Nginx配置TCP转发+http转发+keepalived高可用

原创

lufei0920 2018-12-07 10:01:14 ©著作权

文章标签 nginx tcp 转发 文章分类 运维

©著作权归作者所有：来自51CTO博客作者lufei0920的原创作品，请联系作者获取转载授权，否则将追究法律责任

Nginx配置TCP请求转发+http请求转发+keepalived高可用 http://nginx.org/download/ 1.TCP请求转发基于stream在1.9版本前，需要单独编译安装该组建:

依赖服务

[root@baolin conf]#yum -y install pcre-devel openssl openssl-devel library

wget http://nginx.org/download/nginx-1.9.5.tar.gz tar -xf nginx-1.9.5.tar.gz -C /usr/local/ cd /usr/local/nginx-1.9.5/

编译安装 stream 组建

./configure --prefix=/usr/local/nginx/ --with-http_stub_status_module --with-http_ssl_module --with-stream --with-stream_ssl_module make && make install vim /etc/profile.d/nginx.sh export PATH=/usr/local/nginx/sbin:$PATH source /etc/profile.d/nginx.sh nginx 启动。

2、创建conf文件存放目录： mkdir /usr/local/nginx/conf/conf.d/

3、配置 01、nginx.conf vim /usr/local/nginx/conf/nginx.conf user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /usr/local/nginx/logs/nginx.pid; include /usr/local/nginx/conf/conf.d/*.conf; events { worker_connections 25600; #最大连接数 use epoll; #指明并发连接请求的处理方法 accept_mutex on; #处理新的连接请求的方法;on意味着由worker轮流处理新请求， #并发总数是 worker_processes 和 worker_connections 的乘积 #即 max_clients = worker_processes * worker_connections #在设置了反向代理的情况下，max_clients = worker_processes * worker_connections / 4 为什么 #为什么上面反向代理要除以4，应该说是一个经验值 #根据以上条件，正常情况下的Nginx Server可以应付的最大连接数为：4 * 8000 = 32000 #worker_connections 值的设置跟物理内存大小有关 #因为并发受IO约束，max_clients的值须小于系统可以打开的最大文件数 #而系统可以打开的最大文件数和内存大小成正比，一般1GB内存的机器上可以打开的文件数大约是10万左右 #我们来看看360M内存的VPS可以打开的文件句柄数是多少： #$ cat /proc/sys/fs/file-max #输出 34336 #32000 < 34336，即并发连接总数小于系统可以打开的文件句柄总数，这样就在操作系统可以承受的范围之内 #所以，worker_connections 的值需根据 worker_processes 进程数目和系统可以打开的最大文件总数进行适当地进行设置 #使得并发总数小于操作系统可以打开的最大文件数目 #其实质也就是根据主机的物理CPU和内存进行配置 #当然，理论上的并发总数可能会和实际有所偏差，因为主机还有其他的工作进程需要消耗系统资源。 # ulimit -SHn 65535; } 02、vim /usr/local/nginx/conf/conf.d/yewu.conf http { log_format main ' "$http_x_forwarded_for" | [$time_local] | $host | $remote_addr | $request | $request_time | $body_bytes_sent | $status |'
'| $upstream_addr | $upstream_response_time | $upstream_status |'
' "$http_referer" | "$http_user_agent" '; access_log /var/log/nginx/access.log main; charset utf-8; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048;

			default_type        application/octet-stream;


			server {
				listen 80;
				root /data/nginx;
				index index.html index.htm *.html index.jsp;
				location ^~ /configCenter-vals/ {
					proxy_pass http://192.168.1.141:8080;
					proxy_set_header Host $host;
					proxy_set_header X-Real-IP $remote_addr;
					proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
					proxy_set_header Via "nginx";
				}
				location ^~ /configCenter/ {
					proxy_pass http://192.168.1.139:8082;
					proxy_set_header Host $host;
					proxy_set_header X-Real-IP $remote_addr;
					proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
					proxy_set_header Via "nginx";
				}

				location ^~ /dubbo_admin/ {
					proxy_pass http://192.168.1.139:8082;
					proxy_set_header Host $host;
					proxy_set_header X-Real-IP $remote_addr;
					proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
					proxy_set_header Via "nginx";
				}
				location ^~ /appserver/ {
					proxy_pass http://192.168.1.160:8080;
					proxy_set_header Host $host;
					proxy_set_header X-Real-IP $remote_addr;
					proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
					proxy_set_header Via "nginx";
				}
				location ^~ /asserver/ {
					proxy_pass http://192.168.1.161:8080;
					proxy_set_header Host $host;
					proxy_set_header X-Real-IP $remote_addr;
					proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
					proxy_set_header Via "nginx";
				}
				location ^~ /idsoserver/ {
					proxy_pass http://192.168.1.161:8080;
					proxy_set_header Host $host;
					proxy_set_header X-Real-IP $remote_addr;
					proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
					proxy_set_header Via "nginx";
				}

				location ^~ /vals-ap/ {
					proxy_pass http://192.168.1.142:8080;
					proxy_set_header Host $host;
					proxy_set_header X-Real-IP $remote_addr;
					proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
					proxy_set_header Via "nginx";
				}

				location ^~ /eidboss/ {
					proxy_pass https://192.168.1.145:8080;
					proxy_set_header Host $host;
					proxy_set_header X-Real-IP $remote_addr;
					proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
					proxy_set_header Via "nginx";
				}
				location ^~ /asboss/ {
					proxy_pass http://192.168.1.145:8081;
					proxy_set_header Host $host;
					proxy_set_header X-Real-IP $remote_addr;
					proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
					proxy_set_header Via "nginx";
				}
			}
		}
		
