Otu esi edobe HAProxy dị ka Load Balancer maka Nginx na CentOS 8
Iji hụ na enwere ike ịnweta ngwa weebụ kachasị, scalability, na arụmọrụ dị elu, ọ bụzi ihe a na-emekarị iji mejuputa teknụzụ ndị na-ewebata redundancy, dị ka nchịkọta nkesa na nhazi ibu. Dịka ọmụmaatụ, ịtọlite ụyọkọ nke sava ndị niile na-arụ otu ngwa (s) wee na-ebuga ibu balancer (s) n'ihu ha iji kesaa okporo ụzọ.
HAProxy bụ ihe mepere emepe, dị ike, arụmọrụ dị elu, ntụkwasị obi, nchekwa na nke a na-ejikarị dị elu TCP/HTTP load balancer, ihe nkesa proxy na SSL/TLS terminator wuru maka ebe nrụọrụ weebụ okporo ụzọ dị elu. Ọ na-arụ ọrụ nke ọma na Linux, Solaris, FreeBSD, OpenBSD yana sistemụ arụmọrụ AIX.
Ntuziaka a na-egosi otu esi edozi ihe nkwụnye ụgwọ dị elu raara onwe ya nye na HAProxy na CentOS 8 iji chịkwaa okporo ụzọ na ụyọkọ nke sava weebụ NGINX. Ọ na-egosikwa otu esi ahazi nkwụsị SSL/TLS na HAProxy.
Ngụkọta nke sava 4 nwere obere nrụnye CentOS 8.
----------- HAProxy Server Setup ----------- HA Proxy Server - hostname: haproxy-server.tecmint.lan; IP: 10.42.0.247 Test Site Domain: www.tecmint.lan ----------- Client Web Servers Setup ----------- Web Server #1 - hostname: websrv1.tecmint.lan; IP: 10.42.0.200 Web Server #2 - hostname: websrv2.tecmint.lan; IP: 10.42.0.21 Web Server #3 - hostname: websrv3.tecmint.lan; IP: 10.42.0.34
Kwụpụ 1: Ịtọlite Nginx HTTP Server na igwe ndị ahịa
1. Banye n'ime igwe ndị ahịa CentOS 8 gị niile wee wụnye sava weebụ Nginx site na iji njikwa ngwugwu dnf dị ka egosiri.
# dnf install Nginx
2. Na-esote, malite ọrụ Nginx, maka ugbu a, mee ka ọ malite na-akpaghị aka na boot system wee gosi na ọ na-arụ ọrụ site na ịlele ọkwa ya, na-eji usoro systemctl (mee nke a na igwe ndị ahịa niile).
# systemctl start nginx # systemctl enable nginx # systemctl status nginx
3. Ọzọkwa, ọ bụrụ na firewalld ọrụ na-agba ọsọ na niile ahịa igwe (nke ị nwere ike ịlele site na-agba ọsọ systemctl malite firewalld), ị ga-agbakwunye HTTP na HTTPS ọrụ na firewall nhazi na-ekwe ka arịrịọ sitere na ibu balancer gafere firewall. gaa na sava webụ Nginx. Mgbe ahụ bugharịa ọrụ firewalld iji mee mgbanwe ọhụrụ (mee nke a na igwe ndị ahịa niile).
# firewall-cmd --zone=public --permanent --add-service=http # firewall-cmd --zone=public --permanent --add-service=https # firewall-cmd --reload
4. Ọzọ, mepee ihe nchọgharị weebụ na igwe mpaghara gị wee nwalee ma nwụnye Nginx na-arụ ọrụ nke ọma. Jiri IP onye ahịa ka ịnyagharịa, ozugbo ị hụrụ ibe nyocha Nginx, ọ pụtara na sava weebụ arụnyere na igwe ndị ahịa na-arụ ọrụ nke ọma.
