How to Build a High‑Availability Nginx Setup with Keepalived on Linux

High Availability (HA) is a crucial factor in distributed system architecture, aiming to minimize service downtime by designing systems that can continue providing services even when failures occur.

What is High Availability?

HA refers to the design goal of reducing the time a system cannot provide service. While 100% uptime is impossible, the objective is to minimize failures.

Problem Addressed

In production, Nginx is often used as a reverse proxy. If the Nginx server crashes, all external interfaces become inaccessible. To avoid this, we use keepalived to achieve high availability for Nginx.

Dual‑Machine Hot‑Standby Scheme

This common HA solution uses one server to provide services while the other stays on standby, ready to take over when the primary fails.

What is Keepalived?

Keepalived was originally designed for LVS load‑balancing clusters, managing and monitoring service nodes. It later added support for the VRRP (Virtual Router Redundancy Protocol) to provide high‑availability capabilities for services such as Nginx, HAProxy, MySQL, etc.

Failover Mechanism

Keepalived uses VRRP for failover. The master node continuously sends multicast heartbeat messages to the backup node. If the master stops sending heartbeats, the backup detects the failure and takes over the virtual IP and services.

Implementation Steps

Preparation

Two virtual machines with IPs 192.168.16.128 and 192.168.16.129, each with Nginx installed.

Install Nginx

rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

yum -y install nginx

systemctl start nginx   # start Nginx
systemctl stop nginx    # stop Nginx

Install Keepalived yum -y install keepalived Configure Keepalived on the Master (192.168.16.128)

vi keepalived.conf
# keepalived.conf content
vrrp_script chk_http_port {
    script "/usr/local/src/check_nginx_pid.sh"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 66
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    track_script { chk_http_port }
    virtual_ipaddress { 192.168.16.130 }
}

The virtual_ipaddress defines the VIP that clients will use to access the service.

Configure Keepalived on the Backup (192.168.16.129)

vi keepalived.conf
# keepalived.conf content (similar to master, but state BACKUP and priority 99)
vrrp_script chk_http_port {
    script "/usr/local/src/check_nginx_pid.sh"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 66
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    track_script { chk_http_port }
    virtual_ipaddress { 192.168.16.130 }
}

Health‑Check Script (check_nginx_pid.sh)

#!/bin/bash
# Detect if Nginx is running
A=$(ps -C nginx --no-header | wc -l)
if [ $A -eq 0 ]; then
    systemctl start nginx
    if [ $(ps -C nginx --no-header | wc -l) -eq 0 ]; then
        killall keepalived
    fi
fi

Make the script executable: chmod 775 check_nginx_pid.sh Testing the Failover

Access the service via the VIP 192.168.16.130; the page shows the IP of the current master (192.168.16.128). Stop Nginx on the master, and the script automatically restarts it, keeping the VIP on the master. Shut down the master server; the backup takes over the VIP, and the page now shows 192.168.16.129, demonstrating successful failover.

Keepalived also offers additional features such as email alerts, which can be explored in its official documentation.