为了实现Web服务器的可用性和更高负载能力,使用Haproxy搭建负载均衡管理器,后端由多台LAMP架构的Web服务器组建成集群。
一、架构
系统架构由Haproxy负载均衡服务器和Web应用服务器集群组成:
- Haproxy负载均衡服务器:又称为负载均衡调度器,安装了Haproxy软件,具有网络负载均衡分发和保持后端可用性等功能。
- Web应用服务器集群:由多台Web服务器组成,每台服务器都部署了Web服务(httpd+php)、数据库服务(MariaDB)和应用系统(Discuz社区平台)。
二、软硬件环境
节点 | 功能 | 操作系统 | IP | 软件 |
haproxy | 负载均衡 | CentOS7.9 | 外网:10.0.80.10/24 内网:192.168.80.10/24 | CentOS7.9安装光盘自带的haproxy(1.5.18) |
web001 | web服务器(LAMP架构) | CentOS7.9 | 192.168.80.21/24 | CentOS7.9安装光盘自带的Apache(httpd 2.4.6)、mariadb(5.5.68)和PHP(5.4.16);Discuz_X3.4_SC_UTF8_20220518 |
web002 | web服务器(LAMP架构) | CentOS7.9 | 192.168.80.20/24 | 同上 |
Client | 客户端浏览器 | 任意 | 10.0.80.x/24 | 浏览器 |
三、实施
1、环境配置
#解决增加网卡,但网卡不能配置ip的问题 [root@localhost ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:d4:70:71 brd ff:ff:ff:ff:ff:ff inet 192.168.80.10/24 brd 192.168.80.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::2e31:800b:3fff:57f/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:d4:70:7b brd ff:ff:ff:ff:ff:ff [root@localhost ~]# cd /etc/sysconfig/network-scripts/ [root@localhost network-scripts]# ls ifcfg-ens33 ifdown-ipv6 ifdown-Team ifup-eth ifup-post ifup-tunnel ifcfg-lo ifdown-isdn ifdown-TeamPort ifup-ippp ifup-ppp ifup-wireless ifdown ifdown-post ifdown-tunnel ifup-ipv6 ifup-routes init.ipv6-global ifdown-bnep ifdown-ppp ifup ifup-isdn ifup-sit network-functions ifdown-eth ifdown-routes ifup-aliases ifup-plip ifup-Team network-functions-ipv6 ifdown-ippp ifdown-sit ifup-bnep ifup-plusb ifup-TeamPort [root@localhost network-scripts]# cat ifcfg-ens33 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=416c1165-4bcb-4fb6-9a47-a97ead937b97 DEVICE=ens33 ONBOOT=yes IPADDR=192.168.80.10 PREFIX=24 GATEWAY=192.168.80.2
[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-ens37 [root@localhost ~]# uuidgen ens37 20ea3078-4b95-4892-acb0-3fe45e621103 [root@localhost network-scripts]# vi ifcfg-ens37 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens37 UUID=20ea3078-4b95-4892-acb0-3fe45e621103 DEVICE=ens37 ONBOOT=yes IPADDR=10.0.80.10 PREFIX=24 ~ ~ "ifcfg-ens37" 17L, 310C written [root@localhost network-scripts]# systemctl restart network [root@localhost network-scripts]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:d4:70:71 brd ff:ff:ff:ff:ff:ff inet 192.168.80.10/24 brd 192.168.80.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::2e31:800b:3fff:57f/64 scope link tentative noprefixroute valid_lft forever preferred_lft forever 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:d4:70:7b brd ff:ff:ff:ff:ff:ff inet 10.0.80.10/24 brd 10.0.80.255 scope global noprefixroute ens37 valid_lft forever preferred_lft forever inet6 fe80::9fc6:5ef7:735e:964b/64 scope link tentative noprefixroute valid_lft forever preferred_lft forever [root@localhost ~]# hostnamectl set-hostname haproxy [root@localhost ~]# bash [root@haproxy ~]# #关闭防火墙、关闭selinux、配置本地yum源 [root@haproxy ~]# mount /dev/sr0 /opt/centos mount: /dev/sr0 is write-protected, mounting read-only [root@haproxy ~]# yum clean all Loaded plugins: fastestmirror Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast Cleaning repos: centos Cleaning up list of fastest mirrors [root@haproxy ~]# yum repolist Loaded plugins: fastestmirror Determining fastest mirrors centos | 3.6 kB 00:00:00 (1/2): centos/group_gz | 153 kB 00:00:00 (2/2): centos/primary_db | 3.3 MB 00:00:00 repo id repo name status centos centos 4,070 repolist: 4,070 |
2、多台web服务器安装
- 参考“LAMP架构+Discuz应用部署”完成各台web服务器搭建(各台服务器除了ip不一样,其他配置一样)。
- web001服务器
