How to realize Nginx high availability in production environment

Preparatory work:

192.168.16.128

192.168.16.129

Two virtual machines. Install nginx

Install nginx

Update yum source file:

rpm -ivh http://nginx.org/packages/centos/7/noarch/rpms/nginx-release-centos-7-0.el7.ngx.noarch.rpmwget -o /etc/yum.repos.d/centos-base.repo http://mirrors.aliyun.com/repo/centos-7.repo

Install nginx:

yum -y install nginx

Operation command:

systemctl start nginx; # start nginxsystemctl stop nginx; # Stop nginx

What is high availability?

High availability ha(high availability) is one of the factors that must be considered in the design of distributed system architecture. It usually refers to reducing the time when the system cannot provide services through design. If a system can provide services all the time, then the availability is 100%, but unexpected events happen. Therefore, we can only try our best to reduce service failures.

Solve the problem?

In the production environment, nginx is often used as a reverse proxy to provide services to the outside world, but one day nginx will inevitably encounter failures, such as server downtime. When nginx goes down, all external interfaces will be inaccessible.

Although we can't guarantee that the server is 100% available, we must find ways to avoid this tragedy. Today, we use keepalived to realize nginx.

High availability of.

Dual-machine hot standby scheme

This scheme is the most common high-availability scheme in domestic enterprises. In fact, dual-machine hot standby means that one server is providing services and the other is in a standby state for a certain service. When one server is unavailable, the other will replace it.

What is keepalived?

Keepalived software was originally designed specifically for lvs load balancing software to manage and monitor the status of each service node in lvs cluster system, and later added the highly available VRRP (Virtual Router Redundancy Protocol) function. Therefore, keepalived can not only manage lvs software, but also be used as highly available solution software for other services (such as nginx, haproxy, mysql, etc.).

Failover mechanism

Failover between keepalived high-availability services is achieved through vrrp.

When the keepalived service works normally, the master node will continuously send heartbeat messages (multicast) to the standby node to tell the standby node that it is still alive. When the master node fails, it can't send heartbeat messages, so the standby node can't continue to detect the heartbeat from the master node, so it calls its own takeover program to take over the ip resources and services of the master node. When the master node is restored, the backup node will release the ip resources and services it took over when the master node failed, and restore to its original standby role.

implementation procedure

Install keepalived

You can install it directly in yum mode, which will automatically install the dependency:

yum -y install keepalived

Modify the keepalived configuration file of the host (192.168.16.128)

The production configuration file installed by yum method is under /etc/keepalived:

vi keepalived.conf

keepalived.conf:

# Detect the script vrrp _ scriptchk _ http _ port {script "/usr/local/src/check _ nginx _ pid.sh" # The script executed by heartbeat, and detect whether nginx starts interval 2 # (detect the interval of script execution, The unit is seconds) weight 2 # weight }#vrrp instance definition part vrrp_instance vi_1 {state master # specifies the role of keepalived, with master as the main role. Backup uses ifconfig to check the virtual routing number of your specific network card virtual_router_id 66 # for the network interface card (the current network card of centos) that is currently carrying out vrrp communication at interface ens33 #. The priority of the master and slave should always be 100 #. The greater the value, The higher the priority of the processing request, the advisory _ int 1 # check interval, which defaults to 1s(vrrp multicast cycle seconds) # authorize access authentication {auth_type pass # to set the authentication type and password. Master and backup must use the same password to communicate normally. auth _ pass1111} track _ script {chk _ http _ port #} virtual _ IP address {192.168.16.130 # defines virtual ip(vip), and there can be more than one, one per line}}

Virtual_ipaddress can be configured with vip to access services online.

Interface needs to be set according to the server network card. The usual viewing mode is ip addr.

Authentication configuration authorization access backup machine also requires the same configuration.

Modify keepalived configuration file of standby machine (192.168.16.129)

keepalived.conf:

# detection script vrrp _ scriptchk _ http _ port {script "/usr/local/src/check _ nginx _ pid.sh" # script executed by heartbeat, Detect whether nginx starts interval 2 # (the interval for detecting script execution) weight 2 # weight }#vrrp instance definition part vrrp_instance vi_1 {state backup # specifies the role of keepalived, with master as the main role. Backup uses ifconfig to check the virtual routing number of your specific network card virtual_router_id 66 # for the network interface card (the current network card of centos) that is currently carrying out vrrp communication at interface ens33 #. The priority of the master and slave should always be 99 #. The greater the value, The higher the priority of the processing request, the advisory _ int 1 # check interval, which defaults to 1s(vrrp multicast cycle seconds) # authorize access authentication {auth_type pass # to set the authentication type and password. Master and backup must use the same password to communicate normally. auth _ pass1111} track _ script {chk _ http _ port #} virtual _ IP address {192.168.16.130 # defines virtual ip(vip), and there can be more than one, one per line}}

Detection script:

#! /bin/bash# Check whether nginx has started A = ` PS-Cninx-no-header | WC-L` if [$ a-eq 0]; Then # If nginx is not started, start nginx systemctl start nginx # Restart Nginx IF [`ps-Cninx-no-header | WC-L`-EQ0]; Then #nginx fails to restart, then the keepalived service will be stopped and vip transfer will be carried out.

Script authorization: chmod775check _ nginx _ pid.sh.

Note: the script must be authorized, otherwise it is not authorized to access. Here, our two servers execute vip (virtual _ IP address: 192.168.16.130), and we access the service directly through VIP in the production environment.

Simulate nginx fault:

Modify the html page of nginx that the two servers access by default as a difference.

First visit 192.168.16.130, and visit through vip, and the page will display 192.168.16.128; Explain that the service currently provided by the main server.

At this time, 192.168.16.128 the main server executes the command:

systemctl stop nginx; # Stop nginx

Visit VIP again (192.168.16.130) and find that the page still shows: 192.168.16.128, which is automatically restarted in the script.

Now directly shut down the 192.168.16.128 server, visit the vip(192.168.16.130) here, and now find that the page displays 192.168.16.129. At this time, keepalived will automatically fail over, and a set of high-availability solutions for enterprise-level production environment will be set up.

There are still many functions in keepalived, such as email reminder, etc., so it will not be operated. You can go to official website to look at the documents.