1.请分析上图架构中的优缺点
2. 请准备机器,开始进行上述环境部署
LVS master 和lvs backup通过keepalived做高可用, 能实现vip飘逸
Nginx实现负载均衡, 代理后端服务器
在后端机器上上部署tomcat单机多实例, 三个实例, 端口分别是8080,8081,8082
在后端机器上部署nginx虚拟主机, 三个虚拟主机, 端口是80,81,82
nginx配置要求
访问 http://gz1905/tomcat 在三个tomcat跳转, 权重为1:1:3,如果访问失败超过两次, 停止服务五秒
访问 http://gz1905/web1 跳转到后端nginx服务器的80虚拟主机
访问 http://gz1905/web2 跳转到后端nginx服务器的81虚拟主机,
访问 http://gz1905/web3 跳转到后端nginx服务器的82虚拟主机
同时记录客户端真实IP地址
为防止恶意访问, 配置 http://gz1905/tomcat的访问频率为 单客户端1次/s ,超过改频次跳转到自定义 404页面, 页面包含 阿丽丽(班主任和就业)美照.
lvs_master:192.168.222.120 lvs_backup:192.168.222.121 vip:192.168.222.122 nginx proxy:192.168.222.123 realserver:192.168.222.130/131
【LVS_DR+Keepalived】
keepalived在该项目中的作用:1.管理ipvs的路由表,包括对realserver做健康检查。2.实现调度器的HA
[lvs_master+lvs_backup]
1.yum -y install ipvsadm keepalived
2.genhash -s 192.168.222.123 -p 80 -u /index.html
MD5SUM = a76b2b824459a563428efee4e4e10dfa
3.vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lvs-master
}
vrrp_instance VI_1 {
state MASTER
nopreempt
interface ens33
mcast src ip 192.168.222.120
virtual_router_id 80
priority 100
advert_int 1
authentication {
auth_type pass
auth_pass 1111
}
virtual_ipaddress {
192.168.222.122
}
}
virtual_server 192.168.222.122 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 20
protocol TCP
sorry_server 2.2.2.2 80
real_server 192.168.222.123 80 {
weight 1
inhibit_on_failure
HTTP_GET {
url {
path /index.html
digest a76b2b824459a563428efee4e4e10dfa
}
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
4.启动服务并检查状态 keepalived ipvsadm
chkconfig keepalived on ipvsadm -Ln
master宕机,vip漂向backup
【nginx_proxy】
1.ip addr add dev lo 192.168.222.122/32 //在lo接口上绑定VIP
2.echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore //non-arp
3.echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
4.cat /etc/nginx/nginx.conf
user nginx;
worker_processes 3;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
upstream tomcat{
server 192.168.222.130:8080 weight=1 max_fails=2 fail_timeout=5;
server 192.168.222.130:8081 weight=1 max_fails=2 fail_timeout=5 ;
server 192.168.222.130:8082 weight=3 max_fails=2 fail_timeout=5;
}
limit_req_zone $binary_remote_addr zone=req_zone:10m rate=1r/s;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name www.gz1905.com;
include /etc/nginx/default.d/*.conf;
location /tomcat {
proxy_pass http://tomcat/;
limit_req zone=req_zone;
limit_req_status 404;
}
location /web1{
proxy_pass http://192.168.222.131:80/;
}
location /web2{
proxy_pass http://192.168.222.131:81/;
}
location /web3 {
proxy_pass http://192.168.222.131:82/;
}
error_page 404 /404.html;
location = /404.html {
root /etc/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
5.指定路径下配置404.html页面
【RS】后端真实服务器,配置nginx和tomcat