Nginx对(apache+foreman+puppet)负载均衡

Nginx对(apache+foreman+puppet)负载均衡

一、前提准备

试验环境:

OS:Centos 6.5_x86

puppet-server-3.8.3

foreman-1.9.2

foreman-proxy-1.9.2

httpd-2.2.15

服务器已经搭建好了apache+foreman+puppet详情请参考:

http://4709096.blog.51cto.com/4699096/1710697


二、修改pupeptmaster相关配置

2.1修改puppetmaster端口

#vim /etc/sysconfig/puppetmaster

PUPPETMASTER_PORTS=( 18140 18141 )


2.2修改puppetmaster目录访问权限

#vim /etc/puppt/auth.conf

path /

auth any

allow *

不修改这里,nginx请求会出现403错误


2.3修改puppetmaster的httpd端口

#vim /etc/httpd/conf/ports.conf

Listen 18140

NameVirtualHost *:18140


新增:18141监听

Listen 18141

NameVirtualHost *:18141


#vim /etc/httpd/conf.d/25-puppet.conf

<VirtaulHost *:18140>


新增18141的虚拟主机

#cp /etc/httpd/conf.d/25-puppet.conf /etc/httpd/conf.d/26-puppet.conf

修改26-puppet.conf中

<VirtaulHost *:18141>


三、Nginx安装及配置

3.1安装Nginx

#tar -zxvf nginx-1.4.7.tar.gz

#cd nginx-1.4.7

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module


make && make install


3.2修改nginx.conf配置

#vim /usr/local/nginx/conf/nginx.conf


在httpd{}内加入如下内容:

upstream puppetmaster {

                server 127.0.0.1:18140;

                server 127.0.0.1:18141;

                }


server {

       listen             8140 ssl;

       server_name         puppet.test.com;

       root              /etc/puppet;

       ssl               on;

       ssl_session_timeout    5m;


       #如下为puppetmaster服务器端证书地址

       ssl_certificate       /var/lib/puppet/ssl/certs/puppet.test.com.pem;

       ssl_certificate_key    /var/lib/puppet/ssl/private_keys/puppet.test.com.pem;

       ssl_client_certificate  /var/lib/puppet/ssl/ca/ca_crt.pem;

       ssl_crl            /var/lib/puppet/ssl/ca/ca_crl.pem;

       ssl_verify_client     optional;

       ssl_protocols        SSLv2 SSLv3 TLSv1;

       ssl_ciphers     ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;


       #File sections

       location /production/file_content/files/ {

       types { }

       default_type application/x-raw;

       #定义puppet推送路径别名

       alias /etc/puppet/files/;

       }


       # Modules files sections

       location ~ /production/file_content/modules/.+/ {

       root /etc/puppet/modules;

       types { }

       default_type application/x-raw;

       rewrite ^/production/file_content/modules/(.+)/(.+)$ /$1/files/$2 break;

       }


       location / {

       ##设置跳转到puppetmaster负载均衡

       proxy_pass       https://puppetmaster;

       proxy_redirect    off;

       proxy_set_header   Host $host;

       proxy_set_header   X-Real-IP $remote_addr;

       proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;

       proxy_set_header   X-Client-Verify $ssl_client_verify;

       proxy_set_header   X-SSL-Subject $ssl_client_s_dn;

       proxy_set_header   X-SSL-Issuer $ssl_client_i_dn;

       proxy_buffer_size  10m;

       proxy_buffers 1024 10m;

       proxy_busy_buffers_size    10m;

       proxy_temp_file_write_size  10m;

       proxy_read_timeout 120;

    }

}


四、启动相关服务

4.1启动nginx

#/usr/local/nginx/sbin/nginx


4.2启动Apache

#service httpd start


4.3启动foreman-proxy

#service foreman-porxy start


4.4启动puppetmaster(不启动也可以)

#puppet master start


五、开启客户端进行验证即可

#puppet agent --server=puppet.test.com --test



鸣谢:本人参考了多篇文章后总结而得,在此感谢各位网络分享者!


你可能感兴趣的:(apache,nginx,负载均衡)