本文共 10395 字，大约阅读时间需要 34 分钟。

1, 单个nginx反向代理tomcat

a, web环境主备：两个tomcat服务

[root1@web-tomcat-docker ~]#docker run -d --name tomcat1 -p 8081:8080 daocloud.io/library/tomcat:8.0.44docker run -d --name tomcat2 -p 8082:8080 daocloud.io/library/tomcat:8.0.44docker exec -it tomcat1 bash -c " echo 'this is tomcat1:8081' > /usr/local/tomcat/webapps/ROOT/index.jsp"docker exec -it tomcat2 bash -c " echo 'this is tomcat2:8082' > /usr/local/tomcat/webapps/ROOT/index.jsp"[root1@web-tomcat-docker ~]# curl localhost:8081this is tomcat1:8081[root1@web-tomcat-docker ~]# curl localhost:8082this is tomcat2:8082

b, 单个nginx反向代理

[root@proxy-c7 ~]# cat /etc/nginx/conf.d/proxy.confupstream web{
     server web-tomcat-docker:8081;  server web-tomcat-docker:8082;}server {
     #listen 192.168.56.251:88;  listen *:88;  location / {
           proxy_pass http://web;         proxy_set_header  X-Real-IP $remote_addr;          proxy_set_header  REMOTE-HOST $remote_addr;          proxy_set_header  Host $host;          proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;  }}[root@proxy-c7 ~]# curl localhost:88this is tomcat1:8081[root@proxy-c7 ~]# curl localhost:88this is tomcat2:8082

2, 两个(keepalived+ nginx) 代理tomcat

使用keepalived维护虚拟ip: 在主备节点漂移

a, 配置nginx监听vip：在keepalived所有节点

#运行系统监听不存在的端口sysctl -w net.ipv4.ip_nonlocal_bind=1echo net.ipv4.ip_nonlocal_bind=1 >> /etc/sysctl.conf#修改nginx 监听vipcat > /etc/nginx/conf.d/proxy.conf <

b, master节点配置keepalived+nginx

#vrrp_sript: weight权重使用说明：#master : 100--> 初始优先级=100,nginx发生故障,keepalived vrrp优先级-30,变为70 (比backup小，角色对调)#backup1: 90 #backup2: 90 [root@proxy-c7 ~]# cat /etc/keepalived/keepalived.confglobal_defs {
      router_id LVS_DEVEL_162}vrrp_script chk_keep {
       #script [ 0 -eq 0 ] && exit 0 || exit 1  #script /tmp/chk_nginx.sh: service nginx status  script "service nginx status"  interval 1  weight -30}vrrp_instance VI_1_test1 {
       state MASTER  #主备不同    interface eth1    virtual_router_id 51    priority 100 #主备不同    advert_int 1    authentication {
           auth_type PASS        auth_pass 1111    }    virtual_ipaddress {
           192.168.56.251    }    vrrp_macst_group4 224.0.10.67    track_script {
         chk_keep    }#    #发送通知: master状态时,backup状态时..      notify_master "service nginx start"#    notify_master "/etc/keepalived/notify.sh master"#    notify_backup "/etc/keepalived/notify.sh backup"#    notify_fault  "/etc/keepalived/notify.sh fault"}

c, backup节点配置keepalived+nginx

[root@proxy-c6 ~]# cat /etc/keepalived/keepalived.confglobal_defs {
      router_id LVS_DEVEL_161}vrrp_script chk_keep {
     #script [ 0 -eq 0 ] && exit 0 || exit 1  #script /tmp/chk_nginx.sh: service nginx status  script "service nginx status"  interval 1  weight -30}vrrp_instance VI_1_test1 {
       state BACKUP    interface eth1    virtual_router_id 51    priority 90    advert_int 1    authentication {
           auth_type PASS        auth_pass 1111    }    virtual_ipaddress {
           192.168.56.251    }    vrrp_macst_group4 224.0.10.67    track_script {
         chk_keep    }#   #notify state change	notify_master "service nginx start"#   notify_master "/etc/keepalived/notify.sh master"#   notify_backup "/etc/keepalived/notify.sh backup"#   notify_fault  "/etc/keepalived/notify.sh fault"}

keepalived的notify状态通知脚本

每个keepalived主机都配置相同脚本: 当keepalived是master状态时，启动haproxy; 否则就停止haproxy

[root@proxy-c6 vagrant]# cat /etc/keepalived/notify.sh #!/bin/bash#keepalived-master-->启动haproxy#keepalived-backup-->停止haproxyrole=$1send_mail(){
      subject="keepalived master changes"   context="$(date +'%F %T'): $(hostname) changes to $role "   echo $context |mailx -s $subject eyeofeagle@126.com root@localhost}ctl_haproxy(){
      case $role in       master)        service haproxy start;;      backup|faul)	service haproxy stop;;    esac }send_mailctl_haproxy

d, 测试keepalived

[root@proxy-c6 conf.d]# service keepalived startStarting keepalived:                                       [  OK  ][root@proxy-c6 conf.d]# ip a |grep 230    inet 192.168.56.230/32 scope global eth1    [root@proxy-c7 conf.d]# systemctl start keepalived[root@proxy-c7 conf.d]# ip a |grep 230#访问nginx代理的服务：无论哪个服务器为MASTER，都可以访问[root1@c7-docker ~]# curl 192.168.56.251:88this is nginx2:82##ip转移[root@proxy-c6 conf.d]# service keepalived stopStopping keepalived:                                       [  OK  ][root@proxy-c6 conf.d]# ip a |grep 230[root@proxy-c6 conf.d]# [root@proxy-c7 conf.d]# ip a |grep 230    inet 192.168.56.230/32 scope global eth1#访问nginx代理的服务：无论哪个服务器为MASTER，都可以访问[root1@proxy-c7-docker ~]# curl 192.168.56.251:88this is nginx2:82

