Nginx+keepalived
# Nginx + keepalived 双主
工作原理:
两台Nginx通过Keepalived生成两个实例,两台Nginx的VIP互为备份,任何一台Nginx机器如果发生硬件损坏,Keepalived会自动将它的VIP地址切换到另一台机器,不影响客户端的访问。
IP 信息列表:
VIP1 192.168.200.254 VIP2 192.168.200.253 Nginx1 192.168.200.202 Nginx2 192.168.200.203
# 在Nginx1/2上编译安装nginx服务
首先搭建Nginx1
[root@Nginx-1 ~]# yum -y install pcre-devel zlib-devel
[root@Nginx-1 ~]# useradd -M -s /sbin/nologin nginx
[root@Nginx-1 ~]# tar xf nginx-1.6.2.tar.gz -C /usr/src
[root@Nginx-1 ~]# cd /usr/src/nginx-1.6.2
[root@Nginx-1 nginx-1.6.2]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx && make && make install
[root@Nginx-1 nginx-1.6.2]# cd /usr/local/nginx/html/
[root@Nginx-1 html]# echo "server 192.168.200.202" > index.html
[root@Nginx-1 html]# /usr/local/nginx/sbin/nginx
[root@Nginx-1 html]# netstat -anpt |grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4503/nginx
1
2
3
4
5
6
7
8
9
10
2
3
4
5
6
7
8
9
10
搭建Nginx2, 同Nginx1搭建方式是一样的。与Nginx1唯一不同的是:
[root@Nginx-2 html]# echo "server 192.168.200.203" > index.html
1
# 在Nginx1/2上编译安装keepalived服务
[root@Nginx-1 ~]# yum -y install kernel-devel openssl-devel
[root@Nginx-1 ~]# tar xf keepalived-1.2.13.tar.gz
[root@Nginx-1 ~]# cd keepalived-1.2.13
[root@Nginx-1 keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/2.6.18-194.el5-i686 && make && make install
[root@Nginx-1 ~]# chkconfig --add keepalived
[root@Nginx-1 ~]# chkconfig keepalived on
[root@Nginx-1 ~]# chkconfig --list keepalived
[root@Nginx-1 ~]# service keepalived start|stop
1
2
3
4
5
6
7
8
9
10
2
3
4
5
6
7
8
9
10
# 修改keepalived配置文件
nginx1:
[root@Nginx-1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
crushlinux@163.com
}
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 123
}
virtual_ipaddress {
192.168.200.254
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123
}
virtual_ipaddress {
192.168.200.253
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
nginx2:
[root@Nginx-2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
crushlinux@163.com
}
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123
}
virtual_ipaddress {
192.168.200.254
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 123
}
virtual_ipaddress {
192.168.200.253
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
nginx1:
[root@Nginx-1 ~]# service keepalived start
[root@Nginx-1 ~]# ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:2d:3d:97 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.202/24 brd 192.168.200.255 scope global eth0
inet 192.168.200.254/32 scope global eth0
inet6 fe80::20c:29ff:fe2d:3d97/64 scope link
valid_lft forever preferred_lft forever
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
nginx2:
[root@Nginx-2 ~]# service keepalived start
[root@Nginx-2 ~]# ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:6f:7d:87 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.203/24 brd 192.168.200.255 scope global eth0
inet 192.168.200.253/32 scope global eth0
inet6 fe80::20c:29ff:fe6f:7d87/64 scope link
valid_lft forever preferred_lft forever
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
client:
[root@client ~]# elinks --dump http://192.168.200.254
server 192.168.200.202
[root@client ~]# elinks --dump http://192.168.200.253
server 192.168.200.203
1
2
3
4
2
3
4
Nginx-1/2 二台机器都执行监控Nginx进程的脚本
[root@Nginx-1 ~]# cat nginx_pidcheck
#!/bin/bash
while :
do
nginxpid=`ps -C nginx --no-header | wc -l`
if [ $nginxpid -eq 0 ]
then
/usr/local/nginx/sbin/nginx
sleep 5
nginxpid=`ps -C nginx --no-header | wc -l`
echo $nginxpid
if [ $nginxpid -eq 0 ]
then
/etc/init.d/keepalived stop
fi
fi
sleep 5
done
[root@Nginx-1 ~]# nohup sh nginx_pidcheck &
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
这是执行无限循环的脚本,两台Nginx机器上都有执行此脚本,每隔5秒执行一次,用ps -C是命令来收集nginx的PID值到底是否为0,如果是0的话,即Nginx已经进程死掉,尝试启动nginx进程;如果继续为0,即Nginx启动失败,则关闭本机的Keeplaived服务,VIP地址则会由备机接管,当然了,整个网站就会全部由备机的Nginx来提供服务了,这样保证Nginx服务的高可用。
# 验证
脚本测试:
[root@Nginx-1 ~]# netstat -anpt |grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4321/nginx
[root@Nginx-1 ~]# killall -s QUIT nginx
[root@Nginx-1 ~]# netstat -anpt |grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 59418/nginx
1
2
3
4
5
2
3
4
5
VIP转移测试:
[root@Nginx-1 ~]# ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:2d:3d:97 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.202/24 brd 192.168.200.255 scope global eth0
inet 192.168.200.254/32 scope global eth0
inet6 fe80::20c:29ff:fe2d:3d97/64 scope link
valid_lft forever preferred_lft forever
[root@Nginx-2 ~]# service keepalived stop
停止 keepalived: [确定]
[root@Nginx-1 ~]# ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:2d:3d:97 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.202/24 brd 192.168.200.255 scope global eth0
inet 192.168.200.254/32 scope global eth0
inet 192.168.200.253/32 scope global eth0
inet6 fe80::20c:29ff:fe2d:3d97/64 scope link
valid_lft forever preferred_lft forever
[root@client ~]# elinks --dump http://192.168.200.254
server 192.168.200.202
[root@client ~]# elinks --dump http://192.168.200.253
server 192.168.200.202
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
上次更新: 2022/06/12, 15:48:09