Haproxy Nginx cluster构建
-----client---------haproxy-------nginx1---------nginx2------
192.168.1.250 192.168.1.1 192.168.1.10 192.168.1.20
一、安装Nginx
[root@localhost ~]# yum -y install pcre-devel zlib-devel
[root@localhost ~]# useradd -M -s /sbin/nologin nginx
[root@localhost ~]# tar -zxvf nginx-1.6.0.tar.gz -C /usr/src/
[root@localhost ~]# cd /usr/src/nginx-1.6.0/
[root@localhost nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-file-aio --with-http_stub_status_module --
with-http_gzip_static_module --with-http_flv_module --with-http_ssl_module
[root@localhost nginx-1.6.0]# make && make install
[root@localhost ~]# ln -s /usr/local/nginx/sbin/* /usr/local/sbin/
[root@localhost ~]# nginx -t
[root@localhost ~]# nginx
[root@localhost ~]# netstat -anpt | grep 80
[root@localhost ~]# killall -s HUP nginx //重新加载
[root@localhost ~]# killall -s QUIT nginx //关闭服务
[root@localhost ~]# nginx
验证:
web-1:
[root@localhost ~]#echo "welcome to 192.168.1.20 web server" > /usr/local/nginx/html/index.html
web-2:
[root@localhost ~]#echo "welcome to 192.168.1.30 web server" > /usr/local/nginx/html/index.html
[root@localhost ~]# firefox http://localhost/ &
二、安装haproxy
1、安装
[root@localhost ~]# yum -y install pcre-devel zlib-devel
[root@localhost ~]# tar -zxvf haproxy-1.4.24.tar.gz -C /usr/src/
[root@localhost ~]# cd /usr/src/haproxy-1.4.24/
[root@localhost ~]# make TARGET=linux26 PREFIX=/usr/local/haproxy
注意:linux26是指linux的内核版本号。
[root@localhost ~]# make install PREFIX=/usr/local/haproxy
2、配置haproxy
[root@localhost ~]# mkdir /etc/haproxy
[root@localhost ~]# cp /usr/src/haproxy-1.4.24/examples/haproxy.cfg /etc/haproxy/
[root@localhost ~]# vim /etc/haproxy/haproxy.cfg
修改:
global
log 127.0.0.1 local0 //配置日志记录,local0为日志设备,默认存放到系统日志
log 127.0.0.1 local1 notice //notice 为日志级别,通常有7个级别
#log loghost local0 info
maxconn 4096 //默认最大连接数,需考虑ulimit-n限制:可增加ulimit-n 819200 #ulimit 的数量限制
chroot /usr/share/haproxy //运行路径
uid 99
gid 99
#debug
#quiet
defaults
log global //定义日志为global中的日志
mode http //模式为http
option httplog //采用http的日志格式
option dontlognull //不记录健康检查日志信息
retries 3 //三次连接失败就认为是服务器不可用,也可以通过后面设置
#redispatch
maxconn 2000 //最大连接数
contimeout 5000 //连接超时时间
clitimeout 50000 //客户端超时时间
srvtimeout 50000 //服务端超时时间
listen stats
mode http
bind :6677
stats enable
stats hide-version
stats uri /haproxyadmin?stats
stats realm Haproxy\ Statistics
stats auth admin:admin
stats admin if TRUE
listen webcluster 0.0.0.0:80 //定义集群名、监听地址及端口
option httpchk GET /index.html 注意:可以删除 //检查服务器的index.html文件
balance roundrobin //负载均衡轮询算法
server inst1 192.168.1.20:80 check inter 2000 fall 3 //在线节点
server inst2 192.168.1.30:80 check inter 2000 fall 3 //最后加backup表示备份借点
注意:
如果启动时出现报错:/haproxy.main()] Cannot chroot(/usr/share/haproxy)
则手动创建:
[root@localhost ~]# mkdir /usr/share/haproxy
如果启动时出现报错:Starting proxy cacti: cannot bind socket
则执行:
[root@localhost ~]# sysctl -e net.ipv4.ip_nonlocal_bind=1
3、启动haproxy
[root@localhost ~]# ln -s /usr/local/haproxy/sbin/* /usr/sbin/ //注意软链接的目录
[root@localhost ~]# cp /usr/src/haproxy-1.4.24/examples/haproxy.init /etc/init.d/haproxy
