Nginx/tengine realserver健康检测

Nginx/tengine realserver健康检测

 

https://www.linuxidc.com/Linux/2014-03/98779.htm

 

想用Nginx或者Tengine替代LVS,即能做七层的负载均衡,又能做监控状态检测。我们大多数站点都是nginx+tomcat这个比较常见模式,一旦发现后面的realserver挂了就自动剔除,恢复后自动加入服务池里,可以用Tengine的ngx_http_upstream_check_module模块。

 

这里以生产环境的tengine-2.2.1 版本式例。

 

 

tengine编译参数

生产环境中结合了lua环境

cd /home/admin/soft/nginx_install

 

sudo yum -y install openssl* openssl-devel

sudo yum -y install gcc-c++  gcc

sudo yum -y install libxml2 libxml2-dev

sudo yum -y install libxslt-devel

sudo yum -y install gd-devel

sudo yum -y install git curl curl-devel zlib zlib-devel pcre pcre-devel

sudo yum –y install lua lua-devel  readline readline-devel –y

sudo yum -y update nss curl –y

 

 

tar xf lua-5.3.0.tar.gz

cd lua-5.3.0/       

make linux

sudo make install

cd ..

 

tar -zxf LuaJIT-2.1.0-beta2.tar.gz

cd LuaJIT-2.1.0-beta2

make

sudo make install

cd ..

 

sudo ln -s /usr/local/lib/libluajit-5.1.so.2 /lib64/libluajit-5.1.so.2

 

echo "export LUAJIT_LIB=/usr/local/lib" | sudo tee -a /etc/profile

echo "export LUAJIT_INC=/usr/local/include/luajit-2.1/ " | sudo tee -a /etc/profile

source /etc/profile

tail -2 /etc/profile

cd  ..

cd /home/admin/soft/nginx_install

 

tar zxf pcre-8.30.tar.gz

cd pcre-8.30/

./configure

make && make install

cd ../

cd /home/admin/soft/nginx_install

tar -zxf tengine-2.2.1.tar.gz

cd tengine-2.2.1

./configure --user=admin --group=admin --prefix=/home/admin/webserver --with-http_concat_module --with-http_realip_module --with-http_addition_module --with-http_gzip_static_module --with-http_random_index_module --with-http_stub_status_module --with-http_sub_module --with-http_ssl_module --with-http_flv_module --with-http_sysguard_module --with-http_upstream_check_module --with-http_secure_link_module --with-http_degradation_module --with-http_xslt_module --with-http_v2_module  --with-http_image_filter_module --with-http_dyups_module --with-http_dav_module --with-debug --add-module=/home/admin/soft/nginx_install/ngx_devel_kit/ --add-module=/home/admin/soft/nginx_install/lua-nginx-module 


make

sudo make install

echo "/usr/local/lib"|  sudo tee -a /etc/ld.so.conf

sudo ldconfig

 

sudo chown -R admin: ~/webserver/

cd /home/admin/webserver/sbin

sudo chown root nginx ;sudo chmod u+s nginx ;

/home/admin/webserver/sbin/nginx -t ;/home/admin/webserver/sbin/nginx

ll

cd ~


cd /home/admin/soft/nginx_install

rm -f ~/webserver/conf/nginx.conf

cp nginx.conf ~/webserver/conf/

cp -r conf.d ~/webserver/conf/

cp status.conf ~/webserver/conf/

~/webserver/sbin/nginx -t

~/webserver/sbin/nginx

~/webserver/sbin/nginx -s reload

curl 127.0.0.1/lua  

 

--with-http_upstream_check_module 就是对realserver的健康检查模块

配置文件

upstream kstore_pc_app {   
#ip_hash; 
server 10.6.75.175:8082 weight=1 max_fails=2 fail_timeout=30s;   
}   
upstream kstore_third_app {
#ip_hash; 
server 10.6.75.175:8082 weight=1 max_fails=2 fail_timeout=30s;
server 10.6.75.176:8082 weight=1 max_fails=2 fail_timeout=30s;
check interval=1000 rise=5 fall=2 timeout=500 type=http;
#check_http_send "HEAD /open/index.html?help-doc.html HTTP/1.0\r\n\r\n";
#check_http_expect_alive http_2xx http_3xx;
#check_keepalive_requests 1;
}

upstream kstore_mobile_app {   
#ip_hash; 
server 10.6.75.175:8081 weight=1 max_fails=2 fail_timeout=30s;   
server 10.6.75.176:8081 weight=1 max_fails=2 fail_timeout=30s;   
check interval=1000 rise=5 fall=2 timeout=500 type=http;
check_http_send "HEAD /mobile/queryMobCateBar.htm HTTP/1.0\r\n\r\n";
check_http_expect_alive http_2xx http_3xx;
check_keepalive_requests 1;
}   
upstream kstore_boss_app {   
#ip_hash; 
server 10.6.75.175:8083 weight=1 max_fails=2 fail_timeout=30s;   
}   

upstream kstore_open_app {
#ip_hash; 
server 10.6.75.175:8084 weight=1 max_fails=2 fail_timeout=30s;
server 10.6.75.176:8084 weight=1 max_fails=2 fail_timeout=30s;
check interval=3000 rise=5 fall=2 timeout=1000 type=http;
check_http_send "HEAD /open/index.html?help-doc.html HTTP/1.0\r\n\r\n";
check_http_expect_alive http_2xx http_3xx;
check_keepalive_requests 1;
}


###bbc.qizhigongli.com   
server {   
        listen 80;   
        server_name 123.126.111.208 test.bbc.7gongli.com.cn  bbc.zhaonongzi.com 7kms.cn www.7kms.cn;
#       server_name   bbc.zhaonongzi.com www.7kms.cn;
        #log_by_lua_file /home/admin/webserver/conf/conf.d/record.lua;
    proxy_redirect off; ###禁止url改写 
    #后端的Web服务器可以通过X-Forwarded-For获取用户真实IP  
    proxy_set_header Host $host;  
    proxy_set_header X-Real-IP $remote_addr;  
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  
    client_max_body_size 10m;    #允许客户端请求的最大单文件字节数  
    client_body_buffer_size 128k;  #缓冲区代理缓冲用户端请求的最大字节数,  
    proxy_connect_timeout 90;  #nginx跟后端服务器连接超时时间(代理连接超时)  
    proxy_send_timeout 90;     #后端服务器数据回传时间(代理发送超时)  
    proxy_read_timeout 90;     #连接成功后,后端服务器响应时间(代理接收超时)  
    proxy_buffer_size 4k;     #设置代理服务器(nginx)保存用户头信息的缓冲区大小  
    proxy_buffers 4 32k;    #proxy_buffers缓冲区,网页平均在32k以下的话,这样设置  
    proxy_busy_buffers_size 64k;    #高负荷下缓冲大小(proxy_buffers*2)  
    proxy_temp_file_write_size 64k; 
          #### #设定缓存文件夹大小,大于这个值,将从upstream服务器传  
    proxy_headers_hash_max_size  51200;
    ##设置头部哈希表的最大值,不能小于你后端服务器设置的头部总数。
    proxy_headers_hash_bucket_size 6400; #设置头部哈希表大小
    log_by_lua_file /home/admin/webserver/conf/conf.d/record.lua;
#####  
  location /mobile {
    #            default_type "text/plain;charset=UTF-8";
    #            content_by_lua 'ngx.say("系统更新中,敬请期待...")';
    proxy_pass  http://kstore_mobile_app;
    proxy_next_upstream http_502 http_504 error timeout invalid_header;
#if ($http_x_forwarded_for !~ 106.39.140.218){
#        return 404;
#}
    proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header REMOTE-HOST $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    add_header Cache-Control no-store;
    access_log  logs/mall_mobile/mall_mobile.log main;
    log_by_lua_file /home/admin/webserver/conf/conf.d/record.lua;
#    deny  182.92.245.2;
#    deny 123.56.163.16;
#    deny 182.92.154.237;
#    deny 10.170.255.37;
#    deny 10.171.18.108;
 #   deny all;
    }
####
    location /boss {
    proxy_pass  http://kstore_boss_app;
    proxy_next_upstream http_502 http_504 error timeout invalid_header;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $remote_addr;
    add_header Cache-Control no-store;
    access_log  logs/mall_boss/mall_boss.log main;
    log_by_lua_file /home/admin/webserver/conf/conf.d/record.lua;
         }
    location /third {
    proxy_pass  http://kstore_third_app;
    proxy_next_upstream http_502 http_504 error timeout invalid_header;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $remote_addr;
    add_header Cache-Control no-store;
    access_log  logs/mall_third/mall_third.log main;
    log_by_lua_file /home/admin/webserver/conf/conf.d/record.lua;
# if ($http_x_forwarded_for !~ 106.39.140.218){
#        return 404;
#}
         }
    location /open {
    proxy_pass  http://kstore_open_app;
    proxy_next_upstream http_502 http_504 error timeout invalid_header;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $remote_addr;
    add_header Cache-Control no-store;
    access_log  logs/mall_open/mall_open.log main;
    log_by_lua_file /home/admin/webserver/conf/conf.d/record.lua;
         }
  location / {
                #default_type text/plain;
                #content_by_lua 'ngx.say("系统更新中,敬请期待...")';
                #content_by_lua 'ngx.say("系统更新中,敬请期待...")';
                proxy_pass  http://kstore_pc_app;
                proxy_next_upstream http_502 http_504 error timeout invalid_header;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $remote_addr;
                add_header Cache-Control no-store;
                access_log  logs/mall_pc/mall_pc.log main;
    log_by_lua_file /home/admin/webserver/conf/conf.d/record.lua;
        }
  location /pc {
                #rewrite ~*^/pc/ ~*^/;
#               default_type text/plain;
                default_type "text/plain;charset=UTF-8";
                content_by_lua 'ngx.say("系统更新中,敬请期待...")';
                #content_by_lua 'ngx.say("懵逼了")';
        }
           location = /status.html {

