nginx+keepalived實現高可用。

時間  2020-01-09
標籤 nginx+keepalived nginx keepalived 實現 可用 欄目 Nginx 简体版
原文   原文鏈接

        在lnmp架構中,一般一臺裝有nginx服務器作反向代理服務器,又作內網的路由。在這臺服務器上綁有一個公網ip和一個內網ip.咱們把域名解析到這個公網ip上,讓nginx代理到後端的web服務器上,這樣咱們就能夠訪問到咱們的站點,與此同時必須讓內網訪問外網。這臺反向代理服務器又須要作內網的路由。這臺服務器,在整個應用架構中至關重要。下面我來闡述一下nginx+keepalived雙機實現nginx反向代理服務的高可用。也就是說在當一臺nginx掛掉以後不影響應用也不影響內網訪問外網。 linux

1、架構圖 nginx

 2、部署 web

一、在0.205和0.207上安裝keepalived(略請參考http://linux008.blog.51cto.com/2837805/665390
二、keepalived配置
      192.168.0.205 後端

# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
    router_id yuangnag.com
}
vrrp_script check_run {
    script "/root/bin/nginx_check.sh"
    interval 5
}
vrrp_sync_group VG1 {
     group {
        VI_1
     }
}
vrrp_instance VI_1 {
     state MASTER
     interface eth0
     virtual_router_id 88
     priority 100
     advert_int 1
     nopreempt
     authentication {
         auth_type PASS
         auth_pass yuangang.net
     }
     track_script {
         check_run
     }
     virtual_ipaddress {
         192.168.0.206/24 dev eth0
         110.110.110.25/25 dev eth1
     }
}
啓動腳本寫入到/etc/rc.local裏
#echo "/etc/init.d/keepalived start" >> /etc/rc.local

     192.168.0.207 bash

# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
    router_id yuangang.com
}
vrrp_script check_run {
    script "/root/bin/nginx_check.sh"
    interval 5
}
vrrp_sync_group VG1 {
     group {
       VI_1 
     }
}
vrrp_instance VI_1 {
     state BACKUP
     interface eth0
     virtual_router_id 88
     priority 80
     advert_int 1
     authentication {
         auth_type PASS
         auth_pass yuangang.com
     }
     track_script {
         check_run
     }
     virtual_ipaddress {
         192.168.0.206/24 dev eth0
         110.110.110.25/25 dev eth1
     }
}
啓動腳本寫入到/etc/rc.local裏
#echo "/etc/init.d/keepalived start" >> /etc/rc.local

 分別在192.168.0.205和192.168.0.207編寫檢測nginx服務是否正常。腳本以下: 服務器

# cat /root/bin/nginx_check.sh 
#!/bin/bash
A=`ps -C nginx --no-header |wc -l`
if [ $A -eq 0 ]
 then
        /usr/local/nginx/sbin/nginx
        sleep 1
        if [ `ps -C nginx --no-header |wc -l` -eq 0 ]
          then
                killall keepalived
        fi
fi

 三、iptables配置

       192.168.0.205和192.168.0.207iptables都作以下設置 架構

# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 6080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8081 -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [12001:793841]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE  -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source 110.110.110.25 COMMIT

 四、驗證
       當192.168.0.205nginx服務宕機或重啓,vip會飄移到192.168.0.207上;當192.168.0.205,正常後vip會再次綁定到192.168.0.205上。 tcp

愛慕爾商城歡迎您的光臨!
穿衣打扮  
城市物語 ide

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程