Loading... <h2 style="font-family: inherit;color: inherit;font-size: 2.15em;margin: 1.2em 0px 0.6em">HAProxy简介</h2> <p style="margin-top: 0px;margin-bottom: 1.1em"> HAProxy 是一个免费的,非常快速和可靠的解决方案,提供 高可用性, 负载均衡和代理对TCP和HTTP的应用程序。它特别适用于非常大流量网站。多年来,它已成为标准开源的负载均衡,现在随最主流的Linux发行版,并且通常默认的云平台部署。</p> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px"><img src="//cto.wang/usr/uploads/2016/07/20160703180932-75.gif" alt="haproxy | center" longdesc="./haproxy-pmode.png" /></p> <p style="text-align:center"><img src="//cto.wang/usr/uploads/2016/07/20160703180932-22.png" title="1460784760645432.png" alt="haproxy-pmode.png" /></p> </blockquote> <hr /> <h2 style="font-family: inherit;color: inherit;font-size: 2.15em;margin: 1.2em 0px 0.6em">实验描述</h2> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">1、本实验主要是在前端放置两台通过<code>Keepalived做了高可用的HAProxy</code>反向代理服务器,并实现后端Web站点的<code>动静分离</code>。</h5> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">2、主机列表</h5> <table> <thead> <tr class="firstRow"> <th align="left">节点名称</th> <th align="right">eth0</th> <th align="center">eth1</th> <th align="center">虚拟IP</th> <th align="center">主要功能</th> </tr> </thead> <tbody> <tr> <td align="left" style="padding: 0.5em;vertical-align: top">node1</td> <td align="right" style="padding: 0.5em;vertical-align: top">172.16.100.1</td> <td align="center" style="padding: 0.5em;vertical-align: top">192.168.1.11</td> <td align="center" style="padding: 0.5em;vertical-align: top">192.168.1.10</td> <td align="center" style="padding: 0.5em;vertical-align: top">HAProxy Active</td> </tr> <tr> <td align="left" style="padding: 0.5em;vertical-align: top">node2</td> <td align="right" style="padding: 0.5em;vertical-align: top">172.16.100.2</td> <td align="center" style="padding: 0.5em;vertical-align: top">192.168.1.12</td> <td align="center" style="padding: 0.5em;vertical-align: top">192.168.1.10</td> <td align="center" style="padding: 0.5em;vertical-align: top">HAProxy Backup</td> </tr> <tr> <td align="left" style="padding: 0.5em;vertical-align: top">node3</td> <td align="right" style="padding: 0.5em;vertical-align: top">172.16.100.3</td> <td align="center" style="padding: 0.5em;vertical-align: top"></td> <td align="center" style="padding: 0.5em;vertical-align: top"></td> <td align="center" style="padding: 0.5em;vertical-align: top">HTTP Static</td> </tr> <tr> <td align="left" style="padding: 0.5em;vertical-align: top">node4</td> <td align="right" style="padding: 0.5em;vertical-align: top">172.16.100.4</td> <td align="center" style="padding: 0.5em;vertical-align: top"></td> <td align="center" style="padding: 0.5em;vertical-align: top"></td> <td align="center" style="padding: 0.5em;vertical-align: top">HTTP Dynamic</td> </tr> </tbody> </table> <hr /> <h2 style="font-family: inherit;color: inherit;font-size: 2.15em;margin: 1.2em 0px 0.6em">详细配置</h2> <h4 style="font-family: inherit;color: inherit;font-size: 1.25em;margin: 1.2em 0px 0.6em">一、基本配置</h4> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">1、所有节点的<code>/etc/hosts</code>解析</h5> <pre>127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.16.100.1 node1 node1.redhat.com 172.16.100.2 node2 node2.redhat.com 172.16.100.3 node3 node3.redhat.com 172.16.100.3 node3 node3.redhat.com</pre> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">2、ssh互信</h5> <p style="margin-top: 0px;margin-bottom: 1.1em">node1</p> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node1 ~]# ssh-keygen -t rsa -P “”<br />[root@node1 ~]# ssh-copy-id -i .ssh/id_rsa.pub node2</p> </blockquote> <p style="margin-top: 0px;margin-bottom: 1.1em">node2</p> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node2 ~]# ssh-keygen -t rsa -P “”<br />[root@node2 ~]# ssh-copy-id -i .ssh/id_rsa.pub node1</p> </blockquote> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">3、时间同步</h5> <p style="margin-top: 0px;margin-bottom: 1.1em">node1</p> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node1 ~]# ntpdate 172.16.0.254</p> </blockquote> <p style="margin-top: 0px;margin-bottom: 1.1em">node2</p> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node2 ~]# ntpdate 172.16.0.254</p> </blockquote> <p style="margin-top: 0px;margin-bottom: 1.1em">查看时间是否同步</p> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node1 ~]# date;ssh node2 ‘date’<br />Sat Apr 16 10:59:11 CST 2016<br />Sat Apr 16 10:59:11 CST 2016</p> </blockquote> <hr /> <h4 style="font-family: inherit;color: inherit;font-size: 1.25em;margin: 1.2em 0px 0.6em">二、配置node1与node2节点的KeepAlived服务</h4> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">1、在两个上’安装keepalived</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node1 ~]# yum install keepalived -y;ssh node2 ‘yum install keepalived -y’</p> </blockquote> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">2、在node1上编辑配置文件</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node1 ~]# vim /etc/keepalived/keepalived.conf</p> </blockquote> <pre>global_defs { notification_email { root@localhost } notification_email_from admin@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_script chk_maintanance { script "[ -f /etc/keepalived/down ] && exit 1 || exit 0" interval 3 weight -20 } vrrp_instance VI_1 { state MASTER #配置为主节点 interface eth1 #将虚拟IP配置在eth1接口 virtual_router_id 51 priority 100 #权重为100 advert_int 1 authentication { auth_type PASS auth_pass 5cd403375c990da360bcaf06 #认证密码,与所有节点的要保持一致 } virtual_ipaddress { 192.168.1.10 #虚拟IP地址 } track_script { chk_maintanance } }</pre> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">3、复制配置文件到node2</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node1 ~]# scp /etc/keepalived/keepalived.conf node2:/etc/keepalived/keepalived.conf</p> </blockquote> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">4、在node2上修改配置文件为<code>BACKUP</code>节点</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node2 ~]# vim /etc/keepalived/keepalived.conf</p> </blockquote> <pre>global_defs { notification_email { root@localhost } notification_email_from admin@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_script chk_maintanance { script "[ -f /etc/keepalived/down ] && exit 1 || exit 0" interval 3 weight -20 } vrrp_instance VI_1 { state BACKUP #配置为备用节点 interface eth1 #将虚拟IP配置在eth1接口 virtual_router_id 51 priority 99 #权重为99 advert_int 1 authentication { auth_type PASS auth_pass 5cd403375c990da360bcaf06 #认证密码,与所有节点的要保持一致 } virtual_ipaddress { 192.168.1.10 #虚拟IP地址 } track_script { chk_maintanance } }</pre> <hr /> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">5、将两个节点的<code>keepalived</code>服务启动</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node1 ~]# service keepalived start;ssh node2 ‘service keepalived start’</p> </blockquote> <hr /> <h4 style="font-family: inherit;color: inherit;font-size: 1.25em;margin: 1.2em 0px 0.6em">三、配置node1与node2节点的HAProxy服务</h4> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">1、在两个节点上安装haproxy</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node1 ~]# yum install haproxy -y;ssh node2 ‘yum install haproxy -y’</p> </blockquote> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">2、在node1上编辑配置文件</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node1 ~]# vim /etc/haproxy/haproxy.cfg</p> </blockquote> <pre>global log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon stats socket /var/lib/haproxy/stats defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 frontend main *:80 acl url_static path_beg -i /static /images /javascript /stylesheets #静态内容的ACL规则 acl url_static path_end -i .jpg .gif .png .css .js #静态内容的ACL规则 use_backend static if url_static #如果符合静态内容的acl,那么就使用static服务器。 