一、实验环境

操作系统：CentOS7.2 Mininal

serverA：192.168.1.104

serverB：192.168.1.109

VIP： 192.168.1.110

test： 192.168.1.120

二、软件安装

在serverA 和 serverB 上

# yum -y install nginx bind ntp keepalived

# systemctl enable named ntpd nginx keepalived

三、特殊配置

在serverA 和 serverB 上

# sysctl -w net.ipv4.ip_nonlocal_bind=1

# echo "net.ipv4.ip_nonlocal_bind=1" >> /etc/sysctl.conf

注：更改Linux系统控制文件，使得端口即使监听在不存在的IP上，也不报错

# setenforce 0

# sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config

# systemctl stop firewalld

# systemctl diable firewalld

三、serverA服务配置

# vim /etc/keepalived/keepalived.conf

##############################

! Configuration File for keepalived

global_defs {

router_id LVS_DEVEL

}

vrrp_script check {

script "/etc/keepalived/check.sh"

interval 5

}

vrrp_instance VI_1 {

state BACKUP

interface eno16777736

virtual_router_id 100

priority 100

advert_int 1

nopreempt

authentication {

auth_type PASS

auth_pass 1111

}

track_script {

check

}

virtual_ipaddress {

192.168.1.110

}

##############################

注意： vrrp_script{}中的interval时间需大于脚本中的sleep时间！

# vim /etc/keepalived/check.sh

##############################

#!/bin/bash

nginx_status1=$(ps -C nginx --no-heading|wc -l)

if [ "${nginx_status1}" = "0" ]; then

systemctl start nginx.service

sleep 3

nginx_status2=$(ps -C nginx --no-heading|wc -l)

if [ "${nginx_status2}" = "0" ]; then

systemctl stop keepalived.service

named_status1=$(ps -C named --no-heading|wc -l)

if [ "${named_status1}" = "0" ]; then

systemctl start named.service

sleep 3

named_status2=$(ps -C named --no-heading|wc -l)

if [ "${named_status2}" = "0" ]; then

systemctl stop keepalived.service

ntpd_status1=$(ps -C ntpd --no-heading|wc -l)

if [ "${ntpd_status1}" = "0" ]; then

systemctl start ntpd.service

sleep 3

ntpd_status2=$(ps -C ntpd --no-heading|wc -l)

if [ "${ntpd_status2}" = "0" ]; then

systemctl stop keepalived.service

#######################################

# chmod +x /etc/keepalived/check.sh

# vim /etc/ntp.conf

########################################

driftfile /var/lib/ntp/drift

restrict default nomodify notrap nopeer noquery

restrict 127.0.0.1

restrict ::1

restrict 192.168.1.0 mask 255..255.255.0 nomodify notrap

server 192.168.1.110 iburst

server 127.127.1.0

fudge 127.127.1.0 stratum 10

interface ignore wildcard

interface listen 192.168.1.110

interface listen 127.0.0.1

includefile /etc/ntp/crypto/pw

keys /etc/ntp/keys

disable monitor

##########################################

# vim /etc/named.conf

##########################################

options {

listen-on port 53 { 192.168.1.110; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

pid-file "/run/named/named.pid";

};

zone "test.com" IN {

type master;

file "test.com.zone";

};

###############################################

# cp -p /var/named/named.localhost /var/named/test.com.zone

# vim /var/named/test.com.zone

# vim /etc/nginx/nginx.conf

#########################################

# For more information on configuration, see:

# * Official English Documentation:http://nginx.org/en/docs/

# * Official Russian Documentation:http://nginx.org/ru/docs/

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events {

worker_connections 1024;

}

# stream转发

stream {

# hash $remote_addr consistent;

proxy_connect_timeout 3s;

include /etc/nginx/conf.d/stream_proxy.conf;

}

# http转发

http {

client_max_body_size 500M;

include mime.types;

default_type application/octet-stream;

server_tokens off;

sendfile on;

keepalive_timeout 65;

include /etc/nginx/conf.d/http_proxy.conf;

