Nginx安装、负载均衡配置和keepalived配置

原创

dongcida 2024-06-10 09:09:10 ©著作权

文章标签 nginx 配置文件 html 文章分类 运维

©著作权归作者所有：来自51CTO博客作者dongcida的原创作品，请联系作者获取转载授权，否则将追究法律责任

环境准备：

实验目的：nginx 通过keepalived实现高可用

10.0.0.11 nginx1,keepalievd #nginx负载均衡配置主

10.0.0.12 nginx2,keepalievd #nginx负载均衡配置备

10.0.0.13 httpd1 #用来测试是否能够负载均衡

10.0.0.14 httpd2 #用来测试是否能够负载均衡

10.0.0.100 nginx的vip

一、nginx安装(10.0.0.11)

1.首先安装依赖

yum install pcre-devel* pcre* gcc* openssl* zlib* -y

2.下载nginx

wget http://nginx.org/download/nginx-1.14.2.tar.gz

我这里下载的是nginx1.14.2版本，如需下载其他版本可登录http://nginx.org/download选择

3.解压

tar -zxf nginx-1.14.2.tar.gz

4.编译安装

cd nginx-1.14.2
./configure --prefix=/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module
make && make install

编译nginx可加的一些参数

--prefix=path 定义服务器保存文件的目录，默认为/usr/local/nginx

--sbin-path=path nginx执行文件名，默认为prefix/sbin/nginx

--conf-path=path 设置nginx.conf配置文件名，默认为prefix/conf/nginx.conf

--pid-path=path 设置nginx.pid文件名，它用来保存nginx主进程的进程ID，默认为prefix/logs/nginx.pid

--error-log-path=path 设置错误日志文件名，默认为prefix/logs/error.log

--http-log-path=path 设置HTTP请求日志文件名，默认为prefix/logs/access.log

--user-name=path 设置未授权用户名，默认为nobody

--group=name 设置组名，默认为未授权用户名

--with-select_module 编译或取消编译利用select()方法的模块

--with-poll_module 编译或取消编译利用poll()方法的模块

--without-http_gzip_module 取消编译HTTP服务器压缩响应的模块，需要zlip库

--without-http_rewrite_module 取消编译HTTP服务器重定向请求或修改请求URI地址的模块，需要PCRE库

--without-http_proxy_module 取消编译HTTP服务器代理模块

--with-http_ssl_module 编译添加对HTTPS协议的支持，需要OpenSSL库

--with-pcre=path 设置PCRE库的源代码路径，下载PCRE源码后解压缩到指定的path即可，剩下的交给nginx的./configure和make命令完成

--with-pcre-jit 编译PCRE库支持及时编译

--with-zlib=path 设置zlib库源代码的路径，同样下载zlib源码后解压到指定的path即可

--with-cc-opt=parameters 设置CFLAGS变量的额外参数

--with-ld-opt=parameters 设置链接时的额外参数

5.将、nginx/nginx为nginx用户授权（也可直接用root执行）

chown -R nginx:nginx /nginx/nginx

6.切换到nginx用户进行配置

su - nginx

7.修改/nginx/nginx/conf/nginx.conf文件

user  nginx;
worker_processes  4;
events {
    use epoll;
    worker_connections  204800;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    #access_log  logs/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    #gzip  on;
    server {
        listen       80;
        server_name  localhost;
        #charset koi8-r;
        #access_log  logs/host.access.log  main;
        location / {
    sendfile        on;
events {
    use_epoll;
    worker_connections  204800;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    #access_log  logs/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    #gzip  on;
    include upstream.conf;    #此处是将server区域和upstream区域单独写了一个配置文件，也可直接写道nginx.conf里
    include servers.conf;
}

8.编辑一个servers.conf文件(也可写在nginx.conf文件里)

touch servers.conf

vim servers.conf   # 此处为http配置


#esblocation
server {
       listen       20000;   #此处是nginx服务对外暴露的端口，默认是80，普通用户不可使用1024一下的端口

       #charset koi8-r;

       #access_log  logs/host.access.log  main;

       location / {
               proxy_pass http://esbupstream;     #负载均衡的实例名(可以随便起，但需要和upstrean区域或文件一致) 
               proxy_redirect off;
               proxy_http_version 1.1;
               proxy_set_header Host $host;
               proxy_set_header X-Forwarded-For $remote_addr;
               proxy_set_header connect "";
               client_max_body_size 30m;
               client_body_buffer_size 1024k;
               proxy_connect_timeout 30;
               proxy_send_timeout 120;
               proxy_read_timeout 120;
               proxy_buffer_size 128k;
               proxy_buffers 8 128k;
               proxy_busy_buffers_size 128k;
       }


