CentOS7搭建Haproxy+Nginx+Firewalld+DNS负载均衡
系统运维 一、部署第一台Nginx网站
关于Nginx的原理概述及详细配置请参考博文:Centos 7部署Nginx网站服务
渠县网站制作公司哪家好,找创新互联公司!从网页设计、网站建设、微信开发、APP开发、响应式网站开发等网站项目制作,到程序开发,运营维护。创新互联公司于2013年创立到现在10年的时间,我们拥有了丰富的建站经验和运维经验,来保证我们的工作的顺利进行。专注于网站建设就选创新互联公司。[root@centos01 ~]# yum -y install prce-devel zlib-devel
[root@centos01 ~]# useradd -M -s /sbin/nologin nginx
[root@centos01 ~]# umount /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos01 ~]# scp /mnt/nginx-1.6.0.tar.gz root@192.168.100.20:/root
The authenticity of host \'192.168.100.20 (192.168.100.20)\' can\'t be established.
ECDSA key fingerprint is SHA256:PUueT9fU9QbsyNB5NC5hbSXzaWxxQavBxXmfoknXl4I.
ECDSA key fingerprint is MD5:6d:f7:95:0e:51:1a:d8:9e:7b:b6:3f:58:51:51:4b:3b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added \'192.168.100.20\' (ECDSA) to the list of known hosts.
root@192.168.100.20\'s password:
nginx-1.6.0.tar.gz 100% 784KB 68.2MB/s 00:00
[root@centos01 ~]# scp /mnt/haproxy-1.4.24.tar.gz root@192.168.100.30:/root
The authenticity of host \'192.168.100.30 (192.168.100.30)\' can\'t be established.
ECDSA key fingerprint is SHA256:PUueT9fU9QbsyNB5NC5hbSXzaWxxQavBxXmfoknXl4I.
ECDSA key fingerprint is MD5:6d:f7:95:0e:51:1a:d8:9e:7b:b6:3f:58:51:51:4b:3b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added \'192.168.100.30\' (ECDSA) to the list of known hosts.
root@192.168.100.30\'s password:
haproxy-1.4.24.tar.gz 100% 817KB 31.1MB/s 00:00 00:00
[root@centos01 ~]# tar zxvf /mnt/nginx-1.6.0.tar.gz -C /usr/src/
[root@centos01 ~]# cd /usr/src/nginx-1.6.0/
[root@centos01 nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx
[root@centos01 nginx-1.6.0]# make && make install
[root@centos01 ~]# ln -s /usr/local/nginx/sbin/* /usr/local/sbin/
[root@centos01 ~]# echo 192.168.100.10:nginx > /usr/local/nginx/html/index.html
[root@centos01 ~]# nginx
[root@centos01 ~]# netstat -anptu | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3685/ngin: master
二、部署第二台Nginx网站
[root@centos02 ~]# yum -y install pcre-devel zlib-devel
[root@centos02 ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg nginx-1.6.0.tar.gz
[root@centos02 ~]# tar zxvf nginx-1.6.0.tar.gz -C /usr/src/
[root@centos02 ~]# useradd -M -s /sbin/nologin nginx
[root@centos02 ~]# cd /usr/src/nginx-1.6.0/
[root@centos02 nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx
[root@centos02 nginx-1.6.0]# make && make install
[root@centos02 ~]# ln -s /usr/local/nginx/sbin/* /usr/local/sbin/
[root@centos02 ~]# echo 192.168.100.20:nginx > /usr/local/nginx/html/index.html
[root@centos02 ~]# nginx
[root@centos02 ~]# netstat -anptu | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6059/ngin: master
三、部署内网客户端
1、客户端添加VM1网卡,配置和服务器同网段IP地址2、访问第一台nginx服务器3、客户端更换IP地址访问第二台nginx服务器四、部署Haproxy服务器Haproxy概述及工作原理详细配置参考博文:Haproxy搭建Web群集概述
Centos 7基于Haproxy搭建高可用Web群集
[root@centos03 ~]# yum -y install pcre-devel bzip2-devel
[root@centos03 ~]# ls
anaconda-ks.cfg haproxy-1.4.24.tar.gz initial-setup-ks.cfg
[root@centos03 ~]# tar zxvf haproxy-1.4.24.tar.gz -C /usr/src/
[root@centos03 ~]# cd /usr/src/haproxy-1.4.24/
[root@centos03 haproxy-1.4.24]# make TARGET=linux26
[root@centos03 haproxy-1.4.24]# make install
2、生成haproxy配置文件
[root@centos03 ~]# mkdir /etc/haproxy
[root@centos03 ~]# cp /usr/src/haproxy-1.4.24/examples/haproxy.cfg /etc/haproxy/
[root@centos03 ~]# cp /usr/src/haproxy-1.4.24/examples/haproxy.init /etc/init.d/haproxy
[root@centos03 ~]# chmod +x /etc/init.d/haproxy
[root@centos03 ~]# chkconfig --add haproxy
[root@centos03 ~]# chkconfig --level 35 haproxy on
[root@centos03 ~]# cp /usr/src/haproxy-1.4.24/haproxy /usr/sbin/
