Shulou(Shulou.com)06/02 Report--

Nginx + keepalived set up a plan by yourself.

Prepare two servers 192.168.10.199Accord 192.168.10.200 to install tomcat1,nginx,keepalived master; 200install tomcat,nginx, keepalived standby; 192.168.10.230 as floating point ip

II deployment 1 deploy tomcat

Tar-xzvf apache-tomcat-7.0.59.tar

. / jdk-6u37-linux-x64-rpm.bin

2 install nginx

Yum install pcre-devel pcre- y

(yum install gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel)

# download Nginx source code package

Cd / usr/src

Wget-c http://nginx.org/download/nginx-1.6.2.tar.gz

# decompress the Nginx source code package

Tar-xzf nginx-1.6.2.tar.gz

# enter the decompression directory, and then change the Nginx version information to WS by sed

Cd nginx-1.6.2; sed-I-e's s/nginx 1.6.2 Sterling / / WS/g'-e

's / "NGINX" / "WS" / g 'src/core/nginx.h

# pre-compiled Nginx

Useradd www. / configure-- user=www-- group=www-- prefix=/usr/local/nginx-- with-

Http_stub_status_module-with-http_ssl_module

(since the centos whose system is min encounters the following problems, it generally does not cause problems:

1. / configure: error: SSL modules require the OpenSSL library.

You can either do not enable the modules, or install the OpenSSL library

Into the system, or build the OpenSSL library statically from the source

With nginx by using-- with-openssl= option.

Solution:

1) yum-y install openssl-libs lazy method: yum-y install openssl* (local yum source cannot be installed), later found that it can be installed with yum-y install openssl-devel

2) learn from the website http://www.centoscn.com/nginx/2015/0304/4782.html

Wget http://www.openssl.org/source/openssl-1.0.2.tar.gz

Tar zxf openssl-1.0.2.tar.gz

. / configure-user=www-group=www-prefix=/usr/local/nginx-with-

Http_stub_status_module-with-http_ssl_module-with-openssl=/home/openssl-1.0.2

2 after using method 2, there are problems again:

Operating system: x86_64-whatever-linux2 You need Perl 5.

Solution:

Install the development tools:

Yum-y groupinstall "Development Tools" yum-y groupinstall "Development Tools"

)

After # .configure is precompiled successfully, execute the make command to compile

Make

# after the successful execution of make, perform the official installation of make install

Make install

# since then, Nginx has been installed

/ usr/local/nginx/sbin/nginx-t checks whether the nginx configuration file is correct and returns OK.

[root@localhost] # / usr/local/nginx/sbin/nginx-t

Nginx: the configuration file / usr/local/nginx/conf/nginx.conf syntax is ok

Nginx: configuration file / usr/local/nginx/conf/nginx.conf test is successful

[root@localhost ~] #

Then start nginx,/usr/local/nginx/sbin/nginx and enter. Check to see if the process has started:

[root@localhost ~] # ps-ef | grep nginx

Nobody 5381 30285 0 May16? 00:04:31 nginx: worker process

Root 30285 1 0 2014? 00:00:00 nginx: master process / usr/local/nginx/sbin/nginx

Root 32260 32220 0 12:34 pts/0 00:00:00 grep nginx

[root@localhost ~] #

1 Nginx common command management and upgrade

View nginx processes

Ps-ef | grep nginx

Description: the process of nginx consists of the main process and the working process.

Start nginx

Nginx

The startup result shows the main thread and worker thread of nginx, and the number of worker threads is related to the configuration parameter worker_processes in nginx.conf.

Smooth launch of nginx

Kill-HUP `cat / var/run/ nginx.pid`

Or

Nginx-s reload

The path to the process file can be found in the configuration file nginx.conf.

A smooth startup means to restart nginx, reload the configuration file, start a new worker thread, and perfectly stop the old worker thread without stopping nginx.

