Linux系统Keepalive Nginx做前置机配置

• 1、软件官网下载

https://www.keepalived.org/download.html
http://nginx.org/download/
选择软件版本如下
[root@ZE-NGXFR01 data]# ll
total 1960
-rw------- 1 sysadm sysadm 927631 Nov 15 10:34 keepalived-2.0.10.tar.gz
-rw------- 1 sysadm sysadm 1073322 Nov 15 11:01 nginx-1.22.0.tar.gz

• 2、服务器地址规划

IP地址信息
VIP:10.64.137.50
host1:10.64.137.51
host2:10.64.137.52
目录配置
/usr/local 本地系统管理员软件安装目录（安装系统级的应用）
/etc 存放系统管理和配置文件
操作系统版本
# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)

• 3、keepalived软件安装

[root@ZE-NGXFR01 data]# tar -zxf keepalived-2.0.10.tar.gz
[root@ZE-NGXFR01 data]# cd keepalived-2.0.10/
[root@ZE-NGXFR01 keepalived-2.0.10]# ./configure --prefix=/usr/local/keepalived --sysconf=/etc
● prefix：keepalived安装的位置
● sysconf：keepalived核心配置文件所在位置，固定位置，改成其他位置则keepalived启动不了，/var/log/messages中会报错

configure: error:
!!! OpenSSL is not properly installed on your system. !!!
!!! Can not include OpenSSL headers files. !!!
[root@ZE-NGXFR01 keepalived-2.0.10]# yum install -y openssl openssl-devel gcc gcc-c++ libnfnetlink-devel libnl libnl-devel

[root@ZE-NGXFR01 keepalived-2.0.10]# ./configure --prefix=/usr/local/keepalived --sysconf=/etc
[root@ZE-NGXFR01 keepalived-2.0.10]# make && make install

3.2 编辑两个节点的keepalived.conf配置文件
节点1（host1）:
[root@ZE-NGXFR01 keepalived-2.0.10]# vi /etc/keepalived/keepalived.conf

! Configuration File for keepalived
global_defs {
router_id LVS_MASTER #路由id：当前安装keepalived的节点主机标识符，保证全局唯一
}
vrrp_script check_nginx {
script "/etc/keepalived/check_nginx.sh"
interval 2 # 每隔两秒运行上一行脚本
weight 5 # 如果脚本运行成功，则升级权重+5 ; weight -5 # 如果脚本运行失败，则升级权重-5
}

vrrp_instance VI_1 {
state MASTER # 表示状态是MASTER主机还是备用机BACKUP
interface ens192 # 该实例绑定的网卡名称
virtual_router_id 50 # 保证主备节点一致即可
priority 100 # 权重，master权重一般高于backup，如果有多个，那就是选举，谁的权重高，谁就当选
advert_int 1 # 主备之间同步检查时间间隔，单位秒
authentication { # 认证权限密码，防止非法节点进入
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { # 虚拟出来的ip，可以有多个（vip）
10.64.137.50/24 dev ens192 label ens192:1
}
unicast_src_ip 10.64.137.51
unicast_peer {
10.64.137.52
}

track_script {
check_nginx # 追踪nginx脚本
}
}

节点2（host2）:
[root@ZE-NGXFR02 keepalived-2.0.10]# vi /etc/keepalived/keepalived.conf

! Configuration File for keepalived
global_defs {
# 路由id：当前安装keepalived的节点主机标识符，保证全局唯一
router_id LVS_BACKUP
}
vrrp_script check_nginx {
script "/etc/keepalived/check_nginx.sh"
interval 2 # 每隔两秒运行上一行脚本
weight 5 # 如果脚本运行成功，则升级权重+5 ; weight -5 # 如果脚本运行失败，则升级权重-5
}
vrrp_instance VI_1 {
state BACKUP # 表示状态是MASTER主机还是备用机BACKUP
interface ens192 # 该实例绑定的网卡名称
virtual_router_id 50 # 保证主备节点一致即可
priority 80 # 权重，master权重一般高于backup，如果有多个，那就是选举，谁的权重高，谁就当选
advert_int 1 # 主备之间同步检查时间间隔，单位秒
authentication { # 认证权限密码，防止非法节点进入
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { # 虚拟出来的ip，可以有多个（vip）
10.64.137.50/24 dev ens192 label ens192:1
}
unicast_src_ip 10.64.137.52
unicast_peer {
10.64.137.51
}

