当前位置：首页 > news >正文

keepalived+nginx实现高可用

news 2026/6/18 22:46:41

1.1 节点规划

IP地址	主机名	软件	节点
192.168.24.10	master	keepalived,nginx	主节点
192.168.24.20	backup	keepalived,nginx	从节点
192.168.24.100	VIP地址

1.2 环境准备

克隆两台服务器，然后设置它们的主机名和IP地址，并关闭selinux和防火墙

# 1. 设置主机名

[root@localhost ~]# hostnamectl set-hostname master && bash [root@master ~]# [root@localhost ~]# hostnamectl set-hostname backup && bash [root@backup ~]#

# 2. 修改IP地址

[root@master ~]# nmcli c m ens160 ipv4.method manual ipv4.addresses 192.168.24.10/24 ipv4.gateway 192.168.24.2 ipv4.dns 223.5.5.5 connection.autoconnect yes [root@master ~]# nmcli c up ens160 [root@backup ~]# nmcli c m ens160 ipv4.method manual ipv4.addresses 192.168.24.20/24 ipv4.gateway 192.168.24.2 ipv4.dns 223.5.5.5 connection.autoconnect yes [root@backup ~]# nmcli c up ens160

# 3. 关闭selinux

SELinux 默认拦截脚本 / 端口 / 进程权限，会导致健康检查、VIP 漂移失败。

[root@master ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/config [root@master ~]# getenforce Enforcing [root@master ~]# setenforce 0 [root@master ~]# getenforce Permissive [root@backup ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/config [root@backup ~]# setenforce 0

# 4. 关闭防火墙

防火墙会拦截 VRRP 协议（组播），主备无法通信，VIP 飘不过去。

[root@master ~]# systemctl disable --now firewalld.service Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service". Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service". [root@backup ~]# systemctl disable --now firewalld.service Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service". Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".

1.3 搭建nginx服务

分别在两台服务器中安装nginx服务。高可用要求主备都能提供服务

[root@master ~]# dnf install nginx -y [root@backup ~]# dnf install nginx -y

2、修改欢迎页

测试时能直观看到当前访问的是 master 还是 backup。

[root@master ~]# echo $(hostname -I) > /usr/share/nginx/html/index.html [root@backup ~]# echo $(hostname -I) > /usr/share/nginx/html/index.html

3、启动nginx服务

[root@master ~]# systemctl start nginx [root@backup ~]# systemctl start nginx

4、测试服务

[root@master ~]# curl localhost 192.168.24.10 [root@backup ~]# curl localhost 192.168.24.20

1.4 搭建keepalived

分别在两台服务器中安装keepalived软件，部署 Keepalived 实现漂移，主节点挂了自动切到备节点

[root@master ~]# dnf install keepalived -y [root@backup ~]# dnf install keepalived -y

2、配置keepalived

2.1 配置master

[root@master ~]# vim /etc/keepalived/keepalived.conf 文件的内容修改如下： global_defs { router_id master } vrrp_instance VI_1 { state MASTER interface ens160 virtual_router_id 51 priority 100 #优先级，主>备 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.24.100 #自动绑定到主节点 } }

2.2 配置backup

备节点优先级低，正常不抢 VIP, 主挂了才接管。

[root@backup ~]# vim /etc/keepalived/keepalived.conf 文件的内容修改如下： global_defs { router_id backup } vrrp_instance VI_1 { state BACKUP interface ens160 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.24.100 } }

3、启动服务

启动后主备开始通过 VRRP 组播通信，master 绑定 VIP。

[root@master ~]# systemctl start keepalived.service [root@backup ~]# systemctl start keepalived.service

实现高可用

保证服务不可用时自动切换，而不是死占vip。

[root@master ~]# vim /etc/keepalived/check_nginx.sh 脚本的内容如下： #!/bin/bash count=`ps -C nginx --no-header | wc -l` if [ ${count} -eq 0 ]; then systemctl start nginx #先尝试重启nginx sleep 2 if [ `ps -C nginx --no-header | wc -l` -eq 0 ]; then systemctl stop keepalived #启动不起来，自杀让出vip fi fi

2、给这个脚本赋予可执行权限

[root@master ~]# ll /etc/keepalived/check_nginx.sh -rw-r--r--. 1 root root 243 Apr 11 21:55 /etc/keepalived/check_nginx.sh [root@master ~]# chmod +x /etc/keepalived/check_nginx.sh [root@master ~]# ll /etc/keepalived/check_nginx.sh -rwxr-xr-x. 1 root root 243 Apr 11 21:55 /etc/keepalived/check_nginx.sh

3、将这个文件发送到backup节点

[root@master ~]# scp -p /etc/keepalived/check_nginx.sh root@192.168.24.20:/etc/keepalived/ The authenticity of host '192.168.24.20 (192.168.24.20)' can't be established. ED25519 key fingerprint is SHA256:xLwz8qEQMbnB85sRiBuHy9/2ZpNxhJl58AqRjGY8kWk. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '192.168.24.20' (ED25519) to the list of known hosts. root@192.168.24.20's password: check_nginx.sh 100% 243 699.9KB/s 00:00

4、最后在backup节点上进行验证

[root@backup ~]# ll /etc/keepalived/check_nginx.sh -rwxr-xr-x. 1 root root 243 Apr 11 21:55 /etc/keepalived/check_nginx.sh

5、将编写的脚本写入到keepalived的配置文件中

5.1 修改master配置文件

[root@master ~]# vim /etc/keepalived/keepalived.conf 文件的内容修改如下： global_defs { router_id master } #以下是增加的内容 vrrp_script chk_nginx { script "/etc/keepalived/check_nginx.sh" interval 2 # 每2秒检查 timeout 2 weight -20 #检查失败优先级-20 fall 3 rise 2 } vrrp_instance VI_1 { state MASTER interface ens160 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } #这是增加的内容 track_script { chk_nginx } virtual_ipaddress { 192.168.24.100 } }

5.2 修改backup节点的配置文件

[root@backup ~]# vim /etc/keepalived/keepalived.conf 文件内容修改如下： global_defs { router_id backup } vrrp_script chk_nginx { script "/etc/keepalived/check_nginx.sh" interval 2 timeout 2 weight -20 fall 3 rise 2 } vrrp_instance VI_1 { state BACKUP interface ens160 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } track_script { chk_nginx } virtual_ipaddress { 192.168.24.100 } }

6、重启keepalived服务

加载新配置

[root@master ~]# systemctl restart keepalived.service [root@backup ~]# systemctl restart keepalived.service

7、功能测试

[root@master ~]# curl 192.168.24.100 192.168.24.10 [root@master ~]# systemctl stop nginx [root@master ~]# curl 192.168.24.100 192.168.24.10 此时在backup访问vip [root@backup ~]# curl 192.168.24.100 192.168.24.10 关闭keepalive，访问vip [root@master ~]# systemctl stop keepalived.service [root@master ~]# curl 192.168.24.100 192.168.24.20

结论

Keepalived 负责IP 高可用，健康检查脚本负责业务高可用，两者配合实现 Nginx 双机热备，做到故障自动检测、自动切换。

查看全文

http://www.jsqmd.com/news/626314/