nginx+keepalived高可用

nginx服务搭建

• 环境

1. centos 7
2. nginx-1.13.10

• 安装依赖

1. 安装 nginx 需要先将官网下载的源码进行编译，编译依赖 gcc 环境，如果没有 gcc 环境，则需要安装：yum install gcc-c++
2. PCRE(Perl Compatible Regular Expressions) 是一个Perl库，包括 perl 兼容的正则表达式库。nginx 的 http 模块使用 pcre 来解析正则表达式，所以需要在 linux 上安装 pcre 库，pcre-devel 是使用 pcre 开发的一个二次开发库。nginx也需要此库。命令：

yum install -y pcre pcre-devel

1. zlib 库提供了很多种压缩和解压缩的方式， nginx 使用 zlib 对 http 包的内容进行 gzip ，所以需要在 Centos 上安装 zlib 库，命令：yum install -y zlib zlib-devel
2. OpenSSL 是一个强大的安全套接字层密码库，囊括主要的密码算法、常用的密钥和证书封装管理功能及 SSL 协议，并提供丰富的应用程序供测试或其它目的使用。

nginx 不仅支持 http 协议，还支持 https（即在ssl协议上传输http），所以需要在 Centos 安 装 OpenSSL 库。命令：yum install -y openssl openssl-devel

• 官网下载nginx

nginx官网：https://nginx.org/en/download.html

也可以执行：wget https://nginx.org/download/nginx-1.10.3.tar.gz进行下载

• 解压nginx源码包

tar -zxvf nginx-1.10.3.tar.gz

cd nginx-1.13.10

• 编译nginx源码

./configure --prefix=/home/yht/nginx/ (目录根据实际情况而定)

make

make install

• 进入/home/yht/nginx/conf 修改配置文件

1. 配置文件示例

#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; upstream wwjkhgdv2245.com { server 192.168.200.83:18757 weight=10; server 192.168.200.84:8757 weight=10; } server { listen 18080; server_name wwjkhgdv2245.com; #charset koi8-r; #access_log logs/host.access.log main; location / { proxy_pass http://wwjkhgdv2245.com; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }

• nginx服务启动

1. 进入nginx文件夹
2. 启动前最好先检查配置文件

sbin/nginx -t

1. 启动nginx

sbin/nginx

1. 停止nginx

sbin/nginx -s stop

• nginx编译时的一些配置

1. nginx.pid

pid文件就是一个纯文本文件，里面记录的是进程的pid号,nginx使用了pid文件来记录master process的pid号，如果编译时没有指定，那它的路径就是: prefix/

logs/nginx.pid,其中prefix就是nginx的安装路径

1.  

keepalived服务搭建

注：只在root用户下安装成功

1. 安装依赖，编译安装keepalived包

yum install -y popt-devel  

cd /usr/local/src  

tar zxvf keepalived-1.2.2.tar.gz  

cd keepalived-1.2.2  

./configure --prefix=/  

make  

make install  

1. 修改配置文件

• cd /etc/keepalived
• cp keepalived.conf keepalived.conf.bak
• vim keepalived.conf
• 配置事例

! Configuration File for keepalived global_defs { notification_email { admin@test.com } notification_email_from admin@test.com smtp_server xxx.smtp.com smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_script Monitor_Nginx { script "/root/monitor_nginx.sh" interval 2 weight 2 } vrrp_instance VI_1 { state MASTER #(主机为MASTER，备用机为BACKUP) interface enp4s0 #(HA监测网络接口) virtual_router_id 61 #(主、备机的virtual_router_id必须相同) #mcast_src_ip 192.168.0.99 #(多播的源IP，设置为本机外网IP，与VIP同一网卡)此项可不设置 priority 90 #(主、备机取不同的优先级，主机值较大，备份机值较小,值越大优先级越高) advert_int 1 #(VRRP Multicast广播周期秒数) authentication { auth_type PASS #(VRRP认证方式) auth_pass 1234 #(密码) } track_script { /etc/keepalived/monitor_nginx.sh #(调用nginx进程检测脚本) } virtual_ipaddress { 10.100.1.245 #(VRRP HA虚拟地址) } }

1. 创建nginx检测脚本

• cd cd /etc/keepalived
• vim monitor_nginx.sh
• 脚本内容

#!/bin/bash if [ "$(ps -ef | grep "nginx: master process"| grep -v grep )" == "" ] then killall keepalived fi

• 保存文件退出
• 将文件设置为可执行程序 chmod +x monitor_nginx.sh

1. 启动、停止、重启keepalived

• service keepalived start
• service keepalived stop
• service keepalived restart

1. 判断keepalived是否启动成功

• 查看是否有keepalived进程

1. 执行ps aux | grep keepalived

• 查看虚拟ip是否存在（只能在主节点上查看，当主节点宕掉，负节点才会创建，可以作为测试）

1. 执行ip add show HA监测网络接口（这里设置的是enp4s0）
2. 查看是否存在设置的虚拟ip(这里设置的是10.100.1.245)