zoukankan      html  css  js  c++  java
  • Nginx+Keepalived实现Web服务器负载均衡

    说明:

    操作系统:CentOS 5.X 64位

    Web服务器:192.168.21.127、192.168.21.128

    站点:bbs.osyunwei.com和sns.osyunwei.com部署在两台Web服务器上

    实现目的:

    增加两台服务器(主主模式),通过Nginx+Keepalived实现Web服务器负载均衡

    架构规划:

    负载均衡服务器:192.168.21.129、192.168.21.130

    虚拟服务器(VIP):192.168.21.252、192.168.21.253

    部署完成之后:

    1、VIP:192.168.21.253指向192.168.21.129;VIP:192.168.21.252指向192.168.21.130;

    2、当192.168.21.129宕机时,VIP:192.168.21.253漂移到192.168.21.130上;

    3、当192.168.21.130宕机时,VIP:192.168.21.252漂移到192.168.21.129上;

    这样的主主模式好处是,两台服务器在提供服务的同时,又互为对方的备份服务器。

    具体操作:

    第一部分:在两台Nginx服务器上分别操作

    一、关闭SElinux、配置防火墙

    1、vi /etc/selinux/config

    #SELINUX=enforcing #注释掉

    #SELINUXTYPE=targeted #注释掉

    SELINUX=disabled #增加

    :wq!  #保存退出

    setenforce 0 #使配置立即生效

    2、vi /etc/sysconfig/iptables  #编辑

    -A RH-Firewall-1-INPUT -d 224.0.0.18 -j ACCEPT  #允许组播地址通信

    -A RH-Firewall-1-INPUT -p    vrrp    -j ACCEPT  #允许VRRP(虚拟路由器冗余协)通信

    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT  #允许80端口通过防火墙

    :wq! #保存退出

    /etc/init.d/iptables restart #重启防火墙使配置生效

    二、安装Nginx

    1、安装编译工具包(使用CentOS yum命令安装,安装的包比较多,方便以后配置lnmp环境)

    yum install -y make apr* autoconf automake curl curl-devel gcc gcc-c++ gtk+-devel zlib-devel openssl openssl-devel pcre-devel gd kernel keyutils patch perl kernel-headers compat*  cpp glibc libgomp libstdc++-devel keyutils-libs-devel libsepol-devel libselinux-devel krb5-devel  libXpm* freetype freetype-devel freetype* fontconfig fontconfig-devel  libjpeg* libpng* php-common php-gd gettext gettext-devel ncurses* libtool* libxml2 libxml2-devel patch policycoreutils bison

    2、下载软件包

    (1)http://nginx.org/download/nginx-1.4.7.tar.gz  #下载Nginx

    (2)ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.34.tar.gz  #下载pcre (支持nginx伪静态)

    (3)http://labs.frickle.com/files/ngx_cache_purge-2.1.tar.gz  #下载ngx_cache_purge(方便以后扩展配置nginx缓存服务器)

    上传以上软件包到/usr/local/src 目录

    3、安装pcre

    cd /usr/local/src

    mkdir /usr/local/pcre #创建安装目录

    tar zxvf pcre-8.34.tar.gz

    cd pcre-8.34

    ./configure --prefix=/usr/local/pcre #配置

    make

    make install

    4、安装Nginx

    cd /usr/local/src

    groupadd  www  #添加www组

    useradd -g www www -s /bin/false  #创建nginx运行账户www并加入到www组,不允许www用户直接登录系统

    cd /usr/local/src  #进入安装目录

    tar  zxvf  ngx_cache_purge-2.1.tar.gz  #解压

    tar  zxvf nginx-1.4.7.tar.gz  #解压

    cd nginx-1.4.7

    ./configure --prefix=/usr/local/nginx --without-http_memcached_module --user=www --group=www --with-http_stub_status_module --with-openssl=/usr/ --with-pcre=/usr/local/src/pcre-8.34  --add-module=../ngx_cache_purge-2.1  #配置

