Nginx+keepalived

Nginx+keepalived

一、环境：

centos5.6(64位)、nginx-0.7.51、keepalived-1.1.15  

主nginx负载均衡器：192.168.1.205

辅nginx负载均衡器：192.168.1.206

vip：192.168.1.200

二、安装nginx

yum install  gcc gcc-c++ zlib-devel openssl openssl-devel  gd  keyutils  patch perl mhash

#添加运行nginx的用户和组www  

useradd -M -s /sbin/nologin www

tar zxvf pcre-7.8.tar.gz  (见附件)

cd pcre-7.8/  

./configure  

make && make install  

wget http://nginx.org/download/nginx-1.4.2.tar.gz

tar zxf nginx-1.4.2.tar.gz

cd nginx-1.4.2

./configure  --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre --with-http_realip_module  

make && make install

mkdir /var/log/nginx

vim /usr/local/nginx/conf/nginx.conf

user www www;
worker_processes 8;  #工作进程数,为CPU的核心数或者两倍
pid /usr/local/nginx/logs/nginx.pid;
events
{
use epoll;   #epoll是多路复用IO(I/O Multiplexing)中的一种方式,但是仅用于linux2.6以上内核,可以大大提高nginx的性能
worker_connections 65535;  #单个后台worker process进程的最大并发链接数
}
http{
include       mime.types;
default_type application/octet-stream;
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
access_log /var/log/nginx/access.log access;
error_log /var/log/nginx/error.log;
server_names_hash_bucket_size 128;
client_header_buffer_size 128;
large_client_header_buffers 2 128k;
client_max_body_size 10m;
client_body_buffer_size 128k;
client_header_timeout 90s;
client_body_timeout 90s;
send_timeout 90s;
sendfile on;
keepalive_timeout 120;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
proxy_connect_timeout 20;
proxy_send_timeout 90;
proxy_read_timeout 40;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
##开启gzip压缩
gzip on;
gzip_min_length 1k;   #设置最小的压缩值,单位为bytes.超过设置的min_length的值会进行压缩,小于的不压缩.
gzip_buffers     16 64k;   #设置系统的缓存大小,以存储GZIP压缩结果的数据流,它可以避免nginx频烦向系统申请压缩空间大小
gzip_http_version 1.1;  #识别http的协议版本(1.0/1.1)
gzip_comp_level 2;   #压缩等级设置,1-9,1是最小压缩,速度也是最快的;9刚好相反,最大的压缩,速度是最慢的,消耗的CPU资源也多
gzip_types       text/plain application/x-javascript text/css application/xml;
gzip_vary on;  #和http头有关系,加个vary头,代理判断是否需要压缩
upstream www.test.com
{
ip_hash;
server 192.168.1.230:80;
server 192.168.1.201:80;
}
server {
listen 80;
server_name www.test.com;
location / {
root html ;
index index.php index.jsp index.htm index.html;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://www.test.com;
}
location /NginxStatus/ {
        stub_status on;
        allow 127.0.0.1;
        access_log on;
        auth_basic "NginxStatus";
        auth_basic_user_file /usr/local/nginx/htpasswd;
}
        error_page   500 502 503 504  /50x.html; //自定义错误页面
                location = /50x.html {
                        root   html;  //错误页面放在/usr/local/nginx/html/目录下
                }
                location ~ updating.jpg { //错误页面调用的图片
                        root /usr/local/nginx/html/; //图片位置
                }
}
}

htpasswd -c -m /usr/local/nginx/htpasswd admin    //admin为用户名，创建状态认证文件。

三、安装Keepalived，让其分别作web及Nginx的HA

wget http://www.keepalived.org/software/keepalived-1.1.15.tar.gz  

tar zxvf keepalived-1.1.15.tar.gz  

cd keepalived-1.1.15  

./configure --prefix=/usr/local/keepalived  

make  

make install  

cp /usr/local/keepalived/sbin/keepalived /usr/sbin/  

cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/  

cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/  

mkdir /etc/keepalived  

cd /etc/keepalived/  

vim keepalived.conf  

! Configuration File for keepalived
global_defs {
      router_id DR
}
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    mcast_src_ip 192.168.1.205  //主nginx的IP地址
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass chtopnet
    }
    virtual_ipaddress {
        192.168.1.200 //vip地址
    }
}

#service keepalived start

[root@nginx01 mnt]# ip a

1: lo: mtu 16436 qdisc noqueue

   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

   inet 127.0.0.1/8 scope host lo

   inet6 ::1/128 scope host

      valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000

   link/ether 00:0c:29:37:10:34 brd ff:ff:ff:ff:ff:ff

   inet 192.168.1.205/24 brd 192.168.1.255 scope global eth0

   inet 192.168.1.200/32 scope global eth0    //主DR上有VIP1.200

   inet6 fe80::20c:29ff:fe37:1034/64 scope link

      valid_lft forever preferred_lft forever

3: sit0: mtu 1480 qdisc noop

   link/sit 0.0.0.0 brd 0.0.0.0

辅DR的配置文件

! Configuration File for keepalived
global_defs {
      router_id DR
}
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    mcast_src_ip 192.168.1.206
    priority 10
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass chtopnet
    }
    virtual_ipaddress {
        192.168.1.200
    }
}

四、监控nginx

监控nginx进程脚本，放置在后台一直监控nginx进程；如进程消失，尝试重启nginx，如是失败则立即停掉本机的keepalived服务，让另一台负载均衡器接手。

vim /root/nginx_pid.sh  

#!/bin/bash
while  :
do
 nginxpid=`ps -C nginx --no-header | wc -l`
 if [ $nginxpid -eq 0 ];then
  /usr/local/nginx/sbin/nginx
  sleep 5
   if [ $nginxpid -eq 0 ];then
   /etc/init.d/keepalived stop
   fi
 fi
 sleep 5
done

将脚本置于后台运行

nohup /mnt/nginx.sh &

五、测试

tail -f /var/log/messages

关闭keeplived

关闭nginx

六、关闭系统不必要的服务

chkconfig bluetooth off

chkconfig cups off  打印服务

chkconfig isdn off 拨号上网服务

chkconfig kudzu off 硬件检测

chkconfig sendmail off

chkconfig smartd off

chkconfig autofs off

/etc/init.d/avahi-daemon stop

chkconfig avahi-daemon off