一、用haproxy结合keepalived实现基于lnmp的负载均衡和高可用服务
(1)实现动静分离,图片和css,js都分离到专门的静态服务器上
(2)只允许172.17网段用户访问
(3)对于动态请求,要求实现基于cookie的会话保持
只描述keepalive的主服务器配置
1.keepalived配置
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from root_keepalived
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
interface eth2
virtual_router_id 14
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass 2121
}
virtual_ipaddress {
172.17.17.1
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth1
virtual_router_id 15
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass 2121
}
virtual_ipaddress {
192.168.17.1
}
}
2.haproxy配置
vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
nbproc 1
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend static
mode http
bind 172.17.17.1:80
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .img .jpg .gif .jpeg .png .css .js
use_backend server_static if url_static
use_backend cook if ! url_static
frontend ip_acl
bind 172.17.17.1:80
acl src_ip src 172.17.0.0
block if ! src_ip
backend cook
mode http
cookie SERVERID insert indirect nocache
server cook_175 192.168.17.175:80 check cookie 175
backend server_static
balance roundrobin
server static_175 192.168.17.175:80 check
server static_176 192.168.17.176:80 check
listen stats #定义一个统计报告服务
mode http #基于http协议
bind 192.168.17.1:1900 #监听1080端口
stats enable #开启统计报告服务
stats hide-version #隐藏统计报告版本信息
stats uri /haproxy?111 #统计报告访问url
stats realm Haproxy\ Statistics #页面登陆信息
stats auth admin:admin #验证账号信息
stats admin if TRUE #验证模式