LVS+KeepaLived+Nginx SSL(一)

 

LVS+KeepaLived+Nginx SSL验证

keepalived安装

  
  
  
  
  1. yum  -y  install kernel-devel  openssl-*  ipvsadm
  2. wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz  
  3. tar zxf keepalived-1.2.2.tar.gz  
  4. cd  keepalived-1.2.2  
  5. vim keepalived/libipvs-2.6/ip_vs.h  
  6.       
  7. #将#include <linux/types.h>        /* For __beXX types in userland */移动到#include <sys/types.h>下面,以解决make时的报错问题  
  8.       
  9. ./configure ./configure --with-kernel-dir=/usr/src/kernels/2.6.18-274.18.1.el5-x86_64/  
  10. make && make install  
  11. #--with-kernel-dir编译选项 是为了增加IPVS支持  
  12.  
  13. mkdir /etc/keepalived/ 
  14. vim /etc/keepalived/keepalived.conf 
  15. #加入下面的内容 
  16. vrrp_instance VI_1 { 
  17.     state MASTER 
  18.     interface eth0 
  19.     virtual_router_id 51 
  20.     priority 200 
  21.     advert_int 1 
  22.     authentication { 
  23.         auth_type PASS 
  24.         auth_pass 1111 
  25.     } 
  26.     virtual_ipaddress { 
  27.         192.168.5.230 
  28.     } 
  29.  
  30. virtual_server 192.168.5.230 443  { 
  31.     delay_loop 6 
  32.     lb_algo rr 
  33.     lb_kind DR 
  34.     persistence_timeout 50 
  35.     protocol TCP 
  36.  
  37.     real_server 192.168.5.202 443  { 
  38.         weight 3 
  39. inhibit_on_failure
  40.     TCP_CHECK { 
  41.             connect_timeout 10 
  42.             nb_get_retry 3 
  43.             delay_before_retry 3 
  44.          connect_port 443  
  45.         } 
  46.     } 
  47.     real_server 192.168.5.204 443  { 
  48.         weight 3 
  49.         inhibit_on_failure 
  50.     TCP_CHECK { 
  51.             connect_timeout 10 
  52.             nb_get_retry 3 
  53.             delay_before_retry 3 
  54.          connect_port 443  
  55.         } 
  56.     } 
  57. virtual_server 192.168.5.230 80  { 
  58.     delay_loop 6 
  59.     lb_algo rr 
  60.     lb_kind DR 
  61.     inhibit_on_failure 
  62.     persistence_timeout 50 
  63.     protocol TCP 
  64.  
  65.     real_server 192.168.5.202 80  { 
  66.         weight 3
  67.         inhibit_on_failure 
  68.     TCP_CHECK { 
  69.             connect_timeout 10 
  70.             nb_get_retry 3 
  71.             delay_before_retry 3 
  72.          connect_port 80  
  73.         } 
  74.     } 
  75.     real_server 192.168.5.204 80  { 
  76.         weight 3 
  77.         inhibit_on_failure 
  78.     TCP_CHECK { 
  79.             connect_timeout 10 
  80.             nb_get_retry 3 
  81.             delay_before_retry 3 
  82.          connect_port 80  
  83.         } 
  84.     } 
  85.  
  86. #然后用 keepalived 命令启动keepalived程序 

 

  
  
  
  
  1. state                     #keepalived的状态 有MASTER和SLAVE 两种 
  2. interface                 #实例绑定的网卡 
  3. virtual_router_id         #VRID 
  4. priority                  #优先级,即使state指定为MASTER但如果,priority低也有可能变成SLAVE(受到nopreempt影响) 
  5. advert_int                #设定检测间隔 
  6. authentication            #设定验证方式:auth_type,以及验证密码:auth_pass 
  7. virtual_ipaddress         #VIP,可以写多个,每个占一行 
  8.  
  9. virtual_server            #指定virtual server 以及端口号 
  10. delay_loop                #对realserver的检测间隔时间 
  11. lb_algo                   #LVS的轮询算法 
  12. lb_kind                   #LVS的工作模式为DR 
  13. inhibit_on_failure        #当检测失效后将权重标记为0 
  14. persistence_timeout       #将50s内来自同一ip的请求转发到同一后端 
  15. protocol TCP              #使用的协议 
  16. real_server               #后端web配置字段 
  17. weight                    #权重,权重越高接收到的请求越多 
  18. TCP_CHECK                 #检测方式 
  19. connect_timeout           #连接超时时间 
  20. connect_port              #健康检测端口 
  21. nb_get_retry              #重连次数 
  22. delay_before_retry        #重连间隔时间 

#启动成功后可以通过ipvsadm命令来查看

realserver 启动脚本:

 

  
  
  
  
  1. #这个IP添加到网卡配置文件中也可以,我犯懒就直接拷贝了LT论坛中的脚本, 作者名字下面有写
  2.  
  3. #!/bin/bash 
  4. # description: Config realserver lo and apply noarp  
  5. #Written by :NetSeek http://www.linuxtone.org 
  6.          
  7. SNS_VIP="192.168.5.230" 
  8.           
  9. . /etc/rc.d/init.d/functions 
  10.           
  11.         case "$1" in 
  12.         start) 
  13.                ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP 
  14.                /sbin/route add -host $SNS_VIP dev lo:0 
  15.                echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore 
  16.                echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce 
  17.                echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore 
  18.                echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce 
  19.                sysctl -p >/dev/null 2>&1 
  20.                echo "RealServer Start OK" 
  21.           
  22.                ;; 
  23.         stop) 
  24.                ifconfig lo:0 down 
  25.                route del $SNS_VIP >/dev/null 2>&1 
  26.                echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore 
  27.                echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce 
  28.                echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore 
  29.                echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce 
  30.                echo "RealServer Stoped" 
  31.                ;; 
  32.         *) 
  33.                echo "Usage: $0 {start|stop}" 
  34.                exit 1 
  35.         esac 
  36.           
  37.         exit 0 

你可能感兴趣的:(nginx,keepalived,职场,休闲)