Shulou(Shulou.com)06/01 Report--

How to build keepalived+nginx+httpd+dns high-availability dual-master reverse proxy server, I believe that many inexperienced people do not know what to do. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

The installation httpd,ip of 1.rs server is 192.168.122.5192.168.122.6

2.rs configures the web page and starts the service

3.node1 has two network cards, one is the external network 172.16.0.3, and the other is the internal network 192.168.122.3

4.node2 has two network cards, one is the external network 172.16.0.4, and the other is the internal network 192.168.122.4

5.node1 configures the time server, and the other three synchronize the time

6.nod1 configures nginx reverse proxy backend two rs, and tests

7.nod2 configures nginx reverse proxy backend two rs, and tests

Yun-y install nginx

Http {

Upstream webservers {

Server 192.168.122.5:80

Server 192.168.122.6:80

}

Server {

Location / {

Proxy_pass http://webservers;

}

}

8. Install keepalived with two nodes

9.node1 configuration is highly available

Vi / etc/keepalived/keepalived.conf

! Configuration File for keepalived

Global_defs {

Notification_email {

Root@localdomain # # Local Notification

}

Smtp_server 127.0.0.1

Smtp_connect_timeout 30

Router_id node1

Vrrp_mcast_group4 224.1.1.33 # # Multicast address

}

# Cluster 1

Vrrp_instance VI_1 {

State MASTER # # Master node flag

Interface ens33

Virtual_router_id 51 # Cluster 1ID

Priority 100 # dot priority, the higher the priority is the master

Advert_int 1

Authentication {

Auth_type PASS

Auth_pass% ^ * AJOoj78j.

}

Virtual_ipaddress {

172.16.0.90 VIP 16 dev ens33 label ens33:0 # # Cluster

}

}

# Cluster 2

Vrrp_instance VI_2 {

State BACKUP

Interface ens33

Virtual_router_id 44 # cluster ID, unique value, cannot be the same as other cluster ID

Priority 96

Advert_int 1

Authentication {

Auth_type PASS

Auth_pass J% (# Qjb78.

}

Virtual_ipaddress {

172.16.0.91/16 dev ens33 label ens33:1

}

}

10.node2 configuration is highly available

[root@node2 keepalived] # vi keepalived.conf

! Configuration File for keepalived

Global_defs {

Notification_email {

Root@localdomain

}

Smtp_server 127.0.0.1

Smtp_connect_timeout 30

Router_id node1

Vrrp_mcast_group4 224.1.1.33

}

Vrrp_instance VI_1 {

State BACKUP # # standby node of cluster 1

Interface ens33

Virtual_router_id 51

Priority 96

Advert_int 1

Authentication {

Auth_type PASS

Auth_pass% ^ * AJOoj78j.

}

Virtual_ipaddress {

172.16.0.90/16 dev ens33 label ens33:0

}

}

Vrrp_instance VI_2 {

State MASTER # # the master node of cluster 2, which is enough to become a dual-master mode

Interface ens33

Virtual_router_id 44

Priority 100

Advert_int 1

Authentication {

Auth_type PASS

Auth_pass J% (# Qjb78.

}

Virtual_ipaddress {

172.16.0.91/16 dev ens33 label ens33:1

}

}

To this service can be used normally, test

Curl http://172.16.0.91

Curl http://172.16.0.90 can access the two backend hosts normally.

When one host fails, it is automatically reduced to a standby node, the other will automatically take over, and the service will not be down.

Stop the service of Node 1 and check the 2rip of the Node

Systemctl stop keepalived.service

Ifconfig

Journalctl-f-u keepalived.service View Log

11. Set up a nginx detection script, which will also be reduced to a standby node when one ngix service is not started, the other will take over automatically, and the service will not be down.

Vi / etc/keepalived/chk_nginx.sh

#! / bin/bash

#

Killall-0 nginx | | weight-10

Add executable permissions chmod Ubunx chk_nginx.sh

twelve。 Configuration invokes 126 email settings

1. Get the 126SSL sending certificate

Mkdir-p / root/.certs/

Cd / root/.certs/

Echo-n | openssl s_client-connect smtp.126.com:465 | sed-ne'/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~ / .certs/qq.crt

Certutil-A-n "GeoTrust Global CA"-t "CJI,"-d ~ / .certs-I ~ / .certs/qq.crt

Certutil-L-d / root/.certs/

Certutil-A-n "GeoTrust SSL CA-G3"-t "Pu,Pu,Pu"-d. /-I qq.crt

two。 Configure postfix

Vi / etc/postfix/main.cf

Inet_interfaces = all

Inet_protocols = all

Systemctl enable postfix

Systemctl restart postfix

3. Configure to call 126 emails

Vi / etc/mail.rc

Set from=xxxxxxxx@126.com-the mailbox user name

Set smtp=smtps://smtp.126.com:465

Set smtp-auth-user=xxxxxxxx@126.com-the mailbox user name

Set smtp-auth-password=ajbjs465785-- note that this is the authorization code

Set smtp-auth=login

Set ssl-verify=ignore

Set nss-config-dir=/root/.certs

13. Notification script: nginx is started as the primary / standby node, and both nodes are the same

Cd / etc/keepalived/

Vi notify.sh

#! / bin/bash

#

Contact='xxxxxxx@qq.com'-the mailbox that receives the mail

Notify () {

Local mailsubject= "$(hostname) to be $1JI VIP floating"

Local mailbody= "$(date +'% F% T'): vrrp transition,$ (hostname) changed to be $1"

Echo "$mailbody" | mail-s "$mailsubject" $contact

}

Case $1 in

Master)

Systemctl start nginx # # starts nginx when it is the primary node

Notify master

Backup)

Systemctl start nginx # # because of the dual master mode, you can't stop nginx when you become a standby node. Be sure to start nginx as another master node.

