keepaliced+nginx安装配置Word文档下载推荐.docx

keepaliced+nginx安装配置Word文档下载推荐.docx

《keepaliced+nginx安装配置Word文档下载推荐.docx》由会员分享，可在线阅读，更多相关《keepaliced+nginx安装配置Word文档下载推荐.docx（15页珍藏版）》请在冰点文库上搜索。

vrrp_instanceVI_1{

stateMASTER#设置为主服务器

interfaceeth0 

#监控网卡

virtual_router_id51#保持主备服务器一致

priority100#优先级（主服务器应比备份服务器高）

advert_int1#心跳广播时间间隔（秒）

authentication{

auth_typePASS 

#加密

auth_pass1111 

#加密的密码，两台服务器一定要一样

virtual_ipaddress{

10.10.0.240

1.3.2备服务器配置

#vi/etc/keepalived/keepalived.conf

加入以下内容

acassen@firewall.loc

notification_email_fromAlexandre@firewall.loc

smtp_server192.168.200.1

smtp_connect_timeout30

stateBACKUP

interfaceeth0

priority90#优先级（主服务器应比备份服务器高）

auth_typePASS

auth_pass1111

1.4修改防火墙

keepalived使用vrrp协议，vrrp协议使用224.0.0.18地址组播，修改防火墙负责主备服务器不能及时互换

#vi/etc/sysconfig/iptables

加入

-IRH-Firewall-1-INPUT-d224.0.0.18-jACCEPT

重启防火墙

#/etc/rc.d/init.d/iptablesrestart

1.5测试

#servicekeepalivedstart

#ipa

1:

lo:

<

LOOPBACK,UP>

mtu16436qdiscnoqueue

link/loopback00:

00:

00brd00:

00

inet127.0.0.1/8scopehostlo

inet6:

:

1/128scopehost

valid_lftforeverpreferred_lftforever

2:

eth0:

BROADCAST,MULTICAST,UP>

mtu1500qdiscpfifo_fastqlen

1000

link/ether00:

10:

5c:

c8:

1c:

f2brdff:

ff:

ff

inet10.10.0.230/24brd10.10.255.255scopeglobaleth0

inet10.10.0.240/32scopeglobaleth0

inet6fe80:

210:

5cff:

fec8:

1cf2/64scopelink

3:

sit0:

NOARP>

mtu1480qdiscnoop

link/sit0.0.0.0brd0.0.0.0

可以看到，10.10.0.240虚拟IP已经挂接在网卡eth0上。

检查虚拟ip状态

#curlhttp:

//10.10.0.240

itworks!

10.10.0.41

2Nginx安装

2.1安装版本

nginx-1.0.2.tar.gz

prce-8.12.tar.gz

2.2、安装步骤

2.2.1编译安装rewrite模块支持包

#tarzxvfpcre-8.12.tar.gz

#cdpcre-8.12/

#./configure

#make

#makeinstall

2.2.2编译安装Nginx

#tarzxvfnginx-1.0.2.tar.gz

#cdnginx-1.0.2/

#patch–p0<

../nginx_upstream_jvm_route/jvm_route.patch

#./configure--prefix=/data/nginx--with-http_stub_status_module--add-module=../nginx_upstream_jvm_route

#make

2.3配置

#vi/data/nginx/conf/nginx.conf（插入以下内容）

usernobodynobody;

worker_processes8;

worker_cpu_affinity0000000100000010000001000000100000010000001000000100000010000000;

worker_rlimit_nofile102400;

#error_loglogs/error.lognotice;

pidlogs/nginx.pid;

events{

useepoll;

worker_connections102400;

http{

includemime.types;

default_typeapplication/octet-stream;

client_header_buffer_size1k;

large_client_header_buffers44k;

gzipon;

gzip_min_length1100;

gzip_buffers48k;

output_buffers132k;

postpone_output1460;

client_header_timeout3m;

client_body_timeout3m;

send_timeout3m;

sendfileon;

tcp_nopushon;

tcp_nodelayon;

keepalive_timeout65;

upstreamtsaweb{

server10.10.10.230:

81weight=8;

82weight=8;

server10.10.10.232:

80weight=10;

server10.10.10.232:

81weight=10;

server10.10.10.232:

82weight=10;

jvm_route$cookie_JSESSIONID|sessionid;

}

server{

listen80;

server_name;

charsetgb2312;

location/{

proxy_passhttp:

//tsaweb;

proxy_redirectoff;

proxy_set_headerHost$host;

proxy_set_headerX-Real-IP$remote_addr;

proxy_set_headerX-Forwarded-For$proxy_add_x_forwarded_for;

location/NginxStatus{

stub_statuson;

auth_basic"

NginxStatus"

;

记得修改防火墙端口号

2.4测试

运行以下命令检测配置文件是否无误：

/data/nginx/sbin/nginx

如果没有报错，那么就可以开始运行Nginx了.

2.5开机启动

vi/etc/init.d/nginx 

输入下面的代码，注意修改相关地址的参数值

#!

/bin/bash

#nginxStartupscriptfortheNginxHTTPServer

#itisv.0.0.2version.

#chkconfig:

-8515

#description:

Nginxisahigh-performancewebandproxyserver.

#Ithasalotoffeatures,butit'

snotforeveryone.

