Detailed explanation of haproxy+keepalive+nginx
- One: haproxy installation process:
- Two: keepalived installation process: (you can skip the eighth step for yum installation)
-
- 1. configure executes the configuration command
- 2. Compile make
- 3. Installation
- 4. Make soft links or copy files directly
- 5. Create the etc directory
- 6. Modify the keepalived log storage path.
- 7. Guarantee that the service starts automatically
- 8. Keepalived active and standby configuration files
- 9. Start keepalived
The following direct yum install keepalived -y can be accessed for the inability to access the external network server, and then skip to the sixth step
to download and install keepalive: https://www.keepalived.org/software/keepalived-2.2.4.tar.gz
One: haproxy installation process:
Package address: https://src.fedoraproject.org/repo/pkgs/haproxy/
1. yum installation
yum install haproxy keepalived -y
2. Detailed configuration of haproxy.conf
global
# 全局配置部分,用于设置 HAProxy 的一般设置
log /dev/log local0 # 将日志记录到本地
log /dev/log local1 notice # 将日志记录到本地,只记录严重级别的信息
chroot /var/lib/haproxy # 将 HAProxy 进程的根目录更改为指定目录
maxconn 4000 #最大连接数4000,默认1024
user haproxy # 运行 HAProxy 进程的用户名
group haproxy # 运行 HAProxy 进程的用户组名
daemon # 以守护进程模式运行 HAProxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners # 启用 HAProxy 的统计信息,并指定统计信息的监听地址及权限等级
# 设置日志记录、用户和组以及统计信息设置
defaults
# 默认配置部分,用于定义默认的后端服务器和请求处理设置
log global # 将默认日志记录到全局日志
mode http # 默认请求模式为 HTTP(7层),tcp4层
option httplog # 开启 HTTP 请求日志
option dontlognull # 不记录请求响应为空的日志(健康检查)
option redispatch #某一台故障,强制转换
retries 3 #重试3次
timeout connect 5000 # 默认连接超时时间为 5 秒
timeout client 50000 # 默认客户端超时时间为 50 秒
timeout server 50000 # 默认后端服务器超时时间为 50 秒
# 定义了默认的后端服务器、请求模式和一些超时设置
frontend main
# 前端部分,用于定义监听器和负载均衡规则
bind *:80 # 监听所有 IP 地址的 80 端口
bind *:443 ssl crt /etc/haproxy/certs/ # 监听所有 IP 地址的 443 端口,并使用指定的证书
mode http # 请求模式为 HTTP
option http-server-close # 关闭服务器端的 HTTP 连接
option forwardfor # 启用 X-Forwarded-For 头信息
option http-pretend-keepalive # 开启 HTTP 长连接模式
# 监听端口、请求模式和其他 HTTP 选项
acl url_static path_beg -i /static /images /javascript /stylesheets # 定义 ACL 规则,用于匹配静态文件 URL 的路径前缀
acl url_static path_end -i .jpg .gif .png .css .js # 定义 ACL 规则,用于匹配静态文件 URL 的路径后缀
use_backend static if url_static # 如果请求 URL 匹配到 ACL 规则,则使用名为 static 的后端服务器池
default_backend app # 默认使用名为 app 的后端服务器池
# ACL 规则,用于匹配 URL,然后根据规则将请求路由到不同的后端服务器。
backend app
# 后端部分,用于定义后端服务器池
balance roundrobin # 使用轮询算法进行负载均衡
mode http # 请求模式为 HTTP
option http-server-close # 关闭服务器端的 HTTP 连接
option forwardfor # 启用 X-Forwarded-For 头信息
server web1 192.168.1.50:80 check
server web2 192.168.1.51:80 check
server web3 192.168.1.52:80 check
# 后端服务器池,定义了负载均衡策略、请求模式和服务器地址及健康检查
backend static
# 静态文件后端,用于缓存静态文件
balance roundrobin # 使用轮询算法进行负载均衡
mode http # 请求模式为 HTTP
option http-server-close # 关闭服务器端的 HTTP 连接
option forwardfor # 启用 X-Forwarded-For 头信息
option httpchk GET /check.txt # 使用 HTTP GET 请求进行健康检查,检查路径为 /check.txt
server static1 192.168.0.101:80 check # 定义名为 static1 的后端服务器,IP 地址为 192.168.0.101,端口为 80,开启健康检查
server static2 192.168.0.102:80 check # 定义名为 static2 的后端服务器,IP 地址为 192.168.0.102,端口为 80,开启健康检查
# 缓存静态文件的后端服务器池
The above configuration file is mainly divided into the following parts:
1. Global configuration section: set the general settings of HAProxy, such as log records, users and groups, statistics, etc.
2. Default configuration section: define the default backend server and request processing settings, such as timeout settings, request mode, etc.
3. Front-end part: define listeners and load balancing rules, such as listening ports, request modes, ACL rules, etc.
4. Backend part: define the backend server pool, including load balancing strategy, request mode, server address and health check, etc.
