Nginx+Keepalived实现nginx高可用详细步骤.docx

Nginx+Keepalived实现nginx高可用详细步骤 一.方案规划 VIP IP 主机名 Nginx 端 口 默认主从 Nginxl 88 BACKUP俳抢占模式） Nginx2 88 BACKUP（非抢占模式） 二 .操作系统与安装软件如下： Redhat Linux 7.9 x64 .安装Nginx(两个节点都是同样操作) 1 .安装依赖环境[root@ZZZZ-EBS-SLB02 yum -y install wget gcc-c++ ncurses ncurses-devel cmake make perl bison openssl openssl-devel gcc* Iibxml2 Iibxml2-devel curl-devel libjpeg* libpng* freetype* autoconf automake zlib* fiex* libxml* libmcrypt* libtool-ltdl-devel* libaio libaio-devel bzr libtool 2 .安装 openssl[root@ZZZZ-EBS-SLB02 local)# cd /usr/local/src [root@ZZZZ-EBS-SLB02 src]# wget [root@ZZZZ-EBS-SLB02 src]# Is [root@ZZZZ-EBS-SLB02 openssl-1.0.2s]# make[root@ZZZZ-EBS-SLB02 openssl-1.0.2s]# make install 3 .安装pcre[root@ZZZZ-EBS-SLB02 local]# cd /usr/local/src [root@ZZZZ-EBS-SLB02 src]# wget s:〃 [root@ZZZZ-EBS-SLB02 src]# Is [root@ZZZZ-EBS-SLB02 src]# cd pcre-8.43[root@ZZZZ-EBS-SLB02 pcre-8.43]# ./configure -prefix=/usr/local/pcre-8.43 [root@ZZZZ-EBS-SLB02 pcre-8.43]# make[root@ZZZZ-EBS-SLB02 pcre-8.43]# make install 4 .安装zlibglobal_defs { router_id zzzz-nginx-slb02 vrrp_version 3) vrrp_script chk_nginx { script "/etc/keepalived/nginx_check.sh" interval 2 weight -20) vrrpjnstance Vl_l { state BACKUP interface ensl92 virtual_router_id 51 priority 90 nopreempt advertjnt 0.5 authentication {auth_type PASS auth_pass 1111 ) track_script {chk_nginx ) virtualjpaddress { )) 5 .编写Nginx状态检测脚本编写 Nginx 状态检测脚本 /etc/keepalived/nginx_check.sh (已在 keepalived.conf 中配置)脚 本。 脚本功能要求：如果nginx停止运行，尝试启动，如果无法启动那么杀死本机的keepalived进 程，keepalied将虚拟ip绑定到BACKUP机器上。内容如下。 [root@zzzz-nginx-slb02 keepalived]# cd /etc/keepalived/[root@zzzz-nginx-slb02 keepalived]# cat nginx_check.sh #!/bin/bashA='ps -C nginx o-header |wc -I' if [ $A -eq 0 ];then sleep 2if [ 'ps -C nginx -no-header |wc -I' -eq 0 ];then killall keepalived fi fi[root@zzzz-nginx-slb02 keepalived]# chmod +x /etc/keepalived/nginx_check.sh [root@zzzz-nginx-slb02 keepalived]# service keepalived start Redirecting to /bin/systemctl start keepalived.service [root@zzzz-nginx-slb02 keepalived]# 6 .开放端口[root@zzzz-nginx-slb02 firewall-cmd -permanent -add-port=8088/tcp [root@zzzz-nginx-slb02 firewall-cmd -permanent -add-port=6681/tcp 测试VIP漂移[root@zzzz-nginx-slb01 /]# ip a 1: Io: <LOOPBACK/UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 validjft forever preferred_lft forever inet6 ::1/128 scope host validjft forever preferred_lft foreverensl92: <BROADCAS7；MULTICAST,UBLOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:50:56:be:ea:2c brd inet scope global ensl92 validjft forever preferred_lft forever inet6 fe80::8fa6:26b9:cl8c:fd60/64 scope link noprefixroute valid_lft forever preferred_lft forever关闭zzzz-nginx-sIbOl后登陆zzzz-nginx-slb02使用ip a命令查看发现这个虚拟IP 已经飘逸到了 zzzz-nginx-slb02 ± [root@ZZZZ-EBS-SLB02 pcre-8.43]# wget (root@ZZZZ-EBS-SLB02 zlib-1.2.11]# make [root@ZZZZ-EBS-SLB02 zlib-1.2.11]# make install.下载 nginx-rtmp-module [root@ZZZZ-EBS-SLB02 zlib-1.2.11]# cd /usr/local/src/[root@ZZZZ-EBS-SLB02 zlib-1.2.11]# git clone s://github /arut/nginx-rtmp-module.git 5 .安装 Nginx[root@ZZZZ-EBS-SLB02 zlib-1.2.11]# cd /usr/local/src/ [root@ZZZZ-EBS-SLB02 src]# wget --with-openssl=/usr/local/src/openssl-1.0.2s --with-pcre=/usr/local/src/pcre-8.43 --with-zlib=/usr/local/src/zlib-1.2.11 -add-module=/usr/local/src/nginx-rtmp-module -with- _ssl_module [root@ZZZZ-EBS-SLB02 nginx-1.19.1]# make[root@ZZZZ-EBS-SLB02 nginx-1.19.1]# make install 6 .