Centos 7部署docker+nginx+keepalived实现高可用web集群
Centos 7部署docker+nginx+keepalived实现高可用web集群发布时间:2020-07-31 08:27:44 来源:51CTO 阅读:58533 作者:xuad88 栏目:建站服务器一.体系架构在Keepalived + Nginx高可用负载均衡架构中,keepalived负责实现High-availability (HA) 功能控制前端机VIP(虚拟网络地址),当有设备发生故障时,热备服务器可以瞬间将VIP自动切换过来,实际运行中体验只有2秒钟切换时间,dns服务可以负责前端VIP的负载均衡。
nginx负责控制后端web服务器的负载均衡,将客户端的请求按照一定的算法转发给后端Real Server处理,而Real Server将响应直接返回给客户端。
https://cache.yisu.com/upload/information/20200309/32/16011.jpg二.简单原理NGINX_MASTER、NGINX_BACKUP两台服务器均通过keepalived软件把ens32网卡绑上一个虚拟IP(VIP)地址192.168.2.242,此VIP当前由谁承载着服务就绑定在谁的ens32上,当NGINX_MASTER发生故障时,NGINX_BACKUP会通过/etc/keepalived/keepalived.conf文件中设置的心跳时间advert_int 1检查,无法获取NGINX_MASTER正常状态的话,NGINX_BACKUP会瞬间绑定VIP来接替nginx_master的工作,当NGINX_MASTER恢复后keepalived会通过priority参数判断优先权将虚拟VIP地址192.168.2.242重新绑定给NGINX_MASTER的ens32网卡。
使用此方案的优越性
1.实现了可弹性化的架构,在压力增大的时候可以临时添加web服务器添加到这个架构里面去;
2.upstream具有负载均衡能力,可以自动判断后端的机器,并且自动踢出不能正常提供服务的机器;
3.相对于lvs而言,正则分发和重定向更为灵活。而Keepalvied可保证单个nginx负载均衡器的有效性,避免单点故障;
4.用nginx做负载均衡,无需对后端的机器做任何改动。
5.nginx部署在docker容器里,即大量地节约开发、测试、部署的时间,又可以在出现故障时通过镜像快速恢复业务。三、系统环境两台负载机器安装:centos7.5+docker+nginx+keepalived,分别命名为:NGINX_MASTER,NGINX_BACKUP。
后端web服务器,可以是提供web服务的任何架构,分别命名为:WEB_1,WEB_2。
后端数据库机器可任意架构,只要能提供数据库服务即可。
服务器操作系统IP地址安装软件
NGINX_MASTERCentos 7.5 64位192.168.2.228docker+nginx+keepalived
NGINX_BACKUPCentos 7.5 64位192.168.2.229docker+nginx+keepalived
WEB_1Centos 7.5 64位192.168.2.226docker+apache+php
WEB_2Centos 7.5 64位192.168.2.227docker+apache+php
数据库集群Centos 7.5 64位mysql集群
四、web服务器部署web服务器我这里用的是LAMP架构,具体的安装部署请参考我的另一篇博文《Centos 7使用docker部署LAMP搭建wordpress博客系统》,https://blog.51cto.com/andyxu/2177116。五、安装配置nginx分别在NGINX_MASTER、NGINX_BACKUP两台服务器上操作
1、部署docker环境
(1)安装docker
注:安装的是docker社区版本yum install -y yum-utils device-mapper-persistent-data lvm2yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repoyum makecache fastyum -y install docker-ce(2)修改配置文件,添加私有仓库地址和阿里云镜像地址,并指定docker数据存储目录mkdir -p /data/dockermkdir -p /etc/dockervim /etc/docker/daemon.json{"registry-mirrors": ["https://registry.docker-cn.com"], "graph": "/data/docker","insecure-registries": ["192.168.2.225:5000"]}(3)启动docker,并加入开机启动systemctl start dockersystemctl enable docker2、配置nginx容器
(1)下载nginx镜像
docker pull nginx
(2)复制nginx主配置文件到本地mkdir -p /data/docker/nginx/confdocker run --name tmp-nginx-container -d nginx:latestdocker cp tmp-nginx-container:/etc/nginx/nginx.conf /data/docker/nginx/conf/docker rm -f tmp-nginx-container(4)创建运行nginx镜像的脚本
vim docker_nginx.sh#!/bin/bashdocker run --name nginx --restart=always -p 80:80 \ -v /data/docker/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro \ -v /data/docker/nginx/conf/conf.d:/etc/nginx/conf.d \ -v /data/docker/nginx/html:/usr/share/nginx/html \ -v /data/docker/nginx/logs:/var/log/nginx \ -d nginx:latest注:--restart=always是重启策略,当docker服务重启后,容器也会自动启动
(5)启动nginx容器
sh docker_nginx.sh
(6)修改nginx主配置文件
vim /data/docker/nginx/conf/nginx.confusernginx;worker_processes4; #工作进程数,为CPU的核心数或者两倍error_log/var/log/nginx/error.log warn;pid /var/run/nginx.pid;events { use epoll; #Linux最常用支持大并发的事件触发机制 worker_connections65535;}http { include /etc/nginx/mime.types; #设定mime类型,类型由mime.type文件定义 default_typeapplication/octet-stream; log_formatmain'$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log/var/log/nginx/access.logmain; sendfile on; #tcp_nopush on; keepalive_timeout120; #gzipon; limit_conn_zone $binary_remote_addr zone=perip:10m; #添加limit_zone,限制同一IP并发数 include /etc/nginx/conf.d/*.conf; #包含nginx虚拟主机配置文件目录}(7)创建upstream配置文件
