参考文档:
https://www.cnblogs.com/xiugeng/p/10155283.html#_label0
https://zhuanlan.zhihu.com/p/108577218
主机名 | ip | 角色 | 描述 |
---|---|---|---|
hadoop101 | 192.168.88.101 | 主Nginx | 用于接收客户端请求 |
hadoop102 | 192.168.88.102 | 从Nginx | 当主Nginx挂掉,会接替主Nginx处理客户端请求 |
hadoop103 | 192.168.88.103 | web服务器1 | 使用nginx作为web服务器代理静态页面,也可以使用其他web服务器(如tomcat) |
hadoop104 | 192.168.88.104 | web服务器2 | 使用nginx作为web服务器代理静态页面,也可以使用其他web服务器(如tomcat) |
hadoop101和hadoop102操作相同
#安装编译工具及库文件,gcc-c++为编译环境,zlib为了gzip压缩,openssl为了支持ssl,devel主要是和开发相关的东西
[root@hadoop101 software]# yum -y install make zlib zlib-devel gcc-c++ libtool openssl openssl-devel
#PCRE 作用是让 Nginx 支持 Rewrite 功能
[root@hadoop101 software]# wget https://jaist.dl.sourceforge.net/project/pcre/pcre/8.42/pcre-8.42.tar.gz
[root@hadoop101 software]# tar -zxvf pcre-8.42.tar.gz
[root@hadoop101 software]# cd pcre-8.42
[root@hadoop101 pcre-8.42]# ./configure
[root@hadoop101 pcre-8.42]# make && make install
[root@hadoop101 pcre-8.42]# pcre-config --version
[root@hadoop101 software]# wget https://nginx.org/download/nginx-1.18.0.tar.gz
[root@hadoop101 software]# tar -xvf nginx-1.18.0.tar.gz
[root@hadoop101 software]# cd nginx-1.18.0
#筛选出以及可以安装的包,这个包括自定义安装的,--with 前缀开头的为可选安装包,其余为默认安装包,安装时使用 --with-模块名称安装
[root@hadoop101 nginx-1.18.0]# cat auto/options | grep YES
#配置,prefix指定安装路径,http_stub_status_module和http_ssl_module分别是http和https组件,with-stream为stream组件,with-pcre指pcre路径
[root@hadoop101 nginx-1.18.0]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=/opt/software/pcre-8.42 --with-stream=dynamic
#编译(生成objs目录)并安装(--prefix目录)
[root@hadoop101 nginx-1.18.0]# make && make install
# 查看自己添加的参数、编译时附带的可选模块或三方模块
[root@hadoop101 nginx-1.18.0]# /usr/local/nginx/sbin/nginx -V
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=/opt/software/pcre-8.42 --with-stream=dynamic
# 重新配置
[root@hadoop101 nginx-1.18.0]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=/opt/software/pcre-8.42 --with-stream=dynamic --with-http_gzip_static_module --with-http_auth_request_module --with-http_realip_module
# 重新编译
[root@hadoop101 nginx-1.18.0]# make
# 将生成的nginx执行文件copy到安装目录
[root@hadoop101 nginx-1.18.0]# cp -r /opt/module/nginx-1.18.0/objs/nginx /usr/local/nginx/sbin/
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream web {
ip_hash;
server 192.168.88.103 max_fails=1 fail_timeout=10;
server 192.168.88.104 max_fails=1 fail_timeout=10;
# server 192.168.88.103 weight=1 max_fails=1 fail_timeout=10;
# server 192.168.88.104 weight=2 max_fails=1 fail_timeout=10 backup;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://web;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
负载均衡流程:
1)虚拟主机接受用户请求
2)虚拟主机去找反向代理(问反向代理去哪拿数据)
3)反向代理让去找upstream
4)upstream告诉一个数据服务器IP
5)Nginx去找数据服务器,并发起用户的请求
6)数据服务器接受请求并处理请求
7)数据服务器响应请求给Nginx
8)Nginx响应请求给用户
nginx的upstream 目前支持4种方式的分配:
负载均衡服务器参数
参数 | 说明 |
---|---|
down | 表示当前的server暂时不参与负载 |
weight | 默认为1,weight越大,负载的权重就越大(用于轮询策略,ip_hash不可用) |
max_fails | 允许请求失败的次数默认为1,当超过最大次数时,返回proxy_next_upstream模块定义的错误 |
fail_timeout | 失败超时时间,在连接Server时,如果在超时时间之内超过max_fails指定的失败次数,会认为在fail_timeout时间内Server不可用,默认为10s |
backup | 其他所有的非backup机器down或者忙的时候,才会请求backup机器。所以这台机器压力会最轻 |
http://192.168.88.111:9030/bme-sso-server/swagger-ui.html ——》 http://192.168.88.103:9030/bme-sso-server/swagger-ui.html
worker_processes 1;
events {
worker_connections 1024;
}
#http负载均衡
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream web {
ip_hash;
server 192.168.88.103 max_fails=1 fail_timeout=10;
