nginx+keepalived搭建nginx高可用代理 | Evergreen Notes返回首页nginx+keepalived搭建nginx高可用代理
nginx+keepalived搭建nginx高可用代理 1.初始化服务器 2.安装nginx 3.安装keepalived 主 4.安装keepalived 备 5.nginx配置 5.1.业务1 5.2.业务2
nginx+keepalived搭建nginx高可用代理
1.初始化服务器
#1.关闭防火墙、selinux
systemctl stop firewalld NetworkManager
systemctl disable firewalld NetworkManager
sed -i '/^SELINUX=/c SELINUX=disabled' /etc/selinux/config
setenforce 0
#2.加速ssh连接
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
grep -Ei '^(usedns|gssapiauth)' /etc/ssh/sshd_config
#3.优化PS1变量
echo 'export PS1="[\[\e[34;1m\]
2.安装nginx
3.安装keepalived(主)
4.安装keepalived(备)
5.nginx配置
5.1.业务1
5.2.业务2
\u
@
\[
\e
[0m
\]\[
\e
[32;1m
\]\H\[
\e
[0m
\]
\[
\e
[31;1m
\]\w\[
\e
[0m
\]
]
\\
$"'
>>
/
etc
/
profile
echo 'unset mailcheck' >> /etc/profile
source /etc/profile
#4.yum源优化
cd /etc/yum.repos.d/
mkdir bakrepo
mv *.repo bakrepo/
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all
yum makecache
#5.安装基础软件
yum install -y tree wget bash-completion bash-completion-extras lrzsz net-tools sysstat iotop iftop htop unzip telnet ntpdate lsof vim yum-utils
1.安装yum工具包
sudo yum install yum-utils
2.设置yum仓库
最新稳定版,线上用这个
cat > /etc/yum.repos.d/nginx.repo << 'EOF'
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
EOF
3.yum安装的nginx服务
yum clean all
yum install pcre pcre-devel openssl openssl-devel zlib zlib-devel gzip gcc gcc-c++ make wget httpd-tools vim nginx -y
1.yum install -y keepalived
2.keepalived配置(主)
cat keepalived.conf
global_defs {
router_id nginx-master-j
script_user root
enable_script_security
}
vrrp_script check_web {
script "/etc/keepalived/check_web.sh"
interval 5
}
vrrp_instance VIP_1 {
state MASTER
interface ens192
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.20.152
}
track_script {
check_web
}
}
3.检测脚本(主备服务器做免密)
cat check_web.sh
主服务器检测:如果此服务器nginx挂掉就关闭本服务器keepalived
#!/bin/bash
NGINX_STATUS=$(ps -ef|grep ngin[x]|wc -l)
if [ ${NGINX_STATUS} == 0 ]
then
systemctl restart nginx
if [ $? == 1 ]
then
systemctl stop keepalived
fi
fi
1.yum install -y keepalived
2.keepalived配置(备)
cat /etc/keepalived/keepalived.conf
global_defs {
router_id nginx-backup-j
script_user root
enable_script_security
}
vrrp_script check_vip {
script "/etc/keepalived/check_vip.sh"
interval 5
}
vrrp_instance VIP_1 {
state BACKUP
interface ens192
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.20.152
}
track_script {
check_vip
}
}
3.检测脚本(主备服务器做免密)
cat check_web.sh
#!/bin/bash
MASTER_VIP=$(ssh 192.168.20.157 ip a|grep 192.168.20.157|wc -l)
MY_VIP=$(ip a|grep 192.168.20.157|wc -l)
# 如果远程有VIP并且自己本地也存在了VIP,就干掉自己
if [ ${MASTER_VIP} == 1 -a ${MY_VIP} == 1 ]
then
systemctl stop keepalived
fi
cat nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log main;
log_format aka_logs
'{"@timestamp":"$time_iso8601",'
'"host":"$hostname",'
server {
listen 80;
listen 443 ssl;
server_name ;
ssl_certificate /etc/nginx/ssl/;
ssl_certificate_key /etc/nginx/ssl/;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
client_max_body_size 500m;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#server {
