How to Setup Highly Available NGINX with KeepAlived in Linux

As we know NGINX is a high-end web server that can also be used as a reverse proxy, load balancer and HTTP cache. In this article we will show you how to configure an NGINX High Availability (HA) web server with data storage under Linux. Maintains functionality on the Virtual Router Redundancy Protocol (VRRP), which makes a static IP between two Linux systems fault-tolerant.

Below you will find my laboratory data for NGINX HA :

  • Node 1 – 192.168.1.130 – nginx1.example.com – at least CentOS 8 / RHEL 8
  • node 2 – 192.168.1.140 – nginx2.example.com – at least CentOS 8 / RHEL 8
  • Virtual IP (VIP) – 192 168 1 150
  • pkumaar user
  • Firewald purified the water.
  • SELinux is busy

Let’s continue with the installation and configuration steps,

Step 1) Install the NGINX Web server from thecommand line.

The NGINX package is available in the standard CentOS 8 / RHEL 8 repositories. So, to install the nginx web server, run the dnf command on both nodes.

$ install sudo dnf -y nginx

For CentOS 7 / RHEL 7

The NGINX package is not available in the standard CentOS 7 / RHEL 7 repositories, so you must first activate the game repository to install it. Execute the following command on both nodes.

$ ship-yum setup epil release -y
$ ship-yum setup -y nginx

For Ubuntu / Debian

For Debian-based Linux distributions, the nginx webserver package is available in the standard package repositories, so follow these steps to install nginx.

update sudo apt
$ install sudo apt -y nginx

Step 2) Configure the custom index.html file for both nodes.

Let’s create a custom index.html file for both nodes, so we can easily determine which server is serving the site when accessed via a virtual IP address.

Execute the echo command for node 1,

~] $ echo.

This is an NGINX web server from node 1.

| sudo tee /usr/share/nginx/html/index.html

For node 2, execute

Echo…

This is an NGINX web server from Node 2.

| sudo tee /usr/share/nginx/html/index.html

Step 3) Allow the NGINX port into the firewall and start the service

If the firewall is enabled and running on both hosts, enable port 80 by executing the following commands,

For CentOS / RHEL

sudo firewall-cmd –permanent –add-service=http
$ sudo firewall-cmd -reload

For the Ubuntu/Debian system

sudo ufw allow ‘Nginx HTTP’.

Start and activate the nginx service by executing commands on both nodes under the command,

$ starts sudo systemctl nginx
$ activates sudo systemctl nginx

Test the NGINX web server of both nodes by executing the curl command from the outside,

$ Elbow http://192.168.1.130

This is an NGINX web server from node 1.

Elbows $ http://192.168.1.140

This is an NGINX web server from Node 2.

Great, the output of the above command confirms that nginx is running and externally available with the system IP address.

Step 4) Installation and Adjustment.

For CentOS / RHEL systems, the keepalived package and its dependencies are available in the standard package repositories, so its installation is done immediately, just run the command below on both nodes.

installation dnf de navire -y keepalived // CentOS 8/ RHEL 8
installation yum de navire -y keepalived // CentOS 7 / RHEL 7

For the Ubuntu/Debian system,

Correct installation. I’ll keep it running.

Save them after installation by editing the configuration file /etc/keepalived/keepalived.conf. We keep node 1 as primary node and node 2 as reserve node.

Back up the configuration file,

$ sudo cp /etc/keepalived.conf /etc/keepalived/keepalived.conf-org

Replace keepalived.conf with the following content

$ echo -n | sudo tee /etc/keepalived/keepalived.conf
[[Protected Email] ~]$ sudo vi /etc/keepalived/keepalived.conf

Add the following content

global_defs {
# Save process id
router_id nginx
}

# script to check if Nginx works or not
vrrp_script check_nginx {
script /bin/check_nginx.sh
interval 2
weight 50
}

# Virtual interface – priority defines the order in which the designated interface supports failover
vrrp_instance VI_01 {
MASTER status
interface enp0s3
virtual_router_id 151
priority 110

# Virtual IP address shared between two NGINX web servers using the virtual IP address
{
192.168.1.150/24
}.
track_script {
check_nginx
}
authentication {
auth_type AH
auth_pass secret
}
}.

