部署的系统为AlmaLinux,docker版本为23.0.1,docker-compose版本为v2.2.0,apisix版本为3.0.0。
服务器IP | 需安装服务(红色为必装服务) | 备注 |
---|---|---|
176.16.108.113 | docker 、docker-compose 、apisix(apisix 、dashboard 、etcd 、prometheus、grafana、nginx)、nginx 、keepalived 等 |
服务节点1 |
176.16.108.114 | docker 、docker-compose 、apisix(apisix 、dashboard 、etcd 、prometheus、grafana、nginx)、nginx 、keepalived 等 |
服务节点2 |
176.16.108.115 | - | 虚拟ip |
etcd是一个分布式的、可靠的key-value存储系统,它用于存储分布式系统中的关键数据。apisix采用etcd保存和同步配置信息。
在home目录下创建etcd-node目录,用于存放etcd集群配置文件。服务器节点1和服务器节点2均需要执行如下操作:
[root@s113 home]# cd /home/
[root@s113 home]# mkdir etcd-node
[root@s113 home]# cd etcd-node/
[root@s113 etcd-node]# touch etcd-cluster-compose.yml
[root@s113 etcd-node]# vim etcd-cluster-compose.yml
服务器节点1 etcd集群配置
version: '3'
services:
etcd:
image: bitnami/etcd:3.4.15
restart: always
volumes:
- etcd_data:/var/lib/etcd
environment:
ETCD_NAME: "etcd1"
ETCD_ENABLE_V2: "true"
ALLOW_NONE_AUTHENTICATION: "yes"
ETCD_ADVERTISE_CLIENT_URLS: "http://176.16.108.113:2379"
ETCD_INITIAL_ADVERTISE_PEER_URLS: "http://176.16.108.113:2380"
ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379"
ETCD_LISTEN_PEER_URLS: "http://0.0.0.0:2380"
ETCD_INITIAL_CLUSTER_STATE: "new"
ETCD_INITIAL_CLUSTER_TOKEN: "etcd-cluster"
ETCD_INITIAL_CLUSTER: "etcd1=http://176.16.108.113:2380, etcd2=http://176.16.108.114:2380"
ETCD_DATA_DIR: "/var/lib/etcd"
ports:
- "2379:2379/tcp"
- "2380:2380/tcp"
networks:
apisix:
networks:
apisix:
driver: bridge
volumes:
etcd_data:
driver: local
服务器节点2 etcd集群配置
version: '3'
services:
etcd:
image: bitnami/etcd:3.4.15
restart: always
volumes:
- etcd_data:/bitnami/etcd
environment:
ETCD_NAME: "etcd2"
ETCD_ENABLE_V2: "true"
ALLOW_NONE_AUTHENTICATION: "yes"
ETCD_ADVERTISE_CLIENT_URLS: "http://176.16.108.114:2379"
ETCD_INITIAL_ADVERTISE_PEER_URLS: "http://176.16.108.114:2380"
ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379"
ETCD_LISTEN_PEER_URLS: "http://0.0.0.0:2380"
ETCD_INITIAL_CLUSTER_STATE: "new"
ETCD_INITIAL_CLUSTER_TOKEN: "etcd-cluster"
ETCD_INITIAL_CLUSTER: "etcd1=http://176.16.108.113:2380, etcd2=http://176.16.108.114:2380"
ETCD_DATA_DIR: "/var/lib/etcd"
ports:
- "2379:2379/tcp"
- "2380:2380/tcp"
networks:
apisix:
networks:
apisix:
driver: bridge
volumes:
etcd_data:
driver: local
参数详细
ETCD_NAME
:设置成员节点的别名,建议为每个成员节点配置可识别的命名。
ETCD_ADVERTISE_CLIENT_URLS
:广播到集群中本成员的监听客户端请求的地址。
ETCD_INITIAL_ADVERTISE_PEER_URLS
:广播到集群中本成员的Peer监听通信地址。
ETCD_LISTEN_CLIENT_URLS
:客户端请求的监听地址列表。
ETCD_LISTEN_PEER_URLS
:Peer消息的监听服务地址列表。
ETCD_INITIAL_CLUSTER_TOKEN
:启动集群的时候指定集群口令,只有相同token的几点才能加入到同一集群。
ETCD_INITIAL_CLUSTER
:所有集群节点的地址列表。
ETCD_INITIAL_CLUSTER_STATE
:初始化集群状态,默认为new,也可以指定为existing表示要加入到一个已有集群。
在/home/etcd-node目录下执行指令,服务器节点1和服务器节点2均需要执行如下操作:
[root@s113 etcd-node]# docker-compose -f etcd-cluster-compose.yml up -d
[root@s114 etcd-node]# docker-compose -f etcd-cluster-compose.yml up -d
[root@s113 etcd-node]# docker ps
[root@s114 etcd-node]# docker ps
通过上面指令的执行结果,看出两台服务器节点上的etcd已经在docker中成功运行起来了。
查看集群
在服务器节点1上执行
[root@s113 etcd-node]# docker exec -it a8b536f1163c bash
I have no name!@a8b536f1163c:/opt/bitnami/etcd$ etcdctl member list
175f9081790c5dee, started, etcd1, http://176.16.108.113:2380, http://176.16.108.113:2379, false
5eefe34a545763d9, started, etcd2, http://176.16.108.114:2380, http://176.16.108.114:2379, false
I have no name!@a8b536f1163c:/opt/bitnami/etcd$
在服务器节点2上执行
[root@s114 etcd-node]# docker exec -it b5cef18d3687 bash
I have no name!@b5cef18d3687:/opt/bitnami/etcd$ etcdctl member list
175f9081790c5dee, started, etcd1, http://176.16.108.113:2380, http://176.16.108.113:2379, false
5eefe34a545763d9, started, etcd2, http://176.16.108.114:2380, http://176.16.108.114:2379, false
I have no name!@b5cef18d3687:/opt/bitnami/etcd$
进入etcd容器内部查看节点集群情况,看到两个节点都存在,就说明etcd集群成功了。
下载地址为:https://github.com/apache/apisix-docker/tree/release/apisix-3.0.0
上传apisix-docker-apisix-3.0.0.zip至/home目录,并解压重命名为apisix-docker。
[root@s113 home]# rz
[root@s113 home]# unzip apisix-docker-apisix-3.0.0.zip
[root@s113 home]# mv apisix-docker-release-apisix-3.0.0 apisix-docker
[root@s114 home]# rz
[root@s114 home]# unzip apisix-docker-apisix-3.0.0.zip
[root@s114 home]# mv apisix-docker-release-apisix-3.0.0 apisix-docker
由于etcd集群在安装apisix集群之前就已经安装好了,所以在这里的docker-compose.yml中就不需要再配置了,可以选择删除或者注释。
apisix镜像apisix-jdk11:latest是通过自定义插件重新生成的镜像,内嵌apisix镜像为apisix:3.0.0-centos。这里的apisix镜像可以不改,或者改为apisix:3.0.0-centos。
服务器节点1和服务器节点2
[root@s113 /]# cd /home/apisix-docker/example/
[root@s114 /]# cd /home/apisix-docker/example/
version: "3"
services:
apisix-dashboard:
image: apache/apisix-dashboard:2.13-alpine
restart: always
volumes:
- ./dashboard_conf/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml
ports:
- "9000:9000"
networks:
apisix:
apisix:
image: apisix-jdk11:latest
restart: always
volumes:
- ./apisix_log:/usr/local/apisix/logs
- ./apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml:ro
##network_mode: host
ports:
- "9180:9180/tcp"
- "9080:9080/tcp"
- "9091:9091/tcp"
- "9443:9443/tcp"
- "9092:9092/tcp"
networks:
apisix:
web1:
image: nginx:1.19.0-alpine
restart: always
volumes:
- ./upstream/web1.conf:/etc/nginx/nginx.conf
ports:
- "9081:80/tcp"
environment:
- NGINX_PORT=80
networks:
apisix:
web2:
image: nginx:1.19.0-alpine
restart: always
volumes:
- ./upstream/web2.conf:/etc/nginx/nginx.conf
ports:
- "9082:80/tcp"
environment:
- NGINX_PORT=80
networks:
apisix:
prometheus:
image: prom/prometheus:v2.25.0
restart: always
volumes:
- ./prometheus_conf/prometheus.yml:/etc/prometheus/prometheus.yml
ports:
- "9090:9090"
networks:
apisix:
grafana:
image: grafana/grafana:7.3.7
restart: always
ports:
- "3000:3000"
volumes:
- "./grafana_conf/provisioning:/etc/grafana/provisioning"
- "./grafana_conf/dashboards:/var/lib/grafana/dashboards"
- "./grafana_conf/config/grafana.ini:/etc/grafana/grafana.ini"
networks:
apisix:
networks:
apisix:
driver: bridge
volumes:
etcd_data:
driver: local
server-info插件需要开启,开启它后面可以看到apisix集群节点情况。
服务器节点1和服务器节点2
[root@s113 /]# cd /home/apisix-docker/example/apisix_conf/
[root@s114 /]# cd /home/apisix-docker/example/apisix_conf/
apisix:
node_listen: 9080 # APISIX listening port
enable_ipv6: false
enable_control: true
control:
ip: "0.0.0.0"
port: 9092
plugins:
- ext-plugin-pre-req # 请求前置插件
- proxy-rewrite # 重写插件
- server-info # 服务基本信息插件
ext-plugin:
cmd: ['java', '-Dfile.encoding=UTF-8', '-jar', '/opt/apisix-runner-bin/gateway-1.0-SNAPSHOT.jar']
deployment:
admin:
allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 0.0.0.0/0 # We need to restrict ip access rules for security. 0.0.0.0/0 is for test.