# listen 80;
# server_name 192.168.20.157 ;
# rewrite ^(.*)$ https://$host$1 permanent;
# }
server {
listen 80;
listen 443 ssl;
server_name 192.168.20.157 ;
ssl_certificate /etc/nginx/ssl/;
ssl_certificate_key /etc/nginx/ssl/;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
client_max_body_size 500m;
proxy_http_version 1.1;
proxy_set_header Connection ""
'"server_ip":"$
server_addr
",'
'"client_ip":"$remote_addr",'
'"xff":"$http_x_forwarded_for",'
'"domain":"$host",'
'"url":"$uri",'
'"referer":"$http_referer",'
'"args":"$args",'
'"upstreamtime":"$upstream_response_time",'
'"responsetime":"$request_time",'
'"request_method":"$request_method",'
'"status":"$status",'
'"size":"$body_bytes_sent",'
'"request_body":"$request_body",'
'"request_length":"$request_length",'
'"protocol":"$server_protocol",'
'"upstreamhost":"$upstream_addr",'
'"file_dir":"$request_filename",'
'"http_user_agent":"$http_user_agent"'
'}';
access_log /var/log/nginx/access.log aka_logs;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
server_tokens off;
upstream coldChainUps{
server 192.168.20.58:10055;
server 192.168.20.60:10055;
server 192.168.20.91:10055;
server 192.168.20.78:10055;
server 192.168.20.92:10055;
server 192.168.20.79:10055;
server 192.168.20.94:10055;
}
upstream customerWechatUps{
server 192.168.20.79:38769;
#server 192.168.12.209:38769;
}
upstream fdfs78Ups{
server 192.168.20.78:8888;
}
upstream fdfs114Ups{
server 192.168.112.114:8888;
}
upstream fdfs79Ups{
server 192.168.20.79:8888;
}
upstream medicalCloudUps{
server 192.168.20.94:8080;
}
upstream mkMediaUps{
server 192.168.20.60:38771;
}
upstream mkSysUps{
server 192.168.112.115:83;
}
upstream mkLabFileUps{
server 192.168.20.58:88;
}
upstream myKkFileView{
server 192.168.20.58:8012;
}
upstream mkLabRecorderUps{
server 192.168.20.58:86;
}
upstream myReport{
server 192.168.20.58:5002;
server 192.168.20.60:5002;
server 192.168.20.78:5002;
server 192.168.20.79:5002;
server 192.168.20.91:5002;
server 192.168.20.94:5002;
server 192.168.20.92:5002;
}
upstream myGateway{
server 192.168.112.195:9998;
}
upstream smartIVServerUps{
server 192.168.20.78:8089;
}
upstream vapSimpleServiceUps{
server 192.168.112.167:38763;
}
upstream wechatReportUps{
server 192.168.112.214:38766;
}
upstream ywsServiceUps{
server 192.168.20.78:82;
}
upstream mkLabInstrumentUps{
server 192.168.112.115:84;
}
upstream vapServiceServer{
server 192.168.112.167:10070;
server 192.168.112.142:10070;
server 192.168.112.115:10070;
}
upstream oauthTokenKeyServer{
server 192.168.112.195:3000;
}
upstream alipayUps{
server 192.168.112.167:38765;
}
upstream alipayPeaceUps{
server 192.168.112.167:38776;
}
upstream wechatpayUps{
server 192.168.112.167:38800;
}
upstream wechatGbmzPayUps{
server 192.168.112.167:38802;
server 192.168.112.142:38802;
server 192.168.112.115:38802;
}
include /etc/nginx/conf.d/*.conf;
}
proxy_set_header
REMOTE_ADD $
remote_addr
;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
#1.vue
location /vue{
proxy_pass http://192.168.20.60:80/vue;
}
#2.app下载
location /down {
proxy_pass http://192.168.20.60:80/down;
