高可用keepalived+haproxy:
实验环境:
clientIP为:172.18.254.149
VIRROUTEIP为:172.18.61.5
keepalived+haproxy机器1IP为172.18.61.1
keepalived+haproxy机器2IP为172.18.61.2
server1IP为172.18.61.3
server2IP为172.18.61.4
实验示意图:
实验功能:
前端2台haproxy对后端2台server的web服务做反向代理,并且实现动静态页面的分离,而对于haproxy机器,我们借用keepalived做高可用,解决前端代理服务器的单点故障,并且让haproxy只能通过本机登陆haproxy stats的管理界面。
实验步骤:
1.为两台后端服务器安装httpd服务,172.18.0.63和172.18.0.64的80端口分别提高html静态页面
yum -y install httpd
2.为172.18.61.1安装httpd服务,并将端口改为8080,将该机器设置为haproxy的backup server
3.分别为172.18.61.2和172.18.61.4安装httpd服务。并将它们的端口8080做成虚拟主机,部署动态内容,放入以.php结尾的文件作为测试界面
4.在两台frontend server 上分别安装keepalived和haproxy
yum -y install haproxy keepalived
5.2台机器都配置keepalived,编辑/etc/keepalived/keepalived.conf
第一台做master,配置如下:
global_defs {
notification_email {
root@localhost
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id haproxy
}
vrrp_instance haproxy {
state MASTER
interface enp0s3
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.61.5/16
}
}
第二台做backup,配置如下:
vrrp_instance haproxy {
state BACKUP
interface enp0s3
virtual_router_id 51
priority 95
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.61.5/16
}
}
启动并测试keepalived,看IP地址是否能够发生漂移。
6.配置两台机器的haproxy服务,并实现动静分离,编辑/etc/haproxy/haproxy.cfg
frontend main
bind *:80
#acl invalid_src src 172.18.254.149
#block if invalid_src
#errorfile 403 /etc/haproxy/403.html
reqadd Via:\ yilei-dw3
#acl curl_agent hdr_sub(User-Agent) -i curl
#use_backend curlbe if curl_agent
acl phpapp path_end -i .php
use_backend dysrvs if phpapp
default_backend websrvs
backend dysrvs
balance roundrobin
server web3 172.18.61.4:8080 check
server web5 172.18.61.2:8080 check
backend websrvs
#balance hdr(User-Agent)
balance roundrobin
#cookie websrv insert nocache
#server web1 172.18.61.3:80 check cookie web1
server web1 172.18.61.3:80 check weight 1
#server web2 172.18.61.2:80 check cookie web2
#server web2 172.18.61.2:80 check redir http://www.baidu.com weight 2
server web2 172.18.61.4:80 check weight 1
server web4 172.18.61.1:8080 backup check
listen stats
bind 127.0.0.1:10080
stats enable
stats uri /haproxyadmin?stats
stats realm ‘haproxy auth’
stats auth yilei:centos
stats admin if TRUE
7.在client上测试。
原创文章,作者:yilei-dw3,如若转载,请注明出处:http://www.178linux.com/76104
