.log;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
access_log logs/access.log;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
#数据平台
server {
listen 4000;
location / {
proxy_pass http://10.64.149.115:4000;
}
}
#公众号
server {
listen 30002;
location / {
proxy_pass http://10.64.147.211:30002;
}
}
server {
listen 32711;
location / {
proxy_pass http://10.64.147.211:32711;
}
}
}
