nginx+keepalive搭建高可用nginx平台

整体架构示意图:nginx+keepalive搭建高可用nginx平台

整体架构示意图

节点01:

R-IP:172.16.106.60

V-IP:172.16.106.10

back:172.16.106.61

节点02:

R-IP:172.16.106.61

V-IP:172.16.106.11

back:172.16.106.60

节点1:

准备工作

设置主机名

hostnamectl set-hostname ngo01

echo “172.16.106.60 ngo01” >> /etc/hosts

echo “172.16.106.61 ngo01” >> /etc/hosts

关闭SELINUX

vi /etc/selinux/config

SELINUX=disabled

临时关闭:

setenforce 0

扩张 / 空间

fdisk /dev/sdb #n w

pvcreate /dev/sdb1

vgextend vg_root /dev/sdb1

lvextend -l +100%FREE /dev/vg_root/root

xfs_growfs /dev/mapper/vg_root-root

安装keepalived

yum -y install libnl libnl-devel

yum install -y libnfnetlink-devel

上传keepalived-2.0.7.tar.gz nginx-1.14.0.tar.gz

tar -zxvf keepalived-2.0.7.tar.gz

mv keepallived-2.0.7 keepalived

mv keepalived /usr/local

cd /usr/local/keepalived

./configure –prefix=/usr/local/keepalived

配置结果:

Keepalived configuration

————————

Keepalived version : 2.0.7

Compiler : gcc

Preprocessor flags :

Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -Winit-self -g -D_GNU_SOURCE -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong –param=ssp-buffer-size=4 -grecord-gcc-switches -O2

Linker flags : -pie

Extra Lib : -lcrypto -lssl -lnl

Use IPVS Framework : Yes

IPVS use libnl : Yes

IPVS syncd attributes : No

IPVS 64 bit stats : No

HTTP_GET regex support : No

fwmark socket support : Yes

Use VRRP Framework : Yes

Use VRRP VMAC : Yes

Use VRRP authentication : Yes

With ip rules/routes : Yes

Use BFD Framework : No

SNMP vrrp support : No

SNMP checker support : No

SNMP RFCv2 support : No

SNMP RFCv3 support : No

DBUS support : No

SHA1 support : No

Use Json output : No

libnl version : 1

Use IPv4 devconf : No

Use libiptc : No

Use libipset : No

init type : systemd

Strict config checks : No

Build genhash : Yes

Build documentation : No

安装

make && make install

节点2:

hostnamectl set-hostname ngo02.jolma.cn

echo “172.16.106.60 ngo01” >> /etc/hosts

echo “172.16.106.61 ngo01” >> /etc/hosts

关闭SELINUX

vi /etc/selinux/config

SELINUX=disabled

临时关闭:

setenforce 0

扩张 / 空间

fdisk /dev/sda #n w

reboot

pvcreate /dev/sda3

vgextend vg_root /dev/sda3

lvextend -l +100%FREE /dev/vg_root/root

xfs_growfs /dev/mapper/vg_root-root

安装keepalived

yum -y install libnl libnl-devel libnfnetlink-devel

yum -y install openssl-devel

上传keepalived-2.0.7.tar.gz nginx-1.14.0.tar.gz

tar -zxvf keepalived-2.0.7.tar.gz

mv keepallived-2.0.7 keepalived

mv keepalived /usr/local

cd /usr/local/keepalived

./configure –prefix=/usr/local/keepalived

配置结果:

kepalived version : 2.0.7

Compiler : gcc

Preprocessor flags :

Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -Winit-self -g -D_GNU_SOURCE -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong –param=ssp-buffer-size=4 -grecord-gcc-switches -O2

Linker flags : -pie

Extra Lib : -lcrypto -lssl -lnl

Use IPVS Framework : Yes

IPVS use libnl : Yes

IPVS syncd attributes : No

IPVS 64 bit stats : No

HTTP_GET regex support : No

fwmark socket support : Yes

Use VRRP Framework : Yes

Use VRRP VMAC : Yes

Use VRRP authentication : Yes

With ip rules/routes : Yes

Use BFD Framework : No

SNMP vrrp support : No

SNMP checker support : No

SNMP RFCv2 support : No

SNMP RFCv3 support : No

DBUS support : No

SHA1 support : No

Use Json output : No

libnl version : 1

Use IPv4 devconf : No

Use libiptc : No

Use libipset : No

init type : systemd

Strict config checks : No

Build genhash : Yes

Build documentation : No

安装

make && make install

节点1配置keepalived

cd /usr/local/keepalived/etc/keepalived

cp keepalived.conf keepalived.conf_$(date +%F)

