BestHub
Sign in
Operations 9 min read

Deploying Keepalived with Nginx for High Availability and Failover

This guide demonstrates how to achieve high availability for Nginx by deploying Keepalived in a virtual IP failover setup, covering installation via yum or source, configuration of keepalived and VRRP scripts, service management, and verification steps on two CentOS servers.

Full-Stack Internet Architecture
Full-Stack Internet Architecture
Full-Stack Internet Architecture
Deploying Keepalived with Nginx for High Availability and Failover

In architecture design, Nginx reverse proxy and load balancing can provide high availability for backend applications, but the single point of failure of Nginx itself must be addressed.

The two main failure scenarios are:

Nginx service crashes unexpectedly.

The host server goes down, making Nginx unavailable.

The common solution is to use keepalived together with Nginx to achieve automatic failover, combined with monitoring and alerting.

Simulation environment: two virtual machines (192.168.56.9 and 192.168.56.10). The primary node (192.168.56.9) runs Nginx + keepalived + Tomcat, while the backup node (192.168.56.10) runs the same services in standby mode. A virtual IP (VIP) 192.168.56.120 is shared between them.

0x01: Keepalived Introduction and Deployment

Keepalived monitors server health; if a web server fails, it removes the faulty node from the pool and promotes a healthy node automatically. Installation on CentOS can be done via yum or from source.

Yum installation

yum install -y  keepalived

This installs Keepalived version 1.3.5. To remove the older version:

yum remove keepalived

Source installation

https://www.keepalived.org/
wget https://www.keepalived.org/software/keepalived-2.2.2.tar.gz
tar -zxvf keepalived-2.2.2.tar.gz -C /usr/local
cd keepalived-2.2.2/
./configure
yum install -y gcc openssl-devel popt-devel ipvsadm
make && make install

After compilation, install Keepalived as a system service:

mkdir /etc/keepalived
cp /root/keepalived-2.2.2/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
cp /root/keepalived-2.2.2/keepalived/etc/init.d/keepalived /etc/init.d/
cp /root/keepalived-2.2.2/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/sbin/keepalived /usr/bin/
ln -s /usr/local/sbin/keepalived /sbin/

Common Keepalived commands:

# Enable autostart
systemctl enable keepalived.service
# Disable autostart
systemctl disable keepalived.service
# Start
systemctl start keepalived.service
# Stop
systemctl stop keepalived.service
# Restart
service keepalived restart
# Status
service keepalived status

0x02: Primary Keepalived Configuration

! Configuration File for keepalived

global_defs {
  notification_email {
    [email protected]
    [email protected]
    [email protected]
  }
  notification_email_from [email protected]
  smtp_server 192.168.200.1
  smtp_connect_timeout 30
  router_id nginx01
  vrrp_skip_check_adv_addr
  vrrp_stricti
  vrrp_garp_interval 0
  vrrp_gna_interval 0
}

vrrp_script check_nginx {
  script "/etc/keepalived/nginx_check.sh"
  interval 1
  weight -2
}

vrrp_instance VI_1 {
  state MASTER
  interface enp0s3
  virtual_router_id 52
  priority 150
  advert_int 1
  authentication {
    auth_type PASS
    auth_pass 1111
  }
  track_script { check_nginx }
  virtual_ipaddress { 192.168.56.120/24 }
}

nginx_check.sh script (checks Nginx process and restarts if needed):

#!/bin/bash
A=`ps -C nginx --no-header | wc -l`
if [ $A -eq 0 ]; then
    /usr/local/nginx/sbin/nginx
    sleep 2
    if [ `ps -C nginx --no-header | wc -l` -eq 0 ]; then
        pkill keepalived
    fi
fi
chmod 755 nginx_check.sh

Start Keepalived:

systemctl start keepalived.service

Verify that the service started and that the VIP appears only on the master node using ip addr . After stopping the master service, the VIP moves to the backup node, and restarting restores it to the master.

0x03: Backup Keepalived Configuration

! Configuration File for keepalived

global_defs { router_id NodeB }

vrrp_script chk_nginx {
  script "/etc/keepalived/nginx_check.sh"
  interval 2
  weight 20
}

vrrp_instance VI_1 {
  state BACKUP
  interface enp0s4
  virtual_router_id 51
  priority 90
  advert_int 1
  authentication { auth_type PASS auth_pass 1314 }
  track_script { chk_nginx }
  virtual_ipaddress { 192.168.56.120/24 }
}

The same nginx_check.sh script is used, with identical permissions and start command:

systemctl start keepalived.service

Verify VIP movement before and after starting/stopping the service as described for the primary node.

0x04: Validation

Open the VRRP protocol in the firewall:

firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent
firewall-cmd --reload

Start Keepalived on both nodes, check that only the master holds the VIP, then stop the master to see the VIP migrate to the backup, and restart to confirm failback.

If Keepalived fails to start, consult /var/log/messages for configuration errors.

High Availabilityload balancingNginxCentOSvrrpKeepalived
Full-Stack Internet Architecture
Written by

Full-Stack Internet Architecture

Introducing full-stack Internet architecture technologies centered on Java

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment