本文介绍了一种利用HAProxy进行负载均衡并支持HTTPS访问的高并发部署方案,通过在同一台物理机上部署多个Tomcat实例实现资源最大化利用。
背景:
情况是这样的,我们要支撑高并发业务,需要多个web服务器来支持,如果一台机器只部署一个tomcat的话,那资源没有办法充分利用,所以我们的办法是在一台物理机部署数十个tomcat,前端使用haproxy做负载均衡,并且网站需要https访问,所以证书需要在haproxy中配置。
部署:
1、haproxy的配置
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
#---------------------------------------------------------------------# Example configuration for a possible web application. See the# full configuration options online.## http://haproxy.1wt.eu/download/1.4/doc/configuration.txt##---------------------------------------------------------------------#---------------------------------------------------------------------# Global settings#---------------------------------------------------------------------global # to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 400000
user haproxy
group haproxy
daemon
tune.ssl.default-dh-param 2048
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------# common defaults that all the 'listen' and 'backend' sections will# use if not designated in their block#---------------------------------------------------------------------defaults mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
option httpclose
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
stats enable
stats hide-version
stats uri /haproxy?status
stats realm Haproxy\ Statistics
stats auth admin:admin123
#---------------------------------------------------------------------# main frontend which proxys to the backends#---------------------------------------------------------------------frontend wzlinux_ssl bind *:80
bind *:443 ssl crt /etc/haproxy/wzlinux.pem
mode http
default_backend wzlinuxs
backend wzlinuxs mode http
balance roundrobin
option forwardfor
# option httpchk HEAD / HTTP/1.1\r\nHost:localhost server tomcat01 127.0.0.1:8080 check inter 15000 rise 2 fall 4 weight 1
server tomcat02 127.0.0.1:8081 check inter 15000 rise 2 fall 4 weight 1
server tomcat03 127.0.0.1:8082 check inter 15000 rise 2 fall 4 weight 1
server tomcat04 127.0.0.1:8083 check inter 15000 rise 2 fall 4 weight 1
server tomcat05 127.0.0.1:8084 check inter 15000 rise 2 fall 4 weight 1
server tomcat06 127.0.0.1:8085 check inter 15000 rise 2 fall 4 weight 1
server tomcat07 127.0.0.1:8086 check inter 15000 rise 2 fall 4 weight 1
# http-request set-header X-Forwarded-Port %[dst_port]# http-request add-header X-Forwarded-Proto https if { ssl_fc } |
2、tomcat的配置设定
因为tomcat日志需要知道真正的来源IP是什么,所以默认的是不满足要求的,我们需要修改日志格式的内容如下。
|
1
2
3
4
5
6
7
8
|
<Host name="localhost" appBase="/home/webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="/var/log/tomcat"
prefix="wzlinux." suffix=".txt"
pattern="%{X-Forwarded-For}i %l %u %t "%r" %s %b" />
</Host>
|
本文转自 wzlinux 51CTO博客,原文链接:http://blog.51cto.com/wzlinux/1956323,如需转载请自行联系原作者
扫一扫
803
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
