http://blog.csdn.net/beyondlpf/article/details/8240482
環境說明:
[html] view plain copy
nginx1:192.168.2.47
nginx2:192.168.2.48
tomcat1:192.168.2.49
tomcat2:192.168.2.50
vip:192.168.2.51
一.Nginx配置1.安裝Nginx所需pcre庫wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.10.tar.gz
[html] view plain copy
tar -zxvf pcre-8.10.tar.gz
cd pcre-8.10
./configure
make
make install
2.安裝Nginxwget http://nginx.org/download/nginx-0.8.52.tar.gz
[html] view plain copy
groupadd www
useradd -g www www
tar zxvf nginx-0.8.52.tar.gz
cd nginx-0.8.52/
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
make
make install
注:如果出現以下錯誤
[html] view plain copy
./configure: error: SSL modules require the OpenSSL library.
Centos需要安裝openssl-devel
Ubuntu則需要安裝:sudo apt-get install libssl-dev
3.修改配置文件爲以下內容:
user www www;worker_processes 2;pid logs/nginx.pid;worker_rlimit_nofile 51200; events{ use epoll; worker_connections 51200;} http{ include mime.types; default_type application/octet-stream; keepalive_timeout 120; server_tokens off; send_timeout 60; tcp_nodelay on; upstream tomcats { server 192.168.2.50:8080; server 192.168.2.49:8080; #ip_hash; #在沒有做共享session的情況下ip_hash可以解決session問題 } server { listen 80; server_name 192.168.2.48; location / { proxy_pass http://tomcats; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } log_format access_log '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /usr/local/nginx/logs/access.log access_log; } }
4.測試配置文件
/usr/local/nginx/sbin/nginx -t
如果出現以下情況
/usr/local/nginx/sbin/nginx: error while loading shared libraries: libpcre.so.0: or directory
解決方法:
sudo ln -s /usr/local/lib/libpcre.so.0 /usr/lib/libpcre.so.0
/usr/local/nginx/sbin/nginx -t
顯示以下信息爲正確的
the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok configuration file /usr/local/nginx/conf/nginx.conf test is successful
5.優化內核參數
vim /etc/sysctl.conf在最後添加
net.ipv4.tcp_max_syn_backlog = 65536net.core.netdev_max_backlog = 32768net.core.somaxconn = 32768net.core.wmem_default = 8388608net.core.rmem_default = 8388608net.core.rmem_max = 16777216net.core.wmem_max = 16777216net.ipv4.tcp_timestamps = 0net.ipv4.tcp_synack_retries = 2net.ipv4.tcp_syn_retries = 2net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_mem = 94500000 915000000 927000000net.ipv4.tcp_max_orphans = 3276800net.ipv4.ip_local_port_range = 1024 65535
保存退出後執行
sysctl -p
6.切割Nginx日誌腳本
#!/bin/bash PATH_LOGS="/usr/local/nginx/logs"YEAR=`date -d "-1 days" +"%Y"` MONTH=`date -d "-1 days" +"%m"` mkdir -p $PATH_LOGS/$YEAR/$MONTH mv $PATH_LOGS/access.log $PATH_LOGS/$YEAR/$MONTH/access_$(date -d "-1 days" +"%Y%m%d").logkill -USR1 `cat $PATH_LOGS/nginx.pid`
把該腳本加到crontab每天00點執行
注:備機的Nginx和以上安裝步驟一樣
二.安裝配置Keepalived
1.下載所需要的軟件
wget http://keepalived.org/software/keepalived-1.1.19.tar.gz
wget http://rpm5.org/files/popt/popt-1.16.tar.gz
2.安裝popt
編譯keepalived時需要popt,否則會報以下錯誤:
configure: error: Popt libraries is required
tar -zxvf popt-1.16.tar.gzcd popt-1.16./configure make make install
3.安裝keepalived
tar -zxvf keepalived-1.1.19.tar.gzcd keepalived-1.1.19 ./configure --prefix=/usr/local/keepalived make make install
4.修改配置文件爲以下內容:
vim /usr/local/keepalived/etc/keepalived/keepalived.conf
! Configuration File for keepalived global_defs { router_id LVS_DEVEL}vrrp_script Monitor_Nginx { script "/root/scripts/monitor_nginx.sh" #根據自己的實際路徑放置monitor_nginx.sh interval 2 weight 2}vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1234} track_script { Monitor_Nginx} virtual_ipaddress { 192.168.2.51 }}
注:monitor_nginx.sh爲監控nginx進程的腳本,內容如下
#!/bin/bashif [ "$(ps -ef | grep "nginx: master process"| grep -v grep )" == "" ]then /usr/local/nginx/sbin/nginx sleep 5 if [ "$(ps -ef | grep "nginx: master process"| grep -v grep )" == "" ] then killall keepalived fi fi
5.啓動keepalived
/usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
注:備機的keepalived的安裝和上面一樣,只要把配置文件改爲以下(把MASTER改爲BACKUP)
! Configuration File for keepalived global_defs { router_id LVS_DEVEL}vrrp_script Monitor_Nginx { script "/root/scripts/monitor_nginx.sh" interval 2 weight 2}vrrp_instance VI_1 { state BACKUP #改爲BACKUP interface eth0 virtual_router_id 51 priority 100 #比MASTER數值要低 advert_int 1 authentication { auth_type PASS auth_pass 1234} track_script { Monitor_Nginx} virtual_ipaddress { 192.168.2.51 }}
三.測試步驟
1. 訪問VIP看是否能夠正常訪問後端的tomcat
2. 停止其中一個tomcat看是否能將訪問轉到另一臺上
3. 停止兩臺nginx上任何一個nginx進程看監控進程腳本是否會自動啓動nginx
4. 停止任何一臺nginx上的keepalived進程看另一臺是否接管vip
比如停止Master上的keepalived,例如如下killall keepalived,查看BACKUP機器是否已經接管,如果BACKUP接管後,BACKUP機器日誌會是出下情況
tail /var/log/syslog
Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs.Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.2.51
MASTER機器上日誌會顯示
Keepalived_vrrp: Terminating VRRP child process on signal Keepalived_vrrp: VRRP_Instance(VI_1) removing protocol VIPs.
現在把MASTER上的Keepalived重新啓動,會看到MASTER重新接管VIP,並對外提供服務,BACKUP仍舊回到BACKUP STATE,如果不是這種情況,請檢查配置文件和步驟.
現在的BACKUP日誌如下:
Keepalived_vrrp: VRRP_Instance(VI_1) Received higher prio advert Keepalived_vrrp: VRRP_Instance(VI_1) Entering BACKUP STATE Keepalived_vrrp: VRRP_Instance(VI_1) removing protocol VIPs.
Master日誌如下:
Keepalived_vrrp: VRRP_Script(Monitor_Nginx) succeeded Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs.Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.2.51