nginx利用keepalived实现高可用的配置
Posted yezi59
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了nginx利用keepalived实现高可用的配置相关的知识,希望对你有一定的参考价值。
文章目录
高可用性(High Availability)作用
1、一个业务不能因为某个设备或者点出现问题而导致整个业务不能正常运转,不能有单点故障。
2、出现任何情况都可以运行—》利用高可用解决。
提示:以下是本篇文章正文内容,下面案例可供参考
一、keepalived是什么?
核心技术点是vrrp协议和vip。
1、vrrp协议的工作原理:
虚拟路由器是工作在实际的物理路由器之上的。它由多个实际的路由器组成,包括一个Master路由器和多个Backup路由器。Master路由器正常工作时,局域网内的主机通过Master与外界通信。当Master路由器出现故障时,Backup路由器中的一台设备将成为新的Master路由器,接替转发报文的工作
2、vip–虚拟的ip地址,谁成为master,vip就在哪台linux机器上,客户机访问虚拟ip就可以了。
二、利用keepalived实现高可用的配置
准备2台linux服务器 硬件配置尽量一致,本文采用的是centos系统7,nginx1.21。
1.将两台服务器都配置负载均衡功能
(1)将两台linux机器使用脚本一键安装部署linux。(两台linux机器除了ip地址不同,其他都相同)脚本如下:
#!/bin/bash
#解决软件的依赖关系,需要安装的软件包
yum -y install epel-release
yum -y install zlib zlib-devel openssl openssl-devel pcre pcre-devel gcc gcc-c++ autoconf automake make psmisc net-tools lsof vim geoip geoip-devel
#新建luogan用户和组
id yejing || useradd yejing -s /sbin/nologin
#下载nginx软件
mkdir /yejing99 -p
cd /yejing99
wget http://nginx.org/download/nginx-1.21.1.tar.gz
#解压软件
tar xf nginx-1.21.1.tar.gz
#进入解压后的文件夹
cd nginx-1.21.1
#编译前的配置
./configure --prefix=/usr/local/scyejing99 --user=yejing --group=yejing --with-http_ssl_module --with-threads --with-http_v2_module --with-http_stub_status_module --with-stream --with-http_geoip_module
#如果上面的编译前的配置失败,直接退出脚本
if (( $? != 0));then
exit
fi
#编译
make -j 2
#编译安装
make install
#修改PATH变量
echo "PATH=/usr/local/scyejing99/sbin:$PATH" >>/root/.bashrc
#执行修改了环境变量的脚本
source /root/.bashrc
#firewalld and selinux
#stop firewall和设置下次开机不启动firewalld
service firewalld stop
systemctl disable firewalld
#临时停止selinux和永久停止selinux
setenforce 0
sed -i '/^SELINUX=/ s/enforcing/disabled/' /etc/selinux/config
#开机启动
chmod +x /etc/rc.d/rc.local
echo "/usr/local/scyejing99/sbin/nginx" >>/etc/rc.local
#修改nginx.conf的配置,例如:端口号,worker进程数,线程数,服务域名
sed -i '/worker_processes/ s/1/2/' /usr/local/scyejing99/conf/nginx.conf
sed -i '/worker_connections/ s/1024/2048/' /usr/local/scyejing99/conf/nginx.conf
sed -i -r '36c \\\\tlisten 80;' /usr/local/scyejing99/conf/nginx.conf
sed -i -r '37c \\\\tserver_name www.yejing.com;' /usr/local/scyejing99/conf/nginx.conf
#killall nginx进程
#killall -9 nginx
#启动nginx
#/usr/local/scyejing99/sbin/nginx
(2)配置ip地址,网络连接方式选择桥接或者hostonly,我选择的是hostonly连接方式。ifcfg-ens33配置文件如下:
[root@bnginx2 keepalived]# cd /etc/sysconfig/network-scripts/
[root@bnginx2 network-scripts]# vim ifcfg-ens33
DEFROUTE=yes
BOOTPROTO=static
NAME=ens33
IPADDR=192.168.5.15 #第二台linux机器只要这里的ip地址不同就可以
DNS1=192.168.5.1
GATEWAY=192.168.5.1
DEVICE=ens33
ONBOOT=yes
NETMASK=255.255.255.0
(3)配置负载均衡功能,另外负载均衡需要三台安装nginx的机器,使用上面的脚本一键安装部署就可以,配置好ip地址。nginx.conf文件的配置如下:
[root@bnginx keepalived]# cd /usr/local/scyejing99/conf/
#user nobody;
worker_processes 2;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream scbackend{ #负载均衡功能,添加这一段代码
#ip_hash;
server 192.168.5.6; #另外三台linux机器的ip地址,当访问负载均衡器的时候其实是访问到这几台机器上
server 192.168.5.7;
server 192.168.5.8;
}
server {
listen 80;
