您好,登錄后才能下訂單哦!
準(zhǔn)備兩臺(tái)服務(wù)器192.168.10.199/192.168.10.200;199上安裝tomcat1,nginx,keepalived主;200上安裝tomcat,nginx,keepalived備;192.168.10.230作為浮點(diǎn)ip
tar –xzvf apache-tomcat-7.0.59.tar
./jdk-6u37-linux-x64-rpm.bin
yum install pcre-devel pcre -y
(yum install gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel)
#下載Nginx源碼包
cd /usr/src
wget -c http://nginx.org/download/nginx-1.6.2.tar.gz
#解壓Nginx源碼包
tar -xzf nginx-1.6.2.tar.gz
#進(jìn)入解壓目錄,然后sed修改Nginx版本信息為WS
cd nginx-1.6.2 ; sed -i -e 's/1.6.2//g' -e 's/nginx\//WS/g' -e
's/"NGINX"/"WS"/g' src/core/nginx.h
#預(yù)編譯Nginx
useradd www ;./configure --user=www --group=www --prefix=/usr/local/nginx --with-
http_stub_status_module --with-http_ssl_module
(由于是系統(tǒng)是min的centos遇到如下問題,一般不會(huì)出問題:
1 ./configure: error: SSL modules require the OpenSSL library.
You can either do not enable the modules, or install the OpenSSL library
into the system, or build the OpenSSL library statically from the source
with nginx by using --with-openssl=<path> option.
解決方法:
1 )yum -y install openssl-libs偷懶的辦法:yum -y install openssl* (本地yum源安裝不了),后面發(fā)現(xiàn)可以用yum -y install openssl-devel安裝
2) 借鑒網(wǎng)站http://www.centoscn.com/nginx/2015/0304/4782.html
wget http://www.openssl.org/source/openssl-1.0.2.tar.gz
tar zxf openssl-1.0.2.tar.gz
./configure --user=www --group=www --prefix=/usr/local/nginx --with-
http_stub_status_module --with-http_ssl_module --with-openssl=/home/openssl-1.0.2
2 用方法2后,又遇到問題:
Operating system: x86_64-whatever-linux2 You need Perl 5.
解決方法:
安裝開發(fā)工具:
yum -y groupinstall "Development Tools"yum -y groupinstall "Development Tools"
)
#.configure預(yù)編譯成功后,執(zhí)行make命令進(jìn)行編譯
make
#make執(zhí)行成功后,執(zhí)行make install 正式安裝
make install
#自此Nginx安裝完畢
/usr/local/nginx/sbin/nginx -t 檢查nginx配置文件是否正確,返回OK即正確。
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]#
然后啟動(dòng)nginx,/usr/local/nginx/sbin/nginx 回車即可。查看進(jìn)程是否已啟動(dòng):
[root@localhost ~]# ps -ef |grep nginx
nobody 5381 30285 0 May16 ? 00:04:31 nginx: worker process
root 30285 1 0 2014 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
root 32260 32220 0 12:34 pts/0 00:00:00 grep nginx
[root@localhost ~]#
查看nginx進(jìn)程
ps -ef|grep nginx
說明:nginx的進(jìn)程由主進(jìn)程和工作進(jìn)程組成。
啟動(dòng)nginx
nginx
啟動(dòng)結(jié)果顯示nginx的主線程和工作線程,工作線程的數(shù)量跟nginx.conf中的配置參數(shù)worker_processes有關(guān)。
平滑啟動(dòng)nginx
kill -HUP `cat /var/run/nginx.pid`
或者
nginx -s reload
其中進(jìn)程文件路徑在配置文件nginx.conf中可以找到。
平滑啟動(dòng)的意思是在不停止nginx的情況下,重啟nginx,重新加載配置文件,啟動(dòng)新的工作線程,完美停止舊的工作線程。
完美停止nginx
kill -QUIT `cat /var/run/nginx.pid`
快速停止nginx
kill -TERM `cat /var/run/nginx.pid`
或者
kill -INT `cat /var/run/nginx.pid`
完美停止工作進(jìn)程(主要用于平滑升級(jí))
kill -WINCH `cat /var/run/nginx.pid`
強(qiáng)制停止nginx
pkill -9 nginx
檢查對(duì)nginx.conf文件的修改是否正確