default_backend dynamic #没有被静态内容的ACL匹配到的请求,都将使用dynamic服务器 backend static balance roundrobin #轮调算法, server node3 172.16.100.3:80 check #静态服务器地址 backend dynamic balance roundrobin #轮调算法 cookie SRV_ID insert nocache #做cookie绑定 server node4 172.16.100.4:80 check cookie node4 #动态服务器地址,并设置cookie value</pre> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">4、<code>编辑rsyslog</code>文件,使haproxy的日志配置生效</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node1 ~]# vim /etc/rsyslog.conf</p> </blockquote> <pre>$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imklog # provides kernel logging support (previously done by rklogd) $ModLoad imudp #工作在udp协议 $UDPServerRun 514 #允许514端口接收使用UDP协议转发过来的日志 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $IncludeConfig /etc/rsyslog.d/*.conf *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg * uucp,news.crit /var/log/spooler local7.* /var/log/boot.log local2.* /var/log/haproxy.log #与haproxy里面的日志设置相对应</pre> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">5、将修改好的配置文件复制到node2</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node1 ~]# scp /etc/rsyslog.conf node2:/etc/rsyslog.conf<br />[root@node1 ~]# scp /etc/haproxy/haproxy.cfg node2:/etc/haproxy/haproxy.cfg</p> </blockquote> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">6、<code>启动haproxy</code>服务并<code>重启rsyslog</code>服务</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node1 ~]# service haproxy start;ssh node2 ‘service haproxy start’<br />[root@node1 ~]# service rsyslog restart;ssh node2 ‘service rsyslog restart’</p> </blockquote> <hr /> <h4 style="font-family: inherit;color: inherit;font-size: 1.25em;margin: 1.2em 0px 0.6em">四、配置静态站点</h4> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">1、<code>node3安装httpd</code>服务</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node3 ~]# yum install httpd -y</p> </blockquote> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">2、在<code>/var/www/html/</code>目录下准备一张图片</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node3 ~]# ls /var/www/html/<br />magedu.png</p> </blockquote> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">3、启动httpd服务</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node3 ~]# service httpd start</p> </blockquote> <hr /> <h4 style="font-family: inherit;color: inherit;font-size: 1.25em;margin: 1.2em 0px 0.6em">五、配置动态站点</h4> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">1、<code>node4安装httpd和php</code>服务</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node3 ~]# yum install httpd php -y</p> </blockquote> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">2、在<code>/var/www/html/</code>目录下准备一个<code>index.php</code>文件</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node4 ~]# vim /var/www/html/index.php</p> </blockquote> <pre><html> <head><title>Welcome to magedu.com</title></head> <body> <img src="/magedu.png"/> <?php echo "<h1>Welcome to Magedu</h1>"; ?> </body> </html></pre> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">3、启动httpd服务</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px">[root@node3 ~]# service httpd start</p> </blockquote> <hr /> <h2 style="font-family: inherit;color: inherit;font-size: 2.15em;margin: 1.2em 0px 0.6em">实验测试</h2> <h4 style="font-family: inherit;color: inherit;font-size: 1.25em;margin: 1.2em 0px 0.6em">一、KeepAlived为HAProxy实现高可用的测试</h4> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">1、首先查看<code>MASTER</code>节点的虚拟IP是否配置成功</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px"><img src="//cto.wang/usr/uploads/2016/07/20160703180932-75.gif" alt="Alt