使用nginx和keepalived實作伺服器的負載均衡和高可用

實驗目的：

1，使用nginx的upstream實作伺服器的負載均衡

2，使用keepalived實作伺服器的高可用

3，另外也包括mysql的安裝和NFS的部署

備注：本實驗僅測試負載均衡和高可用的可用性，暫不過多介紹資料庫和web伺服器搭建（僅搭建nignx服務用于測試）

規劃：

主機名	IP位址	角色
master	192.168.100.130	Nginx，Keepalived
backup	192.168.100.131	Nginx，Keepalived，MySQL，NFS
web1	192.168.100.132	Nginx+PHP-FPM
web2	192.168.100.135	Nginx+PHP-FPM
–	192.168.100.88	VIP

準備工作（每台機器都需要操作）：

0.1 修改主機名

hostnamectl set-hostname xxx //xxx為你的主機名，例如master

0.2 關閉和禁用防火牆

systemctl stop firewalld

systemctl disable firewalld

0.3 禁用selinux

vi /etc/selinux/config

更改内容為：SELINUX=disabled

操作流程：搭建資料庫伺服器->部署NFS->web伺服器->負載均衡->高可用

具體操作：

1，在backup上安裝mysql資料庫

1.1 mysql下載下傳位址：https://dev.mysql.com/downloads/repo/yum/

1.2 安裝mysql

rpm -ivh https://dev.mysql.com/get/mysql80-community-release-el7-1.noarch.rpm

yum repolist all|grep mysql

使用yum-config-manager啟用mysql5.7 禁用mysql8.0

yum-config-manager --enable mysql57-community

yum-config-manager --disable mysql80-community

如果提示yum-config-manager指令未安裝，則先進行安裝

yum -y install yum-utils

使用nginx和keepalived實作伺服器的負載均衡和高可用

yum install mysql-community-server

安裝完畢啟動mysql并檢視狀态

systemctl start mysqld

systemctl status mysqld

1.3 檢視mysql的臨時密碼

grep 'temporary password' /var/log/mysqld.log

得到密碼 QD>BqongM7Fe

1.4 使用臨時密碼登入資料庫并修改密碼

mysql -uroot -p

mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewPass8!';

1.5 退出mysql，用新密碼登陸确認

1.6 更新mysql配置檔案，在symbolic-links=0下面增加以下内容：

user = mysql
port = 3306
datadir = /var/lib/mysql
socket = /var/lib/mysql/mysql.sock
bind-address = 0.0.0.0
pid-file = /var/run/mysqld/mysqld.pid
character-set-server = utf8
collation-server = utf8_general_ci
log-error = /var/log/mysqld.log

max_connections = 10240
open_files_limit = 65535
innodb_buffer_pool_size = 3G
innodb_flush_log_at_trx_commit = 2
innodb_log_file_size = 256M
innodb_flush_method = O_DIRECT
interactive_timeout = 1800
wait_timeout = 1800
slave-parallel-type = LOGICAL_CLOCK
slave-parallel-workers = 8
master-info-repository = TABLE
relay-log-info-repository = TABLE

1.7 重新開機mysql

systemctl restart mysqld

systemctl status mysqld

狀态正常，mysql安裝配置完成。

2，部署NFS

2.1 在backup上安裝NFS

yum install nfs-utils -y

systemctl start nfs

systemctl status nfs

2.2 配置NFS

vi /etc/exports

/data/nfs 192.168.100.0/24(rw,no_root_squash) //添加内容

systemctl restart nfs

2.3 在master節點重複2.1和2.2步驟來部署NFS

2.4 測試，在master節點mount

mount -t nfs 192.168.100.131:/data/nfs/wordpress /mnt/

在master的mnt目錄建立一個檔案

到backup上的指定目錄裡可以看到，nfs完成

3，web伺服器搭建，即在web1 搭建nginx和php

3.1 下載下傳nginx安裝包

wget http://nginx.org/download/nginx-1.15.3.tar.gz

3.2 安裝依賴

yum install gcc pcre-devel openssl-devel -y

3.3 添加使用者

useradd -M -s /sbin/nologin nginx

3.4 解壓并編譯

tar zxvf nginx-1.15.3.tar.gz

cd nginx-1.15.3

./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module --with-stream=dynamic

