HAproxy + Keepalive implement Exchange reverse proxy service

Previously, we made a service that implements the LDAP query proxy through Haproxy + Keealived. I felt pretty good and decided to use it to proxy public Exchange requests. TMG is not updated, and the configuration is a little complicated, and the service will die if it does not move.

If you cannot understand the following information, go to my previous article Haproxy + keepalived to configure LDAP proxy.

Introduce the architecture:

The user will be directed to the two outlets of China Unicom and China Telecom respectively through the public network DNS. The two outlets respectively have two HAproxy proxy servers, which use Keepalived for Hot Backup and Virtualize two VIPs, VIP01 and VIP02: users accessing VIP01 are allocated to the CAS server connected to the yellow line. users accessing the special user group of VIP02 are allocated to the VIPCAS server on the Blue Line, the VIPCAS server only provides the OWA service. Just like China Telecom's exports, we don't need to draw lines, so we are in a mess.

650) this. width = 650; "title =" 123.jpg" src = "http://www.bkjia.com/uploads/allimg/140213/0152325119-0.jpg" alt = "wKiom1L5zMSQ035wAAFtu7JUbso057.jpg"/>

Start to explain the Configuration:

Install required components, such as keepalived and haproxy.

yum install gcc kernel-headers kernel-develyum install keepalivedyum install haproxy

Configure the keepalived configuration file:

vi /etc/keepalived/keepalived.conf

The configuration is as follows:

Scripts {script "/etc/keepalived/check_haproxy.sh" # script for detecting haproxy Health Status interval 2 weight 2} vrrp_instanceVI_1 {interface eth0state MASTER # configure BACKUPpriority 101 as the backup server 100virtual_router_id 51 # indicates the keepalived group, host in the same group. This value must be the same as smtp_alertvirtual_ipaddress {x. x. x.1 # virtual VIP01x. x. x.2 # virtual VIP02} track_script {chk_http_port }}

Next, edit the script for detecting Haprxoy health:

vi /etc/keepalived/check_haproxy.sh#!/bin/bashA=`ps -C haproxy --no-header |wc -l`if [ $A -eq 0 ];then/etc/haproxy/haproxy -f /etc/haproxy/haproxy.cfgsleep 3if [ `ps -C haproxy --no-header |wc -l` -eq 0 ];then/etc/init.d/keepalived stopfifichmod 755 /etc/keepalived/check_haproxy.sh

Edit the configuration file of Haproxy:

vi /etc/haproxy/haproxy.cfg

The configuration file is as follows:

global        log /dev/log local0 info        log /dev/log local0 notice        maxconn 4096        user root        group root        daemondefaults        log global        maxconn 10000        contimeout 5000        clitimeout 3600000        srvtimeout 3600000        option redispatch        retries 3frontend owa_redirect         mode http         bind 1.x.x.x:80         redirect location https://mail.contoso.comfrontend vipowa_redirect         mode http         bind 2.x.x.x:80         redirect location https://mailvip.contoso.comfrontend vipowa_443         mode tcp         bind 2.x.x.x:443         default_backend pool_vipowa         log global         option tcplogbackend  pool_vipowa         balance roundrobin         option redispatch         option abortonclose         option persist         stick on src         stick-table type ip size 10240k expire 240m         server CASVIP01 x.x.x.1:443 check inter 5000 weight 1 rise 2 fall 3         server CASVIP02 x.x.x.2:443 check inter 5000 weight 1 rise 2 fall 3frontend owa_443         mode tcp         bind 1.x.x.x:443         default_backend pool_owa         log global         option tcplogbackend  pool_owa         balance roundrobin         option redispatch         option abortonclose         option persist         stick on src         stick-table type ip size 10240k expire 240m         server CAS00 x.x.x.0:443 check inter 5000 weight 1 rise 2 fall 3         server CAS01 x.x.x.1:443 check inter 5000 weight 1 rise 2 fall 3         server CAS02 x.x.x.2:443 check inter 5000 weight 1 rise 2 fall 3         server CAS03 x.x.x.3:443 check inter 5000 weight 1 rise 2 fall 3frontend smtp_25         mode tcp         bind 1.x.x.x:25         default_backend pool_smtp         log global         option tcplogbackend pool_smtp        balance roundrobin        option redispatch        option abortonclose        option persist        stick on src        stick-table type ip size 10240k expire 240m        server CAS00 x.x.x.0:25 check inter 5000 weight 1 rise 2 fall 3        server CAS01 x.x.x.1:25 check inter 5000 weight 1 rise 2 fall 3        server CAS02 x.x.x.2:25 check inter 5000 weight 1 rise 2 fall 3        server CAS03 x.x.x.3:25 check inter 5000 weight 1 rise 2 fall 3frontend pop_110         mode tcp         bind 1.x.x.x:110         default_backend pool_pop         log global         option tcplogbackend pool_pop        balance roundrobin        option redispatch        option abortonclose        option persist        stick on src        stick-table type ip size 10240k expire 240m        server CAS00 x.x.x.0:110 check inter 5000 weight 1 rise 2 fall 3        server CAS01 x.x.x.1:110 check inter 5000 weight 1 rise 2 fall 3        server CAS02 x.x.x.2:110 check inter 5000 weight 1 rise 2 fall 3        server CAS03 x.x.x.3:110 check inter 5000 weight 1 rise 2 fall 3frontend vs_stats :8081        mode http        log global        option httplog        default_backend stats_backendbackend stats_backend        mode http        stats enable        stats uri /stats        stats auth admin:admin

Because the configuration file listens to the VIP address, if the current server is not keepalived in the master state and the VIP is not on the NIC, Haproxy cannot be started. here we need to add a parameter, let the system ignore IP addresses that are not available locally:

vi /etc/sysctl.conf

After opening the file, add the following parameters:

# For Haproxy can start with no local ip addressnet.ipv4.ip_nonlocal_bind=1

Run the following command to make the parameter take effect:

sysctl -p

In this way, the system will ignore IP addresses that do not exist locally.

Then configure the Haproxy log:

vi /etc/rsyslog.conf

Add the following statement:

# Log for Haproxylocal0.* /var/log/haproxy.log

Restart rsyslog:

service rsyslog restart

When the Keepalived service is started, Haproxy is automatically brought up:

service keepalived start

Set it to boot:

chkconfig keepalived on

Configuration successful:

650) this. width = 650; "title =" 2.jpg" src = "http://www.bkjia.com/uploads/allimg/140213/0152325558-1.jpg" alt = "wKiom1L50u7A5I-4AAhHuJWtCCY428.jpg"/>

This article is from the "absolute domain" blog and will not be reposted!