Haproxy+keepalived（2）

最新推荐文章于 2025-10-22 18:27:35 发布

原创最新推荐文章于 2025-10-22 18:27:35 发布 · 1k 阅读

2 ·

CC 4.0 BY-SA版权

文章标签：

#haproxy字段 #keepalivee #检测 #内容检测 #跨网段

linux-集群专栏收录该内容

9 篇文章

订阅专栏

本文介绍了如何配置haproxy实现跨网段访问，其中公网网段为172.17，后端服务器位于192.168.153网段。haproxy通过检测后端服务器index.html内的'ok'字段来确认服务器状态。同时，当haproxy停止时，系统能够通过keepalived进行VIP切换。

一、实现haproxy跨网段访问，要求172.17网段为公网网段，后端server为192.168.153网段，haproxy检测后端realserver是基于index.html内的内容,“ok”字段，并能够在haproxy停止时，切换VI

1.实现haproxy跨网段访问，要求172.17网段为公网网段，后端server为192.168.153网段
2.haproxy检测后端realserver是基于index.html内的内容,“ok”字段
3.并能够在haproxy停止时，切换VI

1.keepalived配置文件

vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost 
   }
   notification_email_from root_keepalived
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
} 

vrrp_script chk_haproxy {
        script "killall -0 haproxy" 
        interval 2 
        weight -150 
        fall 2 
        rise 2 
}


vrrp_instance VI_1 {
    state BACKUP
    interface eth2
    virtual_router_id 14
    priority 200
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 2121
    }
    virtual_ipaddress {
        172.17.17.1
    }

    track_script {
    chk_haproxy
        } 
}
vrrp_instance VI_2 {
    state BACKUP
    interface eth1
    virtual_router_id 15
    priority 200
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 2121
    }
    virtual_ipaddress {
        192.168.17.1
    }
    track_script {
    chk_haproxy
    } 
}

2.haproxy配置

/etc/haproxy/haproxy.cfg
global
    log         127.0.0.1 local2
    nbproc      1
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    stats socket /var/lib/haproxy/stats

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
frontend static
        mode http 
        bind *:80
        acl url_static path_beg -i /static /images /javascript /stylesheets
        acl url_static path_end -i .img .jpg .gif .jpeg .png .css .js
        use_backend  server_static if url_static
        use_backend  cook if ! url_static
frontend ip_acl
        bind *:80
        acl src_ip src 172.17.0.0
        block if ! src_ip
backend cook
        mode http
        option  httpchk  GET /index.html
        http-check expect string ok 
        cookie SERVERID insert indirect nocache
        server  cook_175  192.168.17.175:80 check cookie 175

backend server_static
        balance     roundrobin
        option  httpchk  GET /index.html
        http-check expect string ok   
        server  static_175  192.168.17.175:80 check
        server  static_176  192.168.17.176:80 check

listen stats #定义一个统计报告服务
        mode http #基于http协议
        bind *:1900 #监听1080端口
        stats enable #开启统计报告服务
        stats hide-version #隐藏统计报告版本信息
        stats uri /haproxy?111 #统计报告访问url
        stats realm Haproxy\ Statistics #页面登陆信息
        stats auth admin:admin #验证账号信息
        stats admin if TRUE #验证模式