3.5 安裝

make && make install

3.6 在web1上部署和配置PHP

下載下傳安裝包

wget http://docs.php.net/distributions/php-5.6.38.tar.gz

安裝依賴

yum install gd-devel libxml2-devel libcurl-devel libjpeg-devel libpng-devel -y

解壓并編譯

tar zxvf php-5.6.38.tar.gz

cd php-5.6.38

./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-mysql --with-mysqli --with-openssl --with-zlib --with-curl --with-gd --with-jpeg-dir --with-png-dir --with-iconv --enable-fpm --enable-zip --enable-mbstring

安裝

make -j 8 && make install

配置

cp php.ini-production /usr/local/php/etc/php.ini

cd /usr/local/php/etc/

vi php.ini

date.timezone = Asia/Shanghai //修改内容

配置php-fpm

cp php-fpm.conf.default php-fpm.conf

vi php-fpm.conf

将原有的user、group=nobody 改為nginx

cd /root/php-5.6.38

cp sapi/fpm/php-fpm.service /usr/lib/systemd/system/

vi /usr/lib/systemd/system/php-fpm.service

[Unit]
Description=The PHP FastCGI Process Manager
After=syslog.target network.target

[Service]
Type=simple
PIDFile=/usr/local/php/var/run/php-fpm.pid
ExecStart=/usr/local/php/sbin/php-fpm --nodaemonize --fpm-config /usr/local/php/etc/php-fpm.conf
ExecReload=/bin/kill -USR2 $MAINPID

[Install]
WantedBy=multi-user.target

systemctl daemon-reload

systemctl start php-fpm

systemctl enable php-fpm

配置Nginx與PHP-FPM

vi /usr/local/nginx/conf/nginx.conf

user  nginx;
worker_processes  4;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
error_log  logs/error.log  info;

pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    include       vhost/*.conf;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

cd /usr/local/nginx/conf

mkdir vhost

vi wordpress.conf

server {
   listen       80;
   server_name  localhost;

   #charset koi8-r;

   #access_log  logs/host.access.log  main;

   location / {
       root   html/wordpress;
       index  index.php index.html index.htm;
   }

   location ~ \.php$ {
       root           html/wordpress;
       fastcgi_pass   127.0.0.1:9000;
       fastcgi_index  index.php;
       fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
       include        fastcgi_params;
   }
}

啟動nginx

/usr/local/nginx/sbin/nginx

3.7 同樣在web2上部署nginx

4，負載均衡器

4.1 在master上部署nginx （過程略，具體參照上述步驟）

4.2 配置負載均衡

vi /usr/local/nginx/conf/nginx.conf

user  nginx; //之前建立賬号
worker_processes  4; //是虛拟機配置的2倍

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
error_log  logs/error.log  info;

pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;


    upstream wordpress {  //使用upstream做LB
       ip_hash;
       server 192.168.100.132:80;
       server 192.168.100.135:80;
    }
    server {
        listen       80;
        server_name  wordpress.ctnrs.com;
        location / {
            proxy_pass http://wordpress;
        }
        access_log  logs/wordpress.access.log  main;
    }
    upstream solo {
       ip_hash;
       server 192.168.100.132:8080;
       server 192.168.100.135:8080;
    }
    server {
        listen       80;
        server_name  solo.ctnrs.com;
        location / {
            proxy_pass http://solo;
        }
        access_log  logs/solo.access.log  main;
    }


