How to Achieve Nginx High Availability with Keepalived on Linux

1. Keepalived Introduction

Keepalived is a high‑availability solution based on the VRRP protocol that prevents single‑point IP failures. It is often used together with load‑balancing tools such as LVS, HAProxy, or Nginx to form a highly available cluster.

1.1 VRRP Protocol

VRRP (Virtual Router Redundancy Protocol) creates a virtual router group with one master and multiple backups. The master holds a virtual IP (VIP) and responds to ARP requests, while backups stay on standby. If the master stops sending multicast advertisements, a backup with the highest priority takes over the VIP.

Comparison with Heartbeat/Corosync

Heartbeat and Corosync provide service‑level HA, whereas Keepalived provides router‑level HA using VRRP. Keepalived is typically used for front‑end HA (e.g., Nginx+Keepalived), while Heartbeat/Corosync are used for service HA that often requires shared storage.

1.2 Keepalived + Nginx

Keepalived implements VRRP on Linux and consists of three modules: core, check, and vrrp. The core handles process startup and configuration loading, check runs health‑check scripts, and vrrp implements the VRRP protocol.

2. Implementing Nginx HA with Keepalived

2.1 Installation

On a CentOS 6.2 system, install Keepalived via yum:

# yum install -y keepalived # keepalived -v Keepalived v1.2.13 (03/19,2015)

2.2 Nginx Monitoring Script

The script checks whether the Nginx process is running; if not, it attempts to restart Nginx and, on failure, stops Keepalived so the backup node can take over.

#!/bin/bash counter=$(ps -C nginx --no-heading|wc -l) if [ "${counter}" = "0" ]; then /usr/local/bin/nginx sleep 2 counter=$(ps -C nginx --no-heading|wc -l) if [ "${counter}" = "0" ]; then /etc/init.d/keepalived stop fi fi

2.3 Keepalived Configuration (keepalived.conf)

Key sections include global_defs for email notifications, vrrp_script to define health‑check scripts, and vrrp_instance to specify the virtual router ID, priority, interface, and VIP.

global_defs {
    notification_email {
        [email protected]
        [email protected]
    }
    notification_email_from [email protected]
    smtp_server mail.example.com
    smtp_connect_timeout 30
    router_id LVS_DEVEL
}

vrrp_script chk_nginx {
    script "/etc/keepalived/check_nginx.sh"
    interval 2
    weight -5
    fall 3
    rise 2
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    mcast_src_ip 172.29.88.224
    virtual_router_id 51
    priority 101
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.29.88.222
    }
    track_script {
        chk_nginx
    }
}

On the backup node, change state MASTER to state BACKUP and adjust the priority and mcast_src_ip accordingly.

2.4 Configuration Options Explained

global_defs : Email notification settings and router identifier.

vrrp_instance : Defines the instance state, network interface, virtual router ID, priority, advertisement interval, authentication, VIP, and linked health‑check scripts.

vrrp_script : Specifies the script to run, its execution interval, weight adjustment on failure, and fail/restore thresholds.

2.5 Nginx Configuration

Both Nginx servers should have identical configurations (e.g., synchronized via rsync). Use a domain name in server_name that resolves to the VIP.

3. Testing

After starting Keepalived and Nginx on both nodes, the VIP (172.29.88.222) resides on the master. Stopping Nginx on the master triggers the health‑check script, causing Keepalived to stop on the master and the backup to assume the VIP.

# ip a | grep eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 ... inet 172.29.88.224/24 brd 172.29.88.255 scope global eth0 inet 172.29.88.222/32 scope global eth0

Log excerpts show the transition from MASTER to BACKUP and the advertisement of the VIP on the new master.

Jun 5 16:44:46 itoatest1 Keepalived_vrrp[44875]: VRRP_Script(chk_nginx) failed Jun 5 16:44:48 itoatest1 Keepalived_vrrp[44875]: VRRP_Instance(VI_1) Received higher prio advert Jun 5 16:44:48 itoatest1 Keepalived_vrrp[44875]: VRRP_Instance(VI_1) Entering BACKUP STATE Jun 5 16:44:48 itoatest2 Keepalived_vrrp[35555]: VRRP_Instance(VI_1) Transition to MASTER STATE Jun 5 16:44:50 itoatest2 Keepalived_vrrp[35555]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 172.29.88.222

Packet captures (e.g., using tcpdump) can be used to observe VRRP advertisements and priority changes.

# tcpdump -vvv -n -i eth0 dst 224.0.0.18 and src 172.29.88.224

The article originally appeared on seanlook.com .