标题Nginx双击热备
拓扑图
1、安装nginx依赖软件
[root@centos01 ~]# yum -y install pcre-devel zlib-devel kernel-devel popt-devel openssl-devel
[root@centos02 ~]# yum -y install pcre-devel zlib-devel kernel-devel popt-devel openssl-devel
2、 创建管理nginx用户
[root@centos01 ~]# useradd -M -s /sbin/nologin nginx
[root@centos02 ~]# useradd -M -s /sbin/nologin nginx
3、配置nginx
[root@centos01 nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --with-http_stub_status_module
[root@centos02 nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --with-http_stub_status_module
4、安装nginx
[root@centos01 nginx-1.6.0]# make && make install
[root@centos02 nginx-1.6.0]# make && make install
5、优化nginx
[root@centos01 nginx-1.6.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
[root@centos02 nginx-1.6.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
6、修改nginx网站主页
[root@centos01 ~]# echo “www.benet.com” > /usr/local/nginx/html/index.html
[root@centos02 ~]# echo “www.accp.com” > /usr/local/nginx/html/index.html
7、启动nginx监听端口号
8、设置服务开机自动启动添加执行权限
[root@centos01 ~]# vim /etc/rc.d/rc.local
/usr/local/sbin/nginx
[root@centos01 ~]# chmod +x /etc/rc.d/rc.local
[root@centos02 ~]# vim /etc/rc.d/rc.local
/usr/local/sbin/nginx
[root@centos02 ~]# chmod +x /etc/rc.d/rc.local
二、安装keepalived
1、安装keepalived
[root@centos01 keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/
[root@centos01 keepalived-1.2.13]# make && make install
[root@centos01 keepalived-1.2.13]# chkconfig --add keepalived
[root@centos01 keepalived-1.2.13]# chkconfig --level 35 keepalived on
[root@centos02 keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/
[root@centos02 keepalived-1.2.13]# make && make install
[root@centos02 keepalived-1.2.13]# chkconfig --add keepalived
[root@centos02 keepalived-1.2.13]# chkconfig --level 35 keepalived on
2、配置主keepalived
[root@centos01 ~]# vim /etc/keepalived/keepalived.conf
3、配置监控nginx服务keepalived脚本
[root@centos01 ~]# vim /opt/nginx.sh
4、添加执行权限
[root@centos01 ~]# chmod +x /opt/nginx.sh
5、配置从keepalived
[root@centos02 ~]# vim /etc/keepalived/keepalived.conf
6、编写监控nginx服务和keepalived脚本
[root@centos02 ~]# vim /opt/nginx.sh
7、添加执行权限
[root@centos02 ~]# chmod +x /opt/nginx.sh
8、启动服务
[root@centos01 ~]# systemctl start keepalived
9、查看vip地址
10、客户端产看
11、停止主keepalived服务
[root@centos01 ~]# systemctl stop keepalived.service
12、启动从keepalived服务
[root@centos02 ~]# systemctl start keepalived
13、查看VIP地址
14、客户端查看
三、 配置防火墙
1、防火墙ens34接口配置IP
[root@centos03 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens34
2、配置网关 重启网卡服务
[root@centos01 ~]# vim //etc/sysconfig/network-scripts/ifcfg-ens32
GATEWAY=192.168.100.30
[root@centos01 ~]# systemctl restart network
[root@centos02 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
GATEWAY=192.168.100.30
[root@centos02 ~]# systemctl restart network
3、启动防火墙服务设置开机自动启动
[root@centos03 ~]# systemctl start firewalld
[root@centos03 ~]# systemctl enable firewalld
4、设置默认区域
[root@centos03 ~]# firewall-cmd --set-default-zone=external
5、将ens34网卡加入到外部区域
[root@centos03 ~]# firewall-cmd --add-interface=ens34 --zone=external
6、将ens32加入到信任区域
[root@centos03 ~]# firewall-cmd --add-interface=ens32 --zone=trusted
7、查看激活区域
8、查看区域中的所有规则
9、关闭伪装
[root@centos03 ~]# firewall-cmd --remove-masquerade
10、配置伪装
[root@centos03 ~]# firewall-cmd --zone=external --add-rich-rule=‘rule family=ipv4 source address=192.168.100.0/24 masquerade’
11、配置192.168.100.254的80端口映射到192.168.200.30的80端口
[root@centos03 ~]# firewall-cmd --zone=external --add-rich-rule=‘rule family=ipv4 destination address=192.168.200.30/32 forward-port port=80 protocol=tcp to-addr=192.168.100.254’
12、查看规则
13、允许dns http访问
[root@centos03 ~]# firewall-cmd --zone=external --add-service=dns
[root@centos03 ~]# firewall-cmd --zone=external --add-service=http
四、配置dns
1、安装dns
[root@centos03 ~]# yum -y install bind bind-chroot bind-utils
2、配置主配置文件
[root@centos03 ~]# vim /etc/named.conf
3、配置正向解析文件
[root@centos03 ~]# vim /var/named/benet.com.zone
4、添加执行权限
[root@centos03 ~]# chmod +x /var/named/benet.com.zone
[root@centos03 ~]# chown named:named /var/named/benet.com.zone
5、客户端配置IP
6、客户端访问
7、停止主keepalived服务查看从keepalivedVIP地址
[root@centos01 ~]# systemctl stop keepalived
[root@centos02 ~]# systemctl start keepalived
8、客户端访问