本文共 9501 字,大约阅读时间需要 31 分钟。
Nginx配置TCP请求转发+http请求转发+keepalived高可用
1.TCP请求转发基于stream在1.9版本前,需要单独编译安装该组建:[root@baolin conf]#yum -y install pcre-devel openssl openssl-devel library
wget
tar -xf nginx-1.9.5.tar.gz -C /usr/local/cd /usr/local/nginx-1.9.5/./configure --prefix=/usr/local/nginx/ --with-http_stub_status_module --with-http_ssl_module --with-stream --with-stream_ssl_module
make && make installvim /etc/profile.d/nginx.shexport PATH=/usr/local/nginx/sbin:$PATHsource /etc/profile.d/nginx.shnginx 启动。2、创建conf文件存放目录:
mkdir /usr/local/nginx/conf/conf.d/3、配置
01、nginx.confvim /usr/local/nginx/conf/nginx.confuser nginx;worker_processes auto;error_log /var/log/nginx/error.log;pid /usr/local/nginx/logs/nginx.pid;include /usr/local/nginx/conf/conf.d/.conf;events { worker_connections 25600; #最大连接数use epoll; #指明并发连接请求的处理方法accept_mutex on; #处理新的连接请求的方法;on意味着由worker轮流处理新请求,#并发总数是 worker_processes 和 worker_connections 的乘积#即 max_clients = worker_processes worker_connections#在设置了反向代理的情况下,max_clients = worker_processes worker_connections / 4 为什么#为什么上面反向代理要除以4,应该说是一个经验值#根据以上条件,正常情况下的Nginx Server可以应付的最大连接数为:4 8000 = 32000#worker_connections 值的设置跟物理内存大小有关#因为并发受IO约束,max_clients的值须小于系统可以打开的最大文件数#而系统可以打开的最大文件数和内存大小成正比,一般1GB内存的机器上可以打开的文件数大约是10万左右#我们来看看360M内存的VPS可以打开的文件句柄数是多少:#$ cat /proc/sys/fs/file-max#输出 34336#32000 < 34336,即并发连接总数小于系统可以打开的文件句柄总数,这样就在操作系统可以承受的范围之内#所以,worker_connections 的值需根据 worker_processes 进程数目和系统可以打开的最大文件总数进行适当地进行设置#使得并发总数小于操作系统可以打开的最大文件数目#其实质也就是根据主机的物理CPU和内存进行配置#当然,理论上的并发总数可能会和实际有所偏差,因为主机还有其他的工作进程需要消耗系统资源。} 02、vim /usr/local/nginx/conf/conf.d/yewu.conf http { log_format main ' "$http_x_forwarded_for" | [$time_local] | $host | $remote_addr | $request | $request_time | $body_bytes_sent | $status |' '| $upstream_addr | $upstream_response_time | $upstream_status |' ' "$http_referer" | "$http_user_agent" '; access_log /var/log/nginx/access.log main; charset utf-8; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; default_type application/octet-stream; server { listen 80; root /data/nginx; index index.html index.htm *.html index.jsp; location ^~ /configCenter-vals/ { proxy_pass http://192.168.1.141:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Via "nginx"; } location ^~ /configCenter/ { proxy_pass http://192.168.1.139:8082; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Via "nginx"; } location ^~ /dubbo_admin/ { proxy_pass http://192.168.1.139:8082; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Via "nginx"; } location ^~ /appserver/ { proxy_pass http://192.168.1.160:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Via "nginx"; } location ^~ /asserver/ { proxy_pass http://192.168.1.161:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Via "nginx"; } location ^~ /idsoserver/ { proxy_pass http://192.168.1.161:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Via "nginx"; } location ^~ /vals-ap/ { proxy_pass http://192.168.1.142:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Via "nginx"; } location ^~ /eidboss/ { proxy_pass https://192.168.1.145:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Via "nginx"; } location ^~ /asboss/ { proxy_pass http://192.168.1.145:8081; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Via "nginx"; } } } 03、vim /usr/local/nginx/conf/conf.d/eid.conf stream { upstream eid_device { server 192.168.1.12:8008 max_fails=1 fail_timeout=1s weight=1; server 192.168.1.12:8008 max_fails=1 fail_timeout=1s weight=1; } server { listen 8008; proxy_pass eid_device; } } 4、keepalived高可用配置