server_name www.yejing.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
# root html;
# index index.html index.htm;
# 访问根目录的时候转到负载均衡器上
proxy_pass http://scbackend;
proxy_set_header X-Real-IP $remote_addr;
}
#
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the php scripts to Apache listening on 127.0.0.1:80
#
#location ~ \\.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \\.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
(4)关闭两台机器的防火墙和selinux
#关闭防火墙:
[root@nginx-filebeat-01 ~]# systemctl stop firewalld
#设置开机禁止启动
[root@nginx-filebeat-01 ~]# systemctl disable firewalld
#关闭selinux
#编辑/etc/selinux/config文件,修改
SELINUX=disabled
#selinux配置文件修改之后生效需要重启服务器:
[root@nginx-filebeat-01 ~]# reboot
#重启之后验证是否生效
[root@nginx-filebeat-01 ~]# getenforce
Disabled
[root@nginx-filebeat-01 ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled;
Active: inactive (dead)
Docs: man:firewalld(1)
2.安装配置keepalived软件
(1)在两台负载均衡器上都要安装keepalived
[root@bnginx sc]# yum install keepalived -y
(2)配置keepalived.conf文件,添加vip和相关信息
[root@bnginx sc]# cd /etc/keepalived/
[root@bnginx keepalived]# vim keepalived.conf
#master 的具体配置
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict 这一行一定要注释!!!
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 { #启动一个vrrp的实例 vI_1 实例名,可以自定义,如果需要双vip的话增加一个实例即可
state MASTER #角色是master
interface ens33 # 在哪个接口上监听vrrp协议,同时绑定vip到哪个接口
virtual_router_id 51 # 虚拟路由id(帮派) 1~255范围
priority 110 #优先级,谁高谁是master,所有master的优先级要设置高一点
advert_int 1 #宣告消息 时间间隔 1秒 也就是每隔一秒告诉backup自己运行正常,当backup没收到这消息,就自动成为master
authentication { #认证
auth_type PASS #认证的类型是密码认证
auth_pass 1111 #具体的密码,可以自己修改
}
virtual_ipaddress { #vip的配置,vip可以是多个ip
192.168.5.30
}
}
#另一台负载均衡器,backup的具体配置
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP #这里要改成backup
interface ens33
virtual_router_id 51 #id一定要和对应的master一致
priority 100 #优先级要比master小
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.5.30 #虚拟ip也要和对应的master一致
}
}
3.两台负载均衡器启动keepalived
[root@bnginx2 keepalived]# service keepalived start
Redirecting to /bin/systemctl start keepalived.service
#看进程,看keepalived是否启动成功,keepalived不监听具体的那个端口号,因为vrrp是组播通信
[root@bnginx conf]# ps aux|grep keepalived
root 7392 0.0 0.1 123000 1404 ? Ss 16:09 0:00 /usr/sbin/keepalived -D
root 7393 0.0 0.3 133960 3328 ? S 16:09 0:00 /usr/sbin/keepalived -D
root 7394 0.0 0.2 133832 2660 ? S 16:09 0:02 /usr/sbin/keepalived -D
root 7460 0.0 0.0 112824 988 pts/0 R+ 19:00 0:00 grep --color=auto keepalived
#启动成功
4.查看ip地址,看高可用是否搭建成功
#查看ip地址,在第一台负载均衡器上,第二台没有,因为第一台是master,出现问题才会用第二台
[root@bnginx conf]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:27:f3:3a brd ff:ff:ff:ff:ff:ff
inet 192.168.5.2/24 brd 192.168.5.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.5.30/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe27:f33a/64 scope link
valid_lft forever preferred_lft forever
总结
vip是可以漂移的,当matser挂掉,vip会自动到backup上去。至此,nginx利用keepalived实现了高可用,如果有对搭建双vip感兴趣的可以留言交流。
以上是关于nginx利用keepalived实现高可用的配置的主要内容,如果未能解决你的问题,请参考以下文章