HAproxy + Keepalive實現Exchange反向代理服務

原創

kneight

2019-07-19 14:45

之前做了一個Haproxy + Keealived 實現LDAP查詢代理的服務，感覺還不錯，決定用它代理公網Exchange請求。TMG不更新了，而且配置有點繁瑣，且動不動服務就死。

如果下文有地方看不懂，可以去我上一篇文章Haproxy+keepalived配置LDAP代理中去查看。

介紹一下架構：

用戶通過公網DNS，分別會被指向到聯通和電信的兩個出口上，兩個出口分別有兩個HAproxy代理服務器，通過Keepalived做熱備，虛擬出兩個VIP，VIP01和VIP02,訪問VIP01的用戶被分配到黃線所連的CAS服務器上，訪問VIP02的特殊用戶羣，被分配到藍線的VIPCAS服務器上,VIPCAS服務器只提供OWA服務。電信出口一樣，就不畫線了，亂的慌。

開始講解配置：

安裝需要的組件，keepalived和haproxy

yum install gcc kernel-headers kernel-devel
yum install keepalived
yum install haproxy

配置keepalived的配置文件：

vi /etc/keepalived/keepalived.conf

如下配置：

vrrp_scriptchk_http_port {
script"/etc/keepalived/check_haproxy.sh"  #檢測haproxy健康狀態的腳本
interval 2
weight 2 }
vrrp_instanceVI_1 {
interface eth0
state MASTER #備機配置爲BACKUP
priority 101 #備機配置爲100
virtual_router_id 51 #keepalived組表示，同一組中的主機該值要一樣
smtp_alert
virtual_ipaddress {
x.x.x.1         #虛擬VIP01
x.x.x.2         #虛擬VIP02
}
track_script {
chk_http_port
}
}

接下來編輯檢測Haprxoy健康的腳本：

vi /etc/keepalived/check_haproxy.sh
#!/bin/bash
A=`ps -C haproxy --no-header |wc -l`
if [ $A -eq 0 ];then
/etc/haproxy/haproxy -f /etc/haproxy/haproxy.cfg
sleep 3
if [ `ps -C haproxy --no-header |wc -l` -eq 0 ];then
/etc/init.d/keepalived stop
fi
fi
chmod 755 /etc/keepalived/check_haproxy.sh

編輯Haproxy的配置文件：

vi /etc/haproxy/haproxy.cfg

配置文件如下：

global
        log /dev/log local0 info
        log /dev/log local0 notice
        maxconn 4096
        user root
        group root
        daemon
defaults
        log global
        maxconn 10000
        contimeout 5000
        clitimeout 3600000
        srvtimeout 3600000
        option redispatch
        retries 3
frontend owa_redirect
         mode http
         bind 1.x.x.x:80
         redirect location https://mail.contoso.com
frontend vipowa_redirect
         mode http
         bind 2.x.x.x:80
         redirect location https://mailvip.contoso.com
frontend vipowa_443
         mode tcp
         bind 2.x.x.x:443
         default_backend pool_vipowa
         log global
         option tcplog
backend  pool_vipowa
         balance roundrobin
         option redispatch
         option abortonclose
         option persist
         stick on src
         stick-table type ip size 10240k expire 240m
         server CASVIP01 x.x.x.1:443 check inter 5000 weight 1 rise 2 fall 3
         server CASVIP02 x.x.x.2:443 check inter 5000 weight 1 rise 2 fall 3
frontend owa_443
         mode tcp
         bind 1.x.x.x:443
         default_backend pool_owa
         log global
         option tcplog
backend  pool_owa
         balance roundrobin
         option redispatch
         option abortonclose
         option persist
         stick on src
         stick-table type ip size 10240k expire 240m
         server CAS00 x.x.x.0:443 check inter 5000 weight 1 rise 2 fall 3
         server CAS01 x.x.x.1:443 check inter 5000 weight 1 rise 2 fall 3
         server CAS02 x.x.x.2:443 check inter 5000 weight 1 rise 2 fall 3
         server CAS03 x.x.x.3:443 check inter 5000 weight 1 rise 2 fall 3
frontend smtp_25
         mode tcp
         bind 1.x.x.x:25
         default_backend pool_smtp
         log global
         option tcplog
backend pool_smtp
        balance roundrobin
        option redispatch
        option abortonclose
        option persist
        stick on src
        stick-table type ip size 10240k expire 240m
        server CAS00 x.x.x.0:25 check inter 5000 weight 1 rise 2 fall 3
        server CAS01 x.x.x.1:25 check inter 5000 weight 1 rise 2 fall 3
        server CAS02 x.x.x.2:25 check inter 5000 weight 1 rise 2 fall 3
        server CAS03 x.x.x.3:25 check inter 5000 weight 1 rise 2 fall 3
frontend pop_110
         mode tcp
         bind 1.x.x.x:110
         default_backend pool_pop
         log global
         option tcplog
backend pool_pop
        balance roundrobin
        option redispatch
        option abortonclose
        option persist
        stick on src
        stick-table type ip size 10240k expire 240m
        server CAS00 x.x.x.0:110 check inter 5000 weight 1 rise 2 fall 3
        server CAS01 x.x.x.1:110 check inter 5000 weight 1 rise 2 fall 3
        server CAS02 x.x.x.2:110 check inter 5000 weight 1 rise 2 fall 3
        server CAS03 x.x.x.3:110 check inter 5000 weight 1 rise 2 fall 3
frontend vs_stats :8081
        mode http
        log global
        option httplog
        default_backend stats_backend
backend stats_backend
        mode http
        stats enable
        stats uri /stats
        stats auth admin:admin

因爲配置文件中監聽了VIP的地址，所以如果當前服務器不是keepalived處於master狀態，VIP是不在網卡上的，那麼Haproxy無法啓動，這裏我們需要加一個參數，讓系統忽略本地沒有的IP地址：

vi /etc/sysctl.conf

打開該文件後，添加如下參數：

# For Haproxy can start with no local ip address
net.ipv4.ip_nonlocal_bind=1

運行下面命令使參數生效：

sysctl -p

這樣系統會忽略本地不存在的IP地址

之後配置Haproxy的日誌：

vi /etc/rsyslog.conf

添加如下語句：

# Log for Haproxy
local0.* /var/log/haproxy.log

重啓rsyslog：

service rsyslog restart

啓動Keepalived服務，會把Haproxy自動帶起來：

service keepalived start

將其設爲開機啓動：

chkconfig keepalived on

配置成功：

發表評論

所有評論

還沒有人評論，想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.

HAproxy + Keepalive實現Exchange反向代理服務

SharePoint 2013 部署 Part 1

SharePoint 2013 部署 Part 3

SharePoint 2013 部署 Part 2

HAproxy + Keepalive實現Exchange反向代理服務

Lync 2013 移動終端無法登錄問題

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結