基于Keepalived+Haproxy+Varnish+LNMP企业级架构

原创 2017年11月14日 22:34:03

一、环境准备

1.服务器A

haproxy代理服务器(主)

2.服务器B

haproxy代理服务器(从)

3.服务器C

varnish缓存服务器

4.服务器D

real_server(LNMP)

5.服务器E

real_server(LNMP)

二、haproxy服务器(主)

1.keepalive配置文件

! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost 
   }
   notification_email_from root_keepalived
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
} 

vrrp_script chk_haproxy {
        script "killall -0 haproxy" 
        interval 2 
        weight -150 
        fall 2 
        rise 2 
}


vrrp_instance VI_1 {
    state MASTER
    interface eth2
    virtual_router_id 14
    priority 200
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 2121
    }
    virtual_ipaddress {
        172.17.17.1
    }

#    track_script {
#    chk_haproxy
#       } 
}
vrrp_instance VI_2 {
    state BACKUP
    interface eth1
    virtual_router_id 15
    priority 200
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 2121
    }
    virtual_ipaddress {
        192.168.17.1
    }
    track_script {
    chk_haproxy
    } 
}

2.haproxy配置文件

global
    log         127.0.0.1 local2
    nbproc      1
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    stats socket /var/lib/haproxy/stats

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
frontend static
        mode http 
        bind *:80
        default_backend  server_static 
frontend ip_acl
        bind *:80
        acl src_ip src 172.17.0.0
        block if ! src_ip

backend server_static
        balance     roundrobin
        option  httpchk  GET /index.html
        http-check expect string ok   
        server  static_175 192.168.16.173:6081 check

listen stats #定义一个统计报告服务
        mode http #基于http协议
        bind *:1900 #监听1090端口
        stats enable #开启统计报告服务
        stats hide-version #隐藏统计报告版本信息
        stats uri /haproxy?111 #统计报告访问url
        stats realm Haproxy\ Statistics #页面登陆信息
        stats auth admin:admin #验证账号信息
        stats admin if TRUE #验证模式

三、Varnish配置文件

vcl 4.0;
import directors;
probe check1 {
        .url = "/index.html";
        .timeout=1s;
        .interval=2s;
        .window=5;
        .threshold=3;
      }
backend xiaomi5 {
        .host = "192.168.17.175";
        .port = "80";
      .probe = check1;
}
backend xiaomi6 {
        .host = "192.168.17.176";
        .port = "80";
        .probe = {
                .url= "/index.html";
                .timeout=1s;
                .interval=2s;
                .window=5;
                .threshold=3;
        }

}
sub vcl_init {
        new real_server1 = directors.random();
        real_server1.add_backend(xiaomi5,10);
        real_server1.add_backend(xiaomi6,10);
        new static = directors.round_robin();
        static.add_backend(xiaomi5);
}

acl purgers {
        "127.0.0.1";
        "192.168.16.173";
}

sub vcl_recv {
        if (req.method == "PRI") {
                return (synth(405));
        }
        if (req.method != "GET" &&
                req.method != "HEAD" &&
                req.method != "PUT" &&
                req.method != "POST" &&
                req.method != "TRACE" &&
                req.method != "OPTIONS" &&
                req.method != "DELETE") {
                        return (pipe);
        }

        if (req.method != "GET" && req.method != "HEAD") {
                return (pass);
        }
        if (req.http.Authorization || req.http.Cookie) {
                return (pass);
        }
                return (hash);
        if (req.method == "PURGE") {   
                if (client.ip ~ purgers) {
                        return(purge);
                } else {
                        return(synth(405,"Method not allowed"));
                }
        }
        if (req.http.X-Forward-For) {
                set req.http.X-Forward-For = req.http.X-Forward-For + "," + client.ip;
        }else{
                set req.http.X-Forward-For = client.ip;
        }

        if (req.url ~ ".php") {
                set req.backend_hint = real_server1.backend();
        } else {
                set req.backend_hint = static.backend();
        }


}
sub vcl_backend_response {
        if (bereq.url ~ "\.(jpg|jpeg|gif|png)$") {
                set beresp.ttl = 1s;
        }
        if (bereq.url ~ "\.(html|css|js)$") {
                set beresp.ttl = 1s;
        }
                return(deliver);
}

sub vcl_deliver {
        if (obj.hits > 0) { 
                set resp.http.X-Cache = "HIT from " + server.ip;
        } else {
                set resp.http.X-Cache = "MISS";
        }
        unset   resp.http.X-Powered-By;
        unset   resp.http.Server;
        unset   resp.http.Via;
        unset   resp.http.X-Varnish;
        unset   resp.http.Age;
}

