Configuring Keepalived for High Availability with Nginx Load Balancing

Keepalived was originally designed to manage LVS clusters but also provides VRRP‑based high‑availability for any service, making it suitable for Nginx load‑balancing environments.

The high‑availability mechanism works by the master node sending multicast heartbeats; when the master fails, the backup node takes over the virtual IP (VIP) and services.

In the experimental setup two Nginx instances act as front‑end load balancers (Nginx01 as master, Nginx02 as backup) and share a virtual IP 192.168.31.5.

Installation is straightforward using the system package manager:

yum install keepalived -y

After installation, start the service and enable it at boot:

/etc/init.d/keepalived start
echo "/etc/init.d/keepalived start" >> /etc/rc.local

The main configuration file /etc/keepalived/keepalived.conf contains global definitions and a vrrp_instance block. Below are the essential sections for the master node:

global_defs {
    notification_email { acassen@firewall loc failover@firewall loc sysadmin@firewall loc }
    notification_email_from Alexandre.Cassen@firewall
    smtp_server 192.168.200.1
    smtp_connect_timeout 30
    router_id lb01
}

vrrp_instance VI_1 {
    state MASTER
    interface eth1
    virtual_router_id 55
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.31.5/24 dev eth1 label eth1:1
    }
}

The backup node uses the same file with a few changes (state BACKUP, lower priority, different router_id):

global_defs {
    ...
    router_id lb02
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth1
    virtual_router_id 55
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.31.5 dev eth1 label eth1:1
    }
}

Key parameters:

router_id – unique identifier within the LAN.

vrrp_instance – defines role, interface, priority, authentication, and virtual IP.

state – MASTER or BACKUP.

priority – higher value wins the VIP.

virtual_ipaddress – the shared VIP bound to a virtual interface.

After editing, restart Keepalived. The master should acquire the VIP within minutes. The backup remains idle until the master stops, at which point it claims the VIP (a situation sometimes called “split‑brain” if both claim it).

Failover testing steps:

Stop Keepalived on the master and verify the backup obtains 192.168.31.5.

Restart the master; it should pre‑empt and reclaim the VIP.

To ensure the Nginx load balancer itself is healthy, a Bash watchdog script monitors port 80 and stops Keepalived if Nginx is down:

#!/bin/bash
while true; do
    if [ $(netstat -tlnp | grep nginx | wc -l) -ne 1 ]; then
        /etc/init.d/keepalived stop
    fi
    sleep 2
done

Running this script in the background allows automatic failover to the backup node when Nginx fails, maintaining continuous service availability.