使用 4 台虚拟机配置 HAProxy + Keepalived 负载均衡。本测试环境直接进行 TCP 层转发,所有流量直接由后台的 WEB 服务器处理。
CentOS 版本:6.7 x86_64
HA-Proxy 版本:1.5.18
Keepalived 版本:v1.2.13
虚拟机信息如下:
| 服务器 |
IP地址 |
安装程序 |
VIP |
| LB01 |
10.10.1.131 |
keepalived+haproxy |
10.10.1.62 |
| LB02 |
10.10.1.132 |
keepalived+haproxy |
|
| WEB01 |
10.10.1.145 |
apache+php |
|
| WEB02 |
10.10.1.130 |
apache+php |
|
虚拟机环境准备
初始化配置 CentOS(LB01、LB02、WEB01、WEB02)
配置 LAP 环境(WEB01、WEB02)
1
2
| rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm
yum -y install httpd openssl mod_ssl php55w php55w-cli php55w-common php55w-gd php55w-imap php55w-ldap php55w-odbc php55w-pdo php55w-pear php55w-pear php55w-xml php55w-xmlrpc php55w-soap php55w-mysql
|
修改 php.ini 参数(WEB01、WEB02)
1
2
3
4
5
6
7
| sed -i "s@^post_max_size.*@post_max_size = 100M@" /etc/php.ini
sed -i "s@^upload_max_filesize.*@upload_max_filesize = 64M@" /etc/php.ini
sed -i "s@^max_file_uploads.*@max_file_uploads = 1000@" /etc/php.ini
sed -i "s@^mysqli.default_socket.*@mysqli.default_socket = /mysql/data/mysql.sock@" /etc/php.ini
sed -i "s@^mysqli.default_port.*@mysqli.default_port = ${mysql_port}@" /etc/php.ini
sed -i "s@^;error_log = php_errors.log.*@error_log = /var/log/httpd/php_errors.log@" /etc/php.ini
sed -i "s@^;date.timezone.*@date.timezone = Asia/Shanghai@" /etc/php.ini
|
修改 httpd.conf 参数(WEB01、WEB02)
1
| echo "ServerName 127.0.0.1:80" >> /etc/httpd/conf/httpd.conf
|
Apache 加载 HTTPS 证书,证书申请操作参考《使用 Certbot 工具申请 Let’s Encrypt 证书》。
安装 HAProxy、Keepalived
安装 HAProxy(LB01、LB02)
1
2
3
4
5
6
| yum install haproxy
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf
sysctl -p
chkconfig haproxy on
service haproxy start
|
安装 Keepalived(LB01、LB02)
1
2
3
4
5
6
7
8
| yum install keepalived
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
iptables -I INPUT -i eth0 -d 224.0.0.0/8 -p vrrp -j ACCEPT
iptables -I OUTPUT -o eth0 -d 224.0.0.0/8 -p vrrp -j ACCEPT
service iptables save
chkconfig keepalived on
service keepalived start
|
配置 HAProxy、Keepalived
配置 Keepalived(LB01)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
| cd /etc/keepalived/
mv keepalived.conf keepalived.conf.bak
cat > keepalived.conf << EOF
global_defs {
notification_email {
wangchun@eitcn.cn
}
notification_email_from wangchun@eitcn.cn
smtp_server smtp.eitcn.cn
smtp_connect_timeout 30
router_id lb-ecg
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 1
weight -2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
mcast_src_ip 10.10.1.131
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 876543
}
virtual_ipaddress {
10.10.1.62/24
}
track_interface {
eth0
}
track_script {
chk_haproxy
}
}
EOF
|
配置 Keepalived(LB02)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
| cd /etc/keepalived/
mv keepalived.conf keepalived.conf.bak
cat > keepalived.conf << EOF
global_defs {
notification_email {
wangchun@eitcn.cn
}
notification_email_from wangchun@eitcn.cn
smtp_server smtp.eitcn.cn
smtp_connect_timeout 30
router_id lb-ecg
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 1
weight -2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
mcast_src_ip 10.10.1.130
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 876543
}
virtual_ipaddress {
10.10.1.62/24
}
track_interface {
eth0
}
track_script {
chk_haproxy
}
}
EOF
|
Keepalived 重新载入配置(LB01、LB02)
1
| service keepalived restart
|
配置 HAProxy(LB01、LB02)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
| cd /etc/haproxy
mv haproxy.cfg haproxy.cfg.bak
cat > haproxy.cfg << EOF
global
log 127.0.0.1 local0
log 127.0.0.1 local1 debug
log 127.0.0.1 local2
maxconn 45000 # Total Max Connections.
daemon
nbproc 1 # Number of processing cores.
defaults
timeout server 86400000
timeout connect 86400000
timeout client 86400000
timeout queue 1000s
listen http_web *:80
mode tcp
balance source
server ecg01 10.10.1.145:80 weight 1 maxconn 512 check
server ecg02 10.10.1.130:80 weight 1 maxconn 512 check
listen https_web *:443
mode tcp
balance source
server ecg01 10.10.1.145:443 weight 1 maxconn 512 check
server ecg02 10.10.1.130:443 weight 1 maxconn 512 check
listen stats *:91
mode http
log global
maxconn 10
stats enable
stats hide-version
stats refresh 30s
stats show-node
stats auth admin:password
stats uri /haproxy?stats
|
HAProxy 重新载入配置(LB01、LB02)