案例说明

为了解决Nginx的单点故障问题,使用Keepalived实现双机热备,Keepalived 是一种高性能的服务器高可用或热备解决方案, Keepalived 可以用来防止服务器单点故障的发生,通过配合 Nginx 可以实现 web 前端服务的高可用。使用ipvsadm轮询规则实现负载均衡。

案例拓扑

Nginx高可用群集架构(Keepalived+nginx+ipvsadm)_第1张图片

案例环境

主机 操作系统 ip地址 主要软件
keepalivedMaster Centos7 192.168.100.130 keepalived、ipvsadm
keepalivedBackup Centos7 192.168.100.140 keepalived、ipvsadm
nginx1 Centos7 192.168.100.100 nginx-1.14.0
nginx2 Centos7 192.168.100.110 nginx-1.14.0
客户机 win7 192.168.100.55 网页浏览器

案例操作

一、安装两台nginx服务器
1、安装环境包

yum install gcc gcc-c++ pcre pcre-devel zlib-devel -y

2、下载nginx包

cd /usr/local/
wget http://nginx.org/download/nginx-1.14.0.tar.gz

3、解压编译

tar zxf nginx-1.14.0.tar.gz
cd nginx-1.14.0
useradd -M -s /sbin/nologin nginx
./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module
make && make install

4、优化

ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/

5、修改网页站点

[root@bogon nginx]# cd /usr/local/nginx/html/

Nginx高可用群集架构(Keepalived+nginx+ipvsadm)_第2张图片
Nginx高可用群集架构(Keepalived+nginx+ipvsadm)_第3张图片

6、关闭防火墙、开启Nginx服务

[root@bogon html]# systemctl stop firewalld.service
[root@bogon sbin]# setenforce 0
[root@bogon sbin]# nginx
[root@bogon sbin]# netstat -ntap | grep nginx #检测nginx端口有没有开启
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 40686/nginx: master

7、客户机测试访问
Nginx高可用群集架构(Keepalived+nginx+ipvsadm)_第4张图片

二、配置ipvsamd调度服务器
1、下载ipvsadm和keepaliveed

[root@bogon ~]# yum install keepalived ipvsadm -y

2、关闭防火墙,开启路由转发功能

[root@bogon ~]# systemctl stop firewalld.service
[root@bogon ~]# systemctl disable firewalld.service
[root@bogon ~]# setenforce 0
[root@bogon ~]# vim /etc/sysctl.conf #添加如下四行内容
net.ipv4.ip_forward=1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects =
sysctl -p #刷新即时生效

3、复制ens33网卡,设置虚拟ip

[root@bogon ~]# cd /etc/sysconfig/network-scripts/
[root@bogon network-scripts]# cp ifcfg-ens33 ifcfg-ens33:0
[root@bogon network-scripts]# vim ifcfg-ens33:0 #删除原有内容,添加如下4行
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0
[root@bogon network-scripts]# ifup ens33:0 #启动ens33:0网卡

4、配置ipvsadm启动脚本
vim /etc/init.d/dr.sh

#!/bin/bash
GW=192.168.100.1
#网关
VIP=192.168.100.10
#虚拟ip
RIP1=192.168.100.100
#nginx1服务器ip
RIP2=192.168.100.110
#nginx2服务器ip
case "$1" in
start)
        /sbin/ipvsadm --save > /etc/sysconfig/ipvsadm
        systemctl start ipvsadm
        /sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up
        /sbin/route add -host $VIP dev ens33:0
        /sbin/ipvsadm -A -t $VIP:80 -s rr
        /sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
        /sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
        echo "ipvsadm starting --------------------[ok]"
        ;;
        stop)
        /sbin/ipvsadm -C
        systemctl stop ipvsadm
        ifconfig ens33:0 down
        route del $VIP
        echo "ipvsamd stoped----------------------[ok]"
         ;;
        status)
        if [ ! -e /var/lock/subsys/ipvsadm ];then
        echo "ipvsadm stoped---------------"
        exit 1
                else
                echo "ipvsamd Runing ---------[ok]"
        fi
        ;;
        *)
        echo "Usage: $0 {start|stop|status}"
        exit 1
        esac
        exit 0

