Nginx+keepalived双击热备
一、 安装nginx和keepalived
1、 安装依赖程序和管路用户创建
1)
开三台虚拟机
2)
删除系统自带yum源并挂载光盘
[root@centos01 ~]# rm -rf /etc/yum.repos.d/CentOS-*
[root@centos01 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos02 ~]# rm -rf /etc/yum.repos.d/CentOS-*
[root@centos02 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
3)
安装依赖程序、创建nginx管理用户
[root@centos01 ~]# yum -y install pcre-devel zlib-devel kernel-devel popt-devel openssl-devel
[root@centos01 ~]# useradd -M -s /sbin/nologin nginx
[root@centos02 ~]# yum -y install pcre-devel zlib-devel kernel-devel popt-devel openssl-devel
[root@centos02 ~]# useradd -M -s /sbin/nologin nginx
2、 安装nginx
1)
安装nginx
[root@centos01 ~]# umount /mnt/
[root@centos02 ~]# umount /mnt/
[root@centos01 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos01 ~]# tar zxvf /mnt/nginx-1.6.0.tar.gz -C /usr/src/
[root@centos02 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos02 ~]# tar zxvf /mnt/nginx-1.6.0.tar.gz -C /usr/src/
2)
配置nginx并配置安装nginx
[root@centos01 nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --with-http_stub_status_module
[root@centos01 nginx-1.6.0]# make && make install
[root@centos02 nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --with-http_stub_status_module
[root@centos02 nginx-1.6.0]# make && make install
3)
优化nginx命令和修改nginx网站主页
[root@centos01 ~]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
[root@centos01 ~]# echo “www.benet.com” > /usr/local/nginx/html/index.html
[root@centos02 ~]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
[root@centos02 ~]# echo “www.accp.com” > /usr/local/nginx/html/index.html
4)
启动nginx服务
[root@centos01 ~]# nginx
[root@centos01 ~]# netstat -anptu | grep 80
[root@centos02 ~]# nginx
[root@centos02 ~]# netstat -anptu | grep 80
5)
设置nginx服务开机自动启动
[root@centos01 ~]# vim /etc/rc.d/rc.local
/usr/local/sbin/nginx
[root@centos01 ~]# chmod +x /etc/rc.d/rc.local
[root@centos02 ~]# vim /etc/rc.d/rc.local
/usr/local/sbin/nginx
[root@centos02 ~]# chmod +x /etc/rc.d/rc.local
6)
重新启动查看
[root@centos01 ~]# reboot
[root@centos02 ~]# reboot
3、 安装keepalived
1)
配置keepaliced****
[root@centos01 ~]# tar zxvf /mnt/keepalived-1.2.13.tar.gz -C /usr/src/
[root@centos01 keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/
[root@centos02 ~]# tar zxvf /mnt/keepalived-1.2.13.tar.gz -C /usr/src/
[root@centos02 keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/
2)
安装keepalived
[root@centos01 keepalived-1.2.13]# make && make install
[root@centos02 keepalived-1.2.13]# make && make install
3)
添加系统服务设置开机自动启动
[root@centos01 ~]# chkconfig --add keepalived
[root@centos01 ~]# chkconfig --level 35 keepalived on
[root@centos02 ~]# chkconfig --add keepalived
[root@centos02 ~]# chkconfig --level 35 keepalived on
4、 配置主keepalived和从keepalived
1)
配置主keepalived
[root@centos01 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id Nginx_Master
}
vrrp_instance VI_1 {
state MASTER
interface ens32
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.254
}
vrrp_script check_nginx {
script “/opt/nginx.sh”
interval 2
weight 1
}
2)
配置从keepalived
[root@centos02 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id Nginx_Backup
}
vrrp_instance VI_1 {
state Backup
interface ens32
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.254
}
vrrp_script check_nginx {
script “/opt/nginx.sh”
interval 2
weight 1
}
}
3)
配置监控nginx服务和keepalived脚本
[root@centos01 ~]# vim /opt/nginx.sh
#!/bin/bash
counter=
(
p
s
−
C
n
g
i
n
x
−
−
n
o
−
h
e
a
d
i
n
g
∣
w
c
−
l
)
i
f
[
"
(ps -C nginx --no-heading|wc -l) if [ "
(ps−Cnginx−−no−heading∣wc−l)if["{counter}" = “0” ]; then
/usr/local/nginx/sbin/nginx
sleep 2
counter=
(
p
s
−
C
n
g
i
n
x
−
−
n
o
−
h
e
a
d
i
n
g
∣
w
c
−
l
)
i
f
[
"
(ps -C nginx --no-heading|wc -l) if [ "
(ps−Cnginx−−no−heading∣wc−l)if["{counter}" = “0” ]; then
