high availability with keepalived and nginx on ubuntu

Question

I have two identical linux servers serving the same content through nginx. I want to have high availability through failover with keepalived, that is, server number 1 always serves the content of nginx whenever possible, if it crashes, server 2 (backup) will start serving the content of nginx (the content does not vary from server to server). Everything seems to work when I stop server 1, it serves through the internal IP configured on server 2, but how can I make that content serve through a final endpoint to the outside? That is, that a client connects to "domain.externo.com" and serves the content of server 2 if 1 is down.

The basic infrastructure would look like this: infrastructure photo

To do this I have the keepalived tool with the following configuration on the master("/etc/keepalived/keepalived.conf"):

#        script "/usr/bin/curl -k https://172.31.12.20" #Slave
        script "/usr/bin/curl -k https://172.31.11.251" # Master
        interval 2
        weight 2
        fall 2
        rise 2
}
vrrp_instance VI_1 {
        interface eth0
        state MASTER
        virtual_router_id 1
        priority 101                    # 101 on master, 100 on backup
        advert_int 1
        virtual_ipaddress {
            172.31.100.100/24
        }
        track_script {
            chk_nginx
        }
}

In the slave configuration ("/etc/keepalived/keepalived.conf")

vrrp_script chk_nginx {
        script "/usr/bin/curl -k https://172.31.12.20" #Slave
#        script "/usr/bin/curl -k https://172.31.11.251"        # Master
        interval 2
        weight 2
        fall 2
        rise 2
}
vrrp_instance VI_1 {
        interface eth0
        state SLAVE
        virtual_router_id 1
        priority 100                    # 101 on master, 100 on backup
        advert_int 1
        virtual_ipaddress {
            172.31.100.100/24
        }
        track_script {
            chk_nginx
        }
}

I have Master nginx configuration (Slave quite similar, not to lengthen the post):

    listen       80;
    listen  [::]:80;
    server_name  domain.external.com;

    location / {
        rewrite ^ https://$host$request_uri? permanent;
    }

    # redirect server error pages to the static page /50x.html
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}
server {
    listen       443 ssl http2;
    listen  [::]:443 ssl http2;

    server_name domain.externo.com;

    ssl_certificate /etc/certs/domain.external.com/fullchain.pem;
    ssl_certificate_key /etc/certs/domain.external.com/domain.external.com.key;
    ssl_trusted_certificate /etc/certs/domain.external.com/domain.external.com.ca.crt;

    include /etc/nginx/conf.d/ssl.conf;
    location ~ / {
      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      # # Fix the “It appears that your reverse proxy set up is broken" error.
#      proxy_pass          https://172.31.100.100;
      proxy_read_timeout  90;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

I have tried in the previous configuration in the file "/etc/keepalived/keepalived.conf" to introduce the domain in the directive:

...
virtual_ipaddress {
           # 172.31.100.100/24
           domain.external.com
...
        }

It doesn't work this way. What am I missing in the Nginx or KeepAlived configuration? I hope someone can help me. Thank you very much in advance

Answer 1

You’d have to set the virtual IP in DNS for that domain, as that’s how clients will find it.