I have two identical linux servers serving the same content through nginx. I want to have high availability through failover with keepalived, that is, server number 1 always serves the content of nginx whenever possible, if it crashes, server 2 (backup) will start serving the content of nginx (the content does not vary from server to server). Everything seems to work when I stop server 1, it serves through the internal IP configured on server 2, but how can I make that content serve through a final endpoint to the outside? That is, that a client connects to "domain.externo.com" and serves the content of server 2 if 1 is down.
The basic infrastructure would look like this: infrastructure photo
To do this I have the keepalived tool with the following configuration on the master("/etc/keepalived/keepalived.conf"):
# script "/usr/bin/curl -k https://172.31.12.20" #Slave
script "/usr/bin/curl -k https://172.31.11.251" # Master
interval 2
weight 2
fall 2
rise 2
}
vrrp_instance VI_1 {
interface eth0
state MASTER
virtual_router_id 1
priority 101 # 101 on master, 100 on backup
advert_int 1
virtual_ipaddress {
172.31.100.100/24
}
track_script {
chk_nginx
}
}
In the slave configuration ("/etc/keepalived/keepalived.conf")
vrrp_script chk_nginx {
script "/usr/bin/curl -k https://172.31.12.20" #Slave
# script "/usr/bin/curl -k https://172.31.11.251" # Master
interval 2
weight 2
fall 2
rise 2
}
vrrp_instance VI_1 {
interface eth0
state SLAVE
virtual_router_id 1
priority 100 # 101 on master, 100 on backup
advert_int 1
virtual_ipaddress {
172.31.100.100/24
}
track_script {
chk_nginx
}
}
I have Master nginx configuration (Slave quite similar, not to lengthen the post):
listen 80;
listen [::]:80;
server_name domain.external.com;
location / {
rewrite ^ https://$host$request_uri? permanent;
}
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain.externo.com;
ssl_certificate /etc/certs/domain.external.com/fullchain.pem;
ssl_certificate_key /etc/certs/domain.external.com/domain.external.com.key;
ssl_trusted_certificate /etc/certs/domain.external.com/domain.external.com.ca.crt;
include /etc/nginx/conf.d/ssl.conf;
location ~ / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# # Fix the “It appears that your reverse proxy set up is broken" error.
# proxy_pass https://172.31.100.100;
proxy_read_timeout 90;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
I have tried in the previous configuration in the file "/etc/keepalived/keepalived.conf" to introduce the domain in the directive:
...
virtual_ipaddress {
# 172.31.100.100/24
domain.external.com
...
}
It doesn't work this way. What am I missing in the Nginx or KeepAlived configuration? I hope someone can help me. Thank you very much in advance