1.操作系统环境
Ubuntu 20.04 64位 *2(便于识别:host1,host2)
部署图:
2.emqx安装
host1、host2分别下载、安装emqx
2.1 下载
wget https://www.emqx.cn/downloads/enterprise/v4.2.2/emqx-ee-ubuntu20.04-4.2.2-x86_64.zip
2.2 解压
解压到/usr/local/emqx 文件夹下
2.3配置
2.3.1添加SSL证书到/usr/local/emqx/etc/certs下
SSL证书制作方式:可参考https://blog.csdn.net/mylove_2009/article/details/115226043
修改emqx.conf下,修改证书验证
2.3.2修改emqx用户认证方式,根据实际使用的数据库,在etc/plugins下配置对应的emqx_auth_*.conf
2.3.3修改emqx中对应协议的端口
2.3.4 性能调整-调整操作系统参数
根据所在操作系统,修改emqx.conf中如下配置
node.dist_buffer_size
node.max_ets_tables
2.3.5 修改emqx.conf 开启集群,采用配置静态节点。配置几个固定的节点
修改如下项
cluster.discovery=static
cluster.static.seeds
node.name
node.dist_listen_min
node.dist_listen_max
- HAproxy安装
命令:
sudo apt-get install haproxy -y
sudo vim /etc/haproxy/haproxy.cfg
例如:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
log 127.0.0.1 local3 debug
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
option dontlognull
option http-server-close
retries 3
timeout http-request 30s
timeout queue 1m
timeout connect 30s
timeout client 1m
timeout server 1m
timeout http-keep-alive 30s
timeout check 30s
# front{listener.ssl.external}端口
frontend emqtt-ssl-front
bind *:{listener.ssl.external}
mode tcp
default_backend emqtt-ssl-backend
# backend分发前台请求
backend emqtt-ssl-backend
balance roundrobin
server emq1 host1:port1 check
server emq2 host2:port2 check
sudo systemctl start haproxy
住:需要通过syslog记录haproxy日志
修改如下:
sudo vim /etc/rsyslog.conf
添加:
$ModLoad imudp #日志传输基于udp所以需要开启
$UDPServerRun 514 #这里两项
local3.* /var/log/haproxy.log
重启:sudo systemctl restart rsyslog