vim /data/docker/nginx/conf/conf.d/myhost.confupstream xuad {ip_hash;#会话保持server 192.168.2.226max_fails=1 fail_timeout=60s;server 192.168.2.227max_fails=1 fail_timeout=60s;}(8)创建虚拟主机配置文件
vim /data/docker/nginx/conf/conf.d/xuad.confserver { listen 80; server_namelocalhost; #charset GB2312; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://xuad; } # 查看nginx的并发连接数配置 location /NginxStatus { stub_status on; access_log off; auth_basic "NginxStatus"; } access_logoff; error_page 404/404.html; error_page 500 502 503 504 /404.html; location = /404.html { root html; } limit_conn perip 200; #同一ip并发数为200,超过会返回503}(9)重启nginx容器
docker restart nginx六、安装配置keepalived分别在NGINX_MASTER、NGINX_BACKUP两台服务器上操作
1、下载并安装keepalived
注:keepalived安装在实体机上yum install wget make gcc gcc-c++ openssl-develwget http://www.keepalived.org/software/keepalived-2.0.7.tar.gztar zxvf keepalived-2.0.7.tar.gzcd keepalived-2.0.7./configure --prefix=/data/keepalived如果报以下警告:
*** WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.不用担心,我们只需要用到VRRP功能,不需要用IPVS功能,所以请确保以下三项是yes就行了。
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yesmakemake install2、将keepalived 以服务方式启动mkdir /etc/keepalivedcp /data/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/systemctl enable keepalived3、修改keepalived配置文件
vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs { notification_email { xuad@xuad.com } notification_email_from root@xuad.com smtp_server mail.xuad.com smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0}vrrp_script chk_nginx { script "/etc/keepalived/nginx_pid.sh" # 检查nginx状态的脚本 interval 2 weight 3}vrrp_instance VI_1 { state MASTER #备份服务器上将MASTER改为BACKUP interface ens32 virtual_router_id 51 priority 100 #备份服务上将100改为小于100,可配置成90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.2.242 #有多个vip可在下面继续增加 } track_script { chk_nginx }}4、添加检查nginx状态的脚本
vim /etc/keepalived/nginx_pid.sh#!/bin/bash#version 0.0.1#A=`ps -C nginx --no-header |wc -l`if [ $A -eq 0 ];then systemctl restart docker sleep 3 if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then systemctl stop keepalivedfi fi脚本说明:当nginx进程不存在时,会自动重启docker服务,docker服务启动时会自动启动nginx容器;再次检查nginx进程,如果不存在,就停止keepalived服务,然后NGINX_BACKUP主机会自动接替NGINX_MASTER的工作。
chmod +x /etc/keepalived/nginx_pid.sh
5、配置firewalld防火墙允许vrrp协议
VRRP(Virtual Router Redundancy Protocol,虚拟路由器冗余协议)firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.2.229" protocol value="vrrp" accept"firewall-cmd --reload如果是backup服务器,source address改成master服务器的IP
6、启动keepalived
systemctl start keepalived七、测试1、当NGINX_MASTER、NGINX_BACKUP服务器nginx均正常工作时
在NGINX_MASTER上:
https://cache.yisu.com/upload/information/20200309/32/16012.jpg
在NGINX_BACKUP上:
https://cache.yisu.com/upload/information/20200309/32/16014.jpg
master服务器ens32网卡正常绑定VIP,而backup却没有绑定,通过浏览器可正常访问网站。
2、关闭NGINX_MASTER的nginx容器
https://cache.yisu.com/upload/information/20200309/32/16017.jpg
当nginx容器停止后,马上就又启起来了,nginx启动脚本没问题
3、关闭NGINX_MASTER的keepalived服务
在NGINX_MASTER上:
https://cache.yisu.com/upload/information/20200309/32/16019.jpg
在NGINX_BACKUP上:
https://cache.yisu.com/upload/information/20200309/32/16021.jpg