5. Na-esote, anyị kwesịrị ịmepụta ibe ule na igwe ndị ahịa nke anyị ga-eji emechaa chọpụta nhazi HAProxy.
----------- Web Server #1 ----------- # cp /usr/share/nginx/html/index.html /usr/share/nginx/html/index.html.orig # echo "Showing site from websrv1.tecmint.lan"> /usr/share/nginx/html/index.html ----------- Web Server #2 ----------- # cp /usr/share/nginx/html/index.html /usr/share/nginx/html/index.html.orig # echo "Showing site from websrv2.tecmint.lan"> /usr/share/nginx/html/index.html ----------- Web Server #3 ----------- # cp /usr/share/nginx/html/index.html /usr/share/nginx/html/index.html.orig # echo "Showing site from websrv3.tecmint.lan"> /usr/share/nginx/html/index.html
Kwụpụ 2: Wụnye na ịhazi HAProxy Server na CentOS 8
6. Ugbu a wụnye ngwugwu HAProxy na sava HAProxy site na ịme iwu na-esonụ.
# dnf install haproxy
7. Na-esote, malite ọrụ HAProxy, mee ka ọ nwee ike ịmalite na-amalite na buut sistem ma chọpụta ọkwa ya.
# systemctl start haproxy # systemctl enable haproxy # systemctl status haproxy
8. Ugbu a, anyị ga-ahazi HAProxy site na iji faịlụ nhazi ndị a.
# vi /etc/haproxy/haproxy.cfg
A na-ekewa faịlụ nhazi ahụ na ngalaba anọ dị mkpa.
- Ntọala ụwa – na-edobe oke usoro n'obosara.
- ndabere – ngalaba a na-edobe paramita ndabara maka ngalaba ndị ọzọ niile na-eso nkwupụta ya.
- frontend – ngalaba a na-akọwa otu sọks ege ntị na-anabata njikọ ndị ahịa.
- Azụ azụ – ngalaba a na-akọwa otu sava nke proxy ga-ejikọta ya ka ibugharịa njikọ mbata.
Iji ghọta nhọrọ n'okpuru ntọala zuru ụwa ọnụ na ndabara, gụọ akwụkwọ HAProxy (njikọ enyere na njedebe nke isiokwu). Maka ntuziaka a, anyị ga-eji ndabara.
9. HAProxy mgbe etinyere ya ga-arụ ọrụ dị ịrịba ama na akụrụngwa IT gị, si otú a na-ahazi ndekọ maka ya bụ isi ihe achọrọ; nke a na-enye gị ohere ịnweta nghọta gbasara njikọ ọ bụla na sava weebụ gị.
Oke log (nke gosipụtara na nseta ihuenyo na-esote) na-ekwupụta ihe nkesa Syslog zuru ụwa ọnụ (dị ka rsyslog ndabara na CentOS) nke ga-enweta ozi ndekọ. Enwere ike ikwuputa ihe karịrị otu ihe nkesa ebe a.
Nhazi ndabara na-ezo aka na localhost (127.0.0.1) na local2 bụ koodu akụrụngwa eji achọpụta ozi ndekọ HAProxy n'okpuru rsyslog.
10. Ọzọ, ịkwesịrị ịgwa onye nkesa rsyslog ka esi enweta ma hazie ozi ndekọ HAProxy. Mepee faịlụ nhazi rsyslog ka /etc/rsyslog.conf ma ọ bụ mepụta faịlụ ọhụrụ n'ime ndekọ aha /etc/rsyslog.d, dịka ọmụmaatụ /etc/rsyslog.d/haproxy.conf.
# vi /etc/rsyslog.d/haproxy.conf
Detuo na mado nhazi ndị a iji nakọta log na UDP na ọdụ ụgbọ mmiri 514 ndabara.
$ModLoad imudp $UDPServerAddress 127.0.0.1 $UDPServerRun 514
Tinyekwa ahịrị ndị a iji kụziere rsyslog ka o dee na faịlụ ndekọ abụọ dị iche iche dabere na ịdị njọ, ebe local2 bụ koodu akụrụngwa akọwapụtara na nhazi HAProxy n'elu.
local2.* /var/log/haproxy-traffic.log local2.notice /var/log/haproxy-admin.log
11. Chekwaa faịlụ ma mechie ya. Mgbe ahụ malitegharịa ọrụ rsyslog ka itinye mgbanwe ndị na-adịbeghị anya.
# systemctl restart rsyslog
12. N'akụkụ a, anyị ga-egosipụta otu esi ahazi proxies n'ihu na azụ azụ. Laghachi na faịlụ nhazi HAProxy ma gbanwee njedebe n'ihu na azụ azụ dị ka ndị a. Anyị agaghị abanye na nkọwa zuru ezu nke oke ọ bụla, ị nwere ike na-ezo aka na akwụkwọ gọọmentị mgbe niile.
