How to Build a High‑Availability Nginx Load Balancer with Keepalived
This guide walks through configuring Nginx as a reverse‑proxy load balancer, setting up Keepalived for high‑availability, writing monitoring scripts, and testing failover on a CentOS 8 environment with multiple web servers.
Keepalived High‑Availability Nginx Load Balancer
Introduction to Nginx Load Balancing
Nginx can distribute incoming traffic across several backend servers, improving throughput and providing redundancy when a server fails.
Reverse Proxy and Load Balancing
Nginx is commonly used as a reverse proxy to separate static and dynamic content, allowing static files to be served directly while dynamic requests are forwarded to backend services.
The Http Proxy module provides proxy_pass and proxy_cache. To use proxy_cache, the third‑party ngx_cache_purge module must be compiled with Nginx.
./configure --add-module=../ngx_cache_purge-1.0 ...Nginx Load Balancing Configuration
The upstream block defines a list of backend servers. By default Nginx uses round‑robin, but ip_hash can be added to try to keep a client on the same server.
upstream idfsoft.com {
ip_hash;
server 127.0.0.1:9080 weight=5;
server 127.0.0.1:8080 weight=5;
server 127.0.0.1:1111;
}In the server block, the location forwards requests to the upstream group.
server {
location / {
proxy_pass http://idfsoft.com;
}
}Experimental Environment
CentOS 8 master node (192.168.222.250) – Nginx + Keepalived
CentOS 8 backup node (192.168.222.139) – Nginx + Keepalived
Web1 (192.168.222.137) – Apache
Web2 (192.168.222.138) – Nginx
Installing and Configuring Nginx on Web Servers
On Web1 install Apache, disable the firewall, set SELinux to disabled, and create a simple index page.
# yum -y install httpd
# systemctl stop firewalld.service
# vim /etc/selinux/config # set SELINUX=disabled
# setenforce 0
# systemctl enable --now httpd
# echo "apache" > /var/www/html/index.htmlOn Web2 install Nginx and create its own index page.
# yum -y install nginx
# systemctl stop firewalld.service
# vim /etc/selinux/config # set SELINUX=disabled
# setenforce 0
# systemctl enable --now nginx
# echo "nginx" > /usr/share/nginx/html/index.htmlEnabling Nginx Load Balancing and Reverse Proxy on the Master Node
# vim /usr/local/nginx/conf/nginx.conf
upstream webserver {
server 192.168.222.137;
server 192.168.222.138;
}
location / {
root html;
proxy_pass http://webserver;
}
# systemctl reload nginx.serviceInstalling Keepalived
Install the Keepalived package on both master and backup nodes.
# dnf -y install keepalivedKeepalived Configuration
Master node configuration (higher priority):
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass tushanbu
}
virtual_ipaddress {
192.168.222.133
}
track_script {
nginx_check
}
notify_master "/scripts/notify.sh master"
}
virtual_server 192.168.222.133 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.222.250 80 { weight 1; TCP_CHECK { connect_port 80; } }
real_server 192.168.222.139 80 { weight 1; TCP_CHECK { connect_port 80; } }
}
vrrp_script nginx_check {
script "/scripts/check_nginx.sh"
interval 5
weight -20
}Backup node configuration (lower priority) adds notification for backup state:
global_defs { router_id lb02 }
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication { auth_type PASS; auth_pass tushanbu; }
virtual_ipaddress { 192.168.222.133 }
notify_master "/scripts/notify.sh master"
notify_backup "/scripts/notify.sh backup"
}
virtual_server 192.168.222.133 80 { ... same as master ... }Monitoring Scripts
Script to stop Keepalived when Nginx is not running (master side):
#!/bin/bash
nginx_status=$(ps -ef | grep -Ev "grep|$0" | grep '\bnginx\b' | wc -l)
if [ $nginx_status -lt 1 ]; then
systemctl stop keepalived
fiNotification script used by Keepalived to start or stop Nginx based on node role:
#!/bin/bash
case "$1" in
master)
nginx_status=$(ps -ef | grep -Ev "grep|$0" | grep '\bnginx\b' | wc -l)
if [ $nginx_status -lt 1 ]; then
systemctl start nginx
fi
;;
backup)
nginx_status=$(ps -ef | grep -Ev "grep|$0" | grep '\bnginx\b' | wc -l)
if [ $nginx_status -gt 0 ]; then
systemctl stop nginx
fi
;;
*) echo "Usage: $0 master|backup";;
esacTesting Failover
When both nodes are running, the virtual IP (VIP) 192.168.222.133 resolves to the master node and returns alternating responses from Apache and Nginx.
Stopping Nginx on the master causes Keepalived to remove the VIP from the master; the backup node automatically acquires the VIP and starts Nginx, ensuring continuous service.
Restarting services on the original master restores the VIP to the master node.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.