nginx -t -c /etc/nginx/nginx.conf 或者 nginx -t
停止nginx的命令
nginx -s stop或者pkill nginx
查看nginx的版本信息
nginx -v
查看完整的nginx的配置信息
nginx -V
Keepalived 安裝
-----------------------
地址: http://www.keepalived.org/download.html
wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz
tar -zxf keepalived-1.2.7.tar.gz
cd keepalived-1.2.7
64 位系統(tǒng):
./configure --sysconf=/etc --prefix=/usr/local/keepalived --with-kernel-dir=/usr/src/kernels/2.6.32-358.2.1.el6.x86_64/
或 32 位系統(tǒng):
./configure --sysconf=/etc --prefix=/usr/local/keepalived --with-kernel-dir=/usr/src/kernels/2.6.32-358.6.2.el6.i686/
注意:Configure遇到報(bào)錯(cuò): !!! OpenSSL is not properly installed on your system. !!!
可通過 getconf LONG_BIT 得到系統(tǒng)位數(shù)。
參數(shù)解釋:
--sysconf 指定了配置文件的地址.即:/etc/keepalived/keepalived.conf
--prefix 指定了安裝目錄
--with-kernel-dir 指定使用內(nèi)核源碼中的頭文件,即 include 目錄.只有使用 LVS 時(shí)才需要這個(gè)參數(shù),其它的時(shí)候不需要。
(遇到報(bào)錯(cuò): !!! OpenSSL is not properly installed on your system. !!!
!!! Can not include OpenSSL headers files.
解決辦法:yum install -y openssl openssl-devel
)
解決:
再 configue .成功后提示:
Keepalived configuration
------------------------
Keepalived version : 1.2.7
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lpopt -lssl -lcrypto
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : No
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : No
Use Debug flags : No
安裝:
make
make install
設(shè)置成為服務(wù)并開機(jī)啟動(dòng):
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
/etc/rc.d/init.d/keepalived status
chkconfig --add keepalived
chkconfig keepalived on
注意:cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf 沒有指向這個(gè)命令,配置文件要在特定目錄下
/usr/local/nginx/conf/nginx.conf
#user www www;
user nobody;
#worker_processes 1;
worker_processes auto;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
error_log /home/nginx/logs/nginx_error.log crit; #全局錯(cuò)誤日志及PID文件
pid /home/nginx/nginx.pid;
#pid logs/nginx.pid;
events {
use epoll;
worker_connections 65535; #工作模式及連接數(shù)上限
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
large_client_header_buffers 4 32k;
client_body_buffer_size 8m; #256k
server_tokens off;
ignore_invalid_headers on;
recursive_error_pages on;
server_name_in_redirect off;
sendfile on;
#timeouts
keepalive_timeout 60;
#client_body_timeout 3m;
#client_header_timeout 3m;
#send_timeout 3m;
#fastcgi_connect_timeout 60;
#fastcgi_send_timeout 180;
#fastcgi_read_timeout 180;
#fastcgi_buffers 4 256k;
#fastcgi_buffer_size 128k;
#fastcgi_busy_buffers_size 256k;
#fastcgi_temp_file_write_size 256k;
#fastcgi_intercept_errors on;
#TCP Options
tcp_nopush on;
tcp_nodelay on;
#size limits
client_max_body_size 50m;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; #獲取真實(shí)ip
#proxy_connect_timeout 90;
#proxy_send_timeout 90;
#proxy_read_timeout 90;
#proxy_buffer_size 4k;
#proxy_buffers 4 32k;
