架构
一)LVS配置
LVS+keepalived
! Configuration File for keepalived global_defs { router_id director2 } vrrp_script check_net { script "/etc/keepalived/keep.sh" interval 5 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 80 priority 50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.0.125 192.168.0.126 } track_script { check_net } } virtual_server 192.168.0.125 8081 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.255.0 protocol TCP real_server 192.168.0.127 8081 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 8081 } } real_server 192.168.0.128 8081 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 8081 } } } virtual_server 192.168.0.125 80 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.255.0 protocol TCP real_server 192.168.0.127 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 192.168.0.128 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
nginx配置
#user nobody; worker_processes 8; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 65534; multi_accept on; use epoll; } http { include mime.types; default_type application/octet-stream; ## # # SSL Settings # ## # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; log_format logstash_json '{ "@timestamp": "$time_local",' '"@fields": { ' '"remote_addr":"$remote_addr", ' '"remote_user":"$remote_user", ' '"body_bytes_sent":"$body_bytes_sent",' '"status":"$status",' '"request_time":"$request_time", ' '"upstream_addr":"$upstream_addr",' '"upstream_connect_time":"$upstream_connect_time",' '"upstream_response_time":"$upstream_response_time", ' '"request": "$request",' '"request_method": "$request_method", ' '"http_referrer": "$http_referer", ' '"body_bytes_sent":"$body_bytes_sent", ' '"http_x_forwarded_for": "$http_x_forwarded_for",' '"http_user_agent": "$http_user_agent" } }'; access_log /var/log/nginx/access.log logstash_json; error_log /var/log/nginx/error.log; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; log_format ngx_accss_json '{ "@timestamp": "$time_iso8601", ' '"@fields": { ' '"remote_addr":"$remote_addr", ' '"remote_user":"$remote_user", ' '"body_bytes_sent":"$body_bytes_sent",' '"status":"$status",' '"request_time":"$request_time", ' '"upstream_addr":"$upstream_addr",' '"upstream_connect_time":"$upstream_connect_time",' '"upstream_response_time":"$upstream_response_time", ' '"request": "$request",' '"request_method": "$request_method", ' '"http_referrer": "$http_referer", ' '"body_bytes_sent":"$body_bytes_sent", ' '"http_x_forwarded_for": "$http_x_forwarded_for",' '"http_user_agent": "$http_user_agent" }}'; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; gzip on; server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} include /usr/local/nginx/conf.d/*.conf; }
conf.d
sys.conf server { listen 8081; access_log /var/log/nginx/sys_http.log ngx_accss_json; location /status { stub_status on; access_log off; allow 127.0.0.1; # deny all; } location / { proxy_http_version 1.1; proxy_set_header Connection ""; proxy_pass http://test1; #Proxy Settings proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $http_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_ignore_client_abort on; proxy_max_temp_file_size 0; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } }
vhost.conf upstream test1 { server 192.168.0.218:8080 weight=1; server 192.168.0.219:80 weight=1; }
haproxy
#--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode tcp log global option dontlognull option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- listen stats mode http bind *:1314 stats enable stats refresh 30s stats hide-version stats uri /haproxystats stats realm Haproxy\ stats stats auth yunwei:admin stats admin if TRUE frontend main *:3306 default_backend mysql #--------------------------------------------------------------------- # static backend for serving up images, stylesheets and such #--------------------------------------------------------------------- #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend mysql balance roundrobin server m1 192.168.0.97:3306 check port 3306 maxconn 300 server m2 192.168.0.98:3306 check port 3306 maxconn 300