How to Build Nginx High Availability with Keepalived on Two VMs

Introduction

Hello, I am a senior architect. Below is a step‑by‑step tutorial for building a high‑availability Nginx service using keepalived.

Preparation

Two virtual machines with IPs 192.168.16.128 and 192.168.16.129 are ready. Install Nginx on both.

Install Nginx

Update the yum repository and install Nginx:

rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum -y install nginx

Start and stop Nginx with:

systemctl start nginx
systemctl stop nginx

What Is High Availability (HA)?

High availability means designing a distributed system to minimize downtime. While 100 % uptime is impossible, HA aims to reduce service interruptions as much as possible.

Problem Addressed

In production, Nginx often serves as a reverse proxy. If the Nginx server crashes, all external interfaces become inaccessible. Using keepalived we can automatically fail over to a standby server.

Dual‑Machine Hot‑Standby Solution

The common HA pattern in many enterprises is a master‑backup pair: one server provides the service while the other stays on standby, ready to take over when the master fails.

What Is keepalived?

keepalived was originally created to manage LVS clusters and later added VRRP (Virtual Router Redundancy Protocol) support, making it suitable for providing HA for services such as Nginx, HAProxy, MySQL, etc.

Failover Mechanism

When the master node is alive, it sends multicast heartbeat messages to the backup. If the master stops sending heartbeats, the backup assumes the virtual IP (VIP) and services. When the master recovers, the backup releases the VIP and returns to standby.

Implementation Steps

Install keepalived

yum -y install keepalived

Configure keepalived on the Master (192.168.16.128)

vrrp_script chk_http_port {
    script "/usr/local/src/check_nginx_pid.sh"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 66
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    track_script {
        chk_http_port
    }
    virtual_ipaddress {
        192.168.16.130
    }
}

Configure keepalived on the Backup (192.168.16.129)

vrrp_script chk_http_port {
    script "/usr/local/src/check_nginx_pid.sh"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 66
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    track_script {
        chk_http_port
    }
    virtual_ipaddress {
        192.168.16.130
    }
}

Health‑Check Script (check_nginx_pid.sh)

#!/bin/bash
# Detect if Nginx is running
A=`ps -C nginx --no-header | wc -l`
if [ $A -eq 0 ]; then
    systemctl start nginx
    if [ `ps -C nginx --no-header | wc -l` -eq 0 ]; then
        # If Nginx still fails, stop keepalived to trigger VIP takeover
        killall keepalived
    fi
fi

Make the script executable:

chmod 775 check_nginx_pid.sh

Testing Failover

1. Access the virtual IP 192.168.16.130; the page shows the content from the master (192.168.16.128). 2. Stop Nginx on the master with systemctl stop nginx. The script restarts Nginx, so the service remains available. 3. Shut down the master server entirely. The backup automatically takes over the VIP, and accessing 192.168.16.130 now shows the page from 192.168.16.129.

At this point, a production‑grade high‑availability Nginx setup is complete.