Notify backup

Fault)

Notify fault

*)

Echo "error"

Exit 1

Esac

Increase the executive authority

Chmod upright x notify.sh

Test whether the notification email can be sent normally when it becomes a standby node.

. / notify.sh backup

14. Under the global configuration in the configuration file, the nginx detection script is called on the cluster configuration and tracked continuously. (see final configuration file)

Vrrp_script chk_nginx {

Script "/ etc/keepalived/chk_nginx.sh"

Fall 3

Rise 3

}

15. Track the test results in the cluster. (see final configuration file)

Track_script {

Chk_down

Chk_nginx

}

16. Call the notification script within both clusters. (see final configuration file)

Notify_master "/ etc/keepalived/notify.sh master"

Notify_backup "/ etc/keepalived/notify.sh backup"

Notify_fault "/ etc/keepalived/notify.sh fault"

16. View the log

Journalctl-f-u keepalived

17. Test to stop node1,nginx, check whether it is reduced to standby node, check log, check whether email notification, check ip, whether the client can access the two VIP properly.

18. Final configuration file

# # Node 1

[root@node1 keepalived] # cat keepalived.conf

! Configuration File for keepalived

Global_defs {

Notification_email {

Root@localdomain

}

Smtp_server 127.0.0.1

Smtp_connect_timeout 30

Router_id node1

Vrrp_mcast_group4 224.1.1.33

}

Vrrp_script chk_nginx {

Script "/ etc/keepalived/chk_nginx.sh"

Fall 3

Rise 3

}

Vrrp_instance VI_1 {

State MASTER

Interface ens33

Virtual_router_id 51

Priority 100

Advert_int 1

Authentication {

Auth_type PASS

Auth_pass% ^ * AJOoj78j.

}

Virtual_ipaddress {

172.16.0.90/16 dev ens33 label ens33:0

}

Track_script {

Chk_nginx

}

Notify_master "/ etc/keepalived/notify.sh master"

Notify_backup "/ etc/keepalived/notify.sh backup"

Notify_fault "/ etc/keepalived/notify.sh fault"

}

Vrrp_instance VI_2 {

State BACKUP

Interface ens33

Virtual_router_id 44

Priority 96

Advert_int 1

Authentication {

Auth_type PASS

Auth_pass J% (# Qjb78.

}

Virtual_ipaddress {

172.16.0.91/16 dev ens33 label ens33:1

}

Track_script {

Chk_nginx

}

Notify_master "/ etc/keepalived/notify.sh master"

Notify_backup "/ etc/keepalived/notify.sh backup"

Notify_fault "/ etc/keepalived/notify.sh fault"

}

# # Node 2

Cat keepalived.conf

! Configuration File for keepalived

Global_defs {

Notification_email {

Root@localdomain

}

Smtp_server 127.0.0.1

Smtp_connect_timeout 30

Router_id node1

Vrrp_mcast_group4 224.1.1.33

}

Vrrp_instance VI_1 {

State BACKUP

Interface ens33

Virtual_router_id 51

Priority 96

Advert_int 1

Authentication {

Auth_type PASS

Auth_pass% ^ * AJOoj78j.

}

Virtual_ipaddress {

172.16.0.90/16 dev ens33 label ens33:0

}

Track_script {

Chk_nginx

}

Notify_master "/ etc/keepalived/notify.sh master"

Notify_backup "/ etc/keepalived/notify.sh backup"

Notify_fault "/ etc/keepalived/notify.sh fault"

}

Vrrp_instance VI_2 {

State MASTER

Interface ens33

Virtual_router_id 44

Priority 100

Advert_int 1

Authentication {

Auth_type PASS

Auth_pass J% (# Qjb78.

}

Virtual_ipaddress {

172.16.0.91/16 dev ens33 label ens33:1

}

Track_script {

Chk_nginx

}

Notify_master "/ etc/keepalived/notify.sh master"

Notify_backup "/ etc/keepalived/notify.sh backup"

Notify_fault "/ etc/keepalived/notify.sh fault"

}

19.dns server. IP: 172.16.0.7. Parse two VIP 172.16.0.90 lap91 into www.bjs.io, and parse sequentially

Yum-y install bind

# # forward Regional data

Vi / etc/named.conf

Zone "bjs.io" IN {

Type master

File "bjs.io.zone"

}

# # reverse region data

Zone "0.16.172.in-addr.arpa" IN {

Type master

File "0.16.172.in-addr.arpa"

}

# # forward Regional data File

Vi / var/named/bjs.io.zone

$TTL 1D

@ IN SOA ns1.bjs.io root.localdomain 2019011601 1H 10m 3D 1D

IN NS ns1

Ns1 IN A 172.16.0.7

Www IN A 172.16.0.90

Www IN A 172.16.0.91

# # reverse Zone data File

Vi / var/named/0.16.172.in-addr.arpa

$TTL 1D

@ IN SOA ns1.bjs.io root.localdomain 2019011601 1H 10m 3D 1D

IN NS ns1.bjs.io.

7 IN PTR ns1.bjs.io.

90 IN PTR www.bjs.io.

91 IN PTR www.bjs.io.

After reading the above, have you mastered how to build a keepalived+nginx+httpd+dns high-availability dual-master reverse proxy server? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.