记录一下。
主节点:192.168.79.233
备节点:192.168.79.234
虚拟IP:192.168.79.237
1、nginx配置 /etc/nginx/nginx.conf
user www-data;
worker_processes 4;
error_log /var/log/nginx/error.log;
pid /var/log/nginx/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
gzip on;
gzip_min_length 1k; #低于1kb的资源不压缩
gzip_comp_level 5; #压缩级别【1-9】,越大压缩率越高,同时消耗cpu资源也越多,建议设置在4左右。
gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css; #需要压缩哪些响应类型的资源,多个空格隔开。不建议压缩图片。
gzip_disable "MSIE [1-6]\."; #配置禁用gzip条件,支持正则。此处表示ie6及以下不启用gzip(因为ie低版本不支持)
gzip_vary on; #是否添加“Vary: Accept-Encoding”响应头
#443##############################################################
server {
listen 443 ssl;
server_name prod1.xxxx.com;
index index.html index.htm;
ssl_certificate /etc/nginx/cert/xxxx/xxxx.com.pem;
ssl_certificate_key /etc/nginx/cert/xxxx/xxxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
charset utf-8;
location /xxxx {
proxy_pass http://192.168.98.251:18802;
keepalive_timeout 30;
access_log /var/log/nginx/parking/parking_front_access.log main;
error_log /var/log/nginx/parking/parking_front_error.log;
autoindex_localtime on;
}
location /unicorn {
keepalive_timeout 30;
proxy_pass http://192.168.98.251:28888;
proxy_set_header host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log /var/log/nginx/unicorn/unicorn_front_access.log main;
error_log /var/log/nginx/unicorn/unicorn_front_error.log;
autoindex_localtime on;
}
}
#80############################################################
server {
listen 80;
server_name 192.168.79.237;
root /var/www;
index index.html index.htm;
charset utf-8;
location /unicorncard {
sendfile on;
tcp_nopush on;
#tcp_nodelay on;
keepalive_timeout 60;
proxy_pass http://192.168.98.251:33334;
client_max_body_size 10M;
client_body_buffer_size 5M;
proxy_buffer_size 256k;
proxy_buffers 8 256k;
proxy_busy_buffers_size 256K;
access_log /var/log/nginx/unicorn/unicorn_card_access.log main;
error_log /var/log/nginx/unicorn/unicorn_card_error.log;
autoindex_localtime on;
}
}
}
2、日志循环配置 /etc/logrotate.d/nginx
/var/log/nginx/*.log {
daily
missingok
rotate 30
compress
delaycompress
notifempty
create 0640 www-data adm
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi \
endscript
postrotate
invoke-rc.d nginx rotate >/dev/null 2>&1
endscript
}
/var/log/nginx/*.log {
daily
missingok
rotate 30
compress
delaycompress
notifempty
create 0640 www-data adm
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi \
endscript
postrotate
invoke-rc.d nginx rotate >/dev/null 2>&1
endscript
}
/var/log/nginx/unicorn/*.log {
weekly
missingok
rotate 4
compress
delaycompress
notifempty
create 0644 root root
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi \
endscript
postrotate
invoke-rc.d nginx rotate >/dev/null 2>&1
endscript
}
/var/log/nginx/parking/*.log {
weekly
missingok
rotate 4
compress
delaycompress
notifempty
create 0644 root root
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi \
endscript
postrotate
invoke-rc.d nginx rotate >/dev/null 2>&1
endscript
}
3、在主节点 192.168.79.233配置/etc/keepalived/keepalived.conf
vrrp_script chk_http_port {
script "/etc/keepalived/check_nginx_pid.sh"
interval 2 #(检测脚本执行的间隔)
weight -10
}
global_defs{
router_id nginx01 #本节点名称
script_user root
enable_script_security
}
vrrp_instance VI_1 {
state MASTER # 备份服务器上将 MASTER 改为 BACKUP
interface eth0 #网卡
virtual_router_id 151 # 主、备机的virtual_router_id必须相同
priority 100 # 主、备机取不同的优先级,主机值较大,备份机值较小
advert_int 1
mcast_src_ip 192.168.79.233
authentication {
auth_type PASS
auth_pass 1234
}
track_script {
chk_http_port ### 执行监控的服务
}
virtual_ipaddress {
192.168.79.237/32 # VRRP H虚拟地址
}
}
在备节点192.168.79.234配置/etc/keepalived/keepalived.conf
vrrp_script chk_http_port {
script "/etc/keepalived/check_nginx_pid.sh"
interval 2 #(检测脚本执行的间隔)
weight 2
}
global_defs{
router_id nginx02 #本节点名称
script_user root
enable_script_security
}
vrrp_instance VI_1 {
state BACKUP # 备份服务器上将 MASTER 改为 BACKUP
interface eth0 #网卡
virtual_router_id 151 # 主、备机的virtual_router_id必须相同
priority 90 # 主、备机取不同的优先级,主机值较大,备份机值较小
advert_int 1
mcast_src_ip 192.168.79.234
authentication {
auth_type PASS
auth_pass 1234
}
track_script {
chk_http_port ### 执行监控的服务
}
virtual_ipaddress {
192.168.79.237 # VRRP H虚拟地址
}
}
在主备节点的/etc/keepalived/目录下创建check_nginx_pid.sh,用于查看nginx服务是否正常
再给一下运行权限
sudo chmod +x check_nginx_pid.sh
#!bin/bash
A=`ps aux -C nginx --no-header |wc -l` ## 查看是否有 nginx进程 把值赋给变量A
if [ $A -eq 0 ];then ## 如果没有进程值得为 零
/usr/sbin/nginx
sleep 3
if [ `ps aux -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived ## 则结束 keepalived 进程
fi
fi
两台机器上执行一下命令ip a,看一下网卡绑定是否正确
主节点:应该看到79.237,这就是绑定ok了
备节点:应该是没有绑定79.237的,除非主节点失败才会漂移到备节点
重启sudo systemctl restart keepalived.service
查看一下状态 sudo systemctl status keepalived.service
防火墙配置:主备节点放开224.0.0.18的流量,组播。
sudo ufw allow from 192.168.79.233 to 224.0.0.18
sudo ufw allow from 192.168.79.234 to 224.0.0.18