众所周知,NGINX是一款广受好评的Web服务器,也可以用作反向代理、负载均衡器和HTTP缓存。keepalive在VRRP(虚拟路由器冗余协议)上工作,它允许静态IP在两个Linux系统之间进行故障转移。在本文中,我们将演示如何在Linux中设置具有keepalive的高可用性(HA)NGINXWeb服务器。实验准备Node1–192.168.1.130–nginx1.example.com–minimalCentOS8/RHEL8Node2–192.168.1.140–nginx2.example.com–minimalCentOS8/RHEL8虚拟IP(VIP)–192.168.1.150sudouserpkumarFirewalldenabledSELinuxRunning废话不多说,让我们直接进入安装配置步骤。1)安装NGINXWebServerForCentOS8/RHEL8NGINXpackageisavailableindefaultinCentOS8/RHEL8repository,runthefollowingcommandonbothnodes$sudodnfinstall-ynginxForCentOS7/RHEL7NGINXpackageisavailableinCentOS7/在RHEL7存储库中默认不可用,我们必须启用epel存储库,在两个节点上运行以下命令$sudoyuminstallepel-release-y$sudoyuminstall-ynginx对于基于Ubuntu/DebianDebian的发行版,NGINX包是默认情况下在存储库中可用,在两个节点上运行以下命令$sudoaptupdate$sudoaptinstall-ynginx2)两个节点的自定义index.html让我们为两个节点创建一个自定义索引。html,这样我们就可以很容易的识别出是哪个服务器通过虚拟IP访问网站的。在节点1上,执行以下命令[pkumar@nginx1~]$echo"
ThisisNGINXWebServerfromNode1
"|sudotee/usr/share/nginx/html/index.html在节点2上,执行以下命令[pkumar@nginx2~]$echo"
ThisisNGINXWebServerfromNode2
"|sudotee/usr/share/nginx/html/index.html3)释放NGINX端口并启动其服务如果启用了防火墙,通过以下命令允许端口80对于CentOS/RHEL系统$sudofirewall-cmd--permanent--add-service=http$sudofirewall-cmd–reloadForUbuntu/DebianSystem$sudoufwallow'NginxHTTP'startandenablenginxservice$sudosystemctlstartnginx$sudosystemctlenablenginxruncurlcommandexternal测试两个节点的NGINX服务器$curlhttp://192.168.1.130
ThisisNGINXWebServerfromNode1
$curlhttp://192.168.1.140
ThisisNGINXWebServerfromNode2
输出上面确认NGINX正在运行并且可以从系统的IP地址从外部访问。4)安装和配置Keepalived在两个节点上安装和配置Keepalived对于CentOS/RHEL系统$sudodnfinstall-ykeepalived//CentOS8/RHEL8$sudoyuminstall-ykeepalived//CentOS7/RHEL7对于Ubuntu/Debian系统$aptinstall-ykeepalived本文中节点1为主节点,节点2为从节点。备份配置文件[pkumar@nginx1~]$sudocp/etc/keepalived/keepalived.conf/etc/keepalived/keepalived.conf-org编辑配置文件[pkumar@nginx1~]$echo-n|sudotee/etc/keepalived/keepalived.conf[pkumar@nginx1~]$sudovi/etc/keepalived/keepalived.conf复制以下内容:notvrrp_scriptcheck_nginx{script"/bin/check_nginx.sh"interval2weight50}#Virtualinterface-优先级指定指定接口在故障转移中接管的顺序vrrp_instanceVI_01{stateMASTERinterfaceenp0s3virtual_router_id151priority110XthevirtualipredaddresWebServerwhichwillfloatvirtual_ipaddress{192.168.1.150/24}track_script{check_nginx}authentication{auth_typeAHauth_passsecret}}现在创建一个包含以下内容的脚本,它将检查nginx服务是否正在运行。keepalive会一直检查check_nginx.sh脚本的输出,如果发现nginx服务宕机或者没有响应,那么它会将虚拟ip地址指向备份节点。[pkumar@nginx1~]$sudovi/bin/check_nginx.sh#!/bin/shif[-z"`pidofnginx`"];然后退出1fi保存关闭文件,设置需要的权限[pkumar@nginx1~]$sudochmod755/bin/check_nginx.sh使用scp命令将节点1的keepalive.conf和check_nginx.sh文件复制到节点2[pkumar@nginx1~]$scp/etc/keepalived/keepalived.confroot@192.168.1.140:/etc/keepalived/[pkumar@nginx1~]$scp/bin/check_nginx.shroot@192.168.1.140:/bin/复制完成后,登录节点2,对keepalive.conf文件进行一些修改。将状态从MASTER更改为BACKUP,并将优先级设置为100以降低优先级。如果启用了防火墙,执行以下命令允许VRRP(两个节点都必须执行)ForCentOS/RHELSystems$sudofirewall-cmd--add-rich-rule='ruleprotocolvalue="vrrp"accept'--permanent$sudofirewall-cmd--reloadForUbuntu/Debian系统在主??节点(节点1)上执行$sudoufwallowto224.0.0.18comment'VRRPBroadcast'$sudoufwallowfrom192.168.1.140comment'VRRPRouter'onthe从节点(节点2)执行$sudoufwallowto224.0.0.18comment'VRRPBroadcast'$sudoufwallowfrom192.168.1.130comment'VRRPRouter'启动并启用keepalived服务$sudosystemctlstartkeepalived$sudosystemctl启用keepalived服务状态verification$sudosystemctlstatuskeepalived验证master节点上VIP(虚拟ip地址)的状态,本例中VIP为192.168.1.130$ipaddshow以上输出确认VIP配置在master的enp0s3接口上node5)Keepalive和NGINX测试使用虚拟IP(192.168.1.150)访问nginx服务器,现在应该会显示Node1页面。停止节点1上的NGINX服务,看看虚拟IP是否从节点1切换到节点2,此时应该会显示节点1的页面。[pkumar@nginx1~]$sudosystemctlstopnginx[pkumar@nginx1~]$ipaddshow登录节点2查看虚拟IP是否正确[pkumar@nginx2~]$ipaddshow使用虚拟IP(192.168.1.150)访问nginx服务器很漂亮,以上确认我们已经成功搭建了一个高可用的NGINXweb服务器。我的开源项目课程-tencent-cloud(酷瓜云课堂-gitee仓库)course-tencent-cloud(酷瓜云课堂-github仓库)
