Nginx 配置 TCP 请求转发 + http 请求转发 + keepalived 高可用
http://nginx.org/download/
1.TCP 请求转发基于 stream 在 1.9 版本前, 需要单独编译安装该组建:
依赖服务
- [root@baolin conf]#yum -y install pcre-devel openssl openssl-devel library
- wget http://nginx.org/download/nginx-1.9.5.tar.gz
- tar -xf nginx-1.9.5.tar.gz -C /usr/local/
- cd /usr/local/nginx-1.9.5/
编译安装 stream 组建
- ./configure --prefix=/usr/local/nginx/ --with-http_stub_status_module --with-http_ssl_module --with-stream --with-stream_ssl_module
- make && make install
- VIM /etc/profile.d/nginx.sh
- export PATH=/usr/local/nginx/sbin:$PATH
- source /etc/profile.d/nginx.sh
nginx 启动.
2, 创建 conf 文件存放目录:
mkdir /usr/local/nginx/conf/conf.d/
3, 配置
- 01,nginx.conf
- VIM /usr/local/nginx/conf/nginx.conf
- user nginx;
- worker_processes auto;
- error_log /var/log/nginx/error.log;
- pid /usr/local/nginx/logs/nginx.pid;
- include /usr/local/nginx/conf/conf.d/.conf;
- events {
- worker_connections 25600; #最大连接数
- use epoll; #指明并发连接请求的处理方法
- accept_mutex on; #处理新的连接请求的方法; on 意味着由 worker 轮流处理新请求,
- # 并发总数是 worker_processes 和 worker_connections 的乘积
- # 即 max_clients = worker_processes worker_connections
- # 在设置了反向代理的情况下, max_clients = worker_processes worker_connections / 4 为什么
- # 为什么上面反向代理要除以 4, 应该说是一个经验值
- # 根据以上条件, 正常情况下的 Nginx Server 可以应付的最大连接数为: 4 8000 = 32000
- #worker_connections 值的设置跟物理内存大小有关
- # 因为并发受 IO 约束, max_clients 的值须小于系统可以打开的最大文件数
- # 而系统可以打开的最大文件数和内存大小成正比, 一般 1GB 内存的机器上可以打开的文件数大约是 10 万左右
- # 我们来看看 360M 内存的 VPS 可以打开的文件句柄数是多少:
- #$ cat /proc/sys/fs/file-max
- # 输出 34336
- #32000 <34336, 即并发连接总数小于系统可以打开的文件句柄总数, 这样就在操作系统可以承受的范围之内
- # 所以, worker_connections 的值需根据 worker_processes 进程数目和系统可以打开的最大文件总数进行适当地进行设置
- # 使得并发总数小于操作系统可以打开的最大文件数目
- # 其实质也就是根据主机的物理 CPU 和内存进行配置
- # 当然, 理论上的并发总数可能会和实际有所偏差, 因为主机还有其他的工作进程需要消耗系统资源.
- ulimit -SHn 65535;
- }
- 02,VIM /usr/local/nginx/conf/conf.d/yewu.conf
- http {
- log_format main '"$http_x_forwarded_for" | [$time_local] | $host | $remote_addr | $request | $request_time | $body_bytes_sent | $status |''| $upstream_addr | $upstream_response_time | $upstream_status |'' "$http_referer" | "$http_user_agent" ';
- access_log /var/log/nginx/access.log main;
- charset utf-8;
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 65;
- types_hash_max_size 2048;
- default_type application/octet-stream;
- server {
- listen 80;
- root /data/nginx;
- index index.html index.htm *.HTML index.jsp;
- location ^~ /configCenter-vals/ {
- proxy_pass http://192.168.1.141:8080;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Via "nginx";
- }
- location ^~ /configCenter/ {
- proxy_pass http://192.168.1.139:8082;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Via "nginx";
- }
- location ^~ /dubbo_admin/ {
- proxy_pass http://192.168.1.139:8082;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Via "nginx";
- }
- location ^~ /appserver/ {
- proxy_pass http://192.168.1.160:8080;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Via "nginx";
- }
- location ^~ /asserver/ {
- proxy_pass http://192.168.1.161:8080;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Via "nginx";
- }
- location ^~ /idsoserver/ {
- proxy_pass http://192.168.1.161:8080;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Via "nginx";
- }
- location ^~ /vals-ap/ {
- proxy_pass http://192.168.1.142:8080;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Via "nginx";
- }
- location ^~ /eidboss/ {
- proxy_pass https://192.168.1.145:8080;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Via "nginx";
