实战一:Nginx+Keepalived高可用负载均衡集群
一、拓扑
二、方案设计
directorA 为主负载均衡器;(master)
directorB为备用负载均衡器;(backup)
upserverA和upserverB同为Nginx web server提供相同功能;
三、配置upserverA和upserverB为Nginx Web Server
upserverA:
1、 安装nginx
yum install nginx // nginx-1.12.2-2.el7.x86_64
2、 配置静态网页
# vim /usr/share/nginx/html/index.html This is 192.168.50.1
upserverB:
1、安装nginx
yum install nginx // nginx-1.12.2-2.el7.x86_64
2、配置静态网页
# vim /usr/share/nginx/html/index.html This is 192.168.50.139
开启服务并测试
systemctl start nginx ; ssh 192.168.50.139 "systemctl start nginx"
四、配置Nginx反向代理
directorA:
1、directorA做为反向代理器,将client的请求调度到upserverA和upserverB
[root@Jin666 ~]# vim /etc/nginx/nginx.conf pid /run/nginx.pid; # Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; # events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; upstream upservers { server 192.168.50.138 ; server 192.168.50.139 ; } server { listen 80 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { proxy_pass http://upservers/; }
2、 开启服务并测试
[root@Jin666 ~]# systemctl start nginx // 192.168.50.137上开启nginx
从测试效果可以看出已有负载均衡效果
3、同理配置directorB
五、Keepalived高可用实现
directorA(master):
1、配置vip 192.168.50.100 做为client请求访问的地址
[root@Jin666 ~]# ip addr add 192.168.50.100/24 dev ens33 [root@Jin666 ~]# ip addr list 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:af:3f:34 brd ff:ff:ff:ff:ff:ff inet 192.168.50.137/24 brd 192.168.50.255 scope global dynamic ens33 valid_lft 1666sec preferred_lft 1666sec inet 192.168.50.100/24 scope global secondary ens33 valid_lft forever preferred_lft forever
2、配置keepalived实现ip地址飘逸
[root@Jin666 ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { //配置通知邮件,非必须 root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node1 vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_script chk_nginx { //检测Nginx进程是否存活脚本,若Nginx进程挂掉,则优先级-10 script "killall -0 nginx" interval 1 weight -10 } vrrp_instance VI_1 { //vrrp实例配置 state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 //建议openssl rand -hex 4生成随机认证字 } virtual_ipaddress { 192.168.50.100/24 dev ens33 } track_script { //调用脚本 chk_nginx } }
directorB(backup):
[root@Eric ~]# vim /etc/keepalived/keepalived.conf 1 ! Configuration File for keepalived 2 3 global_defs { 4 notification_email { 5 root@localhost 6 } 7 notification_email_from keepalived@localhost 8 smtp_server 127.0.0.1 9 smtp_connect_timeout 30 10 router_id node2 11 vrrp_skip_check_adv_addr 12 vrrp_strict 13 vrrp_garp_interval 0 14 vrrp_gna_interval 0 15 } 16 17 vrrp_script chk_nginx { 18 script "killall -0 nginx" 19 interval 1 20 weight -10 21 } 22 23 24 vrrp_instance VI_1 { 25 state BACKUP 26 interface ens33 27 virtual_router_id 51 28 priority 95 29 advert_int 1 30 authentication { 31 auth_type PASS 32 auth_pass 1111 33 } 34 virtual_ipaddress { 35 192.168.50.100/24 dev ens33 36 } 37 track_script { 38 chk_nginx 39 } 40 41 }
开启服务并测试
systemctl start keepalived; ssh 192.168.50.137 "systemctl start keepalived"
开启keepalived服务后,vip 192.168.50.100 在master节点上(master主机名为 Jin666,backup主机名为Eric)
[root@Jin666 ~]# ip addr list 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:af:3f:34 brd ff:ff:ff:ff:ff:ff inet 192.168.50.137/24 brd 192.168.50.255 scope global dynamic ens33 valid_lft 1590sec preferred_lft 1590sec inet 192.168.50.100/24 scope global secondary ens33 valid_lft forever preferred_lft forever inet6 fe80::2021:d777:8a31:6880/64 scope link valid_lft forever preferred_lft forever inet6 fe80::4127:b2c7:355c:7c31/64 scope link tentative dadfailed valid_lft forever preferred_lft forever inet6 fe80::c9:6ef7:eb09:a0f8/64 scope link tentative dadfailed valid_lft forever preferred_lft forever
现在关闭master主机上的Nginx服务,可以看到vip已从master主机上移除
[root@Jin666 ~]# systemctl stop nginx [root@Jin666 ~]# ip addr list 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:af:3f:34 brd ff:ff:ff:ff:ff:ff inet 192.168.50.137/24 brd 192.168.50.255 scope global dynamic ens33 valid_lft 1650sec preferred_lft 1650sec
检查vip是否转移到backup主机上
[root@Eric ~]# ip addr list 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:90:b9:05 brd ff:ff:ff:ff:ff:ff inet 192.168.50.135/24 brd 192.168.50.255 scope global dynamic ens33 valid_lft 1482sec preferred_lft 1482sec inet 192.168.50.100/24 scope global secondary ens33 valid_lft forever preferred_lft forever inet6 fe80::29c:d356:c63b:12d7/64 scope link valid_lft forever preferred_lft forever
可以看出在挂掉master节点的Nginx服务后,vip成功转移到backup节点上,现在访问vip,看是否还能实现负载均衡效果
成功!!!
实战二:Nginx动静分离的实现
一、拓扑
二、配置upserverA和upserverB
upserverA:
配置静态网页内容
[root@Jin666 html]# vim index.html This is 192.168.50.138
upserverB:
1、配置静态网页和动态网页
[root@Jin666 html]# vim index.html // 因为是克隆主机所以主机名一样,请注意IP地址的不同 This is 192.168.50.139
[root@Jin666 html]# vim index.php <?php echo "This is 192.168.50.139 for PHP"; ?>
2、开启upserverB上的php-fpm服务
[root@Jin666 html]# systemctl start php-fpm
3、确保本地127.0.0.1:9000处于监听状态
[root@Jin666 html]# netstat -tanp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1990/nginx: master tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1742/dnsmasq tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1173/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1170/cupsd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1520/master tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 824/rsyslogd tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 2893/php-fpm: maste
4、配置upserverB的fastcgi
[root@Jin666 html]# vim /etc/nginx/nginx.conf # For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; server { listen 80 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { } location ~ \.php$ { root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name; include fastcgi_params; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } }
5、测试upserverB的静态网页和动态网页是否能正常访问
三、配置directorA实现动静分离
思路:定义两个upstream,分别指向upserverA和upserverB
[root@Jin666 nginx]# vim nginx.conf # For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; # events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; upstream static { server 192.168.50.138 ; server 192.168.50.139 ; } upstream dynamic { server 192.168.50.139 ; } server { listen 80 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { proxy_pass http://static/; } location ~ \.php$ { # root html; #fastcgi_pass 127.0.0.1:9000; #fastcgi_index index.php; #fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name; #include fastcgi_params; proxy_pass http://dynamic; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } }
1、测试静态网页访问
2、测试动态网页访问
从实验结果来看,实现了静态网页的负载均衡,同时实现了动静分离。