码迷,mamicode.com
首页 > 其他好文 > 详细

Haproxy+keepalived 高可用负载

时间:2016-04-17 23:22:06      阅读:462      评论:0      收藏:0      [点我收藏+]

标签:haproxy+keepalived   haproxy+keepalived高可用   haproxy+keepalived负载haproxy   

Haproxy+keepalived+apache

一、拓扑图:

技术分享

二、编译安装haproxy(两台机器一样安装)

  • 解压:tar zxvf haproxy-1.6.4.tar.gz

  • 编译:注意:下边的等号前边的参数必须大写

cd haproxy-1.6.4

        make TARGET=linux26 ARCH=x86_64 PREFIX=/usr/local/haproxy

        make install PREFIX=/usr/local/haproxy

  • 安装后,创建配置文件和启动文件

    mkdir -p /usr/local/haproxy/etc/haproxy

    cp examples/acl-content-sw.cfg/usr/local/haproxy/etc/haproxy/haproxy.cfg

    cp examples/haproxy.init /etc/init.d/haproxy

    chmod +x /etc/init.d/haproxy

  • 修改启动文件:

    vi /etc/init.d/haproxy

    修改BINCFG路径

    BIN=/usr/local/haproxy/sbin/$BASENAME

    CFG=/usr/local/etc/$BASENAME/$BASENAME.cfg

三、编辑配置文件(两台机器一样)

  • cd /usr/local/haproxy/etc/haproxy

  • cp haproxy.cfg haproxy.cfg.bak

  • vi haproxy.cfg

    

# This sampleconfiguration makes extensive use of the ACLs. It requires

# HAProxyversion 1.3.12 minimum.

 

global

        log        localhost   local3

        maxconn    250

        uid        71

        gid        71

        chroot     /usr/local/haproxy

        pidfile    /var/run/haproxy.pid

        daemon

        quiet

 

frontendhttp-in

        bind       :80

        mode       http

        log        global

        clitimeout 30000

        option     httplog

        option     dontlognull

        #option    logasap

        option     httpclose

        maxconn    100

 

        stats refresh 30s                  #统录脝鲁脙脳露炉刷脨时录盲     

        stats uri  /stats                  #统录脝鲁脙url           

        stats realm linuxidc-test-Haproxy    #统录脝鲁脙脙脗驴貌谩脦卤戮  

        stats auth admin:admin123          #统录脝鲁脙脫禄搂脙潞脥脺毛脰       

        stats hide-version

 

        capture request  header Host           len 20

        capture request  header User-Agent     len 16

        capture request  header Content-Length len 10

        capture request  header Referer        len 20

        capture response header Content-Lengthlen 10

 

        # block any unwanted source IPaddresses or networks

        acl forbidden_src src      0.0.0.0/7 224.0.0.0/3

        acl forbidden_src src_port 0:1023

        block if forbidden_src

 

        # block requests beginning with http://on wrong domains

        acl dangerous_pfx  url_beg -i http://

        acl valid_pfx      url_reg -i ^http://[^/]*1wt\.eu/

        block if dangerous_pfx !valid_pfx

 

        # block apache chunk exploit, ...

        acl forbidden_hdrshdr_sub(transfer-encoding) -i chunked

        acl forbidden_hdrs hdr_beg(host)              -i apache- localhost

 

        # ... some HTTP content smugling andother various things

        acl forbidden_hdrs hdr_cnt(host) gt 1

        acl forbidden_hdrshdr_cnt(content-length) gt 1

        acl forbidden_hdrshdr_val(content-length) lt 0

        acl forbidden_hdrshdr_cnt(proxy-authorization) gt 0

        block if forbidden_hdrs

 

        # block annoying worms that fill thelogs...

        acl forbidden_uris url_reg -i.*(\.|%2e)(\.|%2e)(%2f|%5c|/|\\\\)

        acl forbidden_uris url_sub -i %00<script xmlrpc.php

        acl forbidden_uris path_end -i/root.exe /cmd.exe /default.ida /awstats.pl .asp .dll

 

        # block other common attacks (awstats,manual discovery...)

        acl forbidden_uris path_dir -i chatmain.php read_dump.php viewtopic.php phpbb sumthin horde _vti_bin M

SOffice

        acl forbidden_uris url_reg -i(\.php\?temppath=|\.php\?setmodules=|[=:]http://)

        block if forbidden_uris

 

        # we rewrite the "options"request so that it only tries ‘*‘, and we

        # only report GET, HEAD, POST andOPTIONS as valid methods

        reqirep         ^OPTIONS\ /.*HTTP/1\.[01]$ OPTIONS\\\*\ HTTP/1.0

        rspirep         ^Allow:\ .* Allow:\ GET,\ HEAD,\POST,\ OPTIONS

 

        acl web   hdr_beg(host) -i www.abc.com

        use_backend     www  if web

 

backend www

        mode   http

        #source 192.168.11.13:0

        balance roundrobin

        cookie SERVERID

        server web01 192.168.1.13:80 checkinter 30000 fall 3 weight 10

        server web02 192.168.1.14:80 checkinter 30000 fall 3 weight 10

 

        # long timeout to support connectionqueueing

        contimeout      20000

        srvtimeout      20000

        fullconn 100

        redispatch

        retries 3

 

        option httpchk HEAD /

        option forwardfor

        option checkcache

        option httpclose

 

        # allow other syntactically validrequests, and block any other method

        acl valid_method method GET HEAD POSTOPTIONS

        block if !valid_method

        block if HTTP_URL_STAR !METH_OPTIONS

        block if !HTTP_URL_SLASH !HTTP_URL_STAR!HTTP_URL_ABS

 

        # remove unnecessary precisions on theserver version. Let‘s say

        # it‘s an apache under Unix on theFormilux Distro.

        rspidel         ^Server:\

        rspadd          Server:\ Apache\ (Unix;\Formilux/0.1.8)

# end ofdefaults

  • 配置日志相关步骤

haproxy.cfg 上边已经配置

log        localhost   local3

vi /etc/rsyslog.conf

去掉#

$ModLoad imudp

$UDPServerRun 514

local7.*下边添加以下内容:

local3.*                            /var/log/haproxy/haproxy.log

vi /etc/sysconfig/rsyslog

修改为:

SYSLOGD_OPTIONS="-r -m 0"

重启rsyslog和haproxy服务service rsyslog restart

service haproxy restart

日志文件:/var/log/haproxy/haproxy.log查看haproxy状态信息http://ip/stats 用户密码:admin:admin123

四、Web01web02安装httpd

    yum –y install httpd

    分别建立配置文件:

    Web01: vi /var/www/html/index.html

       Wo shi 13.

    Web02: vi /var/www/html/index.html

            Wo shi 14.

    两台都执行以下配置:

    关闭selinux

    vi /etc/sysconfig/selinux

    SELINUX=disabled

    重启

    service iptables stop

    chkconfig iptables off

    chkconfig httpd on

    service httpd start

    浏览器测试是否都能打开web01web02

    

技术分享      技术分享      

五、编译安装keepalived

  • 安装相关包:

    yum -y install openssl openssl-devel

  • 解压:

    tar zxvf keepalived-1.2.20.tar.gz

  • 编译

    cd keepalived-1.2.20

    ./configure --prefix=/usr/local/keepalived1.2.20

    make

    make install

  • 配置启动文件:

    cd /usr/local/keepalived1.2.20/

    cp etc/rc.d/init.d/keepalived /etc/init.d/

    vi /etc/init.d/keepalived

    修改三处:

    . /usr/local/keepalived1.2.20/etc/sysconfig/keepalived

    config="/usr/local/keepalived1.2.20/etc/keepalived/keepalived.conf"

    daemon keepalived -D -f $config

  • 配置keepalived.conf文件

    cd etc/keepalived/

    备份:cp keepalived.conf keepalived.conf.bak

    vi keepalived.conf

  • ln -s/usr/local/keepalived1.2.20/sbin/keepalived /usr/sbin/

  • 开启路由功能

    net.ipv4.ip_forward= 1

    开启IP转发功能 

    net.ipv4.ip_nonlocal_bind= 1

    开启允许绑定非本机的IP 

    如果使用LVSDR或者TUN模式结合Keepalived需要在后端真实服务器上特别设置两个arp相关的参数。这里也设置好。

    net.ipv4.conf.lo.arp_ignore= 1

    net.ipv4.conf.lo.arp_announce= 2

    net.ipv4.conf.all.arp_ignore= 1

    net.ipv4.conf.all.arp_announce= 2

  • 创建防止haproxy服务关闭导致keepalived不自动切换脚本

    cat /usr/local/keepalived1.2.20/check_haproxy.sh

    #!/bin/bash

    if [ $(ps-C haproxy --no-header | wc -l) -eq 0 ]; then

         /etc/init.d/haproxy  start

    fi

    sleep 2

    if [ $(ps-C haproxy --no-header | wc -l) -eq 0 ]; then

           /etc/init.d/keepalived stop

    fi

  • 启动服务

    service keepalived restart

  • ip addr查看有没有创建vip

    技术分享这时候备的keepalived是没有vip地址的:

    技术分享

  • 当主keepalived断掉,keepalived接管vip(这里停止服务模仿)


  • 技术分享

  • 技术分享

  • keepalived切换的时候,ping会丢一个包:

    • 当主keepalived关掉的时候,丢包:

技术分享

    • 当主keepalived恢复的时候,丢包:

技术分享


六、Haproxy本机测试www.abc.com访问

  • 由于是测试没有dns解析,临时做hosts解析记录:

技术分享

测试:curl www.abc.com测试两次,实现轮询

技术分享

七、客户端测试www.abc.com

  • Windows客户端测试,添加hosts记录

技术分享

浏览器访问www.abc.com访问两次,也成功实现轮询


技术分享

技术分享





本文出自 “杨栋豪” 博客,请务必保留此出处http://506554897.blog.51cto.com/2823970/1764842

Haproxy+keepalived 高可用负载

标签:haproxy+keepalived   haproxy+keepalived高可用   haproxy+keepalived负载haproxy   

原文地址:http://506554897.blog.51cto.com/2823970/1764842

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!