keepalived+nginx反向代理访问后端web服务器
架设web服务器通过nginx反向代理访问,并通过keepalived配置nginx反向代理服务器和nginxweb
服务器的故障转移
1、系统:Centos6.6
2、反向代理:Keepalived+nginxproxy:
主机:PHP-API-P1
IP地址:192.168.0.111
主机:PHP-API-P2
IP地址:192.168.0.112
VIP :192.168.0.8
3、后端服务:Keepalived+nginx:
主机:PHP-API-S1
IP地址:192.168.0.114
主机:PHP-API-S2
IP地址:192.168.0.113
实验拓补图如下:
一、前端反向代理:Keepalived+nginxproxy安装
安装epel yum源
[root@PHP-API-P1 ~]# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
A、安装keepalived
1、(以PHP-API-P1为例)
[root@PHP-API-P1 ~]# yum -y install keepalived nginx
[root@PHP-API-P1 ~]# vi /etc/keepalived/keepalived.conf
#! Configuration File for keepalived
global_defs {
router_id PHP-API-P1 #修改为自己的主机名
}
vrrp_script chk_haproxy {
script"/etc/keepalived/chk_nginx.sh" #脚本用于检测nginx状态
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP #两台机都修改成BACKUP
interface eth0
virtual_router_id 60 #默认51 主从都修改为60(这个值一定要相同)
priority 100 #在PHP-API-P2修改成99
advert_int 1
nopreempt #不抢占资源,意思就是它活了之后也不会再把主抢回来
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_haproxy
}
virtual_ipaddress {
192.168.0.8
}
}
2、创建nginx检测脚本chk_nginx.sh(nginx服务停止的时候,keepalived服务也跟着停止)
[root@PHP-API-P1]#cd /etc/keepalived/
[root@PHP-API-P1keepalived]# vi chk_nginx.sh
##!/bin/bash
LOYU=`ps -C nginx --no-heading|wc -l`
if [ $LOYU -eq 0 ];then
pkill keepalived
fi
[root@PHP-API-P1keepalived]# chmod 777 chk_nginx.sh
3、启动keepalived服务
[root@PHP-API-P1 ~]# servicekeepalived start
[root@PHP-API-P1~]# chkconfig keepalived on
可以查看到已经绑定了VIP:192.168.0.8
B、安装nginx
1、(以PHP-API-P1为例)
[root@PHP-API-P1keepalived]# yum -y install nginx
2、添加nginx反向代理以及负载平衡配置
[root@PHP-API-P1~]# vi /etc/nginx/conf.d/nginx_proxy.conf
upstreamnginx_proxy{
server192.168.0.113;
server192.168.0.114; #指向后端的服务器
ip_hash;
}
server{
listen 80;
erver_namenginx_proxy;
access_log/var/log/nginx/nginx-proxy_access.log main;
error_log/var/log/nginx/nginx-proxy_error.log;
rewrite_log on;
location / {
proxy_ignore_client_abort on;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_passhttp://nginx_proxy
}
}
3、 nginx性能优化(加入多核CPU参数)
[root@PHP-API-P1 ~]# vi/etc/nginx/nginx.conf
添加以下参数
user nginx;
worker_processes 2; #开启两个进程
worker_cpu_affinity01 10; # 01表示启用第一个cpu内核, 10表示启用第二个CPU内核
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 65535;
}
4、去掉默认配置文件(因只需反向代理功能)
[root@PHP-API-P1 conf.d]# mv default.conf default.conf.bak
开启服务
[root@PHP-API-P1 ~]# service nginx start
[root@PHP-API-P1 ~]# chkconfig nginx on
二、后端nginx安装(web服务支持PHP)
A、安装nginx(以PHP-API-S1为例)
[root@PHP-API-S1~]# yum -y install nginx php55w-pdo libtool nginx gcc make php55w-pear php55w-fpm php55w-gd php55w-zip php55w-xml php55w-curl php55w-mbstring php55w-devel php55w-mysql gcc-c++
B、nginx配置PHP网页支持
[root@PHP-API-S1 ~]# vi /etc/nginx/conf.d/PHP-API-S1.conf
upstream phpfpm{
serverunix:/tmp/php-fpm/phpfpm.socket;
}
server {
listen 80 backlog=1024;
server_name PHP-API-S1;
access_log/var/log/nginx/ PHP-API-S1 _access.log main;
error_log/var/log/nginx/ PHP-API-S 1_error.log;
rewrite_log on;
root /home/ PHP-API-S1;
index index.html index.htm index.php;
location / {
set_real_ip_from 192.168.0.0/24;
real_ip_header X-Real-IP;
}
location ~ \.php${
fastcgi_connect_timeout 180;
fastcgi_read_timeout 180;
fastcgi_send_timeout 180;
fastcgi_buffer_size 1m;
fastcgi_buffers 4 1m;
fastcgi_busy_buffers_size 1m;
fastcgi_temp_file_write_size 1m;
fastcgi_pass phpfpm;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/loyu.com$fastcgi_script_name;
real_ip_header X-Forwarded-For;
include /etc/nginx/fastcgi_params;
client_max_body_size 10m;
}
}
[root@PHP-API-S1 ~]# rm-rf /etc/nginx/conf.d/default.conf
最终测试:
[root@PHP-API-S1~]# cat /home/ PHP-API-S 1/info.php
<?phpphpinfo();?>
浏览器访问:http://192.168.0.8
将PHP-API-S1关机
会自动跳转到PHP-API-S2这台机
可以看到我们能够通过一个VIP访问到后端的WEB网页,说明反向代理成功部署
最后可以再做一些优化配置:
A、php优化配置
[root@PHP-API-S1 ~]# chownnginx:nginx -R /var/lib/php #用于存放php session文件
[root@PHP-API-S1 ~]# mkdir/tmp/php-fpm
[root@PHP-API-S1 ~]# chmod 777 -R/tmp/php-fpm
[root@PHP-API-S1 ~]# sed -i's/short_open_tag = Off/short_open_tag = On/g' /etc/php.ini
[root@PHP-API-S1 ~]# rm -rf/etc/php-fpm.d/*
[root@PHP-API-S1 ~]# cat > /etc/php-fpm.d/phpfpm.conf<<Eof
[phpfpm]
listen.mode = 0666
listen =/tmp/php-fpm/phpfpm.socket
user = nginx
group = nginx
request_slowlog_timeout = 5s
slowlog =/var/log/php-fpm/slowlog-nginx.log
listen.allowed_clients =127.0.0.1
pm = static
;pm = dynamic
pm.max_children = 12
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 12
pm.max_requests = 10
listen.backlog = 1024
pm.status_path = /status
request_terminate_timeout = 30s
rlimit_files = 65535
rlimit_core = unlimited
catch_workers_output = yes
env[HOSTNAME] = $HOSTNAME
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
php_admin_value[post_max_size] =20M
php_admin_value[upload_max_filesize]= 20M
php_admin_value[memory_limit] =512M
php_admin_value[max_execution_time]= 600
php_admin_value[max_input_time] =600
php_admin_value[allow_url_fopen]= on
php_flag[display_errors] = off
php_admin_value[date.timezone] ='Asia/Hong_Kong'
php_admin_value[allow_url_fopen]= on
php_admin_value[session.save_path]= /var/lib/php/session
Eof
B、Nginx配置优化:
[root@PHP-API-S1 ~]# sed -i 's/worker_processes 1;/worker_processes 4;/g'/etc/nginx/nginx.conf
[root@PHP-API-S1 ~]# sed -i '3 a\worker_cpu_affinity 0001 0010 0100 1000;\'/etc/nginx/nginx.conf
[root@PHP-API-S1 ~]# sed -i '4 a\worker_rlimit_nofile 51200;\' /etc/nginx/nginx.conf
[root@PHP-API-S1 ~]# sed -i 's/worker_connections 1024;/worker_connections 65535;/g' /etc/nginx/nginx.conf
[root@PHP-API-S1 ~]# sed -i 's/#gzip on;/gzip on;/g'/etc/nginx/nginx.conf
