Nginx+keepalived双击热备

Nginx+keepalived双击热备

一、 安装nginx和keepalived
1、 安装依赖程序和管路用户创建
1）
开三台虚拟机



2）
删除系统自带yum源并挂载光盘
[root@centos01 ~]# rm -rf /etc/yum.repos.d/CentOS-*
[root@centos01 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护，将以只读方式挂载

[root@centos02 ~]# rm -rf /etc/yum.repos.d/CentOS-*
[root@centos02 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护，将以只读方式挂载
3）
安装依赖程序、创建nginx管理用户
[root@centos01 ~]# yum -y install pcre-devel zlib-devel kernel-devel popt-devel openssl-devel
[root@centos01 ~]# useradd -M -s /sbin/nologin nginx

[root@centos02 ~]# yum -y install pcre-devel zlib-devel kernel-devel popt-devel openssl-devel
[root@centos02 ~]# useradd -M -s /sbin/nologin nginx

2、 安装nginx
1）
安装nginx
[root@centos01 ~]# umount /mnt/
[root@centos02 ~]# umount /mnt/

[root@centos01 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护，将以只读方式挂载
[root@centos01 ~]# tar zxvf /mnt/nginx-1.6.0.tar.gz -C /usr/src/

[root@centos02 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护，将以只读方式挂载
[root@centos02 ~]# tar zxvf /mnt/nginx-1.6.0.tar.gz -C /usr/src/
2）
配置nginx并配置安装nginx
[root@centos01 nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --with-http_stub_status_module
[root@centos01 nginx-1.6.0]# make && make install

[root@centos02 nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --with-http_stub_status_module
[root@centos02 nginx-1.6.0]# make && make install
3）
优化nginx命令和修改nginx网站主页
[root@centos01 ~]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
[root@centos01 ~]# echo “www.benet.com” > /usr/local/nginx/html/index.html

[root@centos02 ~]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
[root@centos02 ~]# echo “www.accp.com” > /usr/local/nginx/html/index.html
4）
启动nginx服务
[root@centos01 ~]# nginx
[root@centos01 ~]# netstat -anptu | grep 80

[root@centos02 ~]# nginx
[root@centos02 ~]# netstat -anptu | grep 80

5）
设置nginx服务开机自动启动
[root@centos01 ~]# vim /etc/rc.d/rc.local
/usr/local/sbin/nginx
[root@centos01 ~]# chmod +x /etc/rc.d/rc.local

[root@centos02 ~]# vim /etc/rc.d/rc.local
/usr/local/sbin/nginx
[root@centos02 ~]# chmod +x /etc/rc.d/rc.local

6）
重新启动查看
[root@centos01 ~]# reboot
[root@centos02 ~]# reboot


3、 安装keepalived
1）
配置keepaliced****
[root@centos01 ~]# tar zxvf /mnt/keepalived-1.2.13.tar.gz -C /usr/src/
[root@centos01 keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/

[root@centos02 ~]# tar zxvf /mnt/keepalived-1.2.13.tar.gz -C /usr/src/
[root@centos02 keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/

2）
安装keepalived
[root@centos01 keepalived-1.2.13]# make && make install

[root@centos02 keepalived-1.2.13]# make && make install
3）
添加系统服务设置开机自动启动
[root@centos01 ~]# chkconfig --add keepalived
[root@centos01 ~]# chkconfig --level 35 keepalived on

[root@centos02 ~]# chkconfig --add keepalived
[root@centos02 ~]# chkconfig --level 35 keepalived on
4、 配置主keepalived和从keepalived
1）
配置主keepalived
[root@centos01 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
router_id Nginx_Master
}

vrrp_instance VI_1 {
state MASTER
interface ens32
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.254
}
vrrp_script check_nginx {
script “/opt/nginx.sh”
interval 2
weight 1
}

2）
配置从keepalived
[root@centos02 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
router_id Nginx_Backup
}

vrrp_instance VI_1 {
state Backup
interface ens32
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.254
}
vrrp_script check_nginx {
script “/opt/nginx.sh”
interval 2
weight 1
}
}

3）
配置监控nginx服务和keepalived脚本
[root@centos01 ~]# vim /opt/nginx.sh
#!/bin/bash
counter=$(ps -C nginx --no-heading|wc -l) if [ "$(ps−Cnginx−−no−heading∣wc−l)if["{counter}" = “0” ]; then
/usr/local/nginx/sbin/nginx
sleep 2
counter=$(ps -C nginx --no-heading|wc -l) if [ "$(ps−Cnginx−−no−heading∣wc−l)if["{counter}" = “0” ]; then
/etc/init.d/keepalived stop
fi
fi

