温馨提示×

温馨提示×

您好,登录后才能下订单哦!

密码登录×
登录注册×
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》

nginx +keepalived

发布时间:2020-08-10 20:34:28 来源:网络 阅读:1025 作者:独一无二zz 栏目:建站服务器

nginx +keepalived 自己搭建

规划

准备两台服务器192.168.10.199/192.168.10.200199上安装tomcat1nginxkeepalived主;200上安装tomcatnginxkeepalived备;192.168.10.230作为浮点ip

部署

1部署tomcat

 tar  xzvf  apache-tomcat-7.0.59.tar

./jdk-6u37-linux-x64-rpm.bin

 

2 安装nginx

yum install pcre-devel pcre -y

yum install gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel

#下载Nginx源码包

cd /usr/src

wget -c http://nginx.org/download/nginx-1.6.2.tar.gz 

#解压Nginx源码包

tar -xzf nginx-1.6.2.tar.gz

#进入解压目录,然后sed修改Nginx版本信息为WS

cd nginx-1.6.2 ; sed -i -e 's/1.6.2//g' -e 's/nginx\//WS/g' -e

's/"NGINX"/"WS"/g' src/core/nginx.h

#预编译Nginx

useradd www ;./configure --user=www --group=www --prefix=/usr/local/nginx --with-

http_stub_status_module --with-http_ssl_module

(由于是系统是min的centos遇到如下问题,一般不会出问题:

 

1   ./configure: error: SSL modules require the OpenSSL library.

You can either do not enable the modules, or install the OpenSSL library

into the system, or build the OpenSSL library statically from the source

with nginx by using --with-openssl=<path> option.

解决方法:

 1 )yum -y install openssl-libs偷懒的办法:yum -y install openssl* (本地yum源安装不了),后面发现可以用yum -y install openssl-devel安装

 2) 借鉴网站http://www.centoscn.com/nginx/2015/0304/4782.html

wget http://www.openssl.org/source/openssl-1.0.2.tar.gz

 tar zxf openssl-1.0.2.tar.gz

 ./configure --user=www --group=www --prefix=/usr/local/nginx --with-

http_stub_status_module --with-http_ssl_module  --with-openssl=/home/openssl-1.0.2

2 用方法2后,又遇到问题:

Operating system: x86_64-whatever-linux2 You need Perl 5.

解决方法:

安装开发工具:

yum -y groupinstall "Development Tools"yum -y groupinstall "Development Tools"

#.configure预编译成功后,执行make命令进行编译

make

#make执行成功后,执行make install 正式安装

make install

#自此Nginx安装完毕

/usr/local/nginx/sbin/nginx  -t  检查nginx配置文件是否正确,返回OK即正确。

[root@localhost ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@localhost ~]#

然后启动nginx,/usr/local/nginx/sbin/nginx 回车即可。查看进程是否已启动:

[root@localhost ~]# ps -ef |grep nginx

nobody    5381 30285  0 May16 ?        00:04:31 nginx: worker process         

root     30285     1  0  2014 ?        00:00:00 nginx: master process /usr/local/nginx/sbin/nginx

root     32260 32220  0 12:34 pts/0    00:00:00 grep nginx

[root@localhost ~]#

 

1 Nginx常用命令管理及升级

查看nginx进程

ps -ef|grep nginx

说明:nginx的进程由主进程和工作进程组成。

启动nginx

nginx

启动结果显示nginx的主线程和工作线程,工作线程的数量跟nginx.conf中的配置参数worker_processes有关。

平滑启动nginx

kill -HUP `cat /var/run/nginx.pid`

或者

nginx -s reload

其中进程文件路径在配置文件nginx.conf中可以找到。

平滑启动的意思是在不停止nginx的情况下,重启nginx,重新加载配置文件,启动新的工作线程,完美停止旧的工作线程。

完美停止nginx

kill -QUIT `cat /var/run/nginx.pid`

快速停止nginx

kill -TERM `cat /var/run/nginx.pid`

或者

kill -INT `cat /var/run/nginx.pid`

完美停止工作进程(主要用于平滑升级)

kill -WINCH `cat /var/run/nginx.pid`

强制停止nginx

pkill -9 nginx

检查对nginx.conf文件的修改是否正确

nginx -t -c /etc/nginx/nginx.conf 或者 nginx -t

停止nginx的命令

nginx -s stop或者pkill nginx

查看nginx的版本信息

nginx -v

查看完整的nginx的配置信息

nginx -V

 

