父母邦目前服务器架构介绍
来自技术开发小组内部wiki
目录
架构图
反向代理服务器(185,187)
=== 设计到两种种代理服务和一种心跳互测=== 代理服务: 一,nginx 二,haproxy 心跳服务: 一,keepAlived 下面开始一一介绍 1,185和187反向代理服务器对外虚拟IP是183,内部虚拟IP:192.168.0.191,192.168.0.192--》 命令:cat /etc/hosts(在 188下查看) 192.168.0.191 db.master.proxy 192.168.0.192 db.slave.proxy 185keeplive设置: nginx===master主,数据库===backup从 187keeplive设置: nginx===backup从,数据库===master主 2,它两提供了web---》nginx 反向代理(188,190),也提供了mysql 代理(189,190),而且他两有心跳叫 keepAlived ,如果一台宕机马上会切换到没宕机那台, 3,当用户访问父母邦的时候他们两会反向请求到188或190---注意188和190的代码必须一致(发布代码的时候同时给188和190) 4,代理服务的配置:/usr/local/nginx/conf/nginx.conf 5,/etc/keepalived配置位置:/etc/keepalived/keepalived.conf
Nginx反向代理说明
Nginx是一款面向性能设计的HTTP服务器,相较于Apache、lighttpd具有占有内存少,稳定性高等优势。与旧版本 (<=2.2)的Apache不同,nginx不采用每客户机一线程的设计模型,而是充分使用异步逻辑,削减了上下文调度开销,所以并发服务能力更 强。
整体采用模块化设计,有丰富的模块库和第三方模块库,配置灵活。 在Linux操作系统下,nginx使用epoll事件模型,得益于此,nginx在Linux操作系统下效率相当高。同时Nginx在OpenBSD或 FreeBSD操作系统上采用类似于epoll的高效事件模型kqueue。
nginx同时是一个高性能的 HTTP 和 反向代理 服务器,也是一个 IMAP/POP3/SMTP 代理服务器。Nginx 已经因为它的稳定性、丰富的功能集、示例配置文件和低系统资源的消耗而闻名了。
想仔细了解nginx的朋友,给两个地址给你们,一个是张宴的blog,他是中国较早研究nginx的人,还出了一个本nginx的书,讲的很具体,叫《实战nginx:取代Apache的高性能服务器》,另一个是51的nginx专题。
而今天我的主题呢,主要是nginx负载均衡,把做的步骤记录下来,作为一个学习笔记吧,也可以给大家做下参考。
1.实验环境
系统版本:CentOS release 5.9 (Final) x86 32位 nginx版本: 1.2.8 nginx负载均衡位置:192.168.207.131 80端口 WEB_1:192.168.207.129 80端口 WEB_2:192.168.207.130 8080端口 WEB_3:192.168.207.131 8080端口
这里呢,我在web_1和web_2上使用的是系统自带的apache,按要求改变一下监听端口就ok了,当然也可以安装nginx,这个你自己看 着办吧,我在192.168.207.131上安装nginx,作为负载均衡器和web服务器使用,负载均衡使用的端口是80,而web服务使用的是 8080端口。
2.下载和安装nginx
安装nginx前需要先安装pcre库,PCRE(Perl Compatible Regular Expressions)是一个Perl库,包括 perl 兼容的正规表达式库,这个就是为之后的地址重新,location匹配啊等,让nginx支持正则:
cd /usr/local/src
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.21.tar.gz
tar -zxvf pcre-8.21.tar.gz
cd pcre-8.21
./configure
make
make install
下载安装nginx
cd /usr/local/src
wget http://nginx.org/download/nginx-1.2.8.tar.gz
tar -zxvf nginx-1.2.8.tar.gz
cd nginx-1.2.8
./configure --prefix=/usr/local/nginx --with-pcre=/usr/local/src/pcre-8.21 --user=nginx --group=nginx --with-http_stub_status_module
make
make install
注意--with-pcre指向的pcre的源码路径,如果要安装zlib的话也是这样,添加个--with-zlib,后面加个源码路径。
3.自定义nginx配置文件
我这里呢,配置文件的参数就多写点,让大家多了解一下nginx的参数:
vi /usr/local/nginx/conf/nginx.conf
内容如下:
#运行用户
user nginx nginx;
#启动进程
worker_processes 2;
#全局错误日志及PID文件
error_log logs/error.log notice;
pid logs/nginx.pid;
#工作模式及每个进程连接数上限
events {
use epoll;
worker_connections 1024; #所以nginx支持的总连接数就等于worker_processes * worker_connections
}
#设定http服务器,利用它的反向代理功能提供负载均衡支持
http {
#设定mime类型
include mime.types; #这个是说nginx支持哪些多媒体类型,可以到conf/mime.types查看支持哪些多媒体
default_type application/octet-stream; #默认的数据类型
#设定日志格式
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
log_format download '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_range" "$sent_http_content_range"';
#设定请求缓冲
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
#开启gzip模块
#gzip on;
#gzip_min_length 1100;
#gzip_buffers 4 8k;
#gzip_types text/plain;
#output_buffers 1 32k;
#postpone_output 1460;
#设定access log
access_log logs/access.log main;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
#设定负载均衡的服务器列表
upstream mysvr {
#weigth参数表示权值,权值越高被分配到的几率越大
server 192.168.207.129:80 weight=5;
server 192.168.207.130:8080 weight=5;
server 192.168.207.131:8080 weight=2;
}
server { #这个是设置web服务的,监听8080端口
listen 8080;
server_name 192.168.207.131;
index index.html index.htm;
root /var/www/html;
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root html;
#}
}
#设定虚拟主机
server {
listen 80;
server_name 192.168.207.131;
#charset gb2312;
#设定本虚拟主机的访问日志
access_log logs/three.web.access.log main;
#如果访问 /img/*, /js/*, /css/* 资源,则直接取本地文件,不通过squid
#如果这些文件较多,不推荐这种方式,因为通过squid的缓存效果更好
#location ~ ^/(img|js|css)/{
# root /data3/Html;
# expires 24h;
#}
#对 "/" 启用负载均衡
location / {
proxy_pass http://mysvr; #以这种格式来使用后端的web服务器
