整体架构示意图:
整体架构示意图
节点01:
R-IP:172.16.106.60
V-IP:172.16.106.10
back:172.16.106.61
节点02:
R-IP:172.16.106.61
V-IP:172.16.106.11
back:172.16.106.60
节点1:
准备工作
设置主机名
hostnamectl set-hostname ngo01
echo “172.16.106.60 ngo01” >> /etc/hosts
echo “172.16.106.61 ngo01” >> /etc/hosts
关闭SELINUX
vi /etc/selinux/config
SELINUX=disabled
临时关闭:
setenforce 0
扩张 / 空间
fdisk /dev/sdb #n w
pvcreate /dev/sdb1
vgextend vg_root /dev/sdb1
lvextend -l +100%FREE /dev/vg_root/root
xfs_growfs /dev/mapper/vg_root-root
安装keepalived
yum -y install libnl libnl-devel
yum install -y libnfnetlink-devel
上传keepalived-2.0.7.tar.gz nginx-1.14.0.tar.gz
tar -zxvf keepalived-2.0.7.tar.gz
mv keepallived-2.0.7 keepalived
mv keepalived /usr/local
cd /usr/local/keepalived
./configure –prefix=/usr/local/keepalived
配置结果:
Keepalived configuration
————————
Keepalived version : 2.0.7
Compiler : gcc
Preprocessor flags :
Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -Winit-self -g -D_GNU_SOURCE -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong –param=ssp-buffer-size=4 -grecord-gcc-switches -O2
Linker flags : -pie
Extra Lib : -lcrypto -lssl -lnl
Use IPVS Framework : Yes
IPVS use libnl : Yes
IPVS syncd attributes : No
IPVS 64 bit stats : No
HTTP_GET regex support : No
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
With ip rules/routes : Yes
Use BFD Framework : No
SNMP vrrp support : No
SNMP checker support : No
SNMP RFCv2 support : No
SNMP RFCv3 support : No
DBUS support : No
SHA1 support : No
Use Json output : No
libnl version : 1
Use IPv4 devconf : No
Use libiptc : No
Use libipset : No
init type : systemd
Strict config checks : No
Build genhash : Yes
Build documentation : No
安装
make && make install
节点2:
hostnamectl set-hostname ngo02.jolma.cn
echo “172.16.106.60 ngo01” >> /etc/hosts
echo “172.16.106.61 ngo01” >> /etc/hosts
关闭SELINUX
vi /etc/selinux/config
SELINUX=disabled
临时关闭:
setenforce 0
扩张 / 空间
fdisk /dev/sda #n w
reboot
pvcreate /dev/sda3
vgextend vg_root /dev/sda3
lvextend -l +100%FREE /dev/vg_root/root
xfs_growfs /dev/mapper/vg_root-root
安装keepalived
yum -y install libnl libnl-devel libnfnetlink-devel
yum -y install openssl-devel
上传keepalived-2.0.7.tar.gz nginx-1.14.0.tar.gz
tar -zxvf keepalived-2.0.7.tar.gz
mv keepallived-2.0.7 keepalived
mv keepalived /usr/local
cd /usr/local/keepalived
./configure –prefix=/usr/local/keepalived
配置结果:
kepalived version : 2.0.7
Compiler : gcc
Preprocessor flags :
Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -Winit-self -g -D_GNU_SOURCE -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong –param=ssp-buffer-size=4 -grecord-gcc-switches -O2
Linker flags : -pie
Extra Lib : -lcrypto -lssl -lnl
Use IPVS Framework : Yes
IPVS use libnl : Yes
IPVS syncd attributes : No
IPVS 64 bit stats : No
HTTP_GET regex support : No
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
With ip rules/routes : Yes
Use BFD Framework : No
SNMP vrrp support : No
SNMP checker support : No
SNMP RFCv2 support : No
SNMP RFCv3 support : No
DBUS support : No
SHA1 support : No
Use Json output : No
libnl version : 1
Use IPv4 devconf : No
Use libiptc : No
Use libipset : No
init type : systemd
Strict config checks : No
Build genhash : Yes
Build documentation : No
安装
make && make install
节点1配置keepalived
cd /usr/local/keepalived/etc/keepalived
cp keepalived.conf keepalived.conf_$(date +%F)
vi keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
xjs@jolma.cn
}
notification_email_from xjs@jolma.cn
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_http_port {
script “/opt/nginx_pid.sh” ####检测nginx状态的脚本路径
