Build a Fault‑Tolerant Nginx + Keepalived Cluster: Master‑Slave and Dual‑Master Modes

Introduction

Through two practical cases we demonstrate how to use

Nginx+keepalived

to build a high‑availability cluster. Before diving in you may review basic Nginx concepts.

Nginx+Keepalived High‑Availability Cluster (Master‑Slave Mode)

Cluster Architecture

Note: Keepalived servers also run Nginx as a load balancer.

1. Prepare Four Machines

All nodes run CentOS 7.5. Perform the following operations on every node:

// View OS version
[root@LB-01 ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)

// Stop and disable firewall
[root@LB-01 ~]# systemctl stop firewalld
[root@LB-01 ~]# systemctl disable firewalld

// Disable SELinux
[root@LB-01 ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/sysconfig/selinux
[root@LB-01 ~]# setenforce 0

// Install Nginx (install epel‑release if needed)
yum -y install epel-release
yum -y install nginx

2. Configure Backend Web Servers

2.1) web01 node

[root@web01 ~]# echo "<h1>web01 192.168.1.34</h1>" > /usr/share/nginx/html/index.html

2.2) web02 node

[root@web02 ~]# echo "<h1>web02 192.168.1.35</h1>" > /usr/share/nginx/html/index.html

The default document root for Nginx is /usr/share/nginx .

2.3) Start Nginx

// web01
[root@web01 ~]# systemctl start nginx

// web02
[root@web02 ~]# systemctl start nginx

2.4) Verify

Both web01 and web02 are now serving web pages.

3. Configure Load‑Balancer (LB) Servers

Each LB node runs both Nginx and Keepalived.

3.1) Configure Nginx reverse‑proxy

vi /etc/nginx/nginx.conf

Start Nginx and verify that both LB01 and LB02 can access the backend web nodes.

Both LB01 and LB02 round‑robin requests to the backend web nodes, confirming the Nginx LB cluster works.

3.2) Configure Keepalived

(1) Install Keepalived

yum -y install keepalived

(2) Edit Keepalived configuration on both LB nodes (showing side‑by‑side diff for clarity).

LB01 has higher priority, so the virtual IP (VIP) initially binds to LB01:

[root@LB-01 ~]# ip a | grep 192.168.1.110
    inet 192.168.1.110/24 scope global secondary eth0:1

4. Domain Name Resolution

For testing we use

www.test.com

and add the following entry to the client’s

hosts

file:

C:\Windows\System32\drivers\etc\hosts
192.168.1.110 www.test.com

The IP above is the floating VIP accessed by clients.

5. Test and Verify Failover

Stop Keepalived on LB01 and access the service again. The VIP moves to LB02:

[root@LB-02 ~]# ip a | grep 192.168.1.110
    inet 192.168.1.110/24 scope global secondary eth0:1

The high‑availability Nginx+Keepalived cluster (master‑slave) is now operational.

Nginx+Keepalived High‑Availability Cluster (Dual‑Master Mode)

Switching to dual‑master mode only requires adding another

vrrp_instance

block to the Keepalived configuration.

Cluster Architecture

Both LB‑01 and LB‑02 act as primary and backup nodes, each with its own VIP (192.168.1.110 and 192.168.1.210).

1. Configure LB‑01

vim /etc/keepalived/keepalived.conf   # add a second vrrp_instance VI_2

2. Configure LB‑02

vim /etc/keepalived/keepalived.conf   # add the same VI_2 block

3. Restart Keepalived

// LB‑01
[root@LB-01 ~]# systemctl restart keepalived

// LB‑02
[root@LB-02 ~]# systemctl restart keepalived

4. Verify VIP Binding

// LB‑01
[root@LB-01 ~]# ip a
... inet 192.168.1.110/24 scope global secondary eth0:1

// LB‑02
[root@LB-02 ~]# ip a
... inet 192.168.1.210/24 scope global secondary eth0:2

5. High‑Reliability Test

Stop Keepalived on LB‑01; the VIPs automatically move to LB‑02:

此时VIP都绑定在LB-02上

[root@LB-02 ~]# ip a
... inet 192.168.1.110/24 scope global secondary eth0:1
    inet 192.168.1.210/24 scope global secondary eth0:2

Both VIPs remain reachable after any Keepalived node stops, confirming the dual‑master HA cluster works.

Write a Daemon Script to Monitor Nginx

If the Keepalived node is healthy but Nginx crashes, the load‑balancing service fails. The following script checks whether Nginx is listening on port 80 every two seconds and stops Keepalived if Nginx is not running.

#!/bin/bash
while true
do
  if [ $(netstat -tlnp|grep nginx|wc -l) -ne 1 ]
  then
    /etc/init.d/keepalived stop
  fi
  sleep 2
done

Conclusion

Following the steps above you can build a robust Nginx + Keepalived high‑availability cluster in both master‑slave and dual‑master modes, and use a simple watchdog script to keep the service reliable.