本文共 11274 字,大约阅读时间需要 37 分钟。
1)拓扑描述:
2) nginx的安装准备
pcre:兼容的正则表达式,nginx也要支持伪静态
| 1 2 3 4 | # yum -y install pcre pcre-devel # yum -y install openssl* # mkdir -p /application/nginx1.6.2 # ln -s /application/nginx1.6.2 /application/nginx |
3) 安装nginx
| 1 2 3 4 5 6 7 8 | # cd /usr/local/src # tar xf nginx-1.6.2.tar.gz # cd nginx-1.6.2 # useradd nginx -s /sbin/nologin -M # ./configure --user=nginx --group=nginx --prefix=/application/nginx1.6.2 --with-http_stub_status_module --with-http_ssl_module # echo $? 0 # make && make install |
4) 启动nginx
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | 检查语法: # /application/nginx1.6.2/sbin/nginx -t nginx: the configuration file /application/nginx1 .6.2 /conf/nginx .conf syntax is ok nginx: configuration file /application/nginx1 .6.2 /conf/nginx .conf test is successful 启动nginx: # /application/nginx/sbin/nginx 查看端口号: # lsof -i :80 COMMAND PID USER FD TYPE DEVICE SIZE /OFF NODE NAME nginx 14603 root 6u IPv4 29397 0t0 TCP *:http (LISTEN) nginx 14604 nginx 6u IPv4 29397 0t0 TCP *:http (LISTEN) # netstat -tunlp | grep nginx tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 14603 /nginx 测试网页页面: # curl -I localhost HTTP /1 .1 200 OK Server: nginx /1 .6.2 Date: Tue, 20 Sep 2016 02:17:20 GMT Content-Type: text /html Content-Length: 612 Last-Modified: Tue, 20 Sep 2016 02:11:05 GMT Connection: keep-alive ETag: "57e09ab9-264" Accept-Ranges: bytes |
5)配置nginx启动脚本
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 | # vim /etc/init.d/nginx #!/bin/sh # chkconfig: 2345 85 15 # description:Nginx Server # nginx的安装目录 NGINX_HOME= /application/nginx # nginx的命令 NGINX_SBIN=$NGINX_HOME /sbin/nginx # nginx的配置文件 NGINX_CONF=$NGINX_HOME /conf/nginx .conf # nginx的pid NGINX_PID=$NGINX_HOME /logs/nginx .pid NGINX_NAME= "Nginx" . /etc/rc .d /init .d /functions if [ ! -f $NGINX_SBIN ] then echo "$NGINX_NAME startup: $NGINX_SBIN not exists! " exit fi start() { $NGINX_SBIN -c $NGINX_CONF ret=$? if [ $ret - eq 0 ]; then action $ "Starting $NGINX_NAME: " /bin/true else action $ "Starting $NGINX_NAME: " /bin/false fi } stop() { kill ` cat $NGINX_PID` ret=$? if [ $ret - eq 0 ]; then action $ "Stopping $NGINX_NAME: " /bin/true else action $ "Stopping $NGINX_NAME: " /bin/false fi } restart() { stop start } check() { $NGINX_SBIN -c $NGINX_CONF -t } reload() { kill -HUP ` cat $NGINX_PID` && echo "reload success!" } relog() { kill -USR1 ` cat $NGINX_PID` && echo "relog success!" } case "$1" in start) start ;; stop) stop ;; restart) restart ;; check|chk) check ;; status) status -p $NGINX_PID ;; reload) reload ;; relog) relog ;; *) echo $ "Usage: $0 {start|stop|restart|reload|status|check|relog}" exit 1 esac # chmod +x /etc/init.d/nginx # /etc/init.d/nginx start # chkconfig --add nginx # chkconfig nginx on |
6) 配置nginx的upstream功能(两台负载均衡器上做相同的配置)
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | # egrep -v '#' /application/nginx/conf/nginx.conf|grep -v '^$' worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application /octet-stream ; include extra /upstream01 .conf; sendfile on; keepalive_timeout 65; server { listen 80; server_name localhost; location / { root html; index index.html index.htm; } error_page 500 502 503 504 /50x .html; location = /50x .html { root html; } } } 说明:注意include extra /upstream01 .conf这个文件,是引用此文件(两台负载均衡器上做系统的nginx配置) # mkdir -p /application/nginx/conf/extra/ # vim /application/nginx/conf/extra/upstream01.conf upstream nginx.wanwan.com { server 10.10.10.128:80 weight=5; server 10.10.10.132:80 weight=5; } server { listen80; server_namenginx.wanwan.com; location / { proxy_pass http: //nginx .wanwan.com; } } # /etc/init.d/nginx restart Stopping Nginx: [确定] Starting Nginx: [确定] |
7)keepalived的安装
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 | # cd /usr/local/src # wget http://www.keepalived.org/software/keepalived-1.1.19.tar.gz # ln -s /usr/src/kernels/2.6.32-573.el6.x86_64/ /usr/src/linux # ls -l /usr/src 总用量 244 drwxr-xr-x. 2 root root 4096 9月 23 2011 debug -rw-r--r-- 1 root root 241437 1月 28 2014 keepalived-1.1.19. tar .gz drwxr-xr-x. 3 root root 4096 7月 5 23:49 kernels lrwxrwxrwx 1 root root 39 8月 31 08:49 linux -> /usr/src/kernels/2 .6.32-573.el6.x86_64/ # tar xf keepalived-1.1.19.tar.gz # cd keepalived-1.1.19 # ./configure # make && make install # cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/ # cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ # mkdir -p /etc/keepalived # cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/ # cp /usr/local/sbin/keepalived /usr/sbin/ # /etc/init.d/keepalived start 正在启动 keepalived: [确定] # ps -ef | grep keepalived root 18750 1 0 22:55 ? 