The original article is reprinted from liu Yue’s Technology blog v3u.cn/a_id_117

Recently, when students go out for interviews, they are often asked a question.

Interviewer: You said that your company deployed tornado, the nginx reverse agent, how many machines it deployed, which sounds cool. But I ask you, what if the host computer that deployed Nginx gets so overwhelmed that it goes down?

A: Relatively new cpus running nginx single core can approach 20,000 requests per second, regardless of bandwidth spikes, and nginx has horrible performance and will fail if it only does HTTP forwarding…

Interviewer: Ok, you’re lying, but what if the plug is kicked off by the sweeper and the server goes down because there’s no power

Answer: Ali cloud room will be cut off… Are you fucking kidding me?

In fact, the probability of breakdown of the host responsible for forwarding is very small, but it is not impossible, and nothing is absolute. The so-called high availability architecture is reflected in the disaster recovery mechanism. If the host goes down, we must make plans. Here we are using Docker-compose to deploy nginx-Keepalived dual hot standby. VIP hosts can drift so that when the host is down, there are standby hosts to take over

Keepalived is a high reliability running tool for IMPLEMENTING VRRP backup routes under Linux. The service mode designed based on Keepalived can truly achieve a seamless IP exchange between the master server and the backup server in the event of a failure. Combined with the two, a relatively stable software LB scheme can be constructed.

Simply put, Keepalived is a simple load balancing mode

When a host fails, the service can be switched to the standby machine instantaneously

First, install the docker and docker – compose don’t press the table, you can refer to this article, on the centos7.6 docker – compose unified management container and services

Create the nginx_keepalived folder

Create a Dockerfile. Here we use Alpine as the base image for the simple reason that it is small

FROM nginx:1.13.5-alpine

RUN apk update && apk upgrade

RUN apk add --no-cache bash curl ipvsadm iproute2 openrc keepalived && 
    rm -f /var/cache/apk/* /tmp/*

COPY entrypoint.sh /entrypoint.sh

RUN chmod +x /entrypoint.sh

CMD ["/entrypoint.sh"]
Copy the code

Then create docker-comemage. yml file, here we can emulate the online environment, deploy a host and a slave machine, respectively install nginx

version: "3"services: nginx_master: build: context: ./ dockerfile: ./Dockerfile volumes: - ./index-master.html:/usr/share/nginx/html/index.html - ./favicon.ico:/usr/share/nginx/html/favicon.ico - . / keepalived - master. The conf: / etc/keepalived/keepalived conf networks: the static - network: ipv4_address: 172.20.128.2 cap_add: - NET_ADMIN nginx_slave: build: context: ./ dockerfile: ./Dockerfile volumes: - ./index-slave.html:/usr/share/nginx/html/index.html - ./favicon.ico:/usr/share/nginx/html/favicon.ico - . / keepalived - slave. Conf: / etc/keepalived/keepalived conf networks: the static - network: ipv4_address: 172.20.128.3 cap_add: -net_admin proxy: image: haproxy:1.7-alpine Ports: -8000 :6301 Volumes: -./haproxy. CFG :/usr/local/etc/haproxy. CFG networks: - static-network networks: static-network: ipam: config: -subnet: 172.20.0.0/16Copy the code

Then, write the nginx configuration file, keepalived-master.conf. Since we don’t have tornado service at the back end, we use virtual proxy service

vrrp_script chk_nginx {
    script "pidof nginx"interval 2 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 33 priority 200 advert_int 1 Unicast_src_ip 172.20.128.2 unicast_peer {172.20.128.3} authentication {auth_type PASS auth_pass letmein} Virtual_ipaddress {172.20.128.4/24 dev eth0} track_script {chk_nginx}}Copy the code

Similarly, copy the slave nginx configuration keepalived-slave.conf

vrrp_script chk_nginx {
    script "pidof nginx"interval 2 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 33 priority 100 advert_int 1 Unicast_src_ip 172.20.128.3 unicast_peer {172.20.128.2} authentication {auth_type PASS auth_pass letmein} Virtual_ipaddress {172.20.128.4/24 dev eth0} track_script {chk_nginx}}Copy the code

Then make two web pages for the back-end service, one for the host index-master. HTML and one for the slave index-slave.html

<! DOCTYPE html> <html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="Width = device - width, initial - scale = 1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge"< span style>#box{ 
    margin: 0px auto;
    font-family: 'Times New Roman', Times, serif; 
    font-size: 30px;
    font-style: initial;
    color: aliceblue;
    }

body{
    background-color: black
}

</style>
</head>
<body>

    <div id="box"> Host </div> </body> </ HTML >Copy the code

Copy a copy of the slave machine, change the host to slave machine

The haproxy.cfg configuration file is required because we want to emulate the background service

global
    log 127.0.0.1 local0
    maxconn 4096
    daemon
    nbproc 4

defaults
    log 127.0.0.1 local3
    mode http
    option dontlognull
    option redispatch
    retries 2
    maxconn 2000
    balance roundrobin
    timeout connect 5000ms
    timeout client 5000ms
    timeout server 5000ms

frontend main
    bind *:6301
    default_backend webserver

backend webserver
    server ngxin_master 172.20.128.4:80 check inter 2000 rise 2 fall 5
Copy the code

Finally, write the shell script entryPoint.sh for the service

#! /bin/sh
/usr/sbin/keepalived -n -l -D -f /etc/keepalived/keepalived.conf --dont-fork --log-console &

nginx -g "daemon off;"
Copy the code

The overall project structure is as follows:

Now to start the container cluster, enter the command docker-compose up

The container was found started

For another command line, enter docker ps

Nginx reverse proxy 8000 port backend service, access localhost:8000

Now let’s simulate an Nginx host outage

docker pause nginx_keepalive_nginx_master_1
Copy the code

Access localhost:8000 again

It was found that the automatic and seamless switch to the standby machine was very smooth

The characteristics of high availability architecture are reflected in this, so in the interview, you should constantly summarize the questions raised by the interviewer, and do in-depth research on the questions you are not familiar with and do not know, so that you can be invincible in the interview.

Finally, attached is the project address: gitee.com/QiHanXiBei/…

The original article is reprinted from liu Yue’s Technology blog v3u.cn/a_id_117