nginx+keepalived tutorial

 nginx+keepalived tutorial

1. Course Objectives

1.1.  Understand the concept of reverse proxy and load balancing

1.2.  Master the installation and use of Nginx

1.3.  Using Nginx to achieve load balancing

2.  Nginx related concepts

2.1.  Reverse proxy

Reverse Proxy means that the proxy server accepts connection requests on the internet, then forwards the request to the server on the internal network, and returns the result obtained from the server to the client requesting the connection on the internet. At this time, the proxy server appears as a server to the outside world.

 

2.2.  Load Balancing

Load balancing, the English name is Load Balance, refers to building on the existing network structure and providing a cheap, effective and transparent method to expand the bandwidth of network devices and servers, increase throughput, strengthen network data processing capabilities, and improve network performance. flexibility and availability. The principle is that data traffic is distributed to multiple servers for execution, reducing the pressure on each server , and multiple servers work together to complete work tasks, thereby improving data throughput.

 

3.  Nginx installation

3.1.  Download nginx

Official website: http://nginx.org/

3.2.  Upload and decompress nginx

tar -zxvf nginx-1.8.1.tar.gz -C /usr/local/src

3.3.  Compile nginx

#Enter the nginx source directory

cd /usr/local/src/nginx-1.8.1

#Check the installation environment and specify the path to be installed in the future

./configure --prefix=/usr/local/nginx

#missing package error./configure: error: C compiler cc is not found

# use YUM to install missing packages

yum -y install gcc pcre-devel openssl openssl-devel

#Compile and install

make && make install

After installation, test whether it is normal:

/usr/loca/nginx/sbin/nginx

Check if there is an ngnix process listening on the port

netstat -ntlp | grep 80

 

4.  Configure nginx

4.1.  Configure reverse proxy

1. Modify the nginx configuration file

server {     listen       80;     server_name nginx-01.itcast.cn; #hostname of the server where nginx is located #Reverse proxy configuration location / { #Intercept all requests     root html;         proxy_pass http://192.168.0.21:8080; #Here    is the target server to which the proxy goes: tomcat     } }

2. Start tomcat on tomcat-01

3. Start nginx on nginx-01

./nginx

 

Reboot:

kill -HUP `cat /usr/local/nginx/logs/nginx.pid `

Reference URL: http://www.cnblogs.com/jianxie/p/3990377.html

 

4.2.  Dynamic and static separation

#dynamic resource index.jsp

location ~ .*\.(jsp|do|action)$ {     proxy_pass http://tomcat-01.itcast.cn:8080; }

 

#static resources

location ~ .*\.(html|js|css|gif|jpg|jpeg|png)$ {     expires 3d; }

 

4.3.  Load Balancing

Configure a name called upstream under the http section. The name behind it can be chosen at will, but it must be consistent with the proxy_pass http:// under location.

http {     It is in http, already http, not in server, outside server     upstream tomcats {         server shizhan02:8080 weight=1;#weight indicates how many         server shizhan03:8080 weight=1;         server shizhan04:8080 weight=1; } #Uninstall the server location ~ .*\.(jsp|do|action) {     proxy_pass http://tomcats;         #tomcats is the logical group number of the following tomcat server group } }

5.  Use keepalived to achieve high reliability (HA)

5.1.  High reliability concept

HA (High Available), high availability cluster, is an effective solution to ensure business continuity. Generally, there are two or more nodes, which are divided into active nodes and standby nodes.

 

5.2. 高可靠软件keepalived

keepalive是一款可以实现高可靠的软件，通常部署在2台服务器上，分为一主一备。Keepalived可以对本机上的进程进行检测，一旦Master检测出某个进程出现问题，将自己切换成Backup状态，然后通知另外一个节点切换成Master状态。

5.3. keepalived安装

下载keepalived官网:http://keepalived.org

 

将keepalived解压到/usr/local/src目录下

tar -zxvf  keepalived-1.2.19.tar.gz -C /usr/local/src

 

进入到/usr/local/src/keepalived-1.2.19目录

cd /usr/local/src/keepalived-1.2.19

 

开始configure

./configure --prefix=/usr/local/keepalived

 

#编译并安装

make && make install

 