5、添加脚本权限,启动ipvsadm

[root@bogon network-scripts]# chmod +x /etc/init.d/dr.sh
[root@bogon network-scripts]# service dr.sh start

三、回到Nginx节点服务器配置虚拟ip
1、复制ifcfg-lo网卡,进行修改

[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vim ifcfg-lo:0 #删除原本内容,添加如下4行
DEVICE=lo:0
IPADDR=192.168.100.10
NETMASK=255.255.255.0
ONBOOT=yes

2、设置ifcfg-lo:0启动脚本

[root@localhost network-scripts]# cd /etc/init.d/
[root@localhost init.d]# vim lo.sh

#!/bin/bash
VIP=192.168.100.10 
#虚拟ip
        case "$1" in
        start)
                ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
                /sbin/route add -host $VIP dev lo:0
                echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
                echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
                echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
                echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
                sysctl -p >/dev/null 2>&1
                echo "RealServer Start OK "
                ;;
        stop)
                ifconfig lo:0 down
                route del $VIP /dev/null 2>&1
                echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
                echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
                echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
                echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
                echo "RealServer Stopd"
                ;;
        *)
                echo "Usage: $0 {start|stop}"
                exit 1
        esac
        exit 0

3、添加脚本权限,启动lo:0网卡

[root@localhost init.d]# chmod +x lo.sh
[root@localhost init.d]# service lo.sh start
[root@localhost init.d]# ifup lo:0

4、本地再次自测站点

[root@localhost init.d]# firefox "http://127.0.0.1/" &

Nginx高可用群集架构(Keepalived+nginx+ipvsadm)_第5张图片
Nginx高可用群集架构(Keepalived+nginx+ipvsadm)_第6张图片

四、配置Keepalived

vim /etc/keepalived/keepalived.conf (主从服务器配置内容如下)

 ! Configuration File for keepalived

global_defs {
   notification_email {
     [email protected]
     [email protected]
     [email protected]
   }
   notification_email_from [email protected]
   smtp_server 127.0.0.1        #指向本地地址
   smtp_connect_timeout 30
   router_id LVS_01                #从服务器LVS_02加以区分
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER              #从服务器为BACKUP
    interface ens33             #绑定真实网卡为ens33
    virtual_router_id 51
    priority 100
   advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {               #虚拟ip地址
        192.168.100.10
    }
}

virtual_server 192.168.100.10 80 {        #虚拟ip地址,端口号80
    delay_loop 6
    lb_algo rr
    lb_kind NAT
    persistence_timeout 50
    protocol TCP

   real_server 192.168.100.100 80 {        #nginx1ip地址,端口80
        weight 1
        TCP_CHECK {                      #改为TCP_CHECK,删除原有的url8行
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
        real_server 192.168.100.110 443 {    #nginx2ip地址,端口80
        weight 1
        TCP_CHECK {                     #改为TCP_CHECK,删除原有的url8行
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

2、开启keepalived服务

[root@bogon ~]# systemctl start keepalived.service
[root@bogon ~]# systemctl status keepalived.service #查看状态

Nginx高可用群集架构(Keepalived+nginx+ipvsadm)_第7张图片

五、客户机测试
1、通过访问虚拟ip测试nginx网站
Nginx高可用群集架构(Keepalived+nginx+ipvsadm)_第8张图片
2、宕掉Master的keepalived服务器的虚拟ip,再次访问
[root@bogon network-scripts]# systemctl stop keepalived.service
Nginx高可用群集架构(Keepalived+nginx+ipvsadm)_第9张图片

结尾小结:
1、因本文使用的虚拟机模拟案例,所以先用NAT模式下好了所有软件包,然后修改为仅主机模式。
2、关于keepalived宕机再开的问题,要查看防火墙,重新关闭一次。
3、测试时宕掉了master的keepalved,发现无法访问站点,需要检查虚拟IP,重新启动ipvsadm。