共计 8597 个字符,预计需要花费 22 分钟才能阅读完成。
之前做了一个 Haproxy + Keealived 实现 LDAP 查询代理的服务(见 HAproxy + Keepalive 实现 LDAP 代理服务 http://www.linuxidc.com/Linux/2014-01/95617.htm),感觉还不错,决定用它代理公网 Exchange 请求。TMG 不更新了,而且配置有点繁琐,且动不动服务就死。
如果下文有地方看不懂,可以去我上一篇文章 Haproxy+keepalived 配置 LDAP 代理中去查看。
介绍一下架构:
用户通过公网 DNS,分别会被指向到联通和电信的两个出口上,两个出口分别有两个 HAproxy 代理服务器,通过 Keepalived 做热备,虚拟出两个 VIP,VIP01 和 VIP02, 访问 VIP01 的用户被分配到黄线所连的 CAS 服务器上,访问 VIP02 的特殊用户群,被分配到蓝线的 VIPCAS 服务器上,VIPCAS 服务器只提供 OWA 服务。电信出口一样,就不画线了,乱的慌。
开始讲解配置:
安装需要的组件,keepalived 和 haproxy
yum install gcc kernel-headers kernel-devel
yum install keepalived
yum install haproxy
配置 keepalived 的配置文件:
vi /etc/keepalived/keepalived.conf
如下配置:
vrrp_scriptchk_http_port {
script”/etc/keepalived/check_haproxy.sh” #检测 haproxy 健康状态的脚本
interval 2
weight 2 }
vrrp_instanceVI_1 {
interface eth0
state MASTER #备机配置为 BACKUP
priority 101 #备机配置为 100
virtual_router_id 51 #keepalived 组表示,同一组中的主机该值要一样
smtp_alert
virtual_ipaddress {
x.x.x.1 #虚拟 VIP01
x.x.x.2 #虚拟 VIP02
}
track_script {
chk_http_port
}
}
接下来编辑检测 Haprxoy 健康的脚本:
vi /etc/keepalived/check_haproxy.sh
#!/bin/bash
A=`ps -C haproxy –no-header |wc -l`
if [$A -eq 0];then
/etc/haproxy/haproxy -f /etc/haproxy/haproxy.cfg
sleep 3
if [`ps -C haproxy –no-header |wc -l` -eq 0];then
/etc/init.d/keepalived stop
fi
fi
chmod 755 /etc/keepalived/check_haproxy.sh
编辑 Haproxy 的配置文件:
1 vi /etc/haproxy/haproxy.cfg
配置文件如下:
global
log /dev/log local0 info
log /dev/log local0 notice
maxconn 4096
user root
group root
daemon
defaults
log global
maxconn 10000
contimeout 5000
clitimeout 3600000
srvtimeout 3600000
option redispatch
retries 3
frontend owa_redirect
mode http
bind 1.x.x.x:80
redirect location https://mail.contoso.com
frontend vipowa_redirect
mode http
bind 2.x.x.x:80
redirect location https://mailvip.contoso.com
frontend vipowa_443
mode tcp
bind 2.x.x.x:443
default_backend pool_vipowa
log global
option tcplog
backend pool_vipowa
balance roundrobin
option redispatch
option abortonclose
option persist
stick on src
stick-table type ip size 10240k expire 240m
server CASVIP01 x.x.x.1:443 check inter 5000 weight 1 rise 2 fall 3
server CASVIP02 x.x.x.2:443 check inter 5000 weight 1 rise 2 fall 3
frontend owa_443
mode tcp
bind 1.x.x.x:443
default_backend pool_owa
log global
option tcplog
backend pool_owa
balance roundrobin
option redispatch
option abortonclose
option persist
stick on src
stick-table type ip size 10240k expire 240m
server CAS00 x.x.x.0:443 check inter 5000 weight 1 rise 2 fall 3
server CAS01 x.x.x.1:443 check inter 5000 weight 1 rise 2 fall 3
server CAS02 x.x.x.2:443 check inter 5000 weight 1 rise 2 fall 3
server CAS03 x.x.x.3:443 check inter 5000 weight 1 rise 2 fall 3
frontend smtp_25
mode tcp
bind 1.x.x.x:25
default_backend pool_smtp
log global
option tcplog
backend pool_smtp
balance roundrobin
option redispatch
option abortonclose
option persist
stick on src
stick-table type ip size 10240k expire 240m
server CAS00 x.x.x.0:25 check inter 5000 weight 1 rise 2 fall 3
server CAS01 x.x.x.1:25 check inter 5000 weight 1 rise 2 fall 3
server CAS02 x.x.x.2:25 check inter 5000 weight 1 rise 2 fall 3