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
#设定查看Nginx状态的地址 ,在安装时要加上--with-http_stub_status_module参数
location /NginxStatus {
stub_status on;
access_log on;
auth_basic "NginxStatus";
auth_basic_user_file conf/htpasswd; #设置访问密码,htpasswd -bc filename username password
}
}
}
4.启动所以服务器,查看效果
先添加个nginx用户:
useradd nginx
要不然会报错的:
/usr/local/nginx/sbin/nginx
默认的配置文件就在conf/nginx.conf,所以啊,如果你要把配置文件放在别的地方,就加上个-c /path/nginx.conf。启动好了,访问http://192.168.207.131就可以按算法的分配来访问后台的三个web服务器了。
访问http://192.168.207.131/NginxStatus,然后输入用户名和密码就可以查看nginx的一些记录信息了,当然啦你可以使用其他的工具,比如说cacti,MRTG等工具。
Active connections: 1
server accepts handled requests
19 19 91
Reading: 0 Writing: 1 Waiting: 0
5.nginx负载均衡的最简化模型
worker_processes 1;
events {
worker_connections 1024;
}
http{
upstream myproject {
#这里指定多个源服务器,ip:端口,80端口的话可写可不写
server 192.168.43.158:80;
server 192.168.41.167;
}
server {
listen 8080;
location / {
proxy_pass http://myproject;
}
}
}
具体实例
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;
worker_rlimit_nofile 40000;
events { use epoll; worker_connections 40000; }
http {
include mime.types;
default_type application/octet-stream;
charset utf-8;
client_header_buffer_size 4k;
open_file_cache max=8192 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 1;
sendfile on; tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 120;
gzip on;
gzip_proxied any;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
gzip_http_version 1.1;
gzip_min_length 10;
gzip_comp_level 9;
gzip_types text/plain application/x-javascript text/css application/xml application/json application/x-httpd-php !application/x-httpd-jphp;
#后端列表
upstream mysvr {
server 192.168.0.1:80;
server 192.168.0.2:80;
server 192.168.0.3:80;
server 192.168.0.4:80;
server 192.168.0.5:80;
server 192.168.0.6:80;
}
proxy_cache_path /tmp/proxy_cache_dir levels=1:2 keys_zone=cache_one:1600m inactive=1d max_size=6g;
server {
listen 80;
server_name *.majietest.cn;
location / {
proxy_pass http://mysvr;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_ignore_client_abort on;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
#静态文件缓存
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)
$ {
proxy_pass http://mysvr;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_cache cache_one;
proxy_cache_key $host$uri$is_args$args; expires 31d; access_log off;
}
}
server {
listen 8080;
location /nginx_status {
allow 127.0.0.1;
deny all;
stub_status on;
access_log off;
}
}
}
其次后端需要真实IP的处理:
http {
set_real_ip_from 192.168.0.0/24;
#代理IP的范围
real_ip_header X-Real-IP;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
Nginx+keepalived主从双机热备自动切换架构
1:安装 keepalived
Keepalived介绍
Keepalived在这里主要用作RealServer的健康状态检查以及LoadBalance主机和BackUP主机之间failover的实现。 keepalived是一个类似于layer3, 4 & 5交换机制的软件,也就是我们平时说的第3层、第4层和第5层交换。Keepalived的作用是检测web服务器的状态,
如果有一台web服务器死机, 或工作出现故障,Keepalived将检测到,并将有故障的web服务器从系统中剔除,当web服务器工作正常后Keepalived自动将web服务 器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的web服务器。
KeepAlived是一个高可用方案,通过VIP(即虚拟IP)和心跳检测来实现高可用。其原理是存在一组(两台)服务器,分别赋予 Master,Backup两个角色,默认情况下Master会绑定VIP到自己的网卡上,对外提供服务。Master,Backup会在一定的时间间隔
向对方发送心跳数据包来检测对方的状态,这个时间间隔一般为2秒钟,如果Backup发现Master宕机,那么Backup会发送ARP包到网关,把 VIP绑定到自己的网卡,此时Backup对外提供服务,实现自动化的故障转移,当Master恢复的时候会重新接管服务。。
keepalived工作原理
keepalived可提供vrrp以及health-check功能,可以只用它提供双机浮动的vip(vrrp虚拟路由功能),这样可以简单实现一个双机热备高可用功能。
keepalived是一个类似于layer3, 4 & 5交换机制的软件,也就是我们平时说的第3层、第4层和第5层交换。Keepalived的作用是检测web 服务器的状态。 Layer3,4&5工作在IP/TCP协议栈的IP层,TCP层,及应用层,原理分别如下:
Layer3:Keepalived使用Layer3的方式工作式时,Keepalived会定期向服务器群中的服务器
发送一个ICMP的数据包(既我们平时用的Ping程序),如果发现某台服务的IP地址没有激活,Keepalived便报告这台服务器失效, 并将它从服务器群中剔除,这种情况的典型例子是某台服务器被非法关机。Layer3的方式是以服务器的IP地址是否有效作为服务器工作正常与否的标准。
在 本文中将采用这种方式。
Layer4:如果您理解了Layer3的方式,Layer4就容易了。Layer4主要以TCP端口的状态来决定服务器工作正常与否。如 web server的服务端口一般是80,如果Keepalived检测到80端口没有启动,则Keepalived将把这台服务器从服务器群中剔除。