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER ############ 辅机为 BACKUP
interface ens192 ####HA 虚拟机的网卡名称
virtual_router_id 51 #主、备机的 virtual_router_id 必须相同
priority 100 ########### 权值要比 back 高
advert_int 1 #主备之间的通告间隔秒数
track_interface{
ens192
}
authentication {
auth_type PASS ###默认配置 主备切换时的验证
auth_pass 1111
}
track_script {
chk_http_port ### 执行监控的服务
}
virtual_ipaddress {
172.16.106.10 ####虚拟ip,vip的地址
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens192 #两处都为本机的网络接口
virtual_router_id 54
priority 90 #权重
advert_int 1
track_interface{
ens192
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.106.11
}
}
节点2配置:
cd /usr/local/keepalived/etc/keepalived
cp keepalived.conf keepalived.conf_$(date +%F)
vi keepalievd.conf
! Configuration File for keepalived
global_defs {
notification_email {
xjs@jolma.cn
}
notification_email_from xjs@jolma.cn
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_http_port {
script “/opt/nginx_pid.sh” ####检测nginx状态的脚本路径
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP ############ 辅机为 BACKUP
interface ens192 ####HA 虚拟机的网卡名称
virtual_router_id 51 #主、备机的 virtual_router_id 必须相同
priority 90 ########### 权值要比 back 高
advert_int 1 #主备之间的通告间隔秒数
track_interface{
ens192
}
authentication {
auth_type PASS ###默认配置 主备切换时的验证
auth_pass 1111
}
track_script {
chk_http_port ### 执行监控的服务
}
virtual_ipaddress {
172.16.106.10 ####虚拟ip,vip的地址
}
}
vrrp_instance VI_2 {
state MASTER
interface ens192 #两处都为本机的网络接口
virtual_router_id 54
priority 100 #权重
advert_int 1
track_interface{
ens192
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.106.11
}
}
配置开机启动
cd /etc/sysconfig/
ln -s /usr/local/keepalived/etc/sysconfig/keepalived keepalived
mkdir -p /etc/keepalived
cd /etc/keepalived
ln -s /usr/local/keepalived/etc/keepalived/keepalived.conf keepalived.conf
cd /usr/sbin
ln -s /usr/local/keepalived/sbin/keepalived keepalived
systemctl enable keepalived
安装nginx 1.15.3版本
yum -y install pcre pcre-devel openssl openssl-devel gcc gcc-c++ autoconf automake zlib-devel libxml2 libxml2-dev libxslt-devel gd-devel perl-devel perl-ExtUtils-Embed GeoIP GeoIP-devel GeoIP-data make GeoIP-devel GeoIP-update
groupadd nginx useradd nginx -g nginx -s /sbin/nologin -M
tar -zxvf nginx-1.15.3.tar.gz
mv nginx-1.15.3 nginx
mv nginx /usr/local
mkdir -p /usr/local/nginx
mkdir -p /var/run/nginx
mkdir -p /var/lock
mkdir -p /var/log/nginx
mkdir -p /var/temp/nginx/client
mkdir -p /var/temp/nginx/proxy
mkdir -p /var/temp/nginx/fastcgi
mkdir -p /var/temp/nginx/uwsgi
mkdir -p /var/temp/nginx/scgi
mkdir -p /usr/local/nginx/sbin
chmod 777 /usr/local/nginx
chmod 777 /var/run/nginx
chmod 777 /var/lock
chmod 777 /var/log/nginx
chmod 777 /var/temp/nginx/client
chmod 777 /var/temp/nginx/proxy
chmod 777 /var/temp/nginx/fastcgi
chmod 777 /var/temp/nginx/uwsgi
chmod 777 /var/temp/nginx/scgi
chmod 777 /usr/local/nginx/sbin
./configure
–prefix=/usr/local/nginx
–conf-path=/usr/local/nginx/nginx.conf
–pid-path=/var/run/nginx/nginx.pid
–lock-path=/var/lock/nginx.lock
–error-log-path=/var/log/nginx/error.log
–http-log-path=/var/log/nginx/access.log
–with-http_gzip_static_module
–with-http_ssl_module
–with-http_v2_module
–with-http_stub_status_module
–with-pcre
–http-client-body-temp-path=/var/temp/nginx/client
–http-proxy-temp-path=/var/temp/nginx/proxy
–http-fastcgi-temp-path=/var/temp/nginx/fastcgi
–http-uwsgi-temp-path=/var/temp/nginx/uwsgi
–user=nginx –group=nginx
–http-scgi-temp-path=/var/temp/nginx/scgi
安装ngxin
make && make install
配置开机启动
vi /lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
配置开机启动nginx
systemctl enable nginx