创立启动Nginx服务器的账号[root@ZZZZ-EBS-SLB02 nginx-1.19.1]# /usr/sbin/groupadd -f www [root@ZZZZ-EBS-SLB02 nginx-1.19.1]# /usr/sbin/useradd -g www 配置 Nginx [root@ZZZZ-EBS-SLB02 nginx-1.19.1]# vi /usr/local/nginx-1.19.1/conf/nginx.conf user www www;配置8个并行进程处理，根据实际服务器CPU个数和性能配置 worker_processes 8; worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;#error_log logs/error.log; tterrorjog logs/error.log notice;tterrorjog logs/error.log info; pid logs/nginx.pid; events{ accept_mutex on; multi_accept on; use epoll; worker_connections 65536;) ( include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request"'$status $body_bytes_sent "$ _referer"' '"$ _user_agent" "$ _x_forwarded_for"''"Supstream-cache-status"' ,"$upstream_addr'" ",$upstream_status"' '$request_time $upstream_response_time'; #access_log logs/access.log main; sendfile tcp_nopush on; tcp_nodelay on;client_header_timeout 60; # send_timeout 60; fastcgi_intercept_errors on; proxy_intercept_errors on; server_tokens off; # keepalive_timeout 300; keepalive_timeout 65; proxy_headers_hash_max_size 51200; p roxy_hea d e rs_hash_bucket_size 6400; server_names_hash_max_size 512; server_names_hash_bucket_size 128;client_max_body_size 200m; # client_header_buffer_size 32k;large_client_header_buffers 4 128k; # proxy_connect_timeout 1800;proxy_send_timeout 1800; # proxy_read_timeout 1800;proxy_buffer_size 16k; # proxy_buffers 4 64k;proxy_busy_buffers_size 128k; # P roxy_te m p_f i I e_write_si ze 128k;client_max_body_size 2048m; client_body_buffer_size 256k;proxy_connect_timeout 1; # proxy_send_timeout 30;# proxy_read_timeout 60; proxy_connect_timeout15s;proxy_read_timeout600s; proxy_send_timeout600s;proxy_buffer_size 256k; proxy_buffers 4 256k;proxy_busy_buffers_size 256k; proxy_tem p_fi Ie_write_size 256k;proxy_next_upstream error timeout invalid_header _500 _503 _404; proxy_max_temp_file_size 128m; gzip on; gzip_min_length lk; gzip_buffers 4 16k; gzip_ _version 1.1; gzip_comp_level 2; # gzip_types text/plain application/x-javascript text/css application/xml; gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x- d-php image/jpeg image/gif image/png; # gzip_vary on; gzip_vary off; gzip_disable "MSIE [l-6]\."; server{listen 88; #server_name为你实际的服务器名server_name zzzz-nginx-slb02; #charset koi8-r;#access_log logs/host.access.log main; location / {root html; index index.html index.htm;) #error_page 404 /4O4.html;# redirect server error pages to the static page /50x.html error_page 500 502 503 504 /50x.html; location = /50x.html { root html;) upstream erp_8088 {#erp系统我们指定负载均衡模式为IP hash模式，默认为随机 ip_hash; 和为ERP系统的两台应用服务器，服务端口为8088server 192.168.0.5:8088 weight=l max_fails=2 fail_timeout=2s; server 192.168.0.6:8088 weight=l max_fails=2 fail_timeout=2s;) Upstream mes_6681 {#mes系统负载均衡模式为默认为随机 和为MES系统的两台应用服务器,服务端口为6681server 192.168.0.7:6681 weight=l max_fails=2 fail_timeout=2s; server 192.168.0.8:6681 weight=l max_fails=2 fail_timeout=2s;) #具体的配置信息我们存放在./conf.d这个目录中 Include conf.d/*.conf;} 9.