server CAS03 x.x.x.3:25 check inter 5000 weight 1 rise 2 fall 3
frontend pop_110
mode tcp
bind 1.x.x.x:110
default_backend pool_pop
log global
option tcplog
backend pool_pop
balance roundrobin
option redispatch
option abortonclose
option persist
stick on src
stick-table type ip size 10240k expire 240m
server CAS00 x.x.x.0:110 check inter 5000 weight 1 rise 2 fall 3
server CAS01 x.x.x.1:110 check inter 5000 weight 1 rise 2 fall 3
server CAS02 x.x.x.2:110 check inter 5000 weight 1 rise 2 fall 3
server CAS03 x.x.x.3:110 check inter 5000 weight 1 rise 2 fall 3
frontend vs_stats :8081
mode http
log global
option httplog
default_backend stats_backend
backend stats_backend
mode http
stats enable
stats uri /stats
stats auth admin:admin
HAproxy 的详细介绍 :请点这里
HAproxy 的下载地址 :请点这里
推荐阅读:
Haproxy+Keepalived 搭建 Weblogic 高可用负载均衡集群 http://www.linuxidc.com/Linux/2013-09/89732.htm
Keepalived+HAProxy 配置高可用负载均衡 http://www.linuxidc.com/Linux/2012-03/56748.htm
CentOS 6.3 下 Haproxy+Keepalived+Apache 配置笔记 http://www.linuxidc.com/Linux/2013-06/85598.htm
Haproxy + KeepAlived 实现 WEB 群集 on CentOS 6 http://www.linuxidc.com/Linux/2012-03/55672.htm
Haproxy+Keepalived 构建高可用负载均衡 http://www.linuxidc.com/Linux/2012-03/55880.htm
因为配置文件中监听了 VIP 的地址,所以如果当前服务器不是 keepalived 处于 master 状态,VIP 是不在网卡上的,那么 Haproxy 无法启动,这里我们需要加一个参数,让系统忽略本地没有的 IP 地址:
vi /etc/sysctl.conf
打开该文件后,添加如下参数:
# For Haproxy can start with no local ip address
net.ipv4.ip_nonlocal_bind=1
运行下面命令使参数生效:
sysctl -p
这样系统会忽略本地不存在的 IP 地址
之后配置 Haproxy 的日志:
vi /etc/rsyslog.conf
添加如下语句:
# Log for Haproxy
local0.* /var/log/haproxy.log
重启 rsyslog:
service rsyslog restart
启动 Keepalived 服务,会把 Haproxy 自动带起来:
service keepalived start
将其设为开机启动:
chkconfig keepalived on
配置成功:
之前做了一个 Haproxy + Keealived 实现 LDAP 查询代理的服务(见 HAproxy + Keepalive 实现 LDAP 代理服务 http://www.linuxidc.com/Linux/2014-01/95617.htm),感觉还不错,决定用它代理公网 Exchange 请求。TMG 不更新了,而且配置有点繁琐,且动不动服务就死。
如果下文有地方看不懂,可以去我上一篇文章 Haproxy+keepalived 配置 LDAP 代理中去查看。
介绍一下架构:
用户通过公网 DNS,分别会被指向到联通和电信的两个出口上,两个出口分别有两个 HAproxy 代理服务器,通过 Keepalived 做热备,虚拟出两个 VIP,VIP01 和 VIP02, 访问 VIP01 的用户被分配到黄线所连的 CAS 服务器上,访问 VIP02 的特殊用户群,被分配到蓝线的 VIPCAS 服务器上,VIPCAS 服务器只提供 OWA 服务。电信出口一样,就不画线了,乱的慌。
开始讲解配置:
安装需要的组件,keepalived 和 haproxy
yum install gcc kernel-headers kernel-devel
yum install keepalived
yum install haproxy
配置 keepalived 的配置文件:
vi /etc/keepalived/keepalived.conf
如下配置:
vrrp_scriptchk_http_port {
script”/etc/keepalived/check_haproxy.sh” #检测 haproxy 健康状态的脚本
interval 2
weight 2 }
vrrp_instanceVI_1 {
interface eth0
state MASTER #备机配置为 BACKUP
priority 101 #备机配置为 100
virtual_router_id 51 #keepalived 组表示,同一组中的主机该值要一样
smtp_alert
virtual_ipaddress {
x.x.x.1 #虚拟 VIP01
x.x.x.2 #虚拟 VIP02
}
track_script {
chk_http_port
}
}
接下来编辑检测 Haprxoy 健康的脚本:
vi /etc/keepalived/check_haproxy.sh
#!/bin/bash
A=`ps -C haproxy –no-header |wc -l`
if [$A -eq 0];then
/etc/haproxy/haproxy -f /etc/haproxy/haproxy.cfg
sleep 3
if [`ps -C haproxy –no-header |wc -l` -eq 0];then
/etc/init.d/keepalived stop
fi
fi
chmod 755 /etc/keepalived/check_haproxy.sh
编辑 Haproxy 的配置文件:
1 vi /etc/haproxy/haproxy.cfg
配置文件如下:
global
log /dev/log local0 info
