说明:
操作系统:CentOS 5.X 64位
Web服务器:192.168.21.127、192.168.21.128
站点:bbs.osyunwei.com和sns.osyunwei.com部署在两台Web服务器上
实现目的:
增加两台服务器(主主模式),通过Nginx+Keepalived实现Web服务器负载均衡
架构规划:
负载均衡服务器:192.168.21.129、192.168.21.130
虚拟服务器(VIP):192.168.21.252、192.168.21.253
部署完成之后:
1、VIP:192.168.21.253指向192.168.21.129;VIP:192.168.21.252指向192.168.21.130;
2、当192.168.21.129宕机时,VIP:192.168.21.253漂移到192.168.21.130上;
3、当192.168.21.130宕机时,VIP:192.168.21.252漂移到192.168.21.129上;
这样的主主模式好处是,两台服务器在提供服务的同时,又互为对方的备份服务器。
具体操作:
第一部分:在两台Nginx服务器上分别操作
一、关闭SElinux、配置防火墙
1、vi /etc/selinux/config
#SELINUX=enforcing #注释掉
#SELINUXTYPE=targeted #注释掉
SELINUX=disabled #增加
:wq! #保存退出
setenforce 0 #使配置立即生效
2、vi /etc/sysconfig/iptables #编辑
-A RH-Firewall-1-INPUT -d 224.0.0.18 -j ACCEPT #允许组播地址通信
-A RH-Firewall-1-INPUT -p vrrp -j ACCEPT #允许VRRP(虚拟路由器冗余协)通信
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT #允许80端口通过防火墙
:wq! #保存退出
/etc/init.d/iptables restart #重启防火墙使配置生效
二、安装Nginx
1、安装编译工具包(使用CentOS yum命令安装,安装的包比较多,方便以后配置lnmp环境)
yum install -y make apr* autoconf automake curl curl-devel gcc gcc-c++ gtk+-devel zlib-devel openssl openssl-devel pcre-devel gd kernel keyutils patch perl kernel-headers compat* cpp glibc libgomp libstdc++-devel keyutils-libs-devel libsepol-devel libselinux-devel krb5-devel libXpm* freetype freetype-devel freetype* fontconfig fontconfig-devel libjpeg* libpng* php-common php-gd gettext gettext-devel ncurses* libtool* libxml2 libxml2-devel patch policycoreutils bison
2、下载软件包
(1)http://nginx.org/download/nginx-1.4.7.tar.gz #下载Nginx
(2)ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.34.tar.gz #下载pcre (支持nginx伪静态)
(3)http://labs.frickle.com/files/ngx_cache_purge-2.1.tar.gz #下载ngx_cache_purge(方便以后扩展配置nginx缓存服务器)
上传以上软件包到/usr/local/src 目录
3、安装pcre
cd /usr/local/src
mkdir /usr/local/pcre #创建安装目录
tar zxvf pcre-8.34.tar.gz
cd pcre-8.34
./configure --prefix=/usr/local/pcre #配置
make
make install
4、安装Nginx
cd /usr/local/src
groupadd www #添加www组
useradd -g www www -s /bin/false #创建nginx运行账户www并加入到www组,不允许www用户直接登录系统
cd /usr/local/src #进入安装目录
tar zxvf ngx_cache_purge-2.1.tar.gz #解压
tar zxvf nginx-1.4.7.tar.gz #解压
cd nginx-1.4.7
./configure --prefix=/usr/local/nginx --without-http_memcached_module --user=www --group=www --with-http_stub_status_module --with-openssl=/usr/ --with-pcre=/usr/local/src/pcre-8.34 --add-module=../ngx_cache_purge-2.1 #配置
注意:--with-pcre=/usr/local/src/pcre-8.34指向的是源码包解压的路径,而不是安装的路径,否则会报错
make #编译
make install #安装
/usr/local/nginx/sbin/nginx #启动nginx
设置nginx开启启动
vi /etc/rc.d/init.d/nginx #编辑启动文件添加下面内容
=======================================================
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /usr/local/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`$nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=([^ ]*).*/1/g' -`
if [ -z "`grep $user /etc/passwd`" ]; then
useradd -M -s /bin/nologin $user
fi
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
#configtest || return $?
