Haproxy+keepalived+Nginx+Nginx&Tomcat+memcach集群

拓扑图:

实验步骤:

一 Nginx静态：

搭建并配置nginx节点，准备网页，启动服务，测试节点（两台nginx配置相同，在此列出一台的配置）；

1）使用源码包安装nginx软件包

[root@static1 ~]# yum -y install gcc pcre-devel openssl-devel //安装依赖包

[root@static1 ~]# useradd -s /sbin/nologin nginx

[root@static1 ~]# tar -xf nginx-1.12.2.tar.gz

[root@static1~]# cd nginx-1.12.2

[root@static1 nginx-1.12.2]# ./configure \

> --prefix=/usr/local/nginx \ //指定安装路径

> --user=nginx \ //指定用户

> --group=nginx \ //指定组

> --with-http_ssl_module //开启SSL加密功能

[root@static1 nginx-1.12.2]# make && make install //编译并安装

root@static1 ~]# netstat -anptu | grep nginx

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 10441/nginx //端口是否启动

2）设置防火墙与SELinux（非必须的操作，如果有则关闭）:

[root@static1~]# firewall-cmd --set-default-zone=trusted

[root@static1~]# setenforce 0

3）测试首页文件:

Nginx Web服务默认首页文档存储目录为/usr/local/nginx/html/，在此目录下默认有一个名为index.html的文件，使用客户端访问测试页面：

[root@client ~]# curl http://192.168.4.52

<html>

<head>

<title>Welcome to nginx!</title>

</head>

<body bgcolor="white" text="black">

<center><h1>Welcome to nginx!</h1></center>

</body>

</html>

二 Nginx+Tomcat动态：

搭建并配置nginx&tomcat节点，准备网页，启动服务，测试节点（两台tomcat配置相同，在此列出一台的配置）:

1）使用RPM安装JDK环境:

[root@app1 ~]# yum -y install java-1.8.0-openjdk //安装JDK

[root@app1 ~]# yum -y install java-1.8.0-openjdk-headless //安装JDK

[root@app1 ~]# java -version //查看JAVA版本

2）安装Tomcat（apache-tomcat-8.0.30.tar.gz软件包):

[root@app1 ~]# tar -xf apache-tomcat-8.0.30.tar.gz

[root@app1 ~]# mv apache-tomcat-8.0.30 /usr/local/tomcat

[root@app1 ~]# ls /usr/local/tomcat

bin lib logs RELEASE-NOTES temp work

conf LICENSE NOTICE RUNNING.txt webapps

3）nginx80端口调度本机8080端口:

[root@app1 ~]# vim /usr/local/nginx/conf/nginx.conf

location / {

proxy_pass http://127.0.0.1:8080;

index index.jsp index.htm;

}

...

...

location ~ \.php$ {

root html;

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

#fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;

include fastcgi.conf;

}

4）启动服务:

[root@app1 ~]# /usr/local/nginx/sbin/nginx

[root@app1 ~]# /usr/local/tomcat/bin/startup.sh

[root@app1 ~]# firewall-cmd --set-default-zone=trusted

[root@app1 ~]# setenforce 0

5）服务器验证端口信息:

[root@web-0003 ~]# netstat -ntulp |grep 80

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 15220/nginx: master

[root@app1 ~]# netstat -nutlp |grep java //查看java监听的端口

tcp 0 0 :::8080 :::* LISTEN 2778/java

tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN 2778/java

三 构建memcached服务：

1）使用yum安装软件包memcached:

[ root@session1 ~]# yum -y install memcached

[root@session1 ~]# rpm -qa memcached

memcached-1.4.15-10.el7_3.1.x86_64

2）启动服务并查看网络连接状态验证是否开启成功：

[root@session1 ~]# systemctl start memcached

[root@session1 ~]# systemctl status memcached

[root@session1 ~]# netstat -anptu | grep memcached

tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 2839/memcached

tcp 0 0 :::11211 :::* LISTEN 2839/memcached

udp 0 0 0.0.0.0:11211 0.0.0.0:* 2839/memcached

udp 0 0 :::11211 :::* 2839/memcached

[root@session1 ~]# setenforce 0

[root@session1 ~]# firewall-cmd --set-default-zone=trusted

**三** **Nginx&Tomcat实现memcache的session共享:**

1）拷贝需要用的jar包到/usr/local/tomcat/lib/目录下

asm-5.2.ja

kryo-4.0.0.ja

kryo-serializers-0.38.ja

memcached-session-manager-1.9.7.ja

memcached-session-manager-tc8-1.9.7.ja

minlog-1.3.0.ja

msm-kryo-serializer-1.9.7.ja

objenesis-2.4.ja

reflectasm-1.11.3.ja

spymemcached-2.11.2.jar //百度上可以找到

2） 修改配置文件:

