实战一:Nginx+Keepalived高可用负载均衡集群
一、拓扑
二、方案设计
directorA 为主负载均衡器;(master)
directorB为备用负载均衡器;(backup)
upserverA和upserverB同为Nginx web server提供相同功能;
三、配置upserverA和upserverB为Nginx Web Server
upserverA:
1、 安装nginx
yum install nginx // nginx-1.12.2-2.el7.x86_64
2、 配置静态网页
# vim /usr/share/nginx/html/index.html
This is 192.168.50.1
upserverB:
1、安装nginx
yum install nginx // nginx-1.12.2-2.el7.x86_64
2、配置静态网页
# vim /usr/share/nginx/html/index.html
This is 192.168.50.139
开启服务并测试
systemctl start nginx ; ssh 192.168.50.139 "systemctl start nginx"
四、配置Nginx反向代理
directorA:
1、directorA做为反向代理器,将client的请求调度到upserverA和upserverB
[root@Jin666 ~]# vim /etc/nginx/nginx.conf
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
#
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
upstream upservers {
server 192.168.50.138 ;
server 192.168.50.139 ;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://upservers/;
}
2、 开启服务并测试
[root@Jin666 ~]# systemctl start nginx // 192.168.50.137上开启nginx
从测试效果可以看出已有负载均衡效果
3、同理配置directorB
五、Keepalived高可用实现
directorA(master):
1、配置vip 192.168.50.100 做为client请求访问的地址
[root@Jin666 ~]# ip addr add 192.168.50.100/24 dev ens33
[root@Jin666 ~]# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:af:3f:34 brd ff:ff:ff:ff:ff:ff
inet 192.168.50.137/24 brd 192.168.50.255 scope global dynamic ens33
valid_lft 1666sec preferred_lft 1666sec
inet 192.168.50.100/24 scope global secondary ens33
valid_lft forever preferred_lft forever
2、配置keepalived实现ip地址飘逸
[root@Jin666 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email { //配置通知邮件,非必须
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_nginx { //检测Nginx进程是否存活脚本,若Nginx进程挂掉,则优先级-10
script "killall -0 nginx"
interval 1
weight -10
}
vrrp_instance VI_1 { //vrrp实例配置
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111 //建议openssl rand -hex 4生成随机认证字
}
virtual_ipaddress {
192.168.50.100/24 dev ens33
}
track_script { //调用脚本
chk_nginx
}
}
directorB(backup):
[root@Eric ~]# vim /etc/keepalived/keepalived.conf
1 ! Configuration File for keepalived
2
3 global_defs {
4 notification_email {
5 root@localhost
6 }
7 notification_email_from keepalived@localhost
8 smtp_server 127.0.0.1
9 smtp_connect_timeout 30
10 router_id node2
11 vrrp_skip_check_adv_addr
12 vrrp_strict
13 vrrp_garp_interval 0
14 vrrp_gna_interval 0
15 }
16
17 vrrp_script chk_nginx {
18 script "killall -0 nginx"
19 interval 1
20 weight -10
21 }
22
23
24 vrrp_instance VI_1 {
25 state BACKUP
26 interface ens33
27 virtual_router_id 51
28 priority 95
29 advert_int 1
30 authentication {
31 auth_type PASS
32 auth_pass 1111
33 }
34 virtual_ipaddress {
35 192.168.50.100/24 dev ens33
36 }
37 track_script {
38 chk_nginx
39 }
40
41 }
开启服务并测试
systemctl start keepalived; ssh 192.168.50.137 "systemctl start keepalived"
开启keepalived服务后,vip 192.168.50.100 在master节点上(master主机名为 Jin666,backup主机名为Eric)
[root@Jin666 ~]# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:af:3f:34 brd ff:ff:ff:ff:ff:ff
inet 192.168.50.137/24 brd 192.168.50.255 scope global dynamic ens33
valid_lft 1590sec preferred_lft 1590sec
inet 192.168.50.100/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::2021:d777:8a31:6880/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::4127:b2c7:355c:7c31/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::c9:6ef7:eb09:a0f8/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
现在关闭master主机上的Nginx服务,可以看到vip已从master主机上移除
[root@Jin666 ~]# systemctl stop nginx
[root@Jin666 ~]# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:af:3f:34 brd ff:ff:ff:ff:ff:ff
inet 192.168.50.137/24 brd 192.168.50.255 scope global dynamic ens33
valid_lft 1650sec preferred_lft 1650sec
检查vip是否转移到backup主机上
[root@Eric ~]# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:90:b9:05 brd ff:ff:ff:ff:ff:ff
inet 192.168.50.135/24 brd 192.168.50.255 scope global dynamic ens33
valid_lft 1482sec preferred_lft 1482sec
inet 192.168.50.100/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::29c:d356:c63b:12d7/64 scope link
valid_lft forever preferred_lft forever
可以看出在挂掉master节点的Nginx服务后,vip成功转移到backup节点上,现在访问vip,看是否还能实现负载均衡效果
成功!!!
实战二:Nginx动静分离的实现
一、拓扑
二、配置upserverA和upserverB
upserverA:
配置静态网页内容
[root@Jin666 html]# vim index.html
This is 192.168.50.138
upserverB:
1、配置静态网页和动态网页
[root@Jin666 html]# vim index.html // 因为是克隆主机所以主机名一样,请注意IP地址的不同
This is 192.168.50.139
[root@Jin666 html]# vim index.php
<?php
echo "This is 192.168.50.139 for PHP";
?>
2、开启upserverB上的php-fpm服务
[root@Jin666 html]# systemctl start php-fpm
3、确保本地127.0.0.1:9000处于监听状态
[root@Jin666 html]# netstat -tanp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1990/nginx: master
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1742/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1173/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1170/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1520/master
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 824/rsyslogd
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 2893/php-fpm: maste
4、配置upserverB的fastcgi
[root@Jin666 html]# vim /etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
include fastcgi_params;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
5、测试upserverB的静态网页和动态网页是否能正常访问
三、配置directorA实现动静分离
思路:定义两个upstream,分别指向upserverA和upserverB
[root@Jin666 nginx]# vim nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
#
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
upstream static {
server 192.168.50.138 ;
server 192.168.50.139 ;
}
upstream dynamic {
server 192.168.50.139 ;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://static/;
}
location ~ \.php$ {
# root html;
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
#include fastcgi_params;
proxy_pass http://dynamic;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
1、测试静态网页访问
2、测试动态网页访问
从实验结果来看,实现了静态网页的负载均衡,同时实现了动静分离。