nginx+keepalived配置
转载ly368432015-06-01 18:02:04©著作权
文章标签nginx+keepalived配置文章分类linux阅读数1798
一、环境
系统:CentOS 6.4x64位最小化安装
nginx-m:192.168.3.23
nginx-s:192.168.3.24
vip: 192.168.3.29
二、安装nginx
在nginx-m和nginx-s安装nginx,这里使用脚本安装,脚本内容如下
#!/bin/bash
cur_dir=$(pwd)
NGINXVERSION='nginx-1.6.0'
export LANG=zh_CN.UTF-8
#Source function library.
. /etc/init.d/functions
create_nginx_conf(){
cat >>/usr/local/nginx/conf/nginx.conf<<EOF
user www www;
worker_processes auto;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
multi_accept on;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6].";
#limit_conn_zone $binary_remote_addr zone=perip:10m;
##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.
server_tokens off;
#log format
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
server
{
listen 80 default;
#listen [::]:80 default ipv6only=on;
server_name www.myweb.com;
index index.html index.htm index.php;
root /var/www/default;
#error_page 404 /404.html;
location ~ [^/].php(/|$)
{
# comment try_files $uri =404; to enable pathinfo
try_files $uri =404;
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
#include pathinfo.conf;
}
location /nginx_status {
stub_status on;
access_log off;
}
location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*.(js|css)?$
{
expires 12h;
}
access_log /var/www/wwwlogs/access.log access;
}
include vhost/*.conf;
}
EOF
}
create_nginx_init(){
cat >>/etc/init.d/nginx<<EOF
#! /bin/sh
# chkconfig: 2345 55 25
# Description: Startup script for nginx webserver on Debian. Place in /etc/init.d and
# run 'update-rc.d -f nginx defaults', or use the appropriate command on your
# distro. For CentOS/Redhat run: 'chkconfig --add nginx'
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=nginx
NGINX_BIN=/usr/local/nginx/sbin/$NAME
CONFIGFILE=/usr/local/nginx/conf/$NAME.conf
PIDFILE=/usr/local/nginx/logs/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
case "$1" in
start)
echo -n "Starting $NAME... "
if netstat -tnpl | grep -q nginx;then
echo "$NAME (pid `pidof $NAME`) already running."
exit 1
fi
$NGINX_BIN -c $CONFIGFILE
if [ "$?" != 0 ] ; then
echo " failed"
exit 1
else
echo " done"
fi
;;
stop)
echo -n "Stoping $NAME... "
if ! netstat -tnpl | grep -q nginx; then
echo "$NAME is not running."
exit 1
fi
$NGINX_BIN -s stop
if [ "$?" != 0 ] ; then
echo " failed. Use force-quit"
exit 1
else
echo " done"
fi
;;
status)
if netstat -tnpl | grep -q nginx; then
PID=`pidof nginx`
echo "$NAME (pid $PID) is running..."
else
echo "$NAME is stopped"
exit 0
fi
;;
force-quit)
echo -n "Terminating $NAME... "
if ! netstat -tnpl | grep -q nginx; then
echo "$NAME is not running."
exit 1
fi
kill `pidof $NAME`
if [ "$?" != 0 ] ; then
echo " failed"
exit 1
else
echo " done"
fi
;;
restart)
$SCRIPTNAME stop
sleep 1
$SCRIPTNAME start
;;
reload)
echo -n "Reload service $NAME... "
if netstat -tnpl | grep -q nginx; then
$NGINX_BIN -s reload
echo " done"
else
echo "$NAME is not running, can't reload."
exit 1
fi
;;
configtest)
echo -n "Test $NAME configure files... "
$NGINX_BIN -t
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|force-quit|restart|reload|status|configtest}"
exit 1
;;
esac
EOF
}
#install_nginx
install_nginx(){
cd $cur_dir
yum install make gcc gcc-c++ openssl-devel -y
#add user www for nginx
id www &>/dev/null
if [ $? -ne 0 ];then
groupadd www
useradd -s /sbin/nologin -g www www
fi
wget http://sourceforge.net/projects/pcre/files/pcre/8.30/pcre-8.30.tar.gz/download
if [ $? -ne 0 ];then
echo "download pcre package is fail"
exit $?
fi
tar xf pcre-8.30.tar.gz
cd pcre-8.30
./configure
make && make install
if [ $? -eq 0 ];then
echo "install pcre is successful!!!"
else
echo "install pcre is fail!!!"
exit $?
