泥淖 2020-01-09
安装nginx
yum -y install gcc pcre-devel openssl-devel #安装依赖包
wget http://nginx.org/download/nginx-1.12.2.tar.gz (也可配置阿里源用yum安装)
tar -xf nginx-1.12.2.tar.gz
./configure \
--prefix=/usr/local/nginx \ #指定安装路径
--user=nginx \ #指定用户
--group=nginx \ #指定组
--with-http_ssl_module #开启SSL加密功能
make && make install #编译并安装 (如果没有安装make请自行安装)
nginx命令的用法
cat /etc/nginx/conf.d/default.conf (此路径为正式环境156的路径) conf.d/的意思为附加文件同源文件效果一样
<span>server <span>{</span></span>
<span> listen <span>80<span>; 这个是80端口的<br /></span></span></span>
<span> server_name www<span>.<span>chengshizhichuang<span>.<span>com cszc<span>.<span>top<span>; (域名)<br /></span></span></span></span></span></span></span></span>
<span> client_max_body_size <span>100M<span>;</span></span></span>
<span> location <span>/<span> <span>{</span></span></span></span>
<span> proxy_pass http<span>:<span>//192.168.1.134/; 访问<span><code><span>www<span>.<span>chengshizhichuang<span>.<span>com cszc<span>.<span>top转到此ip</span></span></span></span></span></span></span>
<span>}</span>
<span>proxy_set_header <span>Host<span> $host<span>;</span></span></span></span>
<span>proxy_set_header X<span>-<span>Real<span>-<span>IP $remote_addr<span>;</span></span></span></span></span></span>
<span>proxy_set_header X<span>-<span>Forwarded<span>-<span>For<span> $proxy_add_x_forwarded_for<span>;</span></span></span></span></span></span></span>
<span> location <span>/<span>pay<span>/<span> <span>{</span></span></span></span></span></span>
<span> proxy_pass http<span>:<span>//192.168.1.212:21612/pay/; 访问<span><code><span><span><span><span><code><span>www<span>.<span>chengshizhichuang<span>.<span>com cszc<span>.<span>top/pay 转到此ip</span></span></span></span></span></span></span>
<span>}</span>
<span> location <span>/<span>publicgood<span>/<span> <span>{</span></span></span></span></span></span>
<span> proxy_pass http<span>:<span>//192.168.1.212:21612/publicgood/; 同上<br /></span></span></span>
<span>}</span>
<span>location <span>/<span>shared<span>/<span> <span>{</span></span></span></span></span></span>
<span> proxy_pass http<span>:<span>//192.168.1.212:21612/shared/; 同上<br /></span></span></span>
<span>}</span>
<span>location <span>/<span>zhyl<span>/<span> <span>{</span></span></span></span></span></span>
<span> proxy_pass http<span>:<span>//192.168.1.121:12102/zhyl/; 同上<br /></span></span></span>
<span>}</span>
<span># location /pay/static/ {</span>
<span># proxy_pass http://192.168.1.212:21612/pay/static/; 同上<br /></span>
<span># }</span>
<span>}</span>
<span>server <span>{</span></span>
<span> listen <span>443<span>; 443端口做了证书认证加密 但是直接访问域名时是不会自动跳到https上的 要手动加https 之前做的转发因为有的80端口转发不过来所以就没做了 <br /></span></span></span>
<span> server_name www<span>.<span>chengshizhichuang<span>.<span>com cszc<span>.<span>top<span>;</span></span></span></span></span></span></span></span>
<span> client_max_body_size <span>100M<span>;</span></span></span>
<span> ssl on<span>;</span></span>
<span> ssl_certificate <span>/<span>etc<span>/<span>nginx<span>/<span>ssl<span>/<span>www<span>.<span>chengshizhichuang<span>.<span>com<span>.<span>crt<span>;</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span>
<span> ssl_certificate_key <span>/<span>etc<span>/<span>nginx<span>/<span>ssl<span>/<span>www<span>.<span>chengshizhichuang<span>.<span>com<span>.<span>rsa<span>;</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span>
<span> ssl_session_timeout <span>5m<span>;</span></span></span>
