前置条件,需要在各服务器安装nginx,安装方式参考Nginx单机安装
1安装keepalived
[root@CentOS002 opt]# yum install keepalived -y
2查看keepalived配置文件
[root@CentOS002 keepalived]# cat /etc/keepalived/keepalived.conf
3修改keepalived配置文件
[root@CentOS002 keepalived]# cat /etc/keepalived/keepalived.conf
主节点配置
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
## 标识本节点的字符串,通常为 hostname,也可以是本机ip
smtp_server 120.26.40.215
smtp_connect_timeout 30
## 通过它,可以访问到主机,在hosts文件中,要做映射关系,类似于 127.0.0.1 LVS_DEVEL
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
## keepalived 会定时执行脚本并对脚本执行的结果进行分析,动态调整vrrp_instance 的优先级
vrrp_script chk_http_port {
script "/usr/local/src/nginx_check.sh" ## 检测 nginx 状态的脚本路径
interval 2 # (检测脚本执行的间隔)
weight -20 ## 如果条件成立,权重-20
}
## 定义虚拟路由, VI_1 为虚拟路由的标示符,自己定义名称
vrrp_instance VI_1 {
## 主节点为 MASTER, 对应的备份节点为 BACKUP
state MASTER
## 绑定虚拟 IP 的网络接口,与本机 IP 地址所在的网络接口相同
interface eth0
## 虚拟路由的 ID 号, 两个节点设置必须一样, 可选 IP 最后一段使用, 相同的 VRID 为一个组,他将决定多播的 MAC 地址
virtual_router_id 51
##节点优先级, 值范围 0-254, MASTER 要比 BACKUP 高
priority 100
## 组播信息发送间隔,两个节点设置必须一样, 默认 1s
advert_int 1
## 心跳检测需要的密码
authentication {
auth_type PASS
auth_pass 1111
}
## 追踪 nginx 脚本
track_script {
check_nginx_alive
}
## 设置本机内网 IP 地址
unicast_src_ip 120.26.40.215
unicast_peer {
120.55.75.114 # 对端设备的 IP 地址
}
## 虚拟 ip,可以定义多个
virtual_ipaddress {
192.168.200.16
192.168.200.17
192.168.200.18
}
notify_master "/usr/local/src/nginx_check.sh MASTER"
notify_backup "/usr/local/src/nginx_check.shh BACKUP"
notify_fault "/usr/local/src/nginx_check.sh FAULT"
notify_stop "/usr/local/src/nginx_check.sh STOP"
garp_master_delay 1 # 设置当切为主状态后多久更新 ARP 缓存
garp_master_refresh 5 # 设置主节点发送ARP报文的时间间隔
track_interface {
eth0 # 使用绑定 VIP 的网卡 例如 eth0
}
}
virtual_server 192.168.200.100 443 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.201.100 443 {
weight 1
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.2 1358 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
sorry_server 192.168.200.200 1358
real_server 192.168.200.2 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.200.3 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.3 1358 {
delay_loop 3
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.200.4 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.200.5 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
在/usr/local/src下创建脚本nginx_check.sh
[root@CentOS001 keepalived]# cd /usr/local/src
[root@CentOS001 keepalived]# vi nginx_check.sh
编辑检测脚本
#!/bin/bash
A=`ps -C nginx –no-header |wc -l`
if [ $A -eq 0 ];then
/usr/local/nginx/sbin/nginx
sleep 2
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived
fi
fi
脚本赋权
[root@CentOS001 sbin]# chmod +x /usr/local/src/nginx_check.sh
#!/bin/bash
A=`ps -C nginx –no-header |wc -l`
if [ $A -eq 0 ];then
/usr/local/nginx/sbin/nginx
sleep 2
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived
fi
fi
启动
[root@CentOS001 sbin]# systemctl start keepalived.service
或
[root@CentOS001 sbin]# /usr/sbin/./keepalived
查看虚拟地址
[root@CentOS001 sbin]# ip addr
/usr/local/nginx/sbin/nginx -t
错误
问题1:
[root@CentOS002 nginx-1.20.2]# make && make install
make: *** 没有规则可制作目标“build”,由“default” 需求。 停止。
[root@CentOS002 nginx-1.20.2]#
安装Nginx相关依赖包:
安装依赖
[root@CentOS002 nginx-1.20.2]# yum -y install gcc openssl openssl-devel pcre-devel zlib zlib-devel
检查依赖
[root@CentOS003 nginx-1.20.2]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module
问题2 启动nginx:
nginx: [alert] could not open error log file: open() "/usr/local/nginx/logs/error.log" failed (13: Permission denied)
2018/09/13 14:50:07 [emerg] 49801#0: open() "/usr/local/nginx/logs/access.log" failed (13: Permission denied)
赋权
关闭防火墙
问题3:
[root@CentOS002 nginx-1.20.2]# /usr/local/nginx/sbin/nginx
nginx: [emerg] getpwnam("nginx") failed
设置nginx用户
[root@CentOS002 nginx-1.20.2]# useradd -s /sbin/nologin -M nginx
1 2 3 | [root@localhost nginx-1.11.2] # /usr/local/nginx/sbin/nginx [root@localhost nginx-1.11.2] # netstat -tlunp | grep nginx tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 9709 /nginx : master |