整体架构示意图:
整体架构示意图
节点01:
R-IP:172.16.106.60
V-IP:172.16.106.10
back:172.16.106.61
节点02:
R-IP:172.16.106.61
V-IP:172.16.106.11
back:172.16.106.60
节点1:
准备工作
设置主机名
hostnamectl set-hostname ngo01
echo “172.16.106.60 ngo01” >> /etc/hosts
echo “172.16.106.61 ngo01” >> /etc/hosts
关闭SELINUX
vi /etc/selinux/config
SELINUX=disabled
临时关闭:
setenforce 0
扩张 / 空间
fdisk /dev/sdb #n w
pvcreate /dev/sdb1
vgextend vg_root /dev/sdb1
lvextend -l +100%FREE /dev/vg_root/root
xfs_growfs /dev/mapper/vg_root-root
安装keepalived
yum -y install libnl libnl-devel
yum install -y libnfnetlink-devel
上传keepalived-2.0.7.tar.gz nginx-1.14.0.tar.gz
tar -zxvf keepalived-2.0.7.tar.gz
mv keepallived-2.0.7 keepalived
mv keepalived /usr/local
cd /usr/local/keepalived
./configure –prefix=/usr/local/keepalived
配置结果:
Keepalived configuration
————————
Keepalived version : 2.0.7
Compiler : gcc
Preprocessor flags :
Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -Winit-self -g -D_GNU_SOURCE -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong –param=ssp-buffer-size=4 -grecord-gcc-switches -O2
Linker flags : -pie
Extra Lib : -lcrypto -lssl -lnl
Use IPVS Framework : Yes
IPVS use libnl : Yes
IPVS syncd attributes : No
IPVS 64 bit stats : No
HTTP_GET regex support : No
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
With ip rules/routes : Yes
Use BFD Framework : No
SNMP vrrp support : No
SNMP checker support : No
SNMP RFCv2 support : No
SNMP RFCv3 support : No
DBUS support : No
SHA1 support : No
Use Json output : No
libnl version : 1
Use IPv4 devconf : No
Use libiptc : No
Use libipset : No
init type : systemd
Strict config checks : No
Build genhash : Yes
Build documentation : No
安装
make && make install
节点2:
hostnamectl set-hostname ngo02.jolma.cn
echo “172.16.106.60 ngo01” >> /etc/hosts
echo “172.16.106.61 ngo01” >> /etc/hosts
关闭SELINUX
vi /etc/selinux/config
SELINUX=disabled
临时关闭:
setenforce 0
扩张 / 空间
fdisk /dev/sda #n w
reboot
pvcreate /dev/sda3
vgextend vg_root /dev/sda3
lvextend -l +100%FREE /dev/vg_root/root
xfs_growfs /dev/mapper/vg_root-root
安装keepalived
yum -y install libnl libnl-devel libnfnetlink-devel
yum -y install openssl-devel
上传keepalived-2.0.7.tar.gz nginx-1.14.0.tar.gz
tar -zxvf keepalived-2.0.7.tar.gz
mv keepallived-2.0.7 keepalived
mv keepalived /usr/local
cd /usr/local/keepalived
./configure –prefix=/usr/local/keepalived
配置结果:
kepalived version : 2.0.7
Compiler : gcc
Preprocessor flags :
Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -Winit-self -g -D_GNU_SOURCE -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong –param=ssp-buffer-size=4 -grecord-gcc-switches -O2
Linker flags : -pie
Extra Lib : -lcrypto -lssl -lnl
Use IPVS Framework : Yes
IPVS use libnl : Yes
IPVS syncd attributes : No
IPVS 64 bit stats : No
HTTP_GET regex support : No
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
With ip rules/routes : Yes
Use BFD Framework : No
SNMP vrrp support : No
SNMP checker support : No
SNMP RFCv2 support : No
SNMP RFCv3 support : No
DBUS support : No
SHA1 support : No
Use Json output : No
libnl version : 1
Use IPv4 devconf : No
Use libiptc : No
Use libipset : No
init type : systemd
Strict config checks : No
Build genhash : Yes
Build documentation : No
安装
make && make install
节点1配置keepalived
cd /usr/local/keepalived/etc/keepalived
cp keepalived.conf keepalived.conf_$(date +%F)
vi keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
xjs@jolma.cn
}
notification_email_from xjs@jolma.cn
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_http_port {
script “/opt/nginx_pid.sh” ####检测nginx状态的脚本路径
