前言:
眼前朋友们对“useraddnginx”大致比较着重,各位老铁们都想要学习一些“useraddnginx”的相关知识。那么小编在网上网罗了一些关于“useraddnginx””的相关内容,希望大家能喜欢,各位老铁们一起来学习一下吧!整体架构示意图:
整体架构示意图
节点01:
R-IP:172.16.106.60
V-IP:172.16.106.10
back:172.16.106.61
节点02:
R-IP:172.16.106.61
V-IP:172.16.106.11
back:172.16.106.60
节点1:
准备工作
设置主机名
hostnamectl set-hostname ngo01
echo "172.16.106.60 ngo01" >> /etc/hosts
echo "172.16.106.61 ngo01" >> /etc/hosts
关闭SELINUX
vi /etc/selinux/config
SELINUX=disabled
临时关闭:
setenforce 0
扩张 / 空间
fdisk /dev/sdb #n w
pvcreate /dev/sdb1
vgextend vg_root /dev/sdb1
lvextend -l +100%FREE /dev/vg_root/root
xfs_growfs /dev/mapper/vg_root-root
安装keepalived
yum -y install libnl libnl-devel
yum install -y libnfnetlink-devel
上传keepalived-2.0.7.tar.gz nginx-1.14.0.tar.gz
tar -zxvf keepalived-2.0.7.tar.gz
mv keepallived-2.0.7 keepalived
mv keepalived /usr/local
cd /usr/local/keepalived
./configure --prefix=/usr/local/keepalived
配置结果:
Keepalived configuration
------------------------
Keepalived version : 2.0.7
Compiler : gcc
Preprocessor flags :
Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -Winit-self -g -D_GNU_SOURCE -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -O2
Linker flags : -pie
Extra Lib : -lcrypto -lssl -lnl
Use IPVS Framework : Yes
IPVS use libnl : Yes
IPVS syncd attributes : No
IPVS 64 bit stats : No
HTTP_GET regex support : No
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
With ip rules/routes : Yes
Use BFD Framework : No
SNMP vrrp support : No
SNMP checker support : No
SNMP RFCv2 support : No
SNMP RFCv3 support : No
DBUS support : No
SHA1 support : No
Use Json output : No
libnl version : 1
Use IPv4 devconf : No
Use libiptc : No
Use libipset : No
init type : systemd
Strict config checks : No
Build genhash : Yes
Build documentation : No
安装
make && make install
节点2:
hostnamectl set-hostname ngo02.jolma.cn
echo "172.16.106.60 ngo01" >> /etc/hosts
echo "172.16.106.61 ngo01" >> /etc/hosts
关闭SELINUX
vi /etc/selinux/config
SELINUX=disabled
临时关闭:
setenforce 0
扩张 / 空间
fdisk /dev/sda #n w
reboot
pvcreate /dev/sda3
vgextend vg_root /dev/sda3
lvextend -l +100%FREE /dev/vg_root/root
xfs_growfs /dev/mapper/vg_root-root
安装keepalived
yum -y install libnl libnl-devel libnfnetlink-devel
yum -y install openssl-devel
上传keepalived-2.0.7.tar.gz nginx-1.14.0.tar.gz
tar -zxvf keepalived-2.0.7.tar.gz
mv keepallived-2.0.7 keepalived
mv keepalived /usr/local
cd /usr/local/keepalived
./configure --prefix=/usr/local/keepalived
配置结果:
kepalived version : 2.0.7
Compiler : gcc
Preprocessor flags :
Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -Winit-self -g -D_GNU_SOURCE -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -O2
Linker flags : -pie
Extra Lib : -lcrypto -lssl -lnl
Use IPVS Framework : Yes
IPVS use libnl : Yes
IPVS syncd attributes : No
IPVS 64 bit stats : No
HTTP_GET regex support : No
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
With ip rules/routes : Yes
Use BFD Framework : No
SNMP vrrp support : No
SNMP checker support : No
SNMP RFCv2 support : No
SNMP RFCv3 support : No
DBUS support : No
SHA1 support : No
Use Json output : No
libnl version : 1
Use IPv4 devconf : No
Use libiptc : No
Use libipset : No
init type : systemd
Strict config checks : No
Build genhash : Yes
Build documentation : No
安装
make && make install
节点1配置keepalived
cd /usr/local/keepalived/etc/keepalived
cp keepalived.conf keepalived.conf_$(date +%F)
vi keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
xjs@jolma.cn
}
notification_email_from xjs@jolma.cn
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_http_port {
script "/opt/nginx_pid.sh" ####检测nginx状态的脚本路径
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER ############ 辅机为 BACKUP
interface ens192 ####HA 虚拟机的网卡名称
virtual_router_id 51 #主、备机的 virtual_router_id 必须相同
priority 100 ########### 权值要比 back 高
advert_int 1 #主备之间的通告间隔秒数
track_interface{
ens192
}
authentication {
auth_type PASS ###默认配置 主备切换时的验证
auth_pass 1111
}
track_script {
chk_http_port ### 执行监控的服务
}
virtual_ipaddress {
172.16.106.10 ####虚拟ip,vip的地址
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens192 #两处都为本机的网络接口
virtual_router_id 54
priority 90 #权重
advert_int 1
track_interface{
ens192
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.106.11
}
}
节点2配置:
cd /usr/local/keepalived/etc/keepalived
cp keepalived.conf keepalived.conf_$(date +%F)
vi keepalievd.conf
! Configuration File for keepalived
global_defs {
notification_email {
xjs@jolma.cn
}
notification_email_from xjs@jolma.cn
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_http_port {
script "/opt/nginx_pid.sh" ####检测nginx状态的脚本路径
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP ############ 辅机为 BACKUP
interface ens192 ####HA 虚拟机的网卡名称
