情况
注意:
(1) 做高可用+负载平衡至少需要四台服务器:两台独立的高可用+负载平衡器,两台web服务器做集群
(2) vip(假造ip)不能和物理ip辩论
(3) vip(假造ip)最好设置成和内网ip同一网段,末了做所在映射到公网ip
(4) keeplived(高可用)+nginx(负载平衡) 可以实现多域名对应一个VIP,并且访问不同域名,表现不同主页,可行,已测
(5) 负载平衡服务器(keeplived+nginx)最好和后端web服务器在同一局域网内
(6) 两台web服务的网站内容必须相同
(7) keeplived+nginx 中后端web服务器不需要配置vip,也不用抑制arp广播,由于后端web回包时还会经过前端nginx
(8) 心跳线:两台服务器各新增一块网卡然后配上恣意网段ip只要能相互ping通就行(不要和局域网通网段)
名词表明:
VIP:负载平衡服务器的假造ip所在
LB :负载平衡服务器
sealserver:后端真实服务器
形貌配置keepalive+nginx+web的过程
- 1、准备好后端web集群并且保证web集群内容一致
- 2、配置2台nginx的反向代理功能,保证能通过nginx正常访问到后端的web集群
- 3、在每台nginx上配置keepalive,模式为主备,实现当用户访问主keepalive的时候,vip能够正常把数据包发送给nginx并实现反向代理,后端的web集群回复用户的时候仍然通过vip来发送数据。
- 注意:如果master上的nginx发生故障keepalive需要手动停止才能把vip漂移到backup上。
- # keepalived使用 VRRP(虚拟路由冗余协议),实现单点故障切换,俗称心跳线监听
- [root@oldboy ~]# yum -y install keepalived
- [root@oldboy ~]# cd /etc/keepalived/
- [root@oldboy keepalived]# cp keepalived.conf keepalived.conf.ori
- [root@oldboy keepalived]# sed -n '1,31p' keepalived.conf.ori >keepalived.conf
- (1) 配置real-server-10.0.0.7(nginx-web)
- [root@Oldboy extra]# cat www.conf
- server {
- listen 80;
- server_name www.etiantian.org;
- location / {
- root html/www;
- index index.html index.htm;
- }
- }
- [root@Oldboy extra]# cat bbs.conf
- server {
- listen 80;
- server_name bbs.etiantian.org;
- location / {
- root html/bbs;
- index index.php index.html index.htm;
- }
- }
- [root@Oldboy extra]# cat blog.conf
- server {
- listen 80;
- server_name blog.etiantian.org;
- location / {
- root html/blog;
- index index.html index.php;
- }
- location ~ .*\.(php|php5)?$ {
- root html/blog;
- fastcgi_pass 127.0.0.1:9000;
- fastcgi_index index.php;
- include fastcgi.conf;
- }
- }
- (2) 配置real-server-10.0.0.8 (apache-web)
- [root@Oldboy extra]# egrep -v "#|^$" httpd-vhosts.conf
- NameVirtualHost *:80
- <VirtualHost *:80>
- ServerAdmin oldboy@oldboyedu.com
- DocumentRoot "/application/apache2.2.31/htdocs/www"
- ServerName www.etiantian.org
- ServerAlias etiantian.org
- ErrorLog "/app/logs/www-error_log"
- CustomLog "/app/logs/www-access_log" common
- </VirtualHost>
- <VirtualHost *:80>
- ServerAdmin oldboy@oldboyedu.com
- DocumentRoot "/application/apache2.2.31/htdocs/bbs"
- ServerName bbs.etiantian.org
- ErrorLog "/app/logs/bbs-error_log"
- CustomLog "/app/logs/bbs-access_log" common
- </VirtualHost>
- <VirtualHost *:80>
- ServerAdmin oldboy@oldboyedu.com
- DocumentRoot "/application/apache2.2.31/htdocs/blog"
- ServerName blog.etiantian.org
- ErrorLog "/app/logs/blog-error_log"
- CustomLog "/app/logs/blog-access_log" common
- </VirtualHost>
- [root@Oldboy keepalived]# vi /application/nginx/conf/nginx.conf
- worker_processes 1;
- events {
- worker_connections 1024;
- worker_processes 1;
- events {
- worker_connections 1024;
- }
- http {
- include mime.types;
- default_type application/octet-stream;
- sendfile on;
