HAProxy+Varnish動靜分離WordPress配置詳解 version2.0
本次的實驗拓?fù)鋱D如下
此次的實驗?zāi)繕?biāo)
(1) 動靜分離部署wordpress,動靜都要能實現(xiàn)負(fù)載均衡,要注意會話的問題
(2) 在haproxy和后端主機(jī)之間添加varnish進(jìn)行緩存
只緩存靜態(tài),對于動態(tài)直接調(diào)度至后端主機(jī)
(3) haproxy的設(shè)定要求:
(a) stats page,要求僅能通過本地訪問使用管理接口;
(b) 動靜分離
(c) 分別考慮不同的服務(wù)器組的調(diào)度算法
(4) haproxy高可用(Keepalived)
實驗之前所需做的準(zhǔn)備
IP地址劃分
'調(diào)度器:'
Master:172.16.1.10/16 內(nèi)網(wǎng):192.168.1.10/24
Backup:172.16.1.20/16 內(nèi)網(wǎng):192.168.1.20/24
VIP:172.16.1.200/16 www.maxie.com
'varnish:'
Master:192.168.1.30/24
Backup:192.168.1.40/24
'靜態(tài)WEB:'
A:192.168.1.50/24
B:192.168.1.60/24
'動態(tài)AP站點(diǎn):'
A:192.168.1.70/24
B:192.168.1.80/24
'MySQL:'
192.168.1.90/24
'NFS:'
192.168.1.100/24
初始化腳本編寫
#!/bin/bash
#
#hostname
hname=$1
hostnamectl set-hostname ${hname}
#yum software
ver=$2
if [ "$ver" == haproxy ];then
iptables -F
setenforce 0
yum install -y -q ntp
ntpdate 172.16.0.1
yum install -y -q nginx keepalived haproxy
[ $? -eq 0 ] && echo "yum success" || echo "failed"
elif [ "$ver" == http ];then
yum install -y httpd
yum install -y -q nfs-utils
iptables -F
setenforce 0
scp root@192.168.1.10:/etc/hosts /etc/
echo "$hname Static Server" > /var/www/html/index.html
mkdir -pv /var/www/html/{wordpress,discuzx}
mount -t nfs 192.168.1.100:/data/my_wordpress /var/www/html/wordpress
mount -t nfs 192.168.1.100:/data/my_discuzx /var/www/html/discuzx
systemctl start httpd
elif [ "$ver" == ap ];then
yum install -y -q nfs-utils
yum install -y -q httpd php php-mysql php-mbstring php-mcrypt
iptables -F
setenforce 0
scp root@192.168.1.10:/etc/hosts /etc/
mkdir -pv /var/www/html/{wordpress,discuzx}
mount -t nfs 192.168.1.100:/data/my_wordpress /var/www/html/wordpress
mount -t nfs 192.168.1.100:/data/my_discuzx /var/www/html/discuzx
cat > /var/www/html/index.php<<EOF
${hname}
<?php
phpinfo();
?>
EOF
systemctl start httpd
elif [ "$ver" == nfs ];then
iptables -F
setenforce 0
yum install -y -q nfs-utils rpcbind
scp root@192.168.1.10:/etc/hosts /etc/
cat > /etc/exports<<EOF
/data/my_wordpress 192.168.1.50(rw,no_root_squash) 192.168.1.60(rw,no_root_squash) 192.168.1.70(rw,no_root_squash) 192.168.1.80(rw,no_root_squash)
/data/my_discuzx 192.168.1.50(rw,no_root_squash) 192.168.1.60(rw,no_root_squash) 192.168.1.70(rw,no_root_squash) 192.168.1.80(rw,no_root_squash)
EOF
mkdir -pv /data/my_wordpress
mkdir -pv /data/my_discuzx
scp maxie@192.168.1.1:/Users/machiyuan/Downloads/LinuxPackages/wordpress-4.7.4-zh_CN.tar.gz /data/
scp maxie@192.168.1.1:/Users/machiyuan/Downloads/LinuxPackages/Discuz_X3.3_SC_UTF8.zip /data/
tar -xf /data/wordpress-3.7.4-zh_CN.tar.gz -C /data
mv /data/wordpress/* /data/my_wordpress
unzip /data/Discuz_X3.3_SC_UTF8.zip -d /data/
mv /data/upload/* /data/my_discuzx
useradd -u 48 apache
