haproxy+keepalived(主從模式)實現高可用環境的簡單配置
一���、HAProxy簡介
? ?代理的作用:web緩存(加速)����、反向代理��、內容路由(根據流量及內容類型等將請求轉發至特定服務器)�、轉碼器(將后端服務器的內容壓縮后傳輸給client端)�。
緩存的作用:減少冗余內容傳輸����;節省帶寬����、緩解網絡瓶頸�;降低了對原始服務器的請求壓力�����,降低了傳輸延遲�����。
??? HAProxy是一種免費的��、非?��?焖偾铱煽康慕鉀Q方案�,它提供了高可用性�����、負載平衡和對TCP和基于http的應用程序的代理��。它特別適用于非常高的流量網站�,并為世界上訪問量最大的網站提供了強大的力量�����。多年來����,它已經成為事實上的標準的opensource負載平衡器�,現在隨大多數主流Linux發行版本一起發布�����,
? ? 并且經常在云平臺上默認部署��。
?? ?HAProxy:只是http協議的反向代理�,不提供緩存功能��。????
二�、HAProxy測試環境搭建
1����、簡單架構圖
2�����、測試環境(說明):
HAProxy:192.168.16.10
web1:? ?192.168.16.11
web2:? ?192.168.16.12
操作系統:CentOS Linux release 7.3.1611 (Core)
iptables關閉和selinux為disabled
3����、HAProxy服務器安裝haproxy
通過yum安裝Haproxy:
[root@sheng1?haproxy]#?yum?-y?install?haproxy
查看Haproxy版本
[root@sheng1?haproxy]#?haproxy?-v
HA-Proxy?version?1.5.18?2016/05/10
Copyright?2000-2016?Willy?Tarreau?<willy@haproxy.org>
4����、web1和web2安裝httpd
web服務器1:192.168.16.11
Web服務器2:192.168.16.11
yum -y install httpd
echo "1111111" > /var/www/html/index.html
systemctl start httpd
echo "2222222" > /var/www/html/index.html
systemctl start httpd
然后systemctl start httpd.service
查看和配置haproxy配置文件
cat?/etc/haproxy/haproxy.cfg?|?egrep?-v?'(#|^$)'
5��、配置HAProxy
vim /etc/haproxy/haproxy.cfg
[root@sheng1 haproxy]# pwd
/etc/haproxy
修改haproxy.cfg的配置如下:
global???????????????????#全局配置
????log????127.0.0.1?local2????#日志輸出配置
????chroot??/var/lib/haproxy?????#haproxy工作目錄
????pidfile??/var/run/haproxy.pid???#haproxy的pid目錄
????maxconn??4000???????????#最大連接數(默認配置)
????user????haproxy?????????#運行haproxy用戶
????group???haproxy?????????#haproxy所屬組
????daemon???????????????#后臺啟動
????stats?socket?/var/lib/haproxy/stats??#這個不知道��,后續補充
defaults??????????????????????????????????#默認配置
????mode???http????????????#默認模式mod{tcp|http|health}
????log???global??????????#日志系統與global段相同
????option??httplog??????????#日志類別采用httplog
????option??dontlognull??????????#不記錄健康檢查日志
????option??http-server-close?????#每次請求完畢后主動關閉http通道
????option??forwardfor??except?127.0.0.0/8??#后端服務器需要獲得客戶端真實ip需要配置的參數
????option??redispatch???????????#當請求的服務器掛掉之后強行切換到健康的服務器
????retries?3??????????????#3次連接服務器失敗后確定服務器不可用
????timeout?http-request?10s????#默認http請求超時時間(可優化)
????timeout?queue?????1m????#默認隊列超時時間(可優化)
????timeout?connect????10s????#默認連接超時時間(可優化)
????timeout?client????1m????#默認客戶端超時時間(可優化)
????timeout?server????1m????#默認服務器超時時間(可優化)
????timeout?http-keep-alive?10s??#默認持久連接超時時間(可優化)
????timeout?check??????10s??#默認心跳檢測超時時間(可優化)
????maxconn?????????3000??#最大連接數�����,不要超過全局配置最大連接數
listen?stats_auth????????????#監控頁面及監聽端口混合配置�����,做的有點差����,僅做參考
????bind?192.168.16.10:8000??????#綁定監控頁面監聽端口
????stats?uri?/status???????#haproxy監控頁面
????stats?auth?admin:westos????#配置監控頁面賬號密碼登錄
????stats?refresh?5s????????#監控頁面自動刷新時間
????stats?hide-version???????#隱藏監控頁面haproxy版本號��,保障安全
????listen?www.jzz.nginx?*:8088??#監聽的實例名稱�、地址和端口��,可配置多個
????server?web1?192.168.16.11:80?cookie?app1inst1?check?inter?2000?rise?2?fall?5????????
