首页 > 网络 > 其他 >

Haproxy+keepalivd+varnish+LAMP实验

2017-02-15

Haproxy+keepalivd+varnish+LAMP实验。

Haproxy+keepalivd+varnish+LAMP。

目 录

实验要求

实验前提

实验环境设计

拓扑结构

ip网络规划

基础环境配置

一、LAMP配置

1、HTTPD配置

2、Discuz安装

二、Haproxy配置:

Haproxy日志输出配置

三、Keepalived配置

四、Varnish 配置

五、修改web服务器日志配置

六、测试

1、客户端访问测试

2、客户端访问haprxoy监控页面测试

3、varnish缓存命中查看

4、后端服务器日志查看

5、重要 假设haproxy 不设置会话保持就会出现下面的情况

七、总结

实验要求

1、 动静分离部署Discuz,动静要实现负载均衡,注意会话问题;

2、 Haproxy和后端主机间添加Vanish缓存;

3、 Hapeoxy设计要求

  1. a、动静分离;

    b、stats page ,要求仅能通过本机主机使用管理接口;

    c、粉笔考虑不同服务组的调度算法;

    d、Haporxy高可用;

    4、 给出拓扑,写成博客;

    实验前提

    实验前需要关闭iptables及selinux;

    实验前做好时间同步

    实验环境设计

    拓扑结构

    根据以上要求本次实验给出以下拓扑:

    wKioL1igUDOCGsPxAACZAUz55ZM566.png

    ip网络规划

    根据拓扑需求以下为各服务器网络配置:

    注:1、因笔者笔记本性能问题dynamic-web组与static-web组分别用一台机器模拟;httpd虚拟主机实现;

    2、本实验环境未做mysql的高可用集群,因此本实验环境,将mysql安装在172.16.76.30服务器仅作实验环境需求;

    客户端ip:172.16.250.186;

    Haproxy1:172.16.76.10;

    Haproxy1:172.16.76.20;

    KeepalivedVIP1:172.16.76.100;

    KeepalivedVIP2:172.16.76.110;

    Varnish:172.16.76.60;

    dynamic-web1:172.16.76.30:80; dynamic-web1:172.16.76.30:8080;

    static-web1:172.16.76.40:80;同上

    static-web2:172.16.76.40:8080;

    Mysql:172.16.76.30:3306;

    注:以下主机名对应实验环境响应服务器

    node1:172.16.76.10;

    node2:172.16.76.20;

    node3:172.16.76.30;

    node4:172.16:76.40;

    node6:172.16.76.60;

    基础环境配置

    node1:

    [root@node1~]# yum install haproxy keepalived -y

    node2:

    [root@node2~]# yum install haproxy keepalived -y

    node3:

    [root@node3~]yum install mariadb-server httpd -y

    node4:

    [root@node4~]yum install httpd –y

    node6:

    [root@node6~]# yum install varnish -y

    一、LAMP配置

    1、HTTPD配置;

    首先现在先配置后端web服务;

    node3:

    [root@node3~]#cd/etc/httpd/conf.d/
    [root@node3conf.d]#vimvhost.conf
    
    DocumentRoot/apps/www/html/
    ServerNamewww.linuxinfo.top
    ErrorLoglogs/bbs-8080.error_log
    Customloglogs/bbs-8080.access_logcombined
    

    node4:

    [root@node4~]#cd/etc/httpd/conf.d/
    [root@node4conf.d]#vimvhost.conf
    
    DocumentRoot/apps/www/html/
    ServerNamewww.linuxinfo.top
    ErrorLoglogs/bbs-8080.error_log
    Customloglogs/bbs-8080.access_logcombined
    

