IP配置 物理机:192.168.1.200 虚拟IP:10.10.1.222 1.先安装所需要的服务进程: #yum ‐y install haproxy keepalived 2.编辑keeoalived的配置文件 [root@dragon ~]# cat /etc/keepalived/keepalived.conf global_defs { notification_email { keepalived } notification_email_from keepalived@domain.local # smtp_server 192.168.1.200 #没有可以注释不写 smtp_connect_timeout 30 router_id 10.10.1.222 #虚拟IP } vrrp_script chk_haproxy { script "killall -0 haproxy" interval 1 # 监控HAproxy在本机是否存活 weight 2 } vrrp_instance VI_1 { interface eth0 #虚拟ip绑定在本机的eth0网卡上 state MASTER smtp_alert virtual_router_id 51 priority 101 # 101 是 master优先级, 100 是 slaves的优先级 advert_int 1 authentication { auth_type PASS auth_pass P@ssw0rd } virtual_ipaddress { 10.10.1.222 #虚拟IP } track_script { chk_haproxy } } 3.允许keepalied的虚拟IP绑定,编辑/etc/sysctl.conf配置文件 net.ipv4.ip_nonlocal_bind = 1 3.1 使虚拟IP绑定生效 sysctl -p 4.配置防火墙(可以直接关闭) 接受VRRP广播域的包 iptables -I INPUT -d 224.0.0.0/8 -j ACCEPT 为vrrp协议添加规则 iptables -I INPUT -p 112 -j ACCEPT 开放80和443端口 iptables -I INPUT -p tcp --dport 22 -j ACCEPT iptables -I INPUT -p tcp --dport 80 -j ACCEPT iptables -I INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT service iptables save 5.编辑haproxy的配置文件: [root@dragon ~]#vi /etc/haproxy/haproxy.cfg --------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option tcplog # option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 stats refresh 30s stats uri /stats #查看状态http://ip/stats stats realm welcome stats auth admin:admin #验证密码 stats hide-version #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- #frontend main *:5000 # acl url_static path_beg -i /static /p_w_picpaths /javascript /stylesh # acl url_static path_end -i .jpg .gif .png .css .js # # use_backend static if url_static # default_backend app #--------------------------------------------------------------------- # static backend for serving up p_w_picpaths, stylesheets and such #--------------------------------------------------------------------- #backend static # balance roundrobin # server static 127.0.0.1:4331 check #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- #backend app # balance roundrobin # server app1 127.0.0.1:5001 check # server app2 127.0.0.1:5002 check # server app3 127.0.0.1:5003 check # server app4 127.0.0.1:5004 check # frontend unsecured bind 10.10.1.222:80 #虚拟IP redirect location https://view.domain.local #绑定域名 #--------------------------------------------------------------------- # frontend secured #--------------------------------------------------------------------- frontend secured bind 10.10.1.222:443 #ssl crt ./haproxy-cert.pem #虚拟IP mode tcp default_backend view #--------------------------------------------------------------------- # balancing between the various backends #--------------------------------------------------------------------- backend view mode tcp balance source server view01 10.10.1.38:443 weight 1 check port 443 inter 2000 rise 2 fall 5 #连接服务器1 server view02 10.10.1.36:443 weight 1 check port 443 inter 2000 rise 2 fall 5 #连接服务器2 6.开启服务: chkconfig haproxy on chkconfig keepalived on service haproxy start service keepalived start 7.查看虚拟IP ip addr sh eth0