server 192.168.88.104 max_fails=1 fail_timeout=10 down;
# server 192.168.88.103 weight=1 max_fails=1 fail_timeout=10;
# server 192.168.88.104 weight=2 max_fails=1 fail_timeout=10 backup;
}
upstream bme-sso-server {
ip_hash;
server 192.168.88.103:9030 max_fails=1 fail_timeout=10;
server 192.168.88.104:9030 max_fails=1 fail_timeout=10;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://web;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 9030;
server_name localhost;
location / {
proxy_pass http://bme-sso-server;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
#tcp负载均衡
stream{
log_format proxy '[$time_local] $remote_addr->$upstream_addr '
'$protocol $status $bytes_sent $bytes_received '
'$session_time '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
access_log logs/tcp-access.log proxy ;
open_log_file_cache off;
upstream dns {
server 192.168.88.103:10086;
server 192.168.88.104:10086;
}
server{
listen 8597;
proxy_pass dns;
}
}
[root@hadoop101 ~]# yum install keepalived -y
#启动
[root@hadoop101 ~]# systemctl start keepalived
#查看运行状态
[root@hadoop101 ~]# systemctl status keepalived
#停止
[root@hadoop101 ~]# systemctl stop keepalived
[root@hadoop101 ~]# vim /etc/keepalived/keepalived.conf
#检测脚本
vrrp_script chk_http_port
{
#注意括号换行,否则脚本可能会不执行
script "/usr/local/src/check_ngx.sh" #心跳执行的脚本,检测nginx是否启动
interval 5 #(检测脚本执行的间隔,单位是秒,要比脚本执行时间大,否则会报错)
weight 2 #权重
}
#vrrp 实例定义部分
vrrp_instance VI_1 {
state MASTER # 指定keepalived的角色,MASTER为主,BACKUP为备
interface ens33 # 当前进行vrrp通讯的网络接口卡(当前centos的网卡) 用ifconfig/ip addr查看你具体的网卡
virtual_router_id 51 # 虚拟路由编号,主从要一直
priority 100 # 优先级,数值越大,获取处理请求的优先级越高
advert_int 1 # 检查间隔,默认为1s(vrrp组播周期秒数)
#授权访问
authentication {
auth_type PASS #设置验证类型和密码,MASTER和BACKUP必须使用相同的密码才能正常通信
auth_pass 1111
}
track_script {
chk_http_port #(调用检测脚本)
}
virtual_ipaddress {
192.168.88.111 # 定义虚拟ip(VIP),可多设,每行一个
}
}
[root@hadoop102 ~]# vim /etc/keepalived/keepalived.conf
#检测脚本
vrrp_script chk_http_port {
script "/usr/local/src/check_ngx.sh" #心跳执行的脚本,检测nginx是否启动
interval 5 #(检测脚本执行的间隔,单位是秒,要比脚本执行时间大,否则会报错)
weight 2 #权重
}
#vrrp 实例定义部分
vrrp_instance VI_1 {
state BACKUP # 指定keepalived的角色,MASTER为主,BACKUP为备
interface ens33 # 当前进行vrrp通讯的网络接口卡(当前centos的网卡) 用ifconfig/ip addr查看你具体的网卡
virtual_router_id 51 # 虚拟路由编号,主从要一直
priority 99 # 优先级,数值越大,获取处理请求的优先级越高
advert_int 1 # 检查间隔,默认为1s(vrrp组播周期秒数)
#授权访问
authentication {
auth_type PASS #设置验证类型和密码,MASTER和BACKUP必须使用相同的密码才能正常通信
auth_pass 1111
}
track_script {
chk_http_port #(调用检测脚本)
}
virtual_ipaddress {
192.168.88.111 # 定义虚拟ip(VIP),可多设,每行一个
}
}
[root@hadoop101 ~]# vim /usr/local/src/check_ngx.sh
#!/bin/bash
COUNT1=`ss -anpt | grep nginx | wc -l `
if [ $COUNT1 -eq 0 ] ; then
/usr/local/nginx/sbin/nginx
sleep 2
COUNT2=`ss -anpt | grep nginx | wc -l`
if [ $COUNT2 -eq 0 ] ; then
systemctl stop keepalived
echo -e "keeplived is stoped"
exit 1
else
exit 0
fi
fi
[root@hadoop101 ~]# scp -r /usr/local/src/check_ngx.sh [email protected]:/usr/local/src/
# 查看seLinux状态,SELinux status参数为enabled即为开启状态
[root@hadoop101 ~]# /usr/sbin/sestatus -v
# 也可以用这个命令检查
[root@hadoop101 ~]# getenforce
# 临时关闭(不用重启),0:permissive 1:enforcing
[root@hadoop101 ~]# setenforce 0
# 永久关闭(需要重启)
[root@hadoop101 ~]# vim /etc/selinux/config
SELINUX=disabled
[root@hadoop101 ~]# systemctl start keepalived
[root@hadoop102 ~]# systemctl start keepalived
#关闭Master,通过ip addr命令查看二个服务器的ip地址变化
[root@hadoop101 ~]# systemctl stop keepalived
#hadoop101将重新获取vip地址
[root@hadoop101 ~]# systemctl start keepalived