    2、Discuz安装

    [root@node3~]#cd/var/www/html/
    [root@node3~]#unzipDiscuz_X3.3_SC_UTF8_0101.zip-dhtml
    [root@node3~]#chown-Rapache.apachehtml/

    wKioL1igUmzxlaiGAADBnHVYQMo993.jpg

    wKioL1igUmzwmIitAACbqvCIYpo645.jpg

    wKiom1igUm3x9qHnAACNj-xmb00823.jpg

    wKiom1igUm2j_I_oAACt8Cy84BU398.jpg

    wKioL1igUm2SR682AADItw3PRbU482.jpg

    Discuz在172.16.16.30:80安装成功;因172.16.76.30还配置虚拟主机8080;

    所以此处将已安装好的Discuz的html目录复制到8080虚拟主机即可;

    [root@node3 ~]#cp –R /var/www/html /apps/www/html

    为保证node4上static-web组网站配置相同将node3完整html目录打包传递到node4;

    node3

    root@node3~]#cd/var/www/
    [root@node3~]#tar–cvfhtml.tarhtml/
    [root@node3~]#scphtml.tar172.16.76.40:/var/www/
    [root@node3~]#scphtml.tar172.16.76.40:/apps/www/

    node4:

    [root@node4~]#cd/var/www/
    [root@node4www]#tar–xvfhtml.tar
    [root@node4www]#cd/apps/www
    [root@node4www]#tar–xvfhtml.tar
    注:因整个完整目录整体从172.16.76.30拷贝而来此处,所以需要修改mysql的连接地址;
    [root@node4~]#cd/var/www/
    [root@node4upload]#vimconfig/config_global.php
    $_config['db']['1']['dbhost']='172.16.76.30';#此处设置mysql地址;
    [root@node4upload]#vimconfig/config_ucenter.php
    define('UC_DBHOST','172.16.76.30');
    [root@node4upload]#vimuc_server/data/config.inc.php
    define('UC_DBHOST','172.16.76.30');
    即此处共计修改三个文件:
    config/config_global.php
    config/config_ucenter.php
    uc_server/data/config.inc.php
    同上:172.16.76.40:8080虚拟主机目录/apps/www/也需要修改以上三个文件。
    至此LAMP全部配置完成;
    
    

    写到这笔者想起来在172.16.76.30服务器上安装Discuz时其实可以配置数据库地址为172.16.76.30的这样后续复制网站目录时就不用修改那三个文件了wKioL1igUzuzzdzAAAAF24CQr4s996.pngwKioL1igUzuzzdzAAAAF24CQr4s996.pngwKioL1igUzuzzdzAAAAF24CQr4s996.png

    二、Haproxy配置:

    node1:

    [root@node1~]#cd/etc/haproxy/
    root@node1haproxy]#vimhaproxy.cfg
    global
    log127.0.0.1local2info#日志配置
    chroot/var/lib/haproxy
    pidfile/var/run/haproxy.pid
    maxconn4000
    userhaproxy
    grouphaproxy
    daemon
    #turnonstatsunixsocket
    statssocket/var/lib/haproxy/stats
    defaults
    modehttp
    logglobal
    optionhttplog
    optiondontlognull
    optionhttp-server-close
    optionforwardforexcept127.0.0.0/8
    optionredispatch
    retries3
    timeouthttp-request10s
    timeoutqueue1m
    timeoutconnect10s
    timeoutclient1m
    timeoutserver1m
    timeouthttp-keep-alive10s
    timeoutcheck10s
    maxconn3000
    frontendwww
    bind*:80
    modehttp
    optionforwardforheaderClient-IP
    logglobal
    配置:以.php结尾所有url调度至webser服务器组即:dyanamc-web组;
    以.css.js等结尾与usrl中包含/static/imagesd等字符的请求调至webser-static
    即:static-web服务器组中;
    aclweburl_end-i.php
    aclurl_staticurl_beg-i/static/images/javascript
    aclurl_staticurl_reg-i.js.*$.css.*$.jpg.*$.png.*$.gif.*$
    
    use_backendwebserifweb
    use_backendwebser-staticifurl_static
    default_backendwebser
    