针对每个upstream在目录conf.d中创立对应的配置文件 #如果conf目录下没有conf.d子目录，那么创立它 [root@zzzz-nginx-slb02 conf]# mkdir conf.d [root@zzzz-nginx-slb02 conf]# cd conf.d #创立配置文件，这个配置文件名没有具体限制，只需要扩展名为conf即可 server {listen 8088; #就是 nginx.conf 中 upstream erp_8088 段中指定的服务端口 server_name erp_8088 ; #一,般与文件名相同(去掉.conf) indexindex.html index.htm;access_log logs/erp_8088 _access.log; error_log logs/erp_8088 _error.log;location / { proxy_pass ://erp_8088/;proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_ignore_client_abort on; proxy_connect_timeout 2;proxy_send_timeout 2; proxy_read_timeout 2; } location /favicon.ico{ return 200; accessjog off;) )#保存退出 server{ listen 6681; server_name mes_6681 ; indexindex.html index.htm; accessjog logs/mes_6681 _access.log main; errorjog logs/mes_6681 _error.log error;location / { proxy_pass ://mes_6681/;proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $ p roxy_a d d_x_f o r wa rd e d_f o r; proxy_ignore_client_abort on; )location /favicon.ico{ return 200;accessjog off; )) #保存退出.修改Nginx欢迎首页内容(用于后面测试，用于区分两个节点的Nginx) 在文件title节点中修改为如卜代码。 <title>Welcome to nginx! 2</title>备注:在zzzz-nginx-sIbOl上同样执行第10步，只是在文件title节点中修改为如卜代码: <title>Welcome to nginx! l</title>.开放Nginx服务端口 88 [root@zzzz-nginx-slb02 sysconfig]# firewall-cmd -permanent -add-port=88/tcp[root@zzzz-nginx-slb02 sysconfig]# systemctl restart firewalld 10 .测试 Nginx 11 .启动 Nginx 12 .设置Nginx开机自启动[root@localhost conf.d]# vi /etc/rc.d/init.d/nginx # ! /bin/bashchkconfig: 35 85 15 # description: Nginx is an (S) server, (S) reverse set -e PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DESC="nginx daemon" NAME=nginx DAEMON=/usr/local/nginx/sbin/$NAME SCRIPTNAME=/etc/init.d/$NAME test -x $DAEMON 11 exit 0 d_start(){$DAEMON 11 echo -n " already running" ) d_stop() {SDAEMON -s quit 11 echo -n " not running" ) d_reload() {$DAEMON -s reload 11 echo -n " counld not reload" ) case "$1" in start)echo -n "Starting $DESC:$NAME" d_startecho stop)echo -n "Stopping $DESC:$NAME" d_stopecho reload)echo -n "Reloading $DESC configuration..." d_reload echo "reloaded." // restart)echo -n "Restarting $DESC: $NAME" d_stopsleep 2 d_start echo *)echo "Usage: $SCRIPTNAME {start | stop | restart | reload}" >&2 exit 3 esac exit 0[root@zzzz-nginx-slb02 conf]# chmod +x /etc/rc.d/init.d/nginx [root@localhost conf.d]# chkconfig -add nginx[root@localhost conf.d]# chkconfig -level 35 nginx on 四.安装Keepalived (在两个节点上执行同样操作).下载 Keepalived 官方卜载链接为： :〃.解压安装Keepalived [root@zzzz-nginx-slb02 src]# cd /usr/local/src [root@zzzz-nginx-slb02 keepalived-2.2.2]# ./configure -prefix=/usr/local/keepalived [root@zzzz-nginx-slb02 keepalived-2.2.2]# make[root@zzzz-nginx-slb02 keepalived-2.2.2]# make install 1 .将keepalived安装成Linux系统服务[root@zzzz-nginx-slb02 /]# mkdir /etc/keepalived [root@zzzz-nginx-slb02 /]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/[root@zzzz-nginx-slb02 /]# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ [root@zzzz-nginx-slb02 /]# cp /usr/local/keepalived/sbin/keepalived /usr/sbin/ [root@zzzz-nginx-slb02 /]# chkconfig keepalived onNote: Forwarding request to 'systemctl enable keepalived.service,. /usr/lib/systemd/system/keepalived.service. [root@zzzz-nginx-slb02 /]# 2 .修改Keepalived配置文件BACKUP1节点配置文件 [root@zzzz-nginx-slb01 keepalived]# cd /etc/keepalived/ [root@zzzz-nginx-slb01 keepalived]# vi keepalived.conf ! Configuration File for keepalivedglobal_defs { router_id zzzz-nginx-sIbOl vrrp_version 3) vrrp_script chk_nginx {script "/etc/keepalived/nginx_check.sh" interval 2 weight -20) vrrpjnstance Vl_l { state BACKUP interface ensl92 virtual_router_id 51 mcast_src_ip 192.168.0.2 priority 100 nopreempt advert_int 0.5 authentication { auth_type PASS auth_pass 1111 ) track_script {chk_nginx ) )) BACKUP2节点配置文件[root@zzzz-nginx-slb02 keepalived]# cd /etc/keepalived/ [root@zzzz-nginx-slb02 keepalived]# vi keepalived.conf ! Configuration File for keepalived