NGINX_BACKUP的ens32网卡已瞬间绑定VIP,通过浏览器访问网站正常。
4、将NGINX_MASTER的keepalived服务启动
在NGINX_MASTER上:
https://cache.yisu.com/upload/information/20200309/32/16024.jpg
在NGINX_BACKUP上:
https://cache.yisu.com/upload/information/20200309/32/16025.jpg
NGINX_MASTER的ens32网卡重新绑定VIP,通过浏览器访问网站正常。
5、关闭WEB_1服务器,通过浏览器访问网站正常。附1:配置时间同步1、在NGINX_MASTER和NGINX_BACKUP上安装ntp
yum -y install ntp
2、在NGINX_MASTER上修改ntp配置文件
添加以下两行server 127.127.1.0 iburstlocal clock #添加使用本地时间restrict 192.168.2.0 mask 255.255.255.0 nomodify #允许更新的IP地址段3、在NGINX_MASTER上启动ntp服务,并加入开机启动systemctl start ntpdsystemctl enable ntpd4、在NGINX_MASTER上添加防火墙策略
只允许192.168.2.229访问ntp服务firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.2.229" port protocol="udp" port="123" accept"firewall-cmd --reload5、在NGINX_BACKUP上同步NGINX_MASTER的时间
ntpdate 192.168.2.228
https://cache.yisu.com/upload/information/20200309/32/16027.jpg
6、在NGINX_BACKUP上设置计划任务,每天凌晨5点01分同步时间crontab -e1 5 * * * /usr/sbin/ntpdate 192.168.2.228 >> /var/log/upClock.log Centos 7使用docker部署LAMP搭建wordpress博客系统https://s3.51cto.com//wyfs02/M00/0F/B4/wKioL1LOCzCASaH9AAAkvKCYNPw520_middle.jpg
xuad88关注1人评论
15520人阅读2018-09-19 15:15:05
LAMP是目前比较流行的web框架,即Linux+Apache+Mysql+PHP的网站架构方案。docker是目前非常流行的虚拟化应用容器,可以为任何应用创建一个轻量级、可移植的容器。现在我们就来通过docker来部署LAMP环境,并且搭建wordpress博客系统来测试。
系统环境
操作系统版本:Centos 7.5 64位
Docker版本:18.06.1-ce(社区版)
ip地址:192.168.2.226
lamp网络ip地址:172.18.0.1
1、下载mysql、php-apache镜像docker pull mysqldocker pull php:7.2-apache创建自定义网络lampdocker network create lampdocker network lshttps://s4.51cto.com/images/blog/201809/19/787a595ef77002c873db3d3a70a8c220.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
2、创建生成mysql、httpd-php容器的脚本
vim docker_lamp.sh#!/bin/bashfunction mysql(){ docker run --name mysql --net lamp -p 3306:3306 \ -v /data/docker/mysql/data:/var/lib/mysql \ -v /data/docker/mysql/conf:/etc/mysql/conf.d \ -v /data/docker/mysql/logs:/logs \ -e MYSQL_ROOT_PASSWORD=test123456 \ #设置mysql的root密码 -d mysql:latest --character-set-server=utf8 #使用utf8编码}function httpd_php(){ docker run --name httpd-php --net lamp -p 80:80 \ -v /data/docker/httpd/conf:/etc/apache2/sites-enabled \ -v /data/docker/www:/var/www/html \ -v /data/docker/httpd/logs:/var/log/apache2 \ -d php:7.2-apache}$13、启动mysql、httpd-php容器sh docker_lamp.sh mysqlsh docker_lamp.sh httpd_php4、写一个php的首页文件来进行测试echo "<?php phpinfo(); ?>" > /data/docker/www/index.php通过浏览器访问http://192.168.2.226
https://s4.51cto.com/images/blog/201809/19/eb070edc4ec993bad4316563edc7d024.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
5、修改mysql的密码加密方式为mysql_native_password
vim /data/docker/mysql/conf/docker_mysql.cnfdefault-authentication-plugin=mysql_native_password如果不修改加密方式的话,低版本的mysql客户端登陆时会报以下错误
https://s4.51cto.com/images/blog/201809/19/33b38374e4bd25a09164fc6b6ea1292e.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
6、数据库操作
登陆mysql容器,创建、配置wordpress数据库docker exec -it mysql /bin/bashmysql -uroot -ptest123456mysql> create database wordpress;mysql> create user wps@localhost identified by '123456';mysql> grant all privileges on wordpress.* to wps@localhost;mysql> create user wps@172.18.0.1 identified by '123456';mysql> grant all privileges on wordpress.* to wps@172.18.0.1;mysql> alter user wps@172.18.0.1 identified with mysql_native_password by '123456';mysql> exitexit7、下载wordpress博客系统wget https://cn.wordpress.org/wordpress-4.9.4-zh_CN.tar.gztar -zxvf wordpress-4.9.4-zh_CN.tar.gz -C /data/docker/www/8、配置wordpress博客
