nginx+keepalived 双主热备负载均衡
nginx+keepalived 双主热备负载均衡负载均衡技术对于一个网站尤其是大型网站的web服务器集群来说是至关重要的!做好负载均衡架构,可以实现故障转移和高可用环境,避免单点故障,保证网站健康持续运行。很多企业的网络架构都需要用到nginx+keepalived的负载均衡技术,此时可以用到两种模式,分别是主从模式和双主模式,这两种模式的主要区别是:主从模式其中的一台备用机是长时间处于空闲状态的,而双主模式的两台调度器都是一起工作,这样能合理利用资源以及分担在一台前端nginx服务器上的压力。
实现的过程主要还是分为两个过程:
一、前端两台nginx做反向代理到后面两台web服务器
二、对前端两台nginx做keepalived(心跳检测)
基本配置
前端nginx fjw133:192.168.10.133 vip1:192.168.10.200(主) 192.168.10.200(备)
前端nginx fjw134:192.168.10.134 vip1:192.168.10.200(主) 192.168.10.220(备)
后端web服务器 fjw132:192.168.10.132
后端web服务器 fjw135:192.168.10.135
https://s3.运维网.com/oss/201710/22/981cae41b903cfa893d38332b990c891.jpg-wh_500x0-wm_3-wmp_4-s_1503411391.jpg
一、先配置前端nginx反向代理
在fjw133上安装nginx
1、wget nginx安装包
cd /usr/local/nginx
wget http://nginx.org/download/nginx-1.13.6.tar.gz
2、创建nginx用户
useradd nginx -s /sbin/nologin -M
3、解压
tar -zxvf nginx-1.13.6.tar.gz
cd nginx-1.13.6
4、编译
./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre
make && make install
5、检测配置文件
/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/nginx -s start
/usr/local/nginx/sbin/nginx -s reload
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
/usr/local/nginx/sbin/nginx -s reload
6、修改配置文件
vim /usr/local/nginx/conf/nginx.conf
#运行用户
#usernobody;
#启动进程,通常设置成和cpu的数量相等
worker_processes1;
#全局错误日志及PID文件
#error_loglogs/error.log;
#error_loglogs/error.lognotice;
#error_loglogs/error.loginfo;
#pid logs/nginx.pid;
error_log/usr/local/nginx/logs/error.log notice;
pid /usr/local/nginx/logs/nginx.pid;
events {
#单个后台worker process进程的最大并发链接数
worker_connections1024;
}
http {
##设定mime类型,类型由mime.type文件定义
include mime.types;
#默认文件类型
default_typeapplication/octet-stream;
#设定日志格式
log_formatmain'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_loglogs/access.logmain;
#开启高效文件传输模式
sendfile on;
#以下两个选项用于防止网络阻塞
tcp_nopush on;
#长链接超时时间
keepalive_timeout65;
#打开gzip压缩
gzipon;
upstream backend {
server 192.168.10.132:80 max_fails=3 fail_timeout=30s;#代理的web服务
server 192.168.10.135:80 max_fails=3 fail_timeout=30s;#最大失败3次直接踢掉,超过30秒踢掉
}
server {
listen 80; #监听端口
server_namelocalhost
#charset koi8-r;
##access_loglogs/host.access.logmain;
location / {
proxy_pass http://backend; ##对应上面upstream定义的backend
proxy_store off; ##启用本地缓存功能
proxy_redirect off; ##指定修改被代理服务器返回的响应头中的location头域跟refresh头域数值
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
##定义或添加字段传递给代理服务器的请求头。
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
}
}
} 7、检测配置文件并重新加载服务
/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/nginx -s reload
同样的步骤去配置fjw134,配置文件也相同,就不再演示
8、然后配置后端两台web服务器
我用的也是nginx做web服务器,安装过程和上面一样,只需要发布网站就可以,也不详细演示
9、接着可以做keepalived的部分,安装keepalived
yum install -y keepalived
10、修改配置文件
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email { #故障发生时给谁发邮件
root@localhost
}
notification_email_from root@fjw133 #通知邮件从哪个地址发出
smtp_server localhost
smtp_connect_timeout 30 #连接smtp服务器的超时时间
router_idhostname #上面都是发邮件的部分,这里就不演示
}
vrrp_script chk_http_port {
script "/test/check_nginx.sh"
interval 2
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER #另一台的状态是BACKUP
interface ens33
virtual_router_id 51 #另一台的id要保持一样
priority 100 ##权重必须比BACKUP高
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.200
}
track_script {
chk_nginx
}
}
vrrp_instance VI_2 {
state BACKUP #另一台的状态是MASTER
interface ens33
virtual_router_id 52 #与另一台的id要保持一样
priority 99 #权重必须比master低
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.220
}
track_script {
chk_http_port
}
} 11、fjw134也同样要装keepalived,其配置文件是
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_idNodeA
}
vrrp_script chk_nginx { ##这个部分定义nginx反向代理服务的检测脚本
script "/test/nginx_check.sh" ##脚本路径
interval 2 ##检测周期
weight -2 ##如果脚本被执行,那么优先级将会降低2
fall 2 ##指监控几次判断为失败
rise 1 ##指监控几次判断为成功
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.200
}
track_script {
chk_nginx
}
}
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.220
}
track_script {
chk_nginx
}
} 12、/test/check_nginx.sh是检测nginx的脚本,如果nginx服务突然down,脚本会自动重启nginx,如果起不了就关掉keepalived,这样服务就转到另一台前端nginx
vim /test/check_nginx.sh#!/bin/sh
A=`ps -C nginx --no-header | wc -l`
if [ $A -eq 0 ] ; then
/usr/local/nginx/sbin/nginx
sleep 2
A=`ps -C nginx --no-header | wc -l`
if [ $A -eq 0 ] ; then
systemctl stop keepalived
fi
fi 13、此时可以查看两个vip,已经分别分配到两台前端nginx上
# ip addr
1: lo:mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33:mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:0a:17:8a brd ff:ff:ff:ff:ff:ff
inet 192.168.10.133/24 brd 192.168.10.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.10.200/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::9c2e:cd7b:fea:3bf9/64 scope link
# ip addr
1: lo:mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33:mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:95:72:dc brd ff:ff:ff:ff:ff:ff
inet 192.168.10.134/24 brd 192.168.10.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.10.220/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::46e:7225:ebf3:f9ca/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::538f:f55f:2ea8:6dd9/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::9c2e:cd7b:fea:3bf9/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
14、测试关闭fjw133的nginx服务,但服务还是会自动起来,fjw134也是一样
# /usr/local/nginx/sbin/nginx -s stop
# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 13847/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 878/sshd
15、关闭fjw133的keepalived,VIP1会跳到fjw134上
# systemctl stop keepalived
# ip addr
1: lo:mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33:mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:95:72:dc brd ff:ff:ff:ff:ff:ff
inet 192.168.10.134/24 brd 192.168.10.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.10.220/32 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.10.200/32 scope global ens33
valid_lft forever preferred_lft forever
16、即使一台前端nginx关掉了,访问两个VIP还是可以轮询访问两个web服务器发布的网页
https://s2.运维网.com/oss/201710/22/64e5f5568cd20a15cd1a8e7d314c7e50.png-wh_500x0-wm_3-wmp_4-s_724550238.png
页:
[1]