Keepalived+nginx+tomcat
1.1 节点规划
| IP地址 | 主机名 | 软件 | 节点 |
|---|---|---|---|
| 192.168.72.30 | master | keepalived,nginx | 主节点 |
| 192.168.72.32 | backup | keepalived,nginx | 从节点 |
| 192.168.72.100 | VIP地址 | ||
| 192.168.72.41 | web1 | tomcat,jdk | |
| 192.168.72.42 | web2 | tomcat,jdk |
1.2 环境准备
1、先删除master和backup服务器上的keeapalived和nginx服务。
bash
# 1. 停止服务
[root@master ~]# systemctl stop keepalived
[root@master ~]# systemctl stop nginx
[root@backup ~]# systemctl stop keepalived
[root@backup ~]# systemctl stop nginx
# 2. 删除软件
[root@master ~]# dnf remove nginx keepalived
[root@backup ~]# dnf remove nginx keepalived
# 3. 删除文件
[root@master ~]# rm -rf /etc/keepalived
[root@backup ~]# rm -rf /etc/keepalived2、克隆两台tomcat服务器,并设置主机名和IP地址
bash
# 1. 修改主机名
[root@localhost ~]# hostnamectl set-hostname tomcat1 && bash
[root@tomcat1 ~]#
[root@localhost ~]# hostnamectl set-hostname tomcat2 && bash
[root@tomcat2 ~]#
# 2. 修改IP地址
[root@tomcat1 ~]# nmcli c m ens160 ipv4.method manual ipv4.addresses 192.168.72.41/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@tomcat1 ~]# nmcli c up ens160
[root@tomcat2 ~]# nmcli c m ens160 ipv4.method manual ipv4.addresses 192.168.72.42/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@tomcat2 ~]# nmcli c up ens1603、将两台tomcat服务的selinux和防火墙关闭
bash
# 1. 关闭selinux
[root@tomcat1 ~]# setenforce 0
[root@tomcat1 ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/config
[root@tomcat1 ~]# grep SELINUX /etc/selinux/config
# SELINUX= can take one of these three values:
# NOTE: Up to RHEL 8 release included, SELINUX=disabled would also
SELINUX=permissive
# SELINUXTYPE= can take one of these three values:
SELINUXTYPE=targeted
[root@tomcat2 ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/config
[root@tomcat2 ~]# setenforce 0
# 2. 关闭防火墙
[root@tomcat2 ~]# systemctl disable --now firewalld.service
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
[root@tomcat1 ~]# systemctl disable --now firewalld.service
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".1.3 搭建tomcat
1.3.1 安装JDK
1、安装jdk
bash
# 下载安装包
[root@tomcat1 ~]# wget https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.tar.gz
--2026-01-13 14:21:31-- https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.tar.gz
Resolving download.oracle.com (download.oracle.com)... 23.58.108.145
Connecting to download.oracle.com (download.oracle.com)|23.58.108.145|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 197085853 (188M) [application/x-gzip]
Saving to: 'jdk-21_linux-x64_bin.tar.gz'
jdk-21_linux-x64_bin.tar.gz 100%[==========================================================>] 187.96M 14.3MB/s in 15s
2026-01-13 14:21:47 (12.3 MB/s) - 'jdk-21_linux-x64_bin.tar.gz' saved [197085853/197085853]
# 解压即安装
[root@tomcat1 ~]# tar -zxf jdk-21_linux-x64_bin.tar.gz -C /usr/local/
[root@tomcat1 ~]# cd /usr/local/
[root@tomcat1 local]# ls
bin etc games include jdk-21.0.9 lib lib64 libexec sbin share src
[root@tomcat1 local]# cd jdk-21.0.9/
[root@tomcat1 jdk-21.0.9]# pwd
/usr/local/jdk-21.0.92、配置JDK
ba
[root@tomcat1 jdk-21.0.9]# vim /etc/profile然后在这个文件的最后添加如下的内容:
bash
.....
export JAVA_HOME=/usr/local/jdk-21.0.9
export PATH=$PATH:$JAVA_HOME/bin3、让配置生效
bash
[root@tomcat1 jdk-21.0.9]# source /etc/profile
[root@tomcat1 jdk-21.0.9]# 4、验证JDK的安装
bash
[root@tomcat1 jdk-21.0.9]# java --version
java 21.0.9 2025-10-21 LTS
Java(TM) SE Runtime Environment (build 21.0.9+7-LTS-338)
Java HotSpot(TM) 64-Bit Server VM (build 21.0.9+7-LTS-338, mixed mode, sharing)5、将JDK的安装目录和配置文件复制到tomcat2服务器中
bash
# 1. 复制安装目录
[root@tomcat1 jdk-21.0.9]# scp -r /usr/local/jdk-21.0.9/ root@192.168.72.42:/usr/local/
The authenticity of host '192.168.72.42 (192.168.72.42)' can't be established.
ED25519 key fingerprint is SHA256:s1BvgtBs1UxSKS+5fVxpZGEOB76pE1/J2MAZnhNW6Wo.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.72.42' (ED25519) to the list of known hosts.
root@192.168.72.42's password:
# 2. 验证安装目录
[root@tomcat2 ~]# ls /usr/local/
bin etc games include jdk-21.0.9 lib lib64 libexec sbin share src
# 3. 复制配置文件
[root@tomcat2 ~]# scp root@192.168.72.41:/etc/profile /etc/
The authenticity of host '192.168.72.41 (192.168.72.41)' can't be established.
ED25519 key fingerprint is SHA256:s1BvgtBs1UxSKS+5fVxpZGEOB76pE1/J2MAZnhNW6Wo.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.72.41' (ED25519) to the list of known hosts.
root@192.168.72.41's password:
profile 100% 1973 1.2MB/s 00:00
# 4. 验证配置文件
[root@tomcat2 ~]# tail -4 /etc/profile
export JAVA_HOME=/usr/local/jdk-21.0.9
export PATH=$PATH:$JAVA_HOME/bin
# 5. 让配置生效
[root@tomcat2 ~]# source /etc/profile
# 6. 验证JDK
[root@tomcat2 ~]# java --version
java 21.0.9 2025-10-21 LTS
Java(TM) SE Runtime Environment (build 21.0.9+7-LTS-338)
Java HotSpot(TM) 64-Bit Server VM (build 21.0.9+7-LTS-338, mixed mode, sharing)1.3.2 安装tomcat
1、下载tomcat安装包
bash
[root@tomcat1 ~]# wget https://dlcdn.apache.org/tomcat/tomcat-11/v11.0.15/bin/apache-tomcat-11.0.15.tar.gz
--2026-01-13 14:38:56-- https://dlcdn.apache.org/tomcat/tomcat-11/v11.0.15/bin/apache-tomcat-11.0.15.tar.gz
Resolving dlcdn.apache.org (dlcdn.apache.org)... 151.101.2.132, 2a04:4e42::644
Connecting to dlcdn.apache.org (dlcdn.apache.org)|151.101.2.132|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14317088 (14M) [application/x-gzip]
Saving to: 'apache-tomcat-11.0.15.tar.gz'
apache-tomcat-11.0.15.tar.gz 100%[==========================================================>] 13.65M 8.55MB/s in 1.6s
2026-01-13 14:38:58 (8.55 MB/s) - 'apache-tomcat-11.0.15.tar.gz' saved [14317088/14317088]2、解压安装包
bash
[root@tomcat1 ~]# tar -zxf apache-tomcat-11.0.15.tar.gz -C /usr/local
[root@tomcat1 ~]# cd /usr/local/
[root@tomcat1 local]# ls
apache-tomcat-11.0.15 bin etc games include jdk-21.0.9 lib lib64 libexec sbin share src
[root@tomcat1 local]# mv apache-tomcat-11.0.15/ tomcat-11.0.15/
[root@tomcat1 local]# ls
bin etc games include jdk-21.0.9 lib lib64 libexec sbin share src tomcat-11.0.15
root@tomcat1 local]# cd tomcat-11.0.15/
[root@tomcat1 tomcat-11.0.15]# pwd
/usr/local/tomcat-11.0.153、配置tomcat
bash
[root@tomcat1 tomcat-11.0.15]# vim /etc/profile在文件的最后添加如下内容:
bash
....