Nhazi na-esonụ na-akọwa ngalaba ntị nke ejiri na-eje ozi ibe HAProxy Stats. Oke njide na-ekenye onye na-ege ntị na adreesị IP enyere (
Ntọala stats na-enyere aka na ibe ọnụ ọgụgụ nke a ga-enweta site na iji URI/stats (ie http://server_ip:9000/stats
).
A na-eji ntọala stats auth iji gbakwunye nyocha dị mkpa mgbe ị na-abanye na ibe ahụ (dochie haproxy na [email echebe] jiri aha njirimara na paswọọdụ nke ị họọrọ).
listen stats bind *:9000 stats enable stats hide-version stats uri /stats stats admin if LOCALHOST stats auth haproxy:[email
13. Nhazi ọzọ na-akọwa ngalaba frontend a na-akpọ TL (ị nwere ike ịnye aha nke mmasị gị). Oke ọnọdụ na-akọwa ọnọdụ HAProxy na-arụ ọrụ.
A na-eji paramita acl (Ndepụta Njikwa Nweta) mee mkpebi dabere na ọdịnaya ewepụtara na arịrịọ ahụ. N'ihe atụ a, a na-ewere arịrịọ ahụ HTTP dị larịị ma ọ bụrụ na emeghị ya karịa SSL.
Mgbe ahụ, a na-eji ntọala ntọala http-request set-header gbakwunyere nkụnye eji isi mee HTTP na arịrịọ ahụ. Nke a na-enyere aka ịgwa Nginx na a rịọrọ arịrịọ mbụ n'elu HTTP (ma ọ bụ site na ọdụ ụgbọ mmiri 80).
Ntuziaka default_backend ma ọ bụ use_backend na-akọwapụta sava azụ azụ, na nke a, nke TL_web_servers kwuru.
Rịba ama na HAProxy ga-eweghachite njehie\503 Ọrụ adịghị adị ma ọ bụrụ na ojiji_backend ma ọ bụ default_backend emebighị arịrịọ.
frontend TL bind *:80 mode http acl http ssl_fc,not http-request set-header X-Forwarded-Protocol http if http default_backend TL_web_servers
14. Mgbe ahụ, anyị kwesịrị ịkọwa ngalaba azụ azụ ebe nguzozi nguzozi na-akọwa otú HAProxy si ahọrọ sava azụ azụ iji hazie arịrịọ ma ọ bụrụ na ọ nweghị usoro nkwụsi ike na-emebi nhọrọ ahụ.
Ntuziaka kuki na-enyere aka nkwụsi ike dabere na kuki, ọ na-enye HAProxy ntụziaka iziga kuki aha ya bụ SERVERID na onye ahịa yana ijikọ ya na ID nke ihe nkesa nyere nzaghachi mbụ.
A na-eji ntuziaka ihe nkesa iji kọwaa sava dị elu n'ụdị sever_name (dịka websrv1), server_IP: ọdụ ụgbọ mmiri na nhọrọ.
Otu nhọrọ igodo bụ ịlele nke na-agwa HAProxy ka ọ nọgide na-elele na ihe nkesa dị ma kọọ akụkọ na ibe stats.
backend TL_web_servers mode http balance roundrobin option httpchk HEAD / cookie SERVERUID insert indirect nocache server websrv1 10.42.0.200:80 cookie websrv1 check server websrv2 10.42.0.21:80 cookie websrv2 check server websrv3 10.42.0.34:80 cookie websrv3 check
Kwupụta akụkụ ọ bụla n'ihu na azụ azụ dịka egosiri na nseta ihuenyo na-esote. Chekwaa faịlụ ma mechie ya.
15. Ugbu a malitegharịa ọrụ HAProxy iji tinye mgbanwe ọhụrụ.
# systemctl restart haproxy
16. Ọzọ, hụ na HTTP (ọdụ ụgbọ mmiri 80) na HTTPS (ọdụ ụgbọ mmiri 433) meghere na firewall ịnakwere arịrịọ ndị ahịa dị ka ndị a. Ọzọkwa, mepee ọdụ ụgbọ mmiri 9000 na firewall maka ịnweta ibe stats ma bugharịa ntọala firewall.
