龙空技术网

nginx+keepalive搭建高可用nginx平台

江湖闲人于梅 903

前言:

眼前朋友们对“useraddnginx”大致比较着重,各位老铁们都想要学习一些“useraddnginx”的相关知识。那么小编在网上网罗了一些关于“useraddnginx””的相关内容,希望大家能喜欢,各位老铁们一起来学习一下吧!

整体架构示意图:

整体架构示意图

节点01:

R-IP:172.16.106.60

V-IP:172.16.106.10

back:172.16.106.61

节点02:

R-IP:172.16.106.61

V-IP:172.16.106.11

back:172.16.106.60

节点1:

准备工作

设置主机名

hostnamectl set-hostname ngo01

echo "172.16.106.60 ngo01" >> /etc/hosts

echo "172.16.106.61 ngo01" >> /etc/hosts

关闭SELINUX

vi /etc/selinux/config

SELINUX=disabled

临时关闭:

setenforce 0

扩张 / 空间

fdisk /dev/sdb #n w

pvcreate /dev/sdb1

vgextend vg_root /dev/sdb1

lvextend -l +100%FREE /dev/vg_root/root

xfs_growfs /dev/mapper/vg_root-root

安装keepalived

yum -y install libnl libnl-devel

yum install -y libnfnetlink-devel

上传keepalived-2.0.7.tar.gz nginx-1.14.0.tar.gz

tar -zxvf keepalived-2.0.7.tar.gz

mv keepallived-2.0.7 keepalived

mv keepalived /usr/local

cd /usr/local/keepalived

./configure --prefix=/usr/local/keepalived

配置结果:

Keepalived configuration

------------------------

Keepalived version : 2.0.7

Compiler : gcc

Preprocessor flags :

Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -Winit-self -g -D_GNU_SOURCE -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -O2

Linker flags : -pie

Extra Lib : -lcrypto -lssl -lnl

Use IPVS Framework : Yes

IPVS use libnl : Yes

IPVS syncd attributes : No

IPVS 64 bit stats : No

HTTP_GET regex support : No

fwmark socket support : Yes

Use VRRP Framework : Yes

Use VRRP VMAC : Yes

Use VRRP authentication : Yes

With ip rules/routes : Yes

Use BFD Framework : No

SNMP vrrp support : No

SNMP checker support : No

SNMP RFCv2 support : No

SNMP RFCv3 support : No

DBUS support : No

SHA1 support : No

Use Json output : No

libnl version : 1

Use IPv4 devconf : No

Use libiptc : No

Use libipset : No

init type : systemd

Strict config checks : No

Build genhash : Yes

Build documentation : No

安装

make && make install

节点2:

hostnamectl set-hostname ngo02.jolma.cn

echo "172.16.106.60 ngo01" >> /etc/hosts

echo "172.16.106.61 ngo01" >> /etc/hosts

关闭SELINUX

vi /etc/selinux/config

SELINUX=disabled

临时关闭:

setenforce 0

扩张 / 空间

fdisk /dev/sda #n w

reboot

pvcreate /dev/sda3

vgextend vg_root /dev/sda3

lvextend -l +100%FREE /dev/vg_root/root

xfs_growfs /dev/mapper/vg_root-root

安装keepalived

yum -y install libnl libnl-devel libnfnetlink-devel

yum -y install openssl-devel

上传keepalived-2.0.7.tar.gz nginx-1.14.0.tar.gz

tar -zxvf keepalived-2.0.7.tar.gz

mv keepallived-2.0.7 keepalived

mv keepalived /usr/local

cd /usr/local/keepalived

./configure --prefix=/usr/local/keepalived

配置结果:

kepalived version : 2.0.7

Compiler : gcc

Preprocessor flags :

Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -Winit-self -g -D_GNU_SOURCE -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -O2

Linker flags : -pie

Extra Lib : -lcrypto -lssl -lnl

Use IPVS Framework : Yes

IPVS use libnl : Yes

IPVS syncd attributes : No

IPVS 64 bit stats : No

HTTP_GET regex support : No

fwmark socket support : Yes

Use VRRP Framework : Yes

Use VRRP VMAC : Yes

Use VRRP authentication : Yes

With ip rules/routes : Yes

Use BFD Framework : No

SNMP vrrp support : No

SNMP checker support : No

SNMP RFCv2 support : No

SNMP RFCv3 support : No

DBUS support : No

SHA1 support : No

Use Json output : No

libnl version : 1

Use IPv4 devconf : No

Use libiptc : No

Use libipset : No

init type : systemd

Strict config checks : No

Build genhash : Yes

Build documentation : No

安装

make && make install

节点1配置keepalived

cd /usr/local/keepalived/etc/keepalived

cp keepalived.conf keepalived.conf_$(date +%F)

