安装 nginx与keepalived
- 首先安装 openssl、perl pcre 、 zlib 库和模块
openssl 库
wget https://www.openssl.org/source/openssl-1.1.1-pre8.tar.gz tar -zxvf openssl-1.1.1-pre8.tar.gz cd openssl-1.1.1-pre8 ./config && make && make install
然后再设置一下软连接
ln -sf /usr/local/lib64/libssl.so.1.1 /lib64/libssl.so.1.1 ln -sf /usr/local/lib64/libcrypto.so.1.1 /lib64/libcrypto.so.1.1
perl pcre 模块
wget https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.gz tar -zxvf pcre-8.42.tar.gz cd pcre-8.42 ./configure && make && make install
zlib 库
wget http://www.zlib.net/fossils/zlib-1.2.11.tar.gz tar -zxvf zlib-1.2.11.tar.gz cd zlib-1.2.11 ./configure && make && make install
- 创建系统用户
groupadd -r nginx useradd -r -g nginx nginx passwd nginx // 输入 nginx 作为密码
- 安装 nginx 软件
wget http://nginx.org/download/nginx-1.15.7.tar.gz tar -zxvf nginx-1.15.7.tar.gz cd nginx-1.15.7 ./configure --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream_ssl_module --with-http_slice_module --with-file-aio --with-http_v2_module --with-http_ssl_module --with-http_flv_module --with-http_mp4_module --with-http_stub_status_module --with-http_gzip_static_module --with-stream --with-pcre=/root/nginx_keepalived/nginx/pcre-8.42 --with-zlib=/root/nginx_keepalived/nginx/zlib-1.2.11 --with-openssl=/root/nginx_keepalived/nginx/openssl-1.1.1-pre8 make -j 4 && make install
⚠️注意:
--with-pcre、--with-zlib和 --with-openssl 三个参数,需要填写刚才编译安装的完整地址,避免出现错误
- 配置 service 服务
新建一个脚本文件 /etc/init.d/nginx,内容如下
#! /bin/bash # chkconfig: - 85 15 PATH=/usr/local/nginx DESC="nginx daemon" NAME=nginx DAEMON=$PATH/sbin/$NAME CONFIGFILE=$PATH/conf/$NAME.conf PIDFILE=$PATH/logs/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME set -e [ -x "$DAEMON" ] || exit 0 do_start() { $DAEMON -c $CONFIGFILE || echo -n "nginx already running" } do_stop() { $DAEMON -s stop || echo -n "nginx not running" } do_reload() { $DAEMON -s reload || echo -n "nginx can't reload" } case "$1" in start) echo -n "Starting $DESC: $NAME" do_start echo "." ;; stop) echo -n "Stopping $DESC: $NAME" do_stop echo "." ;; reload|graceful) echo -n "Reloading $DESC configuration..." do_reload echo "." ;; restart) echo -n "Restarting $DESC: $NAME" do_stop do_start echo "." ;; *) echo "Usage: $SCRIPTNAME {start|stop|reload|restart}" >&2 exit 3 ;; esac exit 0
*****************
添加执行权限
chmod a+x /etc/init.d/nginx
增加 nginx 服务
chkconfig --add nginx
如果要设置开机自启动,则执行以下命令
chkconfig nginx on
- 启动、停止、重启和重新加载 nginx服务和配置文件的命令
启动 nginx
systemctl start nginx.service
停止nginx服务
systemctl stop nginx.service
重启nginx服务
systemctl restart nginx.service
重新读取nginx配置(这个最常用, 不用停止nginx服务就能使修改的配置生效)
systemctl reload nginx.service
在 nginx 配置文件 -- /usr/local/nginx/conf/nginx.conf 末尾增加以下内容
stream { upstream cloudsocket { hash $remote_addr consistent; server 192.168.10.210:3309 weight=5 max_fails=3 fail_timeout=30s; } server { listen 3308;#数据库服务器监听端口 proxy_connect_timeout 10s; proxy_timeout 300s;#设置客户端和代理服务之间的超时时间,如果5分钟内没操作将自动断开。 proxy_pass cloudsocket; } }
