一、拓撲圖
Nginx有很強代理功能,但是一臺nginx就形成了單點,現在使用keepalived來解決這個問題,keepalived的故障轉移時間很短.
Nginx+keepalived雙機實現nginx反向代理服務的高可用,一臺nginx掛掉之後不影響應用也不影響內網訪問外網.
Master和Backup兩邊都開啓nginx服務,無論Master還是Backup,當其中的一個keepalived服務停止後,vip都會漂移到keepalived服務還在的節點上。
二、安裝Nginx和keepalived服務
1、分別在nginx-master安裝nginx
[root@90sec src]# yum -y install gcc gcc-c++ openssl-devel pcre-devel automake autoconf
[root@90sec src]# groupadd -r nginx
[root@90sec src]# useradd -r -g nginx nginx
[root@90sec src]# tar xf nginx-1.7.5.tar.gz
[root@90sec src]# cd nginx-1.7.5
[root@90sec nginx-1.7.5]# ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_stub_status_module --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --with-http_gzip_static_module --with-http_flv_module --with-http_mp4_module | tee /tmp/nginx.txt ###可以把nginx安裝的路徑保存到nginx.txt中
[root@90sec nginx-1.7.5]# make && make install
[root@90sec nginx-1.7.5]# vim /etc/rc.d/init.d/nginx
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /var/run/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
[root@90sec nginx-1.7.5]# chmod +x /etc/rc.d/init.d/nginx
[root@90sec nginx-1.7.5]# chkconfig --add nginx
[root@90sec nginx-1.7.5]# chkconfig nginx on
[root@90sec nginx-1.7.5]# service nginx restart
[root@90sec nginx-1.7.5]# ss -anptl | grep "nginx"
LISTEN 0 128 *:80 *:* users:(("nginx",38972,6),("nginx",38973,6))
[root@90sec nginx-1.7.5]# service nginx status
nginx (pid 38973 38972) is running...
2、分別創建網站首頁
[root@90sec nginx-1.7.5]# echo "Welcom to nginx-master" > /usr/local/nginx/html/index.html
[root@90sec nginx-1.7.5]# curl http://192.168.83.132
Welcom to nginx-master
[root@80sec nginx-1.7.5]# echo "Welcome to nginx-backup" > /usr/local/nginx/html/index.html
[root@80sec nginx-1.7.5]# curl http://192.168.83.133
Welcome to nginx-backup
3、安裝keepalived
[root@90sec src]# tar xf keepalived-1.2.12.tar.gz
[root@90sec src]# cd keepalived-1.2.12
[root@90sec keepalived-1.2.12]# ./configure --prefix=/usr/local/keepalived --with-dir=/usr/src/kernels/*/
[root@90sec keepalived-1.2.12]# make && make install
[root@90sec keepalived-1.2.12]# mkdir /etc/keepalived
[root@90sec keepalived-1.2.12]# cp -f keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
[root@90sec keepalived-1.2.12]# cp -f keepalived/etc/init.d/keepalived.init /etc/init.d/keepalived[root@90sec keepalived-1.2.12]# cp -f keepalived/etc/init.d/keepalived.sysconfig /etc/sysconfig/keepalived
[root@90sec keepalived-1.2.12]# cp -f /usr/local/keepalived/sbin/keepalived /sbin/
修改keepalived的配置文件
## nginx-master###
[root@90sec keepalived-1.2.12]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived #全局定義
global_defs {
notification_email {
[email protected] #發生故障時給誰發送郵件
}
notification_email_from root@localhost #故障用那個郵箱發送郵件
smtp_server 127.0.0.1 #指定發送email的smtp服務器
smtp_connect_timeout 30 #超時時間
router_id LVS_DEVEL #運行keepalived的機器的一個標識
}
vrrp_script chk_nginx { #檢測nginx服務是否在運行有很多方式,比如進程,用腳本檢測等等
script "killall -0 nginx" #用shell命令檢查nginx服務是否存在
interval 1 #時間間隔爲1秒檢測一次
weight -2 #當nginx的服務不存在了,就把當前的權重-2
fall 2 #測試失敗的次數
rise 1 #測試成功的次數
}
vrrp_instance VI_1 {
state MASTER #爲主服務器
interface eth0 #監聽的本地網卡接口
virtual_router_id 51 #主輔virtual_router_id號必須相同
mcast_src_ip=192.168.83.132 #主nginx的IP地址
