Nginx对(apache+foreman+puppet)负载均衡
一、前提准备
试验环境:
OS:Centos 6.5_x86
puppet-server-3.8.3
foreman-1.9.2
foreman-proxy-1.9.2
httpd-2.2.15
服务器已经搭建好了apache+foreman+puppet详情请参考:
http://4709096.blog.51cto.com/4699096/1710697
二、修改pupeptmaster相关配置
2.1修改puppetmaster端口
#vim /etc/sysconfig/puppetmaster
PUPPETMASTER_PORTS=( 18140 18141 )
2.2修改puppetmaster目录访问权限
#vim /etc/puppt/auth.conf
path /
auth any
allow *
不修改这里,nginx请求会出现403错误
2.3修改puppetmaster的httpd端口
#vim /etc/httpd/conf/ports.conf
Listen 18140
NameVirtualHost *:18140
新增:18141监听
Listen 18141
NameVirtualHost *:18141
#vim /etc/httpd/conf.d/25-puppet.conf
<VirtaulHost *:18140>
新增18141的虚拟主机
#cp /etc/httpd/conf.d/25-puppet.conf /etc/httpd/conf.d/26-puppet.conf
修改26-puppet.conf中
<VirtaulHost *:18141>
三、Nginx安装及配置
3.1安装Nginx
#tar -zxvf nginx-1.4.7.tar.gz
#cd nginx-1.4.7
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
make && make install
3.2修改nginx.conf配置
#vim /usr/local/nginx/conf/nginx.conf
在httpd{}内加入如下内容:
upstream puppetmaster {
server 127.0.0.1:18140;
server 127.0.0.1:18141;
}
server {
listen 8140 ssl;
server_name puppet.test.com;
root /etc/puppet;
ssl on;
ssl_session_timeout 5m;
#如下为puppetmaster服务器端证书地址
ssl_certificate /var/lib/puppet/ssl/certs/puppet.test.com.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/puppet.test.com.pem;
ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_verify_client optional;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#File sections
location /production/file_content/files/ {
types { }
default_type application/x-raw;
#定义puppet推送路径别名
alias /etc/puppet/files/;
}
# Modules files sections
location ~ /production/file_content/modules/.+/ {
root /etc/puppet/modules;
types { }
default_type application/x-raw;
rewrite ^/production/file_content/modules/(.+)/(.+)$ /$1/files/$2 break;
}
location / {
##设置跳转到puppetmaster负载均衡
proxy_pass https://puppetmaster;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify $ssl_client_verify;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_buffer_size 10m;
proxy_buffers 1024 10m;
proxy_busy_buffers_size 10m;
proxy_temp_file_write_size 10m;
proxy_read_timeout 120;
}
}
四、启动相关服务
4.1启动nginx
#/usr/local/nginx/sbin/nginx
4.2启动Apache
#service httpd start
4.3启动foreman-proxy
#service foreman-porxy start
4.4启动puppetmaster(不启动也可以)
#puppet master start
五、开启客户端进行验证即可
#puppet agent --server=puppet.test.com --test
鸣谢:本人参考了多篇文章后总结而得,在此感谢各位网络分享者!