 

3 安装keepalived

Keepalived 安装

-----------------------

地址http://www.keepalived.org/download.html

wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz

tar -zxf keepalived-1.2.7.tar.gz

cd keepalived-1.2.7

 

64 位系统:

./configure --sysconf=/etc --prefix=/usr/local/keepalived --with-kernel-dir=/usr/src/kernels/2.6.32-358.2.1.el6.x86_64/

32 位系统:

./configure --sysconf=/etc --prefix=/usr/local/keepalived --with-kernel-dir=/usr/src/kernels/2.6.32-358.6.2.el6.i686/

注意:Configure遇到报错:  !!! OpenSSL is not properly installed on your system. !!!

 

可通过 getconf LONG_BIT 得到系统位数。

 

参数解释:

--sysconf 指定了配置文件的地址.即:/etc/keepalived/keepalived.conf

--prefix 指定了安装目录

--with-kernel-dir 指定使用内核源码中的头文件,include 目录.只有使用 LVS 时才需要这个参数,其它的时候不需要。

 

(遇到报错:   !!! OpenSSL is not properly installed on your system. !!!

  !!! Can not include OpenSSL headers files. 

解决办法:yum install -y openssl openssl-devel

 

解决:

 

configue .成功后提示:

 

Keepalived configuration

------------------------

Keepalived version       : 1.2.7

Compiler                 : gcc

Compiler flags           : -g -O2

Extra Lib                : -lpopt -lssl -lcrypto 

Use IPVS Framework       : Yes

IPVS sync daemon support : Yes

IPVS use libnl           : No

Use VRRP Framework       : Yes

Use VRRP VMAC            : Yes

SNMP support             : No

Use Debug flags          : No

 

安装:

make

make install

 

设置成为服务并开机启动:

cp /usr/local/keepalived/sbin/keepalived /usr/sbin/

 

/etc/rc.d/init.d/keepalived status

chkconfig --add keepalived

chkconfig keepalived on

 

 

注意:cp /usr/local/keepalived/etc/keepalived/keepalived.conf  /etc/keepalived/keepalived.conf 没有指向这个命令,配置文件要在特定目录下

 

 

4 配置nginx

/usr/local/nginx/conf/nginx.conf

 

#user www www;

user  nobody;

#worker_processes  1;

worker_processes auto;

 

#error_log  logs/error.log;

#error_log  logs/error.log  notice;

#error_log  logs/error.log  info;

error_log /home/nginx/logs/nginx_error.log crit; #全局错误日志及PID文件

pid /home/nginx/nginx.pid;

 

#pid logs/nginx.pid;

 

 

events {

    use epoll;

    worker_connections  65535; #工作模式及连接数上限

}

http {

    include mime.types;

    default_type  application/octet-stream;

 

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

 

 

    large_client_header_buffers 4 32k;

    client_body_buffer_size 8m; #256k

    server_tokens off;

    ignore_invalid_headers on;

    recursive_error_pages on;

    server_name_in_redirect off;

    sendfile on;

 

    #timeouts

    keepalive_timeout 60;

    #client_body_timeout 3m;

    #client_header_timeout 3m;

    #send_timeout 3m;

    #fastcgi_connect_timeout 60;

    #fastcgi_send_timeout 180;

    #fastcgi_read_timeout 180;

    #fastcgi_buffers 4 256k;

    #fastcgi_buffer_size 128k;

    #fastcgi_busy_buffers_size 256k;

    #fastcgi_temp_file_write_size 256k;

    #fastcgi_intercept_errors on;

    #TCP Options

    tcp_nopush on;

    tcp_nodelay on;

 

    #size limits

    client_max_body_size 50m;

 

    gzip on;

    gzip_min_length 1k;

    gzip_buffers 4 16k;

    gzip_http_version 1.0;

    gzip_comp_level 2;

    gzip_types text/plain application/x-javascript text/css application/xml;

    gzip_vary on;

proxy_redirect          off;

proxy_set_header        Host $host;

proxy_set_header        X-Real-IP $remote_addr;  #获取真实ip

 

#proxy_connect_timeout   90;

#proxy_send_timeout      90;

#proxy_read_timeout      90;

#proxy_buffer_size       4k;

#proxy_buffers           4 32k;

#proxy_busy_buffers_size 64k;

