CentOS 8: How to Setup Highly Available NGINX by KeepAlived?

Nginx is a free, open-source, and one of the most common webserver throughout the world. The high availability provides an application to reroute work to another system in the case of failure. There are various technologies available to set up a highly available system. It can also be used as a reverse proxy, load balancer, and HTTP cache.

The Keepalived daemon can monitor services or systems and automatically failover to standby if problems occur. If one node is poor then the second node served the resources.

The prerequisites for setting up a high available Nginx web server with Keepalived in CentOS 8 are:

> Two servers working CentOS 8: One for the master node and one for the backup node.
> A root password is configured on your server.

First, it needs to install the Nginx package on both nodes. Run the following command to install Nginx.
dnf install nginx -y

Once the Nginx installation has been completed on both nodes, run the following commands to start and enable the Nginx service to start at system reboot:
systemctl start nginx
systemctl enable nginx

To identify each node, create a custom index.html file on both nodes.

Use the below command to create an index.html file on the first node:
echo "<h1>This is My First NGINX Web Server Node</h1>" | tee /usr/share/nginx/html/index.html

Use the below command to create an index.html file on the second node:
echo "<h1>This is My Second NGINX Web Server Node</h1>" | tee /usr/share/nginx/html/index.html

When it has been finished, then save and close.

To install Keepalived on both nodes, use the below-given command(by default, the Keepalived package is possible in the CentOS 8 default repository):
dnf install keepalived -y

To edit the keepalived default configuration file on both nodes, do the following steps.

On the first node

First, run the below command:
nano /etc/keepalived/keepalived.conf

Then remove the default contents and add the following contents:
global_defs {
# Keepalived process identifier
router_id nginx
}
# Script to check whether Nginx is running or not
vrrp_script check_nginx {
script "/bin/check_nginx.sh"
interval 2
weight 50
}
# Virtual interface - The priority specifies the order in which the assigned
interface to take over in a failover
vrrp_instance VI_01 {
state MASTER
interface eth0
virtual_router_id 151
priority 110
# The virtual IP address shared between the two NGINX Web Server will float
virtual_ipaddress {
145.67.1.23/24
}
track_script {
check_nginx
}
authentication {
auth_type AH
auth_pass secret
}
}

Save and close the file when it is finished.

On the second node:

First, run the below command:
nano /etc/keepalived/keepalived.conf

Then remove the default contents and add the following contents:
global_defs {
# Keepalived process identifier
router_id nginx
}
# Script to check whether Nginx is running or not
vrrp_script check_nginx {
script "/bin/check_nginx.sh"
interval 2
weight 50
}
# Virtual interface - The priority specifies the order in which the assigned
interface to take over in a failover
vrrp_instance VI_01 {
state BACKUP
interface eth0
virtual_router_id 151
priority 100
# The virtual ip address shared between the two NGINX Web Server which will
float
virtual_ipaddress {
145.67.1.23/24
}
track_script {
check_nginx
}
authentication {
auth_type AH
auth_pass secret
}
}

When completed, save and close the file.

Note: Just replaced MASTER with BACKUP and 110 with 100 in the above configuration file.

Then need to make a script to examine whether the Nginx service is working or not. You can create it using the following command:

nano /bin/check_nginx.sh

Then add the following lines:
#!/bin/sh
if [ -z "`pidof nginx`" ]; then
exit 1
fi

Save and close the file

Then set proper permission with the following command:
chmod 755 /bin/check_nginx.sh

Subsequently, start keepalived service and allow it to start at system reboot applying the resulting command:
systemctl start keepalived
systemctl enable keepalived

You can also check the status of keepalived service using the following command:
systemctl status keepalived

You should get the following output:

? keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled;
vendor preset: disabled)
Active: active (running) since Thu 2021-04-08 04:24:22 EDT; 5s ago
Process: 3141 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS
(code=exited, status=0/SUCCESS)
Main PID: 3142 (keepalived)
Tasks: 2 (limit: 12524)
Memory: 2.1M
CGroup: /system.slice/keepalived.service
??3142 /usr/sbin/keepalived -D
??3143 /usr/sbin/keepalived -D
Apr 08 04:24:22 node1 Keepalived_vrrp[3143]: (VI_01) Changing effective
priority from 110 to 160
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: (VI_01) Receive advertisement
timeout
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: (VI_01) Entering MASTER STATE
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: (VI_01) setting VIPs.
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: Sending gratuitous ARP on eth0
for 145.67.1.23
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: (VI_01) Sending/queueing
gratuitous ARPs on eth0 for 145.67.1.23
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: Sending gratuitous ARP on eth0
for 145.67.1.23
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: Sending gratuitous ARP on eth0
for 145.67.1.23
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: Sending gratuitous ARP on eth0
for 145.67.1.23
Apr 08 04:24:25 node1 Keepalived_vrrp[3143]: Sending gratuitous ARP on eth0
for 145.67.1.23

You can also verify the virtual IP address status on the Master node using the following command:
ip add show

You should see the virtual IP address 145.67.1.23 in the following output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever


2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP

group default qlen 1000
link/ether 00:00:2d:3a:20:9b brd ff:ff:ff:ff:ff:ff
inet 45.58.32.155/24 brd 45.58.32.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 145.67.1.23/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::200:2dff:fe3a:209b/64 scope link
valid_lft forever preferred_lft forever

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP
group default qlen 1000
link/ether 00:00:0a:3a:20:9b brd ff:ff:ff:ff:ff:ff
inet6 fe80::200:aff:fe3a:209b/64 scope link
valid_lft forever preferred_lft forever

Once it is finished, then proceed to the next step.

Allow port 80 and allow VRRP on both nodes. For this, run the following command:

firewall-cmd --permanent --add-service=http
firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent

Next, reload the firewall to implement the reforms:
firewall-cmd –reload

Now, Nginx and Keepalived are installed and configured.

To verify whether the Nginx high availability works or not, do the following steps.

First, open your web browser and access the URL http://your-virtual-ip.

You should see "This Is My First NGINX Web Server Node".

Stop the Nginx service on the Master node and test whether the virtual IP is turned from Node 1 to Node 2.

On the Master node, stop the Nginx service using the following command:
systemctl stop nginx

Next, login to Node2 and verify the virtual IP using the following command:
ip add show

You should see your Virtual IP in the following output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP
group default qlen 1000
link/ether 00:00:2d:3a:26:37 brd ff:ff:ff:ff:ff:ff
inet 45.58.38.55/24 brd 45.58.38.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 145.67.1.23/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::200:2dff:fe3a:2637/64 scope link
valid_lft forever preferred_lft forever

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP
group default qlen 1000
link/ether 00:00:0a:3a:26:37 brd ff:ff:ff:ff:ff:ff
inet6 fe80::200:aff:fe3a:2637/64 scope link
valid_lft forever preferred_lft forever

Now, access your Nginx web server using the URL http://your-virtual-ip.

You should see "This is My Second NGINX Web Server Node".

Now, completed the setup of a highly available Nginx server with Keepalived.

Was this answer helpful? 0 Users Found This Useful (0 Votes)