vi keepalived.conf

! Configuration File for keepalived

global_defs {

notification_email {

xjs@jolma.cn

}

notification_email_from xjs@jolma.cn

smtp_server 127.0.0.1

smtp_connect_timeout 30

router_id LVS_DEVEL

vrrp_skip_check_adv_addr

vrrp_strict

vrrp_garp_interval 0

vrrp_gna_interval 0

}

vrrp_script chk_http_port {

script "/opt/nginx_pid.sh" ####检测nginx状态的脚本路径

interval 2

weight 2

}

vrrp_instance VI_1 {

state MASTER ############ 辅机为 BACKUP

interface ens192 ####HA 虚拟机的网卡名称

virtual_router_id 51 #主、备机的 virtual_router_id 必须相同

priority 100 ########### 权值要比 back 高

advert_int 1 #主备之间的通告间隔秒数

track_interface{

ens192

}

authentication {

auth_type PASS ###默认配置 主备切换时的验证

auth_pass 1111

}

track_script {

chk_http_port ### 执行监控的服务

}

virtual_ipaddress {

172.16.106.10 ####虚拟ip,vip的地址

}

}

vrrp_instance VI_2 {

state BACKUP

interface ens192 #两处都为本机的网络接口

virtual_router_id 54

priority 90 #权重

advert_int 1

track_interface{

ens192

}

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

172.16.106.11

}

}

节点2配置:

cd /usr/local/keepalived/etc/keepalived

cp keepalived.conf keepalived.conf_$(date +%F)

vi keepalievd.conf

! Configuration File for keepalived

global_defs {

notification_email {

xjs@jolma.cn

}

notification_email_from xjs@jolma.cn

smtp_server 127.0.0.1

smtp_connect_timeout 30

router_id LVS_DEVEL

vrrp_skip_check_adv_addr

vrrp_strict

vrrp_garp_interval 0

vrrp_gna_interval 0

}

vrrp_script chk_http_port {

script "/opt/nginx_pid.sh" ####检测nginx状态的脚本路径

interval 2

weight 2

}

vrrp_instance VI_1 {

state BACKUP ############ 辅机为 BACKUP

interface ens192 ####HA 虚拟机的网卡名称

virtual_router_id 51 #主、备机的 virtual_router_id 必须相同

priority 90 ########### 权值要比 back 高

advert_int 1 #主备之间的通告间隔秒数

track_interface{

ens192

}

authentication {

auth_type PASS ###默认配置 主备切换时的验证

auth_pass 1111

}

track_script {

chk_http_port ### 执行监控的服务

}

virtual_ipaddress {

172.16.106.10 ####虚拟ip,vip的地址

}

}

vrrp_instance VI_2 {

state MASTER

interface ens192 #两处都为本机的网络接口

virtual_router_id 54

priority 100 #权重

advert_int 1

track_interface{

ens192

}

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

172.16.106.11

}

}

配置开机启动

cd /etc/sysconfig/

ln -s /usr/local/keepalived/etc/sysconfig/keepalived keepalived

mkdir -p /etc/keepalived

cd /etc/keepalived

ln -s /usr/local/keepalived/etc/keepalived/keepalived.conf keepalived.conf

cd /usr/sbin

ln -s /usr/local/keepalived/sbin/keepalived keepalived

systemctl enable keepalived

安装nginx 1.15.3版本

yum -y install pcre pcre-devel openssl openssl-devel gcc gcc-c++ autoconf automake zlib-devel libxml2 libxml2-dev libxslt-devel gd-devel perl-devel perl-ExtUtils-Embed GeoIP GeoIP-devel GeoIP-data make GeoIP-devel GeoIP-update

