keepaliced+nginx安装配置

更新时间：2023-12-23 09:07:01 阅读量：教育文库文档下载

说明：文章内容仅供预览，部分内容可能不全。下载后的文档，内容与下面显示的完全一致。下载之前请确认下面内容是否您想要的，是否完整无缺。

1 Keepalived安装

1.1安装版本

keepalived-1.2.2.tar.gz

1.2安装步骤

# tar zxvf keepalived-1.2.7.tar.gz # cd keepalived-1.2.7

# ./configure --prefix=/data/keepalived # make

# make install

# cp /data/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/ # cp /data/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ # mkdir /etc/keepalived

# cp /data/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ # cp /data/keepalived/sbin/keepalived /usr/sbin/

# chkconfig --add keepalived # chmod 755 /etc/init.d/keepalived # chkconfig keepalived on

做成系统启动服务方便管理. # vi /etc/rc.local

/etc/init.d/keepalived start

1.3配置

1.3.1主服务器配置

# vi /etc/keepalived/keepalived.conf 加入以下内容

! Configuration File for keepalived #邮件通知，可以不加 global_defs {

notification_email {

acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc }

notification_email_from Alexandre@firewall.loc #发件地址 smtp_server 192.168.200.1 #smtp服务器 smtp_connect_timeout 30 #连接smtp超时时间 router_id LVS_DEVEL }

vrrp_instance VI_1 {

state MASTER

# 设置为主服务器 # 监控网卡

# 保持主备服务器一致

# 优先级 (主服务器应比备份服务器高) # 心跳广播时间间隔(秒)

#收件地址

interface eth0 virtual_router_id 51 priority 100 advert_int 1

authentication {

auth_type PASS # 加密 auth_pass 1111 }

virtual_ipaddress {

# 加密的密码，两台服务器一定要一样

10.10.0.240 } }

1.3.2备服务器配置

# vi /etc/keepalived/keepalived.conf

加入以下内容

! Configuration File for keepalived global_defs {

notification_email {

acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc }

notification_email_from Alexandre@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL }

vrrp_instance VI_1 {

state BACKUP interface eth0 virtual_router_id 51 priority 90 advert_int 1

# 保持主备服务器一致

# 优先级 (主服务器应比备份服务器高) # 心跳广播时间间隔(秒)

authentication {

auth_type PASS auth_pass 1111 }

virtual_ipaddress {

10.10.0.240 } }

1.4 修改防火墙

keepalived使用vrrp协议， vrrp协议使用224.0.0.18地址组播，修改防火墙负责主备服务器不能及时互换

# vi /etc/sysconfig/iptables 加入

-I RH-Firewall-1-INPUT -d 224.0.0.18 -j ACCEPT

重启防火墙

# /etc/rc.d/init.d/iptables restart

1.5测试

# service keepalived start # ip a

1: lo: mtu 16436 qdisc noqueue

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000

link/ether 00:10:5c:c8:1c:f2 brd ff:ff:ff:ff:ff:ff inet 10.10.0.230/24 brd 10.10.255.255 scope global eth0 inet 10.10.0.240/32 scope global eth0 inet6 fe80::210:5cff:fec8:1cf2/64 scope link

valid_lft forever preferred_lft forever 3: sit0: mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0

可以看到，10.10.0.240 虚拟IP 已经挂接在网卡eth0 上。检查虚拟ip状态

# curl http://10.10.0.240 it works! 10.10.0.41

2 Nginx安装

2.1安装版本

nginx-1.0.2.tar.gz prce-8.12.tar.gz

2.2、安装步骤

2.2.1编译安装rewrite模块支持包

# tar zxvf pcre-8.12.tar.gz # cd pcre-8.12/ # ./configure # make # make install

2.2.2编译安装Nginx

# tar zxvf nginx-1.0.2.tar.gz # cd nginx-1.0.2/

# patch –p0 < ../nginx_upstream_jvm_route/jvm_route.patch

# ./configure --prefix=/data/nginx --with-http_stub_status_module

--add-module=../nginx_upstream_jvm_route # make # make install

2.3配置

#vi /data/nginx/conf/nginx.conf （插入以下内容） user nobody nobody; worker_processes 8;

worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;

worker_rlimit_nofile 102400;

#error_log logs/error.log notice; pid logs/nginx.pid; events {

use epoll;

worker_connections 102400; } http {

include mime.types;

default_type application/octet-stream;

client_header_buffer_size 1k; large_client_header_buffers 4 4k;

gzip on;

gzip_min_length 1100;

gzip_buffers 4 8k; output_buffers 1 32k; postpone_output 1460;

client_header_timeout 3m; client_body_timeout 3m; send_timeout 3m; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65;

upstream tsaweb {

server 10.10.10.230:81 weight=8; server 10.10.10.230:82 weight=8; server 10.10.10.232:80 weight=10;

server 10.10.10.232:81 weight=10;

server 10.10.10.232:82 weight=10; jvm_route $cookie_JSESSIONID|sessionid;

}

server {

listen 80;

server_name www.tsaweb.com;

charset gb2312;

location / {

proxy_pass http://tsaweb; proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr; proxy_set_header $proxy_add_x_forwarded_for; }

location /NginxStatus {

stub_status on; auth_basic \ } }

}

记得修改防火墙端口号

X-Forwarded-For

2.4测试

运行以下命令检测配置文件是否无误： /data/nginx/sbin/nginx

如果没有报错，那么就可以开始运行Nginx了.

