从零开始搭建双主模型的nginx proxy高可用集群

easyTang Linux干货

实验简介

本文主要介绍双主模型的nginx proxy高可用集群的搭建方式。
实验环境:

  • 使用nfs/ftp服务器,nfs提供页面数据共享,ftp提供程序下载
  • 使用单独的mariadb服务器提供关系型数据库
  • 使用两台httpd服务器提供页面服务,包括静态的html和动态的php(phpmyadmin、wordpress、phpinfo)
  • 使用两台nginx作为两台httpd的负载均衡器
  • 对两台nginx配置keepalived保证集群的高可用

拓扑图

从零开始搭建双主模型的nginx proxy高可用集群

配置

nfs/ftp 192.168.45.201

#修改主机名
hostnamectl set-hostname nfs.easy.com

#同步时间
yum install -y ntp
ntpdate

#搭建nfs
yum install -y nfs-utils
mkdir /data/html -pv
vim /etc/exports
    /data/html 192.168.45.0/24(rw)
systemctl start nfs
showmount -e

#搭建ftp
yum install -y vsftpd
yum install -y lrzsz
cd /var/ftp/pub
rz
上传phpMyAdmin-4.0.10.20-all-languages.zip
上传wordpress-4.7.4-zh_CN.tar.gz

mariadb 192.168.45.202

#修改主机名
hostnamectl set-hostname mydb.easy.com

#同步时间    
yum install -y ntp
ntpdate

#搭建mariadb
yum install -y mariadb-server
vim /etc/my.cnf.d/server.cnf
    [mysqld] 
    skip_name_resolve=1
    log-bin=mysql-bin
    innodb_file_per_table = 1
systemctl start mariadb.service

#简单配置mariadb
mysql_secure_installation
mysql -uroot -peasy
    GRANT ALL ON *.* TO 'root'@'192.168.45.%' IDENTIFIED BY 'easy'; 
    CREATE DATABASE wordpress;

    SELECT * FROM mysql.user \G ;
    SHOW DATABASES;

web1 192.168.45.11

#修改主机名
hostnamectl set-hostname web1.easy.com

#同步时间
yum install -y ntp
ntpdate
yum install -y httpd php php-mysql php-mcrypt php-mbstring

#挂载nfs
yum install -y nfs-utils
mkdir /data/html -pv
mount 192.168.45.201:/data/html /var/www/html

#创建phpMyAdmin wordpress
yum install -y wget
wget ftp://192.168.45.201/pub/phpMyAdmin-4.0.10.20-all-languages.zip
wget ftp://192.168.45.201/pub/wordpress-4.7.4-zh_CN.tar.gz 
tar xf wordpress-4.7.4-zh_CN.tar.gz
yum install -y unzip  
unzip phpMyAdmin-4.0.10.20-all-languages.zip 
mv /root/wordpress /var/www/html/wordpress-4.7.4  
mv /root/phpMyAdmin-4.0.10.20-all-languages /var/www/html
cd /var/www/html
ln -sv phpMyAdmin-4.0.10.20-all-languages pma
ln -sv wordpress-4.7.4 wp
ls /var/www/html

#创建主页
vim /var/www/html/index.php
    <h1>This is index pages</h1>
    <?php
        phpinfo();
    ?>

#创建负载均衡测试页
mkdir /var/www/lbtest
echo "web server1">> /var/www/lbtest/test.html
cat /var/www/lbtest/test.html

#配置httpd虚拟主机
vim /etc/httpd/conf.d/vhost.conf
    listen 8080
    <VirtualHost 192.168.45.11:80>
        DocumentRoot /var/www/html
        Servername www.easy.com
        <Directory '/var/www/html'>
            Options FollowsymLinks
            AllowOverride None
            Require all granted
        </Directory>
    </VirtualHost>        
    <VirtualHost 192.168.45.11:8080>
       DocumentRoot /var/www/lbtest
            <Directory '/var/www/lbtest'>
            Options None
            AllowOverride None
            Require all granted
            </Directory>
    </VirtualHost>
systemctl start httpd

