Nginx+keepalived
一、环境:
centos5.6(64位)、nginx-0.7.51、keepalived-1.1.15
主nginx负载均衡器:192.168.1.205
辅nginx负载均衡器:192.168.1.206
vip:192.168.1.200
二、安装nginx
yum install gcc gcc-c++ zlib-devel openssl openssl-devel gd keyutils patch perl mhash
#添加运行nginx的用户和组www
useradd -M -s /sbin/nologin www
tar zxvf pcre-7.8.tar.gz (见附件)
cd pcre-7.8/
./configure
make && make install
wget http://nginx.org/download/nginx-1.4.2.tar.gz
tar zxf nginx-1.4.2.tar.gz
cd nginx-1.4.2
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre --with-http_realip_module
make && make install
mkdir /var/log/nginx
vim /usr/local/nginx/conf/nginx.conf
user www www; worker_processes 8; #工作进程数,为CPU的核心数或者两倍 pid /usr/local/nginx/logs/nginx.pid; events { use epoll; #epoll是多路复用IO(I/O Multiplexing)中的一种方式,但是仅用于linux2.6以上内核,可以大大提高nginx的性能 worker_connections 65535; #单个后台worker process进程的最大并发链接数 } http{ include mime.types; default_type application/octet-stream; log_format access '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for'; access_log /var/log/nginx/access.log access; error_log /var/log/nginx/error.log; server_names_hash_bucket_size 128; client_header_buffer_size 128; large_client_header_buffers 2 128k; client_max_body_size 10m; client_body_buffer_size 128k; client_header_timeout 90s; client_body_timeout 90s; send_timeout 90s; sendfile on; keepalive_timeout 120; tcp_nopush on; tcp_nodelay on; server_tokens off; proxy_connect_timeout 20; proxy_send_timeout 90; proxy_read_timeout 40; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; ##开启gzip压缩 gzip on; gzip_min_length 1k; #设置最小的压缩值,单位为bytes.超过设置的min_length的值会进行压缩,小于的不压缩. gzip_buffers 16 64k; #设置系统的缓存大小,以存储GZIP压缩结果的数据流,它可以避免nginx频烦向系统申请压缩空间大小 gzip_http_version 1.1; #识别http的协议版本(1.0/1.1) gzip_comp_level 2; #压缩等级设置,1-9,1是最小压缩,速度也是最快的;9刚好相反,最大的压缩,速度是最慢的,消耗的CPU资源也多 gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; #和http头有关系,加个vary头,代理判断是否需要压缩 upstream www.test.com { ip_hash; server 192.168.1.230:80; server 192.168.1.201:80; } server { listen 80; server_name www.test.com; location / { root html ; index index.php index.jsp index.htm index.html; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://www.test.com; } location /NginxStatus/ { stub_status on; allow 127.0.0.1; access_log on; auth_basic "NginxStatus"; auth_basic_user_file /usr/local/nginx/htpasswd; } error_page 500 502 503 504 /50x.html; //自定义错误页面 location = /50x.html { root html; //错误页面放在/usr/local/nginx/html/目录下 } location ~ updating.jpg { //错误页面调用的图片 root /usr/local/nginx/html/; //图片位置 } } }
htpasswd -c -m /usr/local/nginx/htpasswd admin //admin为用户名,创建状态认证文件。
三、安装Keepalived,让其分别作web及Nginx的HA
wget http://www.keepalived.org/software/keepalived-1.1.15.tar.gz
tar zxvf keepalived-1.1.15.tar.gz
cd keepalived-1.1.15
./configure --prefix=/usr/local/keepalived
make
make install
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
mkdir /etc/keepalived
cd /etc/keepalived/
vim keepalived.conf
! Configuration File for keepalived global_defs { router_id DR } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 mcast_src_ip 192.168.1.205 //主nginx的IP地址 priority 100 advert_int 1 authentication { auth_type PASS auth_pass chtopnet } virtual_ipaddress { 192.168.1.200 //vip地址 } }
#service keepalived start
[root@nginx01 mnt]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:37:10:34 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.205/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.200/32 scope global eth0 //主DR上有VIP1.200
inet6 fe80::20c:29ff:fe37:1034/64 scope link
valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
辅DR的配置文件
! Configuration File for keepalived global_defs { router_id DR } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 mcast_src_ip 192.168.1.206 priority 10 advert_int 1 authentication { auth_type PASS auth_pass chtopnet } virtual_ipaddress { 192.168.1.200 } }
四、监控nginx
监控nginx进程脚本,放置在后台一直监控nginx进程;如进程消失,尝试重启nginx,如是失败则立即停掉本机的keepalived服务,让另一台负载均衡器接手。
vim /root/nginx_pid.sh
#!/bin/bash while : do nginxpid=`ps -C nginx --no-header | wc -l` if [ $nginxpid -eq 0 ];then /usr/local/nginx/sbin/nginx sleep 5 if [ $nginxpid -eq 0 ];then /etc/init.d/keepalived stop fi fi sleep 5 done
将脚本置于后台运行
nohup /mnt/nginx.sh &
五、测试
tail -f /var/log/messages
关闭keeplived
关闭nginx
六、关闭系统不必要的服务
chkconfig bluetooth off
chkconfig cups off 打印服务
chkconfig isdn off 拨号上网服务
chkconfig kudzu off 硬件检测
chkconfig sendmail off
chkconfig smartd off
chkconfig autofs off
/etc/init.d/avahi-daemon stop
chkconfig avahi-daemon off