groupadd nginx useradd nginx -g nginx -s /sbin/nologin -M

tar -zxvf nginx-1.15.3.tar.gz

mv nginx-1.15.3 nginx

mv nginx /usr/local

mkdir -p /usr/local/nginx

mkdir -p /var/run/nginx

mkdir -p /var/lock

mkdir -p /var/log/nginx

mkdir -p /var/temp/nginx/client

mkdir -p /var/temp/nginx/proxy

mkdir -p /var/temp/nginx/fastcgi

mkdir -p /var/temp/nginx/uwsgi

mkdir -p /var/temp/nginx/scgi

mkdir -p /usr/local/nginx/sbin

chmod 777 /usr/local/nginx

chmod 777 /var/run/nginx

chmod 777 /var/lock

chmod 777 /var/log/nginx

chmod 777 /var/temp/nginx/client

chmod 777 /var/temp/nginx/proxy

chmod 777 /var/temp/nginx/fastcgi

chmod 777 /var/temp/nginx/uwsgi

chmod 777 /var/temp/nginx/scgi

chmod 777 /usr/local/nginx/sbin

./configure \

--prefix=/usr/local/nginx \

--conf-path=/usr/local/nginx/nginx.conf \

--pid-path=/var/run/nginx/nginx.pid \

--lock-path=/var/lock/nginx.lock \

--error-log-path=/var/log/nginx/error.log \

--http-log-path=/var/log/nginx/access.log \

--with-http_gzip_static_module \

--with-http_ssl_module \

--with-http_v2_module \

--with-http_stub_status_module \

--with-pcre \

--http-client-body-temp-path=/var/temp/nginx/client \

--http-proxy-temp-path=/var/temp/nginx/proxy \

--http-fastcgi-temp-path=/var/temp/nginx/fastcgi \

--http-uwsgi-temp-path=/var/temp/nginx/uwsgi \

--user=nginx \ --group=nginx \

--http-scgi-temp-path=/var/temp/nginx/scgi

安装ngxin

make && make install

配置开机启动

vi /lib/systemd/system/nginx.service

[Unit]

Description=nginx

After=network.target

[Service]

Type=forking

ExecStart=/usr/local/nginx/sbin/nginx

ExecReload=/usr/local/nginx/sbin/nginx -s reload

ExecStop=/usr/local/nginx/sbin/nginx -s quit

PrivateTmp=true

[Install]

WantedBy=multi-user.target

配置开机启动nginx

systemctl enable nginx

在两个节点启动keeplive和nginx:

systemctl start keepalived

systemctl start nginx

防火墙配置下端口:

firewall-cmd --permanent --add-port=80/tcp

firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface ens192 --destination 224.0.0.18 --protocol vrrp -j ACCEPT

firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface ens192 --destination 224.0.0.18 --protocol vrrp -j ACCEPT firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 --out-interface ens192 --destination 224.0.0.18 --protocol vrrp -j ACCEPT firewall-cmd --reload

nginx常用的优化内容:

cp nginx.conf nginx.conf_$(date +%F)

vi nginx.conf

sendfile on;

tcp_nopush on;

tcp_nodelay on;

keepalive_timeout 65;

types_hash_max_size 2048;

#关闭版本显示

server_tokens off;

#gzip 压缩传输

gzip on;

gzip_min_length 1k;

gzip_buffers 4 16k;

gzip_http_version 1.0;

gzip_comp_level 2;

gzip_types text/plain application/x-javascripttext/css application/xml;

gzip_vary on;

#配置代理参数

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_connect_timeout 90;

proxy_read_timeout 90;

proxy_send_timeout 90;

proxy_buffer_size 4k;

#缓存配置

proxy_temp_file_write_size 264k;

proxy_temp_path /var/cache/nginx/nginx_temp;

proxy_cache_path /var/cache/nginx/nginx_cache levels=1:2 keys_zone=cache_one:200m inactive=5d max_size=400m;

proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;

# Load modular configuration files from the /etc/nginx/conf.d directory.

# See

# for more information.

include /usr/local/nginx/conf/conf.d/*.conf;

网站nginx配置示例:

非集群:

server {

listen 80;

server_name e-seal.****.cn;

#access_log error_log

error_log /var/log/nginx/error_eseal.log error;

access_log /var/log/nginx/access_eseal.log main;

location / {

# location ~ .*\.(jpg|jpeg|gif|png|ico)$ {

proxy_pass ;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_redirect off;

client_max_body_size 500m;

client_body_buffer_size 928k;

}

}

双节点集群:

upstream oa {

ip_hash;

server 172.16.109.101:8080 weight=10 max_fails=1 fail_timeout=36;

#server 172.16.109.101:8080 down;

server 172.16.109.102:8080 weight=10 max_fails=1 fail_timeout=36;

#server 172.16.109.102:8080 down;

}

server {

listen 80;

# listen 8899;

server_name oa.****.cn;

#access_log error_log

error_log /var/log/nginx/error_oa.log error;

access_log /var/log/nginx/access_oa.log main;

location / {

proxy_pass ;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host;

# proxy_set_header Host $host:$server_port;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_redirect off;

client_max_body_size 500m;

client_body_buffer_size 928k;

}

}

以上就是核心的配置步骤,如果有不清楚的欢迎留言问下,帮您看下什么问题。

标签: #useraddnginx #nginx主备机 #nginxsetcookie #nginx设置777 #nginxtcpkeepalive