Shulou(Shulou.com)06/03 Report--

Here are the details of Centos 7 deployment of Nginx website service, private network client, Haproxy CVM and so on. I hope it can give you some help in practical application. There are many things involved in load balancing, there are not many theories, and there are many books on the Internet. Today, we will use the accumulated experience in the industry to do an answer.

First, deploy the first Nginx website

For an overview of the principles and detailed configuration of Nginx, please refer to the blog post: Centos 7 deployment of Nginx website Services

[root@centos01 ~] # yum-y install prce-devel zlib-devel [root@centos01 ~] # useradd-M-s / sbin/nologin nginx [root@centos01 ~] # umount / mnt/ mount: / dev/sr0 write protection [root@centos01 ~] # scp / mnt/nginx-1.6.0.tar.gz root@192.168.100.20:/root The authenticity of host '192.168.100.20 (192.168.100.20)' can't be established.ECDSA key fingerprint is SHA256:PUueT9fU9QbsyNB5NC5hbSXzaWxxQavBxXmfoknXl4I.ECDSA key fingerprint is MD5:6d:f7:95:0e:51:1a:d8:9e:7b:b6:3f:58:51:51:4b:3b will be mounted as read-only Are you sure you want to continue connecting (yes/no)? Yes Warning: Permanently added '192.168.100.20' (ECDSA) to the list of known hosts.root@192.168.100.20's password: nginx-1.6.0.tar.gz 100% 784KB 68.2MB/s 00:00 [root@centos01 ~] # scp / mnt/haproxy-1.4.24.tar.gz root@192.168.100.30:/root The authenticity of host '192.168.100.30 (192.168.100.30)' can't be established.ECDSA key fingerprint is SHA256:PUueT9fU9QbsyNB5NC5hbSXzaWxxQavBxXmfoknXl4I.ECDSA key fingerprint is MD5:6d:f7:95:0e:51:1a:d8:9e:7b:b6:3f:58:51:51:4b:3b.Are you sure you want to continue connecting (yes/no)? Yes Warning: Permanently added '192.168.100.30' (ECDSA) to the list of known hosts.root@192.168.100.30's password: haproxy-1.4.24.tar.gz 100% 817KB 31.1MB/s 00:00 00:00 [root@centos01 ~] # tar zxvf / mnt/nginx- 1.6.0.tar.gz-C / usr/src/ [root@centos01 ~] # cd / usr/src/nginx-1.6.0/ [root@centos01 nginx-1.6.0] #. / configure-- prefix=/usr/local/nginx-- user=nginx [root@centos01 nginx-1.6.0] # make & & make install [root@centos01 ~] # ln-s / usr/local/nginx/sbin/* / usr/local/sbin / [root@centos01 ~] # echo "192.168.100.10:nginx" > / usr/local/nginx/html/index.html [root@centos01 ~] # nginx [root@centos01 ~] # netstat-anptu | grep nginx tcp 00 0.0.0.0 LISTEN 3685/ngin 80 0.0.0.0 LISTEN 3685/ngin: master II, Deploy the second Nginx website [root@centos02 ~] # yum-y install pcre-devel zlib-devel [root@centos02 ~] # lsanaconda-ks.cfg initial-setup-ks.cfg nginx-1.6.0.tar.gz [root@centos02] # tar zxvf nginx-1.6.0.tar.gz-C / usr/src/ [root@centos02 ~] # useradd-M-s / sbin/nologin nginx [root@centos02 ~] # cd / usr/src/nginx-1. 6.0 / [root@centos02 nginx-1.6.0] #. / configure-- prefix=/usr/local/nginx-- user=nginx [root@centos02 nginx-1.6.0] # make & & make install [root@centos02 ~] # ln-s / usr/local/nginx/sbin/* / usr/local/sbin/ [root@centos02 ~] # echo "192.168.100.20:nginx" > / usr/local/nginx/html/index.html [root@centos02 ~] # nginx [root@centos02 ~] # netstat-anptu | grep nginxtcp 0 0 0.0 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. Deploy the intranet client 1. Add VM1 Nic to the client Configure the IP address of the same network segment as the server

2. Access the first nginx server

3. The client changes the IP address to access the second nginx server

Fourth, deploy Haproxy server

Overview and detailed configuration of Haproxy reference blog: Overview of building Web clusters with Haproxy