vi keepalived.conf

! Configuration File for keepalived

global_defs {

notification_email {

xjs@jolma.cn

}

notification_email_from xjs@jolma.cn

smtp_server 127.0.0.1

smtp_connect_timeout 30

router_id LVS_DEVEL

vrrp_skip_check_adv_addr

vrrp_strict

vrrp_garp_interval 0

vrrp_gna_interval 0

}

vrrp_script chk_http_port {

script “/opt/nginx_pid.sh” ####检测nginx状态的脚本路径

interval 2

weight 2

}

vrrp_instance VI_1 {

state MASTER ############ 辅机为 BACKUP

interface ens192 ####HA 虚拟机的网卡名称

virtual_router_id 51 #主、备机的 virtual_router_id 必须相同

priority 100 ########### 权值要比 back 高

advert_int 1 #主备之间的通告间隔秒数

track_interface{

ens192

}

authentication {

auth_type PASS ###默认配置 主备切换时的验证

auth_pass 1111

}

track_script {

chk_http_port ### 执行监控的服务

}

virtual_ipaddress {

172.16.106.10 ####虚拟ip,vip的地址

}

}

vrrp_instance VI_2 {

state BACKUP

interface ens192 #两处都为本机的网络接口

virtual_router_id 54

priority 90 #权重

advert_int 1

track_interface{

ens192

}

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

172.16.106.11

}

}

节点2配置:

cd /usr/local/keepalived/etc/keepalived

cp keepalived.conf keepalived.conf_$(date +%F)

vi keepalievd.conf

! Configuration File for keepalived

global_defs {

notification_email {

xjs@jolma.cn

}

notification_email_from xjs@jolma.cn

smtp_server 127.0.0.1

smtp_connect_timeout 30

router_id LVS_DEVEL

vrrp_skip_check_adv_addr

vrrp_strict

vrrp_garp_interval 0

vrrp_gna_interval 0

}

vrrp_script chk_http_port {

script “/opt/nginx_pid.sh” ####检测nginx状态的脚本路径

interval 2

weight 2

}

vrrp_instance VI_1 {

state BACKUP ############ 辅机为 BACKUP

interface ens192 ####HA 虚拟机的网卡名称

virtual_router_id 51 #主、备机的 virtual_router_id 必须相同

priority 90 ########### 权值要比 back 高

advert_int 1 #主备之间的通告间隔秒数

track_interface{

ens192

}

authentication {

auth_type PASS ###默认配置 主备切换时的验证

auth_pass 1111

}

track_script {

chk_http_port ### 执行监控的服务

}

virtual_ipaddress {

172.16.106.10 ####虚拟ip,vip的地址

}

}

vrrp_instance VI_2 {

state MASTER

interface ens192 #两处都为本机的网络接口

virtual_router_id 54

priority 100 #权重

advert_int 1

track_interface{

ens192

}

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

172.16.106.11

}

}

配置开机启动

cd /etc/sysconfig/

ln -s /usr/local/keepalived/etc/sysconfig/keepalived keepalived

mkdir -p /etc/keepalived

cd /etc/keepalived

ln -s /usr/local/keepalived/etc/keepalived/keepalived.conf keepalived.conf

cd /usr/sbin

ln -s /usr/local/keepalived/sbin/keepalived keepalived

systemctl enable keepalived

安装nginx 1.15.3版本

yum -y install pcre pcre-devel openssl openssl-devel gcc gcc-c++ autoconf automake zlib-devel libxml2 libxml2-dev libxslt-devel gd-devel perl-devel perl-ExtUtils-Embed GeoIP GeoIP-devel GeoIP-data make GeoIP-devel GeoIP-update

