说明:
操作系统:CentOS 5.X 64位
Web服务器:192.168.21.127、192.168.21.128
站点:和部署在两台Web服务器上
实现目的:
增加两台服务器(主主模式),通过Nginx+Keepalived实现Web服务器负载均衡
架构规划:
负载均衡服务器:192.168.21.129、192.168.21.130
虚拟服务器(VIP):192.168.21.252、192.168.21.253
部署完成之后:
1、VIP:192.168.21.253指向192.168.21.129;VIP:192.168.21.252指向192.168.21.130;
2、当192.168.21.129宕机时,VIP:192.168.21.253漂移到192.168.21.130上;
3、当192.168.21.130宕机时,VIP:192.168.21.252漂移到192.168.21.129上;
这样的主主模式好处是,两台服务器在提供服务的同时,又互为对方的备份服务器。
具体操作:
第一部分:在两台Nginx服务器上分别操作
一、关闭SElinux、配置防火墙
1、vi /etc/selinux/config
#SELINUX=enforcing#注释掉
#SELINUXTYPE=targeted#注释掉
SELINUX=disabled#增加
:wq!#保存退出
setenforce 0#使配置立即生效
2、vi /etc/sysconfig/iptables#编辑
-A RH-Firewall-1-INPUT -d 224.0.0.18 -j ACCEPT#允许组播地址通信
-A RH-Firewall-1-INPUT -p vrrp -j ACCEPT#允许VRRP(虚拟路由器冗余协)通信
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT#允许80端口通过防火墙
:wq!#保存退出
/etc/init.d/iptables restart#重启防火墙使配置生效
二、安装Nginx
1、安装编译工具包(使用CentOS yum命令安装,安装的包比较多,方便以后配置lnmp环境)
yum install -y make apr* autoconf automake curl curl-devel gcc gcc-c++ gtk+-devel zlib-devel openssl openssl-devel pcre-devel gd kernel keyutils patch perl kernel-headers compat* cpp glibc libgomp libstdc++-devel keyutils-libs-devel libsepol-devel libselinux-devel krb5-devel libXpm* freetype freetype-devel freetype* fontconfig fontconfig-devel libjpeg* libpng* php-common php-gd gettext gettext-devel ncurses* libtool* libxml2 libxml2-devel patch policycoreutils bison
2、下载软件包
(1)/download/nginx-1.4.7.tar.gz#下载Nginx
(2)ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.34.tar.gz#下载pcre (支持nginx伪静态)
(3)/files/ngx_cache_purge-2.1.tar.gz#下载ngx_cache_purge(方便以后扩展配置nginx缓存服务器)
上传以上软件包到/usr/local/src 目录
3、安装pcre
cd /usr/local/src
mkdir /usr/local/pcre#创建安装目录
tar zxvf pcre-8.34.tar.gz
cd pcre-8.34
./configure --prefix=/usr/local/pcre#配置
make
make install
4、安装Nginx
cd /usr/local/src
groupadd www#添加www组
useradd -g www www -s /bin/false#创建nginx运行账户www并加入到www组,不允许www用户直接登录系统
cd /usr/local/src#进入安装目录
tar zxvf ngx_cache_purge-2.1.tar.gz#解压
tar zxvf nginx-1.4.7.tar.gz#解压
cd nginx-1.4.7
./configure --prefix=/usr/local/nginx --without-http_memcached_module --user=www --group=www --with-http_stub_status_module --with-openssl=/usr/--with-pcre=/usr/local/src/pcre-8.34--add-module=../ngx_cache_purge-2.1#配置
注意:--with-pcre=/usr/local/src/pcre-8.34指向的是源码包解压的路径,而不是安装的路径,否则会报错
make#编译
make install#安装
/usr/local/nginx/sbin/nginx#启动nginx
设置nginx开启启动
vi /etc/rc.d/init.d/nginx#编辑启动文件添加下面内容
=======================================================
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /usr/local/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`$nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
if [ -z "`grep $user /etc/passwd`" ]; then
useradd -M -s /bin/nologin $user
fi
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
#configtest || return $?