#proxy_temp_file_write_size 64k;

 

    proxy_connect_timeout           90;

    proxy_read_timeout              180;

    proxy_send_timeout              180;

    proxy_buffer_size               256k;

    proxy_buffers                   8 256k;

    proxy_busy_buffers_size         256k;

    proxy_temp_file_write_size      256k;

 

    upstream myserver {

server 192.168.10.199:8080 weight=10 max_fails=0;

server 192.168.10.200:8080  weight=10 max_fails=0; #8080tomcat端口,权重范围好像是1到10,在现网配置20出现过问题

}

    server {

        listen       9090;

#        server_name  192.168.10.230;

 

        #charset koi8-r;

 

        #access_log  logs/host.access.log  main;

 

        location /

        {

            #root html;

            #index index.html index.htm;

            index index.jsp;

            proxy_pass http://myserver; #转向tomcat处理

            #proxy_set_header Host $host;

proxy_set_header    Host $host:$server_port;

            proxy_set_header X-Real-IP $remote_addr;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

 

        }

    }

}

 

注意   server_name  192.168.10.230;

 

如果nginx中只配置一个server域的话,则nginx是不会去进行server_name的匹配的。因为只有一个server域,也就是这有一个虚拟主机,那么肯定是发送到该nginx的所有请求均是要转发到这一个域的,即便做一次匹配也是没有用的。还不如干脆直接就省了。如果一个http域的server域有多个,nginx才会根据$hostname去匹配server_name进而把请求转发到匹配的server域中。此时的匹配会按照匹配的优先级进行,一旦匹配成功进不会再进行匹配,关于具体的匹配规则可以参见nginx官网提供的文档。

 

 

5 配置keepalived

#######MASTER#####################

! Configuration File for keepalived

global_defs {

   notification_email {

        6@qq.com

   }

   notification_email_from Alexandre.Cassen@firewall.loc

   smtp_server 127.0.0.1

   router_id LVS_DEVEL

}

vrrp_instance VI_1 {

    state MASTER         #BACKUP

    interface ens160      #对外网口

    virtual_router_id 22

    priority 100       #BACKUP上修改为88

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 7777

    }

    virtual_ipaddress {

        192.168.10.230  #虚拟ip

    }

}

 

 

6 编辑nginx检测脚本

/home/nginx/ nginx_pid.sh

#!/bin/bash

while  :

do

nginxpid=`ps -C nginx --no-header | wc -l`

if [ $nginxpid -eq 0 ];then

/usr/local/nginx/sbin/nginx

sleep 5

  if [ $nginxpid -eq 0 ];then

  /etc/init.d/keepalived stop

  fi

fi

sleep 5

done

 

nohup /bin/bash /root/nginx_pid.sh &

 

 检测

1 网页测试

  /home/apache-tomcat-7.0.59/webapps下新建文件夹test,再在test下面新建个文本,就可以直接通过http://192.168.10.199/test/a  访问测试。

 

2查看keepalived直接是否互相通信

tcpdump -v -i ens160 host 192.168.10.199  查看是否有vrrp

cat /var/log/messages

3 查看keepalived是否能接换

 断掉nginxkeepalived检测,通过ip add查看浮点ip是否漂移

 

借鉴网站

http://blog.sina.com.cn/s/blog_5f54f0be0101eyff.html keepalived建议主要按这个)

https://wenku.baidu.com/view/4011c9de7cd184254b3535d3.html(安装nginx看这个)

http://freeloda.blog.51cto.com/2033581/1189143    nginx检测脚本)

http://www.oschina.net/question/922543_91357?sort=time server name 无效)

http://www.linuxidc.com/Linux/2013-07/88025.htm  (检测两台keepalived直接的通信)

 

http://freeloda.blog.51cto.com/2033581/1189130 (下次可按这个博客一步步操作)

 

问题:我安装虚拟ip一直没绑上

  原因:cp /usr/local/keepalived/etc/keepalived/keepalived.conf  /etc/keepalived/keepalived.conf 没有指向这个命令,配置文件要在特定目录下

 

keepalived 放通端口

/sbin/iptables -I INPUT -i eth0 -d 224.0.0.0/8 -j ACCEPT
/sbin/iptables -A INPUT -p 112 -i eth0 -j ACCEPT
/sbin/iptables -A OUTPUT -p 112 -o eth0 -j ACCEPT


向AI问一下细节

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

AI