priority 100 #優先級
advert_int 1 ###同步間隔時長
authentication { #認證
auth_type PASS #認證方式
auth_pass 1111 #密鑰
}
virtual_ipaddress {
192.168.83.131/24 dev eth1 #VIP
}
}
##後面的就都用不到了刪除就可以
####nginx-backup####
! Configuration File for keepalived
global_defs {
notification_email {
}
notification_email_from root@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
mcast_src_ip=192.168.83.133 #修改爲133
priority 90 #修改爲90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.83.131/24 dev eth1
}
}
啓動keepalived服務(主輔兩臺)
[root@90sec keepalived-1.2.12]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@90sec keepalived-1.2.12]# chkconfig --add keepalived
[root@90sec keepalived-1.2.12]# chkconfig keepalived on
查看vip是否主動切換
nginx-maser上keepalived關閉之前
nginx-master上keepalived關閉之後
四、修改nginx配置文件做反向代理
1、分別在web1,web2安裝httpd服務
[root@70sec ~]# yum -y install httpd
[root@70sec ~]# echo "<h1>Welcome to WEB1</h1>" > /var/www/html/index.html
[root@70sec ~]# service httpd restart
Stopping httpd: [FAILED]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 70sec.com for ServerName
[ OK ]
[root@70sec ~]# curl http://192.168.83.134
<h1>Welcome to WEB1</h1>
[root@10sec ~]# yum -y install httpd
[root@10sec ~]# echo "<h1>Welcome to WEB2</h1>" > /var/www/html/index.html
[root@10sec ~]# service httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 10sec.com for ServerName
[ OK ]
[root@10sec ~]# curl httpd://192.168.83.135
<h1>Welcome to WEB2</h1>
2、修改nginx的配置文件做反向代理(主輔配置文件相同)
user nginx nginx; ##運行nginx的用戶和組
worker_processes 2; ##啓動進程數
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
use epoll; ##工作模型
worker_connections 1024; ##單進程最大連接數
}
http { ##http模塊
include mime.types; ##包含進來
default_type application/octet-stream; ##默認類型
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65; ##長連接時長
#gzip on;
upstream web { ##用upstream定義集羣與RS
server 192.168.83.134:80 weight=1 max_fails=3 fail_timeout=10s; ##RS地址,錯誤請求與超時時長
server 192.168.83.135:80 weight=1 max_fails=3 fail_timeout=10s;
}
server {
listen 80; ##監聽端口
server_name 192.168.83.131; ##ServerName
root html;
index index.html index.htm;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://web; ##反向代理
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For Proxy_add_x_forwarded_for;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
3、拷貝到nginx-backup上
[root@90sec sbin]# scp /usr/local/nginx/conf/nginx.conf 192.168.83.133:/usr/local/nginx/conf/
測試代理
測試負載
現在關掉web1
[root@70sec ~]# service httpd stop
Stopping httpd: [ OK ]
再開啓web1,關閉web2
[root@70sec ~]# service httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 70sec.com for ServerName
[ OK ]
[root@10sec ~]# service httpd stop
Stopping httpd: [ OK ]
upstream 支持的負載均衡算法
Nginx的負載均衡模塊目前支持4種調度算法,下面進行分別介紹,其中後兩項屬於第三方調度算法。
輪詢(默認)。每個請求按時間順序逐一分配到不同的後端服務器,如果後端某臺服務器宕機,故障系統被自動剔除,使用戶訪問不受影響。Weight 指定輪詢權值,Weight值越大,分配到的訪問機率越高,主要用於後端每個服務器性能不均的情況下。
ip_hash。每個請求按訪問IP的hash結果分配,這樣來自同一個IP的訪客固定訪問一個後端服務器,有效解決了動態網頁存在的session共享問題。
fair。這是比上面兩個更加智能的負載均衡算法。此種算法可以依據頁面大小和加載時間長短智能地進行負載均衡,也就是根據後端服務器的響應時間來分配請求,響應時間短的優先分配。Nginx本身是不支持fair的,如果需要使用這種調度算法,必須下載Nginx的upstream_fair模塊。
url_hash。此方法按訪問url的hash結果來分配請求,使每個url定向到同一個後端服務器,可以進一步提高後端緩存服務器的效率。Nginx本身是不支持url_hash的,如果需要使用這種調度算法,必須安裝Nginx 的hash軟件包。