Layer5:Layer5就是工作在具体的应用层了,比Layer3,Layer4要复杂一点,在网络上占用的带宽也要大一些。 Keepalived将根据用户的设定检查服务器程序的运行是否正常,如果与用户的设定不相符,则Keepalived将把服务器从服务器群中剔除。
vip即虚拟ip,是附在主机网卡上的,即对主机网卡进行虚拟,此IP仍然是占用了此网段的某个IP。
安装 keepalived 非常的简单和容易,这跟安装其他 GNU 源码软件步骤是以模一样的。下面
给出其安装过程
下载最新稳定版 wget http://www.keepalived.org/software/keepalived-1.1.17.tar.gz
解包 tar zxvf keepalived-1.1.17.tar.gz
切换目录 cd keepalived-1.1.17
配置 ./configure –prefix=/usr/local/keepalive
编译和安装 make ; make install
Keepalived 安装完成后,会在安装目录/usr/local/keepalived 生成 bin,etc,man,sbin 这 4 个目录。
其中 etc 为配置文件所在的目录.
值得注意的是,keepalived 的启动过程并不会对配置文件进行语法检查,就算没有配置文件,
keepalived的守护进程照样能够被运行起来.在默认状态下– 即不指定配置文件的位置,
keepalived先查找文件 /etc/keepalived/keepalived.conf,如果为了省事,
可以手动创建这个文件,然后在这个文件里书写规则,来达到控制keepalived 运行的目的。
2:配置 keepalived.conf
一个功能比较完整的keepalived 的配置文件,其配置文件keepalived.conf可以包含三个文本
块:全局定义块、VRRP 实例定义块及虚拟服务器定义块.全局定义块和虚拟服务器定义块
是必须的,如果在只有一个负载均衡器的场合,就不须VRRP实例定义块.
接下来,我们以一个配置文件模版为例,有选择的说明其中一些重要项的功能或作用.
#全局定义块
global_defs {
notification_email {
majiephp@163.com
}
notification_email_from root@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
#以上是email通知,作用:有故障,发邮件报警。这是可选项目,建议不用
router_id LVS_DEVEL
#Lvs负载均衡器标识(lvs_id),在一个网络内,它应该是唯一的
}
#VRRP定义块(虚拟路由器冗余协议),它的设计目标是支持特定情况下IP数据流量失败转移不会引起混乱,允许主机使用单路由器,以及及时在实际第一跳路由器使用失败的情形下仍能够维护路由器间的连通性。
虚拟路由冗余协议就是一种很好的解决方案。在该协议中,对共享多存取访问介质(如以太网)上终端IP设备的默认网关(Default Gateway)进行冗余备份,从而在其中一台路由设备宕机时,备份路由设备及时接管转发工作,向用户提供透明的切换,提高了网络服务质量。
vrrp_sync_group VG_1 {
group {
VI_1
}
}
vrrp_instance VI_1 {
state MASTER #实例状态state.只有 MASTER 和 BACKUP 两种状态,并且需要大写这些单词
interface eth0 #通信接口 interface 。对外提供服务的网络接口,如 eth0,eth1
virtual_router_id 86 #虚拟路由标识,这个标识是一个数字,并且同一个vrrp实例使用唯一的标识
priority 188 #优先级priority.这是一个数字,数值愈大,优先级越高
advert_int 1 #同步通知间隔,单位为秒
authentication {
auth_type PASS #验证类型
auth_pass 1234 #验证密码
}
virtual_ipaddress {
192.168.1.123 dev eth0 #虚拟ip地址
}
}
#虚拟服务器定义块,是keepalived最重要的项目了,是keepalived.conf必不可少的部分
virtual_server 192.168.1.123 80 {
delay_loop 6 #健康检查时间间隔,单位是秒
lb_kind DR #负载均衡转发规则,一般包括 DR,NAT,TUN3种,在我的方案中,都使用DR的方式
persistence_timeout 50 #会话保持时间,单位是秒
protocol TCP #转发协议,一般有tcp和udp两种
#真实服务器
real_server 192.168.1.100 80 {
weight 1 #权重weight.权重值是一个数字,数值越大,权重越高
notify_down “/root/service_down.sh” #检测到真实服务down后执行的脚本
#下面检查任意一种检查方式
#http或ssl检查
HTTP_GET|SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
connect_port 444
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
#Tcp检查
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
#脚本检查
MISC_CHECK {
misc_path /usr/local/bin/script.sh! #外部程序检查
misc_timeout 10 #脚本执行超时时间
}
}
}
3:nginx+keepalived主从自动切换示例
有两台机器:
192.168.1.6 主
192.168.1.7 从
虚ip 192.168.1.8 最好保局域网内无此IP
前提是两台主机已经安装好了nginx和keepalived.假设nginx的虚拟主机是test.keep.cn
主(192.168.1.6)keepalived配置文件
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 86
priority 188
advert_int 1
authentication {
auth_type PASS
auth_pass 1234
}
virtual_ipaddress {
192.168.1.8 dev eth0
}
}
virtual_server 192.168.1.8 80 {
delay_loop 6
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.1.6 80 {
weight 1
notify_down “/sbin/service keepalived stop”
HTTP_GET{
url {
path “/index.php”
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
为了检查的正确性,最好在hosts将域名指向本机(192.168.1.6)
从(192.168.1.7)keepalived配置文件
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 86
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1234
}
virtual_ipaddress {
192.168.1.8 dev eth0
}
}
virtual_server 192.168.1.8 80 {
delay_loop 6
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.1.7 80 {
weight 1
notify_down “/sbin/service keepalived stop”
HTTP_GET{
url {
path “/index.php”
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
同样为了检查的正确性,最好在hosts将域名指向本机(192.168.1.7)
4:测试
分别在2台nginx上启动nginx和keepalived服务,然后分别用ip a 查看ip
也可以通过tail -f /var/log/message 查看日志信息.
通过杀掉主从的nginx看到切换情况
总结:
有的时候会出现主从不正常或其他异常情况,一般是keepalived不能正常通信造成的
keepalived不能正常通信,除了配置错误之外,通常是由于防火墙的原因,很多资料都没有提及这点
请检查防火墙规则符合下面的条件:
