本文主要是介绍Keepalived+Nginx双机配置小结,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
《Keepalived+Nginx双机配置小结》本文主要介绍了Keepalived+Nginx双机配置小结,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面...
1.1 软硬件要求
1.2 部署前服务器配置调优
关闭SELinux:
修改 /etc/selinux/config 文件中的 SELINUX 参数值为 disabled。
关闭防火墙:
chkconfig iptables off service iptables stop
修改hostname:
修改 /etc/hosts 文件,添加服务器真实 IP 和 hostname。
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 192.168.1.100 OSS-103
修改用户进程可打开文件数限制:
修改 /etc/security/limits.conf 文件,添加:
* soft nproc 65536 * hard nproc 65536 * soft nofile 65536 * hard nofile 65536
修改 /etc/security/limits.d/90-nproc.conf 文件,注释掉:
* soft nproc 1024
修改 /etc/pam.d/login 文件,添加:
session required pam_limits.so
重启 SSH 服务:
service sshd restart
Linux服务器时间同步:
- 查看时间:
date - 手动修改时间:
date –s “2015-5-8 19:48:00” - 自动更新时间:
ntpdate -u us.pool.ntp.org
1.3 Nginx+Keepalived部署
1.3.1编程 Nginx部署
安装约定
- 使用普通用户
aiuap安装。 - 确认服务器已安装 C 环境。
安装过程
上传
nginx-1.8.0.tar.gz到aiuap目录下。创建
nginx文件目录:cd /opt mkdir nginx cd /home/aiuap
将
nginx安装包移动到tmp目录下,进行解压:mv nginx-1.8.0.tar.gz /tmp cd /tmp tar zxvf nginx-1.8.0.tar.gz
安装
nginx:cd nginx-1.8.0 ./configure --prefix=/home/csss/nginx
注意:可能需要安装
pcre-devel和zlib-devel库。编译安装:
make make install
Nginx配置
查看 nginx 安装目录:
cd /home/nginx ls
修改 nginx 配置文件 nginx.conf:
vi conf/nginx.conf
配置内容(示例):
worker_processes 24;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream xxxx{
ip_hash;
China编程 server 192.168.1.101:8088 weight=1;
}
server {
listen 8099;
server_name localhost;
location / {
root html;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
proxy_pass http://xxxx/;
}
}
upstream csss {
ip_hash;
server 192.168.1.102:8080 weight=1;
}
server {
listen 9000;
server_name 192.168.1.102;
location / {
root html;
index index.html index.htm;
proxy_pass http://xxxx/;
}
}
}
1.3.2 Nginx+Keepalived实现双机热备
- 准备一个浮动 IP(如:
192.168.1.200)。 - 配置备
nginx与主nginx相同。 - 安装
keepalived。
安装Keepalived
安装依赖库:
yum -y install openssl-devel yum -y install ipvsadm yum -y install libnl libnl-devel yum -y install popt-devel
创建
keepalived安装目录:mkdir /home/keepalived
解压安装包并安装:
tar -zxvf keepalived-1.2.2.tar.gz cd keepalived-1.2.2 ./configure --prefix=/home/test/keepalived make makeinstall
建立软连接:
ln -s /home/test/keepalived/sbin/keepalived /sbin/ ln -s /home/test/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ mkdir /etc/keepalived ln -s /home/test/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
配置
keepalived:- 主服务器配置:
vi /home/test/keepalived/etc/keepalived/keepalived.conf
- 备服务器配置:
vi /home/keepalived/etc/keepalived/keepalived.conf
- 主服务器配置:
创建脚本
chk_nginx_pid.sh并赋予执行权限:chmod +x /home/test/keepalived/chk_nginx_pid.sh
启动
keepalived:- RHEL 7 以下:
keepalived -D -f /home/test/keepalived/etc/keepalived/keepalived.conf
- RHEL 7 以上:
systemctl start keepalived.service
- RHEL 7 以下:
停止
keepalived:- RHEL 7 以下:
service keepalived stop
- RHEL 7 以上:
systemctl stop keepalived.service
- RHEL 7 以下:
1.3.3 启动和停止Nginx
启动 Nginx:
/home/nginx/sbin/nginx
停止 Nginx:
从容停止:
kill -QUIT `cat /home/nginx/logs/nginx.pid`
快速停止:
kill -TERM `cat /home/nginx/logs/nginx.pid`
强制停止:
kill -9 `cat /home/nginx/logs/nginx.pid`
平滑重启:
kill -HUP `cat /home/nginxhttp://www.chinasem.cn/logs/nginx.pid`
1.4 使用和维护
- 日志位置:
<nginx安装目录>/logs/Access.log - 双机状态查看:
ip addr show bond0