Perfect stop nginx

Kill-QUIT `cat / var/run/ nginx.pid`

Quickly stop nginx

Kill-TERM `cat / var/run/ nginx.pid`

Or

Kill-INT `cat / var/run/ nginx.pid`

Stop the working process perfectly (mainly used for smooth upgrade)

Kill-WINCH `cat / var/run/ nginx.pid`

Force to stop nginx

Pkill-9 nginx

Check whether the changes to the nginx.conf file are correct

Nginx-t-c / etc/nginx/nginx.conf or nginx-t

Command to stop nginx

Nginx-s stop or pkill nginx

View the version information of nginx

Nginx-v

View the complete configuration information of nginx

Nginx-V

3 install keepalived

Keepalived installation

Address: http://www.keepalived.org/download.html

Wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz

Tar-zxf keepalived-1.2.7.tar.gz

Cd keepalived-1.2.7

64-bit system:

. / configure-- sysconf=/etc-- prefix=/usr/local/keepalived-- with-kernel-dir=/usr/src/kernels/2.6.32-358.2.1.el6.x86_64/

Or 32-bit system:

. / configure-- sysconf=/etc-- prefix=/usr/local/keepalived-- with-kernel-dir=/usr/src/kernels/2.6.32-358.6.2.el6.i686/

Note: Configure encountered an error:! OpenSSL is not properly installed on your system. !!!

The number of system bits can be obtained through getconf LONG_BIT.

Parameter explanation:

-- sysconf specifies the address of the configuration file. That is, / etc/keepalived/keepalived.conf

-- prefix specifies the installation directory

-- with-kernel-dir specifies to use the header file in the kernel source code, that is, the include directory. This parameter is required only when using LVS, not otherwise.

(encountered an error:!! OpenSSL is not properly installed on your system. !!!

!!! Can not include OpenSSL headers files.

Solution: yum install-y openssl openssl-devel

)

Resolve:

Configue again. Prompt after success:

Keepalived configuration

-

Keepalived version: 1.2.7

Compiler: gcc

Compiler flags:-g-O2

Extra Lib:-lpopt-lssl-lcrypto

Use IPVS Framework: Yes

IPVS sync daemon support: Yes

IPVS use libnl: No

Use VRRP Framework: Yes

Use VRRP VMAC: Yes

SNMP support: No

Use Debug flags: No

Installation:

Make

Make install

Set up as a service and boot:

Cp / usr/local/keepalived/sbin/keepalived / usr/sbin/

/ etc/rc.d/init.d/keepalived status

Chkconfig-add keepalived

Chkconfig keepalived on

Note: cp / usr/local/keepalived/etc/keepalived/keepalived.conf / etc/keepalived/keepalived.conf does not point to this command, the configuration file should be in a specific directory

4 configure nginx

/ usr/local/nginx/conf/nginx.conf

# user www www

User nobody

# worker_processes 1

Worker_processes auto

# error_log logs/error.log

# error_log logs/error.log notice

# error_log logs/error.log info

Error_log / home/nginx/logs/nginx_error.log crit; # global error log and PID file

Pid / home/nginx/nginx.pid

# pid logs/nginx.pid

Events {

Use epoll

Worker_connections 65535; # operating mode and upper limit of connections

}

Http {

Include mime.types

Default_type application/octet-stream

Log_format main'$remote_addr-$remote_user [$time_local] "$request"'

'$status $body_bytes_sent "$http_referer"'

Large_client_header_buffers 4 32k

Client_body_buffer_size 8m; # 256k

Server_tokens off

Ignore_invalid_headers on

Recursive_error_pages on

Server_name_in_redirect off

Sendfile on

# timeouts

Keepalive_timeout 60

# client_body_timeout 3m

# client_header_timeout 3m

# send_timeout 3m

# fastcgi_connect_timeout 60

# fastcgi_send_timeout 180

# fastcgi_read_timeout 180

# fastcgi_buffers 4 256k

# fastcgi_buffer_size 128k

# fastcgi_busy_buffers_size 256k

# fastcgi_temp_file_write_size 256k

# fastcgi_intercept_errors on

# TCP Options

Tcp_nopush on

Tcp_nodelay on

# size limits

Client_max_body_size 50m

Gzip on

Gzip_min_length 1k

Gzip_buffers 4 16k

Gzip_http_version 1.0

Gzip_comp_level 2

Gzip_types text/plain application/x-javascript text/css application/xml

Gzip_vary on

Proxy_redirect off

Proxy_set_header Host $host

Proxy_set_header X-Real-IP $remote_addr; # get real ip

# proxy_connect_timeout 90

# proxy_send_timeout 90

# proxy_read_timeout 90

# proxy_buffer_size 4k

# proxy_buffers 4 32k

# proxy_busy_buffers_size 64k

# proxy_temp_file_write_size 64k

Proxy_connect_timeout 90

Proxy_read_timeout 180

Proxy_send_timeout 180

Proxy_buffer_size 256k

Proxy_buffers 8 256k

Proxy_busy_buffers_size 256k

Proxy_temp_file_write_size 256k

Upstream myserver {

Server 192.168.10.199:8080 weight=10 max_fails=0

Server 192.168.10.200 server 8080 weight=10 max_fails=0; # 8080 is a tomcat port with a weight range of 1 to 10. There has been a problem in the current network configuration 20.

}

Server {

Listen 9090

# server_name 192.168.10.230

# charset koi8-r

# access_log logs/host.access.log main

Location /

{

# root html

# index index.html index.htm

Index index.jsp

Proxy_pass http://myserver; # turns to tomcat processing

# proxy_set_header Host $host

Proxy_set_header Host $host:$server_port

Proxy_set_header X-Real-IP $remote_addr

Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for

}

}

}

Note: server_name 192.168.10.230

If only one server domain is configured in the nginx, nginx will not match the server_name. Because there is only one server domain, that is, there is a virtual host here, then all requests sent to that nginx must be forwarded to that domain, and even a match is useless. You might as well just save it. If there is more than one server domain for an http domain, nginx will match the server_name based on $hostname and forward the request to the matching server domain. In this case, the matching will be carried out according to the priority of the match. Once the match is successful, there will be no more matching. For more information on the matching rules, please see the documentation provided on the official website of nginx.

5 configure keepalived

# MASTER#

! Configuration File for keepalived

Global_defs {

Notification_email {

6@qq.com

}

Notification_email_from Alexandre.Cassen@firewall.loc

Smtp_server 127.0.0.1

Router_id LVS_DEVEL

}

Vrrp_instance VI_1 {

State MASTER # BACKUP

Interface ens160 # external network port

Virtual_router_id 22

Modified to 88 on priority 100 # BACKUP

Advert_int 1

Authentication {

Auth_type PASS

Auth_pass 7777

}

Virtual_ipaddress {

192.168.10.230 # Virtual ip

}

}

6. Edit the nginx detection script

/ home/nginx/ nginx_pid.sh

#! / bin/bash

While:

Do

Nginxpid= `ps-C nginx-- no-header | wc-l`

If [$nginxpid-eq 0]; then

/ usr/local/nginx/sbin/nginx

Sleep 5

If [$nginxpid-eq 0]; then

/ etc/init.d/keepalived stop

Fi

Fi

Sleep 5

Done

Nohup / bin/bash / root/nginx_pid.sh &

Three tests and one web page test

Create a new folder test under / home/apache-tomcat-7.0.59/webapps, and then create a new text under test to access the test directly through http://192.168.10.199/test/a.

2 check whether keepalived communicate with each other directly

Tcpdump-v-I ens160 host 192.168.10.199 to see if there is a vrrp

Cat / var/log/messages

3 check to see if keepalived can be replaced.

Disable nginx and keepalived detection, and check whether floating-point ip drifts through ip add.

Four reference websites

Http://blog.sina.com.cn/s/blog_5f54f0be0101eyff.html (this is what keepalived recommends)

Https://wenku.baidu.com/view/4011c9de7cd184254b3535d3.html (install nginx look at this)

Http://freeloda.blog.51cto.com/2033581/1189143 (nginx detection script)

Http://www.oschina.net/question/922543_91357?sort=time (invalid server name)

Http://www.linuxidc.com/Linux/2013-07/88025.htm (detect direct communication between two keepalived)

Note: http://freeloda.blog.51cto.com/2033581/1189130 (next time you can follow this blog step by step)

Problem: I installed the virtual ip and never tied it.

Reason: cp / usr/local/keepalived/etc/keepalived/keepalived.conf / etc/keepalived/keepalived.conf does not point to this command, the configuration file should be in a specific directory

Five keepalived open port

/ sbin/iptables-I INPUT-I eth0-d 224.0.0.0 max 8-j ACCEPT

/ sbin/iptables-An INPUT-p 112-I eth0-j ACCEPT

/ sbin/iptables-An OUTPUT-p 112-o eth0-j ACCEPT

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.