keepaliced+nginx安装配置
更新时间:2023-12-23 09:07:01 阅读量: 教育文库 文档下载
1 Keepalived安装
1.1安装版本
keepalived-1.2.2.tar.gz
1.2安装步骤
# tar zxvf keepalived-1.2.7.tar.gz # cd keepalived-1.2.7
# ./configure --prefix=/data/keepalived # make
# make install
# cp /data/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/ # cp /data/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ # mkdir /etc/keepalived
# cp /data/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ # cp /data/keepalived/sbin/keepalived /usr/sbin/
# chkconfig --add keepalived # chmod 755 /etc/init.d/keepalived # chkconfig keepalived on
做成系统启动服务方便管理. # vi /etc/rc.local
/etc/init.d/keepalived start
1.3配置
1.3.1主服务器配置
# vi /etc/keepalived/keepalived.conf 加入以下内容
! Configuration File for keepalived #邮件通知,可以不加 global_defs {
notification_email {
acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc }
notification_email_from Alexandre@firewall.loc #发件地址 smtp_server 192.168.200.1 #smtp服务器 smtp_connect_timeout 30 #连接smtp超时时间 router_id LVS_DEVEL }
vrrp_instance VI_1 {
state MASTER
# 设置为 主服务器 # 监控网卡
# 保持主备服务器一致
# 优先级 (主服务器应比备份服务器高) # 心跳广播时间间隔(秒)
#收件地址
interface eth0 virtual_router_id 51 priority 100 advert_int 1
authentication {
auth_type PASS # 加密 auth_pass 1111 }
virtual_ipaddress {
# 加密的密码,两台服务器一定要一样
10.10.0.240 } }
1.3.2备服务器配置
# vi /etc/keepalived/keepalived.conf
加入以下内容
! Configuration File for keepalived global_defs {
notification_email {
acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc }
notification_email_from Alexandre@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL }
vrrp_instance VI_1 {
state BACKUP interface eth0 virtual_router_id 51 priority 90 advert_int 1
# 保持主备服务器一致
# 优先级 (主服务器应比备份服务器高) # 心跳广播时间间隔(秒)
authentication {
auth_type PASS auth_pass 1111 }
virtual_ipaddress {
10.10.0.240 } }
1.4 修改防火墙
keepalived使用vrrp协议, vrrp协议使用224.0.0.18地址组播,修改防火墙负责主备服务器不能及时互换
# vi /etc/sysconfig/iptables 加入
-I RH-Firewall-1-INPUT -d 224.0.0.18 -j ACCEPT
重启防火墙
# /etc/rc.d/init.d/iptables restart
1.5测试
# service keepalived start # ip a
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0:
link/ether 00:10:5c:c8:1c:f2 brd ff:ff:ff:ff:ff:ff inet 10.10.0.230/24 brd 10.10.255.255 scope global eth0 inet 10.10.0.240/32 scope global eth0 inet6 fe80::210:5cff:fec8:1cf2/64 scope link
valid_lft forever preferred_lft forever 3: sit0:
可以看到,10.10.0.240 虚拟IP 已经挂接在网卡eth0 上。 检查虚拟ip状态
# curl http://10.10.0.240 it works! 10.10.0.41
2 Nginx安装
2.1安装版本
nginx-1.0.2.tar.gz prce-8.12.tar.gz
2.2、安装步骤
2.2.1编译安装rewrite模块支持包
# tar zxvf pcre-8.12.tar.gz # cd pcre-8.12/ # ./configure # make # make install
2.2.2编译安装Nginx
# tar zxvf nginx-1.0.2.tar.gz # cd nginx-1.0.2/
# patch –p0 < ../nginx_upstream_jvm_route/jvm_route.patch
# ./configure --prefix=/data/nginx --with-http_stub_status_module
--add-module=../nginx_upstream_jvm_route # make # make install
2.3配置
#vi /data/nginx/conf/nginx.conf (插入以下内容) user nobody nobody; worker_processes 8;
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
worker_rlimit_nofile 102400;
#error_log logs/error.log notice; pid logs/nginx.pid; events {
use epoll;
worker_connections 102400; } http {
include mime.types;
default_type application/octet-stream;
client_header_buffer_size 1k; large_client_header_buffers 4 4k;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k; output_buffers 1 32k; postpone_output 1460;
client_header_timeout 3m; client_body_timeout 3m; send_timeout 3m; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65;
upstream tsaweb {
server 10.10.10.230:81 weight=8; server 10.10.10.230:82 weight=8; server 10.10.10.232:80 weight=10;
server 10.10.10.232:81 weight=10;
server 10.10.10.232:82 weight=10; jvm_route $cookie_JSESSIONID|sessionid;
}
server {
listen 80;
server_name www.tsaweb.com;
charset gb2312;
location / {
proxy_pass http://tsaweb; proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header $proxy_add_x_forwarded_for; }
location /NginxStatus {
stub_status on; auth_basic \ } }
}
记得修改防火墙端口号
X-Forwarded-For
2.4测试
运行以下命令检测配置文件是否无误: /data/nginx/sbin/nginx
如果没有报错,那么就可以开始运行Nginx了.