}

啟動nginx

/usr/local/nginx/sbin/nginx

5，配置高可用

5.1 master節點安裝keepalived

yum install keepalived -y

5.2 配置keepalived

vi /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   # 接收郵件位址
   notification_email {
     [email protected]
     [email protected]
     [email protected]
   }
   # 郵件發送位址
   notification_email_from [email protected]
   # 本地郵件伺服器發郵件
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id NGINX_MASTER
}

vrrp_script check_nginx {
     script "/usr/local/nginx/sbin/check_nginx.sh"
     interval 2
     weight -20
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    nopreempt
    virtual_router_id 51 # VRRP路由ID執行個體，每個執行個體是唯一的
    priority 100    # 優先級，備伺服器設定90
    advert_int 1    # 指定VRRP心跳包通告間隔時間，預設1秒
    # VRRP驗證塊
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    # VIP定義塊
    virtual_ipaddress {
        192.168.100.88/24
    }
    track_script {
       check_nginx
    }
}

啟動keepalived

systemctl start keepalived

Nginx狀态檢查腳本：

vi /usr/local/nginx/sbin/check_nginx.sh

count=$(ps -ef |grep nginx |egrep -cv "grep|$$")

if [ "$count" -eq 0 ]; then
    exit 1
    #systemctl stop keepalived
fi

賦予腳本執行權限

chmod +x /usr/local/nginx/sbin/check_nginx.sh

執行腳本

bash /usr/local/nginx/sbin/check_nginx.sh

5.3 同樣在backup上安裝和配置keepalived，具體配置内容如下：

! Configuration File for keepalived

global_defs {
   # 接收郵件位址
   notification_email {
     [email protected]
     [email protected]
     [email protected]
   }
   # 郵件發送位址
   notification_email_from [email protected]
   # 本地郵件伺服器發郵件
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id NGINX_MASTER
}

vrrp_script check_nginx {
     script "/usr/local/nginx/sbin/check_nginx.sh"
     interval 2
     weight -20
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51 # VRRP路由ID執行個體，每個執行個體是唯一的
    priority 90    # 優先級，備伺服器設定90
    advert_int 1    # 指定VRRP心跳包通告間隔時間，預設1秒
    # VRRP驗證塊
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    # VIP定義塊
    virtual_ipaddress {
        192.168.100.88/24
    }
    track_script {
       check_nginx
    }
}

啟動keepalived

systemctl start keepalived

執行腳本與master節點一緻，至此負載均衡和高可用部署完成。

可以通過以下方式進行測試：

1、停止Nginx服務檢視VIP是否偏移成功

2、通路VIP網站測試是否正常均衡到Web伺服器

使用nginx和keepalived實作伺服器的負載均衡和高可用

使用nginx和keepalived實作伺服器的負載均衡和高可用

繼續閱讀

2.6核心netfilter包截獲

歡迎使用CSDN-markdown編輯器Nginx配置檔案nginx.conf中文詳解（總結）

雲伺服器部署項目：vue-cli 部署服務配置

win7 localhost 配置 nginx ssl自簽名證書步驟報錯相關連結

（Nginx）03_Nginx原理與優化一、Nginx原理二、master-workers機制三、面試題：

（Nginx）02_Nginx配置執行個體一、Nginx的應用：反向代理實作一：二、反向代理執行個體二：三、Nginx的配置執行個體三–負載均衡：四、Nginx的配置執行個體四–動靜分離：Nginx在實際開發中的應用：

nginx配置示例

niginx的location的location詳細規則和優先級關系以及測試案例2.1比對文法2.2優先級判斷2.3練習3.1處理邏輯如何執行3.2功能測試3.3流程解析

Puppet自動化Nginx+Mongrel負載均衡配置

Ubuntu修改nginx将多個域名分别配置到伺服器不同端口

修改or隐藏nginx版本号

Nginx安全改動：隐藏Nginx版本号背景解決serve_tokens指令參考

版本号隐藏

Nginx服務優化（版本隐藏、版本号僞裝、逾時管理、程序管理、日志分割）Nginx服務優化未完待續

nginx location中斜線的位置的重要性