Nginx 高可用+负载均衡部署文档V1.0.2

Nginx高可用+负载均衡部署指南

1软件版本说明

2基础软件安装

2.1Nginx安装

版本jdk-7u67-linux-x64.rpm，安装步骤略

安装后检验Nginx版本是否正确。

[root@localhost ~]# /usr/local/nginx/sbin/nginx –v

nginx version: nginx/1.6.0

2.2Keepalived安装

2.2.1openssl安装

openssl必须安装，否则安装keepalived时无法编译，keepalived依赖openssl

openssl安装

tar zxvf openssl-1.0.1g.tar.gz

./config--prefix=/usr/local/openssl

./config-t

make depend

make

make test

make install

ln-s /usr/local/openssl/usr/local/ssl

openssl配置

vi/etc/ld.so.conf

#在/etc/ld.so.conf文件的最后面，添加如下内容：

/usr/local/openssl/lib

vi/etc/profile

export OPENSSL=/usr/local/openssl/bin

export PATH=$PATH:$OPENSSL

source/etc/profile

yum install openssl-devel -y #如无法yum下载安装，请修改yum配置文件

测试:

ldd /usr/local/openssl/bin/openssl

linux-vdso.so.1 => (0x00007fff996b9000)

libdl.so.2 => /lib64/libdl.so.2 (0x00000030efc00000)

libc.so.6 => /lib64/libc.so.6 (0x00000030f0000000)

/lib64/ld-linux-x86-64.so.2 (0x00000030ef800000) which openssl

/usr/bin/openssl

openssl version

OpenSSL 1.0.0-fips 29 Mar 2010

2.2.2keepalived安装

本文在172.17.30.64、172.17.30.83两台机器进行keepalived安装

安装

tar zxvf keepalived-1.2.13.tar.gz

cd keepalived-1.2.13

./configure--prefix=/usr/local/keepalived

make

make install

cp/usr/local/keepalived/sbin/keepalived/usr/sbin/

cp/usr/local/keepalived/etc/sysconfig/keepalived/etc/sysconfig/

cp/usr/local/keepalived/etc/rc.d/init.d/keepalived/etc/init.d/

mkdir/etc/keepalived

cp/usr/local/keepalived/etc/keepalived/keepalived.conf

/etc/keepalived

2.2.3keepalived配置

建检查Nginx是否存活的脚本

#新建Nginx检查

vim /usr/local/nginx

/check.sh

内容如下：

#!/bin/bash

#This script is used by keepalived for checking nginx running status CHECK_TIME=2

check()

{

curl -m 2 http://127.0.0.1/status >/dev/null 2>&1

return $?

}

while [ $CHECK_TIME -ne 0 ]

do

let "CHECK_TIME -= 1"

check

NGINX_OK=$?

if [ $NGINX_OK -eq 0 ];then

exit 0

fi

if [ $NGINX_OK -ne 1 ] && [ $CHECK_TIME -eq 0 ]

then

exit 1

fi

done

keepalived.conf:

vim /usr/local/keepalived/etc/keepalived/keepalived.conf

Master:

Master

! Configuration File for keepalived

vrrp_script check_run {

script “/usr/local/nginx/check.sh"

interval 2

weight 2

}

vrrp_instance VI_1 {

state MASTER #172.17.210.83上改为

Master

interface eth0 #对外提供服务的网络接口

virtual_router_id 51 #VRRP组名，两个节点的设置必须一样，以指明各个节点属于同一VRRP组

priority 150 #数值愈大，优先级越高

advert_int 1 #同步通知间隔

authentication { #包含验证类型和验证密码。类型主要有PASS、AH两种，通常使用的类型为PASS，据说AH使用时有问题auth_type PASS

auth_pass 1111

}

track_script {

check_run #调用脚本check.sh检查haproxy是否存活

}

virtual_ipaddress { #vip地址

172.17.210.103 dev eth0 scope globa

}

}

slave：

slave

! Configuration File for keepalived

vrrp_script chech_run {

script “/usr/local/nginx/check.sh"

interval 2

weight 2

}

vrrp_instance VI_1 {

state BACKUP #

interface eth0 #对外提供服务的网络接口

virtual_router_id 51 #VRRP组名，两个节点的设置必须一样，以指明各个节点属于同一VRRP组

priority 120 #数值愈大，优先级越高, advert_int 1 #同步通知间隔

authentication { #包含验证类型和验证密码。类型主要有PASS、AH两种，通常使用的类型为PASS，据说AH使用时有问题auth_type PASS

auth_pass 1111

}

track_script {

check_run #调用脚本check.sh检查haproxy是否存活

}

virtual_ipaddress { #vip地址

172.17.210.103 dev eth1 scope globa

}

}

3Nginx配置文件

3.1新建upstreams.conf

1、upstream uc_cluster {

2、 ip_hash;

3、 server app01:7060;#主机名+端口

4、 server app01:7061;

5、}

6、 upstream pos_cluster {

7、 ip_hash;

8、 server app01:7060;#主机名+端口

9、 server app01:7061;

10、}

11、upstream mps_cluster {

12、 ip_hash;

13、 server app01:7060;

14、server app01:7061;

15、server app02:7060;

16、}

upstream gms_cluster {

17、ip_hash;

18、server app01:7060;

19、server app01:7061;

20、server app02:7060;

21、}

.

.

.

3.2新建server.conf

server {

listen 80;

server_name https://www.360docs.net/doc/548534857.html,;

default_type 'text/html';

charset utf-8;

#charset koi8-r;

#access_log logs/host.access.log main;

location ~ .*.*$ {

#index /portal;

proxy_pass http://uc_cluster;

rewrite "^/+$" /portal break;

}

location ^~ /pos/ {

proxy_pass http://pos_cluster;

}

location ^~ /mps/ {

proxy_pass http://mps_cluster;

}

location ^~ /gms/ {

proxy_pass http://gms_cluster;

}

location ^~ /fas/ {

proxy_pass http://fas_cluster;

}

location ^~ /mdm/ {

proxy_pass http://mdm_cluster;

}

location ^~ /pms/ {

proxy_pass http://pms_cluster;

proxy_connect_timeout 600s;

proxy_send_timeout 300s;

}

location ^~ /crm/ {

proxy_pass http://crm_cluster;

}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html

#

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

}

3.3新建proxy.conf文件

#!nginx (-)

# proxy.conf

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr; #???ip

#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #??úμ??ip client_max_body_size 10m;

client_body_buffer_size 128k;

proxy_connect_timeout 90;

proxy_send_timeout 90;

proxy_read_timeout 90;

proxy_buffer_size 4k;

proxy_buffers 4 32k;

proxy_busy_buffers_size 64k;

proxy_temp_file_write_size 64k;

3.4修改Nginx文件

#user nobody;

worker_processes 4;

error_log logs/error.log;

error_log logs/error.log notice;

error_log logs/error.log info;

pid logs/nginx.pid;

events {

use epoll;

worker_connections 1024;

}

http {

include upstreams.conf;

include mime.types;

default_type application/octet-stream;

include proxy.conf;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

access_log logs/access.log main;

sendfile on;

#tcp_nopush on;

#keepalive_timeout 0;

keepalive_timeout 65;

tcp_nodelay on;

gzip on;

gzip_min_length 10240;

gzip_proxied expired no-cache no-store private auth;

gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml application/xml+rss image/svg+xml application/x-font-ttf application/vnd.ms-fontobject;

gzip_disable "MSIE [1-6]\.";

include servers.conf;

}