- }
- location ^~ /asboss/ {
- proxy_pass http://192.168.1.145:8081;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Via "nginx";
- }
- }
- }
- 03,VIM /usr/local/nginx/conf/conf.d/eid.conf
- stream {
- upstream eid_device {
- server 192.168.1.12:8008 max_fails=1 fail_timeout=1s weight=1;
- server 192.168.1.12:8008 max_fails=1 fail_timeout=1s weight=1;
- }
- server {
- listen 8008;
- proxy_pass eid_device;
- }
- }
4,keepalived 高可用配置
01,master 配置
- VIM /etc/keepalived/keepalived.conf
- global_defs {
- notification_email {br/>xxx@.com
- } mailto:br/%3Exxx@.com%3Cbr/
- notification_email_from xxx@.com
- smtp_server smtp.exmail.qq.com
- smtp_connect_timeout 30
- router_id nginx-master
- }
- vrrp_script chk_httpd {
- script "/etc/keepalived/check_and_start_httpd.sh"
- interval 2
- weight -10
- fall 3
- rise 2
- }
- vrrp_instance VI_1 {
- nopreempt
- state MASTER
- interface eth1
- virtual_router_id 66
- priority 100
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 192.168.1.8/32 dev eth1 label eth1:0
- 192.168.1.9/32 dev eth1 label eth1:1
- }
- track_script { # 引用 VRRP 脚本, 即在 vrrp_script 部分指定的名字. 定期运行它们来改变优先级, 并最终引发主备切换.
- chk_httpd
- }
- }
02,backup 配置
- VIM /etc/keepalived/keepalived.conf
- global_defs {
- notification_email {
- xxx@.com
- }
- notification_email_from xxx@.com
- smtp_server smtp.exmail.qq.com
- smtp_connect_timeout 30
- router_id nginx-backup
- }
- vrrp_script chk_httpd {
- script "/etc/keepalived/check_and_start_httpd.sh"
- interval 2
- weight -10
- fall 3
- rise 2
- }
- vrrp_instance VI_1 {
- # nopreempt
- state BACKUP
- interface eth1
- virtual_router_id 66
- priority 95
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 192.168.1.8/32 dev eth1 label eth1:0
- 192.168.1.9/32 dev eth1 label eth1:1
- }
- track_script { # 引用 VRRP 脚本, 即在 vrrp_script 部分指定的名字. 定期运行它们来改变优先级, 并最终引发主备切换.
- chk_httpd
- }
- }
03, 脚本: VIM /etc/keepalived/check_and_start_httpd.sh
- #!/bin/bash
- counter=$(ps -C nginx --no-heading|wc -l)
- if [ "${counter}" = "0" ]; then
- ps -ef | grep nginx | grep -v grep | awk '{print $2}' | sed -e "s/^/kill -9 /g" | sh - #/usr/local/bin/nginx 此为 nginx 启动方式.
- nginx
- sleep 2
- counter=$(ps -C nginx --no-heading|wc -l)
- if [ "${counter}" = "0" ]; then
- systemctl stop keepalived
- echo -e "$ip of nginx is stop ,nginx service switch nginx slave \nlocal is virtual ip : $virtual_ip not exist" |mail -s "$ip of nginx is stop" xxx@.com
- fi
- fi
04, 邮箱配置:
- yum -y install mailx
- yum install -y sendmail
- yum install -y sendmail-cf
- yum -y install bc
- echo "TRUST_AUTH_MECH('EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl">> /etc/mail/sendmail.mc
- echo "define('confAUTH_MECHANISMS','EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl">> /etc/mail/sendmail.mc
- sed -i s#127.0.0.1#0.0.0.0#g /etc/mail/sendmail.mc
- grep "OPTIONS" /etc/mail/sendmail.mc
- m4 /etc/mail/sendmail.mc> /etc/mail/sendmail.cf
- echo 'set from=xxx@.com'>> /etc/mail.rc
- echo 'set smtp=smtp.exmail.qq.com'>> /etc/mail.rc
- echo 'set smtp-auth-user=xxx@.com'>> /etc/mail.rc
- echo 'set smtp-auth-password=xxxx'>> /etc/mail.rc
- echo 'set smtp-auth=login'>> /etc/mail.rc
- IP1=$(ifconfig|grep '192.168'|awk '{print $2}')
- IP2=$(ifconfig|grep '10.10'|awk '{print $2}')
- abc="abc.mail.com"
- echo "$IP2 `hostname` $abc">> /etc/hosts
- systemctl enable sendmail
- systemctl start sendmail
- systemctl status sendmail
- mailto:br/%3Exxx@.com%3Cbr/
mailto:br/>xxx@.com
来源: http://www.bubuko.com/infodetail-2875603.html