目录
[方案 1:LVS + Keepalived(四层负载,性能最高)](#方案 1:LVS + Keepalived(四层负载,性能最高))
[步骤 1:配置 MASTER 节点(LB1:192.168.1.20)](#步骤 1:配置 MASTER 节点(LB1:192.168.1.20))
[步骤 2:配置 BACKUP 节点(LB2:192.168.1.21)](#步骤 2:配置 BACKUP 节点(LB2:192.168.1.21))
[步骤 3:添加 Nginx 检测脚本(/etc/keepalived/check_nginx.sh)](#步骤 3:添加 Nginx 检测脚本(/etc/keepalived/check_nginx.sh))
[步骤 4:启动服务](#步骤 4:启动服务)
[方案 2:HAProxy + Keepalived(七层负载,支持 Cookie 会话保持)](#方案 2:HAProxy + Keepalived(七层负载,支持 Cookie 会话保持))
[步骤 1:配置 HAProxy(/etc/haproxy/haproxy.cfg)](#步骤 1:配置 HAProxy(/etc/haproxy/haproxy.cfg))
[步骤 2:配置 Keepalived(主备节点,负责 VIP 漂移)](#步骤 2:配置 Keepalived(主备节点,负责 VIP 漂移))
[MASTER 节点(LB1:192.168.1.20):](#MASTER 节点(LB1:192.168.1.20):)
[BACKUP 节点(LB2:192.168.1.21):](#BACKUP 节点(LB2:192.168.1.21):)
[步骤 3:HAProxy 检测脚本(/etc/keepalived/check_haproxy.sh)](#步骤 3:HAProxy 检测脚本(/etc/keepalived/check_haproxy.sh))
[步骤 4:启动服务](#步骤 4:启动服务)
[方法 1:日志验证(推荐)](#方法 1:日志验证(推荐))
[方法 2:浏览器验证(Cookie 方式)](#方法 2:浏览器验证(Cookie 方式))
既然你需要更精准的配置,我先把LVS+Keepalived (四层最常用)和HAProxy+Keepalived (七层更灵活)两种主流方案的完整可运行配置 、部署步骤 、验证方法都给你,你可以根据实际环境直接套用。
方案 1:LVS + Keepalived(四层负载,性能最高)
前提
- 两台负载均衡器(LB1/MASTER:192.168.1.20,LB2/BACKUP:192.168.1.21)
- 两台 Nginx 节点(NG1:192.168.1.30,NG2:192.168.1.31)
- VIP(虚拟 IP):192.168.1.100(客户端访问的入口)
- 所有机器已安装
keepalived ipvsadm(CentOS:yum install -y keepalived ipvsadm)
步骤 1:配置 MASTER 节点(LB1:192.168.1.20)
编辑 /etc/keepalived/keepalived.conf:
! Configuration File for keepalived
global_defs {
router_id LVS_MASTER # 标识,唯一即可
}
# 监控Nginx存活(可选,挂了就剔除节点)
vrrp_script check_nginx {
script "/etc/keepalived/check_nginx.sh" # 检测脚本路径
interval 2 # 每2秒检测一次
weight -20 # 检测失败则优先级减20
}
vrrp_instance VI_1 {
state MASTER
interface eth0 # 网卡名(根据实际改,比如ens33)
virtual_router_id 51 # 同一集群ID要一致
priority 100 # MASTER优先级高于BACKUP(比如BACKUP设为90)
advert_int 1 # 心跳间隔1秒
authentication {
auth_type PASS
auth_pass 1111 # 认证密码,主备一致
}
virtual_ipaddress {
192.168.1.100/24 dev eth0 # VIP绑定到网卡
}
track_script {
check_nginx # 启用Nginx检测脚本
}
}
# LVS核心配置(会话保持+负载均衡)
virtual_server 192.168.1.100 80 {
delay_loop 6 # 检测后端节点间隔
lb_algo wrr # 加权轮询(常用,也可设rr/leastconn)
lb_kind DR # DR模式(性能最好,推荐)
persistence_timeout 600 # 会话保持超时(10分钟,同一IP固定到同一Nginx)
protocol TCP
# 后端Nginx节点1
real_server 192.168.1.30 80 {
weight 1 # 权重,数值越高分配越多
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
# 后端Nginx节点2
real_server 192.168.1.31 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}步骤 2:配置 BACKUP 节点(LB2:192.168.1.21)
仅需修改 3 处,其余和 MASTER 一致:
state BACKUP
priority 90 # 低于MASTER的100
router_id LVS_BACKUP步骤 3:添加 Nginx 检测脚本(/etc/keepalived/check_nginx.sh)
bash
#!/bin/bash
NGINX_PORT=80
# 检查Nginx是否运行
ps -ef | grep nginx | grep -v grep > /dev/null 2>&1
if [ $? -ne 0 ]; then
# 停止keepalived,VIP漂移到备节点
systemctl stop keepalived
exit 1
fi
# 检查端口是否通
ss -tulpn | grep ":$NGINX_PORT " > /dev/null 2>&1
if [ $? -ne 0 ]; then
systemctl stop keepalived