????#后端web服務器ip及其他配置
????listen?www.jzztest.org?*:8089?#監聽的實例名稱�����、地址和端口����,可配置多個
????server?web2?192.168.16.12:80?cookie?app1inst2?check?inter?2000?rise?2?fall?5????????
????#后端web服務器ip及其他配置
????#??注意參數解釋:inter?2000?心跳檢測時間����;rise?2?三次連接成功�,表示服務器正常���;
????#??fall?5?三次連接失敗�,表示服務器異常��;?weight?1?權重設置
????listen?localhost.localdomain?*:80
????balance?roundrobin??????
????#負載均衡算法(有roundrobin�����、static-rr��、leastconn����、source�、url����、url_param�����、hdr��、rdp_cookie)
frontend??main?*:5000???????????#frontend前端配置�����,為haproxy安裝時就有�,能力有限���,不再解釋
????acl?url_static???????path_beg???????-i?/static?/images?/javascript?/stylesheets
????acl?url_static???????path_end???????-i?.jpg?.gif?.png?.css?.js
????use_backend?static??????????if?url_static
????default_backend?????????????app
backend?static?????????????#backend前端配置����,為haproxy安裝時就有��,能力有限�,不再解釋
????balance?????roundrobin
????server??????static?127.0.0.1:4331?check
backend?app???????????????#backend前端配置����,為haproxy安裝時就有���,能力有限�,不再解釋
????balance?????roundrobin
????server??app1?127.0.0.1:5001?check
????server??app2?127.0.0.1:5002?check
????server??app3?127.0.0.1:5003?check
????server??app4?127.0.0.1:5004?check
rsyslog 系統日志轉發
編輯配置文件/etc/rsyslog.conf
加入如下內容:
$ModLoad?imudp
$UDPServerRun?514
local2.*????/var/log/haproxy.log
SYSLOGD_OPTIONS="-r -m 0"???????????
重啟rsyslog進程
systemctl restart rsyslog
6. 啟動haproxy服務
systemctl?start?haproxy
三�����、測試環境是否健康
通過瀏覽器訪問HAProxy
http://192.168.16.10:8000/status
訪問haproxy監控頁面端口下的/status,為了安全起見��,第一次登陸需要賬號密碼��,賬號密碼就是配置文件里設置的
進入監控頁面��,在這里可以看到我們的配置
訪問haproxy服務器ip的8088端口���,可以發現跳轉到了Web服務器1
訪問haproxy服務器ip的8089端口��,可以發現跳轉到了Web服務器2
也可以設置域名訪問到不同web服務器���,但要在本地host綁定域名ip對應關系����。
haproxy服務器配置成功
三�����、haproxy+keepalived簡單配置
前提:
1.兩臺haproxy服務器�,配置基本一樣���,可參考上面haproxy的配置�,后端web服務器一樣
2.兩臺haproxy服務器器上都已安裝完成keepalived��,安裝教程參考我的lvs+keepalived配置中的keepalived的安裝���。
環境:
haproxy服務器1:192.168.16.9
haproxy服務器2:192.168.16.10
haproxy代理web服務器1:192.168.16.11(hostname:www.jzz.nginx?默認頁面:1111111)
haproxy代理Web服務器2:192.168.16.12(hostname:www.jzztest.org?默認頁面:2222222)
keepalived主服務器:192.168.174.9
keepalived從服務器:192.168.174.10
VIP:192.168.16.8
操作系統:centos7.3???iptables關閉和selinux為disabled
兩臺keepalived主機的設置
? ? ? 1��、配置HAProxy:新加進來的192.168.16.9也要和之前的haproxy做同樣的配置�。
? 2�����、?haproxy服務器兩臺機均安裝keepalived
#安裝依賴文件與keepalive
# yum install -y openssl openssl-devel keepalived
keepalived主服務器配置文件
[root@sheng0?~]#?cat?/etc/keepalived/keepalived.conf
!?Configuration?File?for?keepalived
global_defs?{
????router_id?LVS_R1
}
vrrp_strict?chk_http_port?{
?????????script?"/opt/script/check_haproxy.sh"
?????????interval?2
?????????weight???2
}
vrrp_instance?VI_1?{
????state?MASTER
??interface?ens33
??virtual_router_id?88
??priority?100
??advert_int?1
??authentication?{
?????auth_type?PASS
?????auth_pass?1111
??}
??virtual_ipaddress?{
?????192.168.16.8
??}
