之前做了一個Haproxy + Keealived 實現LDAP查詢代理的服務,感覺還不錯,決定用它代理公網Exchange請求。TMG不更新了,而且配置有點繁瑣,且動不動服務就死。
如果下文有地方看不懂,可以去我上一篇文章Haproxy+keepalived配置LDAP代理中去查看。
介紹一下架構:
用戶通過公網DNS,分別會被指向到聯通和電信的兩個出口上,兩個出口分別有兩個HAproxy代理服務器,通過Keepalived做熱備,虛擬出兩個VIP,VIP01和VIP02,訪問VIP01的用戶被分配到黃線所連的CAS服務器上,訪問VIP02的特殊用戶羣,被分配到藍線的VIPCAS服務器上,VIPCAS服務器只提供OWA服務。電信出口一樣,就不畫線了,亂的慌。
開始講解配置:
安裝需要的組件,keepalived和haproxy
yum install gcc kernel-headers kernel-devel yum install keepalived yum install haproxy
配置keepalived的配置文件:
vi /etc/keepalived/keepalived.conf
如下配置:
vrrp_scriptchk_http_port { script"/etc/keepalived/check_haproxy.sh" #檢測haproxy健康狀態的腳本 interval 2 weight 2 } vrrp_instanceVI_1 { interface eth0 state MASTER #備機配置爲BACKUP priority 101 #備機配置爲100 virtual_router_id 51 #keepalived組表示,同一組中的主機該值要一樣 smtp_alert virtual_ipaddress { x.x.x.1 #虛擬VIP01 x.x.x.2 #虛擬VIP02 } track_script { chk_http_port } }
接下來編輯檢測Haprxoy健康的腳本:
vi /etc/keepalived/check_haproxy.sh #!/bin/bash A=`ps -C haproxy --no-header |wc -l` if [ $A -eq 0 ];then /etc/haproxy/haproxy -f /etc/haproxy/haproxy.cfg sleep 3 if [ `ps -C haproxy --no-header |wc -l` -eq 0 ];then /etc/init.d/keepalived stop fi fi chmod 755 /etc/keepalived/check_haproxy.sh
編輯Haproxy的配置文件:
vi /etc/haproxy/haproxy.cfg
配置文件如下:
global log /dev/log local0 info log /dev/log local0 notice maxconn 4096 user root group root daemon defaults log global maxconn 10000 contimeout 5000 clitimeout 3600000 srvtimeout 3600000 option redispatch retries 3 frontend owa_redirect mode http bind 1.x.x.x:80 redirect location https://mail.contoso.com frontend vipowa_redirect mode http bind 2.x.x.x:80 redirect location https://mailvip.contoso.com frontend vipowa_443 mode tcp bind 2.x.x.x:443 default_backend pool_vipowa log global option tcplog backend pool_vipowa balance roundrobin option redispatch option abortonclose option persist stick on src stick-table type ip size 10240k expire 240m server CASVIP01 x.x.x.1:443 check inter 5000 weight 1 rise 2 fall 3 server CASVIP02 x.x.x.2:443 check inter 5000 weight 1 rise 2 fall 3 frontend owa_443 mode tcp bind 1.x.x.x:443 default_backend pool_owa log global option tcplog backend pool_owa balance roundrobin option redispatch option abortonclose option persist stick on src stick-table type ip size 10240k expire 240m server CAS00 x.x.x.0:443 check inter 5000 weight 1 rise 2 fall 3 server CAS01 x.x.x.1:443 check inter 5000 weight 1 rise 2 fall 3 server CAS02 x.x.x.2:443 check inter 5000 weight 1 rise 2 fall 3 server CAS03 x.x.x.3:443 check inter 5000 weight 1 rise 2 fall 3 frontend smtp_25 mode tcp bind 1.x.x.x:25 default_backend pool_smtp log global option tcplog backend pool_smtp balance roundrobin option redispatch option abortonclose option persist stick on src stick-table type ip size 10240k expire 240m server CAS00 x.x.x.0:25 check inter 5000 weight 1 rise 2 fall 3 server CAS01 x.x.x.1:25 check inter 5000 weight 1 rise 2 fall 3 server CAS02 x.x.x.2:25 check inter 5000 weight 1 rise 2 fall 3 server CAS03 x.x.x.3:25 check inter 5000 weight 1 rise 2 fall 3 frontend pop_110 mode tcp bind 1.x.x.x:110 default_backend pool_pop log global option tcplog backend pool_pop balance roundrobin option redispatch option abortonclose option persist stick on src stick-table type ip size 10240k expire 240m server CAS00 x.x.x.0:110 check inter 5000 weight 1 rise 2 fall 3 server CAS01 x.x.x.1:110 check inter 5000 weight 1 rise 2 fall 3 server CAS02 x.x.x.2:110 check inter 5000 weight 1 rise 2 fall 3 server CAS03 x.x.x.3:110 check inter 5000 weight 1 rise 2 fall 3 frontend vs_stats :8081 mode http log global option httplog default_backend stats_backend backend stats_backend mode http stats enable stats uri /stats stats auth admin:admin
因爲配置文件中監聽了VIP的地址,所以如果當前服務器不是keepalived處於master狀態,VIP是不在網卡上的,那麼Haproxy無法啓動,這裏我們需要加一個參數,讓系統忽略本地沒有的IP地址:
vi /etc/sysctl.conf
打開該文件後,添加如下參數:
# For Haproxy can start with no local ip address net.ipv4.ip_nonlocal_bind=1
運行下面命令使參數生效:
sysctl -p
這樣系統會忽略本地不存在的IP地址
之後配置Haproxy的日誌:
vi /etc/rsyslog.conf
添加如下語句:
# Log for Haproxy local0.* /var/log/haproxy.log
重啓rsyslog:
service rsyslog restart
啓動Keepalived服務,會把Haproxy自動帶起來:
service keepalived start
將其設爲開機啓動:
chkconfig keepalived on
配置成功: