部暑环境:
vip地址: 203.95.193.124
nginx master:203.95.193.119 172.10.11.104
nginx backup:203.95.193.120 172.10.11.107
tomcat1:203.95.193.119 172.10.11.104
tomcat2:203.95.193.120 172.10.11.107
- 部暑tomcat
1.1、安装java环境
# wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.tar.gz
# tar -xzf jdk-8u131-linux-x64.tar.gz -C /usr/local/
# vi /etc/profile
#jdk1.8
export JAVA_HOME=/usr/local/jdk1.8.0_131
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
# source /etc/profile
# java -version
java version "1.8.0_131"
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)
1.2、安装tomcat
# wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-8/v8.5.40/bin/apache-tomcat-8.5.40.tar.gz
# tar -xzf apache-tomcat-8.5.40.tar.gz -C /usr/local/
# cd /usr/local/
# mv apache-tomcat-8.5.40 tomcat8
# cd /usr/local/tomcat8/bin && ./startup.sh
1.3、开放防火墙
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --reload
1.4、访问tomcat
http://203.95.193.119:8080
http://203.95.193.120:8080
- 部暑nginx
2.1、安装nginx
# yum install gcc pcre-devel openssl-devel -y
# wget http://nginx.org/download/nginx-1.15.3.tar.gz
# useradd -M -s /sbin/nologin nginx
# tar -xf nginx-1.15.3.tar.gz && cd nginx-1.15.3
# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module --with-stream=dynamic
# make && make install
2.2、配置nginx
# cat /usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes 4;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /usr/local/nginx/conf/conf.d/*.conf;
}
# mkdir -p /usr/local/nginx/conf/conf.d
# cd /usr/local/nginx/conf/conf.d
# cat tomcat.conf
upstream tomcatserver {
server 172.10.11.104:8080 weight=4 max_fails=2 fail_timeout=30s;
server 172.10.11.107:8080 weight=4 max_fails=2 fail_timeout=30s backup; }
server {
listen 80;
server_name localhost;
client_max_body_size 40m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcatserver;
}
}
# mkdir -p /var/log/nginx
# chown nginx. /var/log/nginx
# /usr/local/nginx/sbin/nginx -t
2.3、启动nginx
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
/usr/local/nginx/sbin/nginx -s reload
ps -ef |grep nginx
lsof -i :80
2.4、放行防火墙
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload
- 部暑keepalived高可用
3.1、master配置
# yum install keepalived -y
# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
# 接收邮件地址
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
# 邮件发送地址
notification_email_from Alexandre.Cassen@firewall.loc
# 本地邮件服务器发邮件
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_MASTER
}
vrrp_script check_nginx {
script "/usr/local/nginx/sbin/check_nginx.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface eth0
nopreempt #不抢占
virtual_router_id 51 # VRRP路由ID实例,每个实例是唯一的
priority 100 # 优先级,备服务器设置90
advert_int 1 # 指定VRRP心跳包通告间隔时间,默认1秒
# VRRP验证块
authentication {
auth_type PASS
auth_pass 1111
}
# VIP定义块
virtual_ipaddress {
203.95.193.124/24
}
track_script {
check_nginx
}
}
# systemctl start keepalived
# systemctl status keepalived
nginx状态检查脚本:
# cat /usr/local/nginx/sbin/check_nginx.sh
#!/bin/bash
count=$(ps -ef |grep nginx |egrep -cv "grep|$$")
if [ "$count" -eq 0 ]; then
exit 1
#systemctl stop keepalived
fi
chmod +x /usr/local/nginx/sbin/check_nginx.sh
3.2、backup配置
yum install keepalived -y
vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
# 接收邮件地址
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
# 邮件发送地址
notification_email_from Alexandre.Cassen@firewall.loc
# 本地邮件服务器发邮件
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_MASTER
}
vrrp_script check_nginx {
script "/usr/local/nginx/sbin/check_nginx.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 51 # VRRP路由ID实例,每个实例是唯一的
priority 90 # 优先级,备服务器设置90
advert_int 1 # 指定VRRP心跳包通告间隔时间,默认1秒
# VRRP验证块
authentication {
auth_type PASS
auth_pass 1111
}
# VIP定义块
virtual_ipaddress {
203.95.193.124/24
}
track_script {
check_nginx
}
}
# systemctl start keepalived
# systemctl status keepalived
# systemctl enable keepalived
nginx状态检查脚本:
# cat /usr/local/nginx/sbin/check_nginx.sh
#!/bin/bash
count=$(ps -ef |grep nginx |egrep -cv "grep|$$")
if [ "$count" -eq 0 ]; then
exit 1
#systemctl stop keepalived
fi
chmod +x /usr/local/nginx/sbin/check_nginx.sh
3.3、防火墙配置
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 \
--in-interface eth0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 \
--out-interface eth0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
查看防火墙配置:
iptables -L OUTPUT_direct --line-numbers
iptables -L INPUT_direct --line-numbers
删除防火墙配置:
firewall-cmd --direct --permanent --remove-rule ipv4 filter INPUT 0 \
--in-interface eth0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --direct --permanent --remove-rule ipv4 filter OUTPUT 0 \
--out-interface eth0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --zone=public --remove-port=80/tcp --permanent
firewall-cmd --reload
3.4、查看高可用状态
3.4.1、master存在VIP
ip add |grep eth0
3.4.2、BACKUP不存在VIP
ip add |grep eth0
3.4.3、查看keepalived日志
tail -f /var/log/messages
- 测试
4.1、停止Nginx服务查看VIP是否偏移成功
203.95.193.119配置:
pkill nginx
ps -ef |grep nginx
master不存在VIP:
BACKUP存在VIP:
测试网站是否正常:http://203.95.193.124/