Nginx配置TCP轉發+http轉發+keepalived高可用

Nginx配置TCP請求轉發+http請求轉發+keepalived高可用
http://nginx.org/download/
1.TCP請求轉發基於stream在1.9版本前，須要單獨編譯安裝該組建:

依賴服務

[root@baolin conf]#yum -y install pcre-devel openssl openssl-devel library

wget http://nginx.org/download/nginx-1.9.5.tar.gz
tar -xf nginx-1.9.5.tar.gz -C /usr/local/
cd /usr/local/nginx-1.9.5/

編譯安裝 stream 組建

./configure --prefix=/usr/local/nginx/ --with-http_stub_status_module --with-http_ssl_module --with-stream --with-stream_ssl_module
make && make install
vim /etc/profile.d/nginx.sh
export PATH=/usr/local/nginx/sbin:$PATH
source /etc/profile.d/nginx.sh
nginx 啓動。

二、建立conf文件存放目錄：
mkdir /usr/local/nginx/conf/conf.d/

三、配置
0一、nginx.conf
vim /usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /usr/local/nginx/logs/nginx.pid;
include /usr/local/nginx/conf/conf.d/.conf;
events {
worker_connections 25600; #最大鏈接數
use epoll; #指明併發鏈接請求的處理方法
accept_mutex on; #處理新的鏈接請求的方法;on意味着由worker輪流處理新請求，
#併發總數是 worker_processes 和 worker_connections 的乘積
#即 max_clients = worker_processes worker_connections
#在設置了反向代理的狀況下，max_clients = worker_processes worker_connections / 4 爲何
#爲何上面反向代理要除以4，應該說是一個經驗值
#根據以上條件，正常狀況下的Nginx Server能夠應付的最大鏈接數爲：4 8000 = 32000
#worker_connections 值的設置跟物理內存大小有關
#由於併發受IO約束，max_clients的值須小於系統能夠打開的最大文件數
#而系統能夠打開的最大文件數和內存大小成正比，通常1GB內存的機器上能夠打開的文件數大約是10萬左右
#咱們來看看360M內存的VPS能夠打開的文件句柄數是多少：
#$ cat /proc/sys/fs/file-max
#輸出 34336
#32000 < 34336，即併發鏈接總數小於系統能夠打開的文件句柄總數，這樣就在操做系統能夠承受的範圍以內
#因此，worker_connections 的值需根據 worker_processes 進程數目和系統能夠打開的最大文件總數進行適當地進行設置
#使得併發總數小於操做系統能夠打開的最大文件數目
#其實質也就是根據主機的物理CPU和內存進行配置
#固然，理論上的併發總數可能會和實際有所誤差，由於主機還有其餘的工做進程須要消耗系統資源。

ulimit -SHn 65535;

}
    0二、vim /usr/local/nginx/conf/conf.d/yewu.conf
        http {
            log_format  main  ' "$http_x_forwarded_for" | [$time_local] | $host |  $remote_addr |  $request | $request_time |  $body_bytes_sent  |  $status |'  
                                        '| $upstream_addr | $upstream_response_time  |  $upstream_status  |'  
                                        ' "$http_referer"  | "$http_user_agent" '; 
            access_log  /var/log/nginx/access.log  main;
            charset utf-8;
            sendfile            on;
            tcp_nopush          on;
            tcp_nodelay         on;
            keepalive_timeout   65;
            types_hash_max_size 2048;

            default_type        application/octet-stream;

            server {
                listen 80;
                root /data/nginx;
                index index.html index.htm *.html index.jsp;
                location ^~ /configCenter-vals/ {
                    proxy_pass http://192.168.1.141:8080;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Via "nginx";
                }
                location ^~ /configCenter/ {
                    proxy_pass http://192.168.1.139:8082;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Via "nginx";
                }

                location ^~ /dubbo_admin/ {
                    proxy_pass http://192.168.1.139:8082;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Via "nginx";
                }
                location ^~ /appserver/ {
                    proxy_pass http://192.168.1.160:8080;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Via "nginx";
                }
                location ^~ /asserver/ {
                    proxy_pass http://192.168.1.161:8080;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Via "nginx";
                }
                location ^~ /idsoserver/ {
                    proxy_pass http://192.168.1.161:8080;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Via "nginx";
                }

                location ^~ /vals-ap/ {
                    proxy_pass http://192.168.1.142:8080;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Via "nginx";
                }

                location ^~ /eidboss/ {
                    proxy_pass https://192.168.1.145:8080;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Via "nginx";
                }
                location ^~ /asboss/ {
                    proxy_pass http://192.168.1.145:8081;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Via "nginx";
                }
            }
        }

    0三、vim /usr/local/nginx/conf/conf.d/eid.conf
        stream {
            upstream eid_device {
                server 192.168.1.12:8008 max_fails=1 fail_timeout=1s weight=1;
                server 192.168.1.12:8008 max_fails=1 fail_timeout=1s weight=1;
            }
            server {
                listen  8008;
                proxy_pass  eid_device;
            }
        }

四、keepalived高可用配置
0一、master配置
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {br/>xxx@.com
}

notification_email_from xxx@.com
       smtp_server smtp.exmail.qq.com
       smtp_connect_timeout 30
       router_id nginx-master
    }

    vrrp_script chk_httpd {
         script "/etc/keepalived/check_and_start_httpd.sh"
         interval 2
         weight -10
             fall 3
             rise 2
    }

    vrrp_instance VI_1 {
        nopreempt
        state MASTER
        interface eth1
        virtual_router_id 66
        priority 100
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 1111
        }
        virtual_ipaddress {
            192.168.1.8/32 dev eth1 label eth1:0
            192.168.1.9/32 dev eth1 label eth1:1
        }
    track_script {                # 引用VRRP腳本，即在 vrrp_script 部分指定的名字。按期運行它們來改變優先級，並最終引起主備切換。
        chk_httpd
        }                
    }

0二、backup配置
    vim /etc/keepalived/keepalived.conf
    global_defs {
       notification_email {
                xxx@.com
       }

       notification_email_from xxx@.com
       smtp_server smtp.exmail.qq.com
       smtp_connect_timeout 30
       router_id nginx-backup
    }

    vrrp_script chk_httpd {
         script "/etc/keepalived/check_and_start_httpd.sh"
         interval 2
         weight -10
             fall 3
             rise 2
    }

    vrrp_instance VI_1 {
    #    nopreempt
        state BACKUP
        interface eth1
        virtual_router_id 66
        priority 95
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 1111
        }
        virtual_ipaddress {
            192.168.1.8/32 dev eth1 label eth1:0
            192.168.1.9/32 dev eth1 label eth1:1
        }
    track_script {                # 引用VRRP腳本，即在 vrrp_script 部分指定的名字。按期運行它們來改變優先級，並最終引起主備切換。
        chk_httpd
        }                
    }

0三、腳本：vim /etc/keepalived/check_and_start_httpd.sh
    #!/bin/bash
    counter=$(ps -C nginx --no-heading|wc -l)
    if [ "${counter}" = "0" ]; then
        ps -ef | grep nginx | grep -v grep | awk '{print $2}'  | sed -e "s/^/kill -9 /g" | sh -   #/usr/local/bin/nginx  此爲nginx啓動方式。
        nginx
        sleep 2
        counter=$(ps -C nginx --no-heading|wc -l)   
        if [ "${counter}" = "0" ]; then
        systemctl stop keepalived
        echo -e "$ip of nginx is stop ,nginx service switch nginx slave  \nlocal is virtual ip :   $virtual_ip    not exist " |mail -s "$ip of nginx is stop" xxx@.com
        fi
    fi
0四、郵箱配置：
    yum -y install mailx
    yum install -y sendmail
    yum install -y sendmail-cf
    yum -y install bc
    echo "TRUST_AUTH_MECH('EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl" >> /etc/mail/sendmail.mc
    echo "define('confAUTH_MECHANISMS', 'EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl" >> /etc/mail/sendmail.mc
    sed -i s#127.0.0.1#0.0.0.0#g /etc/mail/sendmail.mc
    grep "OPTIONS" /etc/mail/sendmail.mc
    m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
    echo 'set from=xxx@.com' >> /etc/mail.rc
    echo 'set smtp=smtp.exmail.qq.com' >> /etc/mail.rc
    echo 'set smtp-auth-user=xxx@.com' >> /etc/mail.rc
    echo 'set smtp-auth-password=xxxx' >> /etc/mail.rc
    echo 'set smtp-auth=login' >> /etc/mail.rc
    IP1=$(ifconfig|grep '192.168'|awk '{print $2}')
    IP2=$(ifconfig|grep '10.10'|awk '{print $2}')
    abc="abc.mail.com"
    echo "$IP2 `hostname` $abc" >> /etc/hosts
    systemctl enable sendmail
    systemctl start sendmail
    systemctl status sendmail