linux下nginx+keepalived的实现高可用

为了方便复用，先编译后使用

一、源码编译nginx

1. 编译前先检查依赖包
   rpm -qa openssl openssl-devel zlib zlib-devel pcre pcre-devel gcc gcc-c++
   如果缺少可以使用yum安装，后开始编译（yum配置不在此处做说明）
   注意：
   a、由于nginx本身并不能会话保持，ip_hash方式不能真正负载均衡，因此我们添加第三方模块nginx-sticky-module来实现会话保持，使用sticky方式
   b、编译时目录所在位置和复用位置保持一致，这里编译保存目录/data/nginx

   nginx-sticky-module-1.2.6.zip下载链接：https://pan.baidu.com/s/18H368Dkhlb79vYLfR4foMA
   提取码：0ocd

2. 上传源码包/data/nginx-1.14.2.tar.gz /data/nginx-sticky-module-1.2.6.zip
   解压：tar xzvf nginx-1.14.2.tar.gz
   unzip nginx-sticky-module-1.2.6.zip

3. 创建目录
   mkdir /data/nginx

4. 修复nginx-sticky-module-1.2.6的bug
   cd /data/
   sed -i ‘4i #include <openssl/sha.h>’ nginx-sticky-module-1.2.6/ngx_http_sticky_misc.c
   sed -i ‘5i #include <openssl/md5.h>’ nginx-sticky-module-1.2.6/ngx_http_sticky_misc.c

5. 开始编译
   cd /data/nginx-1.14.2
   ./configure --prefix=/data/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --add-module=/data/nginx-sticky-module-1.2.6
   make
   make install

6. 修改配置文件
   vim /data/nginx/conf/nginx.conf
   参考示例如下：
   节点1：
   http {
   #其他参数不做罗列
   upstream test {
   sticky;
   #sticky是基于cookie的一种nginx的负载均衡，通过分发和识别cookie，来使同一个客户端的请求落在同一台服务器上，默认标识名为route
   server 192.168.10.4:8080 weight=1;
   server 192.168.10.5:8080 weight=1;
   }
   server {
   listen 80;
   server_name 192.168.10.2;
   location / {
   proxy_pass http://test;
   proxy_redirect off;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   #其他参数不做罗列
   }
   }
   证书域名配置，参考示例如下：
   worker_processes 8; #根据CPU个数自己调整

   error_log logs/error.log notice;
   pid logs/nginx.pid;

   events {
   use epoll;
   worker_connections 2048; #连接数设置
   }

   http {
   include mime.types;
   default_type application/octet-stream;
   log_format main '$remote_addr - $remot{e}_{u}ser[$time_local] “KaTeX parse error: Double superscript at position 26: … '̲status $bod{y}_{b}yte{s}_{s}ent"$http_referer” ’
   ‘“$htt{p}_{u}se{r}_{a}gent""$http_x_forwarded_for”’
   ‘$upstream_addr $upstream_response_time $request_time KaTeX parse error: Double superscript at position 24: …_status ' '̲"http_range" “KaTeX parse error: Double superscript at position 32: …t_range"' '̲"gzip_ratio”’;

   client_max_body_size 50m;
   client_header_buffer_size 4k;
   large_client_header_buffers 4 4k;

   gzip on;
   gzip_min_length 1100;
   gzip_buffers 4 8k;
   gzip_types text/plain;

   output_buffers 1 32k;
   postpone_output 1460;

   access_log logs/access.log main;

   client_header_timeout 3m;
   client_body_timeout 3m;
   send_timeout 3m;

   sendfile on;
   tcp_nopush on;
   tcp_nodelay on;
   keepalive_timeout 65;
   upstream test {
   sticky;
   server 192.168.10.4:8080 weight=1;
   server 192.168.10.5:8080 weight=1;
   }
   #慎用proxy_next_upstream 模块
   #proxy_next_upstream http_502 http_504 http_404 error timeout invalid_header;
   server {
   listen 80;
   listen 443 ssl;
   server_name 域名 域名;
   #ssl on;
   ssl_certificate /data/nginx/cert/123456.crt; #证书
   ssl_certificate_key /data/nginx/cert/123456.key; #证书key
   ssl_session_cache shared:SSL:1m;
   ssl_session_timeout 5m;
   ssl_ciphers HIGH:!aNULL:!MD5;
   ssl_prefer_server_ciphers on;
   access_log logs/cwbb.access.log main;
   location / {
   proxy_pass http://test;
   proxy_redirect off;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   client_max_body_size 30m;
   client_body_buffer_size 128k;
   proxy_connect_timeout 90;
   proxy_send_timeout 90;
   proxy_read_timeout 90;
   proxy_buffer_size 4k;
   proxy_buffers 4 32k;
   proxy_busy_buffers_size 64k;
   proxy_temp_file_write_size 64k;
   }
   }
   }
   节点2：同理，只修改server_name
   二、源码编译keepalived

   1、上传源码包/data/keepalived-1.2.24.tar.gz
   解压：tar xzvf keepalived-1.2.24.tar.gz

   2、创建目录
   mkdir /data/keepalived

   3、开始编译
   cd /data/keepalived-1.2.24
   ./configure --prefix=/data/keepalived
   make
   make install

   4、修改配置文件
   nginx1：192.168.10.2
   nginx1：192.168.10.3
   keepalived_virtual_ipaddress ：192.168.10.1
   **chk_nginx.sh检查脚本下载链接：https://pan.baidu.com/s/1hjMEmuDTdF2J92AIpE9j5Q
   提取码：t6q5

   节点1如下：
   vim /data/keepalived/etc/keepalived/keepalived.conf
   ! Configuration File for keepalived
   global_defs {
   router_id 192.168.10.2
   }
   vrrp_script check_nginx {
   script “/data/nginx/chk_nginx.sh”
   interval 2
   weight -20
   fall 2
   rise 1
   }
   vrrp_instance VI_1 {
   state MASTER
   interface eth0 #修改成自己的网卡名称
   virtual_router_id 1 #这里使用虚IP里的1
   mcast_src_ip 192.168.10.2
   priority 100
   advert_int 1
   authentication {
   auth_type PASS
   auth_pass 1111
   }
   track_script {
   check_nginx
   }
   virtual_ipaddress {
   192.168.10.1/24
   }
   }
   节点2如下：
   vim /data/keepalived/etc/keepalived/keepalived.conf
   ! Configuration File for keepalived
   global_defs {
   router_id 192.168.10.3
   }
   vrrp_script check_nginx {
   script “/data/nginx/chk_nginx.sh”
   interval 2
   weight -20
   fall 2
   rise 1
   }
   vrrp_instance VI_1 {
   state BACKUP
   interface eth0 #修改成自己的网卡名称
   virtual_router_id 1 #这里使用虚IP里的1
   mcast_src_ip 192.168.10.3
   priority 90
   advert_int 1
   authentication {
   auth_type PASS
   auth_pass 1111
   }
   track_script {
   check_nginx
   }
   virtual_ipaddress {
   192.168.10.1/24
   }
   }
   三、使用
   将nginx和keeppalived拷贝至生产环境目录/data/下
   nginx可以直接使用
   注意：keepalived需要稍作调整，即可使用
   cp /data/keepalived/etc/keepalived /etc/
   chmod -R 644 /etc/keepalived
   keepalvied至此也可使用了。
   启动nginx：cd /data/nginx/sbin/
   ./nginx
   启动keepalived：cd /data/keepalived/sbin/
   ./keepalived
   查看虚IP绑定：ip addr
   为了方便使用自己可以添加一些软连接