之前做了一個Haproxy + Keealived 實現LDAP查詢代理的服務,感覺還不錯,決定用它代理公網Exchange請求。TMG不更新了,而且配置有點繁瑣,且動不動服務就死。
如果下文有地方看不懂,可以去我上一篇文章Haproxy+keepalived配置LDAP代理中去查看。
介紹一下架構:
使用者通過公網DNS,分別會被指向到聯通和電信的兩個出口上,兩個出口分別有兩個HAproxyProxy 伺服器,通過Keepalived做熱備,虛擬出兩個VIP,VIP01和VIP02,訪問VIP01的使用者被分配到黃線所連的CAS伺服器上,訪問VIP02的特殊使用者群,被分配到藍線的VIPCAS伺服器上,VIPCAS伺服器只提供OWA服務。電信出口一樣,就不畫線了,亂的慌。
650) this.width=650;" title="123.jpg" src="http://www.bkjia.com/uploads/allimg/140213/0152325119-0.jpg" alt="wKiom1L5zMSQ035wAAFtu7JUbso057.jpg" />
開始講解配置:
安裝需要的組件,keepalived和haproxy
yum install gcc kernel-headers kernel-develyum install keepalivedyum install haproxy
配置keepalived的設定檔:
vi /etc/keepalived/keepalived.conf
如下配置:
vrrp_scriptchk_http_port {script"/etc/keepalived/check_haproxy.sh" #檢測haproxy健康狀態的指令碼interval 2weight 2 }vrrp_instanceVI_1 {interface eth0state MASTER #備機配置為BACKUPpriority 101 #備機配置為100virtual_router_id 51 #keepalived組表示,同一組中的主機該值要一樣smtp_alertvirtual_ipaddress {x.x.x.1 #虛擬VIP01x.x.x.2 #虛擬VIP02}track_script {chk_http_port}}
接下來編輯檢測Haprxoy健康的指令碼:
vi /etc/keepalived/check_haproxy.sh#!/bin/bashA=`ps -C haproxy --no-header |wc -l`if [ $A -eq 0 ];then/etc/haproxy/haproxy -f /etc/haproxy/haproxy.cfgsleep 3if [ `ps -C haproxy --no-header |wc -l` -eq 0 ];then/etc/init.d/keepalived stopfifichmod 755 /etc/keepalived/check_haproxy.sh
編輯Haproxy的設定檔:
vi /etc/haproxy/haproxy.cfg
設定檔如下:
global log /dev/log local0 info log /dev/log local0 notice maxconn 4096 user root group root daemondefaults log global maxconn 10000 contimeout 5000 clitimeout 3600000 srvtimeout 3600000 option redispatch retries 3frontend owa_redirect mode http bind 1.x.x.x:80 redirect location https://mail.contoso.comfrontend vipowa_redirect mode http bind 2.x.x.x:80 redirect location https://mailvip.contoso.comfrontend vipowa_443 mode tcp bind 2.x.x.x:443 default_backend pool_vipowa log global option tcplogbackend pool_vipowa balance roundrobin option redispatch option abortonclose option persist stick on src stick-table type ip size 10240k expire 240m server CASVIP01 x.x.x.1:443 check inter 5000 weight 1 rise 2 fall 3 server CASVIP02 x.x.x.2:443 check inter 5000 weight 1 rise 2 fall 3frontend owa_443 mode tcp bind 1.x.x.x:443 default_backend pool_owa log global option tcplogbackend pool_owa balance roundrobin option redispatch option abortonclose option persist stick on src stick-table type ip size 10240k expire 240m server CAS00 x.x.x.0:443 check inter 5000 weight 1 rise 2 fall 3 server CAS01 x.x.x.1:443 check inter 5000 weight 1 rise 2 fall 3 server CAS02 x.x.x.2:443 check inter 5000 weight 1 rise 2 fall 3 server CAS03 x.x.x.3:443 check inter 5000 weight 1 rise 2 fall 3frontend smtp_25 mode tcp bind 1.x.x.x:25 default_backend pool_smtp log global option tcplogbackend pool_smtp balance roundrobin option redispatch option abortonclose option persist stick on src stick-table type ip size 10240k expire 240m server CAS00 x.x.x.0:25 check inter 5000 weight 1 rise 2 fall 3 server CAS01 x.x.x.1:25 check inter 5000 weight 1 rise 2 fall 3 server CAS02 x.x.x.2:25 check inter 5000 weight 1 rise 2 fall 3 server CAS03 x.x.x.3:25 check inter 5000 weight 1 rise 2 fall 3frontend pop_110 mode tcp bind 1.x.x.x:110 default_backend pool_pop log global option tcplogbackend pool_pop balance roundrobin option redispatch option abortonclose option persist stick on src stick-table type ip size 10240k expire 240m server CAS00 x.x.x.0:110 check inter 5000 weight 1 rise 2 fall 3 server CAS01 x.x.x.1:110 check inter 5000 weight 1 rise 2 fall 3 server CAS02 x.x.x.2:110 check inter 5000 weight 1 rise 2 fall 3 server CAS03 x.x.x.3:110 check inter 5000 weight 1 rise 2 fall 3frontend vs_stats :8081 mode http log global option httplog default_backend stats_backendbackend stats_backend mode http stats enable stats uri /stats stats auth admin:admin
因為設定檔中監聽了VIP的地址,所以如果當前伺服器不是keepalived處於master狀態,VIP是不在網卡上的,那麼Haproxy無法啟動,這裡我們需要加一個參數,讓系統忽略本地沒有的IP地址:
vi /etc/sysctl.conf
開啟該檔案後,添加如下參數:
# For Haproxy can start with no local ip addressnet.ipv4.ip_nonlocal_bind=1
運行下面命令使參數生效:
sysctl -p
這樣系統會忽略本地不存在的IP地址
之後配置Haproxy的日誌:
vi /etc/rsyslog.conf
添加如下語句:
# Log for Haproxylocal0.* /var/log/haproxy.log
重啟rsyslog:
service rsyslog restart
啟動Keepalived服務,會把Haproxy自動帶起來:
service keepalived start
將其設為開機啟動:
chkconfig keepalived on
配置成功:
650) this.width=650;" title="2.jpg" src="http://www.bkjia.com/uploads/allimg/140213/0152325558-1.jpg" alt="wKiom1L50u7A5I-4AAhHuJWtCCY428.jpg" />
本文出自 “絕對領域” 部落格,謝絕轉載!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