1:keepalived 默认需要使用D类多播地址224.0.0.18进行心跳通信
2:keepalived 使用vrp协议进行通信(端口号为112)
检测两个keepalived主机之间是否能通信的办法有
停掉一个keepalived,看另外一个keepalived的日志/var/log/messages 里是否有新的日志
WEB服务器(188,190):
1,188和190是父母邦对外的两台web服务,它两之间没有互备,但代码发布的时候会同时给这两台, 2,190也扮演了从数据的角色,并且提供数据给179做备份 3,如果它两有一台出现宕机,那么反向代理会切换到另一台
MYSQL服务器(189,190):
1,189(主,写),190(从,读),它两是主从同步的数据库服务器,
2,190提供数据给179做备份
3,由185和187代理访问数据库
192.168.0.191 db.master.proxy
192.168.0.192 db.slave.proxy
说明一下这个haproxy,它和nginx一样可以设置代理,我们架构中是利用它代理访问数据库,原理说明:
安装配置好haproxy后,虚拟出23306端口主(写)和 23307端口从(读)
用keepalive监听自己本身服务器的haproxy代理端口23306和23307,如果发现某端口不存在就自己停掉keeplive:
#!/bin/sh
maillist='yatao.ding@linktone.com,shaojin.lu@linktone.com,yingfei.zhao@linktone.com,xiaoji.zhao@linktone.com'
#maillist='yatao.ding@linktone.com'
ip=59.151.119.185
/etc/init.d/keepalived stop
echo "keepalived stoped" | /bin/mail -s "down(haproxy-${ip})" $maillist
/root/fmb_tech.sh
这样的话,185就会接管数据库代理haproxy,反之一样
数据库宕机处理:
需要手动切换haproxy配置文件,185和187都需要切换,haproxy.cfg—>189写,190读 haproxy_s.cfg—>190写,179读
haproxy有两个配置文件: /etc/haproxy.cfg 和 /etc/haproxy_s.cfg
mysql(主1-写 故障)
登录119.187执行如下命令:
killall haproxy haproxy -f /etc/haproxy_s.cfg
mysql-proxy(主 故障) 119.187: 自动切换到备用(59.151.119.185)
haproxy.cfg:
listen mysqlw
bind 0.0.0.0:23306
mode tcp
option mysql-check user haproxy
balance roundrobin
server mysql189 192.168.0.189:3306 weight 1 check inter 1s rise 2 fall 3
# 默认 189写
listen mysqlr
bind 0.0.0.0:23307
mode tcp
option mysql-check user haproxy
balance roundrobin
server mysql190 192.168.0.190:3306 weight 1 check inter 1s rise 2 fall 3
/etc/haproxy_s.cfg:
listen mysqlw
bind 0.0.0.0:23306
mode tcp
option mysql-check user haproxy
balance roundrobin
server mysql190 192.168.0.190:3306 weight 1 check inter 1s rise 2 fall 3
listen mysqlr
bind 0.0.0.0:23307
mode tcp
option mysql-check user haproxy
balance roundrobin
server mysql179 192.168.0.179:3306 weight 1 check inter 1s rise 2 fall 3
线上各代理设置
187
cat /usr/local/nginx/conf/nginx.conf
#user nobody;
#启动进程
worker_processes 16;
worker_cpu_affinity 0000000000000001 0000000000000010 0000000000000100 0000000000001000 0000000000010000 0000000000100000 0000000001000000 0000000010000000 0000000100000000 0000001000000000
0000010000000000 0000100000000000 0001000000000000 0010000000000000 0100000000000000 1000000000000000;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
worker_rlimit_nofile 40000;
events {
use epoll;
worker_connections 40000;
}
http {
include mime.types;
default_type application/octet-stream;
charset utf-8;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
client_header_buffer_size 4k;
open_file_cache max=8192 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 1;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 120;
gzip on;
gzip_proxied any;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
gzip_http_version 1.1;
gzip_min_length 10;
gzip_comp_level 9;
gzip_types text/plain application/x-javascript text/css application/xml application/json application/x-httpd-php !application/x-httpd-jphp;
upstream mysvr {
server 192.168.0.188:80;
server 192.168.0.190:80;
}
upstream wechat {
server 192.168.0.188:80;
}
proxy_cache_path /home/www/proxy_cache_dir levels=1:2 keys_zone=cache_one:1600m inactive=1d max_size=6g;
server {
listen 80;
server_name wechat.fumubang.com;
location / {
proxy_pass http://wechat;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root html;
#}
}
server {
listen 80;
server_name wechat2.fumubang.com wechat3.fumubang.com wechat4.fumubang.com wechat5.fumubang.com;
location / {
proxy_pass http://wechat;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root html;
#}
}
server {
listen 80;
server_name *.fumubang.com;
location / {
proxy_pass http://mysvr;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
#to avoid 499 error
proxy_ignore_client_abort on;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location ~ /purge(/.*) {
