整体流程为:
1、页面访问为https,在电脑修改hosts文件,如域名为 babaozhou.com, 则配置为 ip1 babaozhou.com,ip2 babaozhou.com;
也就是说同域名关联两个ip,这样如果服务器1ping不通了则可以自动切换到ip2,避免服务器连不上问题;
2、nginx -V,查看是否支持openssl
用keepalived+nginx;当主服务进程停掉后可以立马切换到备;
更改keepalived.conf,位置在/etc/keepalived/
当前主的配置
java
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.254.136 83 //这里为需要切的ip 端口,其中254要与当前保持一致
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_http_port {
script "/usr/local/src/nginx_check.sh" //脚本位置
interval 2
weight 2
}
vrrp_instance VI_1 {
state MAXTER //MAXTER 为主
interface enp7s0f1 //interface要一致 ip -a 查看一下,要与当前服务器保持一直
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.254.100 83 //虚拟ip 端口,直接暴露出来的
}
}创建文件 nginx_check.sh,内容如下,放到 /usr/local/src/
java
#!binbash
A=`ps -C nginx --no-header wc -l`
if [ $A -eq 0 ];then
usrlocalnginxsbinnginx
sleep 2
if [ `ps -C nginx --no-header wc -l` -eq 0 ];then
killall keepalived
fi
fi备
java
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.254.138 83 //备服务ip 端口
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_http_port {
script "/usr/local/src/nginx_check.sh" //脚本位置,内容位置与上面一样
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP //BACKUP 为备
interface enp11s0f0 //interface要一致 ip -a 查看一下,要与当前服务器保持一直
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.254.100 83 //虚拟IP地址 端口
}
}nginx
java
server {
listen 443 ssl;
server_name www.sky.com;
ssl_certificate /root/CA/root/server.crt;
ssl_certificate_key /root/CA/root/server.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.254.100:83; //该ip为keepalived虚拟ip
}
}
//上面配置上一篇有讲
//设置负载均衡 当86挂掉后自动切换到138; webname是随便起的
upstream webname{
server 192.168.254.86:9124;
server 192.168.254.138:9124;
}
server {
listen 83;
server_name _;
location / {
root /usr/local/src/dist;
index index.html index.htm;
}
ssl_prefer_server_ciphers on;
location ^~/api {
rewrite ^/api/(.*)$ /$1 break;
proxy_pass http://webname; //对于配置的webname
}
}hosts解决服务器连不上切换到备,keepalived解决 keepalived与nginx进程停止后自动切换到备,nginx负载均衡解决 后端停止自动切换到备;还有别的七七八八再记录