01、master配置vim /etc/keepalived/keepalived.confglobal_defs { notification_email {notification_email_from xxx@.com smtp_server smtp.exmail.qq.com smtp_connect_timeout 30 router_id nginx-master } vrrp_script chk_httpd { script "/etc/keepalived/check_and_start_httpd.sh" interval 2 weight -10 fall 3 rise 2 } vrrp_instance VI_1 { nopreempt state MASTER interface eth1 virtual_router_id 66 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.8/32 dev eth1 label eth1:0 192.168.1.9/32 dev eth1 label eth1:1 } track_script { # 引用VRRP脚本,即在 vrrp_script 部分指定的名字。定期运行它们来改变优先级,并最终引发主备切换。 chk_httpd } }02、backup配置 vim /etc/keepalived/keepalived.conf global_defs { notification_email { xxx@.com } notification_email_from xxx@.com smtp_server smtp.exmail.qq.com smtp_connect_timeout 30 router_id nginx-backup } vrrp_script chk_httpd { script "/etc/keepalived/check_and_start_httpd.sh" interval 2 weight -10 fall 3 rise 2 } vrrp_instance VI_1 { # nopreempt state BACKUP interface eth1 virtual_router_id 66 priority 95 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.8/32 dev eth1 label eth1:0 192.168.1.9/32 dev eth1 label eth1:1 } track_script { # 引用VRRP脚本,即在 vrrp_script 部分指定的名字。定期运行它们来改变优先级,并最终引发主备切换。 chk_httpd } }03、脚本:vim /etc/keepalived/check_and_start_httpd.sh #!/bin/bash counter=$(ps -C nginx --no-heading|wc -l) if [ "${counter}" = "0" ]; then ps -ef | grep nginx | grep -v grep | awk '{print $2}' | sed -e "s/^/kill -9 /g" | sh - #/usr/local/bin/nginx 此为nginx启动方式。 nginx sleep 2 counter=$(ps -C nginx --no-heading|wc -l) if [ "${counter}" = "0" ]; then systemctl stop keepalived echo -e "$ip of nginx is stop ,nginx service switch nginx slave \nlocal is virtual ip : $virtual_ip not exist " |mail -s "$ip of nginx is stop" xxx@.com fi fi04、邮箱配置: yum -y install mailx yum install -y sendmail yum install -y sendmail-cf yum -y install bc echo "TRUST_AUTH_MECH('EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl" >> /etc/mail/sendmail.mc echo "define('confAUTH_MECHANISMS', 'EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl" >> /etc/mail/sendmail.mc sed -i s#127.0.0.1#0.0.0.0#g /etc/mail/sendmail.mc grep "OPTIONS" /etc/mail/sendmail.mc m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf echo 'set from=xxx@.com' >> /etc/mail.rc echo 'set smtp=smtp.exmail.qq.com' >> /etc/mail.rc echo 'set smtp-auth-user=xxx@.com' >> /etc/mail.rc echo 'set smtp-auth-password=xxxx' >> /etc/mail.rc echo 'set smtp-auth=login' >> /etc/mail.rc IP1=$(ifconfig|grep '192.168'|awk '{print $2}') IP2=$(ifconfig|grep '10.10'|awk '{print $2}') abc="abc.mail.com" echo "$IP2 `hostname` $abc" >> /etc/hosts systemctl enable sendmail systemctl start sendmail systemctl status sendmail 转载于:https://blog.51cto.com/8248183/2327382