                check_status;
            access_log off;

        }
 }

 

http接口检测

tomcat容器在启动过程中,端口已经能探测到,但还不能对外提供服务,这时候Nginx把请求分发过去,实际是响应失败。这时候就需要进行http检测。

该指令可以配置http健康检查包发送的请求内容。为了减少传输数据量,推荐采用"HEAD"方法。

当采用长连接进行健康检查时,需在该指令中添加keep-alive请求头,如:"HEAD / HTTP/1.1\r\nConnection: keep-alive\r\n\r\n"。 同时,在采用"GET"方法的情况下,请求uri的size不宜过大,确保可以在1个interval内传输完成,否则会被健康检查模块视为后端服务器或网络异常。

我一般设置一个静态页面或者接口

check interval=1000 rise=5 fall=2 timeout=500 type=http;
check_http_send "HEAD /mobile/queryMobCateBar.htm HTTP/1.0\r\n\r\n";
check_http_expect_alive http_2xx http_3xx;
check_keepalive_requests 1;

 

参数意义:

指令后面的参数意义是:

check interval=3000 rise=2 fall=5 timeout=1000;

interval:向后端发送的健康检查包的间隔。

fall(fall_count): 如果连续失败次数达到fall_count,服务器就被认为是down。

rise(rise_count): 如果连续成功次数达到rise_count,服务器就被认为是up。

timeout: 后端健康请求的超时时间。

default_down: 设定初始时服务器的状态,如果是true,就说明默认是down的,如果是false,就是up的。默认值是true,也就是一开始服务器认为是不可用,要等健康检查包达到一定成功次数以后才会被认为是健康的。

type:健康检查包的类型,现在支持以下多种类型

    tcp:简单的tcp连接,如果连接成功,就说明后端正常。

    ssl_hello:发送一个初始的SSL hello包并接受服务器的SSL hello包。

    http:发送HTTP请求,通过后端的回复包的状态来判断后端是否存活。

    mysql: 向mysql服务器连接,通过接收服务器的greeting包来判断后端是否存活。

    ajp:向后端发送AJP协议的Cping包,通过接收Cpong包来判断后端是否存活。

port: 指定后端服务器的检查端口。

check_http_send 指令

该指令可以让负载均衡器模拟向后端realserver发送,监控检测的http包,模拟LVS的检测。

check_http_expect_alive 指令

check_http_expect_alive [ http_2xx | http_3xx | http_4xx | http_5xx ]

返回指定HTTP code,符合预期就算检测成功

检测

http://test.bbc.7gongli.com.cn/status.html

 

 

posted on 2018-07-24 12:17  光阴8023  阅读(361)  评论(0编辑  收藏  举报