2.5开机启动

vi /etc/init.d/nginx

输入下面的代码，注意修改相关地址的参数值 #!/bin/bash

# nginx Startup script for the Nginx HTTP Server # it is v.0.0.2 version. # chkconfig: - 85 15

# description: Nginx is a high-performance web and proxy server. # It has a lot of features, but it's not for everyone.

# processname: nginx

# pidfile: /var/run/nginx.pid

# config: /usr/local/nginx/conf/nginx.conf nginxd=/data/nginx/sbin/nginx

nginx_config=/data/nginx/conf/nginx.conf nginx_pid=/data/nginx/logs/nginx.pid RETVAL=0 prog=\

# Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = \[ -x $nginxd ] || exit 0

# Start nginx daemons functions. start() {

if [ -e $nginx_pid ];then echo \ exit 1

echo -n $\

daemon $nginxd -c ${nginx_config} RETVAL=$?

echo [ $RETVAL = 0 ] && touch /var/lock/subsys/nginx

return $RETVAL }

# Stop nginx daemons functions. stop() {

echo -n $\killproc $nginxd RETVAL=$?

echo [ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /var/run/nginx.pid }

# reload nginx service functions. reload() {

echo -n $\#kill -HUP `cat ${nginx_pid}` killproc $nginxd –HUP RETVAL=$? Echo }

# See how we were called. case \

start)

start ;; stop)

stop ;; reload)

reload ;; restart)

stop start ;; status) status $prog

RETVAL=$? ;; *)

echo $\ exit 1 esac

exit $RETVAL

设置文件的访问权限

chmod a+x /etc/init.d/nginx (a+x ==> all user can execute 所有用户可执行)

3 keepalived与nginx配置

在主服务器和备服务器都要配置

3.1编写监控nginx监控脚本

作用是当nginx死掉了，停止主服务的keepalived，启动副服务的keepalived， #vi /data/nginx/logs/nginx_pid.sh （路径可以自定义，加入以下内容） #!/bin/bash # version 0.0.2

A=`ps -C nginx --no-header |wc -l` if [ $A -eq 0 ];then

/data/nginx/sbin/nginx sleep 3

if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then

killall keepalived fi

fi 分配权限

chmod 775 /data/nginx/logs/nginx_pid.sh

3.2配置/etc/keepalived/keepalived.conf

#vi /etc/keepalived/keepalived.conf (修改为以下内容) #新加入

vrrp_script chk_http_port {

script \ interval 2 weight 2 }

#修改vrrp_instance VI_1，主要加入track_script vrrp_instance VI_1 { state MASTER interface eth0

virtual_router_id 51 priority 101 authentication {

auth_type PASS auth_pass eric } #新加入 track_script {

chk_http_port }

virtual_ipaddress {

10.10.10.240 } }

3.2测试

在 server 1 把 nginx 服务器停止 # killall nginx 这时候看server 1的日志

Apr 20 18:41:26 nginx Keepalived_healthcheckers: Terminating Healthchecker child process on signal

Apr 20 18:41:26 nginx Keepalived_vrrp: Terminating VRRP child process on signal

可以看出keepalived 的进程已经停止这时候看server 2的日志，看是否已经接管

Apr 20 18:41:23 varnish Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE

Apr 20 18:41:24 varnish Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE

Apr 20 18:41:24 varnish Keepalived_vrrp: Netlink: skipping nl_cmd msg... 很明显的看出 server 2 已经接管了，已经变为 MASTER 了

附系统优化

1内核优化

1.1修改 /etc/sysctl.conf

net.ipv4.ip_forward = 0

net.ipv4.conf.default.rp_filter=1

net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0

kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1

kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296

net.ipv4.tcp_max_tw_buckets = 6000 net.ipv4.tcp_sack = 1

net.ipv4.tcp_window_scaling = 1

net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_wmem = 4096 16384 4194304 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216

net.core.netdev_max_backlog = 262144 net.core.somaxconn = 262144 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_fin_timeout = 1 net.ipv4.tcp_keepalive_time = 30

net.ipv4.ip_local_port_range = 1024 65000 1.2修改/etc/security/limits.conf

* soft nofile 102400 * hard nofile 102400

本文来源：https://www.bwwdw.com/article/bk75.html

相关文章：

正在阅读：

keepaliced+nginx安装配置12-23

枉然02-14

初中语文文言文《诫子书》对比阅读练习01-15

数据结构答案黄刘生06-21

18版思修第一章练习题09-10

2022年关于大学生药店社会实践报告多篇精选范文08-03

第六讲-胡克定律教案.doc04-24

东诚教育集团建设工程技术与计量(土建)精讲班讲义汇总1—28606-12

125机组技术协议解读05-16

让人又爱又恨的夏天作文300字06-26

上一篇：现代文阅读的线索与情节下一篇：小车及客车管理制度