您的位置: 首页  >  文章  >  配置Nginx keepalived双击热备防火墙地址伪装端口映射

配置Nginx keepalived双击热备防火墙地址伪装端口映射

分类: 文章 2025-05-24 18:40:40

标题Nginx双击热备

拓扑图
配置Nginx keepalived双击热备防火墙地址伪装端口映射
1、安装nginx依赖软件
[[email protected] ~]# yum -y install pcre-devel zlib-devel kernel-devel popt-devel openssl-devel
[[email protected] ~]# yum -y install pcre-devel zlib-devel kernel-devel popt-devel openssl-devel

2、 创建管理nginx用户
[[email protected] ~]# useradd -M -s /sbin/nologin nginx
[[email protected] ~]# useradd -M -s /sbin/nologin nginx

3、配置nginx
[[email protected] nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --with-http_stub_status_module
[[email protected] nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --with-http_stub_status_module

4、安装nginx
[[email protected] nginx-1.6.0]# make && make install
[[email protected] nginx-1.6.0]# make && make install

5、优化nginx
[[email protected] nginx-1.6.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
[[email protected] nginx-1.6.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/

6、修改nginx网站主页
[[email protected] ~]# echo “www.benet.com” > /usr/local/nginx/html/index.html
[[email protected] ~]# echo “www.accp.com” > /usr/local/nginx/html/index.html

7、启动nginx监听端口号
配置Nginx keepalived双击热备防火墙地址伪装端口映射
配置Nginx keepalived双击热备防火墙地址伪装端口映射
8、设置服务开机自动启动添加执行权限
[[email protected] ~]# vim /etc/rc.d/rc.local
/usr/local/sbin/nginx
[[email protected] ~]# chmod +x /etc/rc.d/rc.local

[[email protected] ~]# vim /etc/rc.d/rc.local
/usr/local/sbin/nginx
[[email protected] ~]# chmod +x /etc/rc.d/rc.local

二、安装keepalived
1、安装keepalived
[[email protected] keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/
[[email protected] keepalived-1.2.13]# make && make install
[[email protected] keepalived-1.2.13]# chkconfig --add keepalived
[[email protected] keepalived-1.2.13]# chkconfig --level 35 keepalived on

[[email protected] keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/
[[email protected] keepalived-1.2.13]# make && make install
[[email protected] keepalived-1.2.13]# chkconfig --add keepalived
[[email protected] keepalived-1.2.13]# chkconfig --level 35 keepalived on

2、配置主keepalived
[[email protected] ~]# vim /etc/keepalived/keepalived.conf
配置Nginx keepalived双击热备防火墙地址伪装端口映射
3、配置监控nginx服务keepalived脚本
[[email protected] ~]# vim /opt/nginx.sh
配置Nginx keepalived双击热备防火墙地址伪装端口映射
4、添加执行权限
[[email protected] ~]# chmod +x /opt/nginx.sh
5、配置从keepalived
[[email protected] ~]# vim /etc/keepalived/keepalived.conf
配置Nginx keepalived双击热备防火墙地址伪装端口映射
6、编写监控nginx服务和keepalived脚本
[[email protected] ~]# vim /opt/nginx.sh
配置Nginx keepalived双击热备防火墙地址伪装端口映射
7、添加执行权限
[[email protected] ~]# chmod +x /opt/nginx.sh
8、启动服务
[[email protected] ~]# systemctl start keepalived
9、查看vip地址
配置Nginx keepalived双击热备防火墙地址伪装端口映射
10、客户端产看
配置Nginx keepalived双击热备防火墙地址伪装端口映射
11、停止主keepalived服务
[[email protected] ~]# systemctl stop keepalived.service
12、启动从keepalived服务
[[email protected] ~]# systemctl start keepalived
13、查看VIP地址
配置Nginx keepalived双击热备防火墙地址伪装端口映射
14、客户端查看
配置Nginx keepalived双击热备防火墙地址伪装端口映射
三、 配置防火墙
1、防火墙ens34接口配置IP
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens34
配置Nginx keepalived双击热备防火墙地址伪装端口映射
2、配置网关 重启网卡服务
[[email protected] ~]# vim //etc/sysconfig/network-scripts/ifcfg-ens32
GATEWAY=192.168.100.30
[[email protected] ~]# systemctl restart network

[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
GATEWAY=192.168.100.30
[[email protected] ~]# systemctl restart network

3、启动防火墙服务设置开机自动启动
[[email protected] ~]# systemctl start firewalld
[[email protected] ~]# systemctl enable firewalld

4、设置默认区域
[[email protected] ~]# firewall-cmd --set-default-zone=external
5、将ens34网卡加入到外部区域
[[email protected] ~]# firewall-cmd --add-interface=ens34 --zone=external
6、将ens32加入到信任区域
[[email protected] ~]# firewall-cmd --add-interface=ens32 --zone=trusted
7、查看**区域
配置Nginx keepalived双击热备防火墙地址伪装端口映射
8、查看区域中的所有规则
配置Nginx keepalived双击热备防火墙地址伪装端口映射
9、关闭伪装
[[email protected] ~]# firewall-cmd --remove-masquerade
10、配置伪装
[[email protected] ~]# firewall-cmd --zone=external --add-rich-rule=‘rule family=ipv4 source address=192.168.100.0/24 masquerade’
11、配置192.168.100.254的80端口映射到192.168.200.30的80端口
[[email protected] ~]# firewall-cmd --zone=external --add-rich-rule=‘rule family=ipv4 destination address=192.168.200.30/32 forward-port port=80 protocol=tcp to-addr=192.168.100.254’
12、查看规则
配置Nginx keepalived双击热备防火墙地址伪装端口映射
13、允许dns http访问
[[email protected] ~]# firewall-cmd --zone=external --add-service=dns
[[email protected] ~]# firewall-cmd --zone=external --add-service=http
四、配置dns
1、安装dns
[[email protected] ~]# yum -y install bind bind-chroot bind-utils
2、配置主配置文件
[[email protected] ~]# vim /etc/named.conf
配置Nginx keepalived双击热备防火墙地址伪装端口映射
3、配置正向解析文件
[[email protected] ~]# vim /var/named/benet.com.zone
配置Nginx keepalived双击热备防火墙地址伪装端口映射
4、添加执行权限
[[email protected] ~]# chmod +x /var/named/benet.com.zone
[[email protected] ~]# chown named:named /var/named/benet.com.zone
5、客户端配置IP
配置Nginx keepalived双击热备防火墙地址伪装端口映射
6、客户端访问
配置Nginx keepalived双击热备防火墙地址伪装端口映射
7、停止主keepalived服务查看从keepalivedVIP地址
[[email protected] ~]# systemctl stop keepalived
[[email protected] ~]# systemctl start keepalived
配置Nginx keepalived双击热备防火墙地址伪装端口映射
8、客户端访问
配置Nginx keepalived双击热备防火墙地址伪装端口映射

相关推荐