    注意:--with-pcre=/usr/local/src/pcre-8.34指向的是源码包解压的路径,而不是安装的路径,否则会报错

    make  #编译

    make install #安装

    /usr/local/nginx/sbin/nginx #启动nginx

    设置nginx开启启动

    vi /etc/rc.d/init.d/nginx #编辑启动文件添加下面内容

    =======================================================

    #!/bin/sh

    #

    # nginx - this script starts and stops the nginx daemon

    #

    # chkconfig:   - 85 15

    # description:  Nginx is an HTTP(S) server, HTTP(S) reverse

    #               proxy and IMAP/POP3 proxy server

    # processname: nginx

    # config:      /etc/nginx/nginx.conf

    # config:      /usr/local/nginx/conf/nginx.conf

    # pidfile:     /usr/local/nginx/logs/nginx.pid

    # Source function library.

    . /etc/rc.d/init.d/functions

    # Source networking configuration.

    . /etc/sysconfig/network

    # Check that networking is up.

    [ "$NETWORKING" = "no" ] && exit 0

    nginx="/usr/local/nginx/sbin/nginx"

    prog=$(basename $nginx)

    NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"

    [ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx

    lockfile=/var/lock/subsys/nginx

    make_dirs() {

    # make required directories

    user=`$nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=([^ ]*).*/1/g' -`

    if [ -z "`grep $user /etc/passwd`" ]; then

    useradd -M -s /bin/nologin $user

    fi

    options=`$nginx -V 2>&1 | grep 'configure arguments:'`

    for opt in $options; do

    if [ `echo $opt | grep '.*-temp-path'` ]; then

    value=`echo $opt | cut -d "=" -f 2`

    if [ ! -d "$value" ]; then

    # echo "creating" $value

    mkdir -p $value && chown -R $user $value

    fi

    fi

    done

    }

    start() {

    [ -x $nginx ] || exit 5

    [ -f $NGINX_CONF_FILE ] || exit 6

    make_dirs

    echo -n $"Starting $prog: "

    daemon $nginx -c $NGINX_CONF_FILE

    retval=$?

    echo

    [ $retval -eq 0 ] && touch $lockfile

    return $retval

    }

    stop() {

    echo -n $"Stopping $prog: "

    killproc $prog -QUIT

    retval=$?

    echo

    [ $retval -eq 0 ] && rm -f $lockfile

    return $retval

    }

    restart() {

    #configtest || return $?

    stop

    sleep 1

    start

    }

    reload() {

    #configtest || return $?

    echo -n $"Reloading $prog: "

    killproc $nginx -HUP

    RETVAL=$?

    echo

    }

    force_reload() {

    restart

    }

    configtest() {

    $nginx -t -c $NGINX_CONF_FILE

    }

    rh_status() {

    status $prog

    }

    rh_status_q() {

    rh_status >/dev/null 2>&1

    }

    case "$1" in

    start)

    rh_status_q && exit 0

    $1

    ;;

    stop)

    rh_status_q || exit 0

    $1

    ;;

    restart|configtest)

    $1

    ;;

    reload)

    rh_status_q || exit 7

    $1

    ;;

    force-reload)

    force_reload

    ;;

    status)

    rh_status

    ;;

    condrestart|try-restart)

    rh_status_q || exit 0

    ;;

    *)

    echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"

    exit 2

    esac

    =======================================================

    :wq! #保存退出

    chmod 775 /etc/rc.d/init.d/nginx #赋予文件执行权限

    chkconfig nginx on #设置开机启动

    /etc/rc.d/init.d/nginx restart  #重新启动Nginx

    service nginx restart

    =======================================================

    三、配置Nginx

    cp /usr/local/nginx/conf/nginx.conf  /usr/local/nginx/conf/nginx.confbak  #备份nginx配置文件

    1、设置nginx运行账

    vi  /usr/local/nginx/conf/nginx.conf  #编辑,修改

    找到user nobody;修改为

    user www www;    #在第一行

    :wq! #保存退出

    2、禁止nginx空主机头

    vi /usr/local/nginx/conf/nginx.conf   #编辑

    找到server,在上面一行添加如下内容:

    ##############################

    server {

    listen       80 default;

    server_name  _;

    location / {

    root   html;

    return 404;

    }

    location ~ /.ht {

    deny  all;