[root@localhost ~]# chmod +x /etc/init.d/haproxy
[root@localhost ~]# /etc/init.d/haproxy start
[root@localhost ~]# /etc/init.d/haproxy status
[root@localhost ~]# netstat -anp | grep haproxy //占用的也是TCP的80端口
[root@localhost ~]# chkconfig --add haproxy
[root@localhost ~]# chkconfig haproxy on
http://192.168.56.200:6677/haproxyadmin?stats 查看集群的状态
4、验证:
客户端输入:
http://192.168.1.1/
断开其中一个节点,再访问:
http://192.168.1.1/
5、设置haproxy日志
[root@localhost ~]# vim /etc/haproxy/haproxy.cfg
修改:
log 127.0.0.1 local3 //设置haproxy日志级别为3
[root@localhost ~]# vim /etc/rsyslog.d/haproxy.conf
添加:
$ModLoad imudp //加载模块
$UDPServerRun 514 //接收udp的514端口发送过来的日志
local3.* /var/log/haproxy.log //定义haproxy日志文件
[root@localhost ~]# vim /etc/sysconfig/rsyslog
修改:
SYSLOGD_OPTIONS="-c 2 -r -m 0" //允许远程写入
[root@localhost ~]# /etc/init.d/rsyslog restart
[root@localhost ~]# /etc/init.d/haproxy restart
验证:
[root@localhost ~]# tail -f /var/log/haproxy.log //查看日志
不好使:
6、设置haproxy日志
[root@localhost ~]# vim /etc/haproxy/haproxy.cfg
修改:
注释(两行):
#log 127.0.0.1 local0
#log 127.0.0.1 local1 notice
添加(两行):
log /dev/log local0 info //访问信息
log /dev/log local0 notice //启动信息
[root@localhost ~]# /etc/init.d/haproxy stop
[root@localhost ~]# /etc/init.d/haproxy start
[root@localhost ~]# vim /etc/rsyslog.d/haproxy.conf
添加:
if ($programname == 'haproxy' and $syslogseverity-text == 'info') then -/var/log/haproxy/haproxy-info.log
& ~
if ($programname == 'haproxy' and $syslogseverity-text == 'notice') then -/var/log/haproxy/haproxy-notice.log
& ~
三、验证:
[root@localhost ~]# /etc/init.d/rsyslog restart
客户端输入:
http://192.168.1.1/index.html
http://192.168.1.1/index.html
查看:
[root@localhost ~]# tail -f /var/log/haproxy/haproxy-info.log
日志会记录客户端访问信息
[root@localhost ~]# tail -f /var/log/haproxy/haproxy-notice.log
日志会记录haproxy启动/停止信息
haproxy+Keepalived
编译安装keepalived
[root@localhost keepalived-1.2.13]#./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/
[root@localhost keepalived-1.2.13]# make && make install
[root@localhost ~]#chkconfig --add keepalived
[root@localhost ~]#chkconfig keepalived on
[root@localhost ~]#cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@localhost ~]#vim /etc/keepalived/keepalived.conf
[root@localhost conf]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email { //通知电子邮件
}
vrrp_instance VI_1 { //VRRP热备
state MASTER state BACKUP //热备状态master为主,backup为辅
nopreempt //不抢占,master恢复后不会转移
interface eth0 //承载VIP的物理接口
virtual_router_id 51 //虚拟路由编号,每组一个
priority 100 priority 55 //优先级,越大越优先
advert_int 1 //心跳频率,单位秒
authentication { //认证信息,每组内一致
auth_type PASS //认证类型
auth_pass 1111 //认证字符串
}
virtual_ipaddress { //漂移地址VIP。可以有多个
192.168.56.10
}
notify_master "/etc/init.d/haproxy start" //成为MASTER之后执行的动作
notify_backup "/etc/init.d/haproxy stop" //成为BACKUP之后执行的动作
notify_fault "/etc/init.d/haproxy stop" //FAULT之后执行的动作
}
[root@localhost ~]#/etc/init.d/keepalived start
[root@localhost ~]#ip addr show
inet 192.168.56.201/24 brd 192.168.56.255 scope global eth0
inet 192.168.56.10/32 scope global eth0
[root@localhost ~]#netstat -anput | grep 80