#proxy_busy_buffers_size 64k;
#proxy_temp_file_write_size 64k;
proxy_connect_timeout 90;
proxy_read_timeout 180;
proxy_send_timeout 180;
proxy_buffer_size 256k;
proxy_buffers 8 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
upstream myserver {
server 192.168.10.199:8080 weight=10 max_fails=0;
server 192.168.10.200:8080 weight=10 max_fails=0; #8080為tomcat端口,權(quán)重范圍好像是1到10,在現(xiàn)網(wǎng)配置20出現(xiàn)過問題
}
server {
listen 9090;
# server_name 192.168.10.230;
#charset koi8-r;
#access_log logs/host.access.log main;
location /
{
#root html;
#index index.html index.htm;
index index.jsp;
proxy_pass http://myserver; #轉(zhuǎn)向tomcat處理
#proxy_set_header Host $host;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
注意 : server_name 192.168.10.230;
如果nginx中只配置一個(gè)server域的話,則nginx是不會(huì)去進(jìn)行server_name的匹配的。因?yàn)橹挥幸粋€(gè)server域,也就是這有一個(gè)虛擬主機(jī),那么肯定是發(fā)送到該nginx的所有請(qǐng)求均是要轉(zhuǎn)發(fā)到這一個(gè)域的,即便做一次匹配也是沒有用的。還不如干脆直接就省了。如果一個(gè)http域的server域有多個(gè),nginx才會(huì)根據(jù)$hostname去匹配server_name進(jìn)而把請(qǐng)求轉(zhuǎn)發(fā)到匹配的server域中。此時(shí)的匹配會(huì)按照匹配的優(yōu)先級(jí)進(jìn)行,一旦匹配成功進(jìn)不會(huì)再進(jìn)行匹配,關(guān)于具體的匹配規(guī)則可以參見nginx官網(wǎng)提供的文檔。
#######MASTER#####################
! Configuration File for keepalived
global_defs {
notification_email {
6@qq.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER #BACKUP
interface ens160 #對(duì)外網(wǎng)口
virtual_router_id 22
priority 100 #BACKUP上修改為88
advert_int 1
authentication {
auth_type PASS
auth_pass 7777
}
virtual_ipaddress {
192.168.10.230 #虛擬ip
}
}
/home/nginx/ nginx_pid.sh
#!/bin/bash
while :
do
nginxpid=`ps -C nginx --no-header | wc -l`
if [ $nginxpid -eq 0 ];then
/usr/local/nginx/sbin/nginx
sleep 5
if [ $nginxpid -eq 0 ];then
/etc/init.d/keepalived stop
fi
fi
sleep 5
done
nohup /bin/bash /root/nginx_pid.sh &
在/home/apache-tomcat-7.0.59/webapps下新建文件夾test,再在test下面新建個(gè)文本,就可以直接通過http://192.168.10.199/test/a 訪問測(cè)試。
tcpdump -v -i ens160 host 192.168.10.199 查看是否有vrrp
cat /var/log/messages
斷掉nginx、keepalived檢測(cè),通過ip add查看浮點(diǎn)ip是否漂移
http://blog.sina.com.cn/s/blog_5f54f0be0101eyff.html (keepalived建議主要按這個(gè))
https://wenku.baidu.com/view/4011c9de7cd184254b3535d3.html(安裝nginx看這個(gè))
http://freeloda.blog.51cto.com/2033581/1189143 (nginx檢測(cè)腳本)
http://www.oschina.net/question/922543_91357?sort=time (server name 無效)
http://www.linuxidc.com/Linux/2013-07/88025.htm (檢測(cè)兩臺(tái)keepalived直接的通信)
注 :http://freeloda.blog.51cto.com/2033581/1189130 (下次可按這個(gè)博客一步步操作)
原因:cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf 沒有指向這個(gè)命令,配置文件要在特定目錄下
五 keepalived 放通端口
/sbin/iptables -I INPUT -i eth0 -d 224.0.0.0/8 -j ACCEPT
/sbin/iptables -A INPUT -p 112 -i eth0 -j ACCEPT
/sbin/iptables -A OUTPUT -p 112 -o eth0 -j ACCEPT
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。