Linux nginx+keepalived load + high Availability

Linux Nginx+keepalived负载+高可用

Summary
Nginx+keepalived to the enterprise to achieve low-cost, high-reliability high-availability soft load balancing, up to the high concurrency of the million.

Body
Preparation for the first stage
1.1 Project topology diagram
The topological structure of the nginx+keepalived is initially planned as follows.

1.2 Server Preparation
Redhat 6.4 (NGINX-A) CPU: Single core memory: 2G HDD: 50G set same network segment static IP
Redhat 6.4 (Nginx-b) CPU: Single core memory: 2G HDD: 50G set same network segment static IP
Back-end Web application Server self-built (can use Linux to do the simplest HTTP server) set the same network segment static IP

1.3 Software Preparation
1) Two new servers configure the Yum installation source. (The Yum source configuration procedure is omitted here, refer to the method on the Internet)
2) Download Nginx and keepalived source installation package. Specific model as follows, the implementation of the Software please refer to the additional package folder
Nginx-1.9.2.tar.gz
Keepalived-1.2.19.tar.gz

Installation and configuration of two Nginx servers
2.1 Nginx-a/nginx-b Primary/Standby server configuration
2.1.1 Basic Installation
Required dependencies before installing Nginx
#yum install –y gcc pcre-devel zlib-devel

2.1.2 Nginx Installation
Enter the location of the Nginx installation package
#cd /tmp/

Decompression Nginx Source Package
#tar –xvf nginx-1.9.2.tar.gz

Enter the extracted folder
#cd nginx-1.9.2

Compiling and installing
#./config;make;make install

2.1.3 Nginx configuration file modification
Vim editor/usr/local/nginx/conf/nginx.conf, edit content as shown in red box:

2.1.4 Creating a Load rule
1) Create folder path
#mkdir /usr/local/nginx/vhost

2) Create a load rule for each domain name
#vim /usr/local/nginx/vhost/www.xxx.net

The contents of the edits are as follows:

2.1.5 Nginx Boot
Test configuration file is wrong
#/usr/local/nginx/sbin/nginx -t
The following information is returned with the correct configuration

Start Nginx
#/usr/local/nginx/sbin/nginx

Three keepalived server installation and configuration
3.1 Nginx-a Primary server keepalived installation and configuration
3.1.1 Basic Installation

Required dependency packages before installing keepalived
#yum install –y openssl-devel

3.1.2 Keepalived Installation
Enter the location of the keepalived installation package
#cd /tmp/

Decompression Keepalived Source Package
#tar –xvf keepalived-1.2.19.tar.gz

Enter the extracted folder
#cd keepalived-1.2.19

Compiling and installing
#./config;make;make install

3.1.3 keepalived configuration file modification
1) Create a soft link (the configuration file is required when starting keepalived, if the profile path is not specified using-F, create a soft link to the/etc directory)
#mkdir /etc/keepalived
#ln –s /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/

2) Modify the keepalived configuration file
Vim modifies the/etc/keepalived/keepalived.conf as shown:

3.1.4 Modifying Iptables settings
Iptables firewall puts the virtual routing protocol settings, otherwise keepalived cannot communicate through the virtual routing protocol.
Vim editor/etc/sysconfig/iptables such as:

3.1.5 keepalived Start
#/usr/local/sbin/keepalived

3.2 nginx-b standby server keepalived installation and configuration
Installation and configuration process please refer to the main server, the main point is keepalived.conf, please see:

3.3 Nginx Monitoring Script
1) nginx-a and nginx-b edit scripts separately
#vim /usr/local/nginx/Monitor_Nginx.sh
Scripts such as:

2) Add executable permissions
#chmod o+rx /usr/local/nginx/Monitor_Nginx.sh

3) Create a soft link
#ln –s /usr/local/nginx/Monitor_Nginx.sh /opt/

Four optimized operating system limitations
4.1 Optimizing the operating system to support high concurrency (primary and standby server settings)
Vim editor/etc/security/limits.conf, edit content such as:

4.2 Operating System kernel parameter optimization (primary and standby server settings)
Vim editor/etc/sysctl.conf, edit content such as:

Five optimized Nginx and keepalived start-up
5.1 Make the Nginx boot as a service (primary and standby server settings)
5.1.1 Edit/etc/init.d/nginxd
Edit content such as, the script content does not explain each:

5.1.2 Add executable permissions
1) Increased execution privileges
#chmod +x /etc/init.d/nginxd

2) Add soft links so that they can be used as commands
#ln –s /etc/init.d/nginxd /sbin

5.1.3 Set Boot start
Set boot up
#chkconfig nginxd on

5.2 Making keepalived as a service (primary and standby server settings)
5.2.1 Edit/etc/init.d/keepalivedd
Edit content such as, the script content does not explain each:

5.2.2 Add executable permissions
1) Increased execution privileges
#chmod +x /etc/init.d/keepalivedd

2) Add soft links so that they can be used as commands
#ln –s /etc/init.d/keepalivedd /sbin

5.2.3 Set Boot start
Set boot up
#chkconfig keepalivedd on

Six Nginx logs are automatically truncated and backed up (primary and standby server settings)
4) Edit/usr/local/nginx/nginxlogbak.sh
Scripts such as:

5) Add executable permissions
#chmod +x /usr/local/nginx/nginxlogbak.sh

6) Create a timed task
#crontab -e

Seven optimized master and standby server policy synchronization
Since the policy does not automatically synchronize, it needs each manual copy, so it is optimized to detect the configuration of the master server every day, and if there are any changes, it automatically backs up the standby server policy and copies the master server policy.
7.1.1 Password-Free login server with public key (primary and standby server settings)
1) Because the root account does not allow direct SSH login, the public key is generated using the Admin account login
Generate a public-private key
$ssh-keygen -t rsa -P ""

2) Copy the public key to another server
$scp /home/admin/.ssh/id_rsa.pub [email protected]:/home/admin/.ssh/authorized_keys

Similarly, the other server needs to be set up to achieve mutual recognition purposes.

7.1.2 Add readable list permissions for the Vhost folder (master server settings)
With security in mind, this permission setting is controlled using ACLs. If you do not increase the Admin permissions on this folder, the standby server cannot be downloaded through the admin account.
#setfacl –d –m u:admin:rwx /usr/local/nginx/vhost/

7.1.3 edit Vhost Copy and Judgment script (standby server settings)
1) Edit/usr/local/nginx/vhostcopy.sh

3) Add executable permissions
#chmod +x /usr/local/nginx/vhostcopy.sh

7.1.4 set Scheduled Tasks to execute periodically (standby server settings)
1) Add scheduled Tasks for Admin account
#crontab -u admin -e

2) Create the Vhost folder in the TMP directory with the admin account
$mkdir /tmp/vhost

4) Add the program task to the root account
#crontab -e

Eight keepalived log redirection
Because the keepalived default output to the message, the message is also very other logs, it is not easy to view the keepalived log, optimize the log output to/var/log/keepalived.log
1) Edit Vim/etc/init.d/keepalivedd
Edit the contents as follows:

2) Edit/etc/rsyslog.conf, add the following content

7) Restart Log service and keepalived service
#service rsyslog restart;service keepalivedd Restart

Linux nginx+keepalived load + high Availability