chown -R apache.apache /data
systemctl restart nfs
[ $? -eq 0 ] && echo "nfs deploy success" || echo "failed"
elif [ "$ver" == mysql ];then
iptables -F
setenforce 0
scp root@192.168.1.10:/etc/hosts /etc/
scp root@192.168.1.10:/root/server.conf /etc/my.cnf.d/
scp root@192.168.1.10:/root/init.sql /root/
systemctl start mariadb.service
mysql < /root/init.sql
else
echo "Usage: arg1 is hostname u want set var"
echo "Usage: arg2 is (nginx|varnish|http|ap|nfs|mysql)"
fi
檢測網(wǎng)絡(luò)是否通暢
$ ping 172.16.0.1
$ ping 192.168.1.1
配置后端的動靜節(jié)點(diǎn)以及 NFS、MySQL節(jié)點(diǎn)
配置NFS以及MySQL
配置MySQL
$ yum install -y mariadb-server
$ vim /etc/my.cnf.d/server.conf
[server]
skip_name_resolve=ON
innodb_file_per_table=ON
log-bin=mysql_bin
$ systemctl start mariadb.service
$ mysql
> CREATE DATABASE wordpress_db;
> GRANT ALL PRIVILEGES ON wordpress_db.* TO 'wordpress'@'192.168.1.50' IDENTIFIED BY 'root@123';
> GRANT ALL PRIVILEGES ON wordpress_db.* TO 'wordpress'@'192.168.1.60' IDENTIFIED BY 'root@123';
> GRANT ALL PRIVILEGES ON wordpress_db.* TO 'wordpress'@'192.168.1.70' IDENTIFIED BY 'root@123';
> GRANT ALL PRIVILEGES ON wordpress_db.* TO 'wordpress'@'192.168.1.80' IDENTIFIED BY 'root@123';
> GRANT ALL PRIVILEGES ON wordpress_db.* TO 'wordpress'@'192.168.1.100' IDENTIFIED BY 'root@123';
> FLUSH PRIVILEGES;
> exit;
- 配置NFS
# 執(zhí)行初始化腳本
$ bash -x init.sh nfs-server nfs
# 查看NFS是否運(yùn)行并監(jiān)聽在2049端口上
$ ss -tnl | grep 2049
配置動靜節(jié)點(diǎn)
# 只需檢測httpd服務(wù)是否正常運(yùn)行、可訪問即可
$ ss -tnl
$ curl http://192.168.1.50/index.html
$ curl http://192.168.1.60/index.html
$ curl http://192.168.1.70/index.php
$ curl http://192.168.1.80/index.php
配置調(diào)度器 HAProxy + KeepAlived
配置HAProxy
# 執(zhí)行初始化腳本
$ bash -x init.sh master haproxy
$ cd /etc/haproxy
$ vim haproxy.cfg
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
# 監(jiān)聽在80端口
bind *:80
# 增加自定義頭部
rspadd X-Via:\ HAProxy-1
# 刪除頭部
rspidel Server.*
# ACL規(guī)則
acl static path_end -i .html .css .js
acl static path_end -i .jpg .jpeg .gif .png
acl static path_beg -i /images /static
# 如果滿足定義的static ACL規(guī)則,則調(diào)度至此后端
use_backend websrvs if static
# 默認(rèn)后端
default_backend appsrvs
#---------------------------------------------------------------------
# Admin Stats
#---------------------------------------------------------------------
# 管理頁面配置
listen status
# 管理頁面監(jiān)聽端口
bind *:9909
# ACL規(guī)則
acl auth_admin src 172.16.250.15 172.16.1.11
# 開啟狀態(tài)頁
stats enable
# 狀態(tài)頁URI
stats uri /myha?stats
# 狀態(tài)頁提示信息
stats realm HAProxy\ Admin\ Area
# 認(rèn)證用戶:密碼
stats auth root:root@123
# 如果滿足 auth_admin條件則允許訪問狀態(tài)頁
stats admin if auth_admin
#---------------------------------------------------------------------
# WEB static backend
#---------------------------------------------------------------------
