Nginx高可用【五】

1. Nginx高可用的俩种方案

1.1. Nginx+Keepalived主备模式

   前端使用俩台服务器，一台主服务器一台热备服务器，正常情况下，主服务绑定一个公网虚拟IP，提供负载均衡服务，热备服务器处于空闲状态；当主服务器发生故障时，热备服务器接管主服务器的公网虚拟IP，提供负载均衡服务；但是热备服务器在主服务器不出现故障时，永远处于空闲状态，对于服务器不多的网址，该方案不不经济实惠。

1.2. Nginx+keepalived双主模式

  前端使用俩台服务器提供负载均衡服务，俩台服务器互为主备，都处于活动状态，同时各自绑定一个公网虚拟IP；当其中一台发生故障时，另一台接管发生故障服务器的公网虚拟IP（这时非故障服务器负担所有的请求）。这种方案，经济实惠，非常适合于当前的架构环境。

2. Nginx+Keepalived双主模式配置

2.1. 环境说明

服务器名	IP	VIP（虚拟IP）
Server-134	192.168.234.134	192.168.234.234
Server-135	192.168.234.135	192.168.234.235

2.2. Keepalived安装

yum install keepalived -y #安装Keepalived
keepalived -v #查看版本

2.3. Nginx配置

2.3.1. Server-134的Nginx.conf配置

#user  node1;
worker_processes  1;
events {
    worker_connections  1024;
}

http {
    include       mime.types;
    #default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;
    sendfile on;
    keepalive_timeout  65;
	
	upstream server {
		server 192.168.234.134:8080 weight=1 max_fails=1 fail_timeout=10;
		server 192.168.234.135:8080 weight=1 max_fails=1 fail_timeout=10;
	}

	server {	
		listen 80;
		server_name 192.168.234.134;

		location / {
			root /home/node1/nginx/html;
			index index.html;
			#后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
		    proxy_set_header Host $host;
   		    proxy_set_header X-Real-IP $remote_addr;
	     	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		    proxy_pass http://server;  #请求转发到服务池	
		}
	}
	
	server {
		listen 8080;
		location /hi {
			echo "你好啊，我是服务器-134，很高兴为您服务！！";
		}
	}
}

启动Server-134的Nginx服务之后，查看其负载均衡如下：

3.3.2. Server-135的Nginx.conf配置

#user  node1;
worker_processes  1;
events {
    worker_connections  1024;
}

http {
    include       mime.types;
    #default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;
    sendfile on;
    keepalive_timeout  65;
	
	upstream server {
		server 192.168.234.134:8080 weight=1 max_fails=1 fail_timeout=10;
		server 192.168.234.135:8080 weight=1 max_fails=1 fail_timeout=10;
	}

	server {	
		listen 80;
		server_name 192.168.234.135;

		location / {
			root /home/node1/nginx/html;
			index index.html;
			#后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
		    proxy_set_header Host $host;
   		    proxy_set_header X-Real-IP $remote_addr;
	     	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		    proxy_pass http://server;  #请求转发到服务池	
		}
	}
	
	server {
		listen 8080;
		location /hi {
			echo "你好啊，我是服务器-135，很高兴为您服务！！";
		}
	}
}

启动Server-135的Nginx服务之后，查看其负载均衡如下：

2.4. Nginx检测脚本

  主要通过检测nginx的端口，判断nginx当前的状态。

2.4.1安装nmap

yum install nmap
touch /etc/keepalived/nginx_check.sh #创建脚本文件
chmod +x /etc/keepalived/nginx_check.sh #给脚本增加可执行权限

2.4.2 编写脚本

#! /bin/bash
# check nginx server status
NGINX=/home/node1/nginx/sbin/nginx # nginx执行文件
PORT=80 #通过检查nginx80端口，判断nginx是否运行中
nmap localhost -p $PORT | grep "$PORT/tcp open"
if [ $? -ne 0 ];then
   $NGINX -s stop
   $NGINX
   sleep 3
   nmap localhost -p $PORT | grep "$PORT/tcp open"
   [ $? -ne 0 ] && systemctl stop keepalived
fi