#processname:

nginx

#pidfile:

/var/run/nginx.pid

#config:

/usr/local/nginx/conf/nginx.conf

nginxd=/data/nginx/sbin/nginx

nginx_config=/data/nginx/conf/nginx.conf

nginx_pid=/data/nginx/logs/nginx.pid

RETVAL=0

prog="

nginx"

#Sourcefunctionlibrary.

./etc/rc.d/init.d/functions

#Sourcenetworkingconfiguration.

./etc/sysconfig/network

#Checkthatnetworkingisup.

[${NETWORKING}="

no"

]&

&

exit0

[-x$nginxd]||exit0

#Startnginxdaemonsfunctions.

start（）{

if[-e$nginx_pid];

then

echo"

nginxalreadyrunning...."

exit1

fi

echo-n$"

Starting$prog:

"

daemon$nginxd-c${nginx_config}

RETVAL=$?

echo[$RETVAL=0]&

touch/var/lock/subsys/nginx

return$RETVAL

#Stopnginxdaemonsfunctions.

stop（）{

echo-n$"

Stopping$prog:

killproc$nginxd

RETVAL=$?

echo[$RETVAL=0]&

rm-f/var/lock/subsys/nginx/var/run/nginx.pid

#reloadnginxservicefunctions.

reload（）{

Reloading$prog:

#kill-HUP`cat${nginx_pid}`

killproc$nginxd–HUP

Echo

#Seehowwewerecalled.

case"

$1"

in

start）

start

stop）

stop

reload）

reload

restart）

status）

status$prog

*）

echo$"

Usage:

$prog{start|stop|restart|reload|status|help}"

exit1

esac

exit$RETVAL

设置文件的访问权限

chmoda+x/etc/init.d/nginx 

（a+x==>

allusercanexecute 

所有用户可执行）

3keepalived与nginx配置

在主服务器和备服务器都要配置

3.1编写监控nginx监控脚本

作用是当nginx死掉了，停止主服务的keepalived，启动副服务的keepalived，

#vi/data/nginx/logs/nginx_pid.sh（路径可以自定义，加入以下内容）

/bin/bash

#version0.0.2

A=`ps-Cnginx--no-header|wc-l`

if[$A-eq0];

then 

sleep3

if[`ps-Cnginx--no-header|wc-l`-eq0];

killallkeepalived 

分配权限

chmod775/data/nginx/logs/nginx_pid.sh

3.2配置/etc/keepalived/keepalived.conf

#vi/etc/keepalived/keepalived.conf（修改为以下内容）

#新加入

vrrp_scriptchk_http_port{

script"

/data/nginx/logs/nginx_pid.sh"

interval2 

weight2 

}

#修改vrrp_instanceVI_1，主要加入track_script

vrrp_instanceVI_1{

stateMASTER

interfaceeth0

virtual_router_id51

priority101 

auth_typePASS

auth_passeric

track_script{

chk_http_port 

10.10.10.240

3.2测试

在server1把nginx服务器停止

#killallnginx

这时候看server1的日志

Apr2018:

41:

26nginxKeepalived_healthcheckers:

TerminatingHealthcheckerchildprocessonsignal

26nginxKeepalived_vrrp:

TerminatingVRRPchildprocessonsignal

可以看出keepalived的进程已经停止

这时候看server2的日志，看是否已经接管

23varnishKeepalived_vrrp:

VRRP_Instance（VI_1）TransitiontoMASTERSTATE

24varnishKeepalived_vrrp:

VRRP_Instance（VI_1）EnteringMASTERSTATE

Netlink:

skippingnl_cmdmsg...

很明显的看出server2已经接管了，已经变为MASTER了

附系统优化

1内核优化

1.1修改/etc/sysctl.conf

net.ipv4.ip_forward=0

net.ipv4.conf.default.rp_filter=1

net.ipv4.conf.default.accept_source_route=0

kernel.sysrq=0

kernel.core_uses_pid=1

net.ipv4.tcp_syncookies=1

kernel.msgmnb=65536

kernel.msgmax=65536

kernel.shmmax=68719476736

kernel.shmall=4294967296

net.ipv4.tcp_max_tw_buckets=6000

net.ipv4.tcp_sack=1

net.ipv4.tcp_window_scaling=1

net.ipv4.tcp_rmem=4096 

87380 

4194304

net.ipv4.tcp_wmem=4096 

16384 

net.core.wmem_default=8388608

net.core.rmem_default=8388608

net.core.rmem_max=16777216

net.core.wmem_max=16777216

dev_max_backlog=262144

net.core.somaxconn=262144

net.ipv4.tcp_max_orphans=3276800

net.ipv4.tcp_max_syn_backlog=262144

net.ipv4.tcp_timestamps=0

net.ipv4.tcp_synack_retries=1

net.ipv4.tcp_syn_retries=1

net.ipv4.tcp_tw_recycle=1

net.ipv4.tcp_tw_reuse=1

net.ipv4.tcp_mem=94500000915000000927000000

net.ipv4.tcp_fin_timeout=1

net.ipv4.tcp_keepalive_time=30

net.ipv4.ip_local_port_range=1024 

65000

1.2修改/etc/security/limits.conf

*softnofile102400

*hardnofile102400