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER ############ 辅机为 BACKUP
interface ens192 ####HA 虚拟机的网卡名称
virtual_router_id 51 #主、备机的 virtual_router_id 必须相同
priority 100 ########### 权值要比 back 高
advert_int 1 #主备之间的通告间隔秒数
track_interface{
ens192
}
authentication {
auth_type PASS ###默认配置 主备切换时的验证
auth_pass 1111
}
track_script {
chk_http_port ### 执行监控的服务
}
virtual_ipaddress {
172.16.106.10 ####虚拟ip,vip的地址
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens192 #两处都为本机的网络接口
virtual_router_id 54
priority 90 #权重
advert_int 1
track_interface{
ens192
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.106.11
}
}
节点2配置:
cd /usr/local/keepalived/etc/keepalived
cp keepalived.conf keepalived.conf_$(date +%F)
vi keepalievd.conf
! Configuration File for keepalived
global_defs {
notification_email {
xjs@jolma.cn
}
notification_email_from xjs@jolma.cn
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_http_port {
script “/opt/nginx_pid.sh” ####检测nginx状态的脚本路径
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP ############ 辅机为 BACKUP
interface ens192 ####HA 虚拟机的网卡名称
virtual_router_id 51 #主、备机的 virtual_router_id 必须相同
priority 90 ########### 权值要比 back 高
advert_int 1 #主备之间的通告间隔秒数
track_interface{
ens192
}
authentication {
auth_type PASS ###默认配置 主备切换时的验证
auth_pass 1111
}
track_script {
chk_http_port ### 执行监控的服务
}
virtual_ipaddress {
172.16.106.10 ####虚拟ip,vip的地址
}
}
vrrp_instance VI_2 {
state MASTER
interface ens192 #两处都为本机的网络接口
virtual_router_id 54
priority 100 #权重
advert_int 1
track_interface{
ens192
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.106.11
}
}
配置开机启动
cd /etc/sysconfig/
ln -s /usr/local/keepalived/etc/sysconfig/keepalived keepalived
mkdir -p /etc/keepalived
cd /etc/keepalived
ln -s /usr/local/keepalived/etc/keepalived/keepalived.conf keepalived.conf
cd /usr/sbin
ln -s /usr/local/keepalived/sbin/keepalived keepalived
systemctl enable keepalived
安装nginx 1.15.3版本
yum -y install pcre pcre-devel openssl openssl-devel gcc gcc-c++ autoconf automake zlib-devel libxml2 libxml2-dev libxslt-devel gd-devel perl-devel perl-ExtUtils-Embed GeoIP GeoIP-devel GeoIP-data make GeoIP-devel GeoIP-update
groupadd nginx useradd nginx -g nginx -s /sbin/nologin -M
tar -zxvf nginx-1.15.3.tar.gz
mv nginx-1.15.3 nginx
mv nginx /usr/local
mkdir -p /usr/local/nginx
mkdir -p /var/run/nginx
mkdir -p /var/lock
mkdir -p /var/log/nginx
mkdir -p /var/temp/nginx/client
mkdir -p /var/temp/nginx/proxy
mkdir -p /var/temp/nginx/fastcgi
mkdir -p /var/temp/nginx/uwsgi
mkdir -p /var/temp/nginx/scgi
mkdir -p /usr/local/nginx/sbin
chmod 777 /usr/local/nginx
chmod 777 /var/run/nginx
chmod 777 /var/lock
chmod 777 /var/log/nginx
chmod 777 /var/temp/nginx/client
chmod 777 /var/temp/nginx/proxy
chmod 777 /var/temp/nginx/fastcgi
chmod 777 /var/temp/nginx/uwsgi
chmod 777 /var/temp/nginx/scgi
chmod 777 /usr/local/nginx/sbin
./configure
–prefix=/usr/local/nginx
–conf-path=/usr/local/nginx/nginx.conf
–pid-path=/var/run/nginx/nginx.pid
–lock-path=/var/lock/nginx.lock
–error-log-path=/var/log/nginx/error.log
–http-log-path=/var/log/nginx/access.log
–with-http_gzip_static_module
–with-http_ssl_module
–with-http_v2_module
–with-http_stub_status_module
–with-pcre
–http-client-body-temp-path=/var/temp/nginx/client
–http-proxy-temp-path=/var/temp/nginx/proxy
–http-fastcgi-temp-path=/var/temp/nginx/fastcgi
–http-uwsgi-temp-path=/var/temp/nginx/uwsgi
–user=nginx –group=nginx
–http-scgi-temp-path=/var/temp/nginx/scgi
安装ngxin
make && make install
配置开机启动
vi /lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
配置开机启动nginx
systemctl enable nginx
在两个节点启动keeplive和nginx:
systemctl start keepalived
systemctl start nginx