3, 手动添加/删除：虚拟IP

a, Windows cmd管理虚拟ip

#添加netsh.exe interface ip  add    address name="WLAN" address=192.168.1.40/24 gateway=192.168.1.1 #store=persistent/active#移除netsh.exe interface ip  delete address name="WLAN" address=192.168.1.40####################测试，查看ip                                                                     无线局域网适配器 WLAN:                                                                                                                                     连接特定的 DNS 后缀 . . . . . . . :                                            本地链接 IPv6 地址. . . . . . . . : fe80::9906:a98b:3081:11b%13               IPv4 地址 . . . . . . . . . . . . : 192.168.1.30                          子网掩码  . . . . . . . . . . . . : 255.255.255.0                           IPv4 地址 . . . . . . . . . . . . : 192.168.1.40                          子网掩码  . . . . . . . . . . . . : 255.255.255.0                           默认网关. . . . . . . . . . . . . : 192.168.1.1

b, CentOS 管理虚拟IP

a, 一块网卡，多个ip

临时修改：ip addr

#添加虚拟ip[root@c7-docker ~]# ip addr add 192.168.56.227/24 dev eth1[root@c7-docker ~]# ip addr show eth1                                                                     3: eth1: 
   
     mtu 1500 qdisc pfifo_fast state UP group default qlen 1000         link/ether 08:00:27:46:0e:44 brd ff:ff:ff:ff:ff:ff                                                        inet 192.168.56.117/24 brd 192.168.56.255 scope global noprefixroute eth1                                    valid_lft forever preferred_lft forever                                                                inet 192.168.56.227/24 scope global secondary eth1                                                           valid_lft forever preferred_lft forever                                                                inet6 fe80::a00:27ff:fe46:e44/64 scope link                                                                  valid_lft forever preferred_lft forever                                                                                                                                                                                                                     #删除虚拟ip                                                                                                                                     [root@c7-docker ~]# ip addr del 192.168.56.227/24 dev eth1
   

永久修改：网卡配置文件

[root@c7-docker gitlab]# cat /etc/sysconfig/network-scripts/ifcfg-eth1                                          #VAGRANT-BEGIN                                                                                                  # The contents below are automatically generated by Vagrant. Do not modify.                                     NM_CONTROLLED=yes                                                                                               BOOTPROTO=none                                                                                                  ONBOOT=yes                                                                                                      IPADDR=192.168.56.117                                                                                           IPADDR2=192.168.56.227                                                                                          NETMASK=255.255.255.0                                                                                           DEVICE=eth1                                                                                                     PEERDNS=no                                                                                                      #VAGRANT-END

b, 一块网卡，多个别名

CentOS7: ip addr

[root@c7-docker ~]# ip addr add 192.168.56.227/24 dev eth1 label eth1:2[root@c7-docker ~]# ip addr show eth13: eth1: 
   
     mtu 1500 qdisc pfifo_fast state UP group default qlen 1000    link/ether 08:00:27:46:0e:44 brd ff:ff:ff:ff:ff:ff    inet 192.168.56.117/24 brd 192.168.56.255 scope global noprefixroute eth1       valid_lft forever preferred_lft forever    inet 192.168.56.227/24 scope global secondary eth1:2       valid_lft forever preferred_lft forever    inet6 fe80::a00:27ff:fe46:e44/64 scope link       valid_lft forever preferred_lft forever[root@c7-docker ~]# ip addr del 192.168.56.227/24 dev eth1 label eth1:2
   

CentOS6: ifconfig 网卡

#添加虚拟ip, 在网卡的别名上[root@test-c62 ~]# ifconfig eth1:0 192.168.56.227/24 up                       [root@test-c62 ~]# ifconfig                                                      eth1      Link encap:Ethernet  HWaddr 08:00:27:6D:28:E0                                 inet addr:192.168.56.162  Bcast:192.168.56.255  Mask:255.255.255.0            inet6 addr: fe80::a00:27ff:fe6d:28e0/64 Scope:Link                            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1                            RX packets:52592 errors:0 dropped:0 overruns:0 frame:0                        TX packets:81411 errors:0 dropped:0 overruns:0 carrier:0                      collisions:0 txqueuelen:1000                                                  RX bytes:7511647 (7.1 MiB)  TX bytes:17705955 (16.8 MiB)                                                                                          eth1:0    Link encap:Ethernet  HWaddr 08:00:27:6D:28:E0                                 inet addr:192.168.56.227  Bcast:192.168.56.255  Mask:255.255.255.0            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1                   #删除虚拟ip, 在网卡的别名上                                                                             [root@test-c62 ~]# ifconfig eth1:0 192.168.56.227/24 down

转载地址：http://pcdef.baihongyu.com/