本着快速安装和环境的统一,以及方便升级维护的原则,本文与其它网上的参考资料用编译安装的方法不一样,使用yum安装Nginx和Keepalived。带有自动安装shell脚本,进行环境部署非常简单高效,十分钟不到可以完成Nginx+Keepalived企业级web主主负载均衡架构的搭建。
#!/bin/bash
# -------------------------------------------------------------------------------
# Filename: nginx_keepalived.sh
# Revision: 1.0
# Date: 2012-12-29
# Author: 三木
# Email: linmaogan#gmail.com
# Website: www.3mu.me
# Description: CentOS6.3+Nginx+Keepalived主主负载均衡架构安装脚本
# Notes: 需要切换到root运行,版本针对64位系统,操作系统为CentOS6.3
# -------------------------------------------------------------------------------
# Copyright: 2012 (c) 三木
# License: GPL
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty
# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# you should have received a copy of the GNU General Public License
# along with this program (or with Nagios);
#
# Credits go to Ethan Galstad for coding Nagios
# If any changes are made to this script, please mail me a copy of the changes
# -------------------------------------------------------------------------------
#Version 1.0
#2012-12-29 三木 初始版本建立
#Version 1.1
# -------------------------------------------------------------------------------
#变量定义#############################################################################
IS_VPS=1 # 是否是虚拟主机,最简化安装的系统也采用这种配置
NGINX_MASTER=1 # 值为1或2,表示采用主Nginx之一或二的keepalivd.conf配置内容
NGINX_WORKER_PROCESSES=8 # nginx 工作进程数量
UPSTREAM='server 192.168.1.6:80 weight=1 max_fails=2 fail_timeout=30s;
server 192.168.1.26:80 weight=1 max_fails=2 fail_timeout=30s;
server 192.168.1.130:80 weight=1 max_fails=2 fail_timeout=30s;' # nginx 负载均衡服务器池
KEEPALIVED_EMAIL=linmaogan@gmail.com # keepalived 通知邮件地址
KEEPALIVED_PASS=cd5u5s6s3fe7ptxV # VRRP口令
KEEPALIVED_VIP1=192.168.1.120 # VRRP HA虚拟地址1
KEEPALIVED_VIP2=192.168.1.121 # VRRP HA虚拟地址2
DONE="\e[0;32m\033[1mdone\e[m"
#解锁系统文件#########################################################################
chattr -i /etc/passwd
chattr -i /etc/group
chattr -i /etc/shadow
chattr -i /etc/gshadow
chattr -i /etc/services
#如果已安装Apache和PHP,则卸载########################################################
yum -y remove httpd* php* mysql
#更新软件库###########################################################################
yum -y update
#安装Nginx源##########################################################################
if [ ! -e /etc/yum.repos.d/nginx.repo ]
then
rpm -ivh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
echo -e "Install nginx source ${DONE}."
fi
#安装epel源,用于安装Keepalived ######################################################
if [ ! -e /etc/yum.repos.d/epel.repo ]
then
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm 1>/dev/null
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
echo -e "Install EPEL source ${DONE}."
fi
#安装Nginx############################################################################
yum -y install nginx
#加入启动项###########################################################################
chkconfig --levels 235 nginx on
#start Nginx##########################################################################
/etc/init.d/nginx start
#安装Keepalived ######################################################################
yum -y install keepalived
#加入启动项###########################################################################
chkconfig --levels 235 keepalived on
#start Keepalived#####################################################################
/etc/init.d/keepalived start
#####################################################################################
#####################################################################################
#目录设置############################################################################
#创建网站相关目录####################################################################
if [ ! -e /www ]
then
if [ $IS_VPS ];then
mkdir /home/data
ln -s /home/data /data
else
mkdir /data
fi
mkdir /www
mkdir /data/wwwroot
ln -s /data/wwwroot /www/
mkdir -p /data/wwwroot/{web,log,git}
mkdir /data/conf
mkdir /data/conf/{sites-available,sites-enabled,shell}
mkdir /backup
ln -s /backup /data/
fi
#配置文件目录设置######################################################################
#移动nginx配置文件
if [ -s /data/conf/sites-available/default.conf ]; then
echo "default.conf already move"
else
cp -p /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak
mv /etc/nginx/conf.d/default.conf /data/conf/sites-available/
ln -s /data/conf/sites-available/default.conf /data/conf/sites-enabled/
echo "default.conf move success"
fi
if [ -s /data/conf/nginx.conf ]; then
echo "nginx.conf already move"
else
cp -p /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
mv /etc/nginx/nginx.conf /data/conf/
ln -s /data/conf/nginx.conf /etc/nginx/
echo "nginx.conf move success"
fi
#移动 Keepalived 配置文件
if [ -s /data/conf/keepalived.conf ]; then
echo "keepalived.conf already move"
else
cp -p /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
mv /etc/keepalived/keepalived.conf /data/conf/
ln -s /data/conf/keepalived.conf /etc/keepalived/
echo "keepalived.conf move success"
fi
#添加www组和www用户####################################################################
groupadd www
useradd -g www www
#设置目录权限##########################################################################
chown -R www:www /data/wwwroot/web
#配置nginx
if cat /data/conf/nginx.conf |awk -F: '{print $1}'|grep 'sites-enabled' 2>&1 >/dev/null
then
echo -e "nginx.conf has been \e[0;32m\033[1madded\e[m."
