haproxy實驗

實驗1：

部署discuz

1、不做會話綁定基于roundrobin

haproxy實驗

—————————10.1.72.40|30——————————

安裝環境，啟動服務

[root@localhost ~]# yum -y install php php-fpm mariadb-server httpd

[root@localhost ~]# systemctl start httpd

[root@localhost ~]# systemctl start mariadb

[root@localhost ~]# cp -a upload/ /var/www/html/

[root@localhost ~]# cd /var/www/html/

測試服務器是否啟動成功

haproxy實驗

[root@localhost html]# setfacl -Rm u:apache:rwx upload/ //給安裝權限

更改php.ini的時區

創建數據庫并授權

MariaDB [(none)]> create database discuz;

MariaDB [(none)]> grant all on discuz.* to 'user'@'localhost' identified by '123';

MariaDB [(none)]> grant all on discuz.* to 'user'@'127.0.0.1' identified by '123';

MariaDB [(none)]> grant all on discuz.* to 'user'@'%' identified by '123';

MariaDB [(none)]> flush privileges;

haproxy實驗

—————————–10.1.72.60—————————

63 frontend discuz

64 bind :80

65 defa ult_backend app

67 backend app

68 balance roundrobin

69 maxconn 350

70 server ser1 10.1.72.30:80 check maxconn 100 maxqueue 20

71 server ser2 10.1.72.40:80 check maxconn 200 maxqueue 30

73 listen stats *:9001

74 stats enable

75 stats uri /admin?stats

76 stats realm "haproxy status"

77 stats refresh 3s

78 stats hide-version

79 stats auth admin:123

80 stats admin if LOCALHOST

haproxy實驗

2、基于cookie的會話粘性，測試上傳圖片是否可以訪問

frontend discuz

bind :80

default_backend app

backend app

balance roundrobin

maxconn 350

cookie web insert indirect nocache

server ser1 10.1.72.30:80 check cookie ser1 maxconn 100 maxqueue 20

server ser2 10.1.72.40:80 check cookie ser2 maxconn 200 maxqueue 30

haproxy實驗

實驗2：

haproxy實驗

—————————–10.1.72.40———————————

[root@localhost html]# systemctl start rpcbind

[root@localhost /]# mkdir /var/www/html/upload/data/attachment/forum

[root@localhost ~]# systemctl start nfs

[root@localhost ~]#setfacl –m u:apache:rwx /pic

[root@localhost ~]# vim /etc/exports

/var/www/html/upload/data/attachment/forum 10.1.0.0/16(rw,anonuid=48)

Vim /etc/nginx/nginx.conf

location / {

root /var/www/html;

}

———————-10.1.72.30————————–

共享的nfs掛載到discuz上傳的目錄

[root@centos7 ~]# mount -t nfs 10.1.72.40:/var/www/html/upload/data/attachment/forum/ /var/www/html/upload/data/attachment/forum/

——————10.1.72.60————————–

frontend discuz

bind :80

acl static path_reg .*/data/attachment/forum.*

use_backend upload if static

default_backend app

backend app

balance roundrobin

maxconn 350

cookie web insert indirect nocache

server ser1 10.1.72.30:80 check cookie ser1 maxconn 100 maxqueue 20

backend upload

balance roundrobin

maxconn 350

server ser1 10.1.72.40:80 check maxconn 100 maxqueue 20

測試：

取消掛載，并刷新頁面

———————-10.1.72.30———————

[root@centos7 upload]# umount /var/www/html/upload/data/attachment/forum/

haproxy實驗

實驗3、

haproxy實驗

——————————-10.1.72.50———————————–

[root@localhost varnish]# vim default.vcl

# This is an example VCL file for Varnish.

# It does not do anything by default, delegating control to the

# builtin VCL. The builtin VCL is called when there is no explicit

# return statement.

# See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/

# and http://varnish-cache.org/trac/wiki/VCLExamples for more examples.

# Marker to tell the VCL compiler that this VCL has been adapted to the

# new 4.0 format.

vcl 4.0;

# Default backend definition. Set this to point to your content server.

backend default {

.host = "10.1.72.40";

.port = "80";

}

#probe health_check {

# .url = "/";

# .window = 5;

# .threshold = 4;

# .interval = 2s;

# .timeout = 1s;

#backend ser1 {

# .host = "10.1.72.40";

# .port = "80";

# .probe = health_check;

#import directors;

