; haproxy实验 | Linux运维部落

haproxy实验

实验1

部署discuz

1、  不做会话绑定 基于roundrobin

—————————10.1.72.40|30——————————

安装环境,启动服务

[root@localhost ~]# yum -y install php php-fpm mariadb-server httpd

[root@localhost ~]# systemctl start httpd

[root@localhost ~]# systemctl start mariadb

[root@localhost ~]# cp -a upload/ /var/www/html/

[root@localhost ~]# cd /var/www/html/

测试服务器是否启动成功

[root@localhost html]# setfacl  -Rm u:apache:rwx upload/           //给安装权限

更改php.ini的时区

创建数据库并授权

MariaDB [(none)]> create database discuz;

MariaDB [(none)]> grant all on discuz.* to 'user'@'localhost' identified by '123';

MariaDB [(none)]> grant all on discuz.* to 'user'@'127.0.0.1' identified by '123';

MariaDB [(none)]> grant all on discuz.* to 'user'@'%' identified by '123';

MariaDB [(none)]> flush privileges;

 

 

—————————–10.1.72.60—————————

63       frontend discuz

64         bind :80

 65         defa ult_backend app

 66

 67        backend app

 68         balance roundrobin

 69         maxconn 350

 70         server ser1 10.1.72.30:80 check maxconn 100 maxqueue 20

 71         server ser2 10.1.72.40:80 check maxconn 200 maxqueue 30

 72

 73      listen stats  *:9001

 74         stats enable

 75         stats uri /admin?stats

 76         stats realm "haproxy status"

 77         stats refresh 3s

 78         stats hide-version

 79         stats auth admin:123

 80         stats admin if LOCALHOST

 

2、  基于cookie的会话粘性,测试上传图片是否可以访问

frontend discuz

    bind :80

    default_backend app

 

backend app

    balance roundrobin

    maxconn 350

    cookie web insert indirect nocache

    server ser1 10.1.72.30:80 check cookie ser1 maxconn 100 maxqueue 20

        server ser2 10.1.72.40:80 check cookie ser2 maxconn 200 maxqueue 30

 

 

 

 

 

 

 

 

 

 

 

实验2

—————————–10.1.72.40———————————

[root@localhost html]# systemctl start rpcbind

[root@localhost /]# mkdir /var/www/html/upload/data/attachment/forum

[root@localhost ~]# systemctl start nfs

[root@localhost ~]#setfacl –m u:apache:rwx /pic

[root@localhost ~]# vim /etc/exports

/var/www/html/upload/data/attachment/forum 10.1.0.0/16(rw,anonuid=48)

   Vim /etc/nginx/nginx.conf   

 location / {

    root /var/www/html;

        }

———————-10.1.72.30————————–

共享的nfs挂载到discuz上传的目录

[root@centos7 ~]# mount -t nfs 10.1.72.40:/var/www/html/upload/data/attachment/forum/ /var/www/html/upload/data/attachment/forum/

 

 

 

——————10.1.72.60————————–

frontend discuz

        bind :80

        acl static path_reg .*/data/attachment/forum.*

        use_backend upload if static

        default_backend app

backend app

        balance roundrobin

        maxconn 350

        cookie web insert indirect nocache

        server ser1 10.1.72.30:80 check cookie ser1 maxconn 100 maxqueue 20

 

backend upload

        balance roundrobin

        maxconn 350

        server ser1 10.1.72.40:80 check  maxconn 100 maxqueue 20

 

测试:

取消挂载,并刷新页面

———————-10.1.72.30———————

[root@centos7 upload]# umount /var/www/html/upload/data/attachment/forum/

 

 

 

 

 

 

 

 

 

 

 

 

 

实验3

 

——————————-10.1.72.50———————————–

[root@localhost varnish]# vim default.vcl

# This is an example VCL file for Varnish.

#

# It does not do anything by default, delegating control to the

# builtin VCL. The builtin VCL is called when there is no explicit

# return statement.

#

# See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/

# and http://varnish-cache.org/trac/wiki/VCLExamples for more examples.

 

# Marker to tell the VCL compiler that this VCL has been adapted to the

# new 4.0 format.

vcl 4.0;

 

# Default backend definition. Set this to point to your content server.

backend default {

    .host = "10.1.72.40";

    .port = "80";

}

#probe health_check {

#       .url = "/";

#       .window = 5;

#       .threshold = 4;

#       .interval = 2s;

#       .timeout = 1s;

#}

#backend ser1 {

#    .host = "10.1.72.40";

#    .port = "80";

#    .probe = health_check;

#}

#import directors;

#sub vcl_init {

#    new sers = directors.random();

#    sers.add_backend(ser1);

#}

#acl client_purge {

#       "127.0.0.0"/8;

#       "10.1.72.60";

#}

sub vcl_purge {

        return(synth(200,"clean suss"));

