1.准备nginx1.12.2
2.安装依赖库
yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel openssl-devel
3.安装配置nginx
tar -zxvf nginx-1.12.2.tar.gz
./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre
make && make install
配置文件:
#user nobody;
worker_processes 4;
error_log logs/error.log;
error_log logs/error.log notice;
error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream esb {
server 132.147.0.81:7800;
server 132.147.0.82:7800;
ip_hash;
}
server {
listen 7800;
server_name iib.com;
location / {
proxy_pass http://esb;
proxy_redirect default;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
upstream app {
server 132.147.0.85:8084;
server 132.147.0.86:8084;
ip_hash;
}
server {
listen 8084;
server_name app.com;
location / {
proxy_pass http://app;
proxy_redirect default;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
upstream service {
server 132.147.0.87:8085;
server 132.147.0.88:8085;
ip_hash;
}
server {
listen 8085;
server_name service.com;
location / {
proxy_pass http://service;
proxy_redirect default;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
4,nginx开机启动:
vi /lib/systemd/system/nginx.service
内容如下
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
2.设置开机启动
systemctl enable nginx.service
3.其他命令
启动nginx服务
systemctl start nginx.service
设置开机自启动
systemctl enable nginx.service
停止开机自启动
systemctl disable nginx.service
查看服务当前状态
systemctl status nginx.service
重新启动服务
systemctl restart nginx.service
5.安装配置keepalived
yum install -y keepalived
主:
global_defs {
router_id master
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx-exists.sh"
interval 2
weight -5
}
vrrp_instance VI_1 {
state MASTER
interface ens1f0
virtual_router_id 55
mcast_src_ip 132.147.0.81
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
#VIP
virtual_ipaddress {
132.147.0.89
}
track_script {
chk_nginx
}
}
从:
global_defs {
router_id backup
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx-exists.sh"
interval 2
weight -5
}
vrrp_instance VI_1 {
state BACKUP
interface ens1f0
virtual_router_id 55
mcast_src_ip 132.147.0.82
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
#VIP
virtual_ipaddress {
132.147.0.89
}
track_script {
chk_nginx
}
}
添加脚本文件:
vim /etc/keepalived/nginx-exists.sh
#!/bin/bash
#检查nginx进程是否存在
counter=$(ps -C nginx --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
#尝试启动一次nginx,停止5秒后再次检测
service nginx start
sleep 5
counter=$(ps -C nginx --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
#如果启动没成功,就杀掉keepalive触发主备切换
service keepalived stop
fi
fi
6,iptables 防火墙配置
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -d 132.147.0.89 -j ACCEPT
-A INPUT -p vrrp -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 7800 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8084 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8085 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
systemctl restart iptables.service