allow all;
proxy_cache_purge cache_one $host$1$is_args$args;
}
#to redirect img not from fumubang
#location ~* ^/huodong/ {
#below lines must to add
#proxy_pass http://mysvr;
#proxy_redirect off;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#client_max_body_size 10m;
#client_body_buffer_size 128k;
#to avoid 499 error
#proxy_ignore_client_abort on;
#proxy_connect_timeout 900;
#proxy_send_timeout 900;
#proxy_read_timeout 900;
#proxy_buffer_size 4k;
#proxy_buffers 4 32k;
#proxy_busy_buffers_size 64k;
#proxy_temp_file_write_size 64k;
#access_log off;
#valid_referers none blocked *.fumubang.com;
#if ($invalid_referer) {
# rewrite ^/huodong/(.*)$ http://fumubang.b0.upaiyun.com/huodong/$1!thumbsrc last;
# return 302;
#}
#}
#to redirect img not from fumubang
#location ~* ^/upload/huodong/ {
#below lines must to add
#proxy_pass http://mysvr;
#proxy_redirect off;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#client_max_body_size 10m;
#client_body_buffer_size 128k;
#to avoid 499 error
#proxy_ignore_client_abort on;
#proxy_connect_timeout 900;
#proxy_send_timeout 900;
#proxy_read_timeout 900;
#proxy_buffer_size 4k;
#proxy_buffers 4 32k;
#proxy_busy_buffers_size 64k;
#proxy_temp_file_write_size 64k;
#valid_referers none blocked *.fumubang.com;
#if ($invalid_referer) {
# rewrite ^/upload/huodong/(.*)$ http://fumubang.b0.upaiyun.com/huodong/$1!thumbsrc last;
# return 302;
#}
#}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$
{
proxy_pass http://mysvr;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
#proxy_cache cache_one;
#proxy_cache_key $host$uri$is_args$args;
expires 30d;
#access_log off;
}
location ~ \.(jpg|JPG|gif|png|jpeg|JPEG|PNG|GIF)!(.*)$ {
proxy_pass http://mysvr;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
#proxy_cache cache_one;
#proxy_cache_key $host$uri$is_args$args;
expires 30d;
types { }
default_type image/jpeg;
add_header Pragma public;
add_header Cache-Control "public";
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root html;
#}
}
server {
listen 80;
server_name *.fmbimg.com;
location / {
proxy_pass http://mysvr;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_ignore_client_abort on;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
}
}
server{
listen 80;
server_name test.proxy.cn;
root /home/www/test;
index index.html index.htm index.php;
location ~ .*\.(php|php5)?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 8080;
location /nginx_status {
allow 111.205.96.2;
allow 60.195.252.106;
allow 60.195.249.83;
deny all;
stub_status on;
access_log off;
}
}
server {
listen 443;
server_name api.fumubang.com;
ssl on;
ssl_certificate /root/api.fumubang.com.crt;
ssl_certificate_key /root/api.fumubang.com.key;
location / {
proxy_pass http://mysvr;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_ignore_client_abort on;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
}
185
[root@localhost ~]# cat /usr/local/nginx/conf/nginx.conf
#user nobody;
worker_processes 16;
worker_cpu_affinity 0000000000000001 0000000000000010 0000000000000100 0000000000001000 0000000000010000 0000000000100000 0000000001000000 0000000010000000 0000000100000000 0000001000000000
0000010000000000 0000100000000000 0001000000000000 0010000000000000 0100000000000000 1000000000000000;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
worker_rlimit_nofile 40000;
events {
use epoll;
worker_connections 40000;
}
http {
include mime.types;
default_type application/octet-stream;
charset utf-8;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
client_header_buffer_size 4k;
open_file_cache max=8192 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 1;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 120;
gzip on;
gzip_proxied any;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
