Nginx反向代理負載均衡
實驗環境
| -主機名 | -ip | -服務 | 系統 |
|---|---|---|---|
| RS1 | 192.168.132.100 | nginx ,keepalived | centos8 |
| RS2 | 192.168.132.135 | nginx,keepalived | centos8 |
| nginx | 192.168.132.137 | nginx | centos8 |
| apache | 192.168.132.140 | apache | centos8 |
反向代理
RS1
[[email protected] ~]# systemctl disable --now firewalld.service
[[email protected] ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[[email protected] ~]# dnf -y install keepalived nginx
[[email protected] ~]# vi /etc/nginx/nginx.conf
.....
upstream lx.com { //寫在server外面
server 192.168.132.137 weight=2;
server 192.168.132.140;
}
.....
location / { //寫在server裡面
proxy_pass http://lx.com;
}
RS2
[[email protected] nginx]# scp -r nginx.conf 192.168.132.100:/etc/nginx/nginx.conf
roo[email protected]'s password:
nginx.conf 100% 2592 2.1MB/s
測試
[外鍊圖檔轉存失敗,源站可能有防盜鍊機制,建議将圖檔儲存下來直接上傳(img-AI1L53Br-1666014938951)(D:\360Downloads\image-20221017211025051.png)]
nginx
[[email protected] ~]# systemctl disable --now firewalld.service
[[email protected] ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[[email protected] ~]# dnf -y install nginx
[[email protected] ~]# systemctl enable --now nginx.service
[[email protected] ~]# echo 'hehe' > /usr/share/nginx/html/index.html
apache
[[email protected] ~]# systemctl disable --now firewalld.service
[[email protected]~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[[email protected] ~]# dnf -y install httpd
[[email protected] ~]# systemctl enable --now httpd
[[email protected] ~]# echo 'xixi' > /var/www/html/index.html
負載均衡
RS1
[[email protected] ~]# cd /etc/keepalived/
[[email protected] keepalived]# ls
keepalived.conf
[[email protected] keepalived]# mv keepalived.conf{,-bak}
[[email protected] keepalived]# ls
keepalived.conf-bak
[[email protected] keepalived]# vi keepalived.conf
[[email protected] keepalived]# cat keepalived.conf
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface ens33 //要和自己網卡名字一緻
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.132.249 //vip貴賓不能是ping的通的
}
}
virtual_server 192.168.132.249 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.132.135 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.132.100 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[[email protected] keepalived]# systemctl restart keepalived.service
[[email protected] keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:8c:44:a8 brd ff:ff:ff:ff:ff:ff
inet 192.168.132.100/24 brd 192.168.132.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.132.249/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe8c:44a8/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:3a:e5:b9 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
RS2
[[email protected] ~]# cd /etc/keepalived/
[[email protected] keepalived]# ls
keepalived.conf
[[email protected] keepalived]# mv keepalived.conf{,-bak}
[[email protected] keepalived]# ls
keepalived.conf-bak
//到RS1上遠端傳輸配置檔案
[[email protected] keepalived]# scp -r keepalived.conf 192.168.132.135:/etc/keepalived/
[email protected]'s password:
keepalived.conf 100% 831 335.4KB/s 00:00
[[email protected] keepalived]# ls
keepalived.conf keepalived.conf-bak
[[email protected] keepalived]# vi keepalived.conf
[[email protected] keepalived]# systemctl restart keepalived.service
[[email protected] keepalived]# cat keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.132.249
}
}
virtual_server 192.168.132.249 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.132.135 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.132.100 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
測試
關閉掉RS1的keepalive服務測試
必須也要關閉nginx服務
[[email protected] ~]# systemctl stop keepalived.service
[[email protected] ~]# systemctl stop nginx.service
3
delay_before_retry 3
}
}
}
### 測試
關閉掉RS1的keepalive服務測試
必須也要關閉nginx服務
[[email protected] ~]# systemctl stop keepalived.service
[[email protected] ~]# systemctl stop nginx.service
[外鍊圖檔轉存失敗,源站可能有防盜鍊機制,建議将圖檔儲存下來直接上傳(img-t6RsWIpp-1666014938952)(D:\360Downloads\image-20221017215315573.png)]
![Apache靜态檔案通路配置(書封伺服器)[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)