groupadd nginx useradd nginx -g nginx -s /sbin/nologin -M

tar -zxvf nginx-1.15.3.tar.gz

mv nginx-1.15.3 nginx

mv nginx /usr/local

mkdir -p /usr/local/nginx

mkdir -p /var/run/nginx

mkdir -p /var/lock

mkdir -p /var/log/nginx

mkdir -p /var/temp/nginx/client

mkdir -p /var/temp/nginx/proxy

mkdir -p /var/temp/nginx/fastcgi

mkdir -p /var/temp/nginx/uwsgi

mkdir -p /var/temp/nginx/scgi

mkdir -p /usr/local/nginx/sbin

chmod 777 /usr/local/nginx

chmod 777 /var/run/nginx

chmod 777 /var/lock

chmod 777 /var/log/nginx

chmod 777 /var/temp/nginx/client

chmod 777 /var/temp/nginx/proxy

chmod 777 /var/temp/nginx/fastcgi

chmod 777 /var/temp/nginx/uwsgi

chmod 777 /var/temp/nginx/scgi

chmod 777 /usr/local/nginx/sbin

./configure

–prefix=/usr/local/nginx

–conf-path=/usr/local/nginx/nginx.conf

–pid-path=/var/run/nginx/nginx.pid

–lock-path=/var/lock/nginx.lock

–error-log-path=/var/log/nginx/error.log

–http-log-path=/var/log/nginx/access.log

–with-http_gzip_static_module

–with-http_ssl_module

–with-http_v2_module

–with-http_stub_status_module

–with-pcre

–http-client-body-temp-path=/var/temp/nginx/client

–http-proxy-temp-path=/var/temp/nginx/proxy

–http-fastcgi-temp-path=/var/temp/nginx/fastcgi

–http-uwsgi-temp-path=/var/temp/nginx/uwsgi

–user=nginx –group=nginx

–http-scgi-temp-path=/var/temp/nginx/scgi

安装ngxin

make && make install

配置开机启动

vi /lib/systemd/system/nginx.service

[Unit]

Description=nginx

After=network.target

[Service]

Type=forking

ExecStart=/usr/local/nginx/sbin/nginx

ExecReload=/usr/local/nginx/sbin/nginx -s reload

ExecStop=/usr/local/nginx/sbin/nginx -s quit

PrivateTmp=true

[Install]

WantedBy=multi-user.target

配置开机启动nginx

systemctl enable nginx

在两个节点启动keeplive和nginx:

systemctl start keepalived

systemctl start nginx

防火墙配置下端口:

firewall-cmd –permanent –add-port=80/tcp

firewall-cmd –direct –permanent –add-rule ipv4 filter INPUT 0 –in-interface ens192 –destination 224.0.0.18 –protocol vrrp -j ACCEPT

firewall-cmd –direct –permanent –add-rule ipv4 filter INPUT 0 –in-interface ens192 –destination 224.0.0.18 –protocol vrrp -j ACCEPT firewall-cmd –direct –permanent –add-rule ipv4 filter OUTPUT 0 –out-interface ens192 –destination 224.0.0.18 –protocol vrrp -j ACCEPT firewall-cmd –reload

nginx常用的优化内容:

cp nginx.conf nginx.conf_$(date +%F)

vi nginx.conf

sendfile on;

tcp_nopush on;

tcp_nodelay on;

keepalive_timeout 65;

types_hash_max_size 2048;

#关闭版本显示

server_tokens off;

#gzip 压缩传输

gzip on;

gzip_min_length 1k;

gzip_buffers 4 16k;

gzip_http_version 1.0;

gzip_comp_level 2;

gzip_types text/plain application/x-javascripttext/css application/xml;

gzip_vary on;

#配置代理参数

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_connect_timeout 90;

proxy_read_timeout 90;

proxy_send_timeout 90;

proxy_buffer_size 4k;

#缓存配置

proxy_temp_file_write_size 264k;

proxy_temp_path /var/cache/nginx/nginx_temp;

proxy_cache_path /var/cache/nginx/nginx_cache levels=1:2 keys_zone=cache_one:200m inactive=5d max_size=400m;

proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;

# Load modular configuration files from the /etc/nginx/conf.d directory.

# See http://nginx.org/en/docs/ngx_core_module.html#include

# for more information.

include /usr/local/nginx/conf/conf.d/*.conf;

网站nginx配置示例:

非集群:

server {

listen 80;

server_name e-seal.****.cn;

#access_log error_log

error_log /var/log/nginx/error_eseal.log error;

access_log /var/log/nginx/access_eseal.log main;

location / {

# location ~ .*.(jpg|jpeg|gif|png|ico)$ {

proxy_pass http://172.16.109.115:8723;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_redirect off;

client_max_body_size 500m;

client_body_buffer_size 928k;

}

}

双节点集群:

upstream oa {

ip_hash;

server 172.16.109.101:8080 weight=10 max_fails=1 fail_timeout=36;

#server 172.16.109.101:8080 down;

server 172.16.109.102:8080 weight=10 max_fails=1 fail_timeout=36;

#server 172.16.109.102:8080 down;

}

server {

listen 80;

# listen 8899;

server_name oa.****.cn;

#access_log error_log

error_log /var/log/nginx/error_oa.log error;

access_log /var/log/nginx/access_oa.log main;

location / {

proxy_pass http://oa;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host;

# proxy_set_header Host $host:$server_port;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_redirect off;

client_max_body_size 500m;

client_body_buffer_size 928k;

}

}

以上就是核心的配置步骤,如果有不清楚的欢迎留言问下,帮您看下什么问题。

内容出处:,

声明:本网站所收集的部分公开资料来源于互联网,转载的目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。如果您发现网站上有侵犯您的知识产权的作品,请与我们取得联系,我们会及时修改或删除。文章链接:http://www.yixao.net/procedure/25030.html

发表评论

登录后才能评论