stop
sleep 1
start
}
reload() {
#configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
=======================================================
:wq! #保存退出
chmod 775 /etc/rc.d/init.d/nginx #赋予文件执行权限
chkconfig nginx on #设置开机启动
/etc/rc.d/init.d/nginx restart #重新启动Nginx
service nginx restart
=======================================================
三、配置Nginx
cp /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.confbak #备份nginx配置文件
1、设置nginx运行账
vi /usr/local/nginx/conf/nginx.conf #编辑,修改
找到user nobody;修改为
user www www; #在第一行
:wq! #保存退出
2、禁止nginx空主机头
vi /usr/local/nginx/conf/nginx.conf #编辑
找到server,在上面一行添加如下内容:
##############################
server {
listen 80 default;
server_name _;
location / {
root html;
return 404;
}
location ~ /.ht {
deny all;
}
}
##############################
:wq! #保存退出
/etc/rc.d/init.d/nginx restart #重启nginx
这样设置之后,空主机头访问会直接跳转到nginx404错误页面。
3、添加nginx虚拟主机包含文件
cd /usr/local/nginx/conf/ #进入nginx安装目录
mkdir vhost #建立虚拟目录
vi /usr/local/nginx/conf/nginx.conf #编辑
找到上一步添加的代码,在最后添加如下内容:
include vhost/*.conf;
:wq! #保存退出
例如:
##############################
server {
listen 80 default;
server_name _;
location / {
root html;
return 404;
}
location ~ /.ht {
deny all;
}
}
include vhost/*.conf;
##############################
4、添加Web服务器列表文件
cd /usr/local/nginx/conf/ #进入目录
touch mysvrhost.conf #建立文件
vi /usr/local/nginx/conf/nginx.conf #编辑
找到上一步添加的代码,在下面添加一行
include mysvrhost.conf;
:wq! #保存退出
5、设置nginx全局参数
vi /usr/local/nginx/conf/nginx.conf #编辑
worker_processes 2; # 工作进程数,为CPU的核心数或者两倍
events
{
use epoll; #增加
worker_connections 65535; #修改为65535,最大连接数。
}
#############以下代码在http { 部分增加与修改##############
server_names_hash_bucket_size 128; #增加
client_header_buffer_size 32k; #增加
large_client_header_buffers 4 32k; #增加
client_max_body_size 300m; #增加
tcp_nopush on; #修改为on
keepalive_timeout 60; #修改为60
tcp_nodelay on; #增加
server_tokens off; #增加,不显示nginx版本信息
gzip on; #修改为on
gzip_min_length 1k; #增加
gzip_buffers 4 16k; #增加
gzip_http_version 1.1; #增加
gzip_comp_level 2; #增加
gzip_types text/plain application/x-javascript text/css application/xml; #增加
gzip_vary on; #增加
6、设置Web服务器列表
cd /usr/local/nginx/conf/ #进入目录
vi mysvrhost.conf #编辑,添加以下代码
upstream osyunweihost {
server 192.168.21.127:80 weight=1 max_fails=2 fail_timeout=30s;
server 192.168.21.128:80 weight=1 max_fails=2 fail_timeout=30s;
ip_hash;
}
7、新建虚拟主机配置文件
cd /usr/local/nginx/conf/vhost #进入虚拟主机目录
touch osyunwei.conf #建立虚拟主机配置文件
vi osyunwei.conf #编辑
log_format access '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server
{
listen 80;
server_name bbs.osyunwei.com sns.osyunwei.com;
location /
{
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_pass http://osyunweihost;
#proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /NginxStatus {
stub_status on;
access_log on;
auth_basic "NginxStatus";
#auth_basic_user_file pwd;
}
access_log /usr/local/nginx/logs/access.log access;
}
:wq! #保存配置
service nginx restart #重启nginx
四、安装keepalived
系统运维 www.osyunwei.com 温馨提醒:qihang01原创内容©版权所有,转载请注明出处及原文链接
下载keeplived:http://www.keepalived.org/software/keepalived-1.2.12.tar.gz
上传keepalived-1.2.12.tar.gz到/usr/local/src目录
cd /usr/local/src
tar zxvf keepalived-1.2.12.tar.gz
cd keepalived-1.2.12
./configure --prefix=/usr/local/keepalived #配置,必须看到以下提示,说明配置正确,才能继续安装
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
Use VRRP Framework : Yes
make #编辑
make install #安装
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived
mkdir /etc/keepalived
ln -s /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
chmod +x /etc/rc.d/init.d/keepalived #添加执行权限
