Master server eth0:58.49.110.238 eth1:192.168.1.11 Slave server eth0:58.49.110.230 eth1:192.168.1.10 Vip1:58.49.110.228 Vip2:192.168.1.254
1. Master/slave服务器上
1.安装keepalived #Yum install keepalived -y 2.编辑配置文件vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { guo.cl@dingshitech.com } notification_email_from guo.cl@dingshitech.com #keepalived在发生切换时发送email的对象邮箱 router_id LVS_master/slave #运行keepalived的标识符 } vrrp_instance VI_1 { #设置监控实例 state MASTER/slave #指定主备 interface eth0 #设置实例网卡 virtual_router_id 51 #VPID标记,主备的值要一样 priority 150/99 #优先级,主大备小 advert_int 1 #检查间隔,默认1秒 authentication { #设置认证 auth_type PASS #认证方式 auth_pass 1111 #认证密码 } virtual_ipaddress { 58.49.110.228 #虚拟IP } } vrrp_instance LAN_GATEWAY { #设置监控实例 state MASTER/slave #指定主备 interface eth1 #设置实例网卡 virtual_router_id 62 #VPID标记,主备的值一致 priority 150/99 #优先级,主大备小 advert_int 1 #检查间隔,默认1秒 authentication { #设置认证 auth_type PASS #认证方式 auth_pass 1111 #认证密码 } virtual_ipaddress { 192.168.1.254 #虚拟IP } } vrrp_sync_group VG_1 { #监控多个实例 group { VI_1 LAN_GATEWAY } } 3.安装nginx #rpm –ivh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm #yum install nginx -y 4.修改nginx配置文件 vim /etc/nginx/nginx.conf user denglish; worker_processes 4; error_log /logs/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; # log_format main '$remote_addr - $remote_user [$time_local] \"$request\" ' # '$status $body_bytes_sent \"$http_referer\" ' # '\"$http_user_agent\" \"$http_x_forwarded_for\"'; log_format main '$remote_addr - $remote_user [$time_local] ' 'fwf[$http_x_forwarded_for] tip[$http_true_client_ip] ' '$upstream_addr $upstream_response_time $request_time ' '$http_host $request ' '\"$status\" $body_bytes_sent \"$http_referer\" ' '\"$http_accept_language\" \"$http_user_agent\" '; sendfile on; #tcp_nopush on; keepalive_timeout 65; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; fastcgi_max_temp_file_size 0; proxy_max_temp_file_size 0; client_max_body_size 10m; client_body_buffer_size 4m; include /etc/nginx/conf.d/*.conf; ##dingshipad.com add by guochenglan upstream dingshipad { server 192.168.1.222:8180 weight=1; server 192.168.1.223:8180 weight=1; } server { listen 80; server_name www.dingshipad.com; access_log /logs/www.dingshipad.com_access.log main; error_log /logs/www.dingshipad.com_error.log error; location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_pass http://192.168.1.222:8180/denglish/; proxy_pass http://dingshipad/denglish/; } } } 5.修改防火墙,允许对应的端口通过 iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -i eth1 -p vrrp -s 192.168.1.10 -j ACCEPT iptables -A INPUT -p tcp --dport 8080 -j ACCEPT iptables -A INPUT -p tcp --dport 8081 -j ACCEPT iptables -A INPUT -p tcp --dport 8005 -j ACCEPT iptables -A INPUT -p tcp --dport 8009 -j ACCEPT iptables -A INPUT -p tcp --dport 5666 -j ACCEPT iptables -A INPUT -p tcp --sport 5666 -j ACCEPT iptables -A INPUT -p tcp --dport 110 -j ACCEPT iptables -A INPUT -p