Ucarp和nginx提供内网vip
source link: https://bajie.dev/posts/20231214-ucarp_nginx/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Ucarp和nginx提供内网vip
ucarp我们来实战一下完成ucarp+nginx做内网vip,模拟F5的vip的方法
ucarp的安装参考之前的文章,环境如下:
- ucarp1:192.168.19.1
- ucarp2:192.168.19.2
- vip:172.18.19.10
在172.18.19.1和172.18.19.2上编译Nginx 1.16.1
./configure --prefix=/export/servers/nginx1161 --with-stream --with-stream_ssl_module
make
make install
重点是/export/servers/nginx1161/conf/nginx.conf
cat /export/servers/nginx1161/conf/nginx.conf
user nobody;
worker_processes auto;
events {
use epoll;
worker_connections 65535;
}
stream {
log_format proxy '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
}
access_log logs/tcp-access.log proxy ;
open_log_file_cache off;
upstream stream_backend01 {
hash $remote_addr consistent;
#server 172.18.31.2:80 weight=5;
server 172.18.31.2:80 max_fails=2 fail_timeout=30s;
#server 172.18.31.2:80 max_conns=3;
}
server {
listen 172.18.19.10:80;
proxy_timeout 20s;
proxy_pass stream_backend01;
}
}
注意: 1、打出了tcp-access.log 2、根据源IP做hash,强制分配到后面的同一台服务器上,保证一致性 3、后端的server可以有权重,最大连接,以及失效检测(30s内无法连通2次,就摘掉这个服务器)
同时调整vip-up.sh
cat /usr/local/bin/vip-up.sh
#!/bin/sh
/sbin/ip addr add ${2}/24 dev ${1}
/sbin/ip neigh flush dev ${1}
/export/servers/nginx/sbin/nginx
/export/servers/nginx/sbin/nginx -s reload
谁获得了主ip 172.18.19.10,谁就会启动nginx,并且强制刷一下配置
注意,一开始的时候,由于172.18.19.2没有获得主ip 172.18.19.10,所以上面是不会自动起nginx进程的!!!
测试一下:
在172.18.19.1上面
kill -usr2 ucarp的进程pid
看172.18.19.2上面,nginx已经自动启动了
然后访问
curl http://172.18.19.10/
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK