nginx+keepalived配置
阿新 • • 發佈:2021-08-11
nginx+keepalived配置
轉載ly368432015-06-01 18:02:04©著作權
文章標籤nginx+keepalived配置文章分類linux閱讀數1798
一、環境
系統:CentOS 6.4x64位最小化安裝
nginx-m:192.168.3.23
nginx-s:192.168.3.24
vip: 192.168.3.29
二、安裝nginx
在nginx-m和nginx-s安裝nginx,這裡使用指令碼安裝,指令碼內容如下
#!/bin/bash
cur_dir=$(pwd)
NGINXVERSION='nginx-1.6.0'
export LANG=zh_CN.UTF-8
#Source function library.
. /etc/init.d/functions
create_nginx_conf(){
cat >>/usr/local/nginx/conf/nginx.conf<<EOF
user www www;
worker_processes auto;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
multi_accept on;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
#limit_conn_zone \$binary_remote_addr zone=perip:10m;
##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.
server_tokens off;
#log format
log_format access '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" \$http_x_forwarded_for';
server
{
listen 80 default;
#listen [::]:80 default ipv6only=on;
server_name www.myweb.com;
index index.html index.htm index.php;
root /var/www/default;
#error_page 404 /404.html;
location ~ [^/]\.php(/|$)
{
# comment try_files \$uri =404; to enable pathinfo
try_files \$uri =404;
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
#include pathinfo.conf;
}
location /nginx_status {
stub_status on;
access_log off;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)\$
{
expires 30d;
}
location ~ .*\.(js|css)?\$
{
expires 12h;
}
access_log /var/www/wwwlogs/access.log access;
}
include vhost/*.conf;
}
EOF
}
create_nginx_init(){
cat >>/etc/init.d/nginx<<EOF
#! /bin/sh
# chkconfig: 2345 55 25
# Description: Startup script for nginx webserver on Debian. Place in /etc/init.d and
# run 'update-rc.d -f nginx defaults', or use the appropriate command on your
# distro. For CentOS/Redhat run: 'chkconfig --add nginx'
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=nginx
NGINX_BIN=/usr/local/nginx/sbin/\$NAME
CONFIGFILE=/usr/local/nginx/conf/\$NAME.conf
PIDFILE=/usr/local/nginx/logs/\$NAME.pid
SCRIPTNAME=/etc/init.d/\$NAME
case "\$1" in
start)
echo -n "Starting \$NAME... "
if netstat -tnpl | grep -q nginx;then
echo "\$NAME (pid \`pidof \$NAME\`) already running."
exit 1
fi
\$NGINX_BIN -c \$CONFIGFILE
if [ "\$?" != 0 ] ; then
echo " failed"
exit 1
else
echo " done"
fi
;;
stop)
echo -n "Stoping \$NAME... "
if ! netstat -tnpl | grep -q nginx; then
echo "\$NAME is not running."
exit 1
fi
\$NGINX_BIN -s stop
if [ "\$?" != 0 ] ; then
echo " failed. Use force-quit"
exit 1
else
echo " done"
fi
;;
status)
if netstat -tnpl | grep -q nginx; then
PID=\`pidof nginx\`
echo "\$NAME (pid \$PID) is running..."
else
echo "\$NAME is stopped"
exit 0
fi
;;
force-quit)
echo -n "Terminating \$NAME... "
if ! netstat -tnpl | grep -q nginx; then
echo "\$NAME is not running."
exit 1
fi
kill \`pidof \$NAME\`
if [ "\$?" != 0 ] ; then
echo " failed"
exit 1
else
echo " done"
fi
;;
restart)
\$SCRIPTNAME stop
sleep 1
\$SCRIPTNAME start
;;
reload)
echo -n "Reload service \$NAME... "
if netstat -tnpl | grep -q nginx; then
\$NGINX_BIN -s reload
echo " done"
else
echo "\$NAME is not running, can't reload."
exit 1
fi
;;
configtest)
echo -n "Test \$NAME configure files... "
\$NGINX_BIN -t
;;
*)
echo "Usage: \$SCRIPTNAME {start|stop|force-quit|restart|reload|status|configtest}"
exit 1
;;
esac
EOF
}
#install_nginx
install_nginx(){
cd $cur_dir
yum install make gcc gcc-c++ openssl-devel -y
#add user www for nginx
id www &>/dev/null
if [ $? -ne 0 ];then
groupadd www
useradd -s /sbin/nologin -g www www
fi
wget http://sourceforge.net/projects/pcre/files/pcre/8.30/pcre-8.30.tar.gz/download
if [ $? -ne 0 ];then
echo "download pcre package is fail"
exit $?
fi
tar xf pcre-8.30.tar.gz
cd pcre-8.30
./configure
make && make install
if [ $? -eq 0 ];then
echo "install pcre is successful!!!"
else
echo "install pcre is fail!!!"
exit $?
fi
echo "/usr/local/lib/" >>/etc/ld.so.conf
ldconfig
#download nginx package
cd $cur_dir
wget http://mirrors.sohu.com/nginx/$NGINXVERSION.tar.gz
if [ $? -ne 0 ];then
echo "download nginx is fail!!!"
exit $?
fi
tar xf $NGINXVERSION.tar.gz
cd $NGINXVERSION
./configure --user=www --group=www --prefix=/usr/local/$NGINXVERSION --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6
make && make install
if [ $? -ne 0 ];then
echo "install nginx fail!!!"
exit $?
fi
#links
ln -s /usr/local/$NGINXVERSION /usr/local/nginx
ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx
mv /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak
#create file nginx.conf
create_nginx_conf
mkdir -p /var/www/default
chmod +w /var/www/default
mkdir -p /var/www/wwwlogs
chmod 777 /var/www/wwwlogs
chown -R www:www /var/www/default
cp /usr/local/nginx/html/index.html /var/www/default/index.html
#create start scripts for nginx
create_nginx_init
chmod +x /etc/init.d/nginx
chkconfig --add nginx
chkconfig nginx on
/etc/init.d/nginx start
if [ $? -eq 0 ];then
action "start nginx" /bin/true
echo "+---------------------------------+"
echo "+------nginx install done--------+"
echo "+---------------------------------+"
fi
}
install_nginx - 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
- 50.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56.
- 57.
- 58.
- 59.
- 60.
- 61.
- 62.
- 63.
- 64.
- 65.
- 66.
- 67.
- 68.
- 69.
- 70.
- 71.
- 72.
- 73.
- 74.
- 75.
- 76.
- 77.
- 78.
- 79.
- 80.
- 81.
- 82.
- 83.
- 84.
- 85.
- 86.
- 87.
- 88.
- 89.
- 90.
- 91.
- 92.
- 93.
- 94.
- 95.
- 96.
- 97.
- 98.
- 99.
- 100.
- 101.
- 102.
- 103.
- 104.
- 105.
- 106.
- 107.
- 108.
- 109.
- 110.
- 111.
- 112.
- 113.
- 114.
- 115.
- 116.
- 117.
- 118.
- 119.
- 120.
- 121.
- 122.
- 123.
- 124.
- 125.
- 126.
- 127.
- 128.
- 129.
- 130.
- 131.
- 132.
- 133.
- 134.
- 135.
- 136.
- 137.
- 138.
- 139.
- 140.
- 141.
- 142.
- 143.
- 144.
- 145.
- 146.
- 147.
- 148.
- 149.
- 150.
- 151.
- 152.
- 153.
- 154.
- 155.
- 156.
- 157.
- 158.
- 159.
- 160.
- 161.
- 162.
- 163.
- 164.
- 165.
- 166.
- 167.
- 168.
- 169.
- 170.
- 171.
- 172.
- 173.
- 174.
- 175.
- 176.
- 177.
- 178.
- 179.
- 180.
- 181.
- 182.
- 183.
- 184.
- 185.
- 186.
- 187.
- 188.
- 189.
- 190.
- 191.
- 192.
- 193.
- 194.
- 195.
- 196.
- 197.
- 198.
- 199.
- 200.
- 201.
- 202.
- 203.
- 204.
- 205.
- 206.
- 207.
- 208.
- 209.
- 210.
- 211.
- 212.
- 213.
- 214.
- 215.
- 216.
- 217.
- 218.
- 219.
- 220.
- 221.
- 222.
- 223.
- 224.
- 225.
- 226.
- 227.
- 228.
- 229.
- 230.
- 231.
- 232.
- 233.
- 234.
- 235.
- 236.
- 237.
- 238.
- 239.
- 240.
- 241.
- 242.
- 243.
- 244.
- 245.
- 246.
- 247.
- 248.
- 249.
- 250.
- 251.
- 252.
- 253.
- 254.
- 255.
- 256.
- 257.
- 258.
- 259.
- 260.
- 261.
- 262.
- 263.
- 264.
- 265.
- 266.
- 267.
- 268.
- 269.
- 270.
- 271.
- 272.
- 273.
- 274.
- 275.
- 276.
- 277.
- 278.
- 279.
- 280.
- 281.
- 282.
- 283.
- 284.
- 285.
- 286.
- 287.
- 288.
- 289.
- 290.
- 291.
- 292.
- 293.
- 294.
- 295.
- 296.
- 297.
- 298.
