haproxy和keepalived配置方法-创新互联

haproxy和keepalived

# 架构一 两台服务器,不能使用与业务相同端口,不能代理原有业务的ssl
websrv1:8080/8443  haproxy1:80/443   keepalived1-master
websrv2:8080/8443  haproxy1:80/443   keepalived1-backup

# 架构二 四台服务器,可以使用与业务相同端口,不能代理原有业务的ssl
websrv1:8080/8443
websrv2:8080/8443
haproxy1:8080/8443   keepalived1-master
haproxy2:8080/8443   keepalived1-backup

实验按架构一部署,架构二基本类似

1. soft install

yum install -y haproxy keepalived openssl
systemctl enable haproxy keepalived && systemctl restart haproxy keepalived

2. keepalived (只做HA Keepalived可以单独配置)

vi /etc/keepalived/keepalived.conf

青田网站制作公司哪家好,找成都创新互联!从网页设计、网站建设、微信开发、APP开发、响应式网站开发等网站项目制作,到程序开发,运营维护。成都创新互联成立与2013年到现在10年的时间,我们拥有了丰富的建站经验和运维经验,来保证我们的工作的顺利进行。专注于网站建设就选成都创新互联
  • MASTER (keepalived1-master)
! Configuration File for keepalived

global_defs {
  notification_email {
   acassen@firewall.loc
   failover@firewall.loc
   sysadmin@firewall.loc
  }
  router_id LVS_DEVEL
#  vrrp_strict

}

vrrp_instance VI_1 {
   state MASTER
#  config with right interface name
   interface eth0
   virtual_router_id 51
   priority 110
   advert_int 1
   authentication {
     auth_type PASS
     auth_pass 1111
   }
   virtual_ipaddress {
     10.10.80.50/24
   }
}
  • BACKUP (keepalived2-slave)
! Configuration File for keepalived

global_defs {
  notification_email {
   acassen@firewall.loc
   failover@firewall.loc
   sysadmin@firewall.loc
  }
  router_id LVS_DEVEL
#  vrrp_strict
}

vrrp_instance VI_1 {
   state BACKUP
#  config with right interface name
   interface eth0
   virtual_router_id 51
   priority 100
   advert_int 1
   authentication {
     auth_type PASS
     auth_pass 1111
   }
   virtual_ipaddress {
     10.10.80.50/24
   }
}

# check config

systemctl restart keepalived

3. haproxy config (haproxy1 / haproxy2)

vi /etc/haproxy/haproxy.cfg

external-check need haproxy >1.6

global 
  log /dev/log local0 
  log /dev/log local1 notice 
  stats timeout 30s 
#  external-check 
  user haproxy 
  group haproxy 
  tune.ssl.default-dh-param 4096 
  daemon 

defaults 
  log global 
  mode http 
  option httplog 
  option dontlognull 
  timeout connect 5000 
  timeout client 50000 
  timeout server 50000 
  stats uri /haproxy?stats 

frontend http_front 
  bind :80 
  bind :443 ssl crt /etc/ssl/server.pem 
  default_backend http_back 

backend http_back 
  balance roundrobin 
  cookie SERVERID maxidle 30m maxlife 12h insert indirect nocache 
#  option external-check 
#  external-check command /bin/haproxy/etxstat.sh 
#  external-check path "/usr/bin:/bin" 
  server etx1 10.10.80.51:8080 check cookie etx1
  server etx2 10.10.80.52:8080 check cookie etx2

4. ssl pam 配置

cd /etc/ssl
openssl req -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt -days 365
cat server.crt server.key | tee server.pem 

# sync pem srv1 -> srv2
scp haproxy1:/etc/ssl/server.pem haprox2:/etc/ssl/

5. haproxy check config

vi /bin/haproxy/etxstat.sh

#!/bin/bash 
status=$(curl -s --user etxadmin:password http://$3:$4/etx/state) 
if [ "$status" = "RUNNING" ]; then 
  exit 0 
else 
  exit 1 
fi
  • check config
chmod a+x /bin/haproxy/etxstat.sh 
sudo -u haproxy /bin/haproxy/etxstat.sh
haproxy -c -V -f /etc/haproxy/haproxy.cfg
systemctl restart haproxy
http://ip:port/haproxy?stats

另外有需要云服务器可以了解下创新互联cdcxhl.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。


网站栏目:haproxy和keepalived配置方法-创新互联
路径分享:http://ybzwz.com/article/desecg.html