keepalive+nginx双机热备

nginx+keepalive双机热备

nginx安装

在线安装:
  这次安装环境因为上传文件比较麻烦所以使用了在线安装的方式
  用到的工具是wget
  工具安装方式:
    yum -y install wget
  安装nginx命令:
    wget http://nginx.org/download/nginx-1.5.9.tar.gz
  该命令为下载文件到当前目录下
  下载好压缩包后我们首先要为nginx安装依赖
    yum -y install gcc pcre-devel zlib-devel openssl openssl-devel
  安装好依赖后我们来解压nginx的安装压缩包
    tar -zxvf nginxxxxx.xxx
  这样我们就把nginx解压到当前目录下了,进入nginx目录我们进行编译
    ./configure

    make

    make install
  到这里我们安装完成进入sbin目录进行使用nginx

命令

./nginx -t         检验配置文件
./nginx -s reload  重新加载配置文件
./nginx            启动
./nginx - stop     停止

nginx配置

  当我们安装并启动nginx后我们用浏览器输入服务器ip就会显示一个nginx的介绍页面,但是我们的使用并不仅仅停留到这里,我们需要使用nginx的更加强大的功能,这时我们就需要通过配置来使用nginx的更多功能,进入/conf/nginx.config文件这里就是我们配置nginx的位置下面是我们的一个简答的配置文件

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

 upstream nginxserver10001 {
      server  172.16.1.64:10001;
      server  172.16.1.66:10001;
     }     
server {
	listen   10001;
	server_name nginxserver10001;
        ssl on; 
        ssl_certificate /home/esblb/server.pem; 
        ssl_certificate_key  /home/esblb/server.key; 
        ssl_session_timeout  5m; 
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
		#启用TLS1.1、TLS1.2要求OpenSSL1.0.1及以上版本,若您的OpenSSL版本低于要求,请使用 ssl_protocols TLSv1;
        ssl_ciphers  HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM; 
        ssl_prefer_server_ciphers   on; 

       location / {
        proxy_redirect http://$host$1 https://$host$1;
		proxy_redirect http://$host:80$1 https://$host$1;
        proxy_set_header Host $host:10001;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-HTTPS-Protocol $ssl_protocol;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Scheme $scheme;
	proxy_pass http://nginxserver10001;
      }
  location /nginx_status{
        stub_status on;
        allow all;
        access_log off;
    }

}

    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

  如果发现进入网站显示错误一定要注意是否防火墙端口打开
  再具体的配置就先不在这里说了我们继续 ( ̄▽ ̄)/

开机启动

  通常服务器要考虑全面比如断电什么的所以通常程序都要准备开机自启的功能
  vi /etc/init.d/nginx

# nginx Startup script for the Nginx HTTP Server
# it is v.0.0.2 version.
# chkconfig: - 85 15
# description: Nginx is a high-performance web and proxy server.
#              It has a lot of features, but it's not for everyone.
# processname: nginx
# pidfile: /var/run/nginx.pid
# config: /usr/local/nginx/conf/nginx.conf
nginxd=/usr/local/nginx/sbin/nginx
nginx_config=/usr/local/nginx/conf/nginx.conf
nginx_pid=/var/run/nginx.pid
RETVAL=0
prog="nginx"
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x $nginxd ] || exit 0
# Start nginx daemons functions.
start() {
if [ -e $nginx_pid ];then
   echo "nginx already running...."
   exit 1
fi
   echo -n $"Starting $prog: "
   daemon $nginxd -c ${nginx_config}
   RETVAL=$?
   echo
   [ $RETVAL = 0 ] && touch /var/lock/subsys/nginx
   return $RETVAL
}
# Stop nginx daemons functions.
stop() {
        echo -n $"Stopping $prog: "
        killproc $nginxd
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /var/run/nginx.pid
}
# reload nginx service functions.
reload() {
    echo -n $"Reloading $prog: "
    #kill -HUP `cat ${nginx_pid}`
    killproc $nginxd -HUP
    RETVAL=$?
    echo
}
# See how we were called.
case "$1" in
start)
        start
        ;;
stop)
        stop
        ;;
reload)
        reload
        ;;
restart)
        stop
        start
        ;;
status)
        status $prog
        RETVAL=$?
        ;;

*)
        echo $"Usage: $prog {start|stop|restart|reload|status|help}"
        exit 1
esac
exit $RETVAL

  将该文件提高权限chmod -R 777 xxxx
  将该文件加入到开机自启脚本中/etc/rc.local
  /etc/init.d/nginx start

keppalived安装

  keepalived的作用主要是监控nginx,当监控到其蹦掉的时候就自动转移虚拟ip的指向进行无缝切换nginx,然后试着启动该台服务器的nginx。

 安装说明:
  wget http://www.keepalived.org/software/keepalived-2.0.14.tar.gz

  yum install keepalived –y

keepalived配置

/etc/keepalived/keepalivec.conf

global_defs {
	 notification_email {
		 acassen@firewall.loc
		 failover@firewall.loc
		 sysadmin@firewall.loc
	 }
	 notification_email_from Alexandre.Cassen@firewall.loc
	 smtp_server 192.168.17.129
	 smtp_connect_timeout 30
	 # 通过它,可以访问到主机,在hosts文件中,要做映射关系,类似于 127.0.0.1 LVS_DEVEL
	 router_id LVS_DEVEL  
}

vrrp_script chk_http_port {
	 script "/usr/local/src/nginx_check.sh"	 # 执行脚本所在的位置
	 interval 2 	#检测脚本执行的间隔,单位秒,每个2秒执行一次脚本
	 weight 2
}
	
vrrp_instance VI_1 {
	 state MASTER	 # 备份服务器上将 MASTER 改为 BACKUP
	 interface ens33	 # 绑定的网卡注意使用查询ip命令来查看当前主机的网卡填写正确网卡名称
	 virtual_router_id 51	 # 主、备机的 virtual_router_id 必须相同
	 priority 90 	# 主、备机取不同的优先级,主机值较大,备份机值较小
	 advert_int 1 	#每隔一秒发送一次心跳,确保从服务器是否还活着
	 authentication {		# 心跳检测需要的密码
		 auth_type PASS
		 auth_pass 1111
 	}
	 virtual_ipaddress {
	 192.168.17.50 	# VRRP H 虚拟地址
	 }
}

检测脚本

/usr/local/src

#!/bin/bash
A=`ps -C nginx –no-header |wc -l`
if [ $A -eq 0 ];then
 /usr/local/nginx/sbin/nginx 	#Nginx启动命令的位置
 sleep 2
 if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
 killall keepalived
 fi
fi

命令

 检测ip
  ip addr

  ipconfig

 启动keepalived
  service keepalived start

 关闭keepalived
  service keepalived stop

 查看状态
  systemctl status keepalived.service

posted @ 2020-02-28 22:24  冷酷午餐肉  阅读(736)  评论(0编辑  收藏  举报