tcp --dport 25 -j ACCEPT iptables -A INPUT -p tcp --dport 53 -j ACCEPT iptables -A INPUT -p udp --dport 161 -j ACCEPT iptables -A INPUT -p udp --dport 162 -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A INPUT -i lo -p all -j ACCEPT iptables -A OUTPUT -p tcp --sport 31337 -j DROP iptables -A OUTPUT -p tcp --dport 31337 -j DROP iptables -A INPUT -p tcp --dport 5901 -j ACCEPT iptables -A INPUT -p tcp --dport 5902 -j ACCEPT iptables -A INPUT -p tcp --dport 873 -j ACCEPT iptables -A INPUT -p tcp --dport 8008 -j ACCEPT iptables -A INPUT -p tcp --dport 111 -j ACCEPT iptables -A INPUT -p udp --dport 111 -j ACCEPT iptables -A INPUT -p tcp --dport 2049 -j ACCEPT iptables -A INPUT -p udp --dport 2049 -j ACCEPT iptables -A INPUT -p tcp --dport 875 -j ACCEPT iptables -A INPUT -p udp --dport 875 -j ACCEPT iptables -A INPUT -p tcp --dport 892 -j ACCEPT iptables -A INPUT -p udp --dport 892 -j ACCEPT iptables -A INPUT -p tcp --dport 32769 -j ACCEPT iptables -A INPUT -p udp --dport 32769 -j ACCEPT iptables -A INPUT -p tcp --dport 32803 -j ACCEPT iptables -A INPUT -p udp --dport 32803 -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 58.49.110.228 iptables -t nat -A PREROUTING -i eth0 -d 58.49.110.228 -p tcp --dport 8110 -j DNAT --to-destination 192.168.1.10:22 iptables -t nat -A PREROUTING -i eth0 -d 58.49.110.228 -p tcp --dport 8220 -j DNAT --to-destination 192.168.1.220:22 iptables -t nat -A PREROUTING -i eth0 -d 58.49.110.228 -p tcp --dport 8221 -j DNAT --to-destination 192.168.1.221:22 iptables -t nat -A PREROUTING -i eth0 -d 58.49.110.228 -p tcp --dport 8222 -j DNAT --to-destination 192.168.1.222:22 iptables -t nat -A PREROUTING -i eth0 -d 58.49.110.228 -p tcp --dport 8223 -j DNAT --to-destination 192.168.1.223:22 iptables -t nat -A PREROUTING -i eth0 -d 58.49.110.228 -p tcp --dport 8224 -j DNAT --to-destination 192.168.1.224:22 iptables -t nat -A PREROUTING -i eth0 -d 58.49.110.228 -p tcp --dport 8225 -j DNAT --to-destination 192.168.1.225:22 iptables -t nat -A PREROUTING -i eth0 -d 58.49.110.228 -p tcp --dport 8226 -j DNAT --to-destination 192.168.1.226:22 iptables -t nat -A PREROUTING -i eth0 -d 58.49.110.228 -p tcp --dport 8227 -j DNAT --to-destination 192.168.1.227:22 iptables -t nat -A PREROUTING -i eth0 -d 58.49.110.228 -p tcp --dport 8228 -j DNAT --to-destination 192.168.1.228:22 iptables -t nat -A PREROUTING -i eth0 -d 58.49.110.228 -p tcp --dport 8229 -j DNAT --to-destination 192.168.1.229:22 iptables -t nat -A PREROUTING -i eth0 -d 58.49.110.228 -p tcp --dport 8230 -j DNAT --to-destination 192.168.1.230:22 iptables -t nat -A PREROUTING -i eth0 -d 58.49.110.228 -p tcp --dport 8231 -j DNAT --to-destination 192.168.1.231:22 2. 启动keepalived和nginx
3. 实验结果显示当master上的keepalived down掉之后,马上slave会接手,ip a 显示结果,
当master上的keepalived启动后,master又会马上接管,这样实现了nginx的主备
4. 同时,通过virtual ip:192.168.1.254,可以实现内网nat上网,这样不论哪台前段nginx
挂掉,都不会影响到后端的服务
因篇幅问题不能全部显示,请点此查看更多更全内容