之前做了一个Haproxy + Keealived 实现LDAP查询代理的服务,感觉还不错,决定用它代理公网Exchange请求。TMG不更新了,而且配置有点繁琐,且动不动服务就死。


如果下文有地方看不懂,可以去我上一篇文章Haproxy+keepalived配置LDAP代理中去查看。


介绍一下架构:

用户通过公网DNS,分别会被指向到联通和电信的两个出口上,两个出口分别有两个HAproxy代理服务器,通过Keepalived做热备,虚拟出两个VIP,VIP01和VIP02,访问VIP01的用户被分配到黄线所连的CAS服务器上,访问VIP02的特殊用户群,被分配到蓝线的VIPCAS服务器上,VIPCAS服务器只提供OWA服务。电信出口一样,就不画线了,乱的慌。

HAproxy + Keepalive实现Exchange反向代理服务_第1张图片

开始讲解配置:

安装需要的组件,keepalived和haproxy

yum install gcc kernel-headers kernel-devel
yum install keepalived
yum install haproxy

配置keepalived的配置文件:

vi /etc/keepalived/keepalived.conf

如下配置:

vrrp_scriptchk_http_port {
script"/etc/keepalived/check_haproxy.sh"  #检测haproxy健康状态的脚本
interval 2
weight 2 }
vrrp_instanceVI_1 {
interface eth0
state MASTER #备机配置为BACKUP
priority 101 #备机配置为100
virtual_router_id 51 #keepalived组表示,同一组中的主机该值要一样
smtp_alert
virtual_ipaddress {
x.x.x.1         #虚拟VIP01
x.x.x.2         #虚拟VIP02
}
track_script {
chk_http_port
}
}

接下来编辑检测Haprxoy健康的脚本:

vi /etc/keepalived/check_haproxy.sh
#!/bin/bash
A=`ps -C haproxy --no-header |wc -l`
if [ $A -eq 0 ];then
/etc/haproxy/haproxy -f /etc/haproxy/haproxy.cfg
sleep 3
if [ `ps -C haproxy --no-header |wc -l` -eq 0 ];then
/etc/init.d/keepalived stop
fi
fi
chmod 755 /etc/keepalived/check_haproxy.sh

编辑Haproxy的配置文件:

vi /etc/haproxy/haproxy.cfg

配置文件如下:

global
        log /dev/log local0 info
        log /dev/log local0 notice
        maxconn 4096
        user root
        group root
        daemon
defaults
        log global
        maxconn 10000
        contimeout 5000
        clitimeout 3600000
        srvtimeout 3600000
        option redispatch
        retries 3
frontend owa_redirect
         mode http
         bind 1.x.x.x:80
         redirect location https://mail.contoso.com
frontend vipowa_redirect
         mode http
         bind 2.x.x.x:80
         redirect location https://mailvip.contoso.com
frontend vipowa_443
         mode tcp
         bind 2.x.x.x:443
         default_backend pool_vipowa
         log global
         option tcplog
backend  pool_vipowa
         balance roundrobin
         option redispatch
         option abortonclose
         option persist
         stick on src
         stick-table type ip size 10240k expire 240m
         server CASVIP01 x.x.x.1:443 check inter 5000 weight 1 rise 2 fall 3
         server CASVIP02 x.x.x.2:443 check inter 5000 weight 1 rise 2 fall 3
frontend owa_443
         mode tcp
         bind 1.x.x.x:443
         default_backend pool_owa
         log global
         option tcplog
backend  pool_owa
         balance roundrobin
         option redispatch
         option abortonclose
         option persist
         stick on src
         stick-table type ip size 10240k expire 240m
         server CAS00 x.x.x.0:443 check inter 5000 weight 1 rise 2 fall 3
         server CAS01 x.x.x.1:443 check inter 5000 weight 1 rise 2 fall 3
         server CAS02 x.x.x.2:443 check inter 5000 weight 1 rise 2 fall 3
         server CAS03 x.x.x.3:443 check inter 5000 weight 1 rise 2 fall 3
frontend smtp_25
         mode tcp
         bind 1.x.x.x:25
         default_backend pool_smtp
         log global
         option tcplog
backend pool_smtp
        balance roundrobin
        option redispatch
        option abortonclose
        option persist
        stick on src
        stick-table type ip size 10240k expire 240m
        server CAS00 x.x.x.0:25 check inter 5000 weight 1 rise 2 fall 3
        server CAS01 x.x.x.1:25 check inter 5000 weight 1 rise 2 fall 3
        server CAS02 x.x.x.2:25 check inter 5000 weight 1 rise 2 fall 3
        server CAS03 x.x.x.3:25 check inter 5000 weight 1 rise 2 fall 3
frontend pop_110
         mode tcp
         bind 1.x.x.x:110
         default_backend pool_pop
         log global
         option tcplog
backend pool_pop
        balance roundrobin
        option redispatch
        option abortonclose
        option persist
        stick on src
        stick-table type ip size 10240k expire 240m
        server CAS00 x.x.x.0:110 check inter 5000 weight 1 rise 2 fall 3
        server CAS01 x.x.x.1:110 check inter 5000 weight 1 rise 2 fall 3
        server CAS02 x.x.x.2:110 check inter 5000 weight 1 rise 2 fall 3
        server CAS03 x.x.x.3:110 check inter 5000 weight 1 rise 2 fall 3
frontend vs_stats :8081
        mode http
        log global
        option httplog
        default_backend stats_backend
backend stats_backend
        mode http
        stats enable
        stats uri /stats
        stats auth admin:admin

因为配置文件中监听了VIP的地址,所以如果当前服务器不是keepalived处于master状态,VIP是不在网卡上的,那么Haproxy无法启动,这里我们需要加一个参数,让系统忽略本地没有的IP地址:

vi /etc/sysctl.conf

打开该文件后,添加如下参数:

# For Haproxy can start with no local ip address
net.ipv4.ip_nonlocal_bind=1

运行下面命令使参数生效:

sysctl -p

这样系统会忽略本地不存在的IP地址


之后配置Haproxy的日志:

vi /etc/rsyslog.conf

添加如下语句:

# Log for Haproxy
local0.* /var/log/haproxy.log

重启rsyslog:

service rsyslog restart


启动Keepalived服务,会把Haproxy自动带起来:

service keepalived start

将其设为开机启动:

chkconfig keepalived on


配置成功:

HAproxy + Keepalive实现Exchange反向代理服务_第2张图片