export CATALINA_HOME=/usr/local/tomcat-11.0.15
export PATH=$PATH:$CATALINA_HOME/bin4、让配置生效
bash
[root@tomcat1 tomcat-11.0.15]# source /etc/profile5、将安装好后的tomcat目录复制到tomcat2服务器中
bash
[root@tomcat1 tomcat-11.0.15]# scp -r /usr/local/tomcat-11.0.15/ 192.168.72.42:/usr/local6、将配置文件也复制到tomcat2服务器中
bash
[root@tomcat1 tomcat-11.0.15]# scp /etc/profile 192.168.72.42:/etc/
root@192.168.72.42's password:
profile 100% 2057 3.9MB/s 00:00 7、让配置生效
bash
[root@tomcat2 ~]# source /etc/profile1.3.3 启动服务
1、启动服务
bash
[root@tomcat1 tomcat-11.0.15]# startup.sh
Using CATALINA_BASE: /usr/local/tomcat-11.0.15
Using CATALINA_HOME: /usr/local/tomcat-11.0.15
Using CATALINA_TMPDIR: /usr/local/tomcat-11.0.15/temp
Using JRE_HOME: /usr/local/jdk-21.0.9
Using CLASSPATH: /usr/local/tomcat-11.0.15/bin/bootstrap.jar:/usr/local/tomcat-11.0.15/bin/tomcat-juli.jar
Using CATALINA_OPTS:
Tomcat started.
[root@tomcat2 ~]# startup.sh
Using CATALINA_BASE: /usr/local/tomcat-11.0.15
Using CATALINA_HOME: /usr/local/tomcat-11.0.15
Using CATALINA_TMPDIR: /usr/local/tomcat-11.0.15/temp
Using JRE_HOME: /usr/local/jdk-21.0.9
Using CLASSPATH: /usr/local/tomcat-11.0.15/bin/bootstrap.jar:/usr/local/tomcat-11.0.15/bin/tomcat-juli.jar
Using CATALINA_OPTS:
Tomcat started.2、访问测试
bash
http://192.168.72.41:8080/为了能够更好的看到是哪一台服务器在运行,我们修改index.jsp首页文件:
bash
[root@tomcat1 ~]# echo "$(hostname) $(hostname -I)" > /usr/local/tomcat-11.0.15/webapps/ROOT/index.jsp
[root@tomcat2 ~]# echo "$(hostname) $(hostname -I)" > /usr/local/tomcat-11.0.15/webapps/ROOT/index.jsp1.4 搭建nginx服务器
1、安装nginx
bash
[root@master ~]# dnf install nginx -y
[root@backup ~]# dnf install nginx -y2、配置nginx
2.1 配置master服务
bash
[root@master ~]# cd /etc/nginx/conf.d/
[root@master conf.d]# ls
[root@master conf.d]# vim tomcat.conf文件的内容如下:
nginx
upstream web {
server 192.168.72.41:8080;
server 192.168.72.42:8080;
}
server {
listen 80;
server_name 192.168.72.30;
location / {
proxy_pass http://web;
}
}2.2 配置backup服务
bash
[root@master conf.d]# scp /etc/nginx/conf.d/tomcat.conf 192.168.72.32:/etc/nginx/conf.d/
root@192.168.72.32's password:
tomcat.conf 100% 168 260.5KB/s 00:00 然后修改一个服务名称:
nginx
upstream web {
server 192.168.72.41:8080;
server 192.168.72.42:8080;
}
server {
listen 80;
server_name 192.168.72.32;
location / {
proxy_pass http://web;
}
}3、启动nginx服务
bash
[root@master conf.d]# systemctl start nginx
[root@backup ~]# systemctl start nginx4、测试运行
在浏览器中输入 http://192.168.72.31或http://192.168.72.32来进行访问。
bash
[root@master conf.d]# curl 192.168.72.30
tomcat1 192.168.72.41
[root@master conf.d]# curl 192.168.72.30
tomcat2 192.168.72.42
[root@master conf.d]# curl 192.168.72.30
tomcat1 192.168.72.41
[root@master conf.d]# curl 192.168.72.30
tomcat2 192.168.72.42
[root@master conf.d]# curl 192.168.72.30
tomcat1 192.168.72.41
[root@master conf.d]# curl 192.168.72.30
tomcat2 192.168.72.42
[root@master conf.d]# curl 192.168.72.30
tomcat1 192.168.72.41
[root@backup ~]# curl 192.168.72.32
tomcat1 192.168.72.41
[root@backup ~]# curl 192.168.72.32
tomcat2 192.168.72.42
[root@backup ~]# curl 192.168.72.32
tomcat1 192.168.72.41
[root@backup ~]# curl 192.168.72.32
tomcat2 192.168.72.42
[root@backup ~]# curl 192.168.72.32
tomcat1 192.168.72.41
[root@backup ~]# curl 192.168.72.32
tomcat2 192.168.72.42
[root@backup ~]# curl 192.168.72.32
tomcat1 192.168.72.41 1.5 搭建keepalived
