Use Keepalived to build a dual Nginx server cluster to prevent spof

Use Keepalived to build a dual Nginx server cluster to prevent the spof browser from accessing the virtual IP address 192.168.1.57. The virtual IP address is taken over by Keepalived. The two Keepalived processes run on the physical IP addresses 192.168.1.56 and 192.168.1.59 respectively, both servers run the Nginx server. Nginx servers all listen to virtual IP 192.168.1.57. Some web app clusters behind Nginx have been configured as upstream. To prevent Nginx from becoming a single-point bottleneck, the dual-Nginx server approach is used here. Every Server is Ubuntu 12.04. assume that the physical IP address of my first Ubuntu server is 192.168.1.56 and Nginx server is installed. Now, Keepalived is installed, which is later called the master server. [plain] apt-get install keepalived the physical IP address of another Ubuntu server is 192.168.1.59, and Nginx server and Keapalived are also installed. this is called backup server. nginx installation and configuration are not the content of this article. Please refer to other articles. Configure the master server. after keepalived is installed, check the script/etc/init. d/keepalived: The Path to the startup configuration file is [plain] CONFIG =/etc/keepalived. conf, but the file does not exist yet. So I created one with the following content: [plain] # Settings for communications global_defs {icationication_email {csfreebird@gmail.com # Email address for communications} icationication_email_from keepalived@your_company.com # The from address for the communications smtp_server 127.0.0.1 smtp_connect_timeout 15} # Define the script used to check if haproxy is still working vrrp_script chk_http_port {script "/etc/keepalived/chec K_nginx.sh "# check Nginx is alive or not interval 2 # weight 2} # Configuation for the virtual interface vrrp_instance VI_1 {interface eth0 state MASTER # set this to BACKUP on the other machine priority 101 # set this to 100 on the other machine virtual_router_id 51 smtp_alert # Activate email communications authentication {auth_type PASS auth_pass 1111 # Set this to some secret phrase} # Virtual ip address shared between the two loadbalancers virtual_ipaddress {192.168.1.57} # Use the script above to check if we shocould fail over track_script {chk_http_port} Description: 1. smtp_server must use 127.0.0.12. create a script [plain]/etc/keepalived/check_nginx.sh to check the nginx process as follows: [plain]! /Bin/bash # try to start nginx if nginx process is dead # shutdonw keepalived process if start nginx failed pid = 'ps-C nginx -- no-header | wc-l' if [$ pid-eq 0]; then service nginx start sleep 3 if ['ps-C nginx -- no-header | wc-l'-eq 0]; then service keepalived stop fi 3. modify all server configurations of nginx and change server_name to virtual IP [plain] server_name 192.168.1.57; 4. note that the virtual IP address here is not modified in the/etc/network/interfaces mode, but in In the eepalived configuration file, you can directly ping the configuration file to determine whether the configuration is successful. ifconfig cannot be seen. [Plain] ping 192.168.1.57 PING 192.168.1.57 (192.168.1.57) 56 (84) bytes of data. 64 bytes from 192.168.1.57: icmp_req = 1 ttl = 64 time = 0.024 MS 64 bytes from 192.168.1.57: icmp_req = 2 ttl = 64 time = 0.020 MS do the same configuration for 192.168.1.59, slightly changed: [plain] vrrp_instance VI_1 {interface eth0 state BACKUP // changed priority 100 // changed by turning off master and backup in turn, it proves that keepalived has been working effectively.