如何进行haproxy+keepalived负载均衡主从热备功能

2023-04-14 03:48:00 功能 主从 负载均衡

如何进行haproxy+keepalived负载均衡主从热备功能

为了提高haproxy+keepalived负载均衡的主从热备功能,需要对其进行一些优化。

首先,在haproxy的配置文件中,增加如下配置:

global

log 127.0.0.1 local0

log 127.0.0.1 local1 notice

#chroot /usr/share/haproxy

user haproxy

group haproxy

daemon

#debug

#quiet

stats socket /var/run/haproxy.stat mode 600 level admin

maxconn 4096

# Default SSL material locations

ca-base /etc/ssl/certs

crt-base /etc/ssl/private

# Default ciphers to use on SSL-enabled listening sockets.

# For more information, see ciphers(1SSL). This list is from:

# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/

ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS

ssl-default-bind-options no-sslv3

defaults

log global

mode http

option httplog

option dontlognull

timeout connect 5000

timeout client 50000

timeout server 50000

errorfile 400 /etc/haproxy/errors/400.http

errorfile 403 /etc/haproxy/errors/403.http

errorfile 408 /etc/haproxy/errors/408.http

errorfile 500 /etc/haproxy/errors/500.http

errorfile 502 /etc/haproxy/errors/502.http

errorfile 503 /etc/haproxy/errors/503.http

errorfile 504 /etc/haproxy/errors/504.http

frontend http_proxy

bind *:80

bind *:443 ssl crt /etc/haproxy/ssl/

reqadd X-Forwarded-Proto:\ https

default_backend servers

backend servers

balance roundrobin

server server1 10.0.0.1:80 check

server server2 10.0.0.2:80 check

server server3 10.0.0.3:80 check

server server4 10.0.0.4:80 check

server server5 10.0.0.5:80 check

server server6 10.0.0.6:80 check

server server7 10.0.0.7:80 check

server server8 10.0.0.8:80 check

server server9 10.0.0.9:80 check

server server10 10.0.0.10:80 check

option httpchk GET /

http-check expect status 200

option redispatch

retries 3

timeout http-request 10s

timeout queue 1m

timeout server 30s

timeout connect 10s

timeout check 10s

maxconn 3000

其次,在keepalived的配置文件中,增加如下配置:

global_defs {

notification_email {

root@localhost

}

notification_email_from haproxy@localhost

smtp_server localhost

smtp_connect_timeout 30

router_id LVS_DEVEL

}

vrrp_script chk_haproxy {

script "killall -0 haproxy"

interval 2

weight 2

}

vrrp_instance VI_1 {

state MASTER

interface eth0

virtual_router_id 51

priority 101

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

10.0.0.100

}

track_script {

chk_haproxy

}

}

最后,重启haproxy和keepalived服务,即可完成haproxy+keepalived负载均衡主从热备功能的优化。

相关文章