    }

    }

    ##############################

    :wq! #保存退出

    /etc/rc.d/init.d/nginx restart     #重启nginx

    这样设置之后,空主机头访问会直接跳转到nginx404错误页面。

    3、添加nginx虚拟主机包含文件

    cd /usr/local/nginx/conf/   #进入nginx安装目录

    mkdir vhost   #建立虚拟目录

    vi  /usr/local/nginx/conf/nginx.conf   #编辑

    找到上一步添加的代码,在最后添加如下内容:

    include  vhost/*.conf;

    :wq! #保存退出

    例如:

    ##############################

    server {

    listen       80 default;

    server_name  _;

    location / {

    root   html;

    return 404;

    }

    location ~ /.ht {

    deny  all;

    }

    }

    include  vhost/*.conf;

    ##############################

    4、添加Web服务器列表文件

    cd  /usr/local/nginx/conf/   #进入目录

    touch  mysvrhost.conf  #建立文件

    vi  /usr/local/nginx/conf/nginx.conf   #编辑

    找到上一步添加的代码,在下面添加一行

    include  mysvrhost.conf;

    :wq! #保存退出

    5、设置nginx全局参数

    vi  /usr/local/nginx/conf/nginx.conf   #编辑

    worker_processes 2;   # 工作进程数,为CPU的核心数或者两倍

    events

    {

    use epoll;   #增加

    worker_connections 65535;    #修改为65535,最大连接数。

    }

    #############以下代码在http { 部分增加与修改##############

    server_names_hash_bucket_size 128;   #增加

    client_header_buffer_size 32k;       #增加

    large_client_header_buffers 4 32k;   #增加

    client_max_body_size 300m;           #增加

    tcp_nopush     on;      #修改为on

    keepalive_timeout  60;  #修改为60

    tcp_nodelay on;        #增加

    server_tokens off;     #增加,不显示nginx版本信息

    gzip  on;  #修改为on

    gzip_min_length  1k;      #增加

    gzip_buffers     4 16k;   #增加

    gzip_http_version 1.1;    #增加

    gzip_comp_level 2;        #增加

    gzip_types       text/plain application/x-javascript text/css application/xml;  #增加

    gzip_vary on;  #增加

    6、设置Web服务器列表

    cd  /usr/local/nginx/conf/   #进入目录

    vi mysvrhost.conf  #编辑,添加以下代码

    upstream  osyunweihost {

    server 192.168.21.127:80 weight=1 max_fails=2 fail_timeout=30s;

    server 192.168.21.128:80 weight=1 max_fails=2 fail_timeout=30s;

    ip_hash;

    }

    7、新建虚拟主机配置文件

    cd /usr/local/nginx/conf/vhost   #进入虚拟主机目录

    touch osyunwei.conf #建立虚拟主机配置文件

    vi  osyunwei.conf #编辑

    log_format  access  '$remote_addr - $remote_user [$time_local] $request '

    '"$status" $body_bytes_sent "$http_referer" '

    '"$http_user_agent" "$http_x_forwarded_for"';

    server

    {

    listen       80;

    server_name bbs.osyunwei.com sns.osyunwei.com;

    location /

    {

    proxy_next_upstream http_502 http_504 error timeout invalid_header;

    proxy_pass http://osyunweihost;

    #proxy_redirect off;

    proxy_set_header Host  $host;

    proxy_set_header X-Forwarded-For  $remote_addr;

    }

    location /NginxStatus {

    stub_status on;

    access_log  on;

    auth_basic  "NginxStatus";

    #auth_basic_user_file  pwd;

    }

    access_log  /usr/local/nginx/logs/access.log  access;

