Nginx高可用
1. Nginx高可用的俩种方案
1.1. Nginx+Keepalived主备模式
前端使用俩台服务器,一台主服务器一台热备服务器,正常情况下,主服务绑定一个公网虚拟IP,提供负载均衡服务,热备服务器处于空闲状态;当主服务器发生故障时,热备服务器接管主服务器的公网虚拟IP,提供负载均衡服务;但是热备服务器在主服务器不出现故障时,永远处于空闲状态,对于服务器不多的网址,该方案不不经济实惠。
1.2. Nginx+keepalived双主模式
前端使用俩台服务器提供负载均衡服务,俩台服务器互为主备,都处于活动状态,同时各自绑定一个公网虚拟IP;当其中一台发生故障时,另一台接管发生故障服务器的公网虚拟IP(这时非故障服务器负担所有的请求)。这种方案,经济实惠,非常适合于当前的架构环境。
2. Nginx+Keepalived双主模式配置
2.1. 环境说明
服务器名 | IP | VIP(虚拟IP) |
---|---|---|
Server-134 | 192.168.234.134 | 192.168.234.234 |
Server-135 | 192.168.234.135 | 192.168.234.235 |
2.2. Keepalived安装
yum install keepalived -y #安装Keepalived
keepalived -v #查看版本
2.3. Nginx配置
2.3.1. Server-134的Nginx.conf配置
#user node1;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
#default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
keepalive_timeout 65;
upstream server {
server 192.168.234.134:8080 weight=1 max_fails=1 fail_timeout=10;
server 192.168.234.135:8080 weight=1 max_fails=1 fail_timeout=10;
}
server {
listen 80;
server_name 192.168.234.134;
location / {
root /home/node1/nginx/html;
index index.html;
#后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://server; #请求转发到服务池
}
}
server {
listen 8080;
location /hi {
echo "你好啊,我是服务器-134,很高兴为您服务!!";
}
}
}
启动Server-134的Nginx服务之后,查看其负载均衡如下:
3.3.2. Server-135的Nginx.conf配置
#user node1;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
#default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
keepalive_timeout 65;
upstream server {
server 192.168.234.134:8080 weight=1 max_fails=1 fail_timeout=10;
server 192.168.234.135:8080 weight=1 max_fails=1 fail_timeout=10;
}
server {
listen 80;
server_name 192.168.234.135;
location / {
root /home/node1/nginx/html;
index index.html;
#后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://server; #请求转发到服务池
}
}
server {
listen 8080;
location /hi {
echo "你好啊,我是服务器-135,很高兴为您服务!!";
}
}
}
启动Server-135的Nginx服务之后,查看其负载均衡如下:
2.4. Nginx检测脚本
主要通过检测nginx的端口,判断nginx当前的状态。
2.4.1安装nmap
yum install nmap
touch /etc/keepalived/nginx_check.sh #创建脚本文件
chmod +x /etc/keepalived/nginx_check.sh #给脚本增加可执行权限
2.4.2 编写脚本
#! /bin/bash
# check nginx server status
NGINX=/home/node1/nginx/sbin/nginx # nginx执行文件
PORT=80 #通过检查nginx80端口,判断nginx是否运行中
nmap localhost -p $PORT | grep "$PORT/tcp open"
if [ $? -ne 0 ];then
$NGINX -s stop
$NGINX
sleep 3
nmap localhost -p $PORT | grep "$PORT/tcp open"
[ $? -ne 0 ] && systemctl stop keepalived
fi
2.5. Keepalived配置
2.5.1. Server-134的Keepalived配置
vi /etc/keepalived/keepalived.conf #打开Keepalived的配置文件
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id server_134
#脚本执行的用户
script_user root
enable_script_security
}
vrrp_script chk_http_port {
script "/etc/keepalived/nginx_check.sh"
interval 1
weight -2
}
vrrp_instance VI_234 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.234.234
}
track_script {
chk_http_port
}
}
vrrp_instance VI_235 {
state BACKUP
interface ens33
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.234.235
}
track_script {
chk_http_port
}
}
2.5.1. Server-135的Keepalived配置
vi /etc/keepalived/keepalived.conf #打开Keepalived的配置文件
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id server_135
script_user root
enable_script_security
}
vrrp_script chk_http_port {
script "/etc/keepalived/nginx_check.sh"
interval 1
weight -2
}
vrrp_instance VI_234 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.234.234
}
track_script {
chk_http_port
}
}
vrrp_instance VI_235 {
state MASTER
interface ens33
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.234.235
}
track_script {
chk_http_port
}
}
2.5.3 Keepalived配置文件说明
#全局配置
global_defs {
notification_email { #通知机制,邮件接收者信息
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc #发件人
smtp_server 192.168.200.1 #邮件服务器
smtp_connect_timeout 30 #邮件连接超时时间
router_id server_135 #路由标志
script_user root # 脚本执行的用户
enable_script_security
}
vrrp_script chk_http_port { #集群资源监控,组合track_script进行使用
script "/etc/keepalived/nginx_check.sh" #nginx状态的脚本路径
interval 1 #检测时间间隔
weight -2 # 条件成立,权重减2
}
#vrrp实例
vrrp_instance VI_234 {
state MASTER #设置当前主机为主节点,如果是备节点,则设置为BACKUP
interface ens33 #指定HA检测网络接口,可以用ip addr查看来决定设置哪一个
virtual_router_id 51 #虚拟路由标识,同一个VRRP实例要使用同一标识,主备机
priority 90 #设置优先级,确保主节点的优先级高于备节点
advert_int 1 #用于设定主备节点间同步检查的时间间隔
authentication { # 设置主备节点间通信验证类型及密码,同一个VRRP实例需一致
auth_type PASS
auth_pass 1111
}
# 设置虚拟IP地址,当keepalived状态切换为MASTER时,此IP会自动添加到系统中
#当状态切换为BACKUP时,此IP会自动从系统中删除
# 可以通过命令ip addr查看切换后的状态
virtual_ipaddress {
192.168.234.234
}
track_script { # 集群资源监控,组合vrrp_script进行
chk_http_port
}
}
2.5.1. 启动Keepalived服务
2.5.1.1启动Server-134的keepalived
systemctl start keepalived #启动keepalived服务
systemctl stop keepalived #停止keepalived服务
systemctl restart keepalived #重启keepalived服务
systemctl status keepalived #查看keepalived服务状态
查看启动的keepalived的状态
输入ip addr 查看虚拟IP(192.168.234.234)已生效:
2.5.1.2 启动Server-135的keepalived
systemctl start keepalived #启动keepalived服务
systemctl stop keepalived #停止keepalived服务
systemctl restart keepalived #重启keepalived服务
systemctl status keepalived #查看keepalived服务状态
查看启动的keepalived的状态
输入ip addr 查看虚拟IP(192.168.234.235)已生效:
2.6 验证高可用
停止Server-134中keepalived服务(因为nignx检测脚本中有重启nginx的命令,因此不能通过停止nginx服务来测试高可用),查看192.168.234.234虚拟IP是否在Server-134中被移除,增加到Server-135中。
Server-134中IP:
Server-135中IP:
至此,恭喜您,实现了Nginx的高可用。