    backendwebser
    modehttp
    optionredispatch
    optionabortonclose
    optionforwardforheaderClient-IP#将真实ip转发至后端web;http日志设置
    balancesource#source调度算法;会话保持(注:看最后测试)
    cookieSERVERID
    optionhttpchkGET/upload/forum.php
    serverweb1172.16.76.30:80cookieserver1weight6checkinter2000\
    rise2fall3
    serverweb2172.16.76.30:8080cookieserver1weight6checkinter2000\
    rise2fall3
    
    backendwebser-static
    serverweb1172.16.76.60:80checkinter2000rise2fall3
    
    listenadmin_stats
    bind*:9188
    modehttp
    statsrefresh30s
    statsuri/haproxy-status#配置监控页面url
    statsrealmwelcomelogin\Haproxy
    statsauthadmin:adminpass#监控界面验证用户密码
    statshide-version
    statsadminifTRUE
    aclclientsrc172.16.250.186
    blockunlessclient
    #此处配置除172.16.250.186ip之外其余ip禁止访问监控页面;
    
    [root@node1haproxy]#systemctlrestarthaproxy重启haproxy;
    因Haproxy配置高可用间此配置文件拷贝至node2即可;
    [root@node1haproxy]#scphaproxy.cfg172.16.76.20:/etc/haproxy

    node2:

    [root@node2~]#systemctl restart haproxy

    Haproxy日志输出配置

    1、node1

    [root@node1~]#vim/etc/rsyslog.d/haprxoy.conf
    $Modloadimudp
    $UDPServerRun514
    local2.*/var/log/haproxy/haproxy_info.log
    [root@node1~]#vim/etc/sysconfig/rsyslog
    SYSLOGD_OPTIONS="-c2-r-m0"#配置接收远程日志

    2、node2同上

    三、Keepalived配置

    node1:

    [root@node1~]#cd/etc/keepalived/
    [root@node1keepalived]#catkeepalived.conf
    !ConfigurationFileforkeepalived
    global_defs{
    notification_email{
    root@localhost
    }
    notification_email_fromkeepadmin@localhost
    smtp_server127.0.0.1
    smtp_connect_timeout30
    router_idnode1
    vrrp_mcast_group4224.0.76.100
    }
    vrrp_scriptcheck_haproxy{
    script"killall-0haproxy"
    interval2
    weight21
    }
    vrrp_instanceHAporxy_VIP1{
    stateMASTER#haproxy2即node2上为BACKUP
    interfaceeth0
    virtual_router_id100
    priority100
    advert_int1
    authentication{
    auth_typePASS
    auth_passtest1111
    }
    virtual_ipaddress{
    172.16.76.100/16deveth0labeleth0:0
    }
    notify_master"/etc/keepalived/notify.shmasterVIP1vrid100"
    notify_backup"/etc/keepalived/notify.shbackupVIP1vrid100"
    notify_fault"/etc/keepalived/notify.shfaultVIP1vrid100"
    track_script{
    check_haproxy
    }
    }
    vrrp_instanceHAprxoy_VIP2{
    stateBACKUP#haproxy2即node2上为MASTER
    interfaceeth0
    virtual_router_id110
    priority98
    advert_int1
    authentication{
    auth_typePASS
    auth_pass1111test
    }
    virtual_ipaddress{
    172.16.76.110/16deveth0labeleth0:1
    }
    notify_master"/etc/keepalived/notify.shmasterVIP2vrid110"
    notify_backup"/etc/keepalived/notify.shbackupVIP2vrid110"
    notify_fault"/etc/keepalived/notify.shfaultVIP2vrid110"
    
    track_script{
    check_haproxy
    }
    }

    notify.sh脚本

    notify.sh脚本
    #!/bin/bash
    #
    info="$2$3"
    contact='root@localhost'
    notify(){
    mailsubject="$(hostname)$infotobe$1,vipfloating"
    mailbody="$(date+'%F%T'):vrrptransition,$(hostname)$infochangedtobe$1"
    echo"$mailbody"|mail-s"$mailsubject"$contact
    }
    case$1in
    master)
    notifymaster$2$3
    ;;
    backup)
    notifybackup$2$3
    ;;
    fault)
    notifyfault$2$3
    ;;
    *)
    echo"Usage:$(basename$0){master|backup|fault}"
    exit1
    ;;
    esac

