在lnmp架构中,通常一台装有nginx服务器做反向代理服务器,又做内网的路由。在这台服务器上绑有一个公网ip和一个内网ip.我们把域名解析
到这个公网ip上,让nginx代理到后端的web服务器上,这样我们就可以访问到我们的站点,与此同时必须让内网访问外网。这台反向代理服务器
又需要做内网的路由。这台服务器,在整个应用架构中相当重要。下面我来阐述一下nginx+keepalived双机实现nginx反向代理服务的高可用。
也就是说在当一台nginx挂掉之后不影响应用也不影响内网访问外网。
部署
1、在2.117和2.118上安装keepalived
下面开始安装keepalived
wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz
tar zxvf keepalived-1.2.2.tar.gz
cd keepalived-1.2.2
./configure && make && make install
mkdir /etc/keepalived
cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/sbin/keepalived /usr/sbin/
2、keepalived配置 192.168.2.117
vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
[email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
mcast_src_ip 192.168.2.117
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass chtopnet
}
virtual_ipaddress {
192.168.2.180
}
启动脚本写入到/etc/rc.local里
echo "/etc/init.d/keepalived start" >> /etc/rc.d/rc.local
keepalived配置 192.168.2.118
vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
[email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
backup_src_ip 192.168.2.118
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass chtopnet
}
virtual_ipaddress {
192.168.2.180
}
启动脚本写入到/etc/rc.local里
echo "/etc/init.d/keepalived start" >> /etc/rc.d/rc.local
3、安装编译nginx
groupadd www
useradd -g www www
wget http://nginx.org/download/nginx-1.0.14.tar.gz
tar zxvf nginx-1.0.14.tar.gz
cd nginx-1.0.14
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module && make && make install
ln -sf /usr/local/nginx/sbin/nginx /usr/sbin
查看安装是否成功
nginx -t
分别在两台服务器编写配置文件
vi /usr/local/nginx/conf/nginx.conf
user www www;
worker_processes 8;
error_log logs/error.log notice;
pid /usr/local/nginx/logs/nginx.pid;
events {
worker_connections 51200;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
server {
listen 80;
server_name localhost;
index index.html index.htm;
root /var/www/html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
分别在两台机器创建测试文件
echo "192.168.2.117" > /var/www/html/index.html
echo "192.168.2.118" > /var/www/html/index.html
添加nginx服务控制脚本
vi /etc/init.d/nginx
#!/bin/sh
# chkconfig:- 99 20
# de script ion:Nginx Service Control script
#
case "$1" in
start)
/usr/local/nginx/sbin/nginx
;;
stop)
/usr/bin/killall -s QUIT nginx
;;
restart)
$0 stop
$0 start
;;
reload)
/usr/bin/killall -s HUP nginx
;;
*)
echo "Usage:$0"
exit 1
esac
exit 0
给/etc/init.d/nginx添加执行权限
chmod a+x /etc/init.d/nginx
启动nginx
/etc/init.d/nginx start
4、分别在192.168.2.117和192.168.2.118编写检测nginx服务是否正常。脚本如下:
vi /root/nginxpid.sh
#!/bin/bash
while :
do
nginxpid=`ps -C nginx --no-header | wc -l`
if [ $nginxpid -eq 0 ];then
/etc/init.d/nginx start
sleep 5
if [ $nginxpid -eq 0 ];then
/etc/init.d/keepalived stop
fi
fi
sleep 5
done
5、让这个脚本永远在后台运行
nohup sh /root/nginxpid.sh &
6、测试过程如下:
我们要分别在二台主Nginx上用killall杀掉Nginx进程,然后在客户端分别访问192.168.2.117和192.168.2.118这二个IP(模拟DNS轮询)看能否
正常访问Web服务器。