2.5. Keepalived配置

2.5.1. Server-134的Keepalived配置

vi /etc/keepalived/keepalived.conf #打开Keepalived的配置文件

! Configuration File for keepalived
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id server_134
   #脚本执行的用户
   script_user root
   enable_script_security
}

vrrp_script chk_http_port {
   script "/etc/keepalived/nginx_check.sh"
   interval 1
   weight -2
}

vrrp_instance VI_234 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.234.234
    }
    track_script {
        chk_http_port
    }

}

vrrp_instance VI_235 {
    state BACKUP
    interface ens33
    virtual_router_id 52
    priority 90
    advert_int 1
    authentication {
    	auth_type PASS
	auth_pass 1111
    }
    virtual_ipaddress {
       192.168.234.235
    }
    track_script {
        chk_http_port
    }
}

2.5.1. Server-135的Keepalived配置

vi /etc/keepalived/keepalived.conf #打开Keepalived的配置文件

! Configuration File for keepalived
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id server_135
  
   script_user root
   enable_script_security
}

vrrp_script chk_http_port {
   script "/etc/keepalived/nginx_check.sh"
   interval 1
   weight -2
}

vrrp_instance VI_234 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.234.234
    }
    track_script {
        chk_http_port
    }
}

vrrp_instance VI_235 {
    state MASTER
    interface ens33
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
       192.168.234.235
    }
    track_script {
        chk_http_port
    }
}

2.5.3 Keepalived配置文件说明

#全局配置
global_defs {
   notification_email {               #通知机制，邮件接收者信息
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc #发件人
   smtp_server 192.168.200.1                             #邮件服务器
   smtp_connect_timeout 30                               #邮件连接超时时间
   
   router_id server_135                                  #路由标志
  
   script_user root                 # 脚本执行的用户
   enable_script_security
}

vrrp_script chk_http_port {         #集群资源监控，组合track_script进行使用
   script "/etc/keepalived/nginx_check.sh"  #nginx状态的脚本路径
   interval 1                      #检测时间间隔
   weight -2                       # 条件成立，权重减2
}

#vrrp实例
vrrp_instance VI_234 {
    state MASTER          #设置当前主机为主节点，如果是备节点，则设置为BACKUP
    interface ens33       #指定HA检测网络接口，可以用ip addr查看来决定设置哪一个
    virtual_router_id 51  #虚拟路由标识，同一个VRRP实例要使用同一标识，主备机
    priority 90           #设置优先级，确保主节点的优先级高于备节点
    advert_int 1          #用于设定主备节点间同步检查的时间间隔
    authentication {     # 设置主备节点间通信验证类型及密码，同一个VRRP实例需一致
        auth_type PASS
        auth_pass 1111
    }
    
     # 设置虚拟IP地址，当keepalived状态切换为MASTER时，此IP会自动添加到系统中
     #当状态切换为BACKUP时，此IP会自动从系统中删除
     # 可以通过命令ip addr查看切换后的状态
    virtual_ipaddress { 
        192.168.234.234
    }
    track_script {      # 集群资源监控，组合vrrp_script进行
        chk_http_port
    }
}

2.5.1. 启动Keepalived服务

2.5.1.1启动Server-134的keepalived

systemctl start keepalived #启动keepalived服务
systemctl stop keepalived #停止keepalived服务
systemctl restart keepalived #重启keepalived服务
systemctl status keepalived #查看keepalived服务状态

查看启动的keepalived的状态

输入ip addr 查看虚拟IP（192.168.234.234）已生效：

2.5.1.2 启动Server-135的keepalived

systemctl start keepalived #启动keepalived服务
systemctl stop keepalived #停止keepalived服务
systemctl restart keepalived #重启keepalived服务
systemctl status keepalived #查看keepalived服务状态

查看启动的keepalived的状态

输入ip addr 查看虚拟IP（192.168.234.235）已生效：

2.6 验证高可用

  停止Server-134中keepalived服务（因为nignx检测脚本中有重启nginx的命令，因此不能通过停止nginx服务来测试高可用），查看192.168.234.234虚拟IP是否在Server-134中被移除，增加到Server-135中。

Server-134中IP：

Server-135中IP：

至此，恭喜您，实现了Nginx的高可用。