5. Static file backend: The backend server pool for caching static files uses the same settings as the backend part.
Two: keepalived installation process: (you can skip the eighth step for yum installation)
keepalived
1. Write configuration files, automatically execute ipvsadm configuration cluster
2. Health check
3. Floating vip vrrp routing hot backup
cd /usr/local
tar -zxvf keepalived-1.2.15.tar.gz
cd keepalived-1.2.15
1. configure executes the configuration command
./configure --prefix=/usr/local/keepalived
2. Compile make
The error is as follows:
Install:yum install -y openssl-*
Installation: yum -y install libnl libnl-devel
interface after success
3. Installation
make install
4. Make soft links or copy files directly
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/ #拷贝命令
##ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/keepalived#做软连接#
5. Create the etc directory
mkdir /etc/keepalived
6. Modify the keepalived log storage path.
·vim /etc/sysconfig/keepalived
#手动安装的两个都需要改,或改完直接拷贝
·vim /usr/local/keepalived/etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -d -S 0" #修改内容 -d备份配置文件数据,可加选参数-f
/var/log/keepalived.log
vim /etc/rsyslog.conf shift+g 到文末
keepalived -S 0
local0.* /var/log/keepalived.log #修改内容
重启rsyslog
Systemctl restart rsyslog
7. Guarantee that the service starts automatically
把源文件备份
mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf-bak
本地keepalived.conf-master、keepalived .conf-backup、nginx_check.sh(主备都需要)分别拷贝到主备服务器
/etc/keepalived/下(确认网卡是eth0)
需要修改conf文件中mcast_src_ip 10.10.3.14 #本机真实ip
virtual_ipaddress {
10.10.3.200 #设置vip,可以多个}
8. Keepalived active and standby configuration files
keepalived.conf-master
! Configuration File for keepalived
global_defs {
router_id web1 #路由器id,主备不一致
}
vrrp_script nginx_check {
script "/etc/keepalived/nginx_check.sh"
interval 2 #检测时间间隔
weight -2 #如果条件成立,权重 -20 对比主备权重优先级
}
vrrp_instance VI_1 {
state MASTER #标示状态为MASTER 备份机为BACKUP
interface eth0 #设置实力绑定网卡
virtual_router_id 51#主备VRID必须一致必须相同,多个集群识别分组
priority 100 #MASTER优先级必须高于backup:99
mcast_src_ip 10.10.3.14 #本机ip
advert_int 1 #MASTER与BACKUP负载均衡器之间同步检查的时间间隔,单位是秒
authentication {
#设置认证
auth_type PASS #认证方式
auth_pass 123456 #认证密码,主备必须一致
}
track_script {
#将track_script模块加入instance
nginx_check #执行nginx监控服务
}
virtual_ipaddress {
10.10.3.200 #设置vip,可以多个,每行一个
}
}
#virtual_server 10.10.3.200 8888 {
#自动配置lvs,ipvsadm -A VIP规则
# delay_loop 6
# lb_algo rr #算法wrr lc。。。
# lb_kind NAT #工作模式 DR TUN
# #persistence_timeout 50 #按时间保持连接
# protocol TCP
#
# real_server 10.10.3.14 8888 {
# weight 1
# TCP_CHECK {
#健康检查 tcp_check 检查端口 http_get 检查链接(url{
path,digest[MD5值]})
# connect_timeout 3
# retry 3
# delay_before_retry 3
# }
# }
# real_server 10.10.3.15 8888 {
# weight 2
# TCP_CHECK {
#健康检查 tcp_check 检查端口 http_get 检查链接
# connect_timeout 3
# retry 3
# delay_before_retry 3
# }
# }
#}
keepalived .conf-backup
! Configuration File for keepalived
global_defs {
router_id web2
}
vrrp_script nginx_check {
script "/etc/keepalived/nginx_check.sh"
interval 2 #检测时间间隔
weight -2 #如果条件成立,权重 -20 对比主备权重优先级
}
vrrp_instance VI_1 {
state BACKUP #标示状态为MASTER 备份机为BACKUP
interface eth0 #设置实力绑定网卡
virtual_router_id 51 #主备VRID必须一致必须相同
priority 99 #MASTER优先级必须高于backup:99
advert_int 1 #MASTER与BACKUP负载均衡器之间同步检查的时间间隔,单位是秒
mcast_src_ip 10.10.3.15
authentication {
#设置认证
auth_type PASS #认证方式
auth_pass 123456 #认证密码,主备必须一致
}
track_script {
#将track_script模块加入instance
nginx_check #执行nginx监控服务
}
virtual_ipaddress {
10.10.3.200 #设置vip,可以多个,
}
}
#virtual_server 10.10.3.200 8888 {
# delay_loop 6
# lb_algo rr
# lb_kind NAT
# persistence_timeout 50
# protocol TCP
#
# real_server 10.10.3.14 8888 {
# weight 1
# TCP_CHECK {
# connect_timeout 3
# retry 3
# delay_before_retry 3
# }
# }
# real_server 10.10.3.15 8888 {
# weight 2
# TCP_CHECK {
# connect_timeout 3
# retry 3
# delay_before_retry 3
# }
# }
#}
#
nginx_check.sh
#!/bin/sh
A=`ps -C nginx --no-header |wc -l`
if [ $A -eq 0 ];then
/usr/local/nginx/sbin/nginx
sleep 2
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived
fi
fi
Verification:
Master: ip a can see VIP under the eth0 network card, but not on the standby server.
9. Start keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
#systemctl启动默认从/etc/keepalived下找配置文件
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
chkconfig keepalived on//systemctl enable keepalived
service keepalived start//systemctl start keepalived
启动keepalived 后查看/var/log目录下是否存在keepalived。