#配置php-mysql
vim /etc/php.ini
    mysqli.default_host = 192.168.45.202
    mysqli.default_user = root
    mysqli.default_pw = easy
systemctl restart httpd

#配置phpMyAdmin
cd /var/www/html/pma
cp config.sample.inc.php config.inc.php 
vim config.inc.php 
    $cfg['blowfish_secret'] = 'a8baskdljalskd7c6d';
    $cfg['Servers'][$i]['host'] = '192.168.45.202';

#配置wordpress
cd /var/www/html/wp
cp wp-config-sample.php wp-config.php
vim wp-config.php
    define('DB_NAME', 'wordpress');
    define('DB_USER', 'root');
    define('DB_PASSWORD', 'easy');
    define('DB_HOST', '192.168.45.202');

web2 192.168.45.12

#修改主机名
hostnamectl set-hostname web2.easy.com

#同步时间
yum install -y ntp
ntpdate
yum install -y httpd php php-mysql php-mcrypt php-mbstring

#挂载nfs
yum install -y nfs-utils
mkdir /data/html -pv
mount 192.168.45.201:/data/html /var/www/html

#创建负载均衡测试页
mkdir /var/www/lbtest
echo "web server2">> /var/www/lbtest/test.html
cat /var/www/lbtest/test.html

#配置httpd虚拟主机
vim /etc/httpd/conf.d/vhost.conf
    listen 8080
    <VirtualHost 192.168.45.12:80>
        DocumentRoot /var/www/html
        Servername www.easy.com
        <Directory '/var/www/html'>
            Options FollowsymLinks
            AllowOverride None
            Require all granted
        </Directory>
    </VirtualHost>        
    <VirtualHost 192.168.45.12:8080>
       DocumentRoot /var/www/lbtest
            <Directory '/var/www/lbtest'>
            Options None
            AllowOverride None
            Require all granted
            </Directory>
    </VirtualHost>
systemctl start httpd

#配置php-mysql
vim /etc/php.ini
    mysqli.default_host = 192.168.45.202
    mysqli.default_user = root
    mysqli.default_pw = easy
systemctl restart httpd

nginx1 192.168.45.201

#修改主机名    
hostnamectl set-hostname nginx1.easy.com

#同步时间
yum install -y ntp
ntpdate
yum install -y psmisc #killall指令安装

#配置nginx负载均衡
yum install -y nginx
vim /etc/nginx/nginx.conf
http {
    upstream backend {
        server 192.168.45.11:80;
        server 192.168.45.12:80;
    }
    upstream lbtest {
        server 192.168.45.11:8080;
        server 192.168.45.12:8080;
    }
    server{
        location / {
            proxy_pass http://backend;
        }
        location ~* 'test.html$' {
            proxy_pass http://lbtest;
        }
    }
}    
systemctl start nginx

#配置keepalived
yum install -y keepalived
mv /etc/keepalived/keepalived.conf{,.bak}
vim /etc/keepalived/keepalived.conf
    !Configuration File for keepalived
    global_defs {
        notification_email {
            root@localhost;
            }
        notification_email_from keepadmin@localhost
        smtp_server 127.0.0.1
        smtp_connect_timeout 30
        route_id nginx1
        vrrp_mcast_group4 224.51.151.251
    }        
    vrrp_instance VI_1{
        state MASTER
        priority 100
        interface ens37
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass SWF5FW2DF
        }
        virtual_ipaddress {
            172.16.51.1/16 dev ens37 label ens37:0
        }
        notify_master "/etc/keepalived/notify.sh master"
        notify_bachup "/etc/keepalived/notify.sh backup"
        notify_fault "/etc/keepalived/notify.sh fault"
    }
    vrrp_instance VI_2{
        state BACKUP
        interface ens37
        virtual_router_id 52
        priority 96
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 7D2SS5DF
        }
        virtual_ipaddress {
            172.16.51.2/16 dev ens37 label ens37:1
        }
        track_script {
            chk_down
            chk_nginx
        }
        notify_master "/etc/keepalived/notify.sh master"
        notify_bachup "/etc/keepalived/notify.sh backup"
        notify_fault "/etc/keepalived/notify.sh fault"
    }