#sub vcl_init {

# new sers = directors.random();

# sers.add_backend(ser1);

#acl client_purge {

# "127.0.0.0"/8;

# "10.1.72.60";

sub vcl_purge {

return(synth(200,"clean suss"));

}

sub vcl_recv {

# if (req.http.Authorization || req.http.Cookie) {

# /* Not cacheable by default */

# return (hash);

# }

# set req.backend_hint = sers.backend();

# Happens before we check if we have this in cache already.

# Typically you clean up the request here, removing cookies you don't need,

# rewriting the request, etc.

# if (req.url ~ "^/") {

# return(pass);

# }

# if (req.method == "PURGE") {

# if (client.ip ~ client_purge) {

# return(purge);

# } else {

# return(synth(405,"not allow for "+client.ip));

# }

# if (req.url ~ "(?i)\.php$") {

# } else {

# set req.backend_hint = default;

# }

}

sub vcl_deliver {

if (obj.hits>0) {

set resp.http.x-ache = "hit via "+server.ip;

} else {

set resp.http.x-cache = "miss via "+server.ip;

}

sub vcl_backend_response {

# Happens after we have read the response headers from the backend.

# Here you clean the response headers, removing silly Set-Cookie headers

# and other mistakes your backend does.

if (bereq.url ~ "(?i)\.(jpg|png|jpeg)$") {

unset beresp.http.Set-Cookie;

set beresp.ttl=10s;

}

haproxy實驗

—————————10.1.72.60———————————-

vim /etc/haproxy/haproxy.cfg

frontend discuz

bind :80

acl static path_reg .*/data/attachment/forum.*

use_backend upload if static

default_backend app

backend app

balance roundrobin

maxconn 350

server ser1 10.1.72.30:80 check maxconn 100 maxqueue 20

backend upload

balance roundrobin

maxconn 350

server ser1 10.1.72.50:6081 check maxconn 100 maxqueue 20

listen stats *:9001

stats enable

stats uri /admin?stats

stats realm "haproxy status"

stats refresh 3s

stats hide-version

stats auth admin:123

stats admin if LOCALHOST

—————————–10.1.72.40———————————

[root@localhost html]# systemctl start rpcbind

[root@localhost /]# mkdir /var/www/html/upload/data/attachment/forum

[root@localhost ~]# systemctl start nfs

[root@localhost ~]#setfacl –m u:apache:rwx /pic

[root@localhost ~]# vim /etc/exports

/var/www/html/upload/data/attachment/forum 10.1.0.0/16(rw,anonuid=48)

Vim /etc/nginx/nginx.conf

location / {

root /var/www/html;

}

實驗4：

haproxy實驗

————————————————–10.1.72.60———————————-

[root@centos7clean haproxy]# vim /etc/keepalived/keepalived.conf

global_defs {

notification_email {

acassen@firewall.loc

failover@firewall.loc

sysadmin@firewall.loc

}

notification_email_from Alexandre.Cassen@firewall.loc

smtp_server 192.168.200.1

smtp_connect_timeout 30

router_id LVS_DEVEL

}

vrrp_instance VI_1 {

state MASTER

interface eno16777736

virtual_router_id 51

priority 100

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

10.1.72.111

}

Haproxy：

vim haproxy.cfg

frontend discuz

bind :80

acl static path_reg .*/data/attachment/forum.*

use_backend upload if static

default_backend app

backend app

balance roundrobin

maxconn 350

server ser1 10.1.72.30:80 check maxconn 100 maxqueue 20

backend upload

balance roundrobin

maxconn 350

server ser1 10.1.72.50:6081 check maxconn 100 maxqueue 20

listen stats *:9001

stats enable

stats uri /admin?stats

stats realm "haproxy status"

stats refresh 3s

stats hide-version

stats auth admin:123

stats admin if TRUE

haproxy實驗

日志：

修改/etc/rsyslog

開啟udp 514號端口

haproxy實驗

錯誤頁：

frontend discuz

bind :80

acl static path_reg .*/data/attachment/forum.*

use_backend upload if static

default_backend app

errorfile 503 /var/www/html/index.html

haproxy實驗

原創文章，作者：landanhero，如若轉載，請注明出處：http://www.www58058.com/59250

相關推薦

linux系統初識

Linux網絡配置

用戶組和權限管理2

LNMP的虛擬主機配置http和https

Linux文件管理與bash特性

8-12 文件查找