Nginx+Keepalived高可用性负载均衡

Nginx负载均衡配置(两台机器配置一样)

无论哪一个负载均衡节点宕机，都会通过VIP的漂移，让另一个机器继续工作，用户是无感知的

lb01-nginx.conf配置

     upstream static_pools {
        server 10.0.0.40;
        server 10.0.0.50;
}

#     upstream upload_pools {
#       server 10.0.0.50;
#}
#
#     upstream default_pools {
#       server 10.0.0.60;
#}

    server {
        listen       80;
        server_name  www.junwu.com;

        location / {
                proxy_pass http://static_pools;

}
}
[root@lb01 conf]# nginx -t
nginx: the configuration file /opt/nginx-1.25.1/conf/nginx.conf syntax is ok
nginx: configuration file /opt/nginx-1.25.1/conf/nginx.conf test is successful
[root@lb01 conf]# nginx -s reload

lb01-keepalived.conf配置

   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
#   vrrp_strict    #注意，要注释此行的严格模式，生产环境不推荐
   vrrp_garp_interval 0
   vrrp_gna_interval 0
   log_File /var/log/keepalived.log
   log_level debug
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.0.0.100/24 dev ens33 label ens33:1
    }

此处的VIP最好配置在nginx同一网段

lb02-nginx.conf配置

  upstream static_pools {
        server 10.0.0.40;
        server 10.0.0.50;
}
    server {
        listen       80;
        server_name  www.junwu.com;

        location / {
                proxy_pass http://static_pools;
}

[root@lb02 conf]# nginx -t
nginx: the configuration file /opt/nginx-1.25.1/conf/nginx.conf syntax is ok
nginx: configuration file /opt/nginx-1.25.1/conf/nginx.conf test is successful
[root@lb02 conf]# nginx -s reload

lb02-keepalived.conf配置

   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
#   vrrp_strict    #此处同样要注释掉严格模式
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.0.0.100/24 dev ens33 label ens33:1
    }
}
[root@lb02 conf]# systemctl restart keepalived

wwww01站点配置

server {
        listen       80;
        server_name  www.bbq.com;

        #charset koi8-r;
        charset utf-8;
        #access_log  logs/host.access.log  main;

        location / {
            root   html/bbq;
            index  index.html index.htm;
        }
[root@www01 conf]# cat ../html/bbq/index.html 
<meta charset=utf8>
这是网站www.bbq40.com

www02站点配置

 server {
        listen       80;
        server_name  www.bbq.com;

        #charset koi8-r;
        charset utf-8;

        #access_log  logs/host.access.log  main;

        location / {
            root   html/bbq;
            index  index.html index.htm;
        }
[root@www02 conf]# cat ../html/bbq/index.html 
这是网站www.bbq50.com

在Windows上配置域名解析

##将虚拟IP和nginx域名做一个映射关系
10.0.0.100 www.junwu.com

keepalived高可用性测试，关闭Nginx负载均衡主节点

直接关机，模拟机器宕机
[root@lb01 conf]# poweroff

我们继续浏览网站，看看是否正常

 发现对于用户来说，一切正常

#VIP已经成功漂移到备用节点
[root@lb02 conf]# ip addr |grep inet
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
    inet 10.0.0.60/24 brd 10.0.0.255 scope global noprefixroute ens33
    inet 192.168.17.105/24 scope global ens33:2
    inet 10.0.0.100/24 scope global secondary ens33:1
    inet6 fe80::8d10:27e0:1c5b:e2a1/64 scope link noprefixroute 

 

补充：

Keepalived日志查看方式如下：

keepalived默认日志路径
[root@lb01 ~]# tail -f /var/log/messages |grep -i keepalived
Jul  4 14:23:41 lb01 Keepalived_healthcheckers[1370]: Timeout connecting server [192.168.201.100]:443.
Jul  4 14:23:41 lb01 Keepalived_healthcheckers[1370]: Check on service [192.168.201.100]:443 failed after 3 retry.
Jul  4 14:23:41 lb01 Keepalived_healthcheckers[1370]: Removing service [192.168.201.100]:443 from VS [192.168.200.100]:443
Jul  4 14:23:41 lb01 Keepalived_healthcheckers[1370]: Lost quorum 1-0=1 > 0 for VS [192.168.200.100]:443
Jul  4 14:23:41 lb01 Keepalived_healthcheckers[1370]: Remote SMTP server [192.168.200.1]:25 connected.

默认日志不太友好，可以指定输出日志路径

[root@lb01 ~]# vim /etc/sysconfig/keepalived 

# Options for keepalived. See `keepalived --help' output and keepalived(8) and
# keepalived.conf(5) man pages for a list of all options. Here are the most
# common ones :
#
# --vrrp               -P    Only run with VRRP subsystem.
# --check              -C    Only run with Health-checker subsystem.
# --dont-release-vrrp  -V    Dont remove VRRP VIPs & VROUTEs on daemon stop.
# --dont-release-ipvs  -I    Dont remove IPVS topology on daemon stop.
# --dump-conf          -d    Dump the configuration data.
# --log-detail         -D    Detailed log messages.
# --log-facility       -S    0-7 Set local syslog facility (default=LOG_DAEMON)
#

KEEPALIVED_OPTIONS="-D -d -S 0"    #改这句


[root@lb01 ~]# vim /etc/rsyslog.conf 
#save keepalived log ti keepalived.log
local0.*                                                /var/log/keepalived.log

[root@lb01 ~]# systemctl restart rsyslog
[root@lb01 ~]# systemctl restart keepalived

#日志文件生成
[root@lb01 ~]# tail -f /var/log/keepalived.log 
Jul  4 14:23:41 lb01 Keepalived_healthcheckers[1370]: Timeout connecting server [192.168.201.100]:443.
Jul  4 14:23:41 lb01 Keepalived_healthcheckers[1370]: Check on service [192.168.201.100]:443 failed after 3 retry.
Jul  4 14:23:41 lb01 Keepalived_healthcheckers[1370]: Removing service [192.168.201.100]:443 from VS [192.168.200.100]:443