# 后端靜態(tài)(varnish) Websrvs
backend websrvs
# 添加頭部,日志中可以使用
option forwardfor header X-Client
# 負(fù)載均衡調(diào)度算法為 URI
balance uri
# 后端服務(wù)器,健康檢查、權(quán)重、自定義cookie
server web1 192.168.1.30:80 check weight 1 cookie web1
server web2 192.168.1.40:80 check weight 1 cookie web2
# 一致性HASH
hash-type consistent
#---------------------------------------------------------------------
# ap backend
#---------------------------------------------------------------------
# 后端動態(tài)節(jié)點(diǎn) appsrvs
backend appsrvs
option forwardfor header X-Client
balance uri
#balance roundrobin
server app1 192.168.1.70:80 cookie app1 check weight 1
server app2 192.168.1.80:80 cookie app2 check weight 1
hash-type consistent
$ systemctl start haproxy
$ ss -tnl | grep 80
配置keepalived
$ cd /etc/keepalived
$ vim keepalived.conf
# MASTER節(jié)點(diǎn)
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from KA@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id vs1
vrrp_mcast_group4 224.16.3.100
}
vrrp_instance VI_1 {
state MASTER
interface eno16777736
virtual_router_id 51
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass maxie95
}
virtual_ipaddress {
172.16.1.200/16 dev eno16777736 label eno16777736:0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
# BACKUP節(jié)點(diǎn)
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from KA@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id vs2
vrrp_mcast_group4 224.16.3.100
}
vrrp_instance VI_1 {
state BACKUP
interface eno16777736
virtual_router_id 51
priority 95
advert_int 2
authentication {
auth_type PASS
auth_pass maxie95
}
virtual_ipaddress {
172.16.1.200/16 dev eno16777736 label eno16777736:0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
# notify.sh腳本
$ vim notify.sh
#!/bin/bash
#
contact="root@localhost"
notify() {
local mailsubject="$(hostname) to be $1, VIP is folating"
local mailbody="$(date + '$F $T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
systemctl start nginx
notify master
;;
backup)
systemctl start nginx
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
$ systemctl start keepalived
# 查看vip是否在MASTER節(jié)點(diǎn)上
$ ifconfig
配置varnish
安裝
$ yum install varnish
配置varnish.params
$ cd /etc/varnish
$ vim varnish.params
# 修改監(jiān)聽端口為 80
VARNISH_LISTEN_PORT=80
# 管理IP地址以及端口
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082
# 共享密鑰文件
VARNISH_SECRET_FILE=/etc/varnish/secret
# 緩存類型,可以是磁盤,也可以是內(nèi)存。這里為內(nèi)存
VARNISH_STORAGE="malloc,512M"
# 運(yùn)行varnish的用戶以及組
VARNISH_USER=varnish
VARNISH_GROUP=varnish
# 其他自定義設(shè)置
DAEMON_OPTS="-p thread_pool_min=50 -p thread_pool_max=2000 -p thread_pool_timeout=300"
配置default.vcl
$ vim default.vcl
# new 4.0 format.
vcl 4.0;
# 導(dǎo)入負(fù)載均衡模塊
import directors;