 

Now create a script with the following content, which checks if the nginx service works Keepalived always checks the output of the check_nginx.sh script. If it detects that the nginx service is down or responding, it moves the virtual IP address to the backup host.

sudo vi /bin/check_nginx.sh
#! /bin/sh
as [ -z ‘pidof nginx’ ] ; then
output 1
fi.

Save and exit the file and set the required permissions with the chmod command,

~]$ sudo chmod 755 /bin/check_nginx.sh

Now copy the files keepalived.conf and check_nginx.sh with the scp command from node 1 to node 2.

[E-Mail protected] ~]$ scp /etc/keepalived.conf [E-Mail protected]:/etc/keepalived/
[[E-Mail protected] ~]$ scp /bin/check_nginx.sh [E-Mail protected]:/bin/

After copying the files, connect to node 2 and make some changes to the keepalived.conf file. Change the status from MASTER to SUPPLEMENTARY and reduce the priority to 100. Once the changes have been made, keepalived.conf on node 2 will look like the one shown below,

 

If the Case OS firewall is running, activate the VRRP with the following commands,

Note – Execute these commands on both nodes.

For CentOS / RHEL systems

sudo firewall-cmd –add-rich-rule=’accept rule protocol value=vrrp’ – constant
$ sudo firewall-cmd –reloaded

For Ubuntu/Debian systems

Activate the VRRP by executing the following actions from the master node (node 1), starting with

sudo ufw solution 224.0.0.18 comments ‘VRRP Broadcast’
$ sudo ufw solution of 192.168.1.140 comments ‘VRRP Router

From a superfluous / slave node (node 2)

sudo ufw solution 224.0.0.18 comment ‘VRRP Broadcast’
$ sudo ufw solution of 192.168.1.130 comment ‘VRRP Router

Finally, perform the keepalived service by executing it under systemctl commands from both nodes,

$ sudo systemctl start keep alive
$ sudo systemctl enable keep alive

Check service performance by performing the following steps:

The sudo systemctl status is maintained.

 

Great, now check the VIP status (virtual IP address) on the main computer, in our case VIP is 192.168.1.130.

Add an ipshow

 

The above result confirms the VIP configuration of the main node in its enp0s3 interface. So let’s test the nginx and keep it alive.

Step 5) Continuation and testing of NGINX

To test, try accessing the nginx web server with a virtual IP address (192.168.1.150), for now it should show us the nginx node 1 page.

Open the wen browser, type http://192.168.1.150 and press Enter,

 

Now try stopping the NGINX service on Node 1 and see if the virtual IP has changed from Node 1 to Node 2, then try opening the VIP nginx webpage (192.168.1.150), and this time it should show us the nginx page for Node 2.

sudo systemctl stop nginx
[[Protected email] ~]$ ip add show

 

Connect to Node 2 and run the ip command to verify the virtual IP address,

$ ip add show…

 

Now let’s try to access the website with a virtual IP,

 

Excellent, the above confirms that we have successfully configured a highly available NGINX web server with data storage. All this is taken from this article, please send us your reactions, remarks and suggestions.

Related Tags:

nginx open source high availability,nginx-ha-setup script,nginx cluster management,nginx high availability reverse proxy,nginx community ha,nginx sync package,keepalived haproxy,keepalived centos 7,keepalived alternatives,keepalived official website,keepalived lvs,keepalived virtual ip,keepalived configuration centos 7,keepalived documentation,download keepalived,how to install nginx ha keepalived,keepalived 2 node,install keepalived,keepalived failover,keepalived monitoring,vrrp to manage a floating virtual ip address,nginx failover,keepalived installation,start keepalived service,keepalived health check,rhel 8 haproxy,haproxy rhel 7,keepalived tecmint,virtual ip address keepalived,keepalived squid,net/ipv4/ip_nonlocal_bind,keepalived track_script,unable to load ipset library,keepalived haproxy configuration,haproxy, keepalived centos 7,keepalived on debian,ubuntu keepalive,ubuntu ip failover,nginx keepalived centos 7,keepalived configuration,keepalived nginx,keepalived nginx check script,keepalived configuration examples,nginx-ha-keepalived package