How to Build Nginx High Availability with Keepalived on CentOS

Preparation

Two virtual machines with IPs 192.168.16.128 and 192.168.16.129, both have Nginx installed.

Install Nginx

Update yum repository files:

rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

Install Nginx: yum -y install nginx Control commands:

systemctl start nginx   # start Nginx
systemctl stop nginx    # stop Nginx

What is High Availability?

High Availability (HA) aims to minimize service downtime in distributed systems; while 100% uptime is impossible, HA designs reduce failure periods.

Problems Addressed

In production, Nginx often serves as a reverse proxy. If Nginx crashes or the server goes down, all external interfaces become inaccessible. Using Keepalived we can provide HA for Nginx.

Dual-Machine Hot Standby Solution

This common HA pattern uses one active server and one standby; when the active fails, the standby takes over.

What is Keepalived?

Originally designed for LVS load balancing, Keepalived manages node status and provides VRRP‑based high availability, supporting services such as Nginx, HAProxy, MySQL, etc.

Failover Mechanism

Keepalived uses VRRP: the Master node sends multicast heartbeats to the Backup. If the Master stops sending, the Backup assumes the virtual IP and services. When the Master recovers, the Backup releases the IP.

Implementation Steps

Install Keepalived

Install via yum (automatically resolves dependencies): yum -y install keepalived The configuration file is generated under /etc/keepalived.

Configure Master (192.168.16.128)

Sample keepalived.conf:

# Check script
vrrp_script chk_http_port {
    script "/usr/local/src/check_nginx_pid.sh"
    interval 2
    weight 2
}

# VRRP instance
vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 66
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    track_script {
        chk_http_port
    }
    virtual_ipaddress {
        192.168.16.130
    }
}

Set the network interface according to the actual NIC (use ip addr), and ensure the same authentication settings on the backup.

Configure Backup (192.168.16.129)

Similar keepalived.conf with state BACKUP and a lower priority (e.g., 99):

# Check script
vrrp_script chk_http_port {
    script "/usr/local/src/check_nginx_pid.sh"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 66
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    track_script {
        chk_http_port
    }
    virtual_ipaddress {
        192.168.16.130
    }
}

Health‑Check Script

#!/bin/bash
# Detect if Nginx is running
A=`ps -C nginx --no-header | wc -l`
if [ $A -eq 0 ]; then
    systemctl start nginx   # try to start Nginx
    if [ `ps -C nginx --no-header | wc -l` -eq 0 ]; then
        # If restart fails, stop Keepalived to trigger VIP failover
        killall keepalived
    fi
fi

Make the script executable:

chmod 775 check_nginx_pid.sh

Testing Failover

Access the virtual IP 192.168.16.130; it shows the page from 192.168.16.128 (master). Stop Nginx on the master; the script restarts it, so the VIP still points to the master. Finally, shut down the master server; the VIP now resolves to 192.168.16.129, confirming automatic failover.