[root@app1 ~]#vim /usr/local/tomcat/conf/context.xml

<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager"

memcachedNodes="n1:192.168.4.56:11211,n2:192.168.4.57:11211" //指定memecache服务器ip

lockingMode="auto"

sticky="false"

sessionBackupAsync="false" //非黏性session管理的配置

sessionBackupTimeout= "1000"

copyCollectionsForSerialization="true"

requestUriIgnorePattern=".*\.(ico|png|gif|jpg|css|js)$"

transcoderFactoryClass="de.javakaffee.web.msm.serializer.kryo.KryoTranscoderFactory"

/>

]# /usr/local/tomcat/bin/shutdown.sh

]# /usr/local/tomcat/bin/startup.sh //重启服务

四 安装Haproxy程序软件（两台Haproxy配置相同，在此列出一台的配置）:

1） 修改配置文件:

[root@proxy1 ~]# echo 'net.ipv4.ip_forward = 1' >> sysctl.conf //开启路由转发

[root@proxy1 ~]# sysctl -p

[root@proxy1 ~]# yum -y install haproxy

[root@proxy1 ~]# vim /etc/haproxy/haproxy.cfg

# main frontend which proxys to the backends

#---------------------------------------------------------------------

frontend main *:80

acl url_static path_end -i .jpg .gif .png .css .js

use_backend static if url_static

default_backend app

# static backend for serving up images, stylesheets and such

#---------------------------------------------------------------------

backend static

balance roundrobin

server static1 192.168.4.51:80 check

server static2 192.168.4.52:80 check

#---------------------------------------------------------------------

# round robin balancing between the various backends

#---------------------------------------------------------------------

backend app

balance roundrobin

server app1 192.168.4.53:80 check

server app2 192.168.4.54:80 check

2） 启动Haproxy服务:

[root@proxy1 ~]# systemctl restart haproxy.service

[root@proxy1 ~]# netstat -utpln |grep haproxy

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1264/haproxy

udp 0 0 0.0.0.0:52177 0.0.0.0:* 1264/haproxy

3） 安装keepalived程序软件:

[root@proxy1 ~]# yum install -y keepalived

[root@proxy1 ~]# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

notification_email {

Qianxiaming@163.com //设置报警收件人邮箱

}

notification_email_from nginx@localhost //设置发件人

smtp_server 127.0.0.1 //定义邮件服务器

smtp_connect_timeout 30

router_id mysql50

vrrp_instance VI_1 { //设置路由ID号（需要修改）

state MASTER //主服务器为MASTER（备服务器需要修改为BACKUP）

interface eth0 //定义网络接口

virtual_router_id 50 //主备服务器VRID号必须一致

priority 200 //服务器优先级,优先级高优先获取VIP（实验需要修改）

advert_int 1

authentication {

auth_type PASS

auth_pass 1111 //主备服务器密码必须一致

}

virtual_ipaddress {

192.168.4.80 //谁是主服务器谁获得该VIP（实验需要修改）

}

}

4）启动服务:

[root@proxy1 ~]# systemctl start keepalived

[root@proxy1 ~]# systemctl start keepalived

5）配置防火墙和SELinux:

启动keepalived会自动添加一个drop的防火墙规则，需要清空！

[root@proxy1 ~]# iptables -F

[root@proxy1 ~]# setenforce 0

五 客户端测试:

[root@client ~]# firefox 192.168.4.50/test.jpg

[root@client ~]# firefox 192.168.4.50/test.php

[root@client ~]# firefox 192.168.4.50/test.jsp

proxy1宕机之后测试是否可实现高可用