preface
In order to provide high availability of the system and meet the requirements of thermal redundancy of network security level protection, the platform needs to make high availability of applications. This paper mainly focuses on nGINx cluster configuration.
Nginx HA Overview
The role of nginx in the system is to provide some load balancing and dynamic proxy functions to the system. By polling to different services, requests can be forwarded to other servers even if one server fails.
However, if Nginx fails, there will be no entry point to the entire system, so we need to configure nginx with high availability.
Prepare two Nginx servers.
When the primary Nginx server is down, when we visit the secondary Nginx server again, we will actually visit the secondary Nginx server for load balancing. The whole IP switching process will not be felt by the user. This process of working IP address change is called IP drift.
The virtual IP is keepalived, provided by third-party software.
Second, the keepalived
Keepalived offers two modes:
- Master -> Backup mode: Once the master is down, the virtual IP will automatically migrate to the slave. After the master is repaired, Keepalived is started and the virtual IP will be preempted even if nopreempt is set.
- Backup ->backup mode p will automatically drift to the slave library. When the original master library is restored and keepalived service is started, it will not preempt the virtual IP of the new master, even if the priority is higher than that of the slave library. To reduce the number of IP drifts, the repaired primary library is usually treated as the new standby library.
1. First of all, let’s confirm the network card and IP
ip addr show |grep inet
Copy the code
2, then install:
Yum install keepalived - yCopy the code3, then configure the/etc/keepalived/keepalived conf this file
Master server configuration:
! Configuration File for Keepalived global_defs {# identify host ID Router_id NGINX_102} ## Check script and weight parameter vrrp_script chk_http_port { Script "/ opt/software/nginx/sh/nginx_check. Sh" # # configuration script path interval of 2 # (interval) of test script execution weight weight 2 # #} vrrp_instance VI_1 {# State MASTER Interface ens33 virtual_Router_id 51 priority 100 advert_int 1 authentication {auth_type PASS Auth_pass 1111} virtual_ipaddress {192.168.81.104} track_script {chk_http_port}}Copy the codeFrom service configuration, simply change state to backup and lower priority.
Vrrp_instance VI_1 {state BACKUP # Virtual_router_id 51 # The virtual_router_id must be the same as the virtual_router_id on the active and standby machines. Priority 90 # The virtual_router_id must be the same as the virtual_router_id on the active and standby machines. Advert_int 1 # advert_int 1 # Authentication {## auth_type PASS auth_pass 123456} virtual_ipAddress { ## VRRP H virtual address}}Copy the codeThe script content is as follows:
Sh: The script path is the same as the nginx startup path
#! / bin/bash A = ` ps - C nginx - no - the header | wc -l ` if [$A - eq 0]; then /usr/local/nginx/sbin/nginx sleep 2 if [ `ps -C nginx --no-header |wc -l` -eq 0 ]; then killall keepalived fi fiCopy the codeThe purpose of the script is to detect if the Nginx service has hung up, try to start it if it fails, and shut down the Keepalived service if it fails. After testing to turn off Nginx alone, keepalived will not be forwarded to nginx slave servers without turning off keepalived. Therefore, the purpose of the script is to ensure that either both exist or both fail.
Note: There is a pit if you find out why the script does not execute after your nginx is closed.
-
You can look at the path first
-
Can look at the script preparation, of course, I can execute this
-
The last important point is that selinux needs to be shut down and then restarted
setenforce 0 Copy the code-
Permanently closed:
sed -i "s/^SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config Copy the code
-
The default is preemptive execution.
Startup mode:
1. Start nginx
2. Start Keepalived again
systemctl restart keepalived
Copy the codeIf something goes wrong, check the log:
tail -f /var/log/messages
Copy the codeAlso, if you still can’t switch over, check whether the firewall or ipotables are unrestricted.