实战安装 nginx+keepalvied 实现负载均衡和高可用

hgfre

1. 两台机器都需要安装nginx和keepalivd
环境配置
[iyunv@nginxproxy1 ~]# cat /etc/redhat-release
CentOS release 6.8 (Final)
[iyunv@nginxproxy1 ~]# uname -r
2.6.32-642.6.1.el6.x86_64
软件
nginx-1.6.2.tar.gz keepalived-1.1.19.tar.gz
                                      信息列表

服务器名称	IP
nginxproxy1    做主(master)	10.89.3.102
nginxproxy2    做备(backup)	10.89.3.103
lamp           做web1(real_server1)	10.89.3.101
lnmp           做web2(real_server2)	10.89.3.100
NfsServer      验证服务器	10.89.3.99

#vip  设置在keepalived的配置文件里 10.89.3.168
1.1安装nginx
安装pcre
yum install pcre pcre-devel -y
#安装openssl
yum install openssl openssl-devel -y
#新建nginx用户
useradd nginx -s /sbin/nologin -M
#安装
tar -zxvf nginx-1.6.2.tar.gz
cd nginx-1.6.2

./configure \
--user=nginx \
--group=nginx \
--prefix=/application/nginx1.6.2 \
--with-http_stub_status_module \
--with-http_ssl_module

make && make install

#创建软连接
cd ../
ln -s /application/nginx1.6.2/ /application/nginx  

#检查语法
/application/nginx/sbin/nginx -t   

nginx: the configuration file /application/nginx1.6.2/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx1.6.2/conf/nginx.conf test is successful

# 启动nginx
[iyunv@nginxproxy1 tools]# /application/nginx/sbin/nginx
#查看端口，看是否启动了
[iyunv@nginxproxy1 tools]# netstat -lntup |grep nginx
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      8718/nginx
[iyunv@nginxproxy1 tools]# lsof -i :80
COMMAND  PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   8718  root    6u  IPv4  18680      0t0  TCP *:http (LISTEN)
nginx   8719 nginx    6u  IPv4  18680      0t0  TCP *:http (LISTEN)

1.2 安装keepalived
cd /home/alvin/tools/
ln -s /usr/src/kernels/2.6.32-642.6.1.el6.x86_64 /usr/src/linux
yum install openssl openssl-devel -y
#上传keepalived-1.1.19.tar.gz

tar xf keepalived-1.1.19.tar.gz
cd keepalived-1.1.19
./configure
-----------------------
有3个Yes就表示configure OK
config.status: creating keepalived/check/Makefile
config.status: creating keepalived/libipvs-2.6/Makefile

Keepalived configuration
------------------------
Keepalived version       : 1.1.19
Compiler                 : gcc
Compiler flags           : -g -O2
Extra Lib                : -lpopt -lssl -lcrypto
Use IPVS Framework       : Yes
IPVS sync daemon support : Yes
Use VRRP Framework       : Yes
Use Debug flags          : No
[iyunv@nginxproxy1 keepalived-1.1.19]#
-----------------------
make
make install

#配置规范启动

/bin/cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/
/bin/cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
mkdir /etc/keepalived -p
/bin/cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
/bin/cp /usr/local/sbin/keepalived /usr/sbin/
/etc/init.d/keepalived start
ps -ef|grep keep
root       3483   1365  0 14:56 pts/0    00:00:00 grep keep
--------------------------------
#有3个keepalived -D表示成功
[iyunv@nginxproxy1 keepalived-1.1.19]# /etc/init.d/keepalived start
Starting keepalived:                                       [  OK  ]
[iyunv@nginxproxy1 keepalived-1.1.19]# ps -ef|grep keep
root       6342      1  0 17:42 ?        00:00:00 keepalived -D
root       6344   6342  0 17:42 ?        00:00:00 keepalived -D
root       6345   6342  0 17:42 ?        00:00:00 keepalived -D
root       6347   3490  0 17:42 pts/0    00:00:00 grep keep

--------------------------------------------------------------

如果报:configure:error:Popt librarics is required  则：

yum install popt* -y
-------------------------------------------
#打开内核转发
vi /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1

sysctl -p
---------------------------------
1.3 nginxproxy1 keepalived 配置文件设置

cd /etc/keepalived/
cat keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
   114653379@qq.com
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 10.0.0.1
   smtp_connect_timeout 30
   router_id keepalvied_1
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 55
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.89.3.168/24
    }
}

virtual_server 10.89.3.168 80 {
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    nat_mask 255.255.255.0
    persistence_timeout 300
    protocol TCP
#ipvsadm -A -t 10.89.3.168 -s wrr -p 20
    real_server 10.89.3.100 80 {
        weight 1
        TCP_CHECK {
        connect_timeout 8
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }

  }
    real_server 10.89.3.101 80 {
        weight 1
        TCP_CHECK {
        connect_timeout 8
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }

  }

}

#另外一台nginxproxy2,keepalived 配置文件设置
[iyunv@nginxproxy2 ~]# cd /etc/keepalived/
[iyunv@nginxproxy2 keepalived]# cat keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
   114653379@qq.com
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 10.0.0.1
   smtp_connect_timeout 30
   router_id keepalvied_2
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 55
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.89.3.168/24
    }
}

virtual_server 10.89.3.168 80 {
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    nat_mask 255.255.255.0
    persistence_timeout 300
    protocol TCP
#ipvsadm -A -t 10.89.3.168 -s wrr -p 20
    real_server 10.89.3.100 80 {
        weight 1
        TCP_CHECK {
        connect_timeout 8
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }

  }
    real_server 10.89.3.101 80 {
        weight 1
        TCP_CHECK {
        connect_timeout 8
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }

  }

}

2.测试keepalived vip 是否漂移
#nginxproxy1
[iyunv@nginxproxy1 keepalived]# ip add |grep 10.89.3
    inet 10.89.3.102/24 brd 10.89.3.255 scope global eth0
    inet 10.89.3.168/24 scope global secondary eth0
#nginxproxy2
[iyunv@nginxproxy2 keepalived]# ip add |grep 10.89.3
    inet 10.89.3.103/24 brd 10.89.3.255 scope global eth0

#nginxproxy1 上停止keepalived
[iyunv@nginxproxy1 keepalived]# /etc/init.d/keepalived stop
Stopping keepalived:                                       [  OK  ]
[iyunv@nginxproxy1 keepalived]#  ip add |grep 10.89.3
    inet 10.89.3.102/24 brd 10.89.3.255 scope global eth0      
#查看vip是否漂移了
[iyunv@nginxproxy2 keepalived]# ip add |grep 10.89.3
    inet 10.89.3.103/24 brd 10.89.3.255 scope global eth0
    inet 10.89.3.168/24 scope global secondary eth0

#结论：keepalived配置采购，可以实现高可用。

3.配置2台 nginxproxy，实现负责均衡。
cd /application/nginx/conf
mkdir extra
[iyunv@nginxproxy1 extra]# vi upstream01.conf

upstream www_real_servers {
    server 10.89.3.100:80 weight=5;
    server 10.89.3.101:80 weight=5;

}

server {
    listen    80;
    server_name www.kjcat.org;
    location / {
    proxy_pass http://www_real_servers;
    }
}

#在nginxproxy1配置文件中包含extra
vi nginx.conf

worker_processes  1;
events {
    worker_connections  1024;

}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    include extra/upstream01.conf;

}
~
--------------------------------------
[iyunv@nginxproxy2 extra]# vi upstream02.conf

upstream www_real_servers {
    server 10.89.3.100:80 weight=5;
    server 10.89.3.101:80 weight=5;

}

server {
    listen    80;
    server_name www.kjcat.org;
    location / {
    proxy_pass http://www_real_servers;
    }
}


#在nginxproxy2配置文件中包含extra
vi nginx.conf

worker_processes  1;
events {
    worker_connections  1024;

}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    include extra/upstream02.conf;

}
#两台机器重新启动nginx
/application/nginx/sbin/nginx -s reload

4.验证测试
#在另外一台服务器上配置解析
[iyunv@NfsServer ~]# vi /etc/hosts
#增加
10.89.3.168 www.kjcat.org

[iyunv@NfsServer ~]# curl 10.89.3.168
this is nginx Proxy for LAMP........
[iyunv@NfsServer ~]# curl 10.89.3.168
This is nginx proxy for LNMP.
[iyunv@NfsServer ~]# curl 10.89.3.168
this is nginx Proxy for LAMP........
[iyunv@NfsServer ~]# curl 10.89.3.168
This is nginx proxy for LNMP.
[iyunv@NfsServer ~]# curl www.kjcat.org
this is nginx Proxy for LAMP........
[iyunv@NfsServer ~]# curl www.kjcat.org
This is nginx proxy for LNMP.
[iyunv@NfsServer ~]# curl www.kjcat.org
this is nginx Proxy for LAMP........
[iyunv@NfsServer ~]# curl www.kjcat.org
This is nginx proxy for LNMP.

#在浏览器中输入IP也可以实现（如果有DNS就可以实现域名 www.kjcat.com访问）
http://10.89.3.168
This is nginx proxy for LNMP.
#刷新后
this is nginx Proxy for LAMP........