在 Ubuntu 上使用 keepalived 和 nginx 实现高可用性

tag-icon tag-icon linux nginx load-balancing high-availability keepalived
在 Ubuntu 上使用 keepalived 和 nginx 实现高可用性

我有两台相同的 Linux 服务器,它们通过 nginx 提供相同的内容。我希望通过使用 keepalived 的故障转移实现高可用性,也就是说,服务器 1 始终尽可能提供 nginx 的内容,如果它崩溃,服务器 2(备份)将开始提供 nginx 的内容(内容不会因服务器而异)。当我停止服务器 1 时,一切似乎都正常工作,它通过服务器 2 上配置的内部 IP 提供服务,但我如何才能让该内容通过最终端点向外部提供服务?也就是说,如果服务器 1 发生故障,客户端将连接到“domain.externo.com”并提供服务器 2 的内容。

基本基础设施如下: 基础设施照片

为此,我在主服务器上使用了 keepalived 工具,其配置如下(“/etc/keepalived/keepalived.conf”):

#        script "/usr/bin/curl -k https://172.31.12.20" #Slave
        script "/usr/bin/curl -k https://172.31.11.251" # Master
        interval 2
        weight 2
        fall 2
        rise 2
}
vrrp_instance VI_1 {
        interface eth0
        state MASTER
        virtual_router_id 1
        priority 101                    # 101 on master, 100 on backup
        advert_int 1
        virtual_ipaddress {
            172.31.100.100/24
        }
        track_script {
            chk_nginx
        }
}

在从属配置(“/etc/keepalived/keepalived.conf”)中

vrrp_script chk_nginx {
        script "/usr/bin/curl -k https://172.31.12.20" #Slave
#        script "/usr/bin/curl -k https://172.31.11.251"        # Master
        interval 2
        weight 2
        fall 2
        rise 2
}
vrrp_instance VI_1 {
        interface eth0
        state SLAVE
        virtual_router_id 1
        priority 100                    # 101 on master, 100 on backup
        advert_int 1
        virtual_ipaddress {
            172.31.100.100/24
        }
        track_script {
            chk_nginx
        }
}

我有 Master nginx 配置(Slave 非常相似,不再延长帖子):

    listen       80;
    listen  [::]:80;
    server_name  domain.external.com;

    location / {
        rewrite ^ https://$host$request_uri? permanent;
    }

    # redirect server error pages to the static page /50x.html
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}
server {
    listen       443 ssl http2;
    listen  [::]:443 ssl http2;

    server_name domain.externo.com;

    ssl_certificate /etc/certs/domain.external.com/fullchain.pem;
    ssl_certificate_key /etc/certs/domain.external.com/domain.external.com.key;
    ssl_trusted_certificate /etc/certs/domain.external.com/domain.external.com.ca.crt;

    include /etc/nginx/conf.d/ssl.conf;
    location ~ / {
      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      # # Fix the “It appears that your reverse proxy set up is broken" error.
#      proxy_pass          https://172.31.100.100;
      proxy_read_timeout  90;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

我曾尝试在文件“/etc/keepalived/keepalived.conf”中的先前配置中在指令中引入域:

...
virtual_ipaddress {
           # 172.31.100.100/24
           domain.external.com
...
        }

这样不行。我在 Nginx 或 KeepAlived 配置中缺少什么?希望有人能帮助我。提前谢谢

答案1

您必须在 DNS 中为该域设置虚拟 IP,因为客户端将通过它找到它。

相关内容