环境:
almalinux9.5
192.168.19.10
192.168.19.11
开始部署:
关闭防火墙及 SE Linux
systemctl stop firewalld
systemctl disable firewalld
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
setenforce 0更换阿里云 yum 源
sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^# baseurl=https://repo.almalinux.org|baseurl=https://mirrors.aliyun.com|g' \
-i.bak \
/etc/yum.repos.d/almalinux*.repo
dnf makecache 下载 nginx 及 keepalived 源码包
yum install -y gcc openssl-devel libnl libnl-devel libnfnetlink-devel net-tools vim #安装编译工具
wget https://nginx.org/download/nginx-1.26.3.tar.gz
wget https://keepalived.org/software/keepalived-2.3.3.tar.gz解压并编译安装
tar -zxvf nginx-1.26.3.tar.gz
tar -zxvf keepalived-2.3.3.tar.gz
mkdir /usr/local/nginx
mkdir /usr/local/keepalived
cd nginx-1.26.3
./configure --prefix=/usr/local/nginx && make && make install
cd keepalived-2.3.3
./configure --prefix=/usr/local/keepalived && make && make install创建守护进程
#Nginx
vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
[Install]
WantedBy=multi-user.target
#Keepalived会自动创建守护进程
[root@nginx1 keepalived]# cat /usr/lib/systemd/system/keepalived.service
[Unit]
Description=LVS and VRRP High Availability Monitor
After=network-online.target syslog.target
Wants=network-online.target
Documentation=man:keepalived(8)
Documentation=man:keepalived.conf(5)
Documentation=man:genhash(1)
Documentation=https://keepalived.org
[Service]
Type=forking
PIDFile=/run/keepalived.pid
KillMode=process
EnvironmentFile=-/usr/local/keepalived/etc/sysconfig/keepalived
ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
#启动nginx
systemctl daemon-reload
systemctl start nginx
systemctl enable nginx
修改 keepalived 配置文件相关内容,否则无法启动
#创建配置文件目录
mkdir /etc/keepalived
#将默认的模板文件copy过来
cp /usr/local/keepalived/etc/keepalived/keepalived.conf.sample /etc/keepalived/
#对默认文件进行修改,当然也可以自己new一个
#此处是做主备时的配置
[root@nginx1 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id nginx1 #填写主机名
}
vrrp_script check_nginx { #script模块,用来执行自定义的脚本
script "/etc/keepalived/check_nginx.sh" #注意脚本路径
interval 2
weight -5
fall 3
rise 2
}
vrrp_instance VI_1 {
state MASTER #备机需改为BACKUP
interface ens160 #填写实际的网卡名称
virtual_router_id 51 #VRRP组ID,同一组内需要ID一样 范围1-255
priority 100 #优先级,备机优先级低于主机
advert_int 1
authentication { #密码复杂度相关
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { #V_IP
192.168.19.13
}
track_script { #调用前面定义的脚本
check_nginx
}
# Allow packets addressed to the VIPs above to be received
accept
}
#备机上注意:1. router_id 不同, 2. state BACKUP不同 ,3. priority不同。 4.virtual_router_id 必相同。Check_nginx 脚本
vim /etc/keepalived/check_nginx.sh
#!/bin/bash
counter=$(ps -C nginx --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
systemctl restart nginx
sleep 2
counter=$(ps -C nginx --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
systemctl stop keepalived
fi
fi启动 keepalived
systemctl start keepalived
systemctl enable keepalived
#查看ip
[root@nginx1 keepalived]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:a3:29:b7 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.19.10/24 brd 192.168.19.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.19.13/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fea3:29b7/64 scope link
valid_lft forever preferred_lft forever修改 nginx 监听 server_name 地址为 v_ip 的 19.13
[root@nginx1 keepalived]# cat /usr/local/nginx/conf/nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name 192.168.19.13;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# 转发 8880 端口的请求
server {
listen 8880;
server_name 192.168.19.13; # 可以设置为你的域名或保留为默认
location / {
proxy_pass http://192.168.19.200:8880;
proxy_set_header Host $http_host; # 传递真实主机名
proxy_set_header X-Real-IP $remote_addr; # 传递真实客户端 IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; # 传递协议(http/https)
proxy_set_header X-Forwarded-Port $server_port;
}
}
# 转发 9980 端口的请求
server {
listen 9980;
server_name 192.168.19.13; # 可以设置为你的域名或保留为默认
location / {
proxy_pass http://192.168.19.200:9980;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
测试访问
#192.168.200 的 8880 与 9980 端口是容器运行的 gitlab 与 Jenkins 服务
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
