nginx集群

nginx+keepalived架构，包含单主集群和双主集群，这里只讲双主机集群

准备

nginx+keepalived架构，包含单主集群和双主集群 节点地址服务单主实例VI_1双主实例VI_1双主实例VI_2nginx-1192.168.66.143keepalived+nginxMASTERMASTERBAKCUPnginx-2192.168.66.144keepalived+nginxMASTERMASTERBAKCUP 关闭防火墙及selinux

安装 keepalived + nginx（在nginx-1/nginx-1分别安装）

安装 keepalived

dnf install keepalived

安装nginx

# 依赖安装 yum -y install pcre pcre-devel zlib zlib-devel openssl openssl-devel yum install gcc gcc-c++ automake autoconf libtool make # 安装nginx wget http://nginx.org/download/nginx-1.8.1.tar.gz tar -zxvf nginx-1.8.1.tar.gz # 解压后文件nginx-1.8.1 cd nginx-1.8.1 ./configure --prefix=/usr/local/nginx # 这是 连带 第三方模块一起编译的命令 ，两类模块的编译方式 # --add-module=xxx_-module 与 --with-xxx_-module # ./configure --prefix=/usr/local/nginx --add-module=../nginx-rtmp-module --with-http_ssl_module make make install # 查看nginx 版本 /usr/local/nginx/sbin/nginx -v # 查看配置文件位置 /usr/local/nginx/sbin/nginx -t # 设置 环境变量 export PATH=$PATH:/usr/local/nginx/sbin nginx 安装后配置第三方模块 cd nginx-1.8.1 # 先进入nginx源码目录 ./configure --prefix=/usr/local/nginx --add-module=../nginx-rtmp-module --with-http_ssl_module make # 前往不能再执行make install ，否则会覆盖之前nginx的安装 使用systemctl管理nginx服务

https://blog.csdn.net/qq_37377082/article/details/109295383

安装时源码编译报错 -module -I objs -I src/http -I src/http/modules \ -o objs/addon/nginx-rtmp-module/ngx_rtmp_eval.o \ /opt/softs/nginx/nginx-rtmp-module/ngx_rtmp_eval.c /opt/softs/nginx/nginx-rtmp-module/ngx_rtmp_eval.c: 在函数‘ngx_rtmp_eval’中: /opt/softs/nginx/nginx-rtmp-module/ngx_rtmp_eval.c:160:17: 错误：this statement may fall through [-Werror=implicit-fallthrough=] switch (c) { ^~~~~~ /opt/softs/nginx/nginx-rtmp-module/ngx_rtmp_eval.c:170:13: 附注：here case ESCAPE: ^~~~ cc1：所有的警告都被当作是错误 make[1]: *** [objs/Makefile:1339：objs/addon/nginx-rtmp-module/ngx_rtmp_eval.o] 错误 1 make[1]: 离开目录“/opt/softs/nginx/nginx-1.18.0” make: *** [Makefile:8：build] 错误 2 进入nginx 源码目录下obj目录下，修改Makefile文件： CFLAGS = -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g　 ==> CFLAGS = -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -g　 就是把 -Werror 去掉

