Implementing High Availability for Nginx with Keepalived on CentOS
This guide explains how to set up a two‑node high‑availability Nginx service on CentOS using Keepalived, covering preparation, installation of Nginx and Keepalived, configuration of VRRP, virtual IP, health‑check scripts, and a failover demonstration.
Preparation
Two virtual machines with IPs 192.168.16.128 and 192.168.16.129 are required, each with Nginx already installed.
Install Nginx
Update the yum repository and install Nginx:
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repoInstall Nginx:
yum -y install nginxControl commands:
systemctl start nginx # start Nginx
systemctl stop nginx # stop NginxWhat is High Availability?
High Availability (HA) aims to minimise service downtime. In production, Nginx often acts as a reverse proxy; if it fails, all external services become unavailable. Keepalived can provide HA for Nginx.
Problems Addressed
When Nginx crashes, the service is inaccessible. Using Keepalived with VRRP allows automatic failover.
Dual‑Machine Hot‑Standby Scheme
One server provides the service (MASTER) while the other stays on standby (BACKUP). If the MASTER fails, the BACKUP takes over.
What is Keepalived?
Keepalived was originally designed to manage LVS clusters and implements VRRP for HA. It can also provide HA for services such as Nginx, HAProxy, MySQL, etc.
Failover Mechanism
Keepalived uses VRRP heartbeats. The MASTER continuously sends multicast heartbeats to the BACKUP. If the BACKUP stops receiving heartbeats, it assumes the virtual IP (VIP) and services.
Implementation Process
Install Keepalived
yum -y install keepalivedConfigure Master (192.168.16.128)
Edit /etc/keepalived/keepalived.conf :
# detection script
vrrp_script chk_http_port {
script "/usr/local/src/check_nginx_pid.sh" # check Nginx status
interval 2
weight 2
}
# VRRP instance
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script { chk_http_port }
virtual_ipaddress { 192.168.16.130 }
}Configure Backup (192.168.16.129)
# detection script
vrrp_script chk_http_port {
script "/usr/local/src/check_nginx_pid.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 66
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script { chk_http_port }
virtual_ipaddress { 192.168.16.130 }
}Health‑Check Script (check_nginx_pid.sh)
#!/bin/bash
# Check if Nginx is running
A=`ps -C nginx --no-header | wc -l`
if [ $A -eq 0 ]; then
systemctl start nginx # try to start Nginx
if [ `ps -C nginx --no-header | wc -l` -eq 0 ]; then
# if start fails, stop Keepalived to trigger VIP takeover
killall keepalived
fi
fiMake the script executable:
chmod 775 check_nginx_pid.shFailover Demonstration
Access the service via the virtual IP 192.168.16.130 . Initially the page shows 192.168.16.128 , indicating the MASTER is serving.
Stop Nginx on the MASTER:
systemctl stop nginx # stop Nginx on 192.168.16.128The VIP still points to the MASTER because the script restarts Nginx. After shutting down the MASTER machine, the VIP automatically moves to the BACKUP ( 192.168.16.129 ), confirming successful failover.
Keepalived also supports additional features such as email alerts, which are not covered here.
IT Architects Alliance
Discussion and exchange on system, internet, large‑scale distributed, high‑availability, and high‑performance architectures, as well as big data, machine learning, AI, and architecture adjustments with internet technologies. Includes real‑world large‑scale architecture case studies. Open to architects who have ideas and enjoy sharing.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.