nginx+keepalived構建負載均衡代理服務器

一、拓撲圖

Nginx有很強代理功能，但是一臺nginx就形成了單點，現在使用keepalived來解決這個問題，keepalived的故障轉移時間很短.

Nginx+keepalived雙機實現nginx反向代理服務的高可用,一臺nginx掛掉之後不影響應用也不影響內網訪問外網.

Master和Backup兩邊都開啓nginx服務，無論Master還是Backup，當其中的一個keepalived服務停止後，vip都會漂移到keepalived服務還在的節點上。

二、安裝Nginx和keepalived服務

1、分別在nginx-master安裝nginx

[root@90sec src]# yum -y install gcc gcc-c++ openssl-devel pcre-devel automake autoconf

[root@90sec src]# groupadd -r nginx

[root@90sec src]# useradd -r -g nginx nginx

[root@90sec src]# tar xf nginx-1.7.5.tar.gz

[root@90sec src]# cd nginx-1.7.5

[root@90sec nginx-1.7.5]# ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_stub_status_module --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --with-http_gzip_static_module --with-http_flv_module --with-http_mp4_module | tee /tmp/nginx.txt ###可以把nginx安裝的路徑保存到nginx.txt中

[root@90sec nginx-1.7.5]# make && make install

[root@90sec nginx-1.7.5]# vim /etc/rc.d/init.d/nginx

#!/bin/sh

# nginx - this script starts and stops the nginx daemon

# chkconfig: - 85 15

# description: Nginx is an HTTP(S) server, HTTP(S) reverse \

# proxy and IMAP/POP3 proxy server

# processname: nginx

# config: /etc/nginx/nginx.conf

# config: /etc/sysconfig/nginx

# pidfile: /var/run/nginx.pid

# Source function library.

. /etc/rc.d/init.d/functions

# Source networking configuration.

. /etc/sysconfig/network

# Check that networking is up.

[ "$NETWORKING" = "no" ] && exit 0

nginx="/usr/local/nginx/sbin/nginx"

prog=$(basename $nginx)

NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"

[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx

lockfile=/var/lock/subsys/nginx

make_dirs() {

# make required directories

user=`nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=$[^ ]*$.*/\1/g' -`

options=`$nginx -V 2>&1 | grep 'configure arguments:'`

for opt in $options; do

if [ `echo $opt | grep '.*-temp-path'` ]; then

value=`echo $opt | cut -d "=" -f 2`

if [ ! -d "$value" ]; then

# echo "creating" $value

mkdir -p $value && chown -R $user $value

done

}

start() {

[ -x $nginx ] || exit 5

[ -f $NGINX_CONF_FILE ] || exit 6

make_dirs

echo -n $"Starting $prog: "

daemon $nginx -c $NGINX_CONF_FILE

retval=$?

echo

[ $retval -eq 0 ] && touch $lockfile

return $retval

}

stop() {

echo -n $"Stopping $prog: "

killproc $prog -QUIT

retval=$?

echo

[ $retval -eq 0 ] && rm -f $lockfile

return $retval

}

restart() {

configtest || return $?

stop

sleep 1

start

}

reload() {

configtest || return $?

echo -n $"Reloading $prog: "

killproc $nginx -HUP

RETVAL=$?

echo

}

force_reload() {

restart

}

configtest() {

$nginx -t -c $NGINX_CONF_FILE

}

rh_status() {

status $prog

}

rh_status_q() {

rh_status >/dev/null 2>&1

}

case "$1" in

start)

rh_status_q && exit 0

;;

stop)

rh_status_q || exit 0

restart|configtest)

;;

reload)

rh_status_q || exit 7

;;

force-reload)

force_reload

;;

status)

rh_status

;;

condrestart|try-restart)

rh_status_q || exit 0

;;

echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"

exit 2

esac

[root@90sec nginx-1.7.5]# chmod +x /etc/rc.d/init.d/nginx

[root@90sec nginx-1.7.5]# chkconfig --add nginx

[root@90sec nginx-1.7.5]# chkconfig nginx on

[root@90sec nginx-1.7.5]# service nginx restart

[root@90sec nginx-1.7.5]# ss -anptl | grep "nginx"

LISTEN 0 128 *:80 *:* users:(("nginx",38972,6),("nginx",38973,6))

[root@90sec nginx-1.7.5]# service nginx status

nginx (pid 38973 38972) is running...

2、分別創建網站首頁

[root@90sec nginx-1.7.5]# echo "Welcom to nginx-master" > /usr/local/nginx/html/index.html

[root@90sec nginx-1.7.5]# curl http://192.168.83.132

Welcom to nginx-master

[root@80sec nginx-1.7.5]# echo "Welcome to nginx-backup" > /usr/local/nginx/html/index.html

[root@80sec nginx-1.7.5]# curl http://192.168.83.133

Welcome to nginx-backup

3、安裝keepalived

[root@90sec src]# tar xf keepalived-1.2.12.tar.gz

[root@90sec src]# cd keepalived-1.2.12

[root@90sec keepalived-1.2.12]# ./configure --prefix=/usr/local/keepalived --with-dir=/usr/src/kernels/*/

[root@90sec keepalived-1.2.12]# make && make install

[root@90sec keepalived-1.2.12]# mkdir /etc/keepalived

[root@90sec keepalived-1.2.12]# cp -f keepalived/etc/keepalived/keepalived.conf /etc/keepalived/

[root@90sec keepalived-1.2.12]# cp -f keepalived/etc/init.d/keepalived.init /etc/init.d/keepalived[root@90sec keepalived-1.2.12]# cp -f keepalived/etc/init.d/keepalived.sysconfig /etc/sysconfig/keepalived

[root@90sec keepalived-1.2.12]# cp -f /usr/local/keepalived/sbin/keepalived /sbin/

修改keepalived的配置文件

## nginx-master###

[root@90sec keepalived-1.2.12]# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived #全局定義

global_defs {

notification_email {

[email protected] #發生故障時給誰發送郵件

}

notification_email_from root@localhost #故障用那個郵箱發送郵件

smtp_server 127.0.0.1 #指定發送email的smtp服務器

smtp_connect_timeout 30 #超時時間

router_id LVS_DEVEL #運行keepalived的機器的一個標識

}

vrrp_script chk_nginx { #檢測nginx服務是否在運行有很多方式，比如進程，用腳本檢測等等

script "killall -0 nginx" #用shell命令檢查nginx服務是否存在

interval 1 #時間間隔爲1秒檢測一次

weight -2 #當nginx的服務不存在了，就把當前的權重-2

fall 2 #測試失敗的次數

rise 1 #測試成功的次數

}

vrrp_instance VI_1 {

state MASTER #爲主服務器

interface eth0 #監聽的本地網卡接口

virtual_router_id 51 #主輔virtual_router_id號必須相同

mcast_src_ip=192.168.83.132 #主nginx的IP地址

priority 100 #優先級

advert_int 1 ###同步間隔時長

authentication { #認證

auth_type PASS #認證方式

auth_pass 1111 #密鑰

}

virtual_ipaddress {

192.168.83.131/24 dev eth1 #VIP

}

##後面的就都用不到了刪除就可以

####nginx-backup####

! Configuration File for keepalived

global_defs {

notification_email {

[email protected]

}

notification_email_from root@localhost

smtp_server 127.0.0.1

smtp_connect_timeout 30

router_id LVS_DEVEL

}

vrrp_instance VI_1 {

state MASTER

interface eth0

virtual_router_id 51

mcast_src_ip=192.168.83.133 #修改爲133

priority 90 #修改爲90

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

192.168.83.131/24 dev eth1

}

啓動keepalived服務（主輔兩臺）

[root@90sec keepalived-1.2.12]# /etc/init.d/keepalived start

Starting keepalived: [ OK ]

[root@90sec keepalived-1.2.12]# chkconfig --add keepalived

[root@90sec keepalived-1.2.12]# chkconfig keepalived on

查看vip是否主動切換

nginx-maser上keepalived關閉之前

nginx-master上keepalived關閉之後

四、修改nginx配置文件做反向代理

1、分別在web1，web2安裝httpd服務

[root@70sec ~]# yum -y install httpd

[root@70sec ~]# echo "<h1>Welcome to WEB1</h1>" > /var/www/html/index.html

[root@70sec ~]# service httpd restart

Stopping httpd: [FAILED]

Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 70sec.com for ServerName

[ OK ]

[root@70sec ~]# curl http://192.168.83.134

<h1>Welcome to WEB1</h1>

[root@10sec ~]# yum -y install httpd

[root@10sec ~]# echo "<h1>Welcome to WEB2</h1>" > /var/www/html/index.html

[root@10sec ~]# service httpd start

Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 10sec.com for ServerName

[ OK ]

[root@10sec ~]# curl httpd://192.168.83.135

<h1>Welcome to WEB2</h1>

2、修改nginx的配置文件做反向代理(主輔配置文件相同)

user nginx nginx; ##運行nginx的用戶和組

worker_processes 2; ##啓動進程數

#error_log logs/error.log;

#error_log logs/error.log notice;

#error_log logs/error.log info;

#pid logs/nginx.pid;

events {

use epoll; ##工作模型

worker_connections 1024; ##單進程最大連接數

}

http { ##http模塊

include mime.types; ##包含進來

default_type application/octet-stream; ##默認類型

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '

# '$status $body_bytes_sent "$http_referer" '

# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

sendfile on;

#tcp_nopush on;

#keepalive_timeout 0;

keepalive_timeout 65; ##長連接時長

#gzip on;

upstream web { ##用upstream定義集羣與RS

server 192.168.83.134:80 weight=1 max_fails=3 fail_timeout=10s; ##RS地址，錯誤請求與超時時長

server 192.168.83.135:80 weight=1 max_fails=3 fail_timeout=10s;

}

server {

listen 80; ##監聽端口

server_name 192.168.83.131; ##ServerName

root html;

index index.html index.htm;

#charset koi8-r;

#access_log logs/host.access.log main;

location / {

proxy_pass http://web; ##反向代理

proxy_redirect off;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For Proxy_add_x_forwarded_for;

}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

｝

3、拷貝到nginx-backup上

[root@90sec sbin]# scp /usr/local/nginx/conf/nginx.conf 192.168.83.133:/usr/local/nginx/conf/

測試代理

測試負載

現在關掉web1

[root@70sec ~]# service httpd stop

Stopping httpd: [ OK ]

再開啓web1，關閉web2

[root@70sec ~]# service httpd start

Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 70sec.com for ServerName

[ OK ]

[root@10sec ~]# service httpd stop

Stopping httpd: [ OK ]

upstream 支持的負載均衡算法

Nginx的負載均衡模塊目前支持4種調度算法，下面進行分別介紹，其中後兩項屬於第三方調度算法。

輪詢（默認）。每個請求按時間順序逐一分配到不同的後端服務器，如果後端某臺服務器宕機，故障系統被自動剔除，使用戶訪問不受影響。Weight 指定輪詢權值，Weight值越大，分配到的訪問機率越高，主要用於後端每個服務器性能不均的情況下。

ip_hash。每個請求按訪問IP的hash結果分配，這樣來自同一個IP的訪客固定訪問一個後端服務器，有效解決了動態網頁存在的session共享問題。

fair。這是比上面兩個更加智能的負載均衡算法。此種算法可以依據頁面大小和加載時間長短智能地進行負載均衡，也就是根據後端服務器的響應時間來分配請求，響應時間短的優先分配。Nginx本身是不支持fair的，如果需要使用這種調度算法，必須下載Nginx的upstream_fair模塊。

url_hash。此方法按訪問url的hash結果來分配請求，使每個url定向到同一個後端服務器，可以進一步提高後端緩存服務器的效率。Nginx本身是不支持url_hash的，如果需要使用這種調度算法，必須安裝Nginx 的hash軟件包。

nginx+keepalived構建負載均衡代理服務器

【面試準備】又一次失敗的面試經歷，題目離譜～資深軟件測試工程師

dotnet 8 版本與銀河麒麟V10和UOS系統的 glibc 兼容性

monkey測試 --kill-process-after-error參數原理解析；android不彈ANR彈窗；ANR時進程被殺重啓

SharePoint 解決方案：SharePoint Server API無法上傳大於2GB的文檔

淺談路徑搜索問題

plsql不安裝oracle客戶端連接oracle數據庫(windowsX64)

go http client & server gzip數據壓縮格式

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結