在iptables中對80埠進行放行
[root@nginx-m ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT
[root@nginx-m ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@nginx-m ~]# echo "nginx-m 23" >/var/www/default/index.html
[root@nginx-m ~]# curl http://192.168.3.23
nginx-m 23- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
nginx-s的配置相同,只有主頁內容不一樣
[root@nginx-s ~]# echo "nginx-s 24" >/var/www/default/index.html
[root@nginx-s ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT
[root@nginx-s ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@nginx-s ~]# curl http://192.168.3.24
nginx-s 24- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
三、安裝keepalived
2臺的安裝都一樣,只有配置檔案不一樣,只裡只給出nginx-m的安裝過程
[root@nginx-m ~]# yum install openssl openssl-devel -y
[root@nginx-m ~]# wget http://www.keepalived.org/software/keepalived-1.2.13.tar.gz
[root@nginx-m ~]# tar xf keepalived-1.2.13.tar.gz
[root@nginx-m ~]# cd keepalived-1.2.13
[root@nginx-m keepalived-1.2.13]# ./configure
[root@nginx-m keepalived-1.2.13]# make && make install
#將keepalived配置成開機啟動
[root@nginx-m keepalived-1.2.13]# cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/
[root@nginx-m keepalived-1.2.13]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@nginx-m keepalived-1.2.13]# mkdir /etc/keepalived
[root@nginx-m keepalived-1.2.13]# ln -s /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
[root@nginx-m keepalived-1.2.13]# ln -s /usr/local/sbin/keepalived /usr/sbin/
#備份keepalived.conf檔案
[root@nginx-m keepalived-1.2.13]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
#keepalived配置檔案內容如下
! Configuration File for keepalived
global_defs {
notification_email {
[email protected] #配置管理員郵箱
}
notification_email_from root #配置發件人
smtp_server 127.0.0.1 #配置郵件伺服器
smtp_connect_timeout 30
router_id nginx-m
}
vrrp_script check_nginx {
script "/etc/keepalived/check_nginx.sh" #定義nginx狀態檢查指令碼
intervar 4
weight -5
fail 2
rise 1
}
vrrp_instance VI_1 {
state MASTER #配置模式
interface eth0
virtual_router_id 99
priority 101 #配置優先順序
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.3.29 #配置虛擬IP地址
}
notify_master /etc/keepalived/notify_master.sh #這裡指定的是切換成master狀態時要執行的通知指令碼
notify_backup /etc/keepalived/notify_backup.sh #這裡指定的是切換成backup狀態時要執行的通知指令碼
notify_fault /etc/keepalived/notify_fault.sh #這裡指定的是切換成fault狀態時要執行的通知指令碼
track_script {
check_nginx
}
}
#建立nginx狀態檢查指令碼
[root@nginx-m keepalived-1.2.13]# cat /etc/keepalived/check_nginx.sh
#!/bin/bash
A=`ps -C nginx --no-header |wc -l`
if [ $A -eq 0 ];then
/usr/local/nginx/sbin/nginx
sleep 3
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived
fi
fi
[root@nginx-m keepalived-1.2.13]# chmod +x /etc/keepalived/check_nginx.sh
#notify_master.sh指令碼內容,當伺服器改變為主時執行此指令碼
[root@nginx-m keepalived-1.2.13]# cat /etc/keepalived/notify_master.sh
#!/bin/bash
Date=$(date +%F" "%T)
IP=$(ifconfig eth0 |grep "inet addr" |cut -d":" -f2 |awk '{print $1}')
Mail="[email protected]" #這裡的郵箱地址根據自己的需要更改
echo "$Date `hostname`:$IP change to Master." |mail -s "Master-Backup Change Status" $Mail
[root@nginx-m keepalived-1.2.13]# chmod +x /etc/keepalived/notify_master.sh
#notify_backup.sh指令碼內容,當伺服器改變為備時執行此指令碼
[root@nginx-m keepalived-1.2.13]# cat /etc/keepalived/notify_backup.sh
#!/bin/bash
Date=$(date +%F" "%T)
IP=$(ifconfig eth0 |grep "inet addr" |cut -d":" -f2 |awk '{print $1}')
Mail="[email protected]"
echo "$Date `hostname`:$IP change to Backup." |mail -s "Master-Backup Change Status" $Mail
[root@nginx-m keepalived-1.2.13]# chmod +x /etc/keepalived/notify_backup.sh
#notify_fault.sh指令碼內容,當伺服器改變為故障時執行此指令碼
[root@nginx-m keepalived-1.2.13]# cat /etc/keepalived/notify_fault.sh
#!/bin/bash
Date=$(date +%F" "%T)
IP=$(ifconfig eth0 |grep "inet addr" |cut -d":" -f2 |awk '{print $1}')
Mail="[email protected]"
echo "$Date `hostname`:$IP change to Fault." |mail -s