Nginx反向代理负载均衡
实验环境
-主机名 | -ip | -服务 | 系统 |
---|---|---|---|
RS1 | 192.168.132.100 | nginx ,keepalived | centos8 |
RS2 | 192.168.132.135 | nginx,keepalived | centos8 |
nginx | 192.168.132.137 | nginx | centos8 |
apache | 192.168.132.140 | apache | centos8 |
反向代理
RS1
[root@RS1 ~]# systemctl disable --now firewalld.service
[root@RS1 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@RS1 ~]# dnf -y install keepalived nginx
[root@RS1 ~]# vi /etc/nginx/nginx.conf
.....
upstream lx.com { //写在server外面
server 192.168.132.137 weight=2;
server 192.168.132.140;
}
.....
location / { //写在server里面
proxy_pass http://lx.com;
}
RS2
[root@RS1 nginx]# scp -r nginx.conf 192.168.132.100:/etc/nginx/nginx.conf
root@192.168.132.100's password:
nginx.conf 100% 2592 2.1MB/s
测试
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-AI1L53Br-1666014938951)(D:\360Downloads\image-20221017211025051.png)]
nginx
[root@nginx ~]# systemctl disable --now firewalld.service
[root@nginx ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@nginx ~]# dnf -y install nginx
[root@nginx ~]# systemctl enable --now nginx.service
[root@nginx ~]# echo 'hehe' > /usr/share/nginx/html/index.html
apache
[root@apache ~]# systemctl disable --now firewalld.service
[root@apache~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@apache ~]# dnf -y install httpd
[root@apache ~]# systemctl enable --now httpd
[root@apache ~]# echo 'xixi' > /var/www/html/index.html
负载均衡
RS1
[root@RS1 ~]# cd /etc/keepalived/
[root@RS1 keepalived]# ls
keepalived.conf
[root@RS1 keepalived]# mv keepalived.conf{,-bak}
[root@RS1 keepalived]# ls
keepalived.conf-bak
[root@RS1 keepalived]# vi keepalived.conf
[root@RS1 keepalived]# cat keepalived.conf
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface ens33 //要和自己网卡名字一致
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.132.249 //vip贵宾不能是ping的通的
}
}
virtual_server 192.168.132.249 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.132.135 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.132.100 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@RS1 keepalived]# systemctl restart keepalived.service
[root@RS1 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:8c:44:a8 brd ff:ff:ff:ff:ff:ff
inet 192.168.132.100/24 brd 192.168.132.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.132.249/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe8c:44a8/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:3a:e5:b9 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
RS2
[root@RS2 ~]# cd /etc/keepalived/
[root@RS2 keepalived]# ls
keepalived.conf
[root@RS2 keepalived]# mv keepalived.conf{,-bak}
[root@RS2 keepalived]# ls
keepalived.conf-bak
//到RS1上远程传输配置文件
[root@RS1 keepalived]# scp -r keepalived.conf 192.168.132.135:/etc/keepalived/
root@192.168.132.135's password:
keepalived.conf 100% 831 335.4KB/s 00:00
[root@RS2 keepalived]# ls
keepalived.conf keepalived.conf-bak
[root@RS2 keepalived]# vi keepalived.conf
[root@RS2 keepalived]# systemctl restart keepalived.service
[root@RS2 keepalived]# cat keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.132.249
}
}
virtual_server 192.168.132.249 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.132.135 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.132.100 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
测试
关闭掉RS1的keepalive服务测试
必须也要关闭nginx服务
[root@RS1 ~]# systemctl stop keepalived.service
[root@RS1 ~]# systemctl stop nginx.service
3
delay_before_retry 3
}
}
}
### 测试
关闭掉RS1的keepalive服务测试
必须也要关闭nginx服务
[root@RS1 ~]# systemctl stop keepalived.service
[root@RS1 ~]# systemctl stop nginx.service
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-t6RsWIpp-1666014938952)(D:\360Downloads\image-20221017215315573.png)]