本文主要是介绍Keepalived+Nginx双机配置小结,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
《Keepalived+Nginx双机配置小结》本文主要介绍了Keepalived+Nginx双机配置小结,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面...
1.1 软硬件要求
1.2 部署前服务器配置调优
关闭SELinux:
修改 /etc/selinux/config
文件中的 SELINUX
参数值为 disabled
。
关闭防火墙:
chkconfig iptables off service iptables stop
修改hostname:
修改 /etc/hosts
文件,添加服务器真实 IP 和 hostname。
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 192.168.1.100 OSS-103
修改用户进程可打开文件数限制:
修改 /etc/security/limits.conf
文件,添加:
* soft nproc 65536 * hard nproc 65536 * soft nofile 65536 * hard nofile 65536
修改 /etc/security/limits.d/90-nproc.conf
文件,注释掉:
* soft nproc 1024
修改 /etc/pam.d/login
文件,添加:
session required pam_limits.so
重启 SSH 服务:
service sshd restart
Linux服务器时间同步:
- 查看时间:
date
- 手动修改时间:
date –s “2015-5-8 19:48:00”
- 自动更新时间:
ntpdate -u us.pool.ntp.org
1.3 Nginx+Keepalived部署
1.3.1编程 Nginx部署
安装约定
- 使用普通用户
aiuap
安装。 - 确认服务器已安装 C 环境。
安装过程
上传
nginx-1.8.0.tar.gz
到aiuap
目录下。创建
nginx
文件目录:cd /opt mkdir nginx cd /home/aiuap
将
nginx
安装包移动到tmp
目录下,进行解压:mv nginx-1.8.0.tar.gz /tmp cd /tmp tar zxvf nginx-1.8.0.tar.gz
安装
nginx
:cd nginx-1.8.0 ./configure --prefix=/home/csss/nginx
注意:可能需要安装
pcre-devel
和zlib-devel
库。编译安装:
make make install
Nginx配置
查看 nginx
安装目录:
cd /home/nginx ls
修改 nginx
配置文件 nginx.conf
:
vi conf/nginx.conf
配置内容(示例):
worker_processes 24; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; upstream xxxx{ ip_hash; China编程 server 192.168.1.101:8088 weight=1; } server { listen 8099; server_name localhost; location / { root html; proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; proxy_pass http://xxxx/; } } upstream csss { ip_hash; server 192.168.1.102:8080 weight=1; } server { listen 9000; server_name 192.168.1.102; location / { root html; index index.html index.htm; proxy_pass http://xxxx/; } } }
1.3.2 Nginx+Keepalived实现双机热备
- 准备一个浮动 IP(如:
192.168.1.200
)。 - 配置备
nginx
与主nginx
相同。 - 安装
keepalived
。
安装Keepalived
安装依赖库:
yum -y install openssl-devel yum -y install ipvsadm yum -y install libnl libnl-devel yum -y install popt-devel
创建
keepalived
安装目录:mkdir /home/keepalived
解压安装包并安装:
tar -zxvf keepalived-1.2.2.tar.gz cd keepalived-1.2.2 ./configure --prefix=/home/test/keepalived make makeinstall
建立软连接:
ln -s /home/test/keepalived/sbin/keepalived /sbin/ ln -s /home/test/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ mkdir /etc/keepalived ln -s /home/test/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
配置
keepalived
:- 主服务器配置:
vi /home/test/keepalived/etc/keepalived/keepalived.conf
- 备服务器配置:
vi /home/keepalived/etc/keepalived/keepalived.conf
- 主服务器配置:
创建脚本
chk_nginx_pid.sh
并赋予执行权限:chmod +x /home/test/keepalived/chk_nginx_pid.sh
启动
keepalived
:- RHEL 7 以下:
keepalived -D -f /home/test/keepalived/etc/keepalived/keepalived.conf
- RHEL 7 以上:
systemctl start keepalived.service
- RHEL 7 以下:
停止
keepalived
:- RHEL 7 以下:
service keepalived stop
- RHEL 7 以上:
systemctl stop keepalived.service
- RHEL 7 以下:
1.3.3 启动和停止Nginx
启动 Nginx:
/home/nginx/sbin/nginx
停止 Nginx:
从容停止:
kill -QUIT `cat /home/nginx/logs/nginx.pid`
快速停止:
kill -TERM `cat /home/nginx/logs/nginx.pid`
强制停止:
kill -9 `cat /home/nginx/logs/nginx.pid`
平滑重启:
kill -HUP `cat /home/nginxhttp://www.chinasem.cn/logs/nginx.pid`
1.4 使用和维护
- 日志位置:
<nginx安装目录>/logs/Access.log
- 双机状态查看:
ip addr show bond0
1.5 在已经安装的Nginx上增加SSL模块
检查 Nginx 版本和模块:
/usr/local/nginx/sbin/nginx -V
下载并配置 Nginx 源码:
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
编译但不安装:
make
停止 Nginx 并替换二进制文件:
kill -QUIT `cat /usr/local/nginx/logs/nginx.pid` cp ~/download/nginx-1.10.3/objs/nginx /usr/local/nginx/sbin/
验证模块:
/usr/local/nginx/sbin/nginx -V
修改
nginx.conf
文件以支持 SSL。
1.6 配置示例
SSL 配置:
server { server_name example.com; listen 443 ssl; ssl_certificate /usr/local/nginx/conf/example.com_server.txt; ssl_certificate_key /usr/local/nginx/conf/example.com_private.txt; location / { # 配置内容 } error_page 500 502 503 504 /50x.html; China编程 location = /50x.html { root html; } } server { listen 80; servjavascripter_name example.com; rewrite ^(.*)$ https://example.com$1 permanent; }
以上是对 Keepalived+Nginx 双机配置的详细指南,包括安装、配置、启动、停止和维护等步骤
1.6 Nginx基线配置
1.6.1 检查是否隐藏nginx版本信息
server_tokens off;
1.6.2 检查是否配置日志
修改 nginx.conf
文件
error_log logs/error.log; error_log logs/error.log notice; error_log logs/error.log info; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; error_log logs/error.log error;
1.6.3 检查是否控制超时时间
修改 nginx.conf
文件
client_body_timeout 20s; # 设置客户端请求主体读取超时时间 client_header_timeout 10s; # 设置客户端请求头读取超时时间 send_timeout 30s; # 服务端向客户端传输数据的超时时间
1.6.4 检查是否限制客户端下载速度
修改 nginx.conf
文件
limit_conn_zone $binary_remote_addr zone=addr:10m; # 添加该行 limit_conn addr 50; # 每个客户端允许50个线程。 limit_rate 1000k; # 每个线程最大下载速度1000k
1.6.5 检查是否自定义nginx返回的错误信息
修改 nginx
配置文件
error_page 400 401 402 403 404 405 408 410 412 413 414 415 500 501 502 503 504 506 /50x.html; location = /50x.html { root html; }
1.6.6 检查是否配置防盗链设置
location ~* ^.+\.(aa|bb|cc)$ { valid_referers none blocked 127.0.0.1; if ($invalid_referer) { return 403; } }
1.6.7 检查是否限制IP访问
deny 1.1.1.1; allow all;
1.7 完整样例配置
worker_processes 4; error_log logs/error.log; error_log logs/error.log notice; error_log logs/error.log info; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; error_log logs/error.log error; client_body_timeout 20s; client_header_timeout 10s; send_timeout 30s; limit_conn_zone $binary_remote_addr zone=addr:10m; sendfile on; keepalive_timeout 65; server_tokens off; upstream xxxx { ip_hash; server 192.168.107.2:7001 weight=10; server 192.168.107.3:7001 weight=10; } server { listen 8080 default; server_name _; location / { return 403; } } server { listen 8080; server_name 192.168.107.2 192.168.107.4; add_header Set-Cookie "HttpOnly=true"; set $flag 0; if ( $host != '192.168.107.2' ) { set $flag 1; } if ( $host != '192.168.107.4' ) { set $flag $flag+1; } if ( $flag = 3 ) { return 403; } location / { root html; proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; proxy_pass http://xxxx/; limit_conn addr 50; limit_rate 1000k; deny 1.1.1.1; allow all; } location ~* ^.+\.(aa|bb|cc)$ { valid_referers none blocked 127.0.0.1; if ($invalid_referer) { return 403; } } error_page 400 401 402 403 404 405 408 410 412 413 414 415 500 501 502 503 504 506 /50x.html; location = /50x.html { root html; } } }
以上是 Nginx 的基线配置指南,包括隐藏版本信息、配置日志、控制超时时间、限制客户端下载速度、自定义错误信息、配置防盗链设置和限制 IP 访问等。
到此这篇关于Keepalived+Nginx双机配置小结的文章就介绍到这了,更多相关Keepalived Nginx双机配置内容请搜索编程China编程(www.chinasem.cn)以前的文章或继续浏览下面的相关文章希望大家以后多多支持China编程(www.chinasem.cn)!
这篇关于Keepalived+Nginx双机配置小结的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!