stop
sleep 1
start
}
reload() {
#configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
=======================================================
:wq!#保存退出
chmod 775 /etc/rc.d/init.d/nginx#赋予文件执行权限
chkconfig nginx on#设置开机启动
/etc/rc.d/init.d/nginx restart#重新启动Nginx
service nginx restart
=======================================================
三、配置Nginx
cp /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.confbak#备份nginx配置文件
1、设置nginx运行账
vi /usr/local/nginx/conf/nginx.conf#编辑,修改
找到user nobody;修改为
user www www;#在第一行
:wq!#保存退出
2、禁止nginx空主机头
vi /usr/local/nginx/conf/nginx.conf#编辑
找到server,在上面一行添加如下内容:
##############################
server {
listen 80 default;
server_name _;
location / {
root html;
return 404;
}
location ~ /.ht {
deny all;
}
}
##############################
:wq!#保存退出
/etc/rc.d/init.d/nginx restart#重启nginx
这样设置之后,空主机头访问会直接跳转到nginx404错误页面。
3、添加nginx虚拟主机包含文件
cd /usr/local/nginx/conf/#进入nginx安装目录
mkdir vhost#建立虚拟目录
vi /usr/local/nginx/conf/nginx.conf#编辑
找到上一步添加的代码,在最后添加如下内容:
include vhost/*.conf;
:wq!#保存退出
例如:
##############################
server {
listen 80 default;
server_name _;
location / {
root html;
return 404;
}
location ~ /.ht {
deny all;
}
}
include vhost/*.conf;
##############################
4、添加Web服务器列表文件
cd /usr/local/nginx/conf/#进入目录
touch mysvrhost.conf#建立文件
vi /usr/local/nginx/conf/nginx.conf#编辑
找到上一步添加的代码,在下面添加一行
include mysvrhost.conf;
:wq!#保存退出
5、设置nginx全局参数
vi /usr/local/nginx/conf/nginx.conf#编辑
worker_processes 2;# 工作进程数,为CPU的核心数或者两倍
events
{
use epoll;#增加
worker_connections 65535;#修改为65535,最大连接数。
}
#############以下代码在http {部分增加与修改##############
server_names_hash_bucket_size 128;#增加
client_header_buffer_size 32k;#增加
large_client_header_buffers 4 32k;#增加
client_max_body_size 300m;#增加
tcp_nopush on; #修改为on
keepalive_timeout 60;#修改为60
tcp_nodelay on;#增加
server_tokens off;#增加,不显示nginx版本信息
gzip on;#修改为on
gzip_min_length 1k;#增加
gzip_buffers 4 16k;#增加
gzip_http_version 1.1;#增加
gzip_comp_level 2;#增加
gzip_types text/plain application/x-javascript text/css application/xml;#增加
gzip_vary on;#增加
6、设置Web服务器列表
cd /usr/local/nginx/conf/#进入目录
vi mysvrhost.conf#编辑,添加以下代码
upstream osyunweihost {
server 192.168.21.127:80 weight=1 max_fails=2 fail_timeout=30s;
server 192.168.21.128:80 weight=1 max_fails=2 fail_timeout=30s;
ip_hash;
}
7、新建虚拟主机配置文件
cd /usr/local/nginx/conf/vhost#进入虚拟主机目录
touch osyunwei.conf#建立虚拟主机配置文件
vi osyunwei.conf#编辑
log_format access '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server
{
listen 80;
server_name ;
location /
{
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_pass http://osyunweihost;
#proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /NginxStatus {
stub_status on;
access_log on;
auth_basic "NginxStatus";
#auth_basic_user_file pwd;
}
access_log /usr/local/nginx/logs/access.log access;
}
:wq!#保存配置
service nginx restart#重启nginx
四、安装keepalived
系统运维 温馨提醒:qihang01原创内容版权所有,转载请注明出处及原文链接
下载keeplived:/software/keepalived-1.2.12.tar.gz
上传keepalived-1.2.12.tar.gz到/usr/local/src目录
cd /usr/local/src
tar zxvf keepalived-1.2.12.tar.gz
cd keepalived-1.2.12
./configure --prefix=/usr/local/keepalived #配置,必须看到以下提示,说明配置正确,才能继续安装
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
Use VRRP Framework : Yes
make#编辑
make install#安装
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived
mkdir /etc/keepalived
ln -s /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