track_script {
check_nginx # 追踪nginx脚本
}
}

3.3 编辑Nginx检测脚本
vi /etc/keepalived/check_nginx.sh
#!/bin/bash
A=`ps -C nginx --no-header |wc -l`
# 判断nginx是否宕机，如果宕机了，尝试重启
if [ $A -eq 0 ];then
systemctl start nginx
# 等待一小会再次检查nginx，如果没有启动成功，则停止keepalived，使其启动备用机
sleep 3
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
systemctl stop keepalived
fi
fi
并增加脚本的执行权限
chmod +x /etc/keepalived/check_nginx.sh

[root@ZE-NGXFR01 keepalived]# systemctl start keepalived
[root@ZE-NGXFR01 keepalived]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2023-11-15 14:33:41 CST; 1s ago
Process: 52431 ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 52432 (keepalived)
CGroup: /system.slice/keepalived.service
├─52432 /usr/local/keepalived/sbin/keepalived -D
└─52433 /usr/local/keepalived/sbin/keepalived -D

Nov 15 14:33:41 ZE-NGXFR01 systemd[1]: Started LVS and VRRP High Availability Monitor.
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: Registering Kernel netlink reflector
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: Registering Kernel netlink command channel
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: Opening file '/etc/keepalived/keepalived.conf'.
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: Assigned address 10.64.137.51 for interface ens192
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: Assigned address fe80::a14f:df56:7a0f:347f for interface ens192
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: Registering gratuitous ARP shared channel
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: (VI_1) removing VIPs.
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: (VI_1) Entering BACKUP STATE (init)
Nov 15 14:33:41 ZE-NGXFR01 Keepalived_vrrp[52433]: VRRP sockpool: [ifindex(2), family(IPv4), proto(112), unicast(0), fd(10,11)]
[root@ZE-NGXFR01 keepalived]#
[root@ZE-NGXFR01 keepalived]# hostname -I
10.64.137.51 10.64.137.50

4、Nginx软件安装
[root@ZE-NGXFR01 data]# tar -zxvf nginx-1.22.0.tar.gz
[root@ZE-NGXFR01 data]# cd nginx-1.22.0/
#安装编译工具和库文件
[root@ZE-NGXFR01 data]# yum -y install make zlib zlib-devel gcc-c++ libtool openssl openssl-devel
[root@ZE-NGXFR01 data]# yum install -y pcre pcre-devel
#配置ssl模块、配置gzip的gzip_static配置，需要安装–with-http_gzip_static_module模块
[root@ZE-NGXFR01 data]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module
[root@ZE-NGXFR01 data]# make && make install

[root@ZE-NGXFR01 nginx-1.22.0]# /usr/local/nginx/sbin/nginx -v
nginx version: nginx/1.22.0

3.1把nginx配置为系统服务
创建 /usr/lib/systemd/system/nginx.service文件

 1 [Unit]
 2 Description=nginx
 3 After=network.target
 4 [Service]
 5 Type=forking
 6 ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
 7 ExecReload=/usr/local/nginx/sbin/nginx -s reload
 8 ExecStop=/usr/local/nginx/sbin/nginx -s quit
 9 PrivateTmp=true
10 [Install]
11 WantedBy=multi-user.target

授权：chmod 755 /usr/lib/systemd/system/nginx.service
重新加载：systemctl daemon-reload

启动Nginx服务
systemctl start nginx
systemctl status nginx

3.2 Nginx配置多端口转发代理
# cat /usr/local/nginx/conf/nginx.conf|grep -Ev "(#|^$)"

worker_processes 1;
error_log logs/error.log;

pid logs/nginx.pid;

events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
access_log logs/access.log;

sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
#数据平台
server {
listen 4000;
location / {
proxy_pass http://10.64.149.115:4000;
}
}
#公众号
server {
listen 30002;
location / {
proxy_pass http://10.64.147.211:30002;
}
}
server {
listen 32711;
location / {
proxy_pass http://10.64.147.211:32711;
}
}
}