admin_key:
- name: "admin"
key: edd1c9f034335f136f87ad84b625c8f1
role: admin # admin: manage all configuration data
- name: "viewer"
key: 4054f7cf07e344346cd3f287985e76a2
role: viewer
etcd:
host:
- "http://176.16.108.113:2379"
- "http://176.16.108.114:2379"
prefix: "/apisix" # apisix configurations prefix
timeout: 30
plugin_attr:
prometheus:
export_addr:
ip: "0.0.0.0"
port: 9091
[root@s113 /]# cd /home/apisix-docker/example/dashboard_conf/
[root@s114 /]# cd /home/apisix-docker/example/dashboard_conf/
conf:
listen:
host: 0.0.0.0 # `manager api` listening ip or host name
port: 9000 # `manager api` listening port
allow_list: # If we don't set any IP list, then any IP access is allowed by default.
- 0.0.0.0/0
etcd:
endpoints: # supports defining multiple etcd host addresses for an etcd cluster
- "http://176.16.108.113:2379"
- "http://176.16.108.114:2379"
# yamllint disable rule:comments-indentation
# etcd basic auth info
# username: "root" # ignore etcd username if not enable etcd auth
# password: "123456" # ignore etcd password if not enable etcd auth
mtls:
key_file: "" # Path of your self-signed client side key
cert_file: "" # Path of your self-signed client side cert
ca_file: "" # Path of your self-signed ca cert, the CA is used to sign callers' certificates
# prefix: /apisix # apisix config's prefix in etcd, /apisix by default
log:
error_log:
level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatal
file_path:
logs/error.log # supports relative path, absolute path, standard output
# such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr
access_log:
file_path:
logs/access.log # supports relative path, absolute path, standard output
# such as: logs/access.log, /tmp/logs/access.log, /dev/stdout, /dev/stderr
# log example: 2020-12-09T16:38:09.039+0800 INFO filter/logging.go:46 /apisix/admin/routes/r1 {"status": 401, "host": "127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId": "3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1", "method": "PUT", "errs": []}
authentication:
secret:
secret # secret for jwt token generation.