fi
echo "/usr/local/lib/" >>/etc/ld.so.conf
ldconfig
#download nginx package
cd $cur_dir
wget http://mirrors.sohu.com/nginx/$NGINXVERSION.tar.gz
if [ $? -ne 0 ];then
echo "download nginx is fail!!!"
exit $?
fi
tar xf $NGINXVERSION.tar.gz
cd $NGINXVERSION
./configure --user=www --group=www --prefix=/usr/local/$NGINXVERSION --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6
make && make install
if [ $? -ne 0 ];then
echo "install nginx fail!!!"
exit $?
fi
#links
ln -s /usr/local/$NGINXVERSION /usr/local/nginx
ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx
mv /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak
#create file nginx.conf
create_nginx_conf
mkdir -p /var/www/default
chmod +w /var/www/default
mkdir -p /var/www/wwwlogs
chmod 777 /var/www/wwwlogs
chown -R www:www /var/www/default
cp /usr/local/nginx/html/index.html /var/www/default/index.html
#create start scripts for nginx
create_nginx_init
chmod +x /etc/init.d/nginx
chkconfig --add nginx
chkconfig nginx on
/etc/init.d/nginx start
if [ $? -eq 0 ];then
action "start nginx" /bin/true
echo "+---------------------------------+"
echo "+------nginx install done--------+"
echo "+---------------------------------+"
fi
}
install_nginx- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
- 50.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56.
- 57.
- 58.
- 59.
- 60.
- 61.
- 62.
- 63.
- 64.
- 65.
- 66.
- 67.
- 68.
- 69.
- 70.
- 71.
- 72.
- 73.
- 74.
- 75.
- 76.
- 77.
- 78.
- 79.
- 80.
- 81.
- 82.
- 83.
- 84.
- 85.
- 86.
- 87.
- 88.
- 89.
- 90.
- 91.
- 92.
- 93.
- 94.
- 95.
- 96.
- 97.
- 98.
- 99.
- 100.
- 101.
- 102.
- 103.
- 104.
- 105.
- 106.
- 107.
- 108.
- 109.
- 110.
- 111.
- 112.
- 113.
- 114.
- 115.
- 116.
- 117.
- 118.
- 119.
- 120.
- 121.
- 122.
- 123.
- 124.
- 125.
- 126.
- 127.
- 128.
- 129.
- 130.
- 131.
- 132.
- 133.
- 134.
- 135.
- 136.
- 137.
- 138.
- 139.
- 140.
- 141.
- 142.
- 143.
- 144.
- 145.
- 146.
- 147.
- 148.
- 149.
- 150.
- 151.
- 152.
- 153.
- 154.
- 155.
- 156.
- 157.
- 158.
- 159.
- 160.
- 161.
- 162.
- 163.
- 164.
- 165.
- 166.
- 167.
- 168.
- 169.
- 170.
- 171.
- 172.
- 173.
- 174.
- 175.
- 176.
- 177.
- 178.
- 179.
- 180.
- 181.
- 182.
- 183.
- 184.
- 185.
- 186.
- 187.
- 188.
- 189.
- 190.
- 191.
- 192.
- 193.
- 194.
- 195.
- 196.
- 197.
- 198.
- 199.
- 200.
- 201.
- 202.
- 203.
- 204.
- 205.
- 206.
- 207.
- 208.
- 209.
- 210.
- 211.
- 212.
- 213.
- 214.
- 215.
- 216.
- 217.
- 218.
- 219.
- 220.
- 221.
- 222.
- 223.
- 224.
- 225.
- 226.
- 227.
- 228.
- 229.
- 230.
- 231.
- 232.
- 233.
- 234.
- 235.
- 236.
- 237.
- 238.
- 239.
- 240.
- 241.
- 242.
- 243.
- 244.
- 245.
- 246.
- 247.
- 248.
- 249.
- 250.
- 251.
- 252.
- 253.
- 254.
- 255.
- 256.
- 257.
- 258.
- 259.
- 260.
- 261.
- 262.
- 263.
- 264.
- 265.
- 266.
- 267.
- 268.
- 269.
- 270.
- 271.
- 272.
- 273.
- 274.
- 275.
- 276.
- 277.
- 278.
- 279.
- 280.
- 281.
- 282.
- 283.
- 284.
- 285.
- 286.
- 287.
- 288.
- 289.
- 290.
- 291.
- 292.
- 293.
- 294.
- 295.
- 296.
- 297.
- 298.