[root@centos01 ~]# chmod +x /opt/nginx.sh
[root@centos01 ~]# systemctl start keepalived
4）
配置从监控nginx服务和keepalived脚本
[root@centos02 ~]# vim /opt/nginx.sh
#!/bin/bash
counter=$(ps -C nginx --no-heading|wc -l) if [ "$(ps−Cnginx−−no−heading∣wc−l)if["{counter}" = “0” ]; then
/usr/local/nginx/sbin/nginx
sleep 2
counter=$(ps -C nginx --no-heading|wc -l) if [ "$(ps−Cnginx−−no−heading∣wc−l)if["{counter}" = “0” ]; then
/etc/init.d/keepalived stop
fi
fi

[root@centos02 ~]# chmod +x /opt/nginx.sh
[root@centos02 ~]# systemctl start keepalived
5）
测试关闭主，查看从
[root@centos01 ~]# systemctl stop keepalived

开启主查看

6）
客户端配置IP地址访问


停掉主节点f5刷新
[root@centos01 ~]# systemctl stop keepalived

二、 配置防火墙
1、 防火墙配置ip地址伪装和端口映射
1）
配置网卡2
[root@centos03 ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-ens34
[root@centos03 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens34
NAME=ens34
DEVICE=ens34
IPADDR=192.168.200.30
NETMASK=255.255.255.0
[root@centos03 ~]# systemctl restart network

2）
其余两台配置网关
[root@centos01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
GATEWAY=192.168.100.30
[root@centos01 ~]# systemctl restart network

[root@centos02 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
GATEWAY=192.168.100.30
[root@centos02 ~]# systemctl restart network
3）
设置防火墙开机自启
[root@centos03 ~]# systemctl start firewalld
[root@centos03 ~]# systemctl enable firewalld
4）
设置默认区域，并查看
[root@centos03 ~]# firewall-cmd --set-default-zone=external
Success
[root@centos03 ~]# firewall-cmd --add-interface=ens34 --zone=external
[root@centos03 ~]# firewall-cmd --add-interface=ens32 --zone=truste
[root@centos03 ~]# firewall-cmd --get-active-zones
external
interfaces: ens34
trusted
interfaces: ens32
5）
配置地址伪装
[root@centos03 ~]# firewall-cmd --remove-masquerade
success
[root@centos03 ~]# firewall-cmd --list-all

[root@centos03 ~]# firewall-cmd --zone=external --add-rich-rule=‘rule family=ipv4 source address=192.168.100.0/24 masquerade’
success
[root@centos03 ~]# firewall-cmd --list-all

6）
配置地址转发
[root@centos03 ~]# firewall-cmd --zone=external --add-rich-rule=‘rule family=ipv4 destination address=192.168.200.30/32 forward-port port=80 protocol=tcp to-addr=192.168.100.254’
Success

7）
允许外网使用http、dns访问
[root@centos03 ~]# firewall-cmd --zone=external --add-service=http
success
[root@centos03 ~]# firewall-cmd --zone=external --add-service=dns
success
三、 配置dns
1）
配置dns
使用系统自带光盘

2）
删除系统自带yum源并挂载光盘
[root@centos03 ~]# rm -rf /etc/yum.repos.d/CentOS-*
[root@centos03 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护，将以只读方式挂载
3）
安装dns
[root@centos03 ~]# yum -y install bind bind-chroot bind-utils
4）
配置dns
[root@centos03 ~]# echo “” > /etc/named.conf
[root@centos03 ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
directory “/var/named/”;
};
zone “benet.com” IN {
type master;
file “benet.com.zone”;
};

[root@centos03 ~]# vim /var/named/benet.com.zone

$TTL 86400
@ SOA benet.com. root.benet.com (
2020031710
1H
15M
1W
1D
)
@ NS centos03.benet.com.
centos03 A 192.168.200.30
www A 192.168.200.30

[root@centos03 ~]# chmod +x /var/named/benet.com.zone
[root@centos03 ~]# chown named:named /var/named/benet.com.zone
[root@centos03 ~]# named-checkconf /etc/named.conf
[root@centos03 ~]# named-checkzone benet.com /var/named/benet.com.zone
zone benet.com/IN: loaded serial 2020031710
OK
5）
启动dns
[root@centos03 ~]# systemctl start named
[root@centos03 ~]# systemctl enable named
6）
开启路由转发
[root@centos03 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@centos03 ~]# sysctl -p
net.ipv4.ip_forward = 1
7）
客户端配置IP地址访问



关闭主节点f5刷新
[root@centos01 ~]# systemctl stop keepalived