永中文档在线转换预览双活实现方案
永中文档在线转换预览服务 是永中软件股份有限公司基于十多年核心技术积累、面向移动互联领域推出的 一款文档处理软件。永中采用自主可控核心技术,具备快速技术和服务响应能力,把文档原样输出为 HTML,图片等,即点即得、无需下载、保护文档隐私,快速高效,轻松实现文档在线安全阅读。
实现目标
- 通过nginx实现业务fcsserver负载均衡,后端可以动态扩展应用服务器
- nginx通过keepalived实现高可用,解决单点故障
- 通过keepalived实现nginx双活配置,解决nginx主备资源使用率50%问题
- 通过dns轮询解析域名到双活vip,达到负载均衡效果
- 后期nginx达到瓶颈应考虑lvs+keepalived+nginx架构,动态扩展nginx服务器
环境准备
- 服务器可以连通外网或者有内网yum源服务器,本次实验服务器可连通外网
- nginx01和nginx02服务器需要在同一网段的网络内
- 保证各服务器之前网络互通
- 保证服务器的防火墙和selinux关闭
- 必须对外提供域名访问,否则只能使用其中一个vip
- 内网部署DNS服务器,模拟DNS轮询解析
1、网络架构
2、实验服务器分布
主机ip操作系统软件端口vipnginx01192.168.56.101Centos7.6nginx keepalived80192.168.56.200nginx02192.168.56.106Centos7.6nginx keepalived80192.168.56.201fcs01192.168.56.101Centos7.6tomcat8080fcs02192.168.56.106Centos7.6tomcat8080共享存储192.168.56.108Centos7.6nfs缓存192.168.56.108Centos7.6redis6379内部DNS192.168.56.108Centos7.6bind53
3、redis
部署服务器:
192.168.56.108
3.1 配置redis
/etc/redis.conf
# 监听地址bind0.0.0.0
# 认证密码
requirepass yozosoft
3.2 启动redis
systemctl enable redis --now && systemctl status redis
4、nfs
4.1 配置nfs
192.168.56.108(服务端)
# 创建存储目录mkdir -p /opt/yozo/data
# 修改权限chown -R nfsnobody.nfsnobody /opt/yozo/data
# 修改配置文件vim /etc/exports
/opt/yozo/data 192.168.56.0/24(rw,sync,all_squash)
192.168.56.101/192.168.56.106(客户端)
# 创建挂载点mkdir -p /opt/yozo/data
# 挂载nfs共享目录mount -t nfs 192.168.56.108:/opt/yozo/data /opt/yozo/data
4.2 启动nfs
systemctl enable rpcbind nfs --now && systemctl status rpcbind nfs
5、fcsserver
部署服务器:
192.168.56.101(fcsserver01)
192.168.56.106(fcsserver02)
5.1 部署fcs
以tomcat为中间件,本次实验fcs安装目录/opt/yozo/fcsserver/webapps/fcsserver,/opt/yozo/fcsserver为解压后的tomcat
部署项目包
mkdir opt/yozo/fcsserver/webapps/fcsserver -p
unzip fcscloud.war -d opt/yozo/fcsserver/webapps/fcsserver
修改fcsserver配置文件
# /opt/yozo/fcsserver/webapps/fcsserver/WEB-INF/classes/config.propertiesinputDir=/opt/yozo/data/fcsdata/input # 必须指定挂载共享存储目录的outputDir=/opt/yozo/data/fcsdata/output
# 如果不提供域名,就只能配置其中一个vip;如果配置为域名,则缓存后,通过vip和fcsserver的ip将不能访问转换的缓存文件viewDomain=http://www.fcsserver.com/fcsserver/
# /opt/yozo/fcsserver/webapps/fcsserver/WEB-INF/classes/application.yml
cache: #采用哪种缓存数据方式
type: redis #local,redis,mysql(local模式只适用于单机,集群部署不支持)
redis:
enable: true#redis开关(预览设置权限时需要使用redis,并发和异步waitting机制使用redis,必开)
redis:
database: 1# Redis数据库索引(默认为0)
timeout: 10000#设置客户端超时时间,单位是毫秒,默认为2000
password: yozosoft #密码#单机版
host: 192.168.56.108
port: 6379
# /opt/yozo/fcsserver/webapps/fcsserver/WEB-INF/classes/<property name="LOG_HOME">../logs</property>
5.2 配置fcs系统服务
配置fcsserver.service
# cat /usr/lib/systemd/system/fcsserver.service[Unit]Description=fcsserver Service.
After=network.target
[Service]Type=forking
Environment="PATH=/opt/yozo/jdk-8u251-amd64/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"WorkingDirectory=/opt/yozo/fcsserver/bin
ExecStart=/opt/yozo/fcsserver/bin/startup.sh
Restart=always
PrivateTmp=true
# 可以指定相关用户启动fcsserver# User=yozo# Group=yozoLimitNOFILE=65536[Install]WantedBy=multi-user.target
如果以普通用户启动,需要将tomcat目录属主属组设置成相应账户
# 此次实验以yozo用户启动chown -R yozo. /opt/yozo/fcsserver
5.3 启动fcs
systemctl enable fcsserver --now && systemctl status fcsserver
6、nginx
部署服务器:
192.168.56.101(nginx01)
192.168.56.106(nginx02)
6.1 配置nginx
/etc/nginx/conf.d/fcsserver.conf配置
server {....