exit 1
fi
exit 0赋予执行权限:
bash
chmod +x /etc/keepalived/check_nginx.sh步骤 4:启动服务
bash
# 主备节点都执行
systemctl enable --now keepalived
systemctl start ipvsadm # 启用LVS方案 2:HAProxy + Keepalived(七层负载,支持 Cookie 会话保持)
前提
- 负载均衡器节点(LB1/MASTER:192.168.1.20,LB2/BACKUP:192.168.1.21)
- Nginx 节点(NG1:192.168.1.30,NG2:192.168.1.31)
- VIP:192.168.1.100
- 已安装
keepalived haproxy(CentOS:yum install -y keepalived haproxy)
步骤 1:配置 HAProxy(/etc/haproxy/haproxy.cfg)
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
# 前端监听VIP
frontend http_front
bind *:80
bind 192.168.1.100:80 # 绑定VIP
mode http
option httplog
default_backend nginx_backend
# 后端Nginx集群(Cookie会话保持)
backend nginx_backend
mode http
balance roundrobin # 负载算法
cookie SRV_ID insert indirect nocache # 插入Cookie标识节点
option httpchk GET /health # 健康检查(Nginx需配置/health接口)
# 绑定Cookie到节点,同一客户端固定到该节点
server nginx1 192.168.1.30:80 check cookie nginx1 weight 1
server nginx2 192.168.1.31:80 check cookie nginx2 weight 1
# 可选:HAProxy监控页面(访问 http://VIP/haproxy-stats)
listen stats
bind *:8888
mode http
stats enable
stats uri /haproxy-stats
stats auth admin:123456 # 账号密码步骤 2:配置 Keepalived(主备节点,负责 VIP 漂移)
MASTER 节点(LB1:192.168.1.20):
global_defs {
router_id HAPROXY_MASTER
}
vrrp_script check_haproxy {
script "/etc/keepalived/check_haproxy.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
192.168.1.100/24 dev eth0
}
track_script {
check_haproxy
}
}BACKUP 节点(LB2:192.168.1.21):
global_defs {
router_id HAPROXY_BACKUP
}
vrrp_script check_haproxy {
script "/etc/keepalived/check_haproxy.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
192.168.1.100/24 dev eth0
}
track_script {
check_haproxy
}
}步骤 3:HAProxy 检测脚本(/etc/keepalived/check_haproxy.sh)
bash
#!/bin/bash
ps -ef | grep haproxy | grep -v grep > /dev/null 2>&1
if [ $? -ne 0 ]; then
systemctl stop keepalived
exit 1
fi
exit 0赋予执行权限:
bash
chmod +x /etc/keepalived/check_haproxy.sh步骤 4:启动服务
bash
# 主备节点都执行
systemctl enable --now haproxy
systemctl enable --now keepalived验证会话保持是否生效
方法 1:日志验证(推荐)
-
在 Nginx 节点的
/etc/nginx/nginx.conf中,确保日志格式包含客户端 IP 和服务器 IP:log_format main 'remote_addr - remote_user [time_local] "request" '
'status body_bytes_sent "http_referer" ' '"http_user_agent" "http_x_forwarded_for" ' 'server_ip:server_addr'; # 新增服务器IP
access_log /var/log/nginx/access.log main;
重启 Nginx:systemctl restart nginx
- 用同一客户端访问
http://192.168.1.100多次,查看 Nginx 日志:
bash
# 在NG1节点执行
tail -f /var/log/nginx/access.log
# 在NG2节点执行
tail -f /var/log/nginx/access.log✅ 生效:所有请求都出现在同一台 Nginx 的日志里;❌ 未生效:请求分散在两台 Nginx 日志中。
方法 2:浏览器验证(Cookie 方式)
访问 http://192.168.1.100,打开浏览器「开发者工具→网络→请求头」,查看是否有 Set-Cookie: SRV_ID=nginx1(或 nginx2),且后续请求都携带该 Cookie → 生效。
总结
- 核心配置 :LVS 靠
persistence_timeout实现 IP 级会话保持,HAProxy 靠cookie实现 Cookie 级会话保持; - Keepalived 作用:仅负责 VIP 漂移(高可用),不参与负载分发和会话保持;
- 验证关键:同一客户端多次请求,日志仅出现在一台 Nginx 节点 → 会话保持生效。