- keepalive_timeout 65;
- upstream www_pool {
- server 172.16.1.7:80 weight=1;
- server 172.16.1.8:80 weight=1;
- }
- server {
- listen 80;
- server_name www.etiantian.org bbs.etiantian.org blog.etiantian.org; (多个域名用空格隔开)
- location / {
- index index.html index.htm;
- proxy_pass http://www_pool;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $remote_addr;
- }
- }
- }
- (1) 配置keepalived-MASTER(10.0.0.5)
- [root@Oldboy keepalived]# cat keepalived.conf
- ! Configuration File for keepalived
- global_defs {
- router_id LVS_DEVEL_01 \\keepalived服务器标识符,最好和备keepalived不一样
- }
- vrrp_instance VI_1 { \\VRRP实例1,多实例不能相同,但是主备必须相同
- state MASTER \\指定keepalived的角色,MASTER为主服务器,BACKUP为备用服务器
- interface eth0 \\监听的接口
- virtual_router_id 51 \\虚拟路由标识,这个标识是一个数字(1-255),在一个VRRP实例中主备服务器ID必须一样
- priority 150 \\优先级,数字越大优先级越高,在一个实例中主服务器优先级要高于备服务器
- advert_int 1 \\设置主备之间同步检查的时间间隔,单位秒
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 172.16.1.254/24 dev eth0 label eth0:3 \\定义虚拟ip地址,在监听的eth0网卡上增加eth0:3虚拟网卡
- #172.16.1.245 \\直接加ip也可以,用ip add 看
- }
- }
- (2) 配置keepalived-BACKUP(10.0.0.6)
- [root@Oldboy keepalived]# cat keepalived.conf
- ! Configuration File for keepalived
- global_defs {
- }
- router_id LVS_DEVEL_02 \\keepalived服务器标识符,最好和主keepalived不一样
- }
- vrrp_instance VI_1 { \\VRRP实例,和主一样
- state BACKUP \\指定keepalived的角色,这里是备用服务器
- interface eth0
- virtual_router_id 51
- priority 100 \\优先级低于主服务器,最好相差50
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 172.16.1.254/24 dev eth0 label eth0:3
- #172.16.1.245 \\直接加ip也可以,用ip add 看
- }
- }
- /etc/init.d/keepalived start
- chkconfig keepalived on
- echo "/application/nginx/sbin/nginx" >> /etc/rc.d/rc.local
- 查看vip漂移:
- [root@Oldboy keepalived]# ifconfig eth0:3
- eth0:3 Link encap:Ethernet HWaddr 00:0C:29:6D:23:83
- inet addr:172.16.1.254 Bcast:0.0.0.0 Mask:255.255.255.0
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- (1) 开启路由转发
- [root@Oldboy ~]# sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g' /etc/sysctl.conf
- [root@Oldboy ~]# sysctl -p
- net.ipv4.ip_forward = 1
- (2) 配置地址映射(当访问公网ip:10.0.0.51的时候跳转到vip:172.16.1.254)
- iptables -F -t nat
- iptables -t nat -I PREROUTING -p tcp -d 10.0.0.51 --dport 80 -j DNAT --to-destination 172.16.1.254:80
- iptables -t nat -A POSTROUTING -j MASQUERADE
- /etc/init.d/iptables save
- /etc/init.d/iptables restart
- keepalived+nginx:多个域名假造主机对应一个VIP,并且访问不同域名假造主机,表现不同主页,可行,已测,由于nginx支持7层转发
- 客户端绑定hosts: 10.0.0.51 www.etiantian.org bbs.etiantian.org blog.etiantian.org (一个vip对应多个域名)
- 1、keepalived只负责vip漂移,能够让用户顺利将请求通过vip交给负载均衡服务器,当停止主服务器,备用服务器会接管vip以及对应的服务,当启动主服务器,备用服务器会让出接管权,注意这里是停止主服务器,如果只停止nginx服务vip是不会发生漂移的。
- 2、当访问www.etiantian.org bbs.etiantian.org 或 blog.etiantian.org,则解析到 10.0.0.51(公网ip)并NAT映射到vip:172.16.1.254(vip与负载均衡服务器在一起),负载均衡服务器会带着用户的主机头请求后端的real-server,后端real-server会根据主机头信息,回复负载均衡服务器,然后负载均衡服务器再回复客户端请求。
|