⚠️注意:
配置中的 192.168.10.210:3309,是我机器的IP 地址和 mysql 的服务端口;
3308 是未来 nginx 启动后,对外提供的服务端口
安装 keepalived 软件
wget https://www.keepalived.org/software/keepalived-2.0.20.tar.gz tar -zxvf keepalived-2.0.20.tar.gz cd keepalived-2.0.20/ export LIBRARY_PATH=/usr/local/lib64 ./configure make -j 4 && make install
在编译 keepalived 时,如果没有正确配置 openssl 的so 动态库,可能会出现如下错误信息
keepalived-2.0.20/keepalived/check/check_ssl.c:81:对‘OPENSSL_init_ssl’未定义的引用 check/libcheck.a(check_ssl.o):在函数‘init_ssl_ctx’中: check_ssl.c:(.text+0x284):对‘OPENSSL_init_ssl’未定义的引用 check_ssl.c:(.text+0x29a):对‘TLS_method’未定义的引用 collect2: 错误:ld 返回 1 make[2]: *** [keepalived] 错误 1 make[2]: 离开目录“/root/nginx_keepalived/keepalived-2.0.20/keepalived” make[1]: *** [all-recursive] 错误 1 make[1]: 离开目录“/root/nginx_keepalived/keepalived-2.0.20/keepalived” make: *** [all-recursive] 错误 1
此时,只要找到 openssl 的so 安装目录,一般就是 /usr/local/lib64,然后执行以下命令,就可以解决
export LIBRARY_PATH=/usr/local/lib64
为系统增加 keepalived 服务
cp keepalived/etc/init.d/keepalived /etc/init.d/ chmod a+x /etc/init.d/keepalived chkconfig --add keepalived
设置 keepalived 开启自启动
chkconfig keepalived on
设置 keepalived 的启动参数,打开 /usr/local/etc/sysconfig/keepalived 文件,修改里面的内容
KEEPALIVED_OPTIONS="-D -f /usr/local/etc/keepalived/keepalived.conf"
为 keepalived 增加一个 nginx 的检测脚本 /usr/local/etc/keepalived/nginx_check.sh
#!/bin/bash set -x A=`ps -C nginx --no-header |wc -l` if [ $A -eq 0 ];then echo `date`': nginx is not healthy, try to killall keepalived' >> /usr/local/etc/keepalived/keepalived.log killall keepalived fi
##
设置 keepalived 的服务,打开 /usr/local/etc/keepalived/keepalived.conf 文件
为主的 keepalived 设置
! Configuration File for keepalived global_defs { router_id lvs-01 } vrrp_script chk_nginx { script "/usr/local/etc/keepalived/nginx_check.sh" interval 3 weight -20 } vrrp_instance VI_1 { state MASTER interface eth1 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } ## 将 track_script 块加入 instance 配置块 track_script { chk_nginx ## 执行 Nginx 监控的服务 } virtual_ipaddress { 10.211.55.23 } }
为备的 keepalived 设置
! Configuration File for keepalived global_defs { router_id lvs-02 } vrrp_script chk_nginx { script "/usr/local/etc/keepalived/nginx_check.sh" interval 3 weight -20 } vrrp_instance VI_1 { state MASTER interface eth1 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } ## 将 track_script 块加入 instance 配置块 track_script { chk_nginx ## 执行 Nginx 监控的服务 } virtual_ipaddress { 10.211.55.23 } }
主和备 之间的差距
router_id *** 设置的值不一样 priority *** 权重不同, 主的权重更高 interface *** 修改为当前机器的具体网卡名字
启动 keepalived 服务
systemctl start keepalived.service
停止 keepalived 服务
systemctl stop keepalived.service
查看 keepalived 设置的虚拟 IP 地址是否生效,可以通过以下命令查看
ip a
参考博客:
https://www.cnblogs.com/taiyonghai/p/6728707.html
https://www.cnblogs.com/heruiguo/p/8962243.html
这个博客介绍了如何注册service 服务
https://www.cnblogs.com/yanqingxu/p/7927830.html
以下博客介绍了 keepalived 的部署和设置
https://www.cnblogs.com/cxbhakim/p/9068833.html
https://www.cnblogs.com/zyxnhr/p/11167401.html