    }

    :wq!  #保存配置

    service nginx restart  #重启nginx

    四、安装keepalived

    系统运维  www.osyunwei.com  温馨提醒:qihang01原创内容©版权所有,转载请注明出处及原文链接

    下载keeplived:http://www.keepalived.org/software/keepalived-1.2.12.tar.gz

    上传keepalived-1.2.12.tar.gz到/usr/local/src目录

    cd /usr/local/src

    tar zxvf keepalived-1.2.12.tar.gz

    cd keepalived-1.2.12

    ./configure  --prefix=/usr/local/keepalived  #配置,必须看到以下提示,说明配置正确,才能继续安装

    Use IPVS Framework : Yes

    IPVS sync daemon support : Yes

    Use VRRP Framework       : Yes

    make #编辑

    make install  #安装

    cp /usr/local/keepalived/etc/sysconfig/keepalived  /etc/sysconfig/keepalived

    mkdir /etc/keepalived

    ln -s /usr/local/keepalived/etc/keepalived/keepalived.conf  /etc/keepalived/

    cp /usr/local/keepalived/sbin/keepalived /usr/sbin/

    cp /usr/local/keepalived/etc/rc.d/init.d/keepalived  /etc/rc.d/init.d/

    chmod +x /etc/rc.d/init.d/keepalived  #添加执行权限

    chkconfig keepalived on  #设置开机启动

    service keepalived start #启动

    service keepalived stop  #关闭

    service keepalived restart  #重启

    五、配置keepalived

    cp /usr/local/keepalived/etc/keepalived/keepalived.conf  /usr/local/keepalived/etc/keepalived/keepalived.conf-bak

    vi /usr/local/keepalived/etc/keepalived/keepalived.conf  #编辑,修改为以下代码

    #########################################################

    #以下为192.168.21.129服务器

    ! Configuration File for keepalived

    global_defs {

    notification_email {

    acassen@firewall.loc

    failover@firewall.loc

    sysadmin@firewall.loc

    }

    notification_email_from Alexandre.Cassen@firewall.loc

    smtp_server 192.168.200.1

    smtp_connect_timeout 30

    router_id LVS_DEVEL

    }

    vrrp_script chk_nginx {

    script "/etc/keepalived/check_nginx.sh"  #Nginx服务监控脚本

    interval 2

    weight 2

    }

    vrrp_instance VI_1 {

    state MASTER

    interface eth0

    virtual_router_id 51

    priority 100

    advert_int 1

    authentication {

    auth_type PASS

    auth_pass 1111

    }

    track_script {

    chk_nginx #监测nginx进程状态

    }

    virtual_ipaddress {

    192.168.21.253

    }

    notify_master "/etc/keepalived/clean_arp.sh  192.168.21.253"  #更新虚拟服务器(VIP)地址的arp记录到网关

    }

    vrrp_instance VI_2 {

    state BACKUP

    interface eth0

    virtual_router_id 52

    priority 99

    advert_int 1

    authentication {

    auth_type PASS

    auth_pass 1111

    }

    virtual_ipaddress {

    192.168.21.252

    }

    notify_master "/etc/keepalived/clean_arp.sh  192.168.21.252"  #更新虚拟服务器(VIP)地址的arp记录到网关

    }

    #########################################################

    :wq! #保存退出

    #########################################################

    #以下为192.168.21.130服务器

    ! Configuration File for keepalived

    global_defs {

    notification_email {

    acassen@firewall.loc

    failover@firewall.loc

    sysadmin@firewall.loc

    }

    notification_email_from Alexandre.Cassen@firewall.loc

    smtp_server 192.168.200.1

    smtp_connect_timeout 30

    router_id LVS_DEVEL

    }

    vrrp_script chk_nginx {

    script "/etc/keepalived/check_nginx.sh"  #Nginx服务监控脚本

    interval 2

    weight 2

    }

    vrrp_instance VI_1 {

    state BACKUP

    interface eth0

    virtual_router_id 51

    priority 99

    advert_int 1

    authentication {

    auth_type PASS

    auth_pass 1111

    }

    track_script {

    chk_nginx #监测nginx进程状态

    }

    virtual_ipaddress {

    192.168.21.253

    }

    notify_master "/etc/keepalived/clean_arp.sh  192.168.21.253"  #更新虚拟服务器(VIP)地址的arp记录到网关

    }

    vrrp_instance VI_2 {

    state MASTER

    interface eth0

    virtual_router_id 52

    priority 100

    advert_int 1

    authentication {

    auth_type PASS

    auth_pass 1111

    }

    virtual_ipaddress {

    192.168.21.252

    }

    notify_master "/etc/keepalived/clean_arp.sh  192.168.21.252"  #更新虚拟服务器(VIP)地址的arp记录到网关