防火墙配置下端口:
firewall-cmd –permanent –add-port=80/tcp
firewall-cmd –direct –permanent –add-rule ipv4 filter INPUT 0 –in-interface ens192 –destination 224.0.0.18 –protocol vrrp -j ACCEPT
firewall-cmd –direct –permanent –add-rule ipv4 filter INPUT 0 –in-interface ens192 –destination 224.0.0.18 –protocol vrrp -j ACCEPT firewall-cmd –direct –permanent –add-rule ipv4 filter OUTPUT 0 –out-interface ens192 –destination 224.0.0.18 –protocol vrrp -j ACCEPT firewall-cmd –reload
nginx常用的优化内容:
cp nginx.conf nginx.conf_$(date +%F)
vi nginx.conf
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
#关闭版本显示
server_tokens off;
#gzip 压缩传输
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascripttext/css application/xml;
gzip_vary on;
#配置代理参数
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90;
proxy_read_timeout 90;
proxy_send_timeout 90;
proxy_buffer_size 4k;
#缓存配置
proxy_temp_file_write_size 264k;
proxy_temp_path /var/cache/nginx/nginx_temp;
proxy_cache_path /var/cache/nginx/nginx_cache levels=1:2 keys_zone=cache_one:200m inactive=5d max_size=400m;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /usr/local/nginx/conf/conf.d/*.conf;
网站nginx配置示例:
非集群:
server {
listen 80;
server_name e-seal.****.cn;
#access_log error_log
error_log /var/log/nginx/error_eseal.log error;
access_log /var/log/nginx/access_eseal.log main;
location / {
# location ~ .*.(jpg|jpeg|gif|png|ico)$ {
proxy_pass http://172.16.109.115:8723;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
client_max_body_size 500m;
client_body_buffer_size 928k;
}
}
双节点集群:
upstream oa {
ip_hash;
server 172.16.109.101:8080 weight=10 max_fails=1 fail_timeout=36;
#server 172.16.109.101:8080 down;
server 172.16.109.102:8080 weight=10 max_fails=1 fail_timeout=36;
#server 172.16.109.102:8080 down;
}
server {
listen 80;
# listen 8899;
server_name oa.****.cn;
#access_log error_log
error_log /var/log/nginx/error_oa.log error;
access_log /var/log/nginx/access_oa.log main;
location / {
proxy_pass http://oa;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
# proxy_set_header Host $host:$server_port;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
client_max_body_size 500m;
client_body_buffer_size 928k;
}
}
以上就是核心的配置步骤,如果有不清楚的欢迎留言问下,帮您看下什么问题。
内容出处:,
声明:本网站所收集的部分公开资料来源于互联网,转载的目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。如果您发现网站上有侵犯您的知识产权的作品,请与我们取得联系,我们会及时修改或删除。文章链接:http://www.yixao.com/procedure/25030.html
微信扫一扫
支付宝扫一扫
相关推荐
-
使用Airtable和Appgyver在60分钟内建立一个无代码Web应用程序
让我们使用Airtable和Appgyver制作一个基本的Web应用程序。 无需编码技能。 我们将使用以下内容建立具有类别的产品目录: · Airtable:用于构建数据的混合数据…
-
.NET Core+K8S+Apollo玩转配置中心
1.引言 Apollo(阿波罗)是携程框架部门研发的分布式配置中心,能够集中化管理应用不同环境、不同集群的配置,配置修改后能够实时推送到应用端,并且具备规范的权限、流程治理等特性,…
-
11段好用的CSS代码
本文分享一些非常好用的CSS代码片段,它们很短但功能强大。使用这些代码,我们可以立即提高网站的体验。下面是11个非常好用的CSS代码片段: 1. Scroll behavior平滑…
-
Shell脚本进阶的经典用法
Shell 脚本进阶的经典用法 一、条件选择、判断 1、条件选择if (1)用法格式 if 判断条件 1 ; then 条件为真的分支代码 elif 判断条件 2 ; then 条…
-
轻量级Javascript全文搜索库–Lunr.js
介绍 Lunr.js是个用于浏览器的轻量级 JavaScript 全文搜索引擎。它为JSON文档建立索引,并提供一个简单的搜索界面来检索与文本查询最匹配的文档对于一些小型的博客、开…
-
前端大屏可视化展示街道级或自定义地图
在做前端大屏开发时候经常遇到街道级别的地图或者是自定义的某区域(楼层,学校等)地图等,由于这一类的地图数据geojson非常难获取,导致开发难度加大。今天给大家提供一个解决思路。 …
-
加载react-lazyload让你的前端页面飞起来
安装依赖 cnpm install react-lazyload –save 使用方法 import React from ‘react’; import ReactD…
-
Spring Security入门教程 Hello World
Spring Security 对于 web 安全的控制,以前接触使用过 Shiro。 刚好最近在学习整理 Spring 相关的技术,就学习一下 Spring Security。 …
-
SpringBoot集成Mybatis-Plus代码生成工具
前言 Mybatis-Plus(简称MP)是一个 Mybatis 的增强工具,在 Mybatis 的基础上只做增强不做改变,为简化开发、提高效率而生。这是官方给的定义,关于myba…
-
了解Java可见性的本质
了解Java可见性的本质 2023-07-05 10:01·闪念基因 前一段时间重温了伪共享(false sharing)问题,了解到深处有几个问题一直想不明白,加上开发过程中…