浏览器访问http://192.168.2.226/wordpress
https://s4.51cto.com/images/blog/201809/19/b0adba19c86fc6ef641ee21e39c0a760.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
https://s4.51cto.com/images/blog/201809/19/03b1a0546fc608f76695ac50a62d9f35.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
提交后发现报500错误
https://s4.51cto.com/images/blog/201809/19/42e5ee668b1f2b3ff7a44f7a70e46b9d.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
刷新页面后报错,提示:表前缀不能为空
https://s4.51cto.com/images/blog/201809/19/4062ce94f488fe20fb7126e754aca8d9.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
前面数据库的信息填写都正确,又试了一次还是报这个错。
即然如此,我们就直接修改wp-config-sample.php配置文件吧。
9、修改wp-config-sample.php配置
cd /data/docker/www/wordpress/
vim wp-config-sample.php #修改以下内容/** WordPress数据库的名称 */define('DB_NAME', 'wordpress');/** MySQL数据库用户名 */define('DB_USER', 'wps');/** MySQL数据库密码 */define('DB_PASSWORD', '123456');/** MySQL主机 */define('DB_HOST', 'mysql');/** 创建数据表时默认的文字编码 */define('DB_CHARSET', 'utf8');/** 数据库整理类型。如不确定请勿更改 */define('DB_COLLATE', '');将文件名改为wp-config.php
mv wp-config-sample.php wp-config.php
再用浏览器访问http://192.168.2.226/wordpress
https://s4.51cto.com/images/blog/201809/19/0775863d00cc258608e9423b7a108372.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
查阅资料后发现,原来从PHP5.0开始就不推荐使用mysql_connect()函数了,而到了php7.0则直接废弃了该函数,替代的函数是mysqli_connect(),终于找到问题原因了。
10、Call to undefined function mysql_connect()问题解决方法
进入到mysql容器里安装mysqli扩展docker exec -it httpd-php /bin/bashapt-get updateapt-get install libpng-devcd /usr/local/bin/./docker-php-ext-install gd mysqli./docker-php-ext-enable gd mysqliexitdocker restart httpd-php编写一个测试连接mysql的php
vim /data/docker/www/test.php<?php echo "Hello PHP<br/>"; $conn = mysqli_connect("mysql","wps","123456"); if(!$conn){ echo "连接数据库失败"; }else{ echo "连接数据库成功"; } phpinfo();?>浏览器访问http://192.168.2.226/test.php
https://s4.51cto.com/images/blog/201809/19/ce0a252910f7797c16339533c3c4b088.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
修改wp-db.php文件,将mysql_connect替换为mysqli_connectcd /data/docker/www/wordpress/sed -i "s/mysql_connect/mysqli_connect/g" wp-includes/wp-db.phpmv wp-config.php wp-config-sample.php11、重新配置wordpress博客
浏览器访问http://192.168.2.226/wordpress
按前面的步骤填写完连接mysql的配置信息后,看到如下页面,表示mysql连接成功。
https://s4.51cto.com/images/blog/201809/19/7e1a18eae95187e609a835af519760f3.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
需要手工创建wp-config.php文件,将以上信息贴入wp-config.php文件中
vim /data/docker/www/wordpress/wp-config.php
https://s4.51cto.com/images/blog/201809/19/3568327abdc0058e03efb2c5558f43a3.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
然后点击“现在安装”,出现以下页面
https://s4.51cto.com/images/blog/201809/19/6077027725ca2f2a5fa9ecaddccc9f68.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
输入完以上信息后,点击“安装WordPress”
https://s4.51cto.com/images/blog/201809/19/c9c86883c37908989a59ebd9fcdc98ce.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
https://s4.51cto.com/images/blog/201809/19/b8b64842241823b15bb2bbdc9c7de32b.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
https://s4.51cto.com/images/blog/201809/19/15cde303100795ee9809c01e3188dfa7.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=
至此,wordpress博客系统就搭建完成了。
页:
[1]