Nginx配置TCP轉發+http轉發+keepalived高可用
Nginx配置TCP請求轉發+http請求轉發+keepalived高可用
http://nginx.org/download/
1.TCP請求轉發基於stream在1.9版本前,需要單獨編譯安裝該組建:
依賴服務
[[email protected] conf]#yum -y install pcre-devel openssl openssl-devel library
wget http://nginx.org/download/nginx-1.9.5.tar.gz
tar -xf nginx-1.9.5.tar.gz -C /usr/local/
cd /usr/local/nginx-1.9.5/
編譯安裝 stream 組建
./configure --prefix=/usr/local/nginx/ --with-http_stub_status_module --with-http_ssl_module --with-stream --with-stream_ssl_module
make && make install
vim /etc/profile.d/nginx.sh
export PATH=/usr/local/nginx/sbin:$PATH
source /etc/profile.d/nginx.sh
nginx 啟動。
2、建立conf檔案存放目錄:
mkdir /usr/local/nginx/conf/conf.d/
3、配置
01、nginx.conf
vim /usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /usr/local/nginx/logs/nginx.pid;
include /usr/local/nginx/conf/conf.d/.conf;
events {
worker_connections 25600; #最大連線數
use epoll; #指明併發連線請求的處理方法
accept_mutex on; #處理新的連線請求的方法;on意味著由worker輪流處理新請求,
#併發總數是 worker_processes 和 worker_connections 的乘積
#即 max_clients = worker_processes
#在設定了反向代理的情況下,max_clients = worker_processes worker_connections / 4 為什麼
#為什麼上面反向代理要除以4,應該說是一個經驗值
#根據以上條件,正常情況下的Nginx Server可以應付的最大連線數為:4 8000 = 32000
#worker_connections 值的設定跟實體記憶體大小有關
#因為併發受IO約束,max_clients的值須小於系統可以開啟的最大檔案數
#而系統可以開啟的最大檔案數和記憶體大小成正比,一般1GB記憶體的機器上可以開啟的檔案數大約是10萬左右
#我們來看看360M記憶體的VPS可以開啟的檔案控制代碼數是多少:
#$ cat /proc/sys/fs/file-max
#輸出 34336
#32000 < 34336,即併發連線總數小於系統可以開啟的檔案控制代碼總數,這樣就在作業系統可以承受的範圍之內
#所以,worker_connections 的值需根據 worker_processes 程序數目和系統可以開啟的最大檔案總數進行適當地進行設定
#使得併發總數小於作業系統可以開啟的最大檔案數目
#其實質也就是根據主機的物理CPU和記憶體進行配置
#當然,理論上的併發總數可能會和實際有所偏差,因為主機還有其他的工作程序需要消耗系統資源。
ulimit -SHn 65535;
}
02、vim /usr/local/nginx/conf/conf.d/yewu.conf
http {
log_format main ' "$http_x_forwarded_for" | [$time_local] | $host | $remote_addr | $request | $request_time | $body_bytes_sent | $status |'
'| $upstream_addr | $upstream_response_time | $upstream_status |'
' "$http_referer" | "$http_user_agent" ';
access_log /var/log/nginx/access.log main;
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
default_type application/octet-stream;
server {
listen 80;
root /data/nginx;
index index.html index.htm *.html index.jsp;
location ^~ /configCenter-vals/ {
proxy_pass http://192.168.1.141:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
location ^~ /configCenter/ {
proxy_pass http://192.168.1.139:8082;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
location ^~ /dubbo_admin/ {
proxy_pass http://192.168.1.139:8082;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
location ^~ /appserver/ {
proxy_pass http://192.168.1.160:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
location ^~ /asserver/ {
proxy_pass http://192.168.1.161:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
location ^~ /idsoserver/ {
proxy_pass http://192.168.1.161:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
location ^~ /vals-ap/ {
proxy_pass http://192.168.1.142:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
location ^~ /eidboss/ {
proxy_pass https://192.168.1.145:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
location ^~ /asboss/ {
proxy_pass http://192.168.1.145:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
}
}
03、vim /usr/local/nginx/conf/conf.d/eid.conf
stream {
upstream eid_device {
server 192.168.1.12:8008 max_fails=1 fail_timeout=1s weight=1;
server 192.168.1.12:8008 max_fails=1 fail_timeout=1s weight=1;
}
server {
listen 8008;
proxy_pass eid_device;
}
}
4、keepalived高可用配置
01、master配置
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {br/>[email protected]
}
notification_email_from [email protected]
smtp_server smtp.exmail.qq.com
smtp_connect_timeout 30
router_id nginx-master
}
vrrp_script chk_httpd {
script "/etc/keepalived/check_and_start_httpd.sh"
interval 2
weight -10
fall 3
rise 2
}
vrrp_instance VI_1 {
nopreempt
state MASTER
interface eth1
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.8/32 dev eth1 label eth1:0
192.168.1.9/32 dev eth1 label eth1:1
}
track_script { # 引用VRRP指令碼,即在 vrrp_script 部分指定的名字。定期執行它們來改變優先順序,並最終引發主備切換。
chk_httpd
}
}
02、backup配置
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server smtp.exmail.qq.com
smtp_connect_timeout 30
router_id nginx-backup
}
vrrp_script chk_httpd {
script "/etc/keepalived/check_and_start_httpd.sh"
interval 2
weight -10
fall 3
rise 2
}
vrrp_instance VI_1 {
# nopreempt
state BACKUP
interface eth1
virtual_router_id 66
priority 95
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.8/32 dev eth1 label eth1:0
192.168.1.9/32 dev eth1 label eth1:1
}
track_script { # 引用VRRP指令碼,即在 vrrp_script 部分指定的名字。定期執行它們來改變優先順序,並最終引發主備切換。
chk_httpd
}
}
03、指令碼:vim /etc/keepalived/check_and_start_httpd.sh
#!/bin/bash
counter=$(ps -C nginx --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
ps -ef | grep nginx | grep -v grep | awk '{print $2}' | sed -e "s/^/kill -9 /g" | sh - #/usr/local/bin/nginx 此為nginx啟動方式。
nginx
sleep 2
counter=$(ps -C nginx --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
systemctl stop keepalived
echo -e "$ip of nginx is stop ,nginx service switch nginx slave \nlocal is virtual ip : $virtual_ip not exist " |mail -s "$ip of nginx is stop" [email protected]
fi
fi
04、郵箱配置:
yum -y install mailx
yum install -y sendmail
yum install -y sendmail-cf
yum -y install bc
echo "TRUST_AUTH_MECH('EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl" >> /etc/mail/sendmail.mc
echo "define('confAUTH_MECHANISMS', 'EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl" >> /etc/mail/sendmail.mc
sed -i s#127.0.0.1#0.0.0.0#g /etc/mail/sendmail.mc
grep "OPTIONS" /etc/mail/sendmail.mc
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
echo 'set [email protected]' >> /etc/mail.rc
echo 'set smtp=smtp.exmail.qq.com' >> /etc/mail.rc
echo 'set [email protected]' >> /etc/mail.rc
echo 'set smtp-auth-password=xxxx' >> /etc/mail.rc
echo 'set smtp-auth=login' >> /etc/mail.rc
IP1=$(ifconfig|grep '192.168'|awk '{print $2}')
IP2=$(ifconfig|grep '10.10'|awk '{print $2}')
abc="abc.mail.com"
echo "$IP2 `hostname` $abc" >> /etc/hosts
systemctl enable sendmail
systemctl start sendmail
systemctl status sendmail