1.安装
上传jar包
依赖库文件
yum install pcre
yum install pcre-devel
yum install zlib
yum install zlib-devel
解压
tar -zxvf nginx-1.6.2.tar.gz -C /usr/local
config配置
cd nginx-1.6.2/&& ./configure --prefix=/usr/local/nginx
编译
make&&make install
启动
/usr/local/nginx/sbin/nginx
===============
[root@localhost local]# ps -ef | grep nginx
root 8745 1 0 09:48 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
nobody 8746 8745 0 09:48 ? 00:00:00 nginx: worker process
root 8748 6388 0 09:49 pts/0 00:00:00 grep --color=auto nginx
[root@localhost local]#
关闭防火墙
systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall开机启动
firewall-cmd --state #查看默认防火墙状态(关闭后显示notrunning,开启后显示running)
[root@localhost local]# firewall-cmd --state
running
[root@localhost local]# systemctl stop firewalld.service
[root@localhost local]# firewall-cmd --state
not running
[root@localhost local]#
浏览器输入地址进行访问
=============================配置完成============================
域名与日志介绍;
shell备份日志demo;
访问路径的过滤;
反向代理与分流;
配置说明:
#user nobody;#开启进程数 <=CPU数
worker_processes 1;#错误日志保存位置
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;#进程号保存文件
#pid logs/nginx.pid;#每个进程最大连接数(最大连接=连接数x进程数)每个worker允许同时产生多少个链接,默认1024
events {
worker_connections 1024;
}
http {
#文件扩展名与文件类型映射表
include mime.types;
#默认文件类型
default_type application/octet-stream;#日志文件输出格式 这个位置相于全局设置
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';#请求日志保存位置
#access_log logs/access.log main;
#打开发送文件
sendfile on;
#tcp_nopush on;#keepalive_timeout 0;
#连接超时时间
keepalive_timeout 65;#打开gzip压缩
#gzip on;
#设定请求缓冲
#client_header_buffer_size 1k;
#large_client_header_buffers 4 4k;
#设定负载均衡的服务器列表
#upstream myproject {
#weigth参数表示权值,权值越高被分配到的几率越大
#max_fails 当有#max_fails个请求失败,就表示后端的服务器不可用,默认为1,将其设置为0可以关闭检查
#fail_timeout 在以后的#fail_timeout时间内nginx不会再把请求发往已检查出标记为不可用的服务器
#}
#webapp
#upstream myapp {
# server 192.168.1.171:8080 weight=1 max_fails=2 fail_timeout=30s;
# server 192.168.1.172:8080 weight=1 max_fails=2 fail_timeout=30s;
#}#配置虚拟主机,基于域名、ip和端口
server {
#监听端口
listen 80;
#监听域名
server_name localhost;#charset koi8-r;
#nginx访问日志放在logs/host.access.log下,并且使用main格式(还可以自定义格式)
#access_log logs/host.access.log main;#返回的相应文件地址
location / {
#设置客户端真实ip地址
#proxy_set_header X-real-ip $remote_addr;
#负载均衡反向代理
#proxy_pass http://myapp;
#返回根路径地址(相对路径:相对于/usr/local/nginx/)
root html;
#默认访问文件
index index.html index.htm;
}#配置反向代理tomcat服务器:拦截.jsp结尾的请求转向到tomcat
#location ~ \.jsp$ {
# proxy_pass http://192.168.1.171:8080;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#错误页面及其返回地址
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
#虚拟主机配置:
server {
listen 1234;
server_name bhz.com;
location / {
#正则表达式匹配uri方式:在/usr/local/nginx/bhz.com下 建立一个test123.html 然后使用正则匹配
#location ~ test {
## 重写语法:if return (条件 = ~ ~*)
#if ($remote_addr = 192.168.1.200) {
# return 401;
#}
#if ($http_user_agent ~* firefox) {
# rewrite ^.*$ /firefox.html;
# break;
#}
root bhz.com;
index index.html;
}
#location /goods {
# rewrite "goods-(\d{1,5})\.html" /goods-ctrl.html;
# root bhz.com;
# index index.html;
#}
#配置访问日志
access_log logs/bhz.com.access.log main;
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;# location / {
# root html;
# index index.html index.htm;
# }
#}}
列子:
worker_processes 1;events {
worker_connections 1024;
use epoll;
}http {
include mime.types;
default_type application/octet-stream;
fastcgi_intercept_errors on;
charset utf-8;
server_names_hash_bucket_size 128;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
client_max_body_size 300m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
client_body_buffer_size 512k;
proxy_connect_timeout 5;
proxy_read_timeout 60;
proxy_send_timeout 5;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
#webapp
upstream web_app {
server 192.168.1.172:8080 weight=1 max_fails=2 fail_timeout=30s;
server 192.168.1.173:8080 weight=1 max_fails=2 fail_timeout=30s;
}
server {
listen 80;
server_name localhost:80;location {
proxy_set_header X-real-ip $remote_addr;
proxy_pass http://web_app;
}error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
keepalived+nginx 实现高可用
解压
tar -zxvf keepalived-1.2.18.tar.gz -C /usr/local
依赖包
yum install -y openssl openssl-devel
配置
[root@localhost local]# cd keepalived-1.2.18/
[root@localhost keepalived-1.2.18]# ./configure --prefix=/usr/local/keepalived[root@localhost keepalived-1.2.18]# make && make install
第二步:
将keepalived安装成Linux系统服务,因为没有使用keepalived的默认安装路径(默认路径:/usr/local),安装完成之后,需要做一些修改工作:
首先创建文件夹,将keepalived配置文件进行复制:
mkdir /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
然后复制keepalived脚本文件:
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/sbin/keepalived /usr/sbin/
ln -s /usr/local/keepalived/sbin/keepalived /sbin/ 如果存在,先删除
============================================================
[root@localhost sbin]# rm -rf keepalived
[root@localhost sbin]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/
[root@localhost sbin]# cd /usr/local/
[root@localhost local]# service keepalived start
Starting keepalived (via systemctl): [ OK ]
[root@localhost local]# service keepalived stop
Stopping keepalived (via systemctl): [ OK ]
[root@localhost local]#=============================================================
可以设置开机启动:chkconfig keepalived on,到此我们安装完毕!
