keepalived + nginx(负载均衡反向代理HTTP，https) + tomcat（HTTP，https）

基本架构：

                      nginx(192.168.116.198)

client        --->keepalived(116.200)      ------> tomcat (192.168.116.101,192.168.116.100)      

                      nginx(192.168.116.199)

keepalived的配置文件/etc/keepalived/keepalived.conf：

global_defs {
notification_email {
root@node2
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id nginx2
}

vrrp_script chk_nginx {
script "/server/scripts/chk_nginx.sh"
interval 2
fall 2
rise 1
}

vrrp_instance VI_1 {

track_script {
chk_nginx
}
state BACKUP
interface eth0
virtual_router_id 61
priority 90
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.116.200
}
}

###########################

#!/bin/bash
#check service of nginx is ok
/usr/bin/netstat -anlp |grep -w '0.0.0.0:9443' >/dev/null 2>&1

##################################################

前端nginx配置文件：

/etc/nginx/nginx.conf

worker_processes 3;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream shoudian_http{
ip_hash;
server 192.168.116.100:9000;
# server 192.168.116.101:9000;
}
upstream shoudianhttps {
server 192.168.116.100:9443 weight=10;
# server 192.168.116.101:9443 weight=10;
}
server {
listen 9000;
server_name shoudian_http;
location / {
proxy_pass http://shoudian_http;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 9443;
server_name localhost;

ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_session_timeout 5m;
location / {
proxy_pass https://shoudianhttps;
}
access_log /etc/nginx/logs/access.log;
error_log /etc/nginx/logs/error.log;
}

}

#后端tomcat的访问方式

curl https://192.168.116.100:9443/

curl http://192.168.116.100:9000/