haproxy和keepalived配置方法
admin
2023-02-22 06:40:04
0

haproxy和keepalived

# 架构一 两台服务器,不能使用与业务相同端口,不能代理原有业务的ssl
websrv1:8080/8443  haproxy1:80/443    keepalived1-master
websrv2:8080/8443  haproxy1:80/443    keepalived1-backup

# 架构二 四台服务器,可以使用与业务相同端口,不能代理原有业务的ssl
websrv1:8080/8443
websrv2:8080/8443
haproxy1:8080/8443    keepalived1-master
haproxy2:8080/8443    keepalived1-backup

实验按架构一部署,架构二基本类似

1. soft install

yum install -y haproxy keepalived openssl
systemctl enable haproxy keepalived && systemctl restart haproxy keepalived

2. keepalived (只做HA Keepalived可以单独配置)

vi /etc/keepalived/keepalived.conf

  • MASTER (keepalived1-master)
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   router_id LVS_DEVEL
#   vrrp_strict

}

vrrp_instance VI_1 {
    state MASTER
#   config with right interface name
    interface eth0
    virtual_router_id 51
    priority 110
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.10.80.50/24
    }
}
  • BACKUP (keepalived2-slave)
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   router_id LVS_DEVEL
#   vrrp_strict
}

vrrp_instance VI_1 {
    state BACKUP
#   config with right interface name
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.10.80.50/24
    }
}

# check config

systemctl restart keepalived

3. haproxy config (haproxy1 / haproxy2)

vi /etc/haproxy/haproxy.cfg

external-check need haproxy >1.6

global 
   log /dev/log local0 
   log /dev/log local1 notice 
   stats timeout 30s 
#   external-check 
   user haproxy 
   group haproxy 
   tune.ssl.default-dh-param 4096 
   daemon 

defaults 
   log global 
   mode http 
   option httplog 
   option dontlognull 
   timeout connect 5000 
   timeout client 50000 
   timeout server 50000 
   stats uri /haproxy?stats 

frontend http_front 
   bind :80 
   bind :443 ssl crt /etc/ssl/server.pem 
   default_backend http_back 

backend http_back 
   balance roundrobin 
   cookie SERVERID maxidle 30m maxlife 12h insert indirect nocache 
#   option external-check 
#   external-check command /bin/haproxy/etxstat.sh 
#   external-check path "/usr/bin:/bin" 
   server etx1 10.10.80.51:8080 check cookie etx1
   server etx2 10.10.80.52:8080 check cookie etx2

4. ssl pam 配置

cd /etc/ssl
openssl req -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt -days 365
cat server.crt server.key | tee server.pem 

# sync pem srv1 -> srv2
scp haproxy1:/etc/ssl/server.pem haprox2:/etc/ssl/

5. haproxy check config

vi /bin/haproxy/etxstat.sh

#!/bin/bash 
status=$(curl -s --user etxadmin:password http://$3:$4/etx/state) 
if [ "$status" = "RUNNING" ]; then 
   exit 0 
else 
   exit 1 
fi
  • check config
chmod a+x /bin/haproxy/etxstat.sh 
sudo -u haproxy /bin/haproxy/etxstat.sh
haproxy -c -V -f /etc/haproxy/haproxy.cfg
systemctl restart haproxy
http://ip:port/haproxy?stats

上一篇:Linux CentOS7.7 安装向导

下一篇:怎么用acme.sh进行ssl申请和自动续约?

相关内容

热门资讯

伊朗消息人士:美方提议包含不可... 当地时间6日,伊朗消息人士表示,伊朗尚未回应美国方面的最新提议,因为该提议包含一些不可接受的条款。他...
中国“四大发明”的历史遗憾,会... 导语:2026年初,美国国防部发布“人工智能战略”备忘录,将AI建设重心聚焦于作战、情报和企业三大方...
2026年深圳微信商城小程序公... 在数字化转型浪潮中,微信商城小程序已成为企业连接用户、拓展业务的关键载体。然而,面对市场上众多的小程...
原创 雷... 前小米技术一号位崔宝秋,休养一年多,重走创业路。 证明自己不只是「雷军的老同学」? 2026年的具...
伊朗:若美方不作出必要让步,已... △伊朗首都德黑兰(资料图)当地时间6日,伊朗议会国家安全与外交政策委员会发言人易卜拉欣·雷扎伊在社交...
戏韵新章,薪火永续——2026... 弦歌渐歇,余韵绵长。5月4日,“一出好戏·四市联动”2026豫剧文化艺术周在主会场许昌曹魏古城圆满落...
天迈科技收购预案公布!切入工业... 【大河财立方消息】 5月6日,天迈科技披露发行股份及支付现金购买资产并募集配套资金暨关联交易预案。根...
三星LG发布新一代OLED技术 据 THE ELEC 5月6日报道,三星显示与LG显示在美国洛杉矶SID Display Week ...
华为鸿蒙HarmonyOS 6... PChome 5月6日消息,今日,HarmonyOS开发者官方发布博文宣布,华为鸿蒙6系统负一屏的T...
原创 小... 机圈这潭水,从来就不缺惊喜,当你以为旗舰机的天花板已经近在眼前,友商们最多就是换块屏、升个级小修小补...