1、安装keepalived
bash
[root@master conf.d]# dnf install keepalived -y
[root@backup ~]# dnf install keepalived -y2、配置keepalived
2.1 配置master
bash
[root@master conf.d]# vim /etc/keepalived/keepalived.conf文件内容如下:
bash
global_defs {
router_id nginx1
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_nginx.sh"
interval 2
timeout 2
weight -20
fall 3
rise 2
}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.72.100
}
track_script {
chk_nginx
}
}3、编写健康检查脚本
bash
[root@master conf.d]# vim /etc/keepalived/check_nginx.sh脚本的内容如下:
bash
#!/bin/bash
count=`ps -C nginx --no-header | wc -l`
if [ $count -eq 0 ]; then
systemctl start nginx
sleep 1
if [ `ps -C nginx --no-header | wc -l` -eq 0 ]; then
systemctl stop keepalived
fi
fi4、给脚本设置可执行权限
bash
[root@master conf.d]# chmod +x /etc/keepalived/check_nginx.sh5、将keepalived和脚本文件复制到backup服务器上
bash
[root@master conf.d]# scp /etc/keepalived/* 192.168.72.32:/etc/keepalived/
root@192.168.72.32's password:
check_nginx.sh 100% 200 383.7KB/s 00:00
keepalived.conf 100% 463 841.6KB/s 00:00 6、修改backup服务器上的配置文件
bash
[root@backup ~]# vim /etc/keepalived/keepalived.conf文件内容如下:
bash
global_defs {
router_id nginx2
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_nginx.sh"
interval 2
timeout 2
weight -20
fall 3
rise 2
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.72.100
}
track_script {
chk_nginx
}
}7、启动服务
bash
[root@master conf.d]# systemctl start keepalived.service
[root@backup ~]# systemctl start keepalived.service
[root@master conf.d]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:e6:52:73 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.72.30/24 brd 192.168.72.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.72.100/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee6:5273/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@backup ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:2d:01:df brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.72.32/24 brd 192.168.72.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2d:1df/64 scope link noprefixroute
valid_lft forever preferred_lft forever8、修改nginx的配置文件(两台服务器都要改)
bash
vim /etc/nginx/conf.d/tomcat.conf文件内容如下:
nginx
upstream web {
server 192.168.72.41:8080;
server 192.168.72.42:8080;
}
server {
listen 80;
server_name 192.168.72.100;
location / {
proxy_pass http://web;
}
}9、重启nginx服务
bash
[root@master conf.d]# systemctl restart nginx
[root@backup ~]# systemctl restart nginx10、运行测试
bash
[root@master conf.d]# curl 192.168.72.100
tomcat1 192.168.72.41
[root@master conf.d]# curl 192.168.72.100
tomcat2 192.168.72.42
[root@master conf.d]# curl 192.168.72.100
tomcat1 192.168.72.41
[root@master conf.d]# curl 192.168.72.100
tomcat2 192.168.72.42
[root@backup ~]# curl 192.168.72.100
tomcat1 192.168.72.41
[root@backup ~]# curl 192.168.72.100
tomcat2 192.168.72.42
[root@backup ~]# curl 192.168.72.100
tomcat1 192.168.72.41
[root@backup ~]# curl 192.168.72.100
tomcat2 192.168.72.42
[root@master conf.d]# systemctl stop nginx
[root@master conf.d]# curl 192.168.72.100
tomcat1 192.168.72.41
[root@master conf.d]# curl 192.168.72.100
tomcat2 192.168.72.42
[root@master conf.d]# curl 192.168.72.100
tomcat1 192.168.72.41
[root@master conf.d]# curl 192.168.72.100
tomcat2 192.168.72.42
[root@master conf.d]# curl 192.168.72.100
tomcat1 192.168.72.41