       #error_page  404              /404.html;
       #rewrite ^(.*)$ https://$host$1 permanent;
       error_page   500 502 503 504  /50x.html;
       location = /50x.html {
            root   html;
       }
}

9.编辑upstream.conf文件(也可写在nginx.conf文件里)

touch upstream.conf
vim upstream.conf

upstream esbupstream{
         server 10.0.0.13:8080; #此处使用8080测试
         server 10.0.0.14:8080; #此处使用8080测试
         keepalive 16;
}
#访问主机nginx的20000端口会负载到10.0.0.11/12的8080端口 
#此处为轮询，也可设置为加权轮询：
#         server 10.0.0.13:8080 wight 1；
#         server 10.0.0.14:8080 wight 2；

10.检测nginx配置文件是否有错误

/nginx/nginx/sbin/nginx -t
nginx: the configuration file /nginx/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /nginx/nginx/conf/nginx.conf test is successful

启动nginx

/nginx/nginx/sbin/nginx

11.为实现高可用在另外一台主机安装nginx(10.0.0.12)，安装方式和配置文件内容同上

二、安装配置keepalived(nginx主)

1.下载安装

#下载地址：http://www.keepalived.org/download.html

#centos7使用keepalived-1.2.19会有问题，建议使用高版本，此处使用keepalived-2.0.11

首先安装一些依赖：

yum install -y gcc openssl-devel popt-devel
	yum install libnl* libpopt* popt-static* -y

解压安装

tar -zxf keepalived-2.0.11.tar.gz
cd keepalived-2.0.11
./configure --prefix=/var/local/keepalived --sysconf=/etc
make && make install
cp /var/local/keepalived/sbin/keepalived /usr/sbin/

2.编辑配置文件

vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived
global_defs {
   router_id nginx_master
}

#探测检测nginx的脚本
vrrp_script check_nginx {
     script "/etc/keepalived/check_nginx.sh"
     interval 2
     weight 2
     }

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass telling
    }
track_script {
        check_nginx
}
    virtual_ipaddress {
        10.0.0.100/24
    }
}

在/etc/keepalived/下新建check_nginx.sh文件

touch /etc/keepalived/check_nginx.sh
vim /etc/keepalived/check_nginx.sh

[root@esb2 keepalived]# cat check_nginx.sh

#!/bin/bash

if [ "$(ps -ef | grep "nginx: master process"| grep -v grep )" == "" ]

then

  /etc/init.d/keepalived stop

fi

#给脚本赋权

chomd a+x /etc/keepalived/check_nginx.sh

3.另一台nginx的keepalievd配置方法相同

配置文件以下字段有所区别：

state MASTER 主为MASTER ，备为SLAVE #实际测试主备与这个无关，与priority有关

priority 100 主设置为100，备设置为80 # 只要比主低就可以

4.启动keepalived

启动keepalive

systemctl start keepalived

启动后查看状态：

[root@localhost keepalived]# ip a | grep ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 10.0.0.11/24 brd 10.0.0.255 scope global noprefixroute ens33
    inet 10.0.0.100/24 scope global secondary ens33

#配置成功！

三、测试访问VIP的20000端口，是否会负载到10.0.0.13/14的8080端口

测试负载轮询

[root@localhost keepalived]# curl 10.0.0.100:20000
This 10.0.0.13:8080
[root@localhost keepalived]# curl 10.0.0.100:20000
This 10.0.0.14:8080
[root@localhost keepalived]# curl 10.0.0.100:20000
This 10.0.0.13:8080
[root@localhost keepalived]# curl 10.0.0.100:20000
This 10.0.0.14:8080

测试加权轮询：

[root@localhost keepalived]# curl 10.0.0.100:20000
This 10.0.0.13:8080
[root@localhost keepalived]# curl 10.0.0.100:20000
This 10.0.0.14:8080
[root@localhost keepalived]# curl 10.0.0.100:20000
This 10.0.0.14:8080
[root@localhost keepalived]# curl 10.0.0.100:20000
This 10.0.0.14:8080
[root@localhost keepalived]# curl 10.0.0.100:20000
This 10.0.0.13:8080