1.5 在已经安装的Nginx上增加SSL模块
检查 Nginx 版本和模块:
/usr/local/nginx/sbin/nginx -V
下载并配置 Nginx 源码:
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
编译但不安装:
make
停止 Nginx 并替换二进制文件:
kill -QUIT `cat /usr/local/nginx/logs/nginx.pid` cp ~/download/nginx-1.10.3/objs/nginx /usr/local/nginx/sbin/
验证模块:
/usr/local/nginx/sbin/nginx -V
修改
nginx.conf文件以支持 SSL。
1.6 配置示例
SSL 配置:
server {
server_name example.com;
listen 443 ssl;
ssl_certificate /usr/local/nginx/conf/example.com_server.txt;
ssl_certificate_key /usr/local/nginx/conf/example.com_private.txt;
location / {
# 配置内容
}
error_page 500 502 503 504 /50x.html;
China编程 location = /50x.html {
root html;
}
}
server {
listen 80;
servjavascripter_name example.com;
rewrite ^(.*)$ https://example.com$1 permanent;
}
以上是对 Keepalived+Nginx 双机配置的详细指南,包括安装、配置、启动、停止和维护等步骤
1.6 Nginx基线配置
1.6.1 检查是否隐藏nginx版本信息
server_tokens off;
1.6.2 检查是否配置日志
修改 nginx.conf 文件
error_log logs/error.log;
error_log logs/error.log notice;
error_log logs/error.log info;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
error_log logs/error.log error;
1.6.3 检查是否控制超时时间
修改 nginx.conf 文件
client_body_timeout 20s; # 设置客户端请求主体读取超时时间 client_header_timeout 10s; # 设置客户端请求头读取超时时间 send_timeout 30s; # 服务端向客户端传输数据的超时时间
1.6.4 检查是否限制客户端下载速度
修改 nginx.conf 文件
limit_conn_zone $binary_remote_addr zone=addr:10m; # 添加该行 limit_conn addr 50; # 每个客户端允许50个线程。 limit_rate 1000k; # 每个线程最大下载速度1000k
1.6.5 检查是否自定义nginx返回的错误信息
修改 nginx 配置文件
error_page 400 401 402 403 404 405 408 410 412 413 414 415 500 501 502 503 504 506 /50x.html;
location = /50x.html {
root html;
}
1.6.6 检查是否配置防盗链设置
location ~* ^.+\.(aa|bb|cc)$ {
valid_referers none blocked 127.0.0.1;
if ($invalid_referer) {
return 403;
}
}
1.6.7 检查是否限制IP访问
deny 1.1.1.1; allow all;
1.7 完整样例配置
worker_processes 4;
error_log logs/error.log;
error_log logs/error.log notice;
error_log logs/error.log info;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
error_log logs/error.log error;
client_body_timeout 20s;
client_header_timeout 10s;
send_timeout 30s;
limit_conn_zone $binary_remote_addr zone=addr:10m;
sendfile on;
keepalive_timeout 65;
server_tokens off;
upstream xxxx {
ip_hash;
server 192.168.107.2:7001 weight=10;
server 192.168.107.3:7001 weight=10;
}
server {
listen 8080 default;
server_name _;
location / {
return 403;
}
}
server {
listen 8080;
server_name 192.168.107.2 192.168.107.4;
add_header Set-Cookie "HttpOnly=true";
set $flag 0;
if ( $host != '192.168.107.2' ) {
set $flag 1;
}
if ( $host != '192.168.107.4' ) {
set $flag $flag+1;
}
if ( $flag = 3 ) {
return 403;
}
location / {
root html;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
proxy_pass http://xxxx/;
limit_conn addr 50;
limit_rate 1000k;
deny 1.1.1.1;
allow all;
}
location ~* ^.+\.(aa|bb|cc)$ {
valid_referers none blocked 127.0.0.1;
if ($invalid_referer) {
return 403;
}
}
error_page 400 401 402 403 404 405 408 410 412 413 414 415 500 501 502 503 504 506 /50x.html;
location = /50x.html {
root html;
}
}
}
以上是 Nginx 的基线配置指南,包括隐藏版本信息、配置日志、控制超时时间、限制客户端下载速度、自定义错误信息、配置防盗链设置和限制 IP 访问等。
到此这篇关于Keepalived+Nginx双机配置小结的文章就介绍到这了,更多相关Keepalived Nginx双机配置内容请搜索编程China编程(www.chinasem.cn)以前的文章或继续浏览下面的相关文章希望大家以后多多支持China编程(www.chinasem.cn)!
这篇关于Keepalived+Nginx双机配置小结的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