/etc/init.d/keepalived stop
fi
fi
[root@centos01 ~]# chmod +x /opt/nginx.sh
[root@centos01 ~]# systemctl start keepalived
4)
配置从监控nginx服务和keepalived脚本
[root@centos02 ~]# vim /opt/nginx.sh
#!/bin/bash
counter=
(
p
s
−
C
n
g
i
n
x
−
−
n
o
−
h
e
a
d
i
n
g
∣
w
c
−
l
)
i
f
[
"
(ps -C nginx --no-heading|wc -l) if [ "
(ps−Cnginx−−no−heading∣wc−l)if["{counter}" = “0” ]; then
/usr/local/nginx/sbin/nginx
sleep 2
counter=
(
p
s
−
C
n
g
i
n
x
−
−
n
o
−
h
e
a
d
i
n
g
∣
w
c
−
l
)
i
f
[
"
(ps -C nginx --no-heading|wc -l) if [ "
(ps−Cnginx−−no−heading∣wc−l)if["{counter}" = “0” ]; then
/etc/init.d/keepalived stop
fi
fi
[root@centos02 ~]# chmod +x /opt/nginx.sh
[root@centos02 ~]# systemctl start keepalived
5)
测试关闭主,查看从
[root@centos01 ~]# systemctl stop keepalived
开启主查看
6)
客户端配置IP地址访问
停掉主节点f5刷新
[root@centos01 ~]# systemctl stop keepalived
二、 配置防火墙
1、 防火墙配置ip地址伪装和端口映射
1)
配置网卡2
[root@centos03 ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-ens34
[root@centos03 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens34
NAME=ens34
DEVICE=ens34
IPADDR=192.168.200.30
NETMASK=255.255.255.0
[root@centos03 ~]# systemctl restart network
2)
其余两台配置网关
[root@centos01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
GATEWAY=192.168.100.30
[root@centos01 ~]# systemctl restart network
[root@centos02 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
GATEWAY=192.168.100.30
[root@centos02 ~]# systemctl restart network
3)
设置防火墙开机自启
[root@centos03 ~]# systemctl start firewalld
[root@centos03 ~]# systemctl enable firewalld
4)
设置默认区域,并查看
[root@centos03 ~]# firewall-cmd --set-default-zone=external
Success
[root@centos03 ~]# firewall-cmd --add-interface=ens34 --zone=external
[root@centos03 ~]# firewall-cmd --add-interface=ens32 --zone=truste
[root@centos03 ~]# firewall-cmd --get-active-zones
external
interfaces: ens34
trusted
interfaces: ens32
5)
配置地址伪装
[root@centos03 ~]# firewall-cmd --remove-masquerade
success
[root@centos03 ~]# firewall-cmd --list-all
[root@centos03 ~]# firewall-cmd --zone=external --add-rich-rule=‘rule family=ipv4 source address=192.168.100.0/24 masquerade’
success
[root@centos03 ~]# firewall-cmd --list-all
6)
配置地址转发
[root@centos03 ~]# firewall-cmd --zone=external --add-rich-rule=‘rule family=ipv4 destination address=192.168.200.30/32 forward-port port=80 protocol=tcp to-addr=192.168.100.254’
Success
7)
允许外网使用http、dns访问
[root@centos03 ~]# firewall-cmd --zone=external --add-service=http
success
[root@centos03 ~]# firewall-cmd --zone=external --add-service=dns
success
三、 配置dns
1)
配置dns
使用系统自带光盘
2)
删除系统自带yum源并挂载光盘
[root@centos03 ~]# rm -rf /etc/yum.repos.d/CentOS-*
[root@centos03 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
3)
安装dns
[root@centos03 ~]# yum -y install bind bind-chroot bind-utils
4)
配置dns
[root@centos03 ~]# echo “” > /etc/named.conf
[root@centos03 ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
directory “/var/named/”;
};
zone “benet.com” IN {
type master;
file “benet.com.zone”;
};
[root@centos03 ~]# vim /var/named/benet.com.zone
$TTL 86400
@ SOA benet.com. root.benet.com (
2020031710
1H
15M
1W
1D
)
@ NS centos03.benet.com.
centos03 A 192.168.200.30
www A 192.168.200.30
[root@centos03 ~]# chmod +x /var/named/benet.com.zone
[root@centos03 ~]# chown named:named /var/named/benet.com.zone
[root@centos03 ~]# named-checkconf /etc/named.conf
[root@centos03 ~]# named-checkzone benet.com /var/named/benet.com.zone
zone benet.com/IN: loaded serial 2020031710
OK
5)
启动dns
[root@centos03 ~]# systemctl start named
[root@centos03 ~]# systemctl enable named
6)
开启路由转发
[root@centos03 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@centos03 ~]# sysctl -p
net.ipv4.ip_forward = 1
7)
客户端配置IP地址访问
关闭主节点f5刷新
[root@centos01 ~]# systemctl stop keepalived
1936
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