gzip_http_version 1.1;
gzip_min_length 10;
gzip_comp_level 9;
gzip_types text/plain application/x-javascript text/css application/xml application/json application/x-httpd-php !application/x-httpd-jphp;
upstream mysvr {
server 192.168.0.188:80;
server 192.168.0.190:80;
}
upstream wechat {
server 192.168.0.188:80;
}
proxy_cache_path /home/www/proxy_cache_dir levels=1:2 keys_zone=cache_one:1600m inactive=1d max_size=6g;
server {
listen 80;
server_name wechat.fumubang.com;
location / {
proxy_pass http://wechat;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root html;
#}
}
server {
listen 80;
server_name wechat2.fumubang.com wechat3.fumubang.com wechat4.fumubang.com wechat5.fumubang.com;
location / {
proxy_pass http://wechat;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root html;
#}
}
server {
listen 80;
server_name *.fumubang.com;
location / {
proxy_pass http://mysvr;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
#to avoid 499 error
proxy_ignore_client_abort on;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location ~ /purge(/.*) {
allow all;
proxy_cache_purge cache_one $host$1$is_args$args;
}
#to redirect img not from fumubang
#location ~* ^/huodong/ {
#below lines must to add
#proxy_pass http://mysvr;
#proxy_redirect off;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#client_max_body_size 10m;
#client_body_buffer_size 128k;
#to avoid 499 error
#proxy_ignore_client_abort on;
#proxy_connect_timeout 900;
#proxy_send_timeout 900;
#proxy_read_timeout 900;
#proxy_buffer_size 4k;
#proxy_buffers 4 32k;
#proxy_busy_buffers_size 64k;
#proxy_temp_file_write_size 64k;
#access_log off;
#valid_referers none blocked *.fumubang.com;
#if ($invalid_referer) {
# rewrite ^/huodong/(.*)$ http://fumubang.b0.upaiyun.com/huodong/$1!thumbsrc last;
# return 302;
#}
#}
#to redirect img not from fumubang
#location ~* ^/upload/huodong/ {
#below lines must to add
#proxy_pass http://mysvr;
#proxy_redirect off;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#client_max_body_size 10m;
#client_body_buffer_size 128k;
#to avoid 499 error
#proxy_ignore_client_abort on;
#proxy_connect_timeout 900;
#proxy_send_timeout 900;
#proxy_read_timeout 900;
#proxy_buffer_size 4k;
#proxy_buffers 4 32k;
#proxy_busy_buffers_size 64k;
#proxy_temp_file_write_size 64k;
#valid_referers none blocked *.fumubang.com;
#if ($invalid_referer) {
# rewrite ^/upload/huodong/(.*)$ http://fumubang.b0.upaiyun.com/huodong/$1!thumbsrc last;
# return 302;
#}
#}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$
{
proxy_pass http://mysvr;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
#proxy_cache cache_one;
#proxy_cache_key $host$uri$is_args$args;
expires 30d;
#access_log off;
}
location ~ \.(jpg|JPG|gif|png|jpeg|JPEG|PNG|GIF)!(.*)$ {
proxy_pass http://mysvr;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
#proxy_cache cache_one;
#proxy_cache_key $host$uri$is_args$args;
expires 30d;
types { }
default_type image/jpeg;
add_header Pragma public;
add_header Cache-Control "public";
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root html;
#}
}
server {
listen 80;
server_name *.fmbimg.com;
location / {
proxy_pass http://mysvr;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_ignore_client_abort on;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
}
}
server{
listen 80;
server_name test.proxy.cn;
root /home/www/test;
index index.html index.htm index.php;
location ~ .*\.(php|php5)?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 8080;
location /nginx_status {
allow 111.205.96.2;
allow 60.195.252.106;
deny all;
stub_status on;
access_log off;
}
}
server {
listen 443;
server_name api.fumubang.com;
ssl on;
ssl_certificate /root/api.fumubang.com.crt;
ssl_certificate_key /root/api.fumubang.com.key;
location / {
