环境说明:
nginx1:192.168.2.47 nginx2:192.168.2.48 tomcat1:192.168.2.49 tomcat2:192.168.2.50 vip:192.168.2.51
一.Nginx配置
1.安装Nginx所需pcre库
wget
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.10.tar.gz
tar -zxvf pcre-8.10.tar.gz cd pcre-8.10 ./configure make make install
2.安装Nginx
wget http://nginx.org/download/nginx-0.8.52.tar.gz
groupadd www useradd -g www www tar zxvf nginx-0.8.52.tar.gz cd nginx-0.8.52/ ./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module make make install
注:如果出现以下错误
./configure: error: SSL modules require the OpenSSL library.Centos需要安装openssl-devel Ubuntu则需要安装:sudo apt-get install libssl-dev
3.修改配置文件为以下内容:
user www www; worker_processes 2; pid logs/nginx.pid; worker_rlimit_nofile 51200;
events{ use epoll; worker_connections 51200; }
http{ include mime.types; default_type application/octet-stream; keepalive_timeout 120; server_tokens off; send_timeout 60; tcp_nodelay on;
upstream tomcats { server 192.168.2.50:8080; server 192.168.2.49:8080; #ip_hash; #在没有做共享session的情况下ip_hash可以解决session问题
}
server
{ listen 80; server_name 192.168.2.48;
location / { proxy_pass http://tomcats; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }
log_format access_log '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /usr/local/nginx/logs/access.log access_log; } }4.测试配置文件
/usr/local/nginx/sbin/nginx -t
如果出现以下情况
/usr/local/nginx/sbin/nginx: error while loading shared libraries: libpcre.so.0: or directory
解决方法:
sudo ln -s /usr/local/lib/libpcre.so.0 /usr/lib/libpcre.so.0
/usr/local/nginx/sbin/nginx -t
显示以下信息为正确的
the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok configuration file /usr/local/nginx/conf/nginx.conf test is successful
5.优化内核参数
vim /etc/sysctl.conf在最后添加
net.ipv4.tcp_max_syn_backlog = 65536 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.ip_local_port_range = 1024 65535
保存退出后执行
sysctl -p
6.切割Nginx日志脚本
#!/bin/bash PATH_LOGS="/usr/local/nginx/logs" YEAR=`date -d "-1 days" +"%Y"` MONTH=`date -d "-1 days" +"%m"` mkdir -p $PATH_LOGS/$YEAR/$MONTH mv $PATH_LOGS/access.log $PATH_LOGS/$YEAR/$MONTH/access_$(date -d "-1 days" +"%Y%m%d").log kill -USR1 `cat $PATH_LOGS/nginx.pid`
把该脚本加到crontab每天00点执行
注:备机的Nginx和以上安装步骤一样
二.安装配置Keepalived
1.下载所需要的软件
wget
http://keepalived.org/software/keepalived-1.1.19.tar.gz
wget http://rpm5.org/files/popt/popt-1.16.tar.gz
2.安装popt
编译keepalived时需要popt,否则会报以下错误:
configure: error: Popt libraries is required
tar -zxvf popt-1.16.tar.gz cd popt-1.16 ./configure make make install
3.安装keepalived
tar -zxvf keepalived-1.1.19.tar.gz cd keepalived-1.1.19 ./configure --prefix=/usr/local/keepalived make make install
4.修改配置文件为以下内容:
vim /usr/local/keepalived/etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs { router_id LVS_DEVEL} vrrp_script Monitor_Nginx { script "/root/scripts/monitor_nginx.sh" #根据自己的实际路径放置monitor_nginx.sh
interval 2 weight 2 } vrrp_instance VI_1 { state MASTER
interface eth0
virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS
auth_pass 1234 } track_script { Monitor_Nginx} virtual_ipaddress { 192.168.2.51
} }注:monitor_nginx.sh为监控nginx进程的脚本,内容如下
#!/bin/bashif [ "$(ps -ef | grep "nginx: master process"| grep -v grep )" == "" ] then /usr/local/nginx/sbin/nginx sleep 5 if [ "$(ps -ef | grep "nginx: master process"| grep -v grep )" == "" ] then killall keepalived fi fi
5.启动keepalived
/usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
注:备机的keepalived的安装和上面一样,只要把配置文件改为以下(把MASTER改为BACKUP)
! Configuration File for keepalived
global_defs { router_id LVS_DEVEL} vrrp_script Monitor_Nginx { script "/root/scripts/monitor_nginx.sh" interval 2 weight 2 } vrrp_instance VI_1 { state BACKUP #改为BACKUP
interface eth0
virtual_router_id 51 priority 100 #比MASTER数值要低
advert_int 1 authentication { auth_type PASS
auth_pass 1234 } track_script { Monitor_Nginx} virtual_ipaddress { 192.168.2.51
} }三.测试步骤
1. 访问VIP看是否能够正常访问后端的tomcat
2. 停止其中一个tomcat看是否能将访问转到另一台上
3.
停止两台nginx上任何一个nginx进程看监控进程脚本是否会自动启动nginx
4.
停止任何一台nginx上的keepalived进程看另一台是否接管vip
比如停止Master上的keepalived,例如如下killall
keepalived,查看BACKUP机器是否已经接管,如果BACKUP接管后,BACKUP机器日志会是出下情况
tail
/var/log/syslog
Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs.Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.2.51
MASTER机器上日志会显示
Keepalived_vrrp: Terminating VRRP child process on signal Keepalived_vrrp: VRRP_Instance(VI_1) removing protocol VIPs.
现在把MASTER上的Keepalived重新启动,会看到MASTER重新接管VIP,并对外提供服务,BACKUP仍旧回到BACKUP STATE,如果不是这种情况,请检查配置文件和步骤.
现在的BACKUP日志如下:
Keepalived_vrrp: VRRP_Instance(VI_1) Received higher prio advert Keepalived_vrrp: VRRP_Instance(VI_1) Entering BACKUP STATE Keepalived_vrrp: VRRP_Instance(VI_1) removing protocol VIPs.
Master日志如下:
Keepalived_vrrp: VRRP_Script(Monitor_Nginx) succeeded Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs.Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.2.51