??track_script?{
?????check_haproxy
??}
}
keepalived從服務器配置文件
[root@sheng1?/]#?cat?/etc/keepalived/keepalived.conf
!?Configuration?File?for?keepalived
global_defs?{
????router_id?LVS_R2
}
vrrp_strict?chk_http_port?{???????????#?Haproxy監控腳本
???????script?"/opt/script/check_haproxy.sh"
???????interval?2
???????weight?2
}
vrrp_instance?VI_1?{
????state?BACKUP
??interface?ens33
??virtual_router_id?88
??priority?80
??advert_int?1
??authentication?{
??????auth_type?PASS
???????auth_pass?1111
??}
??virtual_ipaddress?{
??????192.168.16.8
??}
??track_script?{
??????check_haproxy
??}
}
keepalived主從配置文件依舊只有很小差別���,在這里只有priority和router_id不同�����,在這里用到了一個檢測haproxy存活性的腳本�����,主從配置文件都有且相同
[root@sheng1?script]#?cat?check_haproxy.sh?
#!/bin/bash
if?[?$(ps?-C?haproxy?--no-header?|?wc?-l)?-eq?0?];then
??????/etc/init.d/haproxy?start
fi
sleep?2
if?[?$(ps?-C?haproxy?--no-header?|?wc?-l)?-eq?0?];then
??????/etc/init.d/haproxy?stop
fi
*******************************************************************************************************************
附錄:
haproxy配置文件:
global
????log????????127.0.0.1?local2
????chroot??????/var/lib/haproxy
????pidfile?????/var/run/haproxy.pid
????maxconn?????4000
????user???????haproxy
????group???????haproxy
????daemon
????stats?socket?/var/lib/haproxy/stats
defaults
????mode????????????????http
????log????????????????global
????option??????????????httplog
????option??????????????dontlognull
????option?http-server-close
????option?forwardfor???????except?127.0.0.0/8
????option??????????????redispatch
????retries??????????????3
????timeout?http-request??????10s
????timeout?queue??????????1m
????timeout?connect?????????10s
????timeout?client?????????1m
????timeout?server?????????1m
????timeout?http-keep-alive?10s
????timeout?check??????????10s
????maxconn??????????????3000
listen?stats_auth
????bind?192.168.16.10:8000
????stats?uri?/status
????stats?auth?admin:westos
????stats?refresh?5s
????stats?hide-version
????listen?www.jzz.nginx?*:8088
????server?web1?192.168.16.11:80?cookie?app1inst1?check?inter?2000?rise?2?fall?5
????listen?www.jzztest.org?*:8089
????server?web2?192.168.16.12:80?cookie?app1inst2?check?inter?2000?rise?2?fall?5
????listen?localhost.localdomain?*:80
????balance?roundrobin
frontend??main?*:5000
????acl?url_static???????path_beg???????-i?/static?/images?/javascript?/stylesheets
????acl?url_static???????path_end???????-i?.jpg?.gif?.png?.css?.js
????use_backend?static??????????if?url_static
????default_backend?????????????app
backend?static
????balance?????roundrobin
????server??????static?127.0.0.1:4331?check
backend?app
????balance?????roundrobin
????server??app1?127.0.0.1:5001?check
????server??app2?127.0.0.1:5002?check
????server??app3?127.0.0.1:5003?check
????server??app4?127.0.0.1:5004?check
推廣:haproxy+keepalived(主主模式)實現高可用環境的簡單配置
https://blog.51cto.com/sf1314/2384572?
