实践案例一:更改nginx反向代理只监听vip地址
10.0.0.3/nana.html 可以使用
10.0.0.5/nana.html 不可以使用
10.0.0.6/nana.html 不可以使用
第一个里程碑:修改反向代理服务配置文件,只监听vip地址
####lb01 lb02 nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
upstream server_pools {
server 10.0.0.7;
server 10.0.0.8;
server 10.0.0.9;
}
server {
listen 10.0.0.3:80;
server_name www.etiantian.org;
location / {
proxy_pass http://server_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
access_log logs/access_www.log main;
}
server {
listen 10.0.0.3:80;
server_name blog.etiantian.org;
location / {
proxy_pass http://server_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
access_log logs/access_blog.log main;
}
}
说明:在修改反向代理服务器配置文件监听地址时,多个server都需要配置监听地址,否则仍旧使用默认监听所有
第二个里程碑:lb02上不存在vip地址,无法监听,需要修改内核文件
[root@lb01 conf]# /application/nginx/sbin/nginx -t
nginx: the configuration file /application/nginx-1.10.2/conf/nginx.conf syntax is ok
nginx: [emerg] bind() to 10.0.0.3:80 failed (99: )
nginx: configuration file /application/nginx-1.10.2/conf/nginx.conf test failed
[root@lb01 conf]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:27:4e:e9 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.5/24 brd 10.0.0.255 scope global eth0
inet6 fe80::20c:29ff:fe27:4ee9/64 scope link
valid_lft forever preferred_lft forever
[root@lb01 conf]# ###nginx 没有办法 监听 本地不存在的ip地址
解决方法:
echo 'net.ipv4.ip_nonlocal_bind = 1' >>/etc/sysctl.conf ---实现监听本地不存在的ip地址
##/etc/sysctl.conf 加上
sysctl -p
第三个里程碑:进行测试
1.1 企业实践案例二:让keepalived监控nginx反向代理服务
###vip什么时候 什么条件 才会飘走 ?
1.当服务器宕机
2.防火墙
#### nginx挂了
如何让keepalived监控nginx nginx挂了,keepalived跟着殉情
####第一个里程碑-keepalived监控nginx条件
1.如何nginx挂了---我如何知道nginx挂了?
1)端口
2)进程
ps -ef |grep nginx |grep -v grep |wc -l
2.keepalived挂了
/etc/init.d/keepalived stop
##> -gt greater than
##>= -ge greater equal
##< -lt less than
##<= -le less equal
##== -eq equal
##!= -ne no equal
####第二个里程碑-根据条件-书写脚本
#!/bin/bash
if [ `ps -ef |grep nginx |grep -v grep |wc -l` -lt 2 ];
then
/etc/init.d/keepalived stop
fi
####第三个里程碑-添加权限 chmod +x /server/scripts/check_web.sh
注意 脚本名称不要和服务一样
####第四个里程碑-测试
####第五个里程碑-放入到keepalived.conf
####下面是lb02的配置文件 lb01上面自己修改下。
global_defs {
router_id LVS_02
}
vrrp_script check_web {
script "/server/scripts/ check_web.sh " --- 表示将一个脚本信息赋值给变量check_web
interval 2 --- 执行监控脚本的间隔时间
weight 2 --- 利用权重值和优先级进行运算,从而降低主服务优先级
使之变为备服务器(建议先忽略)
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 label eth0:1
}
track_script {
check_web
}
}
####第六个里程碑-测试
1.2 企业实践案例三:keepalived多实例配置 双主
####第一个里程碑-配置keepalived-配置双主
####lb01
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script check_web {
script "/server/scripts/check_web.sh"
interval 2
weight -10
}
vrrp_instance group_1 {
state MASTER
interface eth0
virtual_router_id 45
priority 150
advert_int 2
authentication {
auth_type PASS
auth_pass 6666
}
virtual_ipaddress {
10.0.0.3
}
}
vrrp_instance group_2 {
state BACKUP
interface eth0
virtual_router_id 46
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass 6666
}
virtual_ipaddress {
10.0.0.4
}
}
#lb02
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance group_1 {
state BACKUP
interface eth0
virtual_router_id 45
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass 6666
}
virtual_ipaddress {
10.0.0.3
}
}
vrrp_instance group_2 {
state MASTER
interface eth0
virtual_router_id 46
priority 150
advert_int 2
authentication {
auth_type PASS
auth_pass 6666
}
virtual_ipaddress {
10.0.0.4
}
}
#########第二个里程碑-配置nginx 负载均衡
####lb01 lb02 nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
upstream server_pools {
server 10.0.0.7;
server 10.0.0.8;
server 10.0.0.9;
}
server {
listen 10.0.0.3:80;
server_name www.etiantian.org;
location / {
proxy_pass http://server_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
access_log logs/access_www.log main;
}
server {
listen 10.0.0.4:80;
server_name blog.etiantian.org;
location / {
proxy_pass http://server_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
access_log logs/access_blog.log main;
}
}
#########第三个里程碑-windows hosts解析
10.0.0.3 www.etiantian.org
10.0.0.4 bbs.etiantian.org