    }

    #########################################################

    :wq! #保存退出

    六、设置nginx服务监控脚本

    touch /usr/local/keepalived/check_nginx.sh

    ln -s /usr/local/keepalived/check_nginx.sh  /etc/keepalived/check_nginx.sh

    vi  /etc/keepalived/check_nginx.sh #编辑,添加以下代码

    #########################################################

    #!/bin/sh

    if [ $(ps -C nginx --no-header | wc -l) -eq 0 ]; then

    /etc/rc.d/init.d/nginx  start

    fi

    sleep 2

    if [ $(ps -C nginx --no-header | wc -l) -eq 0 ]; then

    /etc/rc.d/init.d/keepalived  stop

    fi

    #########################################################

    :wq! #保存退出

    chmod +x /usr/local/keepalived/check_nginx.sh   #添加执行权限

    七、设置更新虚拟服务器(VIP)地址的arp记录到网关脚本

    touch  /usr/local/keepalived/clean_arp.sh

    ln -s  /usr/local/keepalived/clean_arp.sh  /etc/keepalived/clean_arp.sh

    vi  /etc/keepalived/clean_arp.sh  #编辑,添加以下代码

    #!/bin/sh

    VIP=$1

    GATEWAY=192.168.21.2 #网关地址

    /sbin/arping -I eth0 -c 5 -s $VIP $GATEWAY &>/dev/null

    :wq!  #保存退出

    chmod +x /usr/local/keepalived/clean_arp.sh  #添加脚本执行权限

    service nginx restart #重启nginx

    service keepalived restart  #重启keepalived

    第二部分:测试Nginx+Keepalived是否正常运行

    一、bbs.osyunwei.com 解析到192.168.21.253;sns.osyunwei.com 解析到192.168.21.252;

    在两台Nginx服务器:192.168.21.129、192.168.21.130上执行命令:ip addr

    如下图所示:

    系统运维  www.osyunwei.com  温馨提醒:qihang01原创内容©版权所有,转载请注明出处及原文链接

    可以看出现在VIP:192.168.21.253指向192.168.21.129;VIP:192.168.21.252指向192.168.21.130;

    在浏览器中打开

    http://bbs.osyunwei.com/

    http://sns.osyunwei.com/

    如下图所示:

    此时,bbs和sns域名都被均衡到192.168.21.127上面

    二、停止192.168.21.127上面的nginx服务

    service nginx stop

    继续打开上面的两个网址,如下图所示:

    此时,bbs和sns域名都被均衡到192.168.21.128上面(由于192.168.21.127服务器nginx服务被关闭,实现了故障转移)

    三、关闭192.168.21.129上面的Keepalived服务

    service keepalived stop

    此时,在两台Keepalived服务器:192.168.21.129、192.168.21.130上执行命令:ip addr

    如下图所示:

    可以看出VIP:192.168.21.253和192.168.21.252均指向到192.168.21.130;

    此时,打开http://bbs.osyunwei.com/如下图所示:

    可以正常访问

    四、恢复192.168.21.129上面的keepalived服务,恢复192.168.21.127上面的nginx服务,停止192.168.21.130上面的Keepalived服务

    service keepalived stop

    在两台Keepalived服务器:192.168.21.129、192.168.21.130上执行命令:ip addr

    如下图所示:

    可以看出VIP:192.168.21.253和192.168.21.252均指向到192.168.21.129;

    此时,打开http://sns.osyunwei.com/如下图所示:

    可以正常访问

    至此,Nginx+Keepalived实现Web服务器负载均衡配置完成。
  • 相关阅读:
    Java学习10.22(Javaweb对输入信息进行验证——常用的方法)
    mysql with python
    Linux
    Python 基础的一些习题
    Python 推导式、迭代器、生成器、模块和包
    Python 文件操作、异常
    Python 部分内置函数、作用域、闭包、递归
    Python 基础函数、解包
    Python 条件与循环
    Python 集合、字典、运算符
  • 原文地址:https://www.cnblogs.com/fungitive/p/9136220.html
Copyright © 2011-2022 走看看