text" longdesc="./MASTER_IP.jpg" /><img src="//cto.wang/usr/uploads/2016/07/20160703180932-45.jpg" title="1460784787198251.jpg" alt="MASTER_IP.jpg" /></p> </blockquote> <p style="margin-top: 0px;margin-bottom: 1.1em">可以看到虚拟IP在eth1接口上配置成功</p> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">2、打开浏览器,输入虚拟地址进行测试</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px"><img src="//cto.wang/usr/uploads/2016/07/20160703180932-75.gif" alt="Alt text" longdesc="./1.gif" /><img src="//cto.wang/usr/uploads/2016/07/20160703180932-11.gif" title="1460784794226408.gif" alt="1.gif" /></p> </blockquote> <p style="margin-top: 0px;margin-bottom: 1.1em">测试没有问题</p> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">3、将node1节点down掉,查看<code>BACKUP</code>节点状态</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 1.1em">[root@node1 ~]# touch /etc/keepalived/down</p> <p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px"><img src="//cto.wang/usr/uploads/2016/07/20160703180932-75.gif" alt="Alt text" longdesc="./BACKUP_IP.jpg" /><img src="//cto.wang/usr/uploads/2016/07/20160703180933-49.jpg" title="1460784802801558.jpg" alt="BACKUP_IP.jpg" /></p> </blockquote> <p style="margin-top: 0px;margin-bottom: 1.1em">虚拟IP转移到了node2</p> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">4、刷新浏览器,看是否还能继续访问</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px"><img src="//cto.wang/usr/uploads/2016/07/20160703180932-75.gif" alt="Alt text" longdesc="./2.gif" /><img src="//cto.wang/usr/uploads/2016/07/20160703180933-92.gif" title="1460784806974585.gif" alt="2.gif" /></p> </blockquote> <p style="margin-top: 0px;margin-bottom: 1.1em">测试没有问题</p> <hr /> <h4 style="font-family: inherit;color: inherit;font-size: 1.25em;margin: 1.2em 0px 0.6em">二、Web网站的动静分离测试</h4> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">1、打开浏览器,按F12打开调试工具,输入虚拟地址,查看资源是否都被加载</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px"><img src="//cto.wang/usr/uploads/2016/07/20160703180932-75.gif" alt="Alt text" longdesc="./3.gif" /><img src="//cto.wang/usr/uploads/2016/07/20160703180933-98.gif" title="1460784815945054.gif" alt="3.gif" /></p> </blockquote> <p style="margin-top: 0px;margin-bottom: 1.1em">网页文件与图片资源都加载成功</p> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">2、关闭node3的httpd服务,测试是否还能继续加载资源</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 1.1em">[root@node3 ~]# service httpd stop</p> <p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px"><img src="//cto.wang/usr/uploads/2016/07/20160703180932-75.gif" alt="Alt text" longdesc="./4.gif" /><img src="//cto.wang/usr/uploads/2016/07/20160703180933-98-1.gif" title="1460784822989905.gif" alt="4.gif" /></p> </blockquote> <p style="margin-top: 0px;margin-bottom: 1.1em">当静态服务器停止服务后,图片资源加载不到了</p> <h5 style="font-family: inherit;color: inherit;font-size: 1em;margin: 1.2em 0px 0.6em">3、将node3的httpd服务恢复,测试是否还能继续加载资源</h5> <blockquote><p style="margin-top: 0px;font-size: 1em;margin-bottom: 1.1em">[root@node3 ~]# service httpd start</p> <p style="margin-top: 0px;font-size: 1em;margin-bottom: 0px"><img src="//cto.wang/usr/uploads/2016/07/20160703180932-75.gif" alt="Alt text" longdesc="./5.gif" /><img src="//cto.wang/usr/uploads/2016/07/20160703180933-9.gif" title="1460784829892372.gif" alt="5.gif" /></p> </blockquote> <p style="margin-top: 0px;margin-bottom: 1.1em">当静态服务器恢复服务后,图片资源又能正常加载了</p> <hr /> <h2 style="font-family: inherit;color: inherit;font-size: 2.15em;margin: 1.2em 0px 0.6em">实验总结</h2> <p style="margin-top: 0px;margin-bottom: 1.1em"> 在<code>backend dynamic</code>里面,我加入了cookie绑定,但服务器只有一台,这是为了做实验方便,有兴趣的同学可以多加入几台服务器,测试下cookie绑定的效果,还是很不错的。实验就做到这里,如果在实验过程中有问题,可以在评论区留言交流。</p> <hr /> <p></p> 最后修改:2021 年 12 月 10 日 10 : 53 AM © 允许规范转载 赞赏 如果觉得我的文章对你有用,请随意赞赏 赞赏作者 支付宝微信