haproxy和keepalived配置方法-创新互联
haproxy和keepalived
# 架构一 两台服务器,不能使用与业务相同端口,不能代理原有业务的ssl
websrv1:8080/8443 haproxy1:80/443 keepalived1-master
websrv2:8080/8443 haproxy1:80/443 keepalived1-backup
# 架构二 四台服务器,可以使用与业务相同端口,不能代理原有业务的ssl
websrv1:8080/8443
websrv2:8080/8443
haproxy1:8080/8443 keepalived1-master
haproxy2:8080/8443 keepalived1-backup
实验按架构一部署,架构二基本类似
1. soft install
yum install -y haproxy keepalived openssl
systemctl enable haproxy keepalived && systemctl restart haproxy keepalived
2. keepalived (只做HA Keepalived可以单独配置)
vi /etc/keepalived/keepalived.conf
青田网站制作公司哪家好,找成都创新互联!从网页设计、网站建设、微信开发、APP开发、响应式网站开发等网站项目制作,到程序开发,运营维护。成都创新互联成立与2013年到现在10年的时间,我们拥有了丰富的建站经验和运维经验,来保证我们的工作的顺利进行。专注于网站建设就选成都创新互联。
- MASTER (keepalived1-master)
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
router_id LVS_DEVEL
# vrrp_strict
}
vrrp_instance VI_1 {
state MASTER
# config with right interface name
interface eth0
virtual_router_id 51
priority 110
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.10.80.50/24
}
}
- BACKUP (keepalived2-slave)
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
router_id LVS_DEVEL
# vrrp_strict
}
vrrp_instance VI_1 {
state BACKUP
# config with right interface name
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.10.80.50/24
}
}
# check config
systemctl restart keepalived
3. haproxy config (haproxy1 / haproxy2)
vi /etc/haproxy/haproxy.cfg
external-check need haproxy >1.6
global
log /dev/log local0
log /dev/log local1 notice
stats timeout 30s
# external-check
user haproxy
group haproxy
tune.ssl.default-dh-param 4096
daemon
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
stats uri /haproxy?stats
frontend http_front
bind :80
bind :443 ssl crt /etc/ssl/server.pem
default_backend http_back
backend http_back
balance roundrobin
cookie SERVERID maxidle 30m maxlife 12h insert indirect nocache
# option external-check
# external-check command /bin/haproxy/etxstat.sh
# external-check path "/usr/bin:/bin"
server etx1 10.10.80.51:8080 check cookie etx1
server etx2 10.10.80.52:8080 check cookie etx2
4. ssl pam 配置
cd /etc/ssl
openssl req -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt -days 365
cat server.crt server.key | tee server.pem
# sync pem srv1 -> srv2
scp haproxy1:/etc/ssl/server.pem haprox2:/etc/ssl/
5. haproxy check config
vi /bin/haproxy/etxstat.sh
#!/bin/bash
status=$(curl -s --user etxadmin:password http://$3:$4/etx/state)
if [ "$status" = "RUNNING" ]; then
exit 0
else
exit 1
fi
- check config
chmod a+x /bin/haproxy/etxstat.sh
sudo -u haproxy /bin/haproxy/etxstat.sh
haproxy -c -V -f /etc/haproxy/haproxy.cfg
systemctl restart haproxy
http://ip:port/haproxy?stats
另外有需要云服务器可以了解下创新互联cdcxhl.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。
网站栏目:haproxy和keepalived配置方法-创新互联
路径分享:http://ybzwz.com/article/desecg.html