	03、vim /usr/local/nginx/conf/conf.d/eid.conf
		stream {
			upstream eid_device {
				server 192.168.1.12:8008 max_fails=1 fail_timeout=1s weight=1;
				server 192.168.1.12:8008 max_fails=1 fail_timeout=1s weight=1;
			}
			server {
				listen	8008;
				proxy_pass	eid_device;
			}
		}

4、keepalived高可用配置 01、master配置 vim /etc/keepalived/keepalived.conf global_defs { notification_email { xxx@.com }

	   notification_email_from xxx@.com
	   smtp_server smtp.exmail.qq.com
	   smtp_connect_timeout 30
	   router_id nginx-master
	}


	vrrp_script chk_httpd {
		 script "/etc/keepalived/check_and_start_httpd.sh"
		 interval 2
		 weight -10
			 fall 3
			 rise 2
	}




	vrrp_instance VI_1 {
		nopreempt
		state MASTER
		interface eth1
		virtual_router_id 66
		priority 100
		advert_int 1
		authentication {
			auth_type PASS
			auth_pass 1111
		}
		virtual_ipaddress {
			192.168.1.8/32 dev eth1 label eth1:0
			192.168.1.9/32 dev eth1 label eth1:1
		}
	track_script {                # 引用VRRP脚本，即在 vrrp_script 部分指定的名字。定期运行它们来改变优先级，并最终引发主备切换。
		chk_httpd
		}                
	}
	
02、backup配置
	vim /etc/keepalived/keepalived.conf
	global_defs {
	   notification_email {
				xxx@.com
	   }


	   notification_email_from xxx@.com
	   smtp_server smtp.exmail.qq.com
	   smtp_connect_timeout 30
	   router_id nginx-backup
	}


	vrrp_script chk_httpd {
		 script "/etc/keepalived/check_and_start_httpd.sh"
		 interval 2
		 weight -10
			 fall 3
			 rise 2
	}




	vrrp_instance VI_1 {
	#    nopreempt
		state BACKUP
		interface eth1
		virtual_router_id 66
		priority 95
		advert_int 1
		authentication {
			auth_type PASS
			auth_pass 1111
		}
		virtual_ipaddress {
			192.168.1.8/32 dev eth1 label eth1:0
			192.168.1.9/32 dev eth1 label eth1:1
		}
	track_script {                # 引用VRRP脚本，即在 vrrp_script 部分指定的名字。定期运行它们来改变优先级，并最终引发主备切换。
		chk_httpd
		}                
	}
	
03、脚本：vim /etc/keepalived/check_and_start_httpd.sh
	#!/bin/bash
	counter=$(ps -C nginx --no-heading|wc -l)
	if [ "${counter}" = "0" ]; then
		ps -ef | grep nginx | grep -v grep | awk '{print $2}'  | sed -e "s/^/kill -9 /g" | sh -   #/usr/local/bin/nginx  此为nginx启动方式。
		nginx
		sleep 2
		counter=$(ps -C nginx --no-heading|wc -l)	
		if [ "${counter}" = "0" ]; then
		systemctl stop keepalived
		echo -e "$ip of nginx is stop ,nginx service switch nginx slave  \nlocal is virtual ip :   $virtual_ip    not exist " |mail -s "$ip of nginx is stop" xxx@.com
		fi
	fi
04、邮箱配置：
	yum -y install mailx
	yum install -y sendmail
	yum install -y sendmail-cf
	yum -y install bc
	echo "TRUST_AUTH_MECH('EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl" >> /etc/mail/sendmail.mc
	echo "define('confAUTH_MECHANISMS', 'EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl" >> /etc/mail/sendmail.mc
	sed -i s#127.0.0.1#0.0.0.0#g /etc/mail/sendmail.mc
	grep "OPTIONS" /etc/mail/sendmail.mc
	m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
	echo 'set from=xxx@.com' >> /etc/mail.rc
	echo 'set smtp=smtp.exmail.qq.com' >> /etc/mail.rc
	echo 'set smtp-auth-user=xxx@.com' >> /etc/mail.rc
	echo 'set smtp-auth-password=xxxx' >> /etc/mail.rc
	echo 'set smtp-auth=login' >> /etc/mail.rc
	IP1=$(ifconfig|grep '192.168'|awk '{print $2}')
	IP2=$(ifconfig|grep '10.10'|awk '{print $2}')
	abc="abc.mail.com"
	echo "$IP2 `hostname` $abc" >> /etc/hosts
	systemctl enable sendmail
	systemctl start sendmail
	systemctl status sendmail