location ~ /fcsserver {
add_header Cache-Control private,no-store,max-age=0,no-cache,must-revalidate,post-check=0,pre-check=0;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded_Proto "http";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_request_buffering off;
proxy_read_timeout 7200;
proxy_send_timeout 7200;
proxy_pass http://fcsserver;}....}
upstream fcsserver {
server 192.168.56.101:8080 fail_timeout=60s;
server 192.168.56.106:8080 fail_timeout=60s;
keepalive 256;}
6.2 启动nginx
systemctl enable nginx --now && systemctl status nginx
7、keepalived
部署服务器:
192.168.56.101(nginx01)
192.168.56.106(nginx02)
7.1 配置keepalived
7.1.1 nginx01配置
/etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id proxy1
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_nginx.sh"
interval 2
weight 20
fall 3
rise 2}
vrrp_instance VI_1 {
state MASTER
interface enp0s3
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111}
virtual_ipaddress {192.168.56.200
}
track_script {
chk_nginx
}}
vrrp_instance VI_2 {
state BACKUP
interface enp0s3
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111}
virtual_ipaddress {192.168.56.201
}
track_script {
chk_nginx
}}
7.1.2 nginx02配置
# 备份keepalived.confmv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.confbak
/etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id proxy2
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_nginx.sh"
interval 2
weight 20
fall 3
rise 2}
vrrp_instance VI_1 {
state BACKUP
interface enp0s8
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111}
virtual_ipaddress {192.168.56.200
}
track_script {
chk_nginx
}}
vrrp_instance VI_2 {
state MASTER
interface enp0s8
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111}
virtual_ipaddress {192.168.56.201
}
track_script {
chk_nginx
}}
双机/etc/keepalived/check_nginx.sh
#!/bin/bash#时间变量,用于记录日志d=`date --date today +%Y%m%d_%H:%M:%S`#计算nginx进程数量n=`ps -C nginx --no-heading|wc -l`#如果进程为0,则启动nginx,并且再次检测nginx进程数量,#如果还为0,说明nginx无法启动,此时需要关闭keepalivedif[$n -eq "0"];then
/etc/init.d/nginx start
n2=`ps -C nginx --no-heading|wc -l`if[$n2 -eq "0"];thenecho"$d nginx down,keepalived will stop">> /var/log/check_ng.log
systemctl stop keepalived
fifi
7.2 启动keepalived
systemctl enable keepalived --now && systemctl status keepalived
nginx01
nginx02
7.3 模拟故障
7.3.1 nginx01手动关闭nginx
nginx故障后,keepalived会自动启动nginx
7.3.2 nginx01手动关闭keepalived
nginx01的vip将会绑定到nginx02上面,nginx02将会出现2个vip,2个vip均可以访问fcsserver
8、DNS服务器部署
用于模拟公网DNS轮询解析,实际使用中是在域名提供商处配置指向映射外网ip
8.1 配置dns
/etc/named.conf
zone "fcsserver.com" IN {type master;file"fcsserver.com.zone";};
zone "56.168.192.in-addr.arpa" IN {type master;file"192.168.56.zone";};
/var/named/fcsserver.com.zone
$TTL86400
@ IN SOA tom jerry (; tom & jerry 这两个参数本应是主机名和邮件地址,这里随便填写,没有问题
42; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ); minimum
IN NS ns.fcsserver.com. ; notice : don't forget the dot in the end
IN MX 10 mail.fcsserver.com.
www IN A 192.168.56.200
www IN A 192.168.56.201
ns IN A 192.168.56.108
mail IN A 192.168.56.108
/var/named/192.168.56.zone
$TTL86400
@ IN SOA ns.fcsserver.com. root (1997022700; Serial
28800; Refresh
14400; Retry
3600000; Expire
86400); Minimum
IN NS ns.fcsserver.com.
200 IN PTR www.fcsserver.com.
201 IN PTR www.fcsserver.com.
108 IN PTR mail.fcsserver.com.
108 IN PTR ns.fcsserver.com.
修改权限
chown named. /var/named/ -R
8.2 启动dns服务
systemctl enable named --now && systemctl status named
9、验证
目标:本次实验有2个vip 192.168.56.200 和 192.168.56.201,需要验证www.fcsserver.com分别解析到2个vip上,并确认每个vip后端服务正常可用
9.1 客户端dns配置
测试期间,禁用其他网卡,只留虚拟机网卡
添加DNS
9.2 DNS缓存清理
9.3 域名访问测试
测试之前需要确认此次DNS解析是否指向所需测试的VIP,如果不是请刷新DNS缓存
需要测试www.fcsserver.com --> 192.168.56.200和www.fcsserver.com --> 192.168.56.201
文件转换测试
转换文件访问测试
注:fcsserver的配置文件中viewDomain配置为域名,故转换文件预览连接只能通过www.fcsserver.com可以正常访问,通过vip、nginx ip、fcsserver ip均不可以访问
版权归原作者 yozodcs 所有, 如有侵权,请联系我们删除。