在两个节点启动keeplive和nginx:
systemctl start keepalived
systemctl start nginx
防火墙配置下端口:
firewall-cmd –permanent –add-port=80/tcp
firewall-cmd –direct –permanent –add-rule ipv4 filter INPUT 0 –in-interface ens192 –destination 224.0.0.18 –protocol vrrp -j ACCEPT
firewall-cmd –direct –permanent –add-rule ipv4 filter INPUT 0 –in-interface ens192 –destination 224.0.0.18 –protocol vrrp -j ACCEPT firewall-cmd –direct –permanent –add-rule ipv4 filter OUTPUT 0 –out-interface ens192 –destination 224.0.0.18 –protocol vrrp -j ACCEPT firewall-cmd –reload
nginx常用的优化内容:
cp nginx.conf nginx.conf_$(date +%F)
vi nginx.conf
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
#关闭版本显示
server_tokens off;
#gzip 压缩传输
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascripttext/css application/xml;
gzip_vary on;
#配置代理参数
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90;
proxy_read_timeout 90;
proxy_send_timeout 90;
proxy_buffer_size 4k;
#缓存配置
proxy_temp_file_write_size 264k;
proxy_temp_path /var/cache/nginx/nginx_temp;
proxy_cache_path /var/cache/nginx/nginx_cache levels=1:2 keys_zone=cache_one:200m inactive=5d max_size=400m;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /usr/local/nginx/conf/conf.d/*.conf;
网站nginx配置示例:
非集群:
server {
listen 80;
server_name e-seal.****.cn;
#access_log error_log
error_log /var/log/nginx/error_eseal.log error;
access_log /var/log/nginx/access_eseal.log main;
location / {
# location ~ .*.(jpg|jpeg|gif|png|ico)$ {
proxy_pass http://172.16.109.115:8723;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
client_max_body_size 500m;
client_body_buffer_size 928k;
}
}
双节点集群:
upstream oa {
ip_hash;
server 172.16.109.101:8080 weight=10 max_fails=1 fail_timeout=36;
#server 172.16.109.101:8080 down;
server 172.16.109.102:8080 weight=10 max_fails=1 fail_timeout=36;
#server 172.16.109.102:8080 down;
}
server {
listen 80;
# listen 8899;
server_name oa.****.cn;
#access_log error_log
error_log /var/log/nginx/error_oa.log error;
access_log /var/log/nginx/access_oa.log main;
location / {
proxy_pass http://oa;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
# proxy_set_header Host $host:$server_port;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
client_max_body_size 500m;
client_body_buffer_size 928k;
}
}
以上就是核心的配置步骤,如果有不清楚的欢迎留言问下,帮您看下什么问题。
内容出处:,
声明:本网站所收集的部分公开资料来源于互联网,转载的目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。如果您发现网站上有侵犯您的知识产权的作品,请与我们取得联系,我们会及时修改或删除。文章链接:http://www.yixao.com/procedure/25030.html
微信扫一扫
支付宝扫一扫
相关推荐
-
安卓(Android)还原奔溃文件混淆代码方法
Android使用mapping文件还原奔溃文件混淆代码方法 mapping文件地址: 项目名\app\build\outputs\mapping\Release\mapping….
-
ASP.NET应用程序资源访问安全模型分析
ASP.NET WEB应用程序通常属于多层体系结构,一般从逻辑结构上可以分为表示层、业务逻辑层和数据访问层;客户端要访问应用程序资源,其身份认证和授权必然要跨越多个层次。本文主要讨论SP.NET应用程序的资源访问安全模型。
-
Js实现网页键盘控制翻页程序代码
键盘控制翻页效果我想我们不少见了,经常在很多网站特别是相册的效果都可以直接使用键盘进行上下页进行翻页了,原理很简单,只要利用js监测用户是否有按上下键即可实现。 举例,代码如下: …
-
vue拿来即用的封装短信验证
封装好的短信验证 <template> <div class=”message”> <span class=”acquire” @click=”get…
-
Intellij IDEA必备插件,提高效率的“七种武器”
常言道“工欲善其事必先利其器”,作为一个程序员,一个好的IDE可以起到事半功倍的效果。2020 JVM 生态报告显示 Intellij IDEA 已经成为Java开发者的首选。In…
-
使用易语言编写一个MP3播放器
您可以跟着步骤制作一个简单的MP3播放器。 做这个程序,大约需如下几步:1、启动易语言,新建一个易程序; 2、设计程序界面; 3、写代码;4、运行编好的程序;5、生成可执行文件。这…
-
将access数据库迁移到SQLserver的两种方法
在实际项目使用中遇到的问题,将原文整理后以备后用。 方法1 使用ACCESS2007自带的数据库迁移工具 1、打开ACCESS2007的数据库迁移向导 2、点击SQLSERVER按…
-
基于java Springboot实现课程评分系统设计和实现
前言: 教师教学评价是教学质量评价的重要内容,随着教育信息化进程的加快,如何在传统教学中运用网络技术来评价教师教学质量,如何在网络教学环境中评价教师教学质量, 是教学管理的难点,也…
-
php给app 或前端封装api 接口——json格式
封装api 返回数据结构 封装统一结构的出口如下图:(定义好一般不要去变动) code :返回状态码,可逻辑出数据字典。如200:成功,-201:用户不存在、-202:密码错误、-…