在iptables中对80端口进行放行
[root@nginx-m ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT
[root@nginx-m ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@nginx-m ~]# echo "nginx-m 23" >/var/www/default/index.html
[root@nginx-m ~]# curl http://192.168.3.23
nginx-m 23- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
nginx-s的配置相同,只有主页内容不一样
[root@nginx-s ~]# echo "nginx-s 24" >/var/www/default/index.html
[root@nginx-s ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT
[root@nginx-s ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@nginx-s ~]# curl http://192.168.3.24
nginx-s 24- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
三、安装keepalived
2台的安装都一样,只有配置文件不一样,只里只给出nginx-m的安装过程
[root@nginx-m ~]# yum install openssl openssl-devel -y
[root@nginx-m ~]# wget http://www.keepalived.org/software/keepalived-1.2.13.tar.gz
[root@nginx-m ~]# tar xf keepalived-1.2.13.tar.gz
[root@nginx-m ~]# cd keepalived-1.2.13
[root@nginx-m keepalived-1.2.13]# ./configure
[root@nginx-m keepalived-1.2.13]# make && make install
#将keepalived配置成开机启动
[root@nginx-m keepalived-1.2.13]# cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/
[root@nginx-m keepalived-1.2.13]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@nginx-m keepalived-1.2.13]# mkdir /etc/keepalived
[root@nginx-m keepalived-1.2.13]# ln -s /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
[root@nginx-m keepalived-1.2.13]# ln -s /usr/local/sbin/keepalived /usr/sbin/
#备份keepalived.conf文件
[root@nginx-m keepalived-1.2.13]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
#keepalived配置文件内容如下
! Configuration File for keepalived
global_defs {
notification_email {
lyao@weyee.com #配置管理员邮箱
}
notification_email_from root #配置发件人
smtp_server 127.0.0.1 #配置邮件服务器
smtp_connect_timeout 30
router_id nginx-m
}
vrrp_script check_nginx {
script "/etc/keepalived/check_nginx.sh" #定义nginx状态检查脚本
intervar 4
weight -5
fail 2
rise 1
}
vrrp_instance VI_1 {
state MASTER #配置模式
interface eth0
virtual_router_id 99
priority 101 #配置优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.3.29 #配置虚拟IP地址
}
notify_master /etc/keepalived/notify_master.sh #这里指定的是切换成master状态时要执行的通知脚本
notify_backup /etc/keepalived/notify_backup.sh #这里指定的是切换成backup状态时要执行的通知脚本
notify_fault /etc/keepalived/notify_fault.sh #这里指定的是切换成fault状态时要执行的通知脚本
track_script {
check_nginx
}
}
#创建nginx状态检查脚本
[root@nginx-m keepalived-1.2.13]# cat /etc/keepalived/check_nginx.sh
#!/bin/bash
A=`ps -C nginx --no-header |wc -l`
if [ $A -eq 0 ];then
/usr/local/nginx/sbin/nginx
sleep 3
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived
fi
fi
[root@nginx-m keepalived-1.2.13]# chmod +x /etc/keepalived/check_nginx.sh
#notify_master.sh脚本内容,当服务器改变为主时执行此脚本
[root@nginx-m keepalived-1.2.13]# cat /etc/keepalived/notify_master.sh
#!/bin/bash
Date=$(date +%F" "%T)
IP=$(ifconfig eth0 |grep "inet addr" |cut -d":" -f2 |awk '{print $1}')
Mail="lyao@weyee.com" #这里的邮箱地址根据自己的需要更改
echo "$Date `hostname`:$IP change to Master." |mail -s "Master-Backup Change Status" $Mail
[root@nginx-m keepalived-1.2.13]# chmod +x /etc/keepalived/notify_master.sh
#notify_backup.sh脚本内容,当服务器改变为备时执行此脚本
[root@nginx-m keepalived-1.2.13]# cat /etc/keepalived/notify_backup.sh
#!/bin/bash
Date=$(date +%F" "%T)
IP=$(ifconfig eth0 |grep "inet addr" |cut -d":" -f2 |awk '{print $1}')
Mail="lyao@weyee.com"
echo "$Date `hostname`:$IP change to Backup." |mail -s "Master-Backup Change Status" $Mail
[root@nginx-m keepalived-1.2.13]# chmod +x /etc/keepalived/notify_backup.sh
#notify_fault.sh脚本内容,当服务器改变为故障时执行此脚本
[root@nginx-m keepalived-1.2.13]# cat /etc/keepalived/notify_fault.sh
#!/bin/bash
Date=$(date +%F" "%T)
IP=$(ifconfig eth0 |grep "inet addr" |cut -d":" -f2 |awk '{print $1}')
Mail="lyao@weyee.com"
echo "