proxy_pass http://mysvr;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_ignore_client_abort on;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
}
keepalive
187
$ cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL_WEB
}
vrrp_sync_group VG_1 {
group {
VI_1
}
}
vrrp_sync_group VG_2 {
group {
VI_2
}
}
vrrp_sync_group VG_3 {
group {
VI_3
}
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass sd24FWE23
}
virtual_ipaddress {
59.151.119.183 dev eth0
}
}
vrrp_instance VI_2 {
state MASTER
interface eth1
virtual_router_id 56
priority 180
advert_int 1
authentication {
auth_type PASS
auth_pass xxxxxx
}
virtual_ipaddress {
192.168.0.191 dev eth1
}
notify_master "/root/notify_up_mysqlw.sh"
}
vrrp_instance VI_3 {
state MASTER
interface eth1
virtual_router_id 57
priority 180
advert_int 1
authentication {
auth_type PASS
auth_pass xxxxxx
}
virtual_ipaddress {
192.168.0.192 dev eth1
}
notify_master "/root/notify_up_mysqlr.sh"
}
virtual_server 59.151.119.183 80 {
delay_loop 6
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 59.151.119.187 80 {
weight 1
notify_down "/root/notify_nginx_down.sh"
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
virtual_server 192.168.0.191 23306 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.0.187 23306 {
weight 1
notify_down "/root/notify_down.sh"
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 23306
}
}
}
virtual_server 192.168.0.192 23307 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.0.187 23307 {
weight 1
notify_down "/root/notify_down.sh"
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 23307
}
}
}
185
[root@localhost ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL_WEB
}
vrrp_sync_group VG_1 {
group {
VI_1
}
}
vrrp_sync_group VG_2 {
group {
VI_2
}
}
vrrp_sync_group VG_3 {
group {
VI_3
}
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 55
priority 180
advert_int 1
authentication {
auth_type PASS
auth_pass sd24FWE23
}
virtual_ipaddress {
59.151.119.183 dev eth0
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth1
virtual_router_id 56
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass xxxxxx
}
virtual_ipaddress {
192.168.0.191 dev eth1
}
notify_master "/root/notify_up_mysqlw.sh"
}
vrrp_instance VI_3 {
state BACKUP
interface eth1
virtual_router_id 57
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass xxxxxx
}
virtual_ipaddress {
192.168.0.192 dev eth1
}
notify_master "/root/notify_up_mysqlr.sh"
}
virtual_server 59.151.119.183 80 {
delay_loop 6
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 59.151.119.185 80 {
weight 1
notify_down "/root/notify_nginx_down.sh"
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
virtual_server 192.168.0.191 23306 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.0.185 23306 {
weight 1
notify_down "/root/notify_down.sh"
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 23306
}
}
}
virtual_server 192.168.0.192 23307 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.0.185 23307 {
weight 1
notify_down "/root/notify_down.sh"
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 23307
}
}
}
185mysql反向代理
[root@localhost etc]# cat haproxy.cfg
global
log 127.0.0.1 local3 notice #info
daemon
user root
group root
nbproc 8
pidfile /tmp/haproxy.pid
maxconn 4096
defaults
log global
#mode http
mode tcp
option tcplog
option dontlognull
option redispatch
retries 3
maxconn 4096
contimeout 10s
clitimeout 20h
srvtimeout 20h
#balance roundrobin
listen mysqlw
bind 0.0.0.0:23306
mode tcp
option mysql-check user haproxy
balance roundrobin
server mysql189 192.168.0.189:3306 weight 1 check inter 1s rise 2 fall 3
listen mysqlr
bind 0.0.0.0:23307
mode tcp
option mysql-check user haproxy
balance roundrobin
server mysql190 192.168.0.190:3306 weight 1 check inter 1s rise 2 fall 3
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri /dbs
stats realm Global\ statistics
stats auth admin:lt1qazxsw2
