Skip to main content

Nginx + Keepalived HA Service Configuration

IPRole
192.168.10.31Nginx Node01
192.168.10.32Nginx Node02
192.168.10.200VIP

In Keepalived configuration, the concept of VIP (Virtual IP) refers to a virtual IP address used by a backup node to take over the service of the master node, avoiding disconnection of client connections.

Configure Keepalived

Install Keepalived

Both Nginx servers need to install the Keepalived service.

yum install -y keepalived

Modify the Keepalived Configuration File

Nginx Node01 Node

Modify the content of the /etc/keepalived/keepalived.conf file as follows:

global_defs {
    router_id hap-nginx-ha-01
}

vrrp_script check_nginx_health {
    script "/usr/local/nginx/script/check_nginx_health.sh"
    interval 10
}

vrrp_sync_group VG1 {
    group {
        VI_1
    }
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0          # Change to the network card name of the host
    virtual_router_id 185   # Unique among all VRRP routers on the same subnet, range 0-255
    priority 100            # Priority, different for each node
    advert_int 1
    nopreempt
    authentication {
        auth_type PASS
        auth_pass HAP-Nginx-Keepalived-Auth
    }
    track_script {
        check_nginx_health
    }
    virtual_ipaddress {
        192.168.10.200      # VIP address
    }
}
  • Note that the priority values in the configuration files of the two nodes are different.
  • By default, only the interface and VIP address need to be modified.

Nginx Node02 Node

Modify the content of the /etc/keepalived/keepalived.conf file as follows:

global_defs {
    router_id hap-nginx-ha-01
}

vrrp_script check_nginx_health {
    script "/usr/local/nginx/script/check_nginx_health.sh"
    interval 10
}

vrrp_sync_group VG1 {
    group {
        VI_1
    }
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0          # Change to the network card name of the host
    virtual_router_id 185   # Unique among all VRRP routers on the same subnet, range 0-255
    priority 90             # Priority, different for each node
    advert_int 1
    nopreempt
    authentication {
        auth_type PASS
        auth_pass HAP-Nginx-Keepalived-Auth
    }
    track_script {
        check_nginx_health
    }
    virtual_ipaddress {
        192.168.10.200      # VIP address
    }
}
  • Note that the priority values in the configuration files of the two nodes are different.
  • By default, only the interface and VIP address need to be modified.

The following Nginx related scripts need to be created on both nodes.

Create the directory for storing the scripts:

mkdir -p /usr/local/nginx/script/

Use vim /usr/local/nginx/script/check_nginx_health.sh to create the Nginx health check script.

The contents of the check_nginx_health.sh script are as follows:

#!/bin/bash
# Log function
nginx_keepalived_log_file="/var/log/nginx_keepalived.log"
log_info() {
    echo "$(date +"%Y-%m-%d %H:%M:%S") INFO: $1" >> "$nginx_keepalived_log_file"
}

check_nginx_status() {
    ps aux | grep nginx | grep -v grep | grep -v check_nginx_health
    nginx_process=$?
}

# Define the number of checks
max_retries=3
retry_interval=2

# Continuously check the Nginx service status, attempting up to max_retries times
retry_count=0
while true; do
    check_nginx_status

    if [ $nginx_process -eq 0 ]; then
        # Nginx process is normal, exit loop
        exit 0
    else
        if [ $retry_count -ge $max_retries ]; then
            # If maximum retry count reached, stop Keepalived service and exit
            systemctl stop keepalived
            log_info "After $max_retries retries, Nginx process remains unhealthy, stop Keepalived"
            exit 0
        fi
    fi

    retry_count=$((retry_count + 1))
    sleep $retry_interval
done

Add executable permissions to all scripts:

chmod +x /usr/local/nginx/script/*.sh

Start Keepalived

systemctl start keepalived
systemctl enable keepalived

Troubleshooting

Both Servers Have the VIP

Possible common reasons include:

  • Firewall or other network restrictions between the two machines

    • Port restrictions (default uses port 112)
    • Network environment does not support VRRP (Virtual Router Redundancy Protocol)

  • Unable to reach each other's address network between the two machines

  • The priority configured for both nodes might be the same, leading to no master node being elected

  • Check the /var/log/messages log file for troubleshooting

Neither Server Has the VIP

Possible common reasons include:

  • The vrrp_script specified in the keepalived.conf has execution issues, resulting in a non-zero error value, preventing Keepalived from fully initializing and binding the VIP

  • Check the /var/log/messages log file for troubleshooting