# NOTE: Highly recommended to modify this value to protect `manager api`.
# if it's default value, when `manager api` start, it will generate a random string to replace it.
expire_time: 3600 # jwt token expire time, in second
users: # yamllint enable rule:comments-indentation
- username: admin # username and password for login `manager api`
password: admin
- username: user
password: user
plugins: # plugin list (sorted in alphabetical order)
- api-breaker
- authz-keycloak
- basic-auth
- batch-requests
- consumer-restriction
- cors
# - dubbo-proxy
- echo
# - error-log-logger
# - example-plugin
- fault-injection
- grpc-transcode
- hmac-auth
- http-logger
- ip-restriction
- jwt-auth
- kafka-logger
- key-auth
- limit-conn
- limit-count
- limit-req
# - log-rotate
# - node-status
- openid-connect
- prometheus
- proxy-cache
- proxy-mirror
- proxy-rewrite
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- serverless-post-function
- serverless-pre-function
# - skywalking
- sls-logger
- syslog
- tcp-logger
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- server-info
- traffic-split
切换到/home/apisix-docker/example目录下,执行启动指令。
[root@s113 example]# docker-compose -p docker-apisix up -d
[root@s114 example]# docker-compose -p docker-apisix up -d
查看集群
访问http://176.16.108.113:9000或者http://176.16.108.114:9000,输入账号admin,密码admin登录到apisix dashboard系统,打开系统信息模块,看到两个apisix节点,就代表apisix集群搭建成功了。
在http://176.16.108.113:9000或者http://176.16.108.114:9000任意一个系统中,添加上游、服务、路由信息,在两个系统中都可以看到添加的数据信息。
两台服务器节点做下面同样的指令操作。
拉取镜像
docker pull nginx
临时启动nginx容器,复制容器内的重要配置文件到本机
docker run --name nginx -p 80:80 -d nginx
docker cp nginx:/etc/nginx/nginx.conf /home/nginx/
docker cp nginx:/etc/nginx/conf.d/ /home/nginx/conf/
docker cp nginx:/usr/share/nginx/html/ /home/nginx/html/
docker cp nginx:/var/log/nginx/ /home/nginx/logs/
停止删除临时nginx容器
docker stop nginx
docker rm nginx
正式运行nginx容器
docker run -p 8080:80 \
-v /home/nginx/nginx.conf:/etc/nginx/nginx.conf \
-v /home/nginx/logs:/var/log/nginx \
-v /home/nginx/html:/usr/share/nginx/html \
-v /home/nginx/conf:/etc/nginx/conf.d \
-v /etc/localtime:/etc/localtime \
--name nginx \
--restart=always \
-d nginx
切换到/home/nginx目录中,修改相关配置文件,服务器节点1和服务器节点2均需要做如下修改。
修改nginx.conf配置文件
[root@s113 /]# cd /home/nginx/
[root@s114 /]# cd /home/nginx/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream apisix {
ip_hash;
server 176.16.108.113:9000 weight=1;
server 176.16.108.114:9000 weight=1;
}
upstream apisixApi {
server 176.16.108.113:9080 weight=1;
server 176.16.108.114:9080 weight=1;
}
include /etc/nginx/conf.d/*.conf;
}
修改default.conf配置文件
server {
listen 80;
listen [::]:80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
# 转发网站
location / {
root /usr/share/nginx/html;
index index.html index.htm;
proxy_pass http://apisix/;
}
# 转发接口
location ^~/apisixApi/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
rewrite ^/apisixApi/(.*)$ /$1 break;
proxy_pass http://apisixApi/;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
修改好配置文件,删除旧nginx容器,重新运行新nginx容器。
访问http://176.16.108.113:8080或者http://176.16.108.114:8080,输入账号admin,密码admin登录到apisix dashboard系统。
为了验证nginx集群已经生效了,我们将服务器节点 176.16.108.113上apisix停止运行。再次访问http://176.16.108.113:8080,发现访问成功,说明nginx将请求转发到了服务器节点2的apisix http://176.16.108.114:9000。
keepalived是基于VRRP协议实现的保证集群高可用的一个服务软件,主要功能是实现真机的故障隔离和负载均衡器间的失败切换,防止单点故障。VRRP协议保证当主机的下一路由器出现故障时,由另外一台路由器来代替出现故障的路由器进行工作,从而保持网络通信的连续性和可靠性。
在两台服务器节点上都安装keepalived,下面是安装步骤。
安装keepalived
yum install -y keepalived
开启keepalived服务
systemctl start keepalived.service
关闭keepalived服务