virtual_router_id 51 #主、备机的 virtual_router_id 必须相同
priority 90 ########### 权值要比 back 高
advert_int 1 #主备之间的通告间隔秒数
track_interface{
ens192
}
authentication {
auth_type PASS ###默认配置 主备切换时的验证
auth_pass 1111
}
track_script {
chk_http_port ### 执行监控的服务
}
virtual_ipaddress {
172.16.106.10 ####虚拟ip,vip的地址
}
}
vrrp_instance VI_2 {
state MASTER
interface ens192 #两处都为本机的网络接口
virtual_router_id 54
priority 100 #权重
advert_int 1
track_interface{
ens192
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.106.11
}
}
配置开机启动
cd /etc/sysconfig/
ln -s /usr/local/keepalived/etc/sysconfig/keepalived keepalived
mkdir -p /etc/keepalived
cd /etc/keepalived
ln -s /usr/local/keepalived/etc/keepalived/keepalived.conf keepalived.conf
cd /usr/sbin
ln -s /usr/local/keepalived/sbin/keepalived keepalived
systemctl enable keepalived
安装nginx 1.15.3版本
yum -y install pcre pcre-devel openssl openssl-devel gcc gcc-c++ autoconf automake zlib-devel libxml2 libxml2-dev libxslt-devel gd-devel perl-devel perl-ExtUtils-Embed GeoIP GeoIP-devel GeoIP-data make GeoIP-devel GeoIP-update
groupadd nginx useradd nginx -g nginx -s /sbin/nologin -M
tar -zxvf nginx-1.15.3.tar.gz
mv nginx-1.15.3 nginx
mv nginx /usr/local
mkdir -p /usr/local/nginx
mkdir -p /var/run/nginx
mkdir -p /var/lock
mkdir -p /var/log/nginx
mkdir -p /var/temp/nginx/client
mkdir -p /var/temp/nginx/proxy
mkdir -p /var/temp/nginx/fastcgi
mkdir -p /var/temp/nginx/uwsgi
mkdir -p /var/temp/nginx/scgi
mkdir -p /usr/local/nginx/sbin
chmod 777 /usr/local/nginx
chmod 777 /var/run/nginx
chmod 777 /var/lock
chmod 777 /var/log/nginx
chmod 777 /var/temp/nginx/client
chmod 777 /var/temp/nginx/proxy
chmod 777 /var/temp/nginx/fastcgi
chmod 777 /var/temp/nginx/uwsgi
chmod 777 /var/temp/nginx/scgi
chmod 777 /usr/local/nginx/sbin
./configure \
--prefix=/usr/local/nginx \
--conf-path=/usr/local/nginx/nginx.conf \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-http_gzip_static_module \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_stub_status_module \
--with-pcre \
--http-client-body-temp-path=/var/temp/nginx/client \
--http-proxy-temp-path=/var/temp/nginx/proxy \
--http-fastcgi-temp-path=/var/temp/nginx/fastcgi \
--http-uwsgi-temp-path=/var/temp/nginx/uwsgi \
--user=nginx \ --group=nginx \
--http-scgi-temp-path=/var/temp/nginx/scgi
安装ngxin
make && make install
配置开机启动
vi /lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
配置开机启动nginx
systemctl enable nginx
在两个节点启动keeplive和nginx:
systemctl start keepalived
systemctl start nginx
防火墙配置下端口:
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface ens192 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface ens192 --destination 224.0.0.18 --protocol vrrp -j ACCEPT firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 --out-interface ens192 --destination 224.0.0.18 --protocol vrrp -j ACCEPT firewall-cmd --reload
nginx常用的优化内容:
cp nginx.conf nginx.conf_$(date +%F)
vi nginx.conf
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
#关闭版本显示
server_tokens off;
#gzip 压缩传输
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascripttext/css application/xml;
gzip_vary on;
#配置代理参数
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90;
proxy_read_timeout 90;
proxy_send_timeout 90;
proxy_buffer_size 4k;
#缓存配置
proxy_temp_file_write_size 264k;
proxy_temp_path /var/cache/nginx/nginx_temp;
proxy_cache_path /var/cache/nginx/nginx_cache levels=1:2 keys_zone=cache_one:200m inactive=5d max_size=400m;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See
# for more information.
include /usr/local/nginx/conf/conf.d/*.conf;
网站nginx配置示例:
非集群:
server {
listen 80;
server_name e-seal.****.cn;
#access_log error_log
error_log /var/log/nginx/error_eseal.log error;
access_log /var/log/nginx/access_eseal.log main;
location / {
# location ~ .*\.(jpg|jpeg|gif|png|ico)$ {
proxy_pass ;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
client_max_body_size 500m;
client_body_buffer_size 928k;
}
}
双节点集群:
upstream oa {
ip_hash;
server 172.16.109.101:8080 weight=10 max_fails=1 fail_timeout=36;
#server 172.16.109.101:8080 down;
server 172.16.109.102:8080 weight=10 max_fails=1 fail_timeout=36;
#server 172.16.109.102:8080 down;
}
server {
listen 80;
# listen 8899;
server_name oa.****.cn;
#access_log error_log
error_log /var/log/nginx/error_oa.log error;
access_log /var/log/nginx/access_oa.log main;
location / {
proxy_pass ;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
# proxy_set_header Host $host:$server_port;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
client_max_body_size 500m;
client_body_buffer_size 928k;
}
}
以上就是核心的配置步骤,如果有不清楚的欢迎留言问下,帮您看下什么问题。
标签: #useraddnginx #nginx主备机 #nginxsetcookie #nginx设置777 #nginxtcpkeepalive
