Nginx+Haproxy实现负载代理功能

 

一、系统基础配置

  1、关闭防火墙

    systemctl status firewalld

    systemctl stop firewalld

    systemctl disable firewalld

 

    关闭selinux

/usr/sbin/sestatus

vi /etc/selinux/config   将 #SELINUX=enforcing  改为SELINUX=disabled

     

 2、配置YUM源

    cd /etc/yum.repos.d

     mv /etc/yum.repos.d/CentOS7-Base.repo /etc/yum.repos.d/CentOS7-Base.repo.backup      首先备份/etc/yum.repos.d/CentOS-Base.repo

   wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo

   wget -O /etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo

     yum clean all

     yum makecache

 

 3、优化Linux内核参数

 

二、NGINX安装

http://nginx.org/download/nginx-1.16.0.tar.gz

 

1、centos平台编译环境使用如下指令

安装make：

yum -y install gcc automake autoconf libtool make

安装g++:

yum install gcc gcc-c++

 

 

2、安装pcre，先装pcre, zlib，前者为了重写rewrite，

yum install -y pcre pcre-devel   //nginx 的 http 模块使用 pcre 来解析正则表达式，所以需要在 linux 上安装 pcre 库

yum install -y zlib zlib-devel    //zlib 库提供了很多种压缩和解压缩的方式， nginx 使用 zlib 对 http 包的内容进行 gzip

yum install -y openssl openssl-devel  //nginx 不仅支持 http 协议，还支持 https（即在ssl协议上传输http）

 

3、wget下载

   创建组  groupadd www

  创建用户 useradd -g www www

  查看组用户：groups www

   mkdir soft

   cd /soft

   wget http://nginx.org/download/nginx-1.16.0.tar.gz

   tar zxvf nginx-1.16.0.tar.gz   

./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-cc-opt='-o3'

make

make install

 

vi /etc/init.d/nginx

 

4、输入以下：

[root@fcweb-test lib]# vi /etc/init.d/nginx

#! /bin/sh



#PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin



DESC="nginx daemon"

NAME=nginx

DAEMON=/usr/local/nginx/sbin/$NAME

CONFIGFILE=/usr/local/nginx/conf/$NAME.conf

PIDFILE=/usr/local/nginx/logs/$NAME.pid

SCRIPTNAME=/etc/init.d/$NAME



set -e

[ -x "$DAEMON" ] || exit 0



do_start() {

$DAEMON -c $CONFIGFILE || echo -n "nginx already running"

}



do_stop() {

kill -INT `cat $PIDFILE` || echo -n "nginx not running"

}



do_reload() {

kill -HUP `cat $PIDFILE` || echo -n "nginx can't reload"

}



case "$1" in

start)

echo -n "Starting $DESC: $NAME"

do_start

echo "."

;;

stop)

echo -n "Stopping $DESC: $NAME"

do_stop

echo "."

;;

reload|graceful)

echo -n "Reloading $DESC configuration..."

do_reload

echo "."

;;

restart)

echo -n "Restarting $DESC: $NAME"

do_stop

do_start

echo "."

;;

*)

echo "Usage: $SCRIPTNAME {start|stop|reload|restart}" >&2

exit 3

;;

esac



exit 0

 

 

 

3、

#chmod +x /etc/init.d/nginx

#chown -R www:www /usr/local/nginx/logs

 

#/etc/init.d/nginx start

 

/usr

 

 

#vi /usr/local/nginx/conf/nginx.conf

 

改

worker_processes 8:

worker rlimit nofile  51200;

events

{

use epoll;

worker connections  51200;

}

keepalive_timeout 30;

gzip off;

 

 

尾  }  前添加： include vhost/*.conf;

 

mkdir vhost

vi /usr/local/nginx/conf/vhost/wk.conf

 

4、输入以下：（以站点IP为172.20.253.174和网站wk.xxx.cn为例）

upstream wk {

    server 172.20.250.35:80;

}

server

{

    listen 80;

    server_name wk.xxx.cn;

    location / {

        proxy_redirect off;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://wk;

    }

    access_log logs/wk_access.log;

}

5、输入后重加载配置，测试网站是否正常

/usr/local/nginx/sbin/nginx -t

service nginx reload

 

6、加入系统启动项

vi etc/rc.local

/usr/local/nginx/sbin/nginx

 

 

 

三、HAPROXY安装

1、安装yum install haproxy -y

 

2、配置vi /etc/haproxy/haproxy.cfg

  之后添加以下演示：

 listen wiki_app 0.0.0.0:8001

    mode http

    option tcplog

    balance roundrobin

    server wikiapp01 172.20.250.35:80 check

 

3、启动：haproxy -f /etc/haproxy/haproxy.cfg

     重启：service haproxy restart

     查看：ps -ef |grep hapro

     加载命令：service haproxy reload

 

4、启用监控

vi /etc/haproxy/haproxy.cfg 在里面加入以下，访问：9000端口，

listen stats # Define a listen section called "stats"

bind 0.0.0.0:9000 # Listen on localhost:9000

mode http

stats enable # Enable stats page

stats hide-version # Hide HAProxy version

stats realm Haproxy\ Statistics # Title text for popup window

stats uri /haproxy_stats # Stats URI

stats auth bk:bkPassword # Authentication credentials

登录查看：

http://172.20.253.171:9000/haproxy_stats     用户名和密码为bk:bkPassword

 

5、haproxy管理工具haproxy-wi

 参考文档： https://ywnz.com/linuxyffq/4648.html

 关闭haproxy-wi数据库：systemctl stop mariadb

 

6、开启日志记录

查看haproxy.cfg配置文件，其中log项是否开启，将它开启，如log   127.0.0.1 local2

编辑vi /etc/rsyslog.conf文件，在下方加入   local2.*     /var/log/haproxy.log

重启syslog服务service rsyslog restart

重新加载service haproxy reload

查看服务启动情况：systemctl status haproxy.service

 

7、检查配置是否有异常  haproxy -f /etc/haproxy/haproxy.cfg -d

     如无错误信息则为正常