haproxy透明代理测试(仅支持2.6.28之后的内核版本):
1.编译安装haproxy:
make TARGET=linux2628 arch=x86_64 USE_LINUX_TPROXY=1 make install cp haproxy /usr/sbin/ cp examples/haproxy.init /etc/init.d/haproxy chmod +x /etc/init.d/haproxy chkconfig --add haproxy chkconfig haproxy on mkdir /etc/haproxy vim /etc/haproxy/haproxy.cfg
2.配置文件backend添加一行:
source 0.0.0.0 usesrc client
3.配置防火墙:
iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 123 iptables -t mangle -A DIVERT -j ACCEPT iptables -t nat -A POSTROUTING -s 10.10.100.8 -o eth1 -j MASQUERADE iptables -t nat -A POSTROUTING -s 10.10.100.9 -o eth1 -j MASQUERADE
4.配置ip路由(永久生效,要放到rc.local)
ip rule add fwmark 123 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100
5.配置/etc/sysctl.conf
net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 2 net.ipv4.conf.all.rp_filter = 2 net.ipv4.conf.eth0.rp_filter = 0 net.ipv4.conf.all.send_redirects = 1 net.ipv4.conf.default.send_redirects = 1
6.在两台后端nginx上配置(永久生效,要放到rc.local)
route delete default ip route add default via 10.10.100.115
####################################
haproxy.cfg配置文件模板:
global daemon nbproc 2 stats bind-process 2 maxconn 10000 defaults log 127.0.0.1 local2 warning timeout client 300s timeout server 300s timeout connect 60s option redispatch rate-limit sessions 300 maxconn 10000 listen admin_stats mode http bind 0.0.0.0:8080 stats uri /admin listen tcp_80 mode tcp bind 0.0.0.0:80 source 0.0.0.0 usesrc client server nginx1 10.10.100.8:80 check inter 10s server nginx2 10.10.100.9:80 check inter 10s listen tcp_443 mode tcp bind 0.0.0.0:443 source 0.0.0.0 usesrc client server nginx1 10.10.100.8:443 check inter 10s server nginx2 10.10.100.9:443 check inter 10s
#################################
haproxy检测脚本:
#!/bin/bash LOG="/var/log/keepalived-haproxy-check.log" A=`ps -C haproxy --no-header | wc -l` #DEBUG #echo "[check_haproxy status]" >> $LOG #date >> $LOG #echo "Regular check number of haproxy process: "$A >> $LOG if [ $A -eq 0 ]; then date >> $LOG echo "[ERROR] Haproxy process not found." >> $LOG service haproxy restart >> $LOG 2>&1 sleep 5 A=`ps -C haproxy --no-header | wc -l` echo "Number of haproxy process now: "$A >> $LOG fi if [ $A -eq 0 ]; then exit 1 else exit 0 fi
© 著作权归作者所有
下一篇: oracle 常用操作
文章评论(0)