chmod +x /etc/rc.d/init.d/keepalived#添加执行权限
chkconfig keepalived on#设置开机启动
service keepalived start#启动
service keepalived stop#关闭
service keepalived restart#重启
五、配置keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /usr/local/keepalived/etc/keepalived/keepalived.conf-bak
vi /usr/local/keepalived/etc/keepalived/keepalived.conf#编辑,修改为以下代码
#########################################################
#以下为192.168.21.129服务器
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_nginx.sh" #Nginx服务监控脚本
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx#监测nginx进程状态
}
virtual_ipaddress {
192.168.21.253
}
notify_master "/etc/keepalived/clean_arp.sh 192.168.21.253"#更新虚拟服务器(VIP)地址的arp记录到网关
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.21.252
}
notify_master "/etc/keepalived/clean_arp.sh 192.168.21.252"#更新虚拟服务器(VIP)地址的arp记录到网关
}
#########################################################
:wq!#保存退出
#########################################################
#以下为192.168.21.130服务器
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_nginx.sh" #Nginx服务监控脚本
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx#监测nginx进程状态
}
virtual_ipaddress {
192.168.21.253
}
notify_master "/etc/keepalived/clean_arp.sh 192.168.21.253"#更新虚拟服务器(VIP)地址的arp记录到网关
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.21.252
}
notify_master "/etc/keepalived/clean_arp.sh 192.168.21.252"#更新虚拟服务器(VIP)地址的arp记录到网关
}
#########################################################
:wq!#保存退出
六、设置nginx服务监控脚本
touch /usr/local/keepalived/check_nginx.sh
ln -s /usr/local/keepalived/check_nginx.sh /etc/keepalived/check_nginx.sh
vi /etc/keepalived/check_nginx.sh#编辑,添加以下代码
#########################################################
#!/bin/sh
if [ $(ps -C nginx --no-header | wc -l) -eq 0 ]; then
/etc/rc.d/init.d/nginx start
fi
sleep 2
if [ $(ps -C nginx --no-header | wc -l) -eq 0 ]; then
/etc/rc.d/init.d/keepalived stop
fi
#########################################################
:wq!#保存退出
chmod +x /usr/local/keepalived/check_nginx.sh#添加执行权限
七、设置更新虚拟服务器(VIP)地址的arp记录到网关脚本
touch /usr/local/keepalived/clean_arp.sh
ln -s /usr/local/keepalived/clean_arp.sh /etc/keepalived/clean_arp.sh
vi /etc/keepalived/clean_arp.sh#编辑,添加以下代码
#!/bin/sh
VIP=$1
GATEWAY=192.168.21.2#网关地址
/sbin/arping -I eth0 -c 5 -s $VIP $GATEWAY &>/dev/null
:wq!#保存退出
chmod +x /usr/local/keepalived/clean_arp.sh#添加脚本执行权限
service nginx restart#重启nginx
service keepalived restart#重启keepalived
第二部分:测试Nginx+Keepalived是否正常运行
一、 解析到192.168.21.253; 解析到192.168.21.252;
在两台Nginx服务器:192.168.21.129、192.168.21.130上执行命令:ip addr
如下图所示:
可以看出现在VIP:192.168.21.253指向192.168.21.129;VIP:192.168.21.252指向192.168.21.130;
在浏览器中打开
/
/
如下图所示:
此时,bbs和sns域名都被均衡到192.168.21.127上面
二、停止192.168.21.127上面的nginx服务
service nginx stop
继续打开上面的两个网址,如下图所示:
此时,bbs和sns域名都被均衡到192.168.21.128上面(由于192.168.21.127服务器nginx服务被关闭,实现了故障转移)
三、关闭192.168.21.129上面的Keepalived服务
service keepalived stop
此时,在两台Keepalived服务器:192.168.21.129、192.168.21.130上执行命令:ip addr
如下图所示:
可以看出VIP:192.168.21.253和192.168.21.252均指向到192.168.21.130;
此时,打开/如下图所示:
可以正常访问
四、恢复192.168.21.129上面的keepalived服务,恢复192.168.21.127上面的nginx服务,停止192.168.21.130上面的Keepalived服务
service keepalived stop
在两台Keepalived服务器:192.168.21.129、192.168.21.130上执行命令:ip addr
如下图所示:
可以看出VIP:192.168.21.253和192.168.21.252均指向到192.168.21.129;
此时,打开/如下图所示:
可以正常访问
至此,Nginx+Keepalived实现Web服务器负载均衡配置完成。
如果觉得《Nginx+Keepalived实现Web服务器负载均衡》对你有帮助,请点赞、收藏,并留下你的观点哦!
