环境准备:
1. vi /etc/sysconfig/network
NETWORKING =YES
NETWORKING_IPV6 =NO
HOSTNAME=Centos7
NOZEROCONF=YES
//HOSTNAME:服务器名称
//NOZEROCONF:不显示169.254.0.0
2. vi /etc/sysctl.conf 最后加一行
net.ipv4.ip_nonlocal_bind=1
sysctl -p
3. vi /etc/selinux/config
SELINUX=disabled #增加
setenforce 0 #使配置立即生效
4. 关闭防火墙
systemctl stop firewalld #停止firewall
firewall-cmd --reload #重启防火墙检测是否生效
systemctl disable firewalld #禁止firewall 开机启动
5.安装iptables
Yum install -y iptables iptables-services
Systemctl enable iptables
6. vi /etc/pam.d/login
最后一行插入
session required pam_limits.so
7. vi /etc/security/limits.conf
最后面增加:
* soft nproc 65535
* hard nproc 65535
* soft nofile 819200
* hard nofile 819200
部署keepalived
1.yum安装
yum install keepalived
2. 配置文件
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
jadsfy@gmail.com
adsfds@gmail.com #设置收件人
}
notification_email_from root@localhost #设置发件人
smtp_server 117.121.101.121 # 定义邮件服务器
smtp_connect_timeout 30 # 链接超时
router_id LVS_DEVEL
script_user root
enable_script_security
}
vrrp_script chk_http_port {
script "/etc/keepalived/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface ens192 #网卡名
priority 152
advert_int 1
virtual_router_id 80
authentication {
auth_type PASS
auth_pass 123456
} #备用服务器
track_script {
chk_haproxy_port
}
virtual_ipaddress {
117.121.101.122
117.121.101.123
117.121.101.124
}
}
3.配置检测脚本
vim /etc/keepalived/check_haproxy.sh
#!/bin/bash
if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
/opt/haproxy/sbin/haproxy -f /opt/haproxy/conf/haproxy.cfg
sleep 3
if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
systemctl stop keepalived.service
fi
fi
二、 部署Haproxy
1. 前期配置
mkdir -p /opt/haproxy/conf #创建配置文件目录
mkdir -p /etc/haproxy #创建配置文件目录
vim /opt/haproxy/conf/haproxy.cfg #创建haproxy配置文件
global
log 127.0.0.1 local0
maxconn 65535
pidfile /var/run/haproxy.pid
nbproc 1
daemon
ulimit-n 819200
tune.ssl.default-dh-param 2048
defaults
mode http
log global
option httplog
option redispatch
option dontlognull
option httpclose
option forwardfor
maxconn 65535
balance source
retries 5
timeout connect 5000
timeout client 3600000
timeout server 3600000
timeout check 10s
timeout http-request 20s
timeout queue 1m
timeout http-keep-alive 20s
listen admin_status
mode http
bind *:8080
stats uri refresh 30s
stats uri /status
stats realm status
stats auth admin:'Iv0011.net!'
stats hide-version
frontend sports
mode http
bind *:80
capture request header Host len 64
capture request header User-Agent len 128
capture request header X-Forwarded-For len 100
capture request header Referer len 200
capture response header Server len 40
capture response header Server-ID len 40
log-format "%ci:%cp \"[%tr]\" %ST %B \"%r\" \"%b\" \"%f\" \"%hrl\" \"%bi\" %si:%sp"
**ln -s /opt/haproxy/conf/haproxy.cfg /etc/haproxy/haproxy.cfg** #添加配置文件软连接
**拷贝包到/usr/local**
cd /usr/local
tar -zxvf haproxy-1.7.5.tar.gz
cp -r /usr/local/haproxy-1.7.5/examples/errorfiles /opt/haproxy/errorfiles #拷贝错误页面
ln -s /opt/haproxy/errorfiles /etc/haproxy/errorfiles #添加软连接
mkdir -p /opt/haproxy/logs #创建日志文件目录
touch /opt/haproxy/logs/haproxy.log #创建日志文件
ln -s /opt/haproxy/logs/haproxy.log /var/log/haproxy.log #添加软连接
cp /usr/local/haproxy-1.7.5/examples/haproxy.init /etc/rc.d/init.d/haproxy #拷贝开机启动文件
chmod +x /etc/rc.d/init.d/haproxy #添加脚本执行权限
chkconfig --level 2345 keepalived on #设置开机启动
chkconfig --level 2345 haproxy on #设置开机启动
vim /etc/rsyslog.conf
#将
M
o
d
L
o
a
d
i
m
u
d
p
,
ModLoad imudp,
ModLoadimudp,UDPServerRun 514两行前的#去掉
local0.* /var/log/haproxy.log
vim /etc/sysconfig/rsyslog
#修改为 SYSLOGD_OPTIONS="-r -m 0 -c 2"
重启rsyslog.service 可以查看打印日志
systemctl restart rsyslog.service
2. 安装插件
yum -y install keepalived* pcre* pcre-devel GeoIP gd libXpm gcc gcc-c++ ncurses-devel perl make gcc gcc-c++ ncurses-devel zlib zlib-devel openssl*
cd /usr/local/haproxy-1.7.5
make TARGET=linux2628 USE_STATIC_PCRE=1 USE_REGPARM=1 USE_LINUX_TPROXY=1 USE_OPENSSL=1 USE_ZLIB=1 ARCH=x86_64
ldd haproxy | grep ssl
make install PREFIX=/opt/haproxy
cd /opt/haproxy/
ln -s /opt/haproxy/sbin/haproxy /usr/sbin
systemctl restart keepalived
service haproxy check //检查配置文件是否成功
service haporxy restart