}

############################################

# vim /etc/nginx/conf.d/stream_proxy.conf

#############################################

upstream stream_service {

hash $remote_addr consistent;

server192.168.1.103:12345 max_fails=1 fail_timeout=180s;

server 192.168.1.104:12345 max_fails=1 fail_timeout=180s;

}

server {

listen 192.168.1.110:54321;

proxy_pass stream_service;

}

#####################################################

# vim /etc/nginx/conf.d/http_proxy.conf

#####################################################

upstream http_service {

server 192.168.1.107:443 max_fails=1 fail_timeout=180s;

server 192.168.1.108:443 max_fails=1 fail_timeout=180s;

}

server {

listen 192.168.1.110:443 ssl;

ssl_certificate /etc/nginx/ssl/nginx-selfsigned.crt;

ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key;

location / {

proxy_connect_timeout 3;

proxy_send_timeout 600;

proxy_read_timeout 600;

send_timeout 600;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass https://http_service;

}

#################################################################

# mkdir /etc/nginx/ssl

# openssl req -x509 -nodes \

-newkey rsa:2048 \

-days 365 \

-subj "/C=CN/ST=Gunagdong/L=Shenzhen/O=TEST/OU=TEST/CN=www.test.com" \

-keyout /etc/nginx/ssl/nginx-selfsigned.key \

-out /etc/nginx/ssl/nginx-selfsigned.crt

四、serverB服务配置

# vim /etc/keepalived/keepalived.conf

##########################

! Configuration File for keepalived

global_defs {

router_id LVS_DEVEL

}

vrrp_script check {

script "/etc/keepalived/check.sh"

interval 5

}

vrrp_instance VI_1 {

state BACKUP

interface eno16777736

virtual_router_id 100

priority 90

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

track_script {

check

}

virtual_ipaddress {

192.168.1.110

}

##############################

注意： vrrp_script{}中的interval时间需大于脚本中的sleep时间！

# vim /etc/keepalived/check.sh

##############################

#!/bin/bash

nginx_status1=$(ps -C nginx --no-heading|wc -l)

if [ "${nginx_status1}" = "0" ]; then

systemctl start nginx.service

sleep 3

nginx_status2=$(ps -C nginx --no-heading|wc -l)

if [ "${nginx_status2}" = "0" ]; then

systemctl stop keepalived.service

named_status1=$(ps -C named --no-heading|wc -l)

if [ "${named_status1}" = "0" ]; then

systemctl start named.service

sleep 3

named_status2=$(ps -C named --no-heading|wc -l)

if [ "${named_status2}" = "0" ]; then

systemctl stop keepalived.service

ntpd_status1=$(ps -C ntpd --no-heading|wc -l)

if [ "${ntpd_status1}" = "0" ]; then

systemctl start ntpd.service

sleep 3

ntpd_status2=$(ps -C ntpd --no-heading|wc -l)

if [ "${ntpd_status2}" = "0" ]; then

systemctl stop keepalived.service

#######################################

# chmod +x /etc/keepalived/check.sh

# vim /etc/ntp.conf

########################################

driftfile /var/lib/ntp/drift

restrict default nomodify notrap nopeer noquery

restrict 127.0.0.1

restrict ::1

restrict 192.168.1.0 mask 255..255.255.0 nomodify notrap

server 192.168.1.110 iburst

server 127.127.1.0

fudge 127.127.1.0 stratum 10

interface ignore wildcard

interface listen 192.168.1.110

interface listen 127.0.0.1

includefile /etc/ntp/crypto/pw

keys /etc/ntp/keys

disable monitor

##########################################

# vim /etc/named.conf

##########################################

options {

listen-on port 53 { 192.168.1.110; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

pid-file "/run/named/named.pid";

};

zone "test.com" IN {

type master;

file "test.com.zone";

};