00:00:00 keepalived -D root 18752 18750 0 22:55 ? 00:00:00 keepalived -D root 18753 18750 0 22:55 ? 00:00:00 keepalived -D root 18755 18664 0 22:55 pts /0 00:00:00 grep keepalived keepalived-master的配置文件 /etc/keepalived/keepalived .conf [root@nginx01 extra] # cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { 314324506@qq.com } notification_email_from Alexandre.Cassen@firewall.loc smtp_server smtp.qq.com smtp_connect_timeout 30 router_id nginx_7 } vrrp_instance VI_231 { state MASTER interface eth0 virtual_router_id 231 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.10.10.231 /24 } } } keepalived-slave的配置文件 /etc/keepalived/keepalived .conf [root@nginx02 ~] # cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { 314324506@qq.com } notification_email_from Alexandre.Cassen@firewall.loc smtp_server smtp.qq.com smtp_connect_timeout 30 router_id nginx_7 } vrrp_instance VI_231 { state BACKUP interface eth0 virtual_router_id 231 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.10.10.231 /24 } } } |
8) 测试keepalived的功能(VIP为10.10.10.231)
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 | [root@nginx01 extra] # ip add list 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1 /8 scope host lo inet6 ::1 /128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link /ether 00:0c:29:d7:3e:f8 brd ff:ff:ff:ff:ff:ff inet 10.10.10.131 /24 brd 10.10.10.255 scope global eth0 inet 10.10.10.231 /24 scope global secondary eth0 inet6 fe80::20c:29ff:fed7:3ef8 /64 scope link valid_lft forever preferred_lft forever [root@nginx02 ~] # ip add list 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1 /8 scope host lo inet6 ::1 /128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link /ether 00:0c:29:71:33:eb brd ff:ff:ff:ff:ff:ff inet 10.10.10.135 /24 brd 10.10.10.255 scope global eth0 inet6 fe80::20c:29ff:fe71:33eb /64 scope link valid_lft forever preferred_lft forever 关闭主负载均衡上的keepalived功能 [root@nginx01 extra] # /etc/init.d/keepalived stop 停止 keepalived: [确定] [root@nginx01 extra] # ip add list 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1 /8 scope host lo inet6 ::1 /128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link /ether 00:0c:29:d7:3e:f8 brd ff:ff:ff:ff:ff:ff inet 10.10.10.131 /24 brd 10.10.10.255 scope global eth0 inet6 fe80::20c:29ff:fed7:3ef8 /64 scope link valid_lft forever preferred_lft forever [root@nginx02 ~] # ip add list 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1 /8 scope host lo inet6 ::1 /128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link /ether 00:0c:29:71:33:eb brd ff:ff:ff:ff:ff:ff inet 10.10.10.135 /24 brd 10.10.10.255 scope global eth0 inet 10.10.10.231 /24 scope global secondary eth0 inet6 fe80::20c:29ff:fe71:33eb /64 scope link valid_lft forever preferred_lft forever 由上,我们可以知道vip很快就进行了切换,那么我们恢复主负载均衡器上的keepalived功能: [root@nginx01 extra] # /etc/init.d/keepalived start 正在启动 keepalived: [确定] [root@nginx01 extra] # ip add list 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1 /8 scope host lo inet6 ::1 /128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link /ether 00:0c:29:d7:3e:f8 brd ff:ff:ff:ff:ff:ff inet 10.10.10.131 /24 brd 10.10.10.255 scope global eth0 inet 10.10.10.231 /24 scope global secondary eth0 inet6 fe80::20c:29ff:fed7:3ef8 /64 scope link valid_lft forever preferred_lft forever [root@nginx02 ~] # ip add list 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1 /8 scope host lo inet6 ::1 /128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link /ether 00:0c:29:71:33:eb brd ff:ff:ff:ff:ff:ff inet 10.10.10.135 /24 brd 10.10.10.255 scope global eth0 inet6 fe80::20c:29ff:fe71:33eb /64 scope link valid_lft forever preferred_lft forever 由上,我们发现当主负载均衡器恢复后,vip很快就切换过来了(因为主负载均衡器上的优先级更高) |
9)测试nginx的反向代理功能
| 1 2 3 4 | [root@web01 ~] # curl 10.10.10.128 mysql successful by oldboy ! [root@web01 ~] # curl 10.10.10.132 this is web02's website |
然后我们在客户端打开nginx.wanwan.com
按F5刷新:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | [root@nginx01 extra] # /etc/init.d/nginx stop Stopping Nginx: [确定] [root@nginx01 extra] # ip add list 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1 /8 scope host lo inet6 ::1 /128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link /ether 00:0c:29:d7:3e:f8 brd ff:ff:ff:ff:ff:ff inet 10.10.10.131 /24 brd 10.10.10.255 scope global eth0 inet 10.10.10.231 /24 scope global secondary eth0 inet6 fe80::20c:29ff:fed7:3ef8 /64 scope link valid_lft forever preferred_lft forever [root@nginx01 extra] # /etc/init.d/keepalived stop 停止 keepalived: |
由上可知,后端网页仍旧正常。
10)注意事项
a、注意关闭负载均衡器以及web后端服务器的iptables以及selinux功能
b、两台负载均衡器上关于nginx配置是一致的,keepalived有不同的优先级