nginx+keepalive双机热备
nginx安装
在线安装:
这次安装环境因为上传文件比较麻烦所以使用了在线安装的方式
用到的工具是wget
工具安装方式:
yum -y install wget
安装nginx命令:
wget http://nginx.org/download/nginx-1.5.9.tar.gz
该命令为下载文件到当前目录下
下载好压缩包后我们首先要为nginx安装依赖
yum -y install gcc pcre-devel zlib-devel openssl openssl-devel
安装好依赖后我们来解压nginx的安装压缩包
tar -zxvf nginxxxxx.xxx
这样我们就把nginx解压到当前目录下了,进入nginx目录我们进行编译
./configure
make
make install
到这里我们安装完成进入sbin目录进行使用nginx
命令
./nginx -t 检验配置文件
./nginx -s reload 重新加载配置文件
./nginx 启动
./nginx - stop 停止
nginx配置
当我们安装并启动nginx后我们用浏览器输入服务器ip就会显示一个nginx的介绍页面,但是我们的使用并不仅仅停留到这里,我们需要使用nginx的更加强大的功能,这时我们就需要通过配置来使用nginx的更多功能,进入/conf/nginx.config文件这里就是我们配置nginx的位置下面是我们的一个简答的配置文件
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream nginxserver10001 {
server 172.16.1.64:10001;
server 172.16.1.66:10001;
}
server {
listen 10001;
server_name nginxserver10001;
ssl on;
ssl_certificate /home/esblb/server.pem;
ssl_certificate_key /home/esblb/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#启用TLS1.1、TLS1.2要求OpenSSL1.0.1及以上版本,若您的OpenSSL版本低于要求,请使用 ssl_protocols TLSv1;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
location / {
proxy_redirect http://$host$1 https://$host$1;
proxy_redirect http://$host:80$1 https://$host$1;
proxy_set_header Host $host:10001;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-HTTPS-Protocol $ssl_protocol;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_pass http://nginxserver10001;
}
location /nginx_status{
stub_status on;
allow all;
access_log off;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
如果发现进入网站显示错误一定要注意是否防火墙端口打开
再具体的配置就先不在这里说了我们继续 ( ̄▽ ̄)/
开机启动
通常服务器要考虑全面比如断电什么的所以通常程序都要准备开机自启的功能
vi /etc/init.d/nginx
# nginx Startup script for the Nginx HTTP Server
# it is v.0.0.2 version.
# chkconfig: - 85 15
# description: Nginx is a high-performance web and proxy server.
# It has a lot of features, but it's not for everyone.
# processname: nginx
# pidfile: /var/run/nginx.pid
# config: /usr/local/nginx/conf/nginx.conf
nginxd=/usr/local/nginx/sbin/nginx
nginx_config=/usr/local/nginx/conf/nginx.conf
nginx_pid=/var/run/nginx.pid
RETVAL=0
prog="nginx"
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x $nginxd ] || exit 0
# Start nginx daemons functions.
start() {
if [ -e $nginx_pid ];then
echo "nginx already running...."
exit 1
fi
echo -n $"Starting $prog: "
daemon $nginxd -c ${nginx_config}
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/nginx
return $RETVAL
}
# Stop nginx daemons functions.
stop() {
echo -n $"Stopping $prog: "
killproc $nginxd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /var/run/nginx.pid
}
# reload nginx service functions.
reload() {
echo -n $"Reloading $prog: "
#kill -HUP `cat ${nginx_pid}`
killproc $nginxd -HUP
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
status)
status $prog
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|reload|status|help}"
exit 1
esac
exit $RETVAL
将该文件提高权限chmod -R 777 xxxx
将该文件加入到开机自启脚本中/etc/rc.local
/etc/init.d/nginx start
keppalived安装
keepalived的作用主要是监控nginx,当监控到其蹦掉的时候就自动转移虚拟ip的指向进行无缝切换nginx,然后试着启动该台服务器的nginx。
安装说明:
wget http://www.keepalived.org/software/keepalived-2.0.14.tar.gz
yum install keepalived –y
keepalived配置
/etc/keepalived/keepalivec.conf
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.17.129
smtp_connect_timeout 30
# 通过它,可以访问到主机,在hosts文件中,要做映射关系,类似于 127.0.0.1 LVS_DEVEL
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
script "/usr/local/src/nginx_check.sh" # 执行脚本所在的位置
interval 2 #检测脚本执行的间隔,单位秒,每个2秒执行一次脚本
weight 2
}
vrrp_instance VI_1 {
state MASTER # 备份服务器上将 MASTER 改为 BACKUP
interface ens33 # 绑定的网卡注意使用查询ip命令来查看当前主机的网卡填写正确网卡名称
virtual_router_id 51 # 主、备机的 virtual_router_id 必须相同
priority 90 # 主、备机取不同的优先级,主机值较大,备份机值较小
advert_int 1 #每隔一秒发送一次心跳,确保从服务器是否还活着
authentication { # 心跳检测需要的密码
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.17.50 # VRRP H 虚拟地址
}
}
检测脚本
/usr/local/src
#!/bin/bash
A=`ps -C nginx –no-header |wc -l`
if [ $A -eq 0 ];then
/usr/local/nginx/sbin/nginx #Nginx启动命令的位置
sleep 2
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived
fi
fi
命令
检测ip
ip addr
ipconfig
启动keepalived
service keepalived start
关闭keepalived
service keepalived stop
查看状态
systemctl status keepalived.service