四、Varnish配置文件示例

vcl 4.0;

import directors;
probe check {
        .request = "GET  /index.html  HTTP/1.1" "Host: wwwmuzigan.com" "Connetction: close";
        .timeout= 1s;
        .interval= 2s;
        .window=5;
        .threshold=5;
}
backend server1 {
        .host = "192.168.17.175";
        .port = "80";
        .probe = check;
}
backend server2 {
        .host = "192.168.17.176";
        .port = "80";
        .probe = check;
}
backend server3 {
        .host = "192.168.17.177";
        .port = "80";
        .probe = check;
}
backend server4 {
        .host = "192.168.17.178";
        .port = "80";
        .probe = check;
}
sub vcl_init {
# 要先导入directors模块,round_robin,random
        new real_server1 = directors.round_robin();
        real_server1.add_backend(server1);
        real_server1.add_backend(server2);
        new real_server2 = directors.random();
        real_server2.add_backend(server3,5);
        real_server2.add_backend(server4,10);
}
acl purgers {
        "127.0.0.1";
        "192.168.16.173";
}

sub vcl_recv {
        if (req.http.host ~ "www.muzigan.com") {
                set req.backend_hint =  real_server2.backend();
        }
        if (req.http.host ~ "www.linux.com") {
                set req.backend_hint = real_server2.backend();
        }
         if (req.http.Authorization || req.http.Cookie) {
                return (pass);
        }

        if (req.method == "PURGE") {   
                if (client.ip ~ purgers) {
                        return(purge);
                } else {
                        return(synth(405,"Method not allowed"));
                }
        }

        if (req.http.X-Forward-For) {
                set req.http.X-Forward-For = req.http.X-Forward-For + "," + client.ip;
        }else{
                set req.http.X-Forward-For = client.ip;
        }


        if (req.url ~ ".php") {
                set req.backend_hint = real_server1.backend();
        } else {
                set req.backend_hint = real_server2.backend();
        }

        return (hash);

}

sub vcl_backend_response {
        if (beresp.status == 499 || beresp.status == 404 || beresp.status == 502 ) {
                set beresp.uncacheable = true;
        }
        if (bereq.url ~ "\.(php|jsp)(\?|$)") {
                set beresp.uncacheable = true;
        }else{
                if (bereq.url ~ "\.html(\?|$)") {
                        set beresp.ttl =  60s;
                        unset beresp.http.Set-Coonkie;
                }else{
                        set beresp.ttl = 1h;
                        unset beresp.http.Set-Coonkie;
                }
        }

}

sub vcl_deliver {
         if (obj.hits > 0) { 
                set resp.http.X-Cache = "HIT from " + server.ip;
        } else {
                set resp.http.X-Cache = "MISS";
        }
#取消 php框架版本的header头
        unset   resp.http.X-Powered-By;
        unset   resp.http.Server;
#取消 nginx的Via
        unset   resp.http.Via;
#取消 nginx的版本和Via等header头
        unset   resp.http.X-Varnish;
#取消 该资源缓存的时间 (秒)
        unset   resp.http.Age;
#显示该资源命中次数
        set   resp.http.X_hit_count = obj.hits;
}
版权声明:本文为博主原创文章,未经博主允许不得转载。

相关文章推荐

nginx+keepalived企业级web负载均衡架构(单主)

nginx+keepalived企业级web负载均衡架构对于此企业级web负载均衡架构,

转:专访企业QQ SaaS团队,谈企业级LNMP架构设计

对比IaaS和PaaS,SaaS得到的关注显然要少一些。究其根本,不仅因为SaaS关注的是功能方面的探索,更偏向于某个领域或层面的实际应用,还归结于相较前两者,软件的云化已基本趋于成熟,些许突破并不能...

haproxy+varnish+lnmp

  • 2012年07月13日 10:32
  • 335KB
  • 下载

手把手让你实现开源企业级web高并发解决方案(lvs+heartbeat+varnish+nginx+eAccelerator+memcached)

手把手让你实现开源企业级web高并发解决方案(lvs+heartbeat+varnish+nginx+eAccelerator+memcached) http://freeze.blog.51cto...
  • big1980
  • big1980
  • 2013年07月16日 13:19
  • 3529

企业级keepalived高可用实战与Nginx负载均衡

视频课程内容包含: 高级Java架构师包含:Spring boot、Spring  cloud、Dubbo、Redis、ActiveMQ、Nginx、Mycat、Spring、MongoDB、Zer...

源码编译实现企业级LNMP平台

概念简单了解: Nginx(“enginex”) 是一个高性能的 HTTP 和反向代理服务器,也是一个 IMAP/POP3/SMTP 代理服务器。 在高并发连接的情况下,Nginx是Apache服...

Haproxy+Keepalived+Varnish+LAMP+Memcacked+NFS 实现web站点的动静分离

Haproxy+Keepalived+Varnish+LAMP+Memcacked+NFS 实现web站点的动静分离 (一)架构拓扑图展示 (二)架构的简要说明本次动静分离的源码使用WordPr...

HAproxy+Keepalived 负载均衡架构搭建

  • 2017年08月25日 10:57
  • 914KB
  • 下载

ASP.NET典型三层架构企业级医药行业ERP系统实战(8大模块22个子系统,价值3000万)

ASP.NET典型三层架构企业级医药行业ERP系统实战(8大模块22个子系统,价值3000万)  课程讲师:Tiger     课程分类:.net         适合人群:高级       课时数...
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:基于Keepalived+Haproxy+Varnish+LNMP企业级架构
举报原因:
原因补充:

(最多只允许输入30个字)