187反向代理数据库
[fmb@localhost etc]$ cat haproxy.cfg
global
log 127.0.0.1 local3 notice #info
daemon
user root
group root
nbproc 8
pidfile /tmp/haproxy.pid
maxconn 4096
defaults
log global
#mode http
mode tcp
option tcplog
option dontlognull
option redispatch
retries 3
maxconn 4096
contimeout 10s
clitimeout 20h
srvtimeout 20h
#balance roundrobin
listen mysqlw
bind 0.0.0.0:23306 #代理端口
mode tcp #模式 TCP
option mysql-check user haproxy ##mysql健康检查 haproxy为mysql登录用户名
balance roundrobin #轮调算法
server mysql189 192.168.0.189:3306 weight 1 check inter 1s rise 2 fall 3 #服务器定义:check inter 1500是检测心跳频率,rise 3是3次正确认为服务器可用,fall 3是3次失败认为服务器不可用,weight代表权重
listen mysqlr
bind 0.0.0.0:23307
mode tcp
option mysql-check user haproxy
balance roundrobin
server mysql190 192.168.0.190:3306 weight 1 check inter 1s rise 2 fall 3
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri /dbs
stats realm Global\ statistics
stats auth admin:lt1qazxsw2
global
log 127.0.0.1 local2 #以日志服务器形式发往本机地址,设施名local2
chroot /var/lib/haproxy #haproxy工作目录切换到假根目录,这里默认
pidfile /var/run/haproxy.pid
maxconn 4000 #每个haproxy单进程所接受的最大并发连接数
user haproxy
group haproxy
daemon #haproxy以守护进程的方式工作于后台
stats socket /var/lib/haproxy/stats #统计数据保存位置
defaults
mode http #指定frontend和backend工作模式{tcp|http|health},代理后端web站点用http模式
log global #日志使用全局中定义的日志参数
option httplog #启用http的log,启用对http请求会话计时捕获到cookie的日志,默认原格式简陋,后面还可跟参数[clf] clf格式
option dontlognull #不记录空信息,保证HAProxy不记录上级负载均衡发送过来的用于检测状态没有数据的心跳包。
option http-server-close #启用http连接在服务器端关闭功能,支持客户端一侧长连接
option forwardfor except 127.0.0.0/8 # forwardfor将用户请求转发后端服时,在HTTP请求报文中添加"X-Forwarded-For"特殊首部,以便后端服记录真实发起请求的客户 端IP地址,而不是代理服务器内网卡地址。
option redispatch #当原分配用户请求的后端服故障时,允许把用户请求重新分发给其他后端服
option abortonclose #当Haproxy服务器负载很高的时候,自动结束掉当前队列处理比较久的连接
retries 3 #对后端服连接失败后的重连次数
timeout http-request 10s #http请求超时时间10秒
timeout queue 1m #后端有多个服务器,当每个后端服务器都达到最大连接上限,haproxy等待发送到对应后端服务器的队列已满或请求已入列但未处理的超时时间1分种
timeout connect 10s #haproxy向后端服务器请求建立连接的超时时间
timeout client 1m #发起连接请求的前端客户端连接处于非活动态的最大超时时间,过时断开,相当于Apache的timeout keepalive
timeout server 1m #服务器端连接处于非活动态的最大超时时间
timeout http-keep-alive 10s #长连接超时时间
timeout check 10s #做健康状态检测的超时时间
maxconn 3000 #最大连接数
listen stats
mode http
bind *:8080 #绑定在特殊端口8080
stats enable #启动status管理界面
stats hide-version #status隐藏haproxy版本信息
stats uri /haproxyadmin?stats #status访问路径
stats realm Haproxy\ Statistics #status登陆验证信息
stats auth admin:admin #status页面登陆用户名或密码
stats admin if TRUE #通过验证才能管理后端,必须加判断条件,否则语法错误
frontend webservers
bind *:80
mode http
log global
option httpclose #每次请求完毕后主动关闭http通道
option logasap #传输大文件时可以提前记录日志
option dontlognull #不记录空信息,保证HAProxy不记录上级负载均衡发送过来的用于检测状态没有数据的心跳包
#################HAProxy的日志记录内容设置###################
capture request header Host len 20 #只记录Host这首部值的前20字节
capture request header X-Forwarded-For len 15 #记录发起请求客户端的IP地址,IP地址一般就15个字节。
capture request header Referer len 60 #Referrer记录点击链接时所在页面的引用位置
################url_static配合if使用实现动静分离#########################
acl url_static path_beg -i /static /images /javascript /stylesheets #path_begin路径以XX开头,-i忽略大小写
acl url_static path_end -i .html .jpg .jpeg .gif .png .css .js #path_end路径以XX结尾,同名acl逻辑或关系
use_backend static_servs if url_static #满足ACL url_static 使用backend static_servs
default_backend dynamic_servs
#调度算法动静区别在于调整配置文件haproxy.cfg,动态调整reload生效,静态调整restart生效
#轮调平均分配访问到后端服,访问动态页面需要保持会话因此source consistent源地址一致性hash算法把来自于同一客户端请求始终转发于同一台后端服
backend static_servs
balance roundrobin #动态轮调
server static1 172.16.100.13:80 check maxconn 6000 #此处server名static1是后端服别名,关键是IP地址
server static2 172.16.100.14:80 check maxconn 6000
backend dynamic_servs
balance source #对源IP地址进行哈希,hash-type决定动态静态
hash-type consistent #hash类型 map-based图位静态 consistent-hash一致性hash动态
server dynamic1 172.16.100.13:80 check maxconn 1000 #根据服务器内容自定义最大连接数
server dynamic2 172.16.100.14:80 check maxconn 1000