else
echo "user www www;
worker_processes $NGINX_WORKER_PROCESSES;
error_log /var/log/nginx/error.log crit;
pid /var/run/nginx.pid;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
charset utf-8;
log_format main '\$remote_addr - \$remote_user [\$time_local] \"\$request\" '
'\$status \$body_bytes_sent \"\$http_referer\" '
'\"\$http_user_agent\" \"\$http_x_forwarded_for\"';
access_log /var/log/nginx/access.log main;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 300m;
client_body_buffer_size 512k;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
keepalive_timeout 60;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
proxy_connect_timeout 5;
proxy_read_timeout 60;
proxy_send_timeout 5;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
#注:proxy_temp_path和proxy_cache_path指定的路径必须在同一分区
proxy_temp_path /www/wwwroot/web/proxy_temp_dir;
#设置Web缓存区名称为cache_one,内存缓存空间大小为200MB,1天没有被访问的内容自动清除,硬盘缓存空间大小为30GB。
proxy_cache_path /www/wwwroot/web/proxy_cache_dir levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=30g;
#第一组php负载均衡服务器
upstream backend_server {
$UPSTREAM
}
#屏蔽未绑定域名访问和禁止通过IP访问
server {
listen 80 default;
server_name _;
return 500;
}
include /data/conf/sites-enabled/*;
}" > /data/conf/nginx.conf
fi
# 配置 nginx 默认虚拟机配置文件
echo "server {
listen 80;
server_name localhost;
charset utf8;
#access_log /var/log/nginx/log/host.access.log main;
location / {
root /www/wwwroot/web;
index index.html index.htm index.php; #增加index.php
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /www/wwwroot/web;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#取消FastCGI server部分location的注释,并要注意fastcgi_param行的参数,改为$document_root$fastcgi_script_name,或者使用绝对路径
location ~ \.php$ {
root /www/wwwroot/web;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}" > /data/conf/sites-available/default.conf
# 配置 Keepalived 配置文件
if [ $NGINX_MASTER -eq 1 ]; then
echo "! Configuration File for keepalived
global_defs {
notification_email {
$KEEPALIVED_EMAIL
}
notification_email_from keepalived@zhts.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
script '/data/conf/shell/nginx_pid.sh'
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass $KEEPALIVED_PASS
}
track_script {
chk_http_port # 执行监控的服务
}
virtual_ipaddress {
$KEEPALIVED_VIP1
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass $KEEPALIVED_PASS
}
track_script {
chk_http_port # 执行监控的服务
}
virtual_ipaddress {
$KEEPALIVED_VIP2
}
}" > /data/conf/keepalived.conf
else
echo "! Configuration File for keepalived
global_defs {
notification_email {
$KEEPALIVED_EMAIL
}
notification_email_from keepalived@zhts.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
script '/data/conf/shell/nginx_pid.sh'
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass $KEEPALIVED_PASS
}
track_script {
chk_http_port # 执行监控的服务
}
virtual_ipaddress {
$KEEPALIVED_VIP1
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass $KEEPALIVED_PASS
}
track_script {
chk_http_port # 执行监控的服务
}
virtual_ipaddress {
$KEEPALIVED_VIP2
}
}" > /data/conf/keepalived.conf
fi
# 监控Nginx的进程脚本
echo '#!/bin/bash
NGINX_PROCESS=`ps -C nginx --no-header | wc -l`
if [ $NGINX_PROCESS -eq 0 ]; then
/etc/init.d/nginx start
sleep 3
if [ `ps -C nginx --no-header | wc -l` -eq 0 ]; then
/etc/init.d/keepalived stop
fi
fi' > /data/conf/shell/nginx_pid.sh
# 添加可执行权限
chmod +x /data/conf/shell/nginx_pid.sh
#开启防火墙
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -I INPUT -p tcp --dport 443 -j ACCEPT
/etc/rc.d/init.d/iptables save
/etc/init.d/iptables restart
#重启所有服务器
/etc/init.d/nginx restart
/etc/init.d/keepalived restart
#系统文件加锁
chattr +i /etc/passwd
chattr +i /etc/shadow
chattr +i /etc/gshadow
chattr +i /etc/group
chattr +i /etc/services
参考资料:
解析 Nginx 负载均衡:http://blog.jobbole.com/24574/
Nginx主主负载均衡架构:http://andrewyu.blog.51cto.com/1604432/655646
揭秘企业级web负载均衡完美架构(图):http://network.51cto.com/art/201007/209823.htm
Nginx负载均衡配置:http://visonguo.blog.51cto.com/510379/1042842
nginx+keepalived主辅切换:http://deidara.blog.51cto.com/400447/302402
nginx负载均衡分配策略分析:http://bbs.ywlm.net/thread-34-1-1.html
使用Nginx的proxy_cache缓存功能取代Squid[原创]:http://blog.s135.com/nginx_cache/1/1/
Nginx负载均衡:http://www.cnblogs.com/xiaogangqq123/archive/2011/03/04/1971002.html
keepalived配置文件详解-nginx+keepalived配置nginx高可用:http://www.linuxmr.com/2012/nginx_keepalived_0628/204.html
nginx+keepalived配置实现nginx单主高可用:http://www.linuxmr.com/2012/nginx_keepalived_0629/205.html
nginx+keepalived配置双主高可用负载均衡:http://www.linuxmr.com/2012/nginx_keepalived_0629/207.html
0 条评论。