}
#3.微信,未使用
location /wechat{
proxy_pass http://myGateway/wechat;
}
#4.客服管理后台系统
location /customer-wechat{
proxy_pass http://customerWechatUps/customer-wechat;
}
#5.group1,2,未使用
location /group1 {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://fdfs78Ups/group1;
}
location /group2 {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://fdfs79Ups/group2;
}
#6.医卫士慢病管理平台
location /medical-cloud{
proxy_pass http://medicalCloudUps/medical-cloud;
}
#7.设备管理系统
location /instrumentService{
proxy_pass http://mkLabInstrumentUps/instrumentService;
}
location /instrument{
proxy_pass http://192.168.20.60:80/instrument;
}
#8.文件管理系统
location /fileService{
proxy_pass http://mkLabFileUps/fileService;
}
location /file{
proxy_pass http://192.168.20.60:80/file;
}
location /kkFileView{
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' '*';
add_header 'Access-Control-Allow-Methods' '*';
if ($request_method = 'OPTIONS') {
return 204;
}
proxy_pass http://myKkFileView/kkFileView;
}
#9.记录后台管理系统
location /recorderService{
proxy_pass http://mkLabRecorderUps/recorderService;
}
location /recorder{
proxy_pass http://192.168.20.60:80/recorder;
}
#10.多媒体后台管理系统
location /mk-media{
proxy_pass http://mkMediaUps/mk-media;
}
#11.智慧检验实验室管理平台
location /mk-sys{
proxy_pass http://mkSysUps/mk-sys;
}
location /mklab{
proxy_pass http://192.168.20.60:80/mklab;
}
#12.冷链物流管理系统
location /cold-chain{
proxy_pass http://coldChainUps/cold-chain;
}
#13.per,未使用
location /per{
#proxy_pass http://192.168.20.79:9009/per;
}
#14.体检商城后台管理系统
location /check-mail-master{
proxy_pass http://192.168.20.60:80/check-mail-master;
}
location /check-mail-wechat{
proxy_pass http://192.168.20.60:80/check-mail-wechat;
}
#15.未使用
location /SmartIVServer{
proxy_pass http://smartIVServerUps/SmartIVServer;
}
#16.未使用
location /vap-simple-service{
proxy_pass http://vapSimpleServiceUps/vap-simple-service;
}
#17.微信报告单后台管理系统
location /wechat-report{
proxy_pass http://wechatReportUps/wechat-report;
}
location /wechat-report/report/item/detail{
proxy_pass http://myReport/report/item/detail;
}
location /report{
proxy_pass http://myGateway/report;
}
#18.微信后台管理
location /wx{
proxy_pass http://192.168.20.93:8088/wx;
}
location /wx-manager{
proxy_pass http://192.168.20.60:80/wx-manager;
}
#19.医卫士
location /ywsservice{
proxy_pass http://ywsServiceUps/ywsservice;
}
location /yws{
proxy_pass http://192.168.20.60/yws;
}
location /ywsabout{
proxy_pass http://192.168.20.60/ywsabout;
}
#20.标准数据管理后台
location /baseData {
proxy_pass http://192.168.20.68:8888/baseData/html/weui/priceItem/priceItem.html;
}
}
;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE_ADD $remote_addr;
location /oauth/token_key{
proxy_pass http://oauthTokenKeyServer/oauth/token_key;
}
location /upms{
proxy_pass http://myGateway/upms;
}
location /auth{
proxy_pass http://myGateway/auth;
}
location /integral{
proxy_pass http://myGateway/integral;
}
location /wechat{
proxy_pass http://myGateway/wechat;
}
location /smart{
proxy_pass http://myGateway/smart;
}
location /report{
proxy_pass http://myGateway/report;