#配置通知脚本
vim /etc/keepalived/notify.sh
    #!/bin/bash
    #
    contact='root@localhost'
    notify(){
            local mailsubject="$(hostname) to be $1 ,vip floating"
            local mailbody="$(date +'%F $T'):vrrp transition,$(hostname) changed to be $1"
            echo "$mailbody" |mail -s "$mailsubject" $contact
    }
    case $1 in
    master)
            systemctl start nginx.service
            notify master
            ;;
    backup)
            systemctl start nginx.service
            notify backup
            ;;
    fault)
            systemctl stop nginx.service
            notify fault
            ;;
    *)
            echo "ERROR"
            exit 1
            ;;
    esac

nginx2 192.168.45.202

#修改主机名
hostnamectl set-hostname nginx2.easy.com

#同步时间
yum install -y ntp
ntpdate
yum install -y psmisc #killall指令安装

#配置nginx负载均衡
yum install -y nginx
mv /etc/nginx/nginx.conf{,.bak}
接受nginx1传送配置后
systemctl start nginx

#配置keepalived
yum install -y keepalived
mv /etc/keepalived/keepalived.conf{,.bak}
vim /etc/keepalived/keepalived.conf
    !Configuration File for keepalived        
    global_defs {
        notification_email {
            root@localhost;
            }
        notification_email_from keepadmin@localhost
        smtp_server 127.0.0.1
        smtp_connect_timeout 30
        route_id nginx2
        vrrp_mcast_group4 224.51.151.251
    }        
    vrrp_script chk_down{
        script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0 "
        interval 1
        weight -5
        fall 1
        rise 1
    }        
    vrrp_script chk_nginx{
        script "killall -0 nginx && exit 0 || exit 1"
        interval 1
        weight -5
        fall 2
        rise 2
    }
    vrrp_instance VI_1{
        state BACKUP
        interface ens37
        virtual_router_id 51
        priority 96
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass SWF5FW2DF
        }
        virtual_ipaddress {
            172.16.51.1/16 dev ens37 label ens37:0
        }
        track_script {
            chk_down
            chk_nginx
        }
        notify_master "/etc/keepalived/notify.sh master"
        notify_bachup "/etc/keepalived/notify.sh backup"
        notify_fault "/etc/keepalived/notify.sh fault"
    }
    vrrp_instance VI_2{
        state MASTER
        interface ens37
        virtual_router_id 52
        priority 100
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 7D2SS5DF
        }
        virtual_ipaddress {
            172.16.51.2/16 dev ens37 label ens37:1
        }
        track_script {
            chk_down
            chk_nginx
        }
        notify_master "/etc/keepalived/notify.sh master"
        notify_bachup "/etc/keepalived/notify.sh backup"
        notify_fault "/etc/keepalived/notify.sh fault"
    }

#配置通知脚本
vim /etc/keepalived/notify.sh
    #!/bin/bash
    #
    contact='root@localhost'
    notify(){
            local mailsubject="$(hostname) to be $1 ,vip floating"
            local mailbody="$(date +'%F $T'):vrrp transition,$(hostname) changed to be $1"
            echo "$mailbody" |mail -s "$mailsubject" $contact
    }
    case $1 in
    master)
            systemctl start nginx.service
            notify master
            ;;
    backup)
            systemctl start nginx.service
            notify backup
            ;;
    fault)
            systemctl stop nginx.service
            notify fault
            ;;
    *)
            echo "ERROR"
            exit 1
            ;;
    esac

实验总结

BUG

  • 该环境配置完成后出现BUG,chk_nginx脚本并不会真正的检测nginx,来对keepalived权重进行调整

待完善

  • 该实验环境只是实现基本功能,部分配置存在安全隐患
  • 该环境单点状况过多,需要提升页面资源的nfs服务器和关系型数据库mariadb服务器的高可用性
  • httpd服务器没有实现动静分离
  • httpd服务器负载均衡不能保持会话,需要增加session服务器
  • 增加cache服务器可以大幅度提高浏览速度 



                                                        
原创文章,作者:easyTang,如若转载,请注明出处:http://www.178linux.com/78553
                        


                        