配置 keepalived

修改配置文件 /etc/keepalived/keepalived.conf

! Configuration File for keepalived # nginx-1的keepalived 配置，nginx-1 作为VI_1的 MASTER，并作为VI_2的 BAKCUP # 全局配置 global_defs { # 指定keepalived在发生切换时需要发送email到的对象，一行一个 # notification_email { # acassen@firewall.loc # 指定收件人邮箱 # failover@firewall.loc # sysadmin@firewall.loc # } # 指定发件人 # notification_email_from Alexandre.Cassen@firewall.loc # 指定smtp服务器地址 # smtp_server 192.168.200.1 # 指定smtp连接超时时间 # smtp_connect_timeout 30 # 此处注意router_id为负载均衡标识，在局域网内应该是唯一的。 # router_id LVS_DEVEL # vrrp_skip_check_adv_addr # vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } # 高可用之调用辅助脚本进行资源监控，并根据监控的结果状态实现动态调整 # 动态调整keepalived # 检测keepalived主要是用在维护过程中，比如升级，停掉服务是非常不理想的，可以用vrrp脚本，实现不停服务地址来回转换的方法 # 在 vrrp_instance 中引用，见vrrp_instance 的 track_script块内容 vrrp_script chk_maintanance{ script "/etc/keepalived/chkdown.sh" #脚本路径 interval 1 #间隔1s执行一次 weight -20 #失败的权重减20 } # 检测nginx是否存活 vrrp_script chk_nginx { script "/etc/keepalived/chknginx.sh" interval 1 weight -20 } # 监控多个网段的实例 vrrp_instance VI_1 { # 状态只有MASTER和BACKUP两种，并且要大写，MASTER为工作状态，BACKUP是备用状态。 state MASTER # 监听的实际网口 ，就是使用中的网段 interface ens33 # 虚拟路由标识，同一个vrrp_instance的MASTER和BACKUP的vitrual_router_id 是一致的。 virtual_router_id 50 # 权重为100，权重数字越大就越高 priority 100 # 发送组播包的间隔时间，默认为1秒 advert_int 1 authentication { # 验证authentication。包含验证类型和验证密码。类型主要有PASS、AH 两种，通常使用的类型为PASS auth_type PASS # 据说AH 使用时有问题。验证密码为明文，同一vrrp 实例MASTER 与BACKUP 使用相同的密码才能正常通信。 auth_pass 1111 } # 虚拟ip地址,可以有多个地址，每个地址占一行，不需要子网掩码，同时这个ip 必须与我们在lvs 客户端设定的vip 相一致！ virtual_ipaddress { 192.168.66.200 # 就是一个虚拟IP ，与宿主机同一个网段 } track_script { chk_maintanance chk_nginx } } #VIP2，新增网段配置，新增一个实例VI_2 vrrp_instance VI_2 { state BAKCUP interface ens33 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.66.210 } track_script { chk_maintanance chk_nginx } } nginx-2的keepalived 配置与nginx-1基本相同，稍作改动 把 vrrp_instance VI_1 中，state MASTER-->state BAKCUP , priority 100 --> priority 90 把 vrrp_instance VI_2 中，state BAKCUP-->state MASTER , priority 90 --> priority 100

编写 chkdown.sh 与 chknginx.sh

#!/bin/bash # chkdown.sh 脚本 #[[ -f /etc/keepalived/down ]]&&exit 1 || exit 0 [ -e /etc/keepalived/down ] && exit 1 || exit 0 #!/bin/bash # chknginx.sh 脚本 #killall -0 nginx #if [[ $? -ne 0 ]];then # systemctl keepalived stop #fi A=`ps -C nginx --no-header | wc -l` if [ $A -eq 0 ];then systemctl start nginx #尝试重新启动nginx sleep 2 #睡眠2秒 if [ `ps -C nginx --no-header | wc -l` -eq 0 ];then killall keepalived #启动失败，将keepalived服务杀死。将vip漂移到其它备份节点 fi fi

一些命令

开机自启动 systemctl enable nginx systemctl enable keepalived 启动 systemctl start nginx systemctl start keepalived 重启 systemctl restart nginx systemctl restart keepalived 关闭 systemctl stop keepalived systemctl stop nginx

nginx 相关的配置

nginx 可实现 反向代理，负载均衡，动静分离; 修改配置文件 /etc/nginx/nginx.conf

# For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; # 反向代理 # server { # #listen 80 default_server; # #listen [::]:80 default_server; # listen 80; # server_name 192.168.66.200; # #root /usr/share/nginx/html; # # # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; # # location / { # # root html jsp # proxy_pass http://192.168.66.139:8080; # } # # location ~ /tomcatCloud/index { # # root html jsp # proxy_pass http://192.168.66.139:8080; # } # # location ~ /tomcatCloud/success { # # root html jsp # proxy_pass http://192.168.66.140:8080; # } # # error_page 404 /404.html; # location = /40x.html { # } # # error_page 500 502 503 504 /50x.html; # location = /50x.html { # } # } # 负载均衡 upstream tomcatserver1 { server 192.168.66.139:8080 ; server 192.168.66.140:8080 ; } server { listen 80; server_name 192.168.66.200; location / { proxy_pass http://tomcatserver1; #index index.html index.htm; } } # Settings for a TLS enabled server. # # server { # listen 443 ssl http2 default_server; # listen [::]:443 ssl http2 default_server; # server_name _; # root /usr/share/nginx/html; # # ssl_certificate "/etc/pki/nginx/server.crt"; # ssl_certificate_key "/etc/pki/nginx/private/server.key"; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 10m; # ssl_ciphers PROFILE=SYSTEM; # ssl_prefer_server_ciphers on; # # # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; # # location / { # } # # error_page 404 /404.html; # location = /40x.html { # } # # error_page 500 502 503 504 /50x.html; # location = /50x.html { # } # } }