准备环境:
nginx-1:172.25.70.1(master),主机名为:hostname1
nginx-2:172.25.70.2(backup),主机名为:hostname2
2、安装配置
(1)master和backup均安装nginx
1、检查nginx是否安装 :rpm -qa|grep nginx,
2、若未安装,上传rpm安装包并执行安装命令:rpm -ivh nginx-1.16.1-1.el7.ngx.x86_64.rpm
3、启动、查看、停止:service nginx start/status/stop
4、#设置开机自启:chkconfig nginx on
二、配置文件内容:
1、nginx.conf配置内容:
2、应用conf配置信息:
upstream login {
server 内网ip:9101 weight=2 max_fails=2 fail_timeout=30s;
}
server {
listen 8906 ssl;
server_name localhost;
ssl_protocols TLSv1.2;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
client_max_body_size 100M;
# 隐藏nginx版本号
server_tokens off;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES;
ssl_prefer_server_ciphers on;
location ^~ /login{
proxy_pass http://login;
# proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header backendIP $upstream_addr;
add_header backendCode $upstream_status;
}
}
应用2配置:
upstream test {
server 内网ip:9102 weight=2 max_fails=2 fail_timeout=30s;
server 内网ip:9102 weight=2 max_fails=2 fail_timeout=30s;
ip_hash;
}
server {
listen 8908 ssl;
server_name localhost;
ssl_protocols TLSv1.2;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
client_max_body_size 100M;
# 隐藏nginx版本号
server_tokens off;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES;
ssl_prefer_server_ciphers on;
location / test {
# proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header backendIP $upstream_addr;
add_header backendCode $upstream_status;
proxy_pass http://test;
}
}
(2)master和backup均安装keepalived
##安装依赖包
[root@keep1 ~]# yum -y install libnl libnl-devel libnfnetlink
此时还需要一个包libnfnetlink-devel,但因为redhat6.5自身的镜像源中没有,所以给大家提供一个地址,下载了之后直接用rpm -ivh安装即可
[root@localhost ~]# wget ftp://mirror.switch.ch/mirror/centos/6/os/x86_64/Packages/libnfnetlink-devel-1.0.0-1.el6.x86_64.rpm
[root@keep1 keepalived-1.4.3]# rpm -ivh libnfnetlink-devel-1.0.0-1.el6.x86_64.rpm
##编译安装
[root@keep1 ~]# tar zxf keepalived-1.3.6.tar.gz
[root@keep1 ~]# cd keepalived-1.3.6
[root@keep1 keepalived-1.3.6]# ./configure --prefix=/usr/local/keepalived --with-init=SYSV
[root@keep1 keepalived-1.3.6]# make && make install
##做启动链接等
[root@keep1 keepalived-1.3.6]# ln -s /usr/local/keepalived/etc/keepalived /etc/
[root@keep1 keepalived-1.3.6]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@keep1 keepalived-1.3.6]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@keep1 keepalived-1.3.6]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/
[root@keep1 keepalived-1.3.6]# chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived
查看keepalived版本
[root@keepalived /etc/keepalived]# keepalived -v
Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
更改keepalived配置
$ cd /etc/keepalived
$ vim keepalived.conf
主要修改分配的虚拟ip地址等配置。
启动keepalived
$ systemctl start keepalived.service 或者 $ service keepalived start
其他相关命令
1)重启:
$ systemctl restart keepalived.service
2)停止:
$ systemctl stop keepalived.service
3)状态:
$ systemctl status keepalived.service
4)设置开机启动:
$ chkconfig keepalived on
查看keepalived状态
$ systemctl status keepalived.service
查看keepalived进程
$ ps -ef | grep keepalived
一、keepalived配置:
主keepalived配置:
主: keepalived.conf
global_defs {
router_id hostname1 # 标识本节点的字符串,设置为hostname即可
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_nginx_pid.sh" ## 检测 nginx 状态的脚本路径
interval 2 ## 检测时间间隔
weight 2 ## 如果条件成立,权重-20
}
vrrp_instance VI_1 {
state MASTER # 标识主节点服务(只有MASTER和BACKUP两种,大写)
interface eth0 # VIP板顶的网卡接口
virtual_router_id 52 # 虚拟路由id,和备节点保持一致
priority 100 # 优先级,高于备节点的即可。
advert_int 2 # MASTER和BACKUP节点之间的同步检查时间间隔,单位为秒
authentication { # 验证类型
auth_type PASS # PAAS(默认),HA
auth_pass audaque # MASTER和BACKUP使用相同明文才可以互通
}
## 将 track_script 块加入 instance 配置块
track_script {
chk_nginx ## 执行 Nginx 监控的服务
}
virtual_ipaddress { # 虚拟IP地址池,可以多个IP
1XXXxxxxxxx1 # 虚拟IP1(VIP)
}
}
备: keepalived.conf
global_defs {
router_id hostname2 # 标识本节点的字符串,设置为hostname即可
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_nginx_pid.sh" ## 检测 nginx 状态的脚本路径
interval 2 ## 检测时间间隔
weight 2 ## 如果条件成立,权重-20
}
vrrp_instance VI_1 {
state BACKUP # 标识主节点服务(只有MASTER和BACKUP两种,大写)
interface eth0 # VIP板顶的网卡接口
virtual_router_id 52 # 虚拟路由id,和备节点保持一致
priority 90 # 优先级,高于备节点的即可。
advert_int 2 # MASTER和BACKUP节点之间的同步检查时间间隔,单位为秒
authentication { # 验证类型
auth_type PASS # PAAS(默认),HA
auth_pass audaque # MASTER和BACKUP使用相同明文才可以互通
}
## 将 track_script 块加入 instance 配置块
track_script {
chk_nginx ## 执行 Nginx 监控的服务
}
virtual_ipaddress { # 虚拟IP地址池,可以多个IP
xxxxxxxxxxxxxx # 虚拟IP1(VIP)
}
}
检测nginx脚本
check_nginx_pid.sh
#!/bin/bash
[ ! -e /var/log/local_keepalived.log ] && touch /var/log/local_keepalived.log
echo "$(date +%Y-%m-%d %H:%M:%S) check nginx" >> /var/log/local_keepalived.log
has_nginx=$(ps -C nginx --no-header |wc -l)
echo "$(date +%Y-%m-%d %H:%M:%S) has_nginx=${has_nginx}" >> /var/log/local_keepalived.log
if [ ${has_nginx} -eq 0 ];then
echo "$(date +%Y-%m-%d %H:%M:%S) systemctl start nginx" >> /var/log/local_keepalived.log
systemctl start nginx #如果检测到nginx挂掉了就重启nginx
result=$?
echo "$(date +%Y-%m-%d %H:%M:%S) start nginx result:${result}" >> /var/log/local_keepalived.log
if [ ${result} -ne 0 ];then #如Nginx还不存活则停止Keepalived,让地址进行漂移,然后停止keepalived服务
echo "$(date +%Y-%m-%d %H:%M:%S) systemctl stop keepalived" >> /var/log/local_keepalived.log
systemctl stop keepalived
fi
else
echo "$(date +%Y-%m-%d %H:%M:%S) nginx is running" >> /var/log/local_keepalived.log
fi
参考https://www.cnblogs.com/guantou1992/p/12724794.html