###############################################

# cp -p /var/named/named.localhost /var/named/test.com.zone

# vim /var/named/test.com.zone

# vim /etc/nginx/nginx.conf

#########################################

# For more information on configuration, see:

# * Official English Documentation:http://nginx.org/en/docs/

# * Official Russian Documentation:http://nginx.org/ru/docs/

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events {

worker_connections 1024;

}

# stream转发

stream {

# hash $remote_addr consistent;

proxy_connect_timeout 3s;

include /etc/nginx/conf.d/stream_proxy.conf;

}

# http转发

http {

client_max_body_size 500M;

include mime.types;

default_type application/octet-stream;

server_tokens off;

sendfile on;

keepalive_timeout 65;

include /etc/nginx/conf.d/http_proxy.conf;

}

############################################

# vim /etc/nginx/conf.d/stream_proxy.conf

#############################################

upstream stream_service {

hash $remote_addr consistent;

server192.168.1.103:12345 max_fails=1 fail_timeout=180s;

server 192.168.1.104:12345 max_fails=1 fail_timeout=180s;

}

server {

listen 192.168.1.110:54321;

proxy_pass stream_service;

}

#####################################################

# vim /etc/nginx/conf.d/http_proxy.conf

#####################################################

upstream http_service {

server 192.168.1.107:443 max_fails=1 fail_timeout=180s;

server 192.168.1.108:443 max_fails=1 fail_timeout=180s;

}

server {

listen 192.168.1.110:443 ssl;

ssl_certificate /etc/nginx/ssl/nginx-selfsigned.crt;

ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key;

location / {

proxy_connect_timeout 3;

proxy_send_timeout 600;

proxy_read_timeout 600;

send_timeout 600;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass https://http_service;

}

#################################################################

# mkdir /etc/nginx/ssl

# openssl req -x509 -nodes \

-newkey rsa:2048 \

-days 365 \

-subj "/C=CN/ST=Gunagdong/L=Shenzhen/O=TEST/OU=TEST/CN=www.test.com" \

-keyout /etc/nginx/ssl/nginx-selfsigned.key \

-out /etc/nginx/ssl/nginx-selfsigned.crt

五、启动服务

在serverA 和 serveB上

# systemctl start named ntpd nginx keepalived

六、查看服务状态

在serverA

在serverB

七、在test服务器上测试

反向代理测试：

https://192.168.1.110:443

DNS测试：

# vim /etc/resolv.conf

######################

nameserver 192.168.1.110

# Generated by NetworkManager

nameserver 202.96.128.166

nameserver 202.96.134.133

#####################

# ping www.test.com

# ping mysql.test.com

NTP测试：

# ntpdate 192.168.1.110

# vim /etc/ntp.conf

#########################

driftfile /var/lib/ntp/drift

restrict default nomodify notrap nopeer noquery

restrict 127.0.0.1

restrict ::1

server 192.168.1.110 iburst

restrict 192.168.1.110 nomodify notrap noquery

server 127.127.1.0

fudge 127.127.1.0 stratum 10

includefile /etc/ntp/crypto/pw

keys /etc/ntp/keys

disable monitor

#########################

# systemctl start ntpd

# systemctl enable ntpd

八、前端的高可用性测试

在 serverA

# systemctl restart keepalived

# systemctl status keepalived

# ip addr list

在 serverB

# systemctl status keepalived

# ip addr list

可以看到，重启serverA的keepalived,VIP成功漂移了，实际上，VIP所在的服务器上的 nginx、named 、ntpd任何一个服务出问题，keepalived的检测脚本就会停其keepalived服务，使得VIP漂移，服务基本不受影响，实现高可用！

【frontend】前端frontend的安装与配置

一、实验环境

二、软件安装

三、特殊配置

三、serverA服务配置

四、serverB服务配置

五、启动服务

六、查看服务状态

七、在test服务器上测试

八、前端的高可用性测试

你可能感兴趣的:(【frontend】前端frontend的安装与配置)