Shulou(Shulou.com)06/03 Report--

Haproxy and keepalived# architecture one or two servers, two or four servers of sslwebsrv1:8080/8443 haproxy1:80/443 keepalived1-masterwebsrv2:8080/8443 haproxy1:80/443 keepalived1-backup# architecture, which cannot use the same port as the service and cannot represent the original business, can use the same port as the service and cannot represent the original business. The sslwebsrv1:8080/8443websrv2:8080/8443haproxy1:8080/8443 keepalived1-masterhaproxy2:8080/8443 keepalived1-backup experiment is deployed according to the architecture one. Architecture 2 is basically similar to 1. Soft installyum install-y haproxy keepalived opensslsystemctl enable haproxy keepalived & & systemctl restart haproxy keepalived2. Keepalived (only HA Keepalived can be configured separately)

Vi / etc/keepalived/keepalived.conf

MASTER (keepalived1-master)! Configuration File for keepalivedglobal_defs {notification_email {acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc} router_id LVS_DEVEL# vrrp_strict} vrrp_instance VI_1 {state MASTER# config with right interface name interface eth0 virtual_router_id 51 priority 110 advert_int 1 authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {10.10.80 .50 over 24}} BACKUP (keepalived2-slave)! Configuration File for keepalivedglobal_defs {notification_email {acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc} router_id LVS_DEVEL# vrrp_strict} vrrp_instance VI_1 {state BACKUP# config with right interface name interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {10.10.80 . 50/24}} # check configsystemctl restart keepalived3. Haproxy config (haproxy1 / haproxy2)

Vi / etc/haproxy/haproxy.cfg

External-check need haproxy > 1.6

Global log / dev/log local0 log / dev/log local1 notice stats timeout 30s # external-check user haproxy group haproxy tune.ssl.default-dh-param 4096 daemon defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 stats uri / haproxy?stats frontend http_front bind: 80 bind: 443 ssl crt / etc/ssl/server.pem default_backend http_back backend http_back balance roundrobin cookie SERVERID maxidle 30m maxlife 12h insert Indirect nocache # option external-check # external-check command / bin/haproxy/etxstat.sh # external-check path "/ usr/bin:/bin" server etx1 10.10.80.51 external-check command 8080 check cookie etx1 server etx2 10.10.80.52 external-check command 8080 check cookie etx2 4. Ssl pam configuration cd / etc/sslopenssl req-x509-nodes-newkey rsa:4096-keyout server.key-out server.crt-days 365cat server.crt server.key | tee server.pem # sync pem srv1-> srv2scp Haproxy1:/etc/ssl/server.pem haprox2:/etc/ssl/5. Haproxy check config

Vi / bin/haproxy/etxstat.sh

#! / bin/bash status=$ (curl-s-user etxadmin:password http://$3:$4/etx/state) if ["$status" = "RUNNING"]; then exit 0 else exit 1 fi check configchmod astatx / bin/haproxy/etxstat.sh sudo-u haproxy/ bin/haproxy/etxstat.shhaproxy-c-V-f / etc/haproxy/haproxy.cfgsystemctl restart haproxy http://ip:port/haproxy?stats

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.