                        

                            
(0)

                                                    


                        

                            

                                                                    

                                                                                
                                            easyTangeasyTang                                        
                                    

                                                                

                                    

                                                                                 0                                                                            

                                    
                                    

                                        
                                    

                                

                            

                        

                    

                                            

                    

                
                

                     上一篇
                    2017-06-25
                

            

                            

                
                

                    下一篇 
                    2017-06-26
                

            

            

                    
                                            

                            
相关推荐
  • 
        
    
                
    
            
                                 Git 分布式 Moosefs + Corosync + DRBD 集群            
        
    
        
    
            
        对于 Git 集群来说,在不采用存储阵列的情况下,分布式存储系统是一个很好的解决方案。目前可使用的分布式文件系统,初步了解了一下,Git 是属于小文件的应用,因此可考量的我想就只有目前的 Moosefs、Ceph 了,Ceph 目前好似国内应用不多,貌似不太稳定。至于 GlusterFS 其比较适用于大文件的应…
    
        
    
        
    
                                            Linux干货
                            2016-02-22
            
    
                            
    
        
    
    
    

    • 

  • 
        
    
                
    
            
                                 crond实现邮件告警            
        
    
        
    
            
    实验环境:centos 6.8 所需软件:mailx或msmtp或smtpEmail等 smtp客户端程序 所需帐号:我这使用的是163邮箱。 本方案优点:安装软件少,无须启动postfix等邮件服务。无须配置postfix邮件服务。由于调用的是注册邮箱,所以也不会给移入到垃圾邮件中。  建议:生产中,不管是什么服务发送邮件的建议使用外部smtp帐…
    
        
    
        
    
                                            Linux干货
                            2016-07-10
            
    
                            
    
        
    
    
    

    • 

  • 
        
    
        
            MariaDB之MHA配置        
                Linux干货
            
    
        
    
                
    
            
                                 MariaDB之MHA配置            
        
    
        
    
            
    工作拓扑 一、MHA简明:     MHA(Master HA)是一款开源的MySQL的高可用程序,它为MySQL主从复制架构提供了    automating master failover 功能。MHA在监控到master节点故障时,会提升其中    拥有最新数据的…
    
        
    
        
    
                                    2017-01-01
            
    
                            
    
        
    
    
    

    • 

  • 
        
    
                
    
            
                                 Centos Linux基础入门知识类            
        
    
        
    
            
    Centos Linux基础入门知识类 •1.1Linux终端介绍 •1.2基本命令的使用:ls、pwd、cd。 •1.3 查看系统和BIOS硬件时间。 •1.4 Linux如何获得帮助,Linux关机命令:shutdow、init等。 •1.5 YUM本地源配置与开机自动挂载光盘 前言: 很多学习Linux的同学或多…
    
        
    
        
    
                                            Linux干货
                            2017-03-26
            
    
                            
    
        
    
    
    

    • 

  • 
        
    
                
    
            
                                 关于 磁盘、文件系统管理            
        
    
        
    
            
                   磁盘、文件系统管理               1  设备识别2  设备分区3 …
    
        
    
        
    
                                            系统运维
                            2016-08-30
            
    
                            
    
        
    
    
    

    • 

  • 
        
    
                
    
            
                                 RPM软件包管理            
        
    
        
    
            
    Linux应用程序的组成 安装完一个软件包以后,可能会向系统中复制大量的数据文件,并进行相关设置。在Linux系统中,典型的应用程序通常由以下几部分组成。 普通的可执行程序文件:一般保存在“/usr/bin”目录中,普通用户即可执行。 服务器程序、管理程序文件:一般保存在”/usr/sbin“目录中,只有管理员能执行。 配置文件:一般保存在”/etc“目录中…
    
        
    
        
    
                                            Linux干货
                            2016-08-21
            
    
                            
    
        
    
    
    

    • 

                        

                                    

                    

            
    




            

                                                    

                                                                    

                                    

                                                                    

                            

                    

                                    

                                                    
                                                                电话咨询
                            
                                            

                                    

                                                    
                                                                在线咨询