chkconfig keepalived on #设置开机启动
service keepalived start #启动
service keepalived stop #关闭
service keepalived restart #重启
五、配置keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /usr/local/keepalived/etc/keepalived/keepalived.conf-bak
vi /usr/local/keepalived/etc/keepalived/keepalived.conf #编辑,修改为以下代码
#########################################################
#以下为192.168.21.129服务器
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_nginx.sh" #Nginx服务监控脚本
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx #监测nginx进程状态
}
virtual_ipaddress {
192.168.21.253
}
notify_master "/etc/keepalived/clean_arp.sh 192.168.21.253" #更新虚拟服务器(VIP)地址的arp记录到网关
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.21.252
}
notify_master "/etc/keepalived/clean_arp.sh 192.168.21.252" #更新虚拟服务器(VIP)地址的arp记录到网关
}
#########################################################
:wq! #保存退出
#########################################################
#以下为192.168.21.130服务器
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_nginx.sh" #Nginx服务监控脚本
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx #监测nginx进程状态
}
virtual_ipaddress {
192.168.21.253
}
notify_master "/etc/keepalived/clean_arp.sh 192.168.21.253" #更新虚拟服务器(VIP)地址的arp记录到网关
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.21.252
}
notify_master "/etc/keepalived/clean_arp.sh 192.168.21.252" #更新虚拟服务器(VIP)地址的arp记录到网关
}
#########################################################
:wq! #保存退出
六、设置nginx服务监控脚本
touch /usr/local/keepalived/check_nginx.sh
ln -s /usr/local/keepalived/check_nginx.sh /etc/keepalived/check_nginx.sh
vi /etc/keepalived/check_nginx.sh #编辑,添加以下代码
#########################################################
#!/bin/sh
if [ $(ps -C nginx --no-header | wc -l) -eq 0 ]; then
/etc/rc.d/init.d/nginx start
fi
sleep 2
if [ $(ps -C nginx --no-header | wc -l) -eq 0 ]; then
/etc/rc.d/init.d/keepalived stop
fi
#########################################################
:wq! #保存退出
chmod +x /usr/local/keepalived/check_nginx.sh #添加执行权限
七、设置更新虚拟服务器(VIP)地址的arp记录到网关脚本
touch /usr/local/keepalived/clean_arp.sh
ln -s /usr/local/keepalived/clean_arp.sh /etc/keepalived/clean_arp.sh
vi /etc/keepalived/clean_arp.sh #编辑,添加以下代码
#!/bin/sh
VIP=$1
GATEWAY=192.168.21.2 #网关地址
/sbin/arping -I eth0 -c 5 -s $VIP $GATEWAY &>/dev/null
:wq! #保存退出
chmod +x /usr/local/keepalived/clean_arp.sh #添加脚本执行权限
service nginx restart #重启nginx
service keepalived restart #重启keepalived
第二部分:测试Nginx+Keepalived是否正常运行
一、bbs.osyunwei.com 解析到192.168.21.253;sns.osyunwei.com 解析到192.168.21.252;
在两台Nginx服务器:192.168.21.129、192.168.21.130上执行命令:ip addr
如下图所示:
系统运维 www.osyunwei.com 温馨提醒:qihang01原创内容©版权所有,转载请注明出处及原文链接
可以看出现在VIP:192.168.21.253指向192.168.21.129;VIP:192.168.21.252指向192.168.21.130;
在浏览器中打开
http://bbs.osyunwei.com/
http://sns.osyunwei.com/
如下图所示:
此时,bbs和sns域名都被均衡到192.168.21.127上面
二、停止192.168.21.127上面的nginx服务
service nginx stop
继续打开上面的两个网址,如下图所示:
此时,bbs和sns域名都被均衡到192.168.21.128上面(由于192.168.21.127服务器nginx服务被关闭,实现了故障转移)
三、关闭192.168.21.129上面的Keepalived服务
service keepalived stop
此时,在两台Keepalived服务器:192.168.21.129、192.168.21.130上执行命令:ip addr
如下图所示:
可以看出VIP:192.168.21.253和192.168.21.252均指向到192.168.21.130;
此时,打开http://bbs.osyunwei.com/如下图所示:
可以正常访问
四、恢复192.168.21.129上面的keepalived服务,恢复192.168.21.127上面的nginx服务,停止192.168.21.130上面的Keepalived服务
service keepalived stop
在两台Keepalived服务器:192.168.21.129、192.168.21.130上执行命令:ip addr
如下图所示:
可以看出VIP:192.168.21.253和192.168.21.252均指向到192.168.21.129;
此时,打开http://sns.osyunwei.com/如下图所示:
可以正常访问
至此,Nginx+Keepalived实现Web服务器负载均衡配置完成。