A.安装nginx
1) 安装nginx所需的库:
yum install -y gcc gcc-c++ zlib zlib-devel pcre pcre-devel openssl openssl-devel
解析:
gcc: gcc编译器
gcc-c++: c++编译器用于编译nginx的http模块
zlib, zlib-devel: 用于对http包的内容作gzip压缩
pcre, pcre-devel: pcre库, nginx中rewrite模块需要的
openssl, openssl-devel:用于支持在SSL协议上传输HTTP
2) 下载安装:
cd /data/source #统一搁置压缩包
wget http://nginx.org/download/nginx-1.16.1.tar.gz #获取nginx源码
tar -zxvf nginx-1.16.1.tar.gz #解压
cd nginx-1.16.1 #进入源码目录
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre --with-stream
使用./configure –help 可以查看有哪些编译选项, nginx的模块必须要在编译的时候加入, 无法动态的加入。
以上执行完如果显示这样, 便是成功的,再执行下面的命令即可完成安装:
make && make install #编译并安装。
至此nginx便安装完成.
注:以上两台需都需要安装。
无报错则启动服务
3) 启动nginx:(确保Linux中没有其他程序占用80端口)
cd /usr/local/nginx #进入安装目录
/usr/local/nginx/sbin/nginx #启动nginx
ps -ef|grep nginx
nginx: master process 确认进程所属的<PID>号
kill -QUIT <PID> #关闭nginx
4) 配置自动启动
创建文件nginx
vi /etc/init.d/nginx
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: NGINX is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /etc/sysconfig/nginx
pidfile: /usr/local/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`$nginx -V 2>&1 | grep "configure arguments:.*--user=" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
if [ -n "$user" ]; then
if [ -z "`grep $user /etc/passwd`" ]; then
useradd -M -s /bin/nologin $user
fi
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
fi
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $prog -HUP
retval=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
创建pid目录
mkdir -p /usr/local/nginx/logs
修改可执行权限
chmod a+x /etc/init.d/nginx
至此就可以通过下面指令控制启动停止nginx啦
/etc/init.d/nginx start
/etc/init.d/nginx stop
将nginx服务加入chkconfig管理列表
chkconfig –add /etc/init.d/nginx
加完这个之后,就可以使用service对nginx进行启动,重启等操作了。
service nginx start
service nginx stop
service nginx restart
设置开机自动启动
chkconfig nginx on
B. 安装keepalived
1) 下载安装:
参考:http://www.keepalived.org/pdf/UserGuide.pdf
进入放置压缩包目录,
cd /data/source
wget http://www.keepalived.org/software/keepalived-1.2.22.tar.gz 开始下载
tar -zxvf keepalived-1.2.22.tar.gz
cd keepalived-1.2.22
./configure --prefix=/usr/local/keepalived
make && make install
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
mkdir -p /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
service keepalived start #启动服务
以上为安装完成
注:两台均需要安装。
2) 开机启动:
使用/etc/init.d方法:
chkconfig --add keepalived
chkconfig keepalived on
C.keepalived配置
主节点keepalived配置
vi /etc/keepalived/keepalived.conf
global_defs {
router_id 10.10.188.80
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface eth0 --ens32是网卡名称,根据现场实际情况
virtual_router_id 51
priority 100
advert_int 1
nopreempt
unicast_src_ip 10.10.188.80 --172.20.178.133是第一台nginx IP,根据现场实际情况
unicast_peer {
10.10.188.82 --172.20.178.134是第二台nginx IP,根据现场实际情况
}
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx
}
virtual_ipaddress {
10.10.188.91 --172.20.178.200是虚拟IP,根据现场实际情况
}
}
监控服务脚本
vi /etc/keepalived/nginx_check.sh
#!/bin/bash
A=`ps -C nginx --no-header |wc -l`
if [ $A -eq 0 ];then
/usr/local/nginx/sbin/nginx
sleep 2
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived
fi
fi
从节点keepalived配置
vi /etc/keepalived/keepalived.conf
global_defs {
router_id 10.10.188.82
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface eth0 --ens32是网卡名称,根据现场实际情况修改
virtual_router_id 51
priority 100
advert_int 1
nopreempt
unicast_src_ip 10.10.188.82 --172.20.178.134是第二台nginx IP,根据现场实际情况修改
unicast_peer {
10.10.188.80 --172.20.178.133是第一台nginx IP,根据现场实际情况修改
}
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx
}
virtual_ipaddress {
10.10.188.91 --172.20.178.200是虚拟IP,根据现场实际情况修改
}
}
监控服务脚本
vi /etc/keepalived/nginx_check.sh
#!/bin/bash
A=`ps -C nginx --no-header |wc -l`
if [ $A -eq 0 ];then
/usr/local/nginx/sbin/nginx
sleep 2
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived
fi
fi
D.Nginx配置
Nginx转发配置
Nginx上进行转发配置,转到服务器主机
打开nginx.conf,进行修改
vi /usr/local/nginx/conf/nginx.conf
user root;
worker_processes 4;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid /usr/local/nginx/logs/nginx.pid;
events {
worker_connections 61024;
}
stream {
upstream eas-loadbalance{
server 10.10.188.80:1103; --172.20.178.135是第一台服务器IP,根据现场实际修改
server 10.10.188.82:1103; --172.20.178.136是第二台服务器IP,根据现场实际修改
}
server {
listen 11033;
proxy_pass eas-loadbalance;
}
}
http {
include mime.types;
default_type application/octet-stream;
client_max_body_size 100m;
sendfile on;
gzip on;
gzip_buffers 48k;
gzip_comp_level 2;
gzip_min_length 1000;
gzip_types text/plain text/json text/css application/x-httpd-php application/json application/x-javascript application/javascript tex
t/xml application/xml application/xml+rss text/javascript image/png image/jpg image/jpeg image/gif image/bmp;
#keepalive_timeout 0;
keepalive_timeout 65;
upstream eas-nap {
server 10.10.188.80:8080; --172.20.178.135是第一台服务器 IP,根据现场实际修改
server 10.10.188.82:8080 ; --172.20.178.136是第二台服务器 IP,根据现场实际修改
}
server {
listen 8080;
server_name localhost;
location / {
proxy_pass http://eas-nap;
proxy_connect_timeout 500s;
proxy_read_timeout 500s;
proxy_send_timeout 500s;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location = /50x.html {
root html;
}
}
}
修改完后确认配置文件nginx.conf的正确性命令:
/usr/local/nginx/sbin/nginx -t
停止
/usr/local/nginx/sbin/nginx -s stop 或kill -QUIT <PID>
启动
/usr/local/nginx/sbin/nginx
防火墙配置
服务器开启防火墙后,高可用环境需要开放两台EAS服务器端口。
端口信息如下:
(1)群集端口(例如1103)
(2)网络代理端口(例如为6777)
(3)各实例HTTP端口和RPC端口
firewall-cmd --zone=public --add-port=1103/tcp --permanent
firewall-cmd --zone=public --add-port=6777/tcp --permanent
firewall-cmd –reload
systemctl restart firewalld