keepaliced+nginx安装配置Word文档下载推荐.docx
《keepaliced+nginx安装配置Word文档下载推荐.docx》由会员分享,可在线阅读,更多相关《keepaliced+nginx安装配置Word文档下载推荐.docx(15页珍藏版)》请在冰点文库上搜索。
vrrp_instanceVI_1{
stateMASTER#设置为主服务器
interfaceeth0
#监控网卡
virtual_router_id51#保持主备服务器一致
priority100#优先级(主服务器应比备份服务器高)
advert_int1#心跳广播时间间隔(秒)
authentication{
auth_typePASS
#加密
auth_pass1111
#加密的密码,两台服务器一定要一样
virtual_ipaddress{
10.10.0.240
1.3.2备服务器配置
#vi/etc/keepalived/keepalived.conf
加入以下内容
acassen@firewall.loc
notification_email_fromAlexandre@firewall.loc
smtp_server192.168.200.1
smtp_connect_timeout30
stateBACKUP
interfaceeth0
priority90#优先级(主服务器应比备份服务器高)
auth_typePASS
auth_pass1111
1.4修改防火墙
keepalived使用vrrp协议,vrrp协议使用224.0.0.18地址组播,修改防火墙负责主备服务器不能及时互换
#vi/etc/sysconfig/iptables
加入
-IRH-Firewall-1-INPUT-d224.0.0.18-jACCEPT
重启防火墙
#/etc/rc.d/init.d/iptablesrestart
1.5测试
#servicekeepalivedstart
#ipa
1:
lo:
<
LOOPBACK,UP>
mtu16436qdiscnoqueue
link/loopback00:
00:
00brd00:
00
inet127.0.0.1/8scopehostlo
inet6:
:
1/128scopehost
valid_lftforeverpreferred_lftforever
2:
eth0:
BROADCAST,MULTICAST,UP>
mtu1500qdiscpfifo_fastqlen
1000
link/ether00:
10:
5c:
c8:
1c:
f2brdff:
ff:
ff
inet10.10.0.230/24brd10.10.255.255scopeglobaleth0
inet10.10.0.240/32scopeglobaleth0
inet6fe80:
210:
5cff:
fec8:
1cf2/64scopelink
3:
sit0:
NOARP>
mtu1480qdiscnoop
link/sit0.0.0.0brd0.0.0.0
可以看到,10.10.0.240虚拟IP已经挂接在网卡eth0上。
检查虚拟ip状态
#curlhttp:
//10.10.0.240
itworks!
10.10.0.41
2Nginx安装
2.1安装版本
nginx-1.0.2.tar.gz
prce-8.12.tar.gz
2.2、安装步骤
2.2.1编译安装rewrite模块支持包
#tarzxvfpcre-8.12.tar.gz
#cdpcre-8.12/
#./configure
#make
#makeinstall
2.2.2编译安装Nginx
#tarzxvfnginx-1.0.2.tar.gz
#cdnginx-1.0.2/
#patch–p0<
../nginx_upstream_jvm_route/jvm_route.patch
#./configure--prefix=/data/nginx--with-http_stub_status_module--add-module=../nginx_upstream_jvm_route
#make
2.3配置
#vi/data/nginx/conf/nginx.conf(插入以下内容)
usernobodynobody;
worker_processes8;
worker_cpu_affinity0000000100000010000001000000100000010000001000000100000010000000;
worker_rlimit_nofile102400;
#error_loglogs/error.lognotice;
pidlogs/nginx.pid;
events{
useepoll;
worker_connections102400;
http{
includemime.types;
default_typeapplication/octet-stream;
client_header_buffer_size1k;
large_client_header_buffers44k;
gzipon;
gzip_min_length1100;
gzip_buffers48k;
output_buffers132k;
postpone_output1460;
client_header_timeout3m;
client_body_timeout3m;
send_timeout3m;
sendfileon;
tcp_nopushon;
tcp_nodelayon;
keepalive_timeout65;
upstreamtsaweb{
server10.10.10.230:
81weight=8;
82weight=8;
server10.10.10.232:
80weight=10;
server10.10.10.232:
81weight=10;
server10.10.10.232:
82weight=10;
jvm_route$cookie_JSESSIONID|sessionid;
}
server{
listen80;
server_name;
charsetgb2312;
location/{
proxy_passhttp:
//tsaweb;
proxy_redirectoff;
proxy_set_headerHost$host;
proxy_set_headerX-Real-IP$remote_addr;
proxy_set_headerX-Forwarded-For$proxy_add_x_forwarded_for;
location/NginxStatus{
stub_statuson;
auth_basic"
NginxStatus"
;
记得修改防火墙端口号
2.4测试
运行以下命令检测配置文件是否无误:
/data/nginx/sbin/nginx
如果没有报错,那么就可以开始运行Nginx了.
2.5开机启动
vi/etc/init.d/nginx
输入下面的代码,注意修改相关地址的参数值
#!
/bin/bash
#nginxStartupscriptfortheNginxHTTPServer
#itisv.0.0.2version.
#chkconfig:
-8515
#description:
Nginxisahigh-performancewebandproxyserver.
#Ithasalotoffeatures,butit'
snotforeveryone.
#processname:
nginx
#pidfile:
/var/run/nginx.pid
#config:
/usr/local/nginx/conf/nginx.conf
nginxd=/data/nginx/sbin/nginx
nginx_config=/data/nginx/conf/nginx.conf
nginx_pid=/data/nginx/logs/nginx.pid
RETVAL=0
prog="
nginx"
#Sourcefunctionlibrary.
./etc/rc.d/init.d/functions
#Sourcenetworkingconfiguration.
./etc/sysconfig/network
#Checkthatnetworkingisup.
[${NETWORKING}="
no"
]&
&
exit0
[-x$nginxd]||exit0
#Startnginxdaemonsfunctions.
start(){
if[-e$nginx_pid];
then
echo"
nginxalreadyrunning...."
exit1
fi
echo-n$"
Starting$prog:
"
daemon$nginxd-c${nginx_config}
RETVAL=$?
echo[$RETVAL=0]&
touch/var/lock/subsys/nginx
return$RETVAL
#Stopnginxdaemonsfunctions.
stop(){
echo-n$"
Stopping$prog:
killproc$nginxd
RETVAL=$?
echo[$RETVAL=0]&
rm-f/var/lock/subsys/nginx/var/run/nginx.pid
#reloadnginxservicefunctions.
reload(){
Reloading$prog:
#kill-HUP`cat${nginx_pid}`
killproc$nginxd–HUP
Echo
#Seehowwewerecalled.
case"
$1"
in
start)
start
stop)
stop
reload)
reload
restart)
status)
status$prog
*)
echo$"
Usage:
$prog{start|stop|restart|reload|status|help}"
exit1
esac
exit$RETVAL
设置文件的访问权限
chmoda+x/etc/init.d/nginx
(a+x==>
allusercanexecute
所有用户可执行)
3keepalived与nginx配置
在主服务器和备服务器都要配置
3.1编写监控nginx监控脚本
作用是当nginx死掉了,停止主服务的keepalived,启动副服务的keepalived,
#vi/data/nginx/logs/nginx_pid.sh(路径可以自定义,加入以下内容)
/bin/bash
#version0.0.2
A=`ps-Cnginx--no-header|wc-l`
if[$A-eq0];
then
sleep3
if[`ps-Cnginx--no-header|wc-l`-eq0];
killallkeepalived
分配权限
chmod775/data/nginx/logs/nginx_pid.sh
3.2配置/etc/keepalived/keepalived.conf
#vi/etc/keepalived/keepalived.conf(修改为以下内容)
#新加入
vrrp_scriptchk_http_port{
script"
/data/nginx/logs/nginx_pid.sh"
interval2
weight2
}
#修改vrrp_instanceVI_1,主要加入track_script
vrrp_instanceVI_1{
stateMASTER
interfaceeth0
virtual_router_id51
priority101
auth_typePASS
auth_passeric
track_script{
chk_http_port
10.10.10.240
3.2测试
在server1把nginx服务器停止
#killallnginx
这时候看server1的日志
Apr2018:
41:
26nginxKeepalived_healthcheckers:
TerminatingHealthcheckerchildprocessonsignal
26nginxKeepalived_vrrp:
TerminatingVRRPchildprocessonsignal
可以看出keepalived的进程已经停止
这时候看server2的日志,看是否已经接管
23varnishKeepalived_vrrp:
VRRP_Instance(VI_1)TransitiontoMASTERSTATE
24varnishKeepalived_vrrp:
VRRP_Instance(VI_1)EnteringMASTERSTATE
Netlink:
skippingnl_cmdmsg...
很明显的看出server2已经接管了,已经变为MASTER了
附系统优化
1内核优化
1.1修改/etc/sysctl.conf
net.ipv4.ip_forward=0
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.default.accept_source_route=0
kernel.sysrq=0
kernel.core_uses_pid=1
net.ipv4.tcp_syncookies=1
kernel.msgmnb=65536
kernel.msgmax=65536
kernel.shmmax=68719476736
kernel.shmall=4294967296
net.ipv4.tcp_max_tw_buckets=6000
net.ipv4.tcp_sack=1
net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_rmem=4096
87380
4194304
net.ipv4.tcp_wmem=4096
16384
net.core.wmem_default=8388608
net.core.rmem_default=8388608
net.core.rmem_max=16777216
net.core.wmem_max=16777216
dev_max_backlog=262144
net.core.somaxconn=262144
net.ipv4.tcp_max_orphans=3276800
net.ipv4.tcp_max_syn_backlog=262144
net.ipv4.tcp_timestamps=0
net.ipv4.tcp_synack_retries=1
net.ipv4.tcp_syn_retries=1
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_mem=94500000915000000927000000
net.ipv4.tcp_fin_timeout=1
net.ipv4.tcp_keepalive_time=30
net.ipv4.ip_local_port_range=1024
65000
1.2修改/etc/security/limits.conf
*softnofile102400
*hardnofile102400