Keepalived+Nginx+Tomcat 高可用负载均衡

一、4台机器角色

|----------------|----------------------------|-------------------|
| 机器IP | 角色 | 服务 |
| 192.168.52.138 | Nginx1 + Keepalived Master | Nginx、Keepalived主 |
| 192.168.52.139 | Nginx2 + Keepalived Backup | Nginx、Keepalived备 |
| 192.168.52.135 | Tomcat1 | 后端应用 |
| 192.168.52.136 | Tomcat2 | 后端应用 |

VIP：192.168.52.100（对外入口）

二、所有机器通用初始化（4台都执行）

复制代码

# 关闭防火墙、SELinux
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

# 安装基础依赖
dnf install -y wget tar gcc make java-1.8.0-openjdk-devel

三、Tomcat1（135）+ Tomcat2（136）配置（两台一样）

1. 安装 Tomcat 9

复制代码

cd /usr/local
wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.85/bin/apache-tomcat-9.0.85.tar.gz
tar -zxvf apache-tomcat-9.0.85.tar.gz
mv apache-tomcat-9.0.85 tomcat

2. 写测试页面（区分两台）

复制代码

# Tomcat1（135）执行
echo "<h1>Tomcat-135</h1>" > /usr/local/tomcat/webapps/ROOT/index.jsp

# Tomcat2（136）执行
echo "<h1>Tomcat-136</h1>" > /usr/local/tomcat/webapps/ROOT/index.jsp

3. 启动 Tomcat

复制代码

/usr/local/tomcat/bin/startup.sh

4. 验证（访问自己IP:8080）

复制代码

curl localhost:8080

四、Nginx1（138）+ Nginx2（139）安装（两台一样）

复制代码

dnf install -y nginx

配置 Nginx 反向代理到 Tomcat

复制代码

cat > /etc/nginx/nginx.conf <<EOF
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format  main  '\$remote_addr - \$remote_user [\$time_local] "\$request" '
                      '\$status \$body_bytes_sent "\$http_referer" '
                      '" \$http_user_agent" "\$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    upstream tomcat_servers {
        server 192.168.52.135:8080;
        server 192.168.52.136:8080;
    }

    server {
        listen 80;
        server_name localhost;

        location / {
            proxy_pass http://tomcat_servers;
            proxy_set_header Host \$host;
            proxy_set_header X-Real-IP \$remote_addr;
        }
    }
}
EOF

启动 Nginx

复制代码

systemctl enable --now nginx

测试 Nginx 代理是否正常

复制代码

curl localhost
# 会交替出现 Tomcat-135 / Tomcat-136

五、Keepalived 配置（核心：138主 + 139备）

1. 两台都安装 Keepalived

复制代码

dnf install -y keepalived

2. 配置 138（Master）

复制代码

cat > /etc/keepalived/keepalived.conf <<EOF
global_defs {
    router_id NGINX_MASTER
}

# 监控 Nginx 是否存活
vrrp_script chk_nginx {
    script "killall -0 nginx"
    interval 2
    weight -20
}

vrrp_instance VI_1 {
    state MASTER
    interface ens160  # 改成你实际网卡名（ip addr 看）
    virtual_router_id 52
    priority 150
    advert_int 1

    authentication {
        auth_type PASS
        auth_pass 123456
    }

    virtual_ipaddress {
        192.168.52.100/24
    }

    track_script {
        chk_nginx
    }
}
EOF

3. 配置 139（Backup）

复制代码

cat > /etc/keepalived/keepalived.conf <<EOF
global_defs {
    router_id NGINX_BACKUP
}

vrrp_script chk_nginx {
    script "killall -0 nginx"
    interval 2
    weight -20
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens160  # 改成你实际网卡名
    virtual_router_id 52
    priority 100
    advert_int 1

    authentication {
        auth_type PASS
        auth_pass 123456
    }

    virtual_ipaddress {
        192.168.52.100/24
    }

    track_script {
        chk_nginx
    }
}
EOF

4. 两台都启动 Keepalived

复制代码

systemctl enable --now keepalived

六、最终测试（任意机器执行）

复制代码

curl 192.168.52.100

✅ 不断刷新会交替显示 Tomcat-135 / 136

✅ 停掉 138 的 Nginx 或 Keepalived，VIP 自动飘到 139

✅ 停掉任意一台 Tomcat，Nginx 自动跳过故障节点

七、你可能需要的排查命令

复制代码

# 看VIP在哪
ip addr

# 看Keepalived日志
tail -f /var/log/messages

# 抓VRRP包
tcpdump -i ens160 host 224.0.0.18