<span> ssl_protocols <span>SSLv2<span> <span>SSLv3<span> <span>TLSv1<span>;</span></span></span></span></span></span></span>
<span> ssl_ciphers ALL<span>:!<span>ADH<span>:!<span>EXPORT56<span>:<span>RC4<span>+<span>RSA<span>:+<span>HIGH<span>:+<span>MEDIUM<span>:+<span>LOW<span>:+<span>SSLv2<span>:+<span>EXP<span>;</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span>
<span> ssl_prefer_server_ciphers on<span>;</span></span>
<span>location <span>/<span> <span>{</span></span></span></span>
<span> proxy_pass http<span>:<span>//192.168.1.134/;</span></span></span>
<span> <span>}</span></span>
<span> location <span>/<span>pay<span>/<span> <span>{</span></span></span></span></span></span>
<span> proxy_pass http<span>:<span>//192.168.1.212:21612/pay/;</span></span></span>
<span>}</span>
<span>location <span>/<span>zhyl<span>/<span> <span>{</span></span></span></span></span></span>
<span> proxy_pass http<span>:<span>//192.168.1.121:12102/zhyl/;</span></span></span>
<span>}</span>
<span>location <span>/<span>shared<span>/<span> <span>{</span></span></span></span></span></span>
<span> proxy_pass http<span>:<span>//192.168.1.212:21612/shared/;</span></span></span>
<span>}</span>
<span>}</span>
Keepalived的安装及配置yum -y install keepliaved vim /etc/keepliaved/keepliaved.conf
<span>global_defs <span>{</span></span>
<span> notification_email <span>{</span></span>
<span> <span>.<span>loc</span></span></span>
<span> <span>}</span></span>
<span> notification_email_from <span>Alexandre<span>.<span><span>.<span>loc</span></span></span></span></span></span>
<span> smtp_server <span>192.168<span>.<span>200.1</span></span></span></span>
<span> smtp_connect_timeout <span>30</span></span>
<span> router_id <span>112</span></span>
<span> vrrp_skip_check_adv_addr</span>
<span> vrrp_strict</span>
<span> vrrp_garp_interval <span>0</span></span>
<span> vrrp_gna_interval <span>0</span></span>
<span>}</span>
<span>vrrp_script chk_http_port <span>{</span></span>
<span> script <span>"/opt/chk_nginx.sh" 设定一个监控nginx脚本链接nginx<br /></span></span>
<span> interval <span>2</span></span>
<span> weight <span>-<span>5</span></span></span>
<span> fall <span>2</span></span>
<span> rise <span>1</span></span>
<span>}</span>
<span>vrrp_instance VI_1 <span>{</span></span>
<span> state MASTER 从服务改为<code><span>BACKUP</span>
<span> <span>interface<span> eth0 用ip a 查看自己的网卡名<br /></span></span></span>
<span> virtual_router_id <span>51</span></span>
<span> priority <span>100 优先值 从服务不能高于主<br /></span></span>
<span> advert_int <span>1</span></span>
<span> authentication <span>{</span></span>
<span> auth_type PASS</span>
<span> auth_pass <span>1111</span></span>
<span> <span>}</span></span>
<span> virtual_ipaddress <span>{</span></span>
<span> <span>192.168<span>.<span>1.157<span>/<span>24<span> <span># 虚拟vip</span></span></span></span></span></span></span></span>
<span> <span>}</span></span>
<span>track_script <span>{</span></span>
<span> chk_http_port</span>
<span>}</span>
<span>}</span>
@@@分别在主备服务器/etc/keepalived目录下创建nginx_check.sh脚本,并为其添加执行权限chmod +x /opt/chk_nginx.sh。用于keepalived定时检测nginx的服务状态,如果nginx停止了,会尝试重新启动nginx,如果启动失败,会将keepalived进程杀死,将vip漂移到备份机器上。
vim /opt/chk_nginx.sh#!/bin/bashcounter=$(ps -C nginx --no-heading|wc -l)if [ "${counter}" = "0" ]; then /usr/sbin/nginx #尝试重新启动nginx sleep 2 #睡眠2秒 counter=$(ps -C nginx --no-heading|wc -l) if [ "${counter}" = "0" ]; then killall keepalived #启动失败,将keepalived服务杀死。将vip漂移到其它备份节点 fifi
chmod +x /opt/chk_nginx.sh。systemctl start keepalived.service 启动keepalived ip a 查看vip有没有和本地ip绑定如下
如果把keepalived关掉 vip就会调到另一个服务上