手頭有三台機器,上司要求做成高可用的網站,一台做資料庫肯定是沒錯的,剩下兩台機器隻能做web了。
原本打算用nginx+keepalived,keepalived做高可用沒問題,一主一從,但是從機完全standby,資源有些浪費。于是想到了負載均衡叢集。考慮到nginx又做負載均衡,又做web,怕管理上麻煩,負載均衡就用了haproxy做,并且haproxy的健康檢查非常到位。而nginx的健康檢查實際上是假的,應該較故障轉移,因為一旦timeout過期了,流量仍然會分過去,發現不通後再進行故障轉移,這會導緻網頁間歇性加載緩慢。
本文做法的好處是,從伺服器平時也能分擔主伺服器的流量,任何一個機器當機,web服務都可以正常通路。
環境:CentOS6.4 x86_64
VIP 192.168.122.10
web01 192.168.122.11
web02 192.168.122.12
1、安裝軟體
yum install haproxy keepalived nginx php-fpm php-gd php-mysql php-xml php-cli -y
chkconfig keepalived on
chkconfig haproxy on
chkconfig nginx on
chkconfig php-fpm on
chkconfig iptables off #防火牆暫時不配置
2、系統和核心設定
sed -i ‘s/enforcing/disabled/g' /etc/sysconfig/selinux
sysctl -w "net.ipv4.ip_nonlocal_bind = 1"
echo "net.ipv4.ip_nonlocal_bind = 1" >>/etc/sysctl.conf
上面這個核心參數,可以允許伺服器監聽在一個不存在的位址上。
3、配置keepalived(主從配置略有不同)
配置主伺服器web01
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id web01
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
preempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.122.10 label eth0:1
配置從伺服器
notification_email_from keepalived02@localhost
router_id web02
state BACKUP
priority 90
#preempt
4、配置haproxy(主從伺服器配置完全相同,監聽位址192.168.122.10:80)
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen status
bind *:10086
stats uri /haproxy-status
stats auth admin:123456
stats hide-version
frontend haproxy-nlb
bind 192.168.122.10:80
default_backend nginx-web
backend nginx-web
option httpchk HEAD /check.txt HTTP/1.0
balance roundrobin
server web01 192.168.122.11:80 weight 3 check inter 5s rise 2 fall 3
server web02 192.168.122.12:80 weight 3 check inter 5s rise 2 fall 3
5、配置nginx(除了監聽位址不同,其餘全一樣)
主伺服器監聽192.168.122.11:80
從伺服器監聽192.168.122.12:80
user nginx;
worker_processes 2;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
google_perftools_profiles /tmp/tcmalloc;
events {
use epoll;
worker_connections 2048;
}
http {
include /etc/nginx/mime.types;
include /etc/nginx/naxsi_core.rules;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log main;
sendfile on;
server_tokens off;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_static on;
gzip_disable "msie6";
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x$
gzip_buffers 16 8k;
client_max_body_size 20m;
client_body_buffer_size 128k;
server {
listen 192.168.122.11:8080;
server_name localhost;
root /usr/share/nginx/html;
index index.html index.htm index.php;
#charset koi8-r;
access_log /var/log/nginx/host.access.log main;
location / {
include /etc/nginx/naxsi_conf ;
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php?q=$1 last;
}
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
#try_files $uri = 404;
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_read_timeout 240;
include fastcgi_params;
if ($fastcgi_script_name ~ \..*\/.*php) {
return 403;
# deny access to hiden file . (filename begin with ".")
location ~ /\. {
access_log off;
log_not_found off;
deny all;
# deny access to bakup file .(any filename end with "~" )
location ~ ~$ {
access_log off;
deny all;
# cache image file
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml|swf)$ {
expires 1d;
# don't log robots and favion
location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
6、配置php-fpm
sed -i ‘s/apache/nginx/g’ /etc/php-fpm.d/www.conf
7、其他
給web01加上檢測頁面
echo web01 >/usr/share/nginx/html/check.txt
給web02加上檢測頁面
echo web02 >/usr/share/nginx/html/check.txt
8、重新開機兩台機器
9、驗證
由于是輪詢,我們很容易檢測負載均衡(最好不要用浏覽器,浏覽器有緩存)
$ for n in {1..10};do curl http://192.168.122.10/check.txt;done
web02
web01
OK,大功告成!
本文轉自 紫色葡萄 51CTO部落格,原文連結:http://blog.51cto.com/purplegrape/1180326,如需轉載請自行聯系原作者
![(Nginx)03_Nginx原理與優化一、Nginx原理二、master-workers機制三、面試題:[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)