# Default backend definition. Set this to point to your content server.
backend default {
.host = "127.0.0.1";
.port = "8080";
}
# 配置后端主機(jī)
backend web1 {
.host = "192.168.1.50";
.port = "80";
# 配置健康狀態(tài)檢查
.probe = {
# 檢查狀態(tài)檢查的URL
.url = "/index.html";
# 一共檢查的次數(shù)
.window= 8;
# 如果大于4次則為健康
.threshold = 4;
# 每3秒檢查一次
.interval = 3s;
# 超時時間
.timeout = 10s;
}
}
# 配置后端主機(jī)
backend web2 {
.host = "192.168.1.60";
.port = "80";
.probe = {
.url = "/index.html";
.window= 8;
.threshold = 4;
.interval = 3s;
.timeout = 10s;
}
}
# 初始化負(fù)載均衡
sub vcl_init {
# 定義負(fù)載均衡組的名字以及調(diào)度算法
new websrv = directors.round_robin();
websrv.add_backend(web1);
websrv.add_backend(web2);
}
# 定義裁剪緩存的提示信息
sub vcl_purge {
return (synth(200,"Pruge Fishished"));
}
# 定義裁剪的ACL
acl purges {
"172.16.1.11";
"172.16.250.15";
"127.0.0.0"/8;
}
# 定義接收段
sub vcl_recv {
# 如果請求方法是PURGE,也就是裁剪緩存
if (req.method == "PURGE") {
# 如果客戶端IP不在我們之前定義的ACL for purges中,提示如下信息
if (client.ip !~ purges) {
return(synth(403,"Purging not allowed for" + client.ip));
}
# 反之,執(zhí)行裁剪緩存
return(purge);
}
# 如果請求的URL中包括以下信息,則調(diào)度至我們的后端主機(jī)
if (req.url ~ "(?i)\.(html|css|js|jpg|jpeg|png|gif)$") {
set req.backend_hint = websrv.backend();
}
# 自定義頭部
if (req.restarts == 0) {
if (req.http.X-Forwarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + "," + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
}
sub vcl_backend_response {
# 清除響應(yīng)頭部
unset beresp.http.X-Powered-By;
# 如果向后端請求URL中包含以下字段,則清除cookie
if (bereq.url ~ "\.(css|js|png|gif|jp(e?)g|swf|ico|txt|eot|svg|woff)") {
unset beresp.http.cookie;
set beresp.http.cache-control = "public, max-age=3600";
}
# 如果相應(yīng)的狀態(tài)碼不是200或者404,則不緩存
if ( beresp.status != 200 && beresp.status != 404 ) {
set beresp.uncacheable = true;
set beresp.ttl = 120s;
return (deliver);
}
# 設(shè)置默認(rèn)ttl緩存為 1小時
set beresp.ttl = 1h;
# 意思在30s 內(nèi)復(fù)制舊的請求結(jié)果給客戶端
set beresp.grace = 30s;
return (deliver);
}
sub vcl_deliver {
# 如果命中了則返回自定義頭部,未命中則返回另一個自定義頭部
if (obj.hits>0) {
set resp.http.X-Cache = "Hit Via " + server.ip;
} else {
set resp.http.X-Cache = "Miss from " + server.ip;
}
}
傳送配置文件至另一臺varnish
$ scp -r /etc/varnish root@192.168.1.40:/etc
$ systemctl start varnish
$ ss -tnl | grep 80
配置varnish
客戶端配置hosts文件
$ sudo vim /etc/hosts
172.16.1.200 www.maxie.com
打開瀏覽器驗證
- 驗證主頁
- 驗證WordPress
- 驗證是否可以會話保持
- 驗證是否可以上傳圖片
Paste_Image.png
- 驗證靜態(tài)資源是否命中緩存
配置完畢
至此已經(jīng)全部配置完畢了,如果想使用nginx作為調(diào)度器,只需將haproxy服務(wù)停掉即可
- nginx配置文件
upstream varnishsrv {
server 192.168.1.30:80;
server 192.168.1.40:80;
}
upstream appsrv {
ip_hash;
server 192.168.1.70:8080;
server 192.168.1.80:8080;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
index index.php;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://varnishsrv/;
}
location /wordpress {
proxy_pass http://varnishsrv;
}
location ~* /.*\.php$ {
index index.php;
proxy_pass http://appsrv;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
不過,我這里只實現(xiàn)了調(diào)度,并沒有實現(xiàn)緩存靜態(tài)資源。
- 也可以將AP替換成AT,也就是Apache+Tomcat,而且可以通過memcached實現(xiàn)session server。不過這個實現(xiàn),我們下次在實現(xiàn)吧
本文來源:Maxie’s Notes
