High Availability in NGINX Plus R6
by
Join the DZone community and get the full member experience.
Join For Free[This article was written by Owen Garrett]
It’s no secret that with today’s always-on, always-connected society, users expect your sites and apps to be accessible 24×7. This is where NGINX and NGINX Plus have always helped you shine. One of the key benefits of deploying NGINX Plus as a reverse proxy and load balancer for your application servers is increased application availability and reliability, and you can improve app and website performance even further by adding high availability (HA) to NGINX Plus itself.
In NGINX Plus Release 6 (R6), we’ve introduced a new solution that makes it fast and easy to deploy NGINX Plus instances in an active-passive HA configuration. The solution is based on the open source keepalived project, which provides an HA solution for Linux systems with three components: the keepalived daemon, an implementation of the Virtual Router Redundancy Protocol (VRRP) to manage assignment of the virtual IP address for the HA pair, and a health-checking facility to determine whether a service (for example, a web server, PHP back end, or NGINX Plus) is up and operational.
How Does High Availability Work?
Based on an initial configuration (see Configuring NGINX Plus for HA below), keepalived designates one NGINX Plus node as the (active) master and the other as the (passive) backup. Each node has its own IP address, and the master node is also assigned a virtual IP address, which is the one advertised to clients in the Domain Name System (DNS). During operation, VRRP and the health-checking facility monitor the operation of the nodes and NGINX Plus so that the virtual IP address can be reassigned to the backup if the master fails:
- The VRRP instance on the backup node listens for advertisement packets from its peer on the master node. If it does not receive an advertisement packet for a period longer than three times the configured advertisement interval, it takes over as master and assigns the virtual IP address to itself.
- If health checks of NGINX Plus on the master node fail a configured number of times, keepalived reassigns the virtual IP address from the master node to the backup node.
Configuring NGINX Plus for HA
To configure an active-passive pair of NGINX Plus nodes for HA, perform the following steps on both nodes:
- Install or upgrade to the NGINX Plus R6 base package (nginx-plus) by following the instructions for your operating system at the NGINX Plus repository.
- Using the installation command specified at the NGINX Plus repository for your operating system, install the nginx-ha-keepalived package by replacing nginx-plus with nginx-ha-keepalived, as in this example for Ubuntu:
root# apt-get install nginx-ha-keepalived
- Run the nginx-ha-setup script (it’s installed from the nginx-ha-keepalived package into /usr/bin).
root# nginx-ha-setup
We recommend that you run the script on both nodes at the same time in side-by-side terminal windows, performing each step on both nodes before proceeding to the next step. We also recommend that you use the Linux
screen(1) command to start the terminal windows, so that installation can continue if a session gets disconnected.Before beginning, collect the following information to supply at the prompts:
- The physical IP addresses of both nodes.
- The virtual IP address, which is assigned initially to the master node. The script refers to it as the “cluster IP address (or endpoint)”. It must not be the actual IP address of either node.
The keepalived Configuration Script
On each node, the nginx-ha-setup script creates the local keepalived configuration file,/etc/keepalived/keepalived.conf, incorporating the values you provide in Step 3. The following is an example created on a node with IP address 192.168.100.100 (the other node’s address is 192.168.100.101 and the virtual IP address is 192.168.100.150). Note that although this looks a lot like NGINX Plus configuration, it isn’t – for one thing, semicolons are not used to delimit directives.
vrrp_script chk_nginx_service {
script "/usr/libexec/keepalived/nginx-ha-check"
interval 3
weight 50
}
vrrp_instance VI_1 {
interface eth0
state BACKUP
priority 101
virtual_router_id 51
advert_int 1
unicast_src_ip 192.168.100.100
unicast_peer {
192.168.100.101
}
authentication {
auth_type PASS
auth_pass f8f0e5114cbe031a3e1e622daf18f82a
}
virtual_ipaddress {
192.168.100.150
}
track_script {
chk_nginx_service
}
notify "/usr/libexec/keepalived/nginx-ha-notify"
}Explaining the purpose of every directive is beyond the scope of this post, but there are a few things to note.
- There are two main configuration blocks in the file:
- The
vrrp_scriptblock configures the health-checking facility to run a script that checks whether NGINX Plus is operational.The nginx-ha-check script is installed automatically from the nginx-ha-keepalived package into the indicated directory, which varies by operating system.
The
intervaldirective sets how often the script runs, in seconds. - The
vrrp_instanceblock configures the VRRP instance on this node.The IP addresses you provide are recorded as the values of three directives:
unicast_src_ip(the local node),unicast_peer(the other node), andvirtual_ipaddress(the virtual IP address assigned to the master node).The
advert_intdirective controls how often the VRRP instance on the master node sends advertisements to its peer on the backup node, in seconds.The value 51 for the
virtual_router_iddirective is a sample value; change it as necessary to be unique in your environment (this becomes relevant if you are using VRRP to provide HA for multiple services).
- The
- Together, the
weightdirective in thevrrp_scriptblock and theprioritydirective in thevrrp_instanceblock are used in determining which node becomes master. For more information, seeUsing a Health-Checking Script to Control Mastership in the NGINX Plus Admin Guide article about HA. - If you have multiple pairs of keepalived instances (or other VRRP instances) running in your local network, create a
vrrp_instanceblock for each one, with a unique name (likeVI_1in the example) andvirtual_router_idnumber.Similarly, if you are using keepalived to provide HA for other services, for each one you need to create a separate health-check script and
vrrp_scriptblock.
More Information
For more details about the HA solution, see High Availabilty Support in NGINX Plus in the NGINX Plus Admin Guide. It explains how to find out which node is master, force a mastership change, manually reassign the virtual IP address, troubleshoot keepalived and VRRP, and add more virtual IP addresses. It also points you to sample configuration files for more complex HA setups.
Published at DZone with permission of Patrick Nommensen, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
Trending
-
Never Use Credentials in a CI/CD Pipeline Again
-
How To Use Geo-Partitioning to Comply With Data Regulations and Deliver Low Latency Globally
-
Automating the Migration From JS to TS for the ZK Framework
-
Revolutionizing Algorithmic Trading: The Power of Reinforcement Learning
Comments