systemctl stop keepalived.service
查看keepalived服务状态
systemctl status keepalived.service
并对该脚本文件授权:
chmod 777 /etc/keepalived/nginx_check.sh
nginx_check.sh就是起到一个nginx宕机以后,自动开启服务。
切换到/home目录下,创建keepalived目录,在keepalived目录中创建nginx_check.sh文件。两个服务器节点都需要创建。
[root@s113 /]# cd /home/
[root@s113 home]# mkdir keepalived
[root@s113 home]# cd keepalived/
[root@s113 keepalived]# touch nginx_check.sh
A=`ps -ef | grep nginx | grep -v grep | wc -l`
if [ $A -eq 0 ];then
nginx
sleep 2
if [ `ps -ef | grep nginx | grep -v grep | wc -l` -eq 0 ];then
#killall keepalived
ps -ef|grep keepalived|grep -v grep|awk '{print $2}'|xargs kill -9
fi
Fi
切换到/etc/keepalived目录下,修改配置文件,两台服务器节点都需要修改。
主节点配置文件
! Configuration File for keepalived
vrrp_script chk_nginx {
script "/home/keepalived/nginx_check.sh" #运行脚本,脚本内容下面有,就是起到一个nginx宕机以后,自动开启服务
interval 2 #检测时间间隔
weight -20 #如果条件成立的话,则权重 -20
}
# 定义虚拟路由,VI_1 为虚拟路由的标示符,自己定义名称
vrrp_instance VI_1 {
state MASTER #来决定主从
interface ens192 # 绑定虚拟 IP 的网络接口,根据自己的机器填写
virtual_router_id 121 # 虚拟路由的 ID 号, 两个节点设置必须一样
mcast_src_ip 176.16.108.113 #填写本机ip
priority 100 # 节点优先级,主要比从节点优先级高
nopreempt # 优先级高的设置 nopreempt 解决异常恢复后再次抢占的问题
advert_int 1 # 组播信息发送间隔,两个节点设置必须一样,默认 1s
authentication {
auth_type PASS
auth_pass 1111
}
# 将track_script块加入instance 配置块
track_script {
chk_nginx #执行Nginx监控的服务
}
virtual_ipaddress {
176.16.108.115 #虚拟ip
}
}
从节点配置文件
! Configuration File for keepalived
vrrp_script chk_nginx {
script "/home/keepalived/nginx_check.sh" #运行脚本,脚本内容下面有,就是起到一个nginx宕机以后,自动开启服务
interval 2 #检测时间间隔
weight -20 #如果条件成立的话,则权重 -20
}
# 定义虚拟路由,VI_1 为虚拟路由的标示符,自己定义名称
vrrp_instance VI_1 {
state BACKUP #来决定主从
interface ens192 # 绑定虚拟 IP 的网络接口,根据自己的机器填写
virtual_router_id 121 # 虚拟路由的 ID 号, 两个节点设置必须一样
mcast_src_ip 176.16.108.114 #填写本机ip
priority 90 # 节点优先级,主要比从节点优先级高
nopreempt # 优先级高的设置 nopreempt 解决异常恢复后再次抢占的问题
advert_int 1 # 组播信息发送间隔,两个节点设置必须一样,默认 1s
authentication {
auth_type PASS
auth_pass 1111
}
# 将 track_script 块加入 instance 配置块
track_script {
chk_nginx #执行 Nginx 监控的服务
}
virtual_ipaddress {
176.16.108.115 # 虚拟ip
}
}
上面修改了keepalived配置文件,这里需要先重启一下keepalived服务。重启完成之后,输入http://176.16.108.115:8080,就能访问到nginx,再由nginx转发到apisix dashboard界面。
keepalived的主节点为176.16.108.113,副节点为176.16.108.114,默认使用主节点的keepalived,它的优先级高。当我们模拟将主节故障,把它停掉,虚拟ip就会漂移到副节点上,这时由副节点接手主节点的工作。当主节点恢复正常运行,副节点就会停止工作,进入备份状态。
停止主节点,观察副节点
[root@s113 /]# systemctl stop keepalived.service
[root@s113 /]# systemctl status keepalived.service
[root@s113 /]# ip add
[root@s114 /]# systemctl status keepalived.service
[root@s114 /]# ip add
[root@s113 /]# systemctl start keepalived.service
[root@s114 /]# systemctl status keepalived.service
至此,在docker中apisix集群部署就搭建完成了!
参考博客
docker如何部署etcd集群:https://www.jb51.net/article/278169.htm
Nacos+ApiSix docker 集群环境搭建(docker-compose方式):https://blog.csdn.net/u013480019/article/details/128633596
Apache APISIX v3.0 中文文档:https://www.bookstack.cn/read/apisix-3.0-zh/2690359772755fd6.md
Docker安装Nginx:https://blog.csdn.net/u010148813/article/details/126172372
nginx 配置接口:https://blog.csdn.net/code12313/article/details/117466261
Nginx 配置根据路径转发:https://blog.csdn.net/m0_67393295/article/details/126062706
nginx配置负载均衡:https://blog.csdn.net/qq_34825514/article/details/124311144
nginx 转发配置:https://www.cnblogs.com/zjhblogs/p/16423751.html
nginx的配置转发到其他网站详解:https://www.jb51.net/article/259831.htm
CentOS7 下配置Keepalived为系统服务,开机自动启动:https://it.cha138.com/php/show-40463.html
Nginx的高可用集群:https://blog.csdn.net/liangmengbk/article/details/128177421
搭建Nginx高可用集群(keepalived+双机热备):https://blog.csdn.net/weixin_59566851/article/details/124957266