5.4. 将keepalived添加到系统服务中

拷贝执行文件

cp /usr/local/keepalived/sbin/keepalived /usr/sbin/

将init.d文件拷贝到etc下,加入开机启动项

cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/keepalived

将keepalived文件拷贝到etc下

cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/

创建keepalived文件夹

mkdir -p /etc/keepalived

将keepalived配置文件拷贝到etc下

cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf

添加可执行权限

chmod +x /etc/init.d/keepalived

##以上所有命令一次性执行：

cp /usr/local/keepalived/sbin/keepalived /usr/sbin/ cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/keepalived cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ mkdir -p /etc/keepalived cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf chmod +x /etc/init.d/keepalived chkconfig --add keepalived chkconfig keepalived on

 

添加keepalived到开机启动

chkconfig --add keepalived

chkconfig keepalived on

 

5.5. 配置keepalived虚拟IP

修改配置文件： /etc/keepalived/keepalived.conf

#MASTER节点

global_defs { } vrrp_instance VI_1 {     state MASTER   #指定A节点为主节点 备用节点上设置为BACKUP即可     interface eth0    #绑定虚拟IP的网络接口     virtual_router_id 51   #VRRP组名，两个节点的设置必须一样，以指明各个节点属于同一VRRP组     priority 100   #主节点的优先级（1-254之间），备用节点必须比主节点优先级低     advert_int 1  #组播信息发送间隔，两个节点设置必须一样     authentication {    #设置验证信息，两个节点必须一致         auth_type PASS         auth_pass 1111     }     virtual_ipaddress {    #指定虚拟IP, 两个节点设置必须一样         192.168.33.60/24    #如果两个nginx的ip分别是192.168.33.61,,...62，则此处的虚拟ip跟它俩同一个网段即可     } }

 

#BACKUP节点

global_defs { } vrrp_instance VI_1 {     state BACKUP     interface eth0     virtual_router_id 51     priority 99     advert_int 1     authentication {         auth_type PASS         auth_pass 1111     }     virtual_ipaddress {         192.168.33.60/24     } }

 

#分别启动两台机器上的keepalived

service keepalived start

测试：

杀掉master上的keepalived进程，你会发现，在slave机器上的eth0网卡多了一个ip地址

查看ip地址的命令：  ip addr

 

5.6. 配置keepalived心跳检查

原理：

Keepalived并不跟nginx耦合，它俩完全不是一家人

但是keepalived提供一个机制：让用户自定义一个shell脚本去检测用户自己的程序，返回状态给keepalived就可以了

 

 

#MASTER节点

global_defs { }   vrrp_script chk_health {     script "[[ `ps -ef | grep nginx | grep -v grep | wc -l` -ge 2 ]] && exit 0 || exit 1"     interval 1    #每隔1秒执行上述的脚本，去检查用户的程序ngnix     weight -2 }   vrrp_instance VI_1 {     state MASTER     interface eth0     virtual_router_id 1     priority 100     advert_int 2     authentication {         auth_type PASS         auth_pass 1111     }       track_script {         chk_health     }       virtual_ipaddress {         10.0.0.10/24     }       notify_master "/usr/local/keepalived/sbin/notify.sh master"     notify_backup "/usr/local/keepalived/sbin/notify.sh backup"     notify_fault "/usr/local/keepalived/sbin/notify.sh fault" }

 

#添加切换通知脚本

vi /usr/local/keepalived/sbin/notify.sh

#!/bin/bash   case "$1" in     master)         /usr/local/nginx/sbin/nginx         exit 0     ;; backup)         /usr/local/nginx/sbin/nginx -s stop         /usr/local/nginx/sbin/nginx         exit 0     ;;     fault)         /usr/local/nginx/sbin/nginx -s stop         exit 0     ;;     *)         echo 'Usage: notify.sh {master|backup|fault}'         exit 1     ;; esac

 

#添加执行权限

chmod +x /usr/local/keepalived/sbin/notify.sh

global_defs { }   vrrp_script chk_health {     script "[[ `ps -ef | grep nginx | grep -v grep | wc -l` -ge 2 ]] && exit 0 || exit 1"     interval 1     weight -2 }   vrrp_instance VI_1 {     state BACKUP     interface eth0     virtual_router_id 1     priority 99     advert_int 1     authentication {         auth_type PASS         auth_pass 1111     }       track_script {         chk_health     }       virtual_ipaddress {         10.0.0.10/24     }     notify_master "/usr/local/keepalived/sbin/notify.sh master"     notify_backup "/usr/local/keepalived/sbin/notify.sh backup"     notify_fault "/usr/local/keepalived/sbin/notify.sh fault" }

 

#在第二台机器上添加notify.sh脚本

#分别在两台机器上启动keepalived

service keepalived start

chkconfig keepalived on