How do you configure a high-availability Nginx web server using Keepalived?

In today’s digital world, ensuring your website remains accessible and responsive is crucial. High availability and load balancing are essential techniques to achieve this. One popular approach involves using Nginx, a powerful web server known for its performance and flexibility, in combination with Keepalived, which works with the Virtual Router Redundancy Protocol (VRRP) to provide redundancy. This article will guide you through configuring a high-availability Nginx web server using Keepalived, ensuring your web service remains up and running even if a primary server fails.

High availability ensures that your web service is always online, minimizing downtime. Load balancing distributes incoming traffic across multiple servers to prevent any single server from becoming overwhelmed. Nginx and Keepalived are a powerful duo that can help you achieve both.

Nginx is an open source web server renowned for its speed and stability. It also functions as a load balancer to distribute traffic evenly among multiple web servers. Keepalived, on the other hand, uses VRRP to create a virtual IP address that points to multiple backend servers. If the primary server fails, Keepalived shifts the virtual IP to a backup server, ensuring continuous service.

To set up a high-availability Nginx web server, follow the steps below.

Setting Up Your Environment

Before diving into the configuration details, ensure you have the necessary servers and software.

1. Servers: At least two servers (one primary and one backup).
2. Operating System: Linux-based distributions like Ubuntu or CentOS.
3. Software: Nginx, Keepalived.

Installing Nginx and Keepalived

First, install Nginx and Keepalived on both servers:

sudo apt update
sudo apt install nginx keepalived

After installation, start and enable the Nginx service:

sudo systemctl start nginx
sudo systemctl enable nginx

Repeat these steps on the backup server to ensure both are ready.

Configuring Nginx for Load Balancing

Begin by configuring Nginx to act as a load balancer. Create or edit the Nginx configuration file at /etc/nginx/nginx.conf.

sudo nano /etc/nginx/nginx.conf

Add the following configuration to set up a simple load balancer:

http {
    upstream backend {
        server 192.168.1.2;  # IP of the primary server
        server 192.168.1.3;  # IP of the backup server
    }

    server {
        listen 80;
        
        location / {
            proxy_pass http://backend;
        }
    }
}

This configuration defines an upstream block with the IP addresses of your primary and backup servers. Nginx will distribute incoming traffic among these servers.

Configuring Keepalived

Next, configure Keepalived to handle failover between the primary and backup servers. Edit the Keepalived configuration file at /etc/keepalived/keepalived.conf on both servers.

Primary Server Configuration

On the primary server, the configuration file should look like this:

global_defs {
   router_id LVS_DEVEL
}

vrrp_script chk_nginx {
    script "pidof nginx"  # Check if Nginx is running
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 101
    advert_int 1

    authentication {
        auth_type PASS
        auth_pass 1234
    }

    virtual_ipaddress {
        192.168.1.100  # The virtual IP address
    }

    track_script {
        chk_nginx
    }
}

Backup Server Configuration

On the backup server, make the following changes:

global_defs {
   router_id LVS_DEVEL
}

vrrp_script chk_nginx {
    script "pidof nginx"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1

    authentication {
        auth_type PASS
        auth_pass 1234
    }

    virtual_ipaddress {
        192.168.1.100
    }

    track_script {
        chk_nginx
    }
}

Explanation

• global_defs: Global settings for Keepalived.
• vrrp_script: Defines a script (script chk) to check if Nginx is running.
• vrrp_instance: Configures the VRRP instance.
  • state: MASTER on primary, BACKUP on backup.
  • interface: Network interface (e.g., eth0).
  • virtual_router_id: A unique ID for the VRRP instance.
  • priority: Higher for the primary server.
  • virtual_ipaddress: The virtual IP address that clients will connect to.

Starting and Testing the Setup

Now, start and enable Keepalived on both servers:

sudo systemctl start keepalived
sudo systemctl enable keepalived

Checking the Configuration

Use the command below to check the Keepalived status:

sudo systemctl status keepalived

Ensure that the primary server shows MASTER state and the backup server shows BACKUP state. You can also verify that the virtual IP address is assigned to the primary server:

ip addr show

Failover Testing

To test the high availability setup, stop the Nginx service on the primary server:

sudo systemctl stop nginx

Check the virtual IP on the backup server. It should now be assigned to the backup server, indicating a successful failover.

Next, restart Nginx on the primary server:

sudo systemctl start nginx

After a brief period, the virtual IP should revert to the primary server.

Customizing the Configuration

The basic configuration provided above can be customized to suit your specific needs. For instance, you can adjust the check interval and weights in the vrrp script to fine-tune the failover behavior. Additionally, you can use unicast mode by adding unicast_src and unicast_peer directives for environments where multicast is not supported.

Advanced VRRP Instance Configuration

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 101
    advert_int 1

    authentication {
        auth_type PASS
        auth_pass 1234
    }

    virtual_ipaddress {
        192.168.1.100
    }

    unicast_src 192.168.1.2
    unicast_peer {
       192.168.1.3
    }

    track_script {
        chk_nginx
    }
}

This configuration allows you to specify unicast communication, which can be more secure and reliable in certain network environments.

Configuring a high-availability Nginx web server using Keepalived ensures that your web service remains online and responsive even if a primary server fails. By distributing traffic using Nginx and handling failovers with Keepalived, you can achieve a robust and reliable web infrastructure. Following the steps outlined in this article, you now have a solid foundation for setting up and maintaining a high-availability web server environment.

Remember, keeping your web servers highly available and load-balanced is not just about setting up the initial configuration. Regular monitoring and maintenance are key to ensuring continuous service. By investing time and effort in a robust configuration, you safeguard your online presence, providing a seamless experience for your users.