一、环境准备
1.服务器A
haproxy代理服务器(主)
2.服务器B
haproxy代理服务器(从)
3.服务器C
varnish缓存服务器
4.服务器D
real_server(LNMP)
5.服务器E
real_server(LNMP)
二、haproxy服务器(主)
1.keepalive配置文件
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from root_keepalived
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight -150
fall 2
rise 2
}
vrrp_instance VI_1 {
state MASTER
interface eth2
virtual_router_id 14
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass 2121
}
virtual_ipaddress {
172.17.17.1
}
# track_script {
# chk_haproxy
# }
}
vrrp_instance VI_2 {
state BACKUP
interface eth1
virtual_router_id 15
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass 2121
}
virtual_ipaddress {
192.168.17.1
}
track_script {
chk_haproxy
}
}
2.haproxy配置文件
global
log 127.0.0.1 local2
nbproc 1
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend static
mode http
bind *:80
default_backend server_static
frontend ip_acl
bind *:80
acl src_ip src 172.17.0.0
block if ! src_ip
backend server_static
balance roundrobin
option httpchk GET /index.html
http-check expect string ok
server static_175 192.168.16.173:6081 check
listen stats #定义一个统计报告服务
mode http #基于http协议
bind *:1900 #监听1090端口
stats enable #开启统计报告服务
stats hide-version #隐藏统计报告版本信息
stats uri /haproxy?111 #统计报告访问url
stats realm Haproxy\ Statistics #页面登陆信息
stats auth admin:admin #验证账号信息
stats admin if TRUE #验证模式
三、Varnish配置文件
vcl 4.0;
import directors;
probe check1 {
.url = "/index.html";
.timeout=1s;
.interval=2s;
.window=5;
.threshold=3;
}
backend xiaomi5 {
.host = "192.168.17.175";
.port = "80";
.probe = check1;
}
backend xiaomi6 {
.host = "192.168.17.176";
.port = "80";
.probe = {
.url= "/index.html";
.timeout=1s;
.interval=2s;
.window=5;
.threshold=3;
}
}
sub vcl_init {
new real_server1 = directors.random();
real_server1.add_backend(xiaomi5,10);
real_server1.add_backend(xiaomi6,10);
new static = directors.round_robin();
static.add_backend(xiaomi5);
}
acl purgers {
"127.0.0.1";
"192.168.16.173";
}
sub vcl_recv {
if (req.method == "PRI") {
return (synth(405));
}
if (req.method != "GET" &&
req.method != "HEAD" &&
req.method != "PUT" &&
req.method != "POST" &&
req.method != "TRACE" &&
req.method != "OPTIONS" &&
req.method != "DELETE") {
return (pipe);
}
if (req.method != "GET" && req.method != "HEAD") {
return (pass);
}
if (req.http.Authorization || req.http.Cookie) {
return (pass);
}
return (hash);
if (req.method == "PURGE") {
if (client.ip ~ purgers) {
return(purge);
} else {
return(synth(405,"Method not allowed"));
}
}
if (req.http.X-Forward-For) {
set req.http.X-Forward-For = req.http.X-Forward-For + "," + client.ip;
}else{
set req.http.X-Forward-For = client.ip;
}
if (req.url ~ ".php") {
set req.backend_hint = real_server1.backend();
} else {
set req.backend_hint = static.backend();
}
}
sub vcl_backend_response {
if (bereq.url ~ "\.(jpg|jpeg|gif|png)$") {
set beresp.ttl = 1s;
}
if (bereq.url ~ "\.(html|css|js)$") {
set beresp.ttl = 1s;
}
return(deliver);
}
sub vcl_deliver {
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT from " + server.ip;
} else {
set resp.http.X-Cache = "MISS";
}
unset resp.http.X-Powered-By;
unset resp.http.Server;
unset resp.http.Via;
unset resp.http.X-Varnish;
unset resp.http.Age;
}
四、Varnish配置文件示例
vcl 4.0;
import directors;
probe check {
.request = "GET /index.html HTTP/1.1" "Host: wwwmuzigan.com" "Connetction: close";
.timeout= 1s;
.interval= 2s;
.window=5;
.threshold=5;
}
backend server1 {
.host = "192.168.17.175";
.port = "80";
.probe = check;
}
backend server2 {
.host = "192.168.17.176";
.port = "80";
.probe = check;
}
backend server3 {
.host = "192.168.17.177";
.port = "80";
.probe = check;
}
backend server4 {
.host = "192.168.17.178";
.port = "80";
.probe = check;
}
sub vcl_init {
# 要先导入directors模块,round_robin,random
new real_server1 = directors.round_robin();
real_server1.add_backend(server1);
real_server1.add_backend(server2);
new real_server2 = directors.random();
real_server2.add_backend(server3,5);
real_server2.add_backend(server4,10);
}
acl purgers {
"127.0.0.1";
"192.168.16.173";
}
sub vcl_recv {
if (req.http.host ~ "www.muzigan.com") {
set req.backend_hint = real_server2.backend();
}
if (req.http.host ~ "www.linux.com") {
set req.backend_hint = real_server2.backend();
}
if (req.http.Authorization || req.http.Cookie) {
return (pass);
}
if (req.method == "PURGE") {
if (client.ip ~ purgers) {
return(purge);
} else {
return(synth(405,"Method not allowed"));
}
}
if (req.http.X-Forward-For) {
set req.http.X-Forward-For = req.http.X-Forward-For + "," + client.ip;
}else{
set req.http.X-Forward-For = client.ip;
}
if (req.url ~ ".php") {
set req.backend_hint = real_server1.backend();
} else {
set req.backend_hint = real_server2.backend();
}
return (hash);
}
sub vcl_backend_response {
if (beresp.status == 499 || beresp.status == 404 || beresp.status == 502 ) {
set beresp.uncacheable = true;
}
if (bereq.url ~ "\.(php|jsp)(\?|$)") {
set beresp.uncacheable = true;
}else{
if (bereq.url ~ "\.html(\?|$)") {
set beresp.ttl = 60s;
unset beresp.http.Set-Coonkie;
}else{
set beresp.ttl = 1h;
unset beresp.http.Set-Coonkie;
}
}
}
sub vcl_deliver {
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT from " + server.ip;
} else {
set resp.http.X-Cache = "MISS";
}
#取消 php框架版本的header头
unset resp.http.X-Powered-By;
unset resp.http.Server;
#取消 nginx的Via
unset resp.http.Via;
#取消 nginx的版本和Via等header头
unset resp.http.X-Varnish;
#取消 该资源缓存的时间 (秒)
unset resp.http.Age;
#显示该资源命中次数
set resp.http.X_hit_count = obj.hits;
}