# firewall-cmd --zone=public --permanent --add-service=http # firewall-cmd --zone=public --permanent –add-service=https # firewall-cmd --zone=public --permanent --add-port=9000/tcp # firewall-cmd --reload
Kwụpụ 3: Na-anwale nhazi HAProxy na nlele nlele
17. Ugbu a ọ bụ oge iji nwalee nhazi HAPrxoy. Na igwe desktọpụ mpaghara ebe ị na-abanye na sava niile, gbakwunye ahịrị na-esonụ na faịlụ /etc/hosts iji mee ka anyị nwee ike iji ngalaba saịtị dummy.
10.42.0.247 www.tecmint.lan
18. Mgbe ahụ mepee ihe nchọgharị wee gaa na iji adreesị nkesa ma ọ bụ ngalaba saịtị.
http://10.42.0.247/ OR http://www.tecmint.lan/
19. Iji nweta ibe ọnụ ọgụgụ HAProxy, jiri adreesị na-esonụ.
http://10.42.0.247:9000/stats
Mgbe ahụ jiri aha njirimara na paswọọdụ ị kọwapụtara na faịlụ nhazi HAProxy (tụ aka na stats auth parameter).
Mgbe ịbanyechara nke ọma, ị ga-adaba na ibe ọnụ ọgụgụ HAProxy nke na-egosi gị metrik na-ekpuchi ahụike nke sava gị, ọnụego arịrịọ ugbu a, oge nzaghachi, na ọtụtụ ndị ọzọ.
Iji gosi ka akụkọ ọkwa si arụ ọrụ gbasara koodu agba na-arụ ọrụ, anyị etinyela otu n'ime sava azụ azụ.
Kwụpụ 4: Ịhazi HTTPS na HAProxy Iji Asambodo SSL ejiri aka ya bịa
20. Na ngalaba ikpeazụ a, anyị ga-egosi otu esi ahazi SSL/TLS iji chekwaa nkwukọrịta niile n'etiti sava HAProxy na onye ahịa. HAProxy na-akwado ụdị nhazi HTTPS anọ, mana maka ntuziaka a, anyị ga-eji SSL/TLS offloading.
Na ọnọdụ nbudata SSL/TLS, HAProxy na-achọpụta okporo ụzọ dị n'akụkụ ndị ahịa wee jikọọ na okporo ụzọ doro anya na sava azụ azụ.
Anyị ga-amalite site na ịmepụta asambodo na igodo dị ka egosiri (zaa ajụjụ ndị a dabere na nkọwa ụlọ ọrụ gị n'oge ịmepụta akwụkwọ, dị ka egosipụtara na nseta ihuenyo).
# mkdir /etc/ssl/tecmint.lan # cd /etc/ssl/tecmint.lan/ # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/tecmint.lan.key -out /etc/ssl/tecmint.lan.crt # cd /etc/ssl/tecmint.lan/ # cat tecmint.crt tecmint.key >tecmint.pem # ls -l
21. Na-esote, mepee faịlụ nhazi HAProxy (/etc/haproxy/haproxy.cfg) ma dezie ngalaba njedebe n'ihu.
frontend TL bind *:80 bind *:443 ssl crt /etc/ssl/tecmint.lan/tecmint.pem redirect scheme https if !{ ssl_fc } mode http acl http ssl_fc,not acl https ssl_fc http-request set-header X-Forwarded-Protocol http if http http-request set-header X-Forwarded-Protocol https if https default_backend TL_web_servers
Chekwaa faịlụ ma mechie ya.
22. Mgbe ahụ malitegharịa ọrụ HAProxy iji tinye mgbanwe ọhụrụ.
# systemctl restart haproxy.service
23. Ọzọ, mepee ihe nchọgharị weebụ wee gbalịa ịnweta saịtị ahụ ọzọ. Ihe nchọgharị ahụ ga-egosi mperi n'ihi asambodo ejiri aka ya bịa, pịa Advanced ka ịga n'ihu.
Nke ahụ bụ ihe niile ugbu a! Ngwa webụ ọ bụla nwere usoro nke ya, ịkwesịrị imepụta na hazie nha nha nha iji dabara akụrụngwa IT yana ihe ngwa chọrọ.
Iji nweta nghọta ndị ọzọ na ụfọdụ nhọrọ nhazi ejiri na ntuziaka a, yana n'ozuzu otu esi eji HAProxy, hụ akwụkwọ ụdị ụlọ ọrụ HAProxy gọọmentị. Ị nwere ike biputere ajụjụ ma ọ bụ echiche ọ bụla site na mpempe nzaghachi n'okpuru.