}
location = /favicon.ico{
log_not_found off;
access_log off;
}
##老版vap商城后台
location /inspection{
proxy_pass http://myGateway/inspection;
}
#1.客服管理后台系统
location /customer-wechat{
proxy_pass http://customerWechatUps/customer-wechat;
}
#2.未使用
location /group1{
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
proxy_pass http://fdfs78Ups/group1;
}
##3.积分商城
location /integralMall{
proxy_pass https://192.168.20.92:443/integralMall;
}
##4.微信报告单前台
location /wechatreport{
proxy_pass https://192.168.20.92:443/wechatreport;
}
##5.老版商城前台
location /wechat/inspection{
proxy_pass https://192.168.20.92:443/wechatreport;
}
##6.签字文件
location /sampleSign/zhengzhou{
proxy_pass https://192.168.20.92:443/sampleSign/zhengzhou;
}
#7.设备管理系统
location /instrumentService{
proxy_pass http://mkLabInstrumentUps/instrumentService;
}
location /instrument{
proxy_pass https://192.168.20.92:443/instrument;
}
#8.文件管理后台
location /fileService{
proxy_pass http://mkLabFileUps/fileService;
}
location /file{
proxy_pass https://192.168.20.92:443/file;
}
location /kkFileView{
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' '*';
add_header 'Access-Control-Allow-Methods' '*';
if ($request_method = 'OPTIONS') {
return 204;
}
proxy_pass http://myKkFileView/kkFileView;
}
#9.记录后台管理系统
location /recorderService{
proxy_pass http://mkLabRecorderUps/recorderService;
}
location /recorder{
proxy_pass https://192.168.20.92:443/recorder;
}
#10.智慧检验实验室管理平台
location /mk-sys{
proxy_pass http://mkSysUps/mk-sys;
}
location /mklab{
proxy_pass https://192.168.20.92:443/mklab;
}
#11.支付系统
location /alipay {
proxy_pass http://alipayUps/alipay;
}
location /alipayPeace {
proxy_pass http://alipayPeaceUps/alipayPeace;
}
location /wechatpay{
proxy_pass http://wechatpayUps/wechatpay;
}
location /wechatGbmzPay{
proxy_pass http://wechatGbmzPayUps/wechatGbmzPay;
}
location /vap-simple-service{
proxy_pass http://vapSimpleServiceUps/vap-simple-service;
}
##商户平台网址(不包含结尾/)
location /mchService {
#proxy_pass http://192.168.12.233:9218/mchService;
proxy_pass http://192.168.20.78:9218/mchService;
}
location /mch{
#proxy_pass http://192.168.12.233:8000/mch;
proxy_pass https://192.168.20.92:443/mch;
}
##运营平台网址(不包含结尾/)
location /mgrService {
#proxy_pass http://192.168.12.233:9217/mgrService;
proxy_pass http://192.168.20.78:9217/mgrService;
}
location /mgr{
# proxy_pass http://192.168.12.233:8001/mgr;
proxy_pass http://192.168.12.233:8001/mgr;
}
##支付网关地址(不包含结尾/)
location /jeepay{
# proxy_pass http://192.168.12.233:8090/jeepay;
proxy_pass https://192.168.20.92:443/jeepay;
}
location /jeepayService{
#proxy_pass http://192.168.12.233:9216/jeepayService;
proxy_pass http://192.168.20.78:9216/jeepayService;
}
#12.冷链
location /cold-chain{
proxy_pass http://coldChainUps/cold-chain;
}
#13.vap
location /vap-service{
proxy_pass http://vapServiceServer/vap-service;
}
#14.报告单
location /wechat-report{
proxy_pass http://wechatReportUps/wechat-report;
}
#15.医卫士
location /yws{
proxy_pass https://192.168.20.92:443/yws;
}
location /ywsservice{
proxy_pass http://ywsServiceUps/ywsservice;
}
}