[root@web001 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:49:b6:e6 brd ff:ff:ff:ff:ff:ff inet 192.168.80.21/24 brd 192.168.80.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::4683:ecd5:224:574f/64 scope link noprefixroute valid_lft forever preferred_lft forever |
- web002服务器
[root@web002 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:e6:d8:32 brd ff:ff:ff:ff:ff:ff inet 192.168.80.22/24 brd 192.168.80.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::4683:ecd5:224:574f/64 scope link noprefixroute valid_lft forever preferred_lft forever |
3、haproxy安装与配置
[root@haproxy ~]# yum install -y haproxy Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package haproxy.x86_64 0:1.5.18-9.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================= Installing: haproxy x86_64 1.5.18-9.el7 centos 834 k Transaction Summary ============================================================================================================================================================= Install 1 Package Total download size: 834 k Installed size: 2.6 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : haproxy-1.5.18-9.el7.x86_64 1/1 Verifying : haproxy-1.5.18-9.el7.x86_64 1/1 Installed: haproxy.x86_64 0:1.5.18-9.el7 Complete! [root@haproxy ~]# rpm -qi haproxy Name : haproxy Version : 1.5.18 Release : 9.el7 Architecture: x86_64 Install Date: Wed 24 Aug 2022 12:46:36 PM CST Group : System Environment/Daemons Size : 2689878 License : GPLv2+ Signature : RSA/SHA256, Fri 23 Aug 2019 05:25:31 AM CST, Key ID 24c6a8a7f4a80eb5 Source RPM : haproxy-1.5.18-9.el7.src.rpm Build Date : Fri 09 Aug 2019 07:44:45 AM CST Build Host : x86-02.bsys.centos.org Relocations : (not relocatable) Packager : CentOS BuildSystem <http://bugs.centos.org> Vendor : CentOS URL : http://www.haproxy.org/ Summary : TCP/HTTP proxy and load balancer for high availability environments Description : HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to backup servers in the event a main server fails - accept connections to special ports dedicated to service monitoring - stop accepting connections without breaking existing ones - add, modify, and delete HTTP headers in both directions - block requests matching particular patterns - report detailed status to authenticated users from a URI intercepted by the application [root@haproxy ~]# systemctl start haproxy && systemctl enable haproxy Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service. [root@haproxy ~]# cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak [root@haproxy ~]# vi /etc/haproxy/haproxy.cfg #--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- frontend main *:80 acl url_static path_beg -i /static /images /javascript /stylesheets acl url_static path_end -i .jpg .gif .png .css .js use_backend app if url_static default_backend app #--------------------------------------------------------------------- # static backend for serving up images, stylesheets and such #--------------------------------------------------------------------- backend static balance roundrobin server static 127.0.0.1:4331 check #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend app balance roundrobin #轮询 server app1 192.168.80.21:80 check server app2 192.168.80.22:80 check
listen stats mode http bind 0.0.0.0:8080 stats enable stats uri /stats stats auth admin:000000 "/etc/haproxy/haproxy.cfg" 90L, 3180C written [root@haproxy ~]# systemctl restart haproxy [root@haproxy ~]# #访问负载均衡服务器测试 #刷新后,切换到另一个web服务器 #访问haproxy后台(http://10.0.80.10:8080/stats) |