    将node1Keepalive的配置文件拷贝至node2一份(注:看配置文件注释修改)

    [root@node1~]# cd /etc/keepalived/

    [root@node1 keepalived]# scp keepalived.conf172.16.76.20:/etc/keepalived/

    node2

    一次启动node1 、 node2 Keepalived

    [root@node1 ~]# systemctl restartKeepalived

    [root@node2 ~]# systemctl restartKeepalived

    四、Varnish 配置:

    node6:

    [root@node6~]#cd/etc/varnish/
    [root@node6varnish]#catdefault.vcl
    vcl4.0;
    importdirectors;
    probestatic{
    .url="/upload/forum.php";
    .interval=5s;
    .timeout=1s;
    }
    backendweb1{
    .host="172.16.76.50";
    .port="8080";
    .probe=static;
    }
    backendweb2{
    .host="172.16.76.40";
    .port="8080";
    .probe=static;
    }
    subvcl_init{
    newwebser=directors.round_robin();
    webser.add_backend(web1);
    webser.add_backend(web2);
    }
    aclpurgers{
    "172.16.76.30"/32;
    "172.16.76.40"/32;
    }
    subvcl_purge{
    return(synth(200,"Purged"));
    }
    subvcl_recv{
    if(req.restarts==0){
    if(req.http.x-forwarded-for){
    setreq.http.X-Forwarded-For=req.http.X-Forwarded-For+","+client.ip;
    }else{
    setreq.http.X-Forwarded-For=client.ip;
    }
    }
    setreq.backend_hint=webser.backend();
    if(req.url~"\.(html|jpg|png|bmp|jpeg|gif|js|ico|swf|css)$"){
    unsetreq.http.cookie;
    }
    if(req.method=="PURGE"){
    if(!client.ip~purgers){
    return(synth(405,"Purgingnotallowedfor"+client.ip));
    }
    return(purge);
    }
    }
    
    subvcl_backend_response{
    }
    subvcl_deliver{
    if(obj.hits>0){
    setresp.http.X-Cache="HitVia"+""+server.ip;
    }else{
    setresp.http.X-Cache="MissVia"+""+server.ip;
    }
    }

    五、修改web服务器日志配置

    node3:

    [root@node3~]# vim /etc/httpd/conf/httpd.conf

    LogFormat"%{Client-ip}i %l %u %t \"%r\" %>s %b\"%{Referer}i\" \"%{User-Agent}i\"" combined

    node4:同上

    重启启动各个服务即可

    六、测试

    1、客户端访问测试

    wKiom1igVleQ1-U3AAC12InO-cM062.jpg

    wKioL1igVlmjWlrHAAC82PRgksY489.jpg

    2、客户端访问haprxoy监控页面测试

    wKioL1igVrzSxBXtAAEzz3s4_Ko287.jpg

    非客户端172.16.76.186访问测试

    wKiom1igVtuiAnzcAAA4Xy5H3cE889.jpg

    3、varnish缓存命中查看

    wKioL1igVvSBdkaGAAEDHg4BBQU356.jpg

    4、后端服务器日志查看

    wKiom1igVxiwgaDtAAKolNsRpPE830.jpg

    5、重要 假设haproxy 不设置会话保持就会出现下面的情况

    验证码输入正确,但是无法登录。这是因为session会话的原因;

    wKioL1igV0XB-PVcAABBIzkNKLI369.jpg

    七、总结

    本实验完成实现以下功能:

    1、Haproxy负载均衡

    2、Haproxy 监控页面访问控制

    3、varnish缓存

    4、动静分离

    5、会话保持

    本实验至此全部完成。实验中可能会有下瑕疵,各位注意观察出错可别怪我没有提醒哈;

    相关文章
    最新文章
    热点推荐