[root@centos03 ~]# mkdir -p /usr/share/haproxy
3、配置haproxy群集
[root@centos03 ~]# vim /etc/haproxy/haproxy.cfg
listen nginx 192.168.100.30:80
balance roundrobin
server web01 192.168.100.10:80 check inter 2000 fall 3
server web02 192.168.100.20:80 check inter 2000 fall 3
[root@centos03 ~]# /etc/init.d/haproxy start
Starting haproxy (via systemctl): [ 确定 ]
1)客户端访问192.168.100.302)客户端更换IP地址重新访问五、配置Firewalld防火墙(双网卡)关于Firewalld防火墙的概述及详细配置请参考博文:Centos 7的Firewalld防火墙基础
Centos 7的firewalld防火墙地址伪装和端口转发原理
centos 7之firewalld防火墙配置IP伪装和端口转发案例详解
[root@centos04 ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-ens34
[root@centos04 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens34
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.200.254
NATEMASK=255.255.255.0
dns1=192.168.200.254
[root@centos04 ~]# systemctl restart network
[root@centos04 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@centos04 ~]# sysctl -p
[root@centos01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
GATEWAY=192.168.100.40
[root@centos01 ~]# systemctl restart network
[root@centos04 ~]# systemctl start firewalld.service
[root@centos04 ~]# systemctl enable firewalld.service
[root@centos04 ~]# firewall-cmd --add-interface=ens34 --zone=external
The interface is under control of NetworkManager, setting zone to \'external\'.
success
[root@centos04 ~]# firewall-cmd --add-interface=ens32 --zone=trusted
The interface is under control of NetworkManager, setting zone to \'trusted\'.
success
[root@centos04 ~]# firewall-cmd --get-active-zones
external
interfaces: ens34
trusted
interfaces: ens32
[root@centos04 ~]# firewall-cmd --remove-masquerade --zone=external
success
[root@centos04 ~]# firewall-cmd --add-rich-rule=\'rule family=ipv4 source address=192.168.100.0/24 masquerade\'
success
[root@centos04 ~]# firewall-cmd --add-rich-rule=\'rule family=ipv4 destination address=192.168.200.254/32 forward-port port=80 protocol=tcp to-addr=192.168.100.30\'
success
[root@centos04 ~]# firewall-cmd --zone=external --add-service=http
success
[root@centos04 ~]# firewall-cmd --zone=external --add-service=dns
success
[root@centos04 ~]# firewall-cmd --zone=external --list-all
external (active)
target: default
icmp-block-inversion: no
interfaces: ens34
sources:
services: ssh http dns
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family=ipv4 source address=192.168.100.0/24 masquerade
rule family=ipv4 destination address=192.168.200.254/32 forward-port port=80 protocol=tcp to-addr=192.168.100.30
六、部署DNS关于DNS详细配置及概述请参考博文:CentOS7简单搭建DNS服务
[root@centos04 ~]# yum -y install bind bind-chroot bind-utils
[root@centos04 ~]# echo > /etc/named.conf
[root@centos04 ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
directory /var/named;
};
zone benet.com IN {
type master;
file benet.com.zone;
};
[root@centos04 ~]# named-checkconf -z /etc/named.conf
[root@centos04 ~]# vim /var/named/benet.com.zone
$TTL 86400
@ SOA benet.com. root.benet.com.(
2020021801
1H
15M
1W
1D
)
@ NS centos04.benet.com.
centos04 A 192.168.200.254
www A 192.168.200.254
[root@centos04 ~]# named-checkzone benet.com /var/named/benet.com.zone
zone benet.com/IN: loaded serial 2020021801
OK
[root@centos04 ~]# chmod +x /var/named/benet.com.zone
[root@centos04 ~]# chown named:named /var/named/benet.com.zone
[root@centos04 ~]# systemctl start named
[root@centos04 ~]# systemctl enable named
七、部署外网客户端1、客户端配置IP地址、添加DNS地址
2、客户端使用域名访问
3、客户端更换IP地址重新访问
———————— 本文至此结束,感谢阅读 ————————
网站栏目:CentOS7搭建Haproxy+Nginx+Firewalld+DNS负载均衡
网页路径:http://hbruida.cn/article/chdooe.html