Centos 7 Building High availability Web Cluster based on Haproxy

1 、 Install haproxy[ root @ centos03 ~] # yum-y install pcre-devel bzip2-devel [root@centos03 ~] # lsanaconda-ks.cfg haproxy-1.4.24.tar.gz initial-setup-ks.cfg [root@centos03 ~] # tar zxvf haproxy-1.4.24.tar.gz-C / usr/src/ [root@centos03 ~] # cd / usr/src/haproxy-1.4.24/ [root@centos03 haproxy-1.4.24] # make TARGET=linux26 [root@centos03 Haproxy-1.4.24] # make install 2 、 Generate haproxy configuration file [root@centos03 ~] # mkdir / etc/haproxy [root@centos03 ~] # cp / usr/src/haproxy-1.4.24/examples/haproxy.cfg / etc/haproxy/ [root@centos03 ~] # cp / usr/src/haproxy-1.4.24/examples/haproxy.init / etc/init.d/haproxy [root@centos03 ~] # chmod + x / etc/init.d/haproxy [root@centos03 ~] # chkconfig-- add haproxy [root@centos03 ~] # chkconfig-- level 35 haproxy on [root@centos03 ~] # cp / usr/src/haproxy-1.4.24/haproxy / usr/sbin/ [root@centos03] # mkdir-p / usr/share/haproxy 3, Configure the haproxy cluster [root@centos03 ~] # vim / etc/haproxy/haproxy.cfg listen nginx 192.168.100.30 balance roundrobin server web01 80 check inter 2000 fall 3 server web02 192.168.100.10 vim 80 check inter 2000 fall 3 [root@centos03 ~] # / etc/init.d/haproxy start Starting haproxy (via systemctl): [ OK] 1) client access 192.168.100.30

2) change the IP address of the client and revisit it

Configure Firewalld firewall (dual network cards)

For an overview and detailed configuration of Firewalld firewall, please refer to the blog post: Firewalld Firewall Foundation of Centos 7

The principle of firewalld Firewall address camouflage and Port forwarding in Centos 7

Detailed explanation of firewalld Firewall configuration of IP camouflage and Port forwarding in centos 7

[root@centos04 ~] # cp / etc/sysconfig/network-scripts/ifcfg-ens32 / etc/sysconfig/network-scripts/ifcfg-ens34 [root@centos04 ~] # vim / etc/sysconfig/network-scripts/ifcfg-ens34 TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=staticDEFROUTE=yesNAME=ens34DEVICE=ens34ONBOOT=yesIPADDR=192.168.200.254 NATEMASK=255.255.255.0DNS1=192.168.200.254 [root@centos04 ~] # systemctl restart network [root@centos04 ~] # vim / etc/sysctl.conf net.ipv4.ip_forward = 1 [root@centos04 ~] # sysctl-p [root@centos01 ~] # vim / etc/sysconfig/network-scripts/ifcfg-ens32 GATEWAY=192.168.100.40 [root@centos01 ~] # systemctl restart network [root@centos04 ~] # systemctl start firewalld.service [root@centos04 ~] # systemctl enable firewalld.service [root@centos04 ~] # firewall-cmd-add-interface=ens34-- zone=external The interface is under control of NetworkManager Setting zone to 'external'.success [root@centos04 ~] # firewall-cmd-add-interface=ens32-zone=trusted The interface is under control of NetworkManager Setting zone to 'trusted'.success [root@centos04 ~] # firewall-cmd-- get-active-zones external interfaces: ens34trusted interfaces: ens32 [root@centos04 ~] # firewall-cmd-- remove-masquerade-- zone=external success [root@centos04 ~] # firewall-cmd-- add-rich-rule='rule family=ipv4 source address=192.168.100.0/24 masquerade' success [root@centos04 ~] # firewall-cmd-- add-rich-rule='rule family=ipv4 destination address=192.168.200.254/ 32 forward-port port=80 protocol=tcp to-addr=192.168.100.30'success [root@centos04 ~] # firewall-cmd-- zone=external-- add-service=http success [root@centos04 ~] # firewall-cmd-- zone=external-- add-service=dns success [root@centos04 ~] # firewall-cmd-- zone=external-- list-allexternal (active) target: default icmp-block-inversion: no interfaces: ens34 sources: services: ssh http dns ports: protocols: masquerade: no forward-ports : source-ports: icmp-blocks: rich rules: rule family= "ipv4" source address= "192.168.100.0 ipv4 24" masquerade rule family= "ipv4" destination address= "192.168.200.254 32" forward-port port= "80" protocol= "tcp" to-addr= "192.168.100.30" VI. Deploy DNS

For detailed configuration and overview of DNS, please refer to the blog post: CentOS7 simple build DNS service

[root@centos04 ~] # yum-y install bind bind-chroot bind-utils [root@centos04 ~] # echo "" > / etc/named.conf [root@centos04 ~] # vim / etc/named.conf options {listen-on port 53 {any;}; directory "/ var/named";}; zone benet.com IN {type master; file "benet.com.zone";} [root@centos04] # named-checkconf-z / etc/named.conf [root@centos04 ~] # vim / var/named/benet.com.zone $TTL 86400 @ SOA benet.com. Root.benet.com. (2020021801 1H 15M 1W 1D) @ NS centos04.benet.com.centos04 A 192.168.200.254www A 192.168.200.254 [root@centos04 ~] # named-checkzone benet.com/ var/named/benet.com.zone zone benet.com/IN: loaded serial 2020021801OK [root@centos04 ~] # chmod + x / var/named/benet.com .zone [root@centos04 ~] # chown named:named / var/named/benet.com.zone [root@centos04 ~] # systemctl start named [root@centos04 ~] # systemctl enable named VII. Deploy public network clients

1. The client configures IP address and adds DNS address

2. The client uses the domain name to access

3. The client changes the IP address and revisits

After reading the above details about Centos 7's deployment of Nginx website service, intranet client, Haproxy server, etc., if there is anything else you need to know, you can find what you are interested in in the industry information or find our professional and technical engineer to answer, the technical engineer has more than ten years of experience in the industry.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.