一、架构及拓扑
Pound 是一个反向 HTTP 代理,负载均衡器和 SSL 封装器。可代理客户的的 HTTPS 请求到 HTTP 的后端服务器,并对这些请求进行分发,支持会话保持,支持 HTTP/1.1。
二、安装与配置
1、安装epel源
# yum install epel-release -y
1
2、安装Pound
# yum --enablerepo=epel -y install Pound
1
3、备份配置文件
# mv /etc/pound.cfg /etc/pound.cfg.org
1
4、修改配置文件/etc/pound.cfg
User "pound"
Group "pound"
#日志运行级别,最大是5
LogLevel 3
# 制定日志存放
LogFacility local1
#设置检测心跳时间
Alive 30
# 定义前端,IP和端口
ListenHTTPS
Address 0.0.0.0
Port 443
#加密证书路径
Cert "/etc/pki/tls/certs/pound.pem"
End
# 定义后端
Service
BackEnd
# 后端服务器的IP
Address 192.168.8.102
# 后端服务器的端口
Port 80
# 设置权值 (value is 1-9, max 9)
Priority 5
End
BackEnd
Address 192.168.8.103
Port 80
Priority 5
End
BackEnd
Address 192.168.8.104
Port 80
Priority 5
End
End
5、生成证书
# cd /etc/pki/tls/certs
# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/pki/tls/certs/pound.pem -out /etc/pki/tls/certs/pound.pem
设置权限
# chmod 600 pound.pem
1
6、默认pound的PIDFILE未启用,在启动文件中取消注释
# sed -i -e "s/^PIDFile/#PIDFile/" /usr/lib/systemd/system/pound.service
1
7、启动服务并设置开机启动
# systemctl start pound
# systemctl enable pound
1
2
8、修改rsyslog配置文件/etc/rsyslog.conf,记录pound日志
# line 54: 增加local1.none
*.info;mail.none;authpriv.none;cron.none,local1.none /var/log/messages
local1.* /var/log/pound.log
1
2
3
9、重启rsyslog服务,使配置文件生效
# systemctl restart rsyslog
1
10、在所有的backend节点上安装和配置httpd
Node1上
安装httpd
# yum install httpd -y
1
关闭防火墙
# service firewalld stop
1
关闭selinux
setenforce 0
1
创建/var/www/html/index.html并写入
[root@www ~]# vi /var/www/html/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Node1 Test Page
</div>
</body>
</html>
启动服务并设置开机启动
service httpd restart
chkconfig httpd on
1
2
Node2上
安装httpd
# yum install httpd -y
1
关闭防火墙
# service firewalld stop
1
关闭selinux
setenforce 0
1
创建/var/www/html/index.html并写入
[root@www ~]# vi /var/www/html/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Node2 Test Page
</div>
</body>
</html>
https://blog.csdn.net/wylfengyujiancheng/article/details/54577174