2.5开机启动
vi /etc/init.d/nginx
输入下面的代码,注意修改相关地址的参数值 #!/bin/bash
# nginx Startup script for the Nginx HTTP Server # it is v.0.0.2 version. # chkconfig: - 85 15
# description: Nginx is a high-performance web and proxy server. # It has a lot of features, but it's not for everyone.
# processname: nginx
# pidfile: /var/run/nginx.pid
# config: /usr/local/nginx/conf/nginx.conf nginxd=/data/nginx/sbin/nginx
nginx_config=/data/nginx/conf/nginx.conf nginx_pid=/data/nginx/logs/nginx.pid RETVAL=0 prog=\
# Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = \[ -x $nginxd ] || exit 0
# Start nginx daemons functions. start() {
if [ -e $nginx_pid ];then echo \ exit 1
fi
echo -n $\
daemon $nginxd -c ${nginx_config} RETVAL=$?
echo [ $RETVAL = 0 ] && touch /var/lock/subsys/nginx
return $RETVAL }
# Stop nginx daemons functions. stop() {
echo -n $\killproc $nginxd RETVAL=$?
echo [ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /var/run/nginx.pid }
# reload nginx service functions. reload() {
echo -n $\#kill -HUP `cat ${nginx_pid}` killproc $nginxd –HUP RETVAL=$? Echo }
# See how we were called. case \
start)
start ;; stop)
stop ;; reload)
reload ;; restart)
stop start ;; status) status $prog
RETVAL=$? ;; *)
echo $\ exit 1 esac
exit $RETVAL
设置文件的访问权限
chmod a+x /etc/init.d/nginx (a+x ==> all user can execute 所有用户可执行)
3 keepalived与nginx配置
在主服务器和备服务器都要配置
3.1编写监控nginx监控脚本
作用是当nginx死掉了,停止主服务的keepalived,启动副服务的keepalived, #vi /data/nginx/logs/nginx_pid.sh (路径可以自定义,加入以下内容) #!/bin/bash # version 0.0.2
A=`ps -C nginx --no-header |wc -l` if [ $A -eq 0 ];then
/data/nginx/sbin/nginx sleep 3
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived fi
fi 分配权限
chmod 775 /data/nginx/logs/nginx_pid.sh
3.2配置/etc/keepalived/keepalived.conf
#vi /etc/keepalived/keepalived.conf (修改为以下内容) #新加入
vrrp_script chk_http_port {
script \ interval 2 weight 2 }
#修改vrrp_instance VI_1,主要加入track_script vrrp_instance VI_1 { state MASTER interface eth0
virtual_router_id 51 priority 101 authentication {
auth_type PASS auth_pass eric } #新加入 track_script {
chk_http_port }
virtual_ipaddress {
10.10.10.240 } }
3.2测试
在 server 1 把 nginx 服务器停止 # killall nginx 这时候看server 1的日志
Apr 20 18:41:26 nginx Keepalived_healthcheckers: Terminating Healthchecker child process on signal
Apr 20 18:41:26 nginx Keepalived_vrrp: Terminating VRRP child process on signal
可以看出keepalived 的进程已经停止 这时候看server 2的日志,看是否已经接管
Apr 20 18:41:23 varnish Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE
Apr 20 18:41:24 varnish Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE
Apr 20 18:41:24 varnish Keepalived_vrrp: Netlink: skipping nl_cmd msg... 很明显的看出 server 2 已经接管了,已经变为 MASTER 了
附 系统优化
1内核优化
1.1修改 /etc/sysctl.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0
kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000 net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_wmem = 4096 16384 4194304 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144 net.core.somaxconn = 262144 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_fin_timeout = 1 net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000 1.2修改/etc/security/limits.conf
* soft nofile 102400 * hard nofile 102400
正在阅读:
keepaliced+nginx安装配置12-23
枉然02-14
初中语文文言文《诫子书》对比阅读练习01-15
数据结构答案 黄刘生06-21
18版思修第一章练习题09-10
第六讲-胡克定律教案.doc04-24
东诚教育集团建设工程技术与计量(土建)精讲班讲义汇总1—28606-12
125机组技术协议解读05-16
让人又爱又恨的夏天作文300字06-26
- exercise2
- 铅锌矿详查地质设计 - 图文
- 厨余垃圾、餐厨垃圾堆肥系统设计方案
- 陈明珠开题报告
- 化工原理精选例题
- 政府形象宣传册营销案例
- 小学一至三年级语文阅读专项练习题
- 2014.民诉 期末考试 复习题
- 巅峰智业 - 做好顶层设计对建设城市的重要意义
- (三起)冀教版三年级英语上册Unit4 Lesson24练习题及答案
- 2017年实心轮胎现状及发展趋势分析(目录)
- 基于GIS的农用地定级技术研究定稿
- 2017-2022年中国医疗保健市场调查与市场前景预测报告(目录) - 图文
- 作业
- OFDM技术仿真(MATLAB代码) - 图文
- Android工程师笔试题及答案
- 生命密码联合密码
- 空间地上权若干法律问题探究
- 江苏学业水平测试《机械基础》模拟试题
- 选课走班实施方案
- keepaliced
- 配置
- 安装
- nginx
- 第14章第1节生物的命名和分类(1)
- 项目管理人员安全责任书
- 文明伴我行主题演讲稿范文
- 五年级数学下册分数加减法的测试题
- 一通三防管理制度
- 孝行大汶河、家和万事兴主题活动汇报
- 〈磨剑室诗词集〉第一辑目录
- 2002年日语能力考试3级真题及答案
- 仁爱英语七年级上册Unit2单元综合检测试题及答案
- 最新 汉语言文学的经典阅读和体验探究-精品
- 天津市住房公积金管理中心关于做好住房公积金存贷款利率调整工作
- 警察培训总结
- 2018届贵州省贵阳市高考适应性考试(一模)理综化学试题-含答案
- 郡县制与分封制的区别
- 哪哈小学备考方案
- 《冶金工程概论》课程考核论文
- 2011年施工工作总结
- 预应力孔道压浆剂 - 图文
- 理论考试题库
- 江苏省常州市2013届高二下学期期末试题(文数)