}

sub vcl_recv {

 

# if (req.http.Authorization || req.http.Cookie) {

#        /* Not cacheable by default */

#        return (hash);

#    }

 

#       set req.backend_hint = sers.backend();

    # Happens before we check if we have this in cache already.

    #

    # Typically you clean up the request here, removing cookies you don't need,

    # rewriting the request, etc.

#    if (req.url ~ "^/") {

#       return(pass);

#       }

 #   if (req.method == "PURGE") {

#       if (client.ip ~ client_purge) {

#       return(purge);

#       } else {

#       return(synth(405,"not allow for "+client.ip));

#       }

#       }

#    if (req.url ~ "(?i)\.php$") {

#       } else {

#       set req.backend_hint = default;

#       }

}

sub vcl_deliver {

    if (obj.hits>0) {

        set resp.http.x-ache = "hit via "+server.ip;

        } else {

        set resp.http.x-cache = "miss via "+server.ip;

        }

}

 

sub vcl_backend_response {

    # Happens after we have read the response headers from the backend.

    #

    # Here you clean the response headers, removing silly Set-Cookie headers

    # and other mistakes your backend does.

                if (bereq.url ~ "(?i)\.(jpg|png|jpeg)$") {

                        unset beresp.http.Set-Cookie;

                        set beresp.ttl=10s;

                }

}

 

—————————10.1.72.60———————————-

vim /etc/haproxy/haproxy.cfg

 

frontend discuz

        bind :80

        acl static path_reg .*/data/attachment/forum.*

        use_backend upload if static

        default_backend app

 

backend app

        balance roundrobin

        maxconn 350

        server ser1 10.1.72.30:80 check  maxconn 100 maxqueue 20

 

backend upload

        balance roundrobin

        maxconn 350

        server ser1 10.1.72.50:6081 check  maxconn 100 maxqueue 20

 

listen stats  *:9001

        stats enable

        stats uri /admin?stats

        stats realm "haproxy status"

        stats refresh 3s

        stats hide-version

        stats auth admin:123

        stats admin if LOCALHOST

 

—————————–10.1.72.40———————————

[root@localhost html]# systemctl start rpcbind

[root@localhost /]# mkdir /var/www/html/upload/data/attachment/forum

[root@localhost ~]# systemctl start nfs

[root@localhost ~]#setfacl –m u:apache:rwx /pic

[root@localhost ~]# vim /etc/exports

/var/www/html/upload/data/attachment/forum 10.1.0.0/16(rw,anonuid=48)

   Vim /etc/nginx/nginx.conf   

 location / {

    root /var/www/html;

        }

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

实验4

————————————————–10.1.72.60———————————-

[root@centos7clean haproxy]# vim /etc/keepalived/keepalived.conf

global_defs {

   notification_email {

     acassen@firewall.loc

     failover@firewall.loc

     sysadmin@firewall.loc

   }

   notification_email_from Alexandre.Cassen@firewall.loc

   smtp_server 192.168.200.1

   smtp_connect_timeout 30

   router_id LVS_DEVEL

}

 

vrrp_instance VI_1 {

    state MASTER

    interface eno16777736

    virtual_router_id 51

    priority 100

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {

        10.1.72.111

    }

}

 

Haproxy

vim haproxy.cfg

frontend discuz

        bind :80

        acl static path_reg .*/data/attachment/forum.*

        use_backend upload if static

        default_backend app

 

backend app

        balance roundrobin

        maxconn 350

        server ser1 10.1.72.30:80 check  maxconn 100 maxqueue 20

 

backend upload

        balance roundrobin

        maxconn 350

        server ser1 10.1.72.50:6081 check  maxconn 100 maxqueue 20

 

listen stats  *:9001

        stats enable

        stats uri /admin?stats

        stats realm "haproxy status"

        stats refresh 3s

        stats hide-version

        stats auth admin:123

        stats admin if TRUE

 

 

日志:

修改/etc/rsyslog

开启udp 514号端口

 

错误页:

frontend discuz

        bind :80

        acl static path_reg .*/data/attachment/forum.*

        use_backend upload if static

        default_backend app

        errorfile 503 /var/www/html/index.html

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

原创文章,作者:landanhero,如若转载,请注明出处:/59250

联系我们

400-080-6560

在线咨询:点击这里给我发消息

邮件:1660809109@qq.com

工作时间:周一至周五,9:30-18:30,节假日同时也值班

友情链接:guoqibee.com  万达娱乐平台  万达招商QQ  万达主管QQ  万达登录  万达娱乐注册  万达主管  万达招商  万达娱乐注册  万达娱乐注册