dr模型实现https负载均衡集群
一、网络拓扑
二、配置网络
1、Director:
[root@localhost ~]# ifconfig eth0:0 11.100.46.11/32 broadcast 11.100.46.11 up
[root@localhost ~]# route add -host 11.100.46.11 dev eth0:0
[root@localhost ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@localhost ~]# echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
[root@localhost ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@localhost ~]# echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
2、Real server1:
[root@localhost ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@localhost ~]# echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
[root@localhost ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@localhost ~]# echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
[root@localhost ~]# ifconfig lo:0 11.100.46.11/32 broadcast 11.100.46.11 up
[root@localhost ~]# route add -host 11.100.46.11 dev lo:0
3、Real server2:
[root@localhost ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@localhost ~]# echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
[root@localhost ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@localhost ~]# echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
[root@localhost ~]# ifconfig lo:0 11.100.46.11/32 broadcast 11.100.46.11 up
[root@localhost ~]# route add -host 11.100.46.11 dev lo:0
三、安装http服务
1、Real server1:
[root@localhost ~]# yum install httpd –y
[root@localhost ~]# service httpd start
2、Real server2:
[root@localhost ~]# yum install httpd –y
[root@localhost ~]# service httpd start
四、创建ca自签证书
[root@localhost CA]# touch index.txt
[root@localhost CA]# echo 01 > serial
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -days 3650 -out cacert.pem
[root@localhost CA]# (umask 077; openssl genrsa -out ftp1.cpe.com.key 2048)
[root@localhost CA]# openssl req -new -key ftp1.cpe.com.key -days 365 -out ftp1.cpe.com.csr
[root@localhost CA]# openssl ca -in ftp1.cpe.com.csr
[root@localhost CA]# cp -a newcerts/01.pem ./ftp1.cpe.com.crt -v
五、配置https服务
1、Real server1:
[root@localhost ~]# yum -y install mod_ssl
[root@localhost ~]# mkdir -pv /etc/httpd/ssl
[root@localhost ~]# scp root@11.100.46.7:/etc/pki/CA/ftp1.cpe.com.key /etc/httpd/ssl/ftp1.cpe.com.key
[root@localhost ~]# scp root@11.100.46.7:/etc/pki/CA/ftp1.cpe.com.crt /etc/httpd/ssl/ftp1.cpe.com.crt
[root@localhost ~]# vim /etc/httpd/conf.d/ssl.conf
DocumentRoot “/var/www/html”
ServerName ftp1.cpe.com:443
SSLCertificateFile /etc/httpd/ssl/ftp1.cpe.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/ftp1.cpe.com.key
[root@localhost ~]# service httpd restart
2、Real server2:
[root@localhost ~]# yum -y install mod_ssl
[root@localhost ~]# mkdir -pv /etc/httpd/ssl
[root@localhost ~]# scp root@11.100.46.7:/etc/pki/CA/ftp1.cpe.com.key /etc/httpd/ssl/ftp1.cpe.com.key
[root@localhost ~]# scp root@11.100.46.7:/etc/pki/CA/ftp1.cpe.com.crt /etc/httpd/ssl/ftp1.cpe.com.crt
[root@localhost ~]# vim /etc/httpd/conf.d/ssl.conf
DocumentRoot “/var/www/html”
ServerName ftp1.cpe.com:443
SSLCertificateFile /etc/httpd/ssl/ftp1.cpe.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/ftp1.cpe.com.key
[root@localhost ~]# service httpd restart
六、配置Dns
[root@repo conf.d]# vim /var/named/cpe.zone
ftp1.cpe.com. IN A 11.100.46.11
[root@repo conf.d]# rndc reload
七、配置lvs
[root@localhost CA]# yum -y install ipvsadm
[root@localhost CA]# ipvsadm -A -t 11.100.46.11:443 -s rr
[root@localhost CA]# ipvsadm -a -t 11.100.46.11:443 -r 11.100.46.4:443 -g
[root@localhost CA]# ipvsadm -a -t 11.100.46.11:443 -r 11.100.46.9:443 –g
[root@localhost CA]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 11.100.46.11:443 rr
-> 11.100.46.4:443 Route 1 0 0
-> 11.100.46.9:443 Route 1 0 0
八、验证是否成功