第三步:对配置文件进行修改:vim /etc/keepalived/keepalived.conf
keepalived.conf配置文件说明:
(一)Master
! Configuration File for keepalived
global_defs {
router_id bhz005 ##标识节点的字符串,通常为hostname
}
## keepalived 会定时执行脚本并且对脚本的执行结果进行分析,动态调整vrrp_instance的优先级。这里的权重weight 是与下面的优先级priority有关,如果执行了一次检查脚本成功,则权重会-20,也就是由100 - 20 变成了80,Master 的优先级为80 就低于了Backup的优先级90,那么会进行自动的主备切换。
如果脚本执行结果为0并且weight配置的值大于0,则优先级会相应增加。
如果脚本执行结果不为0 并且weight配置的值小于0,则优先级会相应减少。
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh" ##执行脚本位置
interval 2 ##检测时间间隔
weight -20 ## 如果条件成立则权重减20(-20)
}
## 定义虚拟路由 VI_1为自定义标识。
vrrp_instance VI_1 {
state MASTER ## 主节点为MASTER,备份节点为BACKUP
## 绑定虚拟IP的网络接口(网卡),与本机IP地址所在的网络接口相同(我这里是eth6)
interface eth6
virtual_router_id 172 ## 虚拟路由ID号
mcast_src_ip 192.168.1.172 ## 本机ip地址
priority 100 ##优先级配置(0-254的值)
Nopreempt ##
advert_int 1 ## 组播信息发送间隔,俩个节点必须配置一致,默认1s
authentication {
auth_type PASS
auth_pass bhz ## 真实生产环境下对密码进行匹配
}
track_script {
chk_nginx
}
virtual_ipaddress {
192.168.1.170 ## 虚拟ip(vip),可以指定多个
}
}
(二)Backup
! Configuration File for keepalived
global_defs {
router_id bhz006
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface eth7
virtual_router_id 173
mcast_src_ip 192.168.1.173
priority 90 ##优先级配置
advert_int 1
authentication {
auth_type PASS
auth_pass bhz
}
track_script {
chk_nginx
}
virtual_ipaddress {
192.168.1.170
}
}
(三)nginx_check.sh 脚本:
#!/bin/bash
A=`ps -C nginx –no-header |wc -l`
if [ $A -eq 0 ];then
/usr/local/nginx/sbin/nginx
sleep 2
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived
fi
fi
- 我们需要把master的keepalived配置文件 copy到master机器(172)的 /etc/keepalived/ 文件夹下,在把backup的keepalived配置文件copy到backup机器(173)的 /etc/keepalived/ 文件夹下,最后把nginx_check.sh脚本分别copy到两台机器的 /etc/keepalived/文件夹下。
- nginx_check.sh脚本授权。赋予可执行权限:chmod +x /etc/keepalived/nginx_check.sh
- 启动2台机器的nginx之后。我们启动两台机器的keepalived
/usr/local/nginx/sbin/nginx
service keepalived start
ps -ef | grep nginx
ps -ef | grep keepalived
可以进行测试,首先看一下俩台机器的ip a 命令下 都会出现一个虚拟ip,我们可以停掉 一个机器的keepalived,然后测试,命令:service keepalived stop。结果发现当前停掉的机器已经不可用,keepalived会自动切换到另一台机器上。
- 我们可以测试在nginx出现问题的情况下,实现切换,这个时候我们只需要把nginx的配置文件进行修改,让其变得不可用,然后强杀掉nginx进程即可,发现也会实现自动切换服务器节点。
[root@localhost keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:22:aa:c5 brd ff:ff:ff:ff:ff:ff
inet 10.10.1.136/24 brd 10.10.1.255 scope global noprefixroute dynamic ens33
valid_lft 29439sec preferred_lft 29439sec
inet6 fe80::b833:a513:9f04:a672/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::94d1:fb82:dee3:d69e/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost keepalived]#
新建
[root@localhost keepalived]# touch nginx_check.sh
[root@localhost keepalived]# chmod 777 nginx_check.sh
杀点占用80的端口
yum install psmisc
sudo fuser -k 80/tcp
启动
/usr/local/nginx/sbin/nginx
service keepalived start
提示:失败可能和动态ip有关