log /dev/log local0 notice
maxconn 4096
user root
group root
daemon
defaults
log global
maxconn 10000
contimeout 5000
clitimeout 3600000
srvtimeout 3600000
option redispatch
retries 3
frontend owa_redirect
mode http
bind 1.x.x.x:80
redirect location https://mail.contoso.com
frontend vipowa_redirect
mode http
bind 2.x.x.x:80
redirect location https://mailvip.contoso.com
frontend vipowa_443
mode tcp
bind 2.x.x.x:443
default_backend pool_vipowa
log global
option tcplog
backend pool_vipowa
balance roundrobin
option redispatch
option abortonclose
option persist
stick on src
stick-table type ip size 10240k expire 240m
server CASVIP01 x.x.x.1:443 check inter 5000 weight 1 rise 2 fall 3
server CASVIP02 x.x.x.2:443 check inter 5000 weight 1 rise 2 fall 3
frontend owa_443
mode tcp
bind 1.x.x.x:443
default_backend pool_owa
log global
option tcplog
backend pool_owa
balance roundrobin
option redispatch
option abortonclose
option persist
stick on src
stick-table type ip size 10240k expire 240m
server CAS00 x.x.x.0:443 check inter 5000 weight 1 rise 2 fall 3
server CAS01 x.x.x.1:443 check inter 5000 weight 1 rise 2 fall 3
server CAS02 x.x.x.2:443 check inter 5000 weight 1 rise 2 fall 3
server CAS03 x.x.x.3:443 check inter 5000 weight 1 rise 2 fall 3
frontend smtp_25
mode tcp
bind 1.x.x.x:25
default_backend pool_smtp
log global
option tcplog
backend pool_smtp
balance roundrobin
option redispatch
option abortonclose
option persist
stick on src
stick-table type ip size 10240k expire 240m
server CAS00 x.x.x.0:25 check inter 5000 weight 1 rise 2 fall 3
server CAS01 x.x.x.1:25 check inter 5000 weight 1 rise 2 fall 3
server CAS02 x.x.x.2:25 check inter 5000 weight 1 rise 2 fall 3
server CAS03 x.x.x.3:25 check inter 5000 weight 1 rise 2 fall 3
frontend pop_110
mode tcp
bind 1.x.x.x:110
default_backend pool_pop
log global
option tcplog
backend pool_pop
balance roundrobin
option redispatch
option abortonclose
option persist
stick on src
stick-table type ip size 10240k expire 240m
server CAS00 x.x.x.0:110 check inter 5000 weight 1 rise 2 fall 3
server CAS01 x.x.x.1:110 check inter 5000 weight 1 rise 2 fall 3
server CAS02 x.x.x.2:110 check inter 5000 weight 1 rise 2 fall 3
server CAS03 x.x.x.3:110 check inter 5000 weight 1 rise 2 fall 3
frontend vs_stats :8081
mode http
log global
option httplog
default_backend stats_backend
backend stats_backend
mode http
stats enable
stats uri /stats
stats auth admin:admin
HAproxy 的详细介绍 :请点这里
HAproxy 的下载地址 :请点这里
推荐阅读:
Haproxy+Keepalived 搭建 Weblogic 高可用负载均衡集群 http://www.linuxidc.com/Linux/2013-09/89732.htm
Keepalived+HAProxy 配置高可用负载均衡 http://www.linuxidc.com/Linux/2012-03/56748.htm
CentOS 6.3 下 Haproxy+Keepalived+Apache 配置笔记 http://www.linuxidc.com/Linux/2013-06/85598.htm
Haproxy + KeepAlived 实现 WEB 群集 on CentOS 6 http://www.linuxidc.com/Linux/2012-03/55672.htm
Haproxy+Keepalived 构建高可用负载均衡 http://www.linuxidc.com/Linux/2012-03/55880.htm
![[限时免费正版] 地下城守护者 – 经典塔防类战略游戏,来做一回大魔王!](https://www.xgss.net/wp-content/themes/puock/timthumb.php?w=120&h=80&a=c&zc=1&q=90&src=https://s.xgss.net/sky/2024-04-08/6e04e14086878364e57570b30c460f6a.jpg)
