准备工作:
yum install -y gcc openssl-devel pcre-devel install iptables-services setenforce 0 sed -ri 's/^(SELINUX=).*/1disabled/' /etc/selinux/config systemctl stop firewalld systemctl disable firewalld systemctl enable iptables systemctl start iptables vim /etc/sysconfig/iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT -A INPUT -d 224.0.0.0/8 -p vrrp -j ACCEPT -A OUTPUT -d 224.0.0.0/8 -p vrrp -j ACCEPT systemctl restart iptables
安装nginx两个机器安装方式一样
#上传tengine-2.1.2.tar.gz /tmp
#安装
cd /tmp
yum install -y gcc openssl-devel pcre-devel
tar -xf tengine-2.1.2.tar.gz
mkdir -p /opt/platform/nginx/logs
cd tengine-2.1.2
./configure --prefix=/opt/platform/nginx --with-http_ssl_module --with-http_stub_status_module
make && make install
#替换nginx.conf
cd /opt/platform/nginx/conf
mv nginx.conf nginx.conf.bak
上传nginx.conf
#user ops;
worker_processes auto;
worker_cpu_affinity auto;
error_log logs/error.log error;
pid logs/nginx.pid;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format json '{"@timestamp":"$time_iso8601",'
'"remote_addr":"$remote_addr",'
'"remote_user":"$remote_user",'
'"http_host":"$http_host",'
'"request":"$request",'
'"status":"$status",'
'"body_bytes_sent":$body_bytes_sent,'
'"http_referer":"$http_referer",'
'"http_user_agent":"$http_user_agent",'
'"http_x_frowarded_for":"$http_x_forwarded_for",'
'"upstream_status":"$upstream_status",'
'"upstream_addr":"$upstream_addr",'
'"upstream_response_time":"$upstream_response_time",'
'"request_time":$request_time}';
access_log logs/access.log json;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
client_header_buffer_size 20m;
large_client_header_buffers 4 2048k;
client_max_body_size 20m;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_ignore_client_abort on; #让代理服务端不要主动关闭客户端的连接。
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/jpeg image/gif image/png application/javascript;
gzip_proxied any;
gzip_disable "MSIE [1-6].";
server {
listen 80 default;
server_name _;
return 499;
}
include /opt/platform/nginx/conf/vhosts/*.conf;
}
#增加web应用负载均衡配置文件
mkdir -p vhosts
cd vhosts
上传ken.conf
upstream ken {
server ip:port weight=4 max_fails=2 fail_timeout=30s;
server ip:port weight=4 max_fails=2 fail_timeout=30s;
}
server {
listen 8080;
server_name _;
access_log logs/ken.log json;
location / {
proxy_pass http://ken;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 10s;
proxy_send_timeout 150s;
proxy_read_timeout 150s;
proxy_next_upstream error timeout invalid_header http_404 http_500 http_502 http_504;
}
}
#配置文件生效
/opt/platform/nginx/sbin/nginx -s reload
安装keepalived
#上传tengine-2.1.2.tar.gz 在目录/tmp
#主机安装
cd /tmp
tar -xvf keepalived-nginx.tar.gz -C /opt/platform/
/opt/platform/keepalived/etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id ken
}
vrrp_script check_nginx {
script "/opt/platform/keepalived/bin/check.sh"
interval 2
timeout 2
fall 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 215
priority 99
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass ken@215
}
track_script {
check_nginx
}
virtual_ipaddress {
vip/24 brd mask
}
notify_master "/opt/platform/keepalived/bin/notify.sh master"
notify_backup "/opt/platform/keepalived/bin/notify.sh backup"
notify_fault "/opt/platform/keepalived/bin/notify.sh fault"
notify_stop "/opt/platform/keepalived/bin/notify.sh stop"
}
另外一台机器安装方式一样,但是需要修改keepalived.conf的一个参数
priority 150 #将99调整为150
启动keepalived
cd /opt/platform/keepalived/sbin
sh startup.sh