HAProxy+Varnish+LNMP实现高可用负载均衡动静分离集群部署

HAProxy高可用负载均衡集群部署

基本信息:

系统平台:VMware WorkStation

系统版本: CentOS Linux release 7.2.1511 (Core)

内核版本: 3.10.0-327.el7.x86_64

集群架构:

前端:HAProxy

1、虚拟FQDN:www.simpletime.net

2、VIP:192.168.39.1;DIP:172.16.39.50

3、调度服务器:Varnish1、Varnish2

4、调度算法:URL_Hash_Consistent

5、集群统计页:172.16.39.50:9091/simpletime?admin

缓存服务器:Varnish

1、VarnishServer1:172.16.39.14:9527

2、VarnishServer2:172.16.39.15:9527

3、开启健康状态探测,提供高可用

4、负载均衡后端Web服务器组

5、动静分离后端服务器,并动静都提供负载均衡效果

后端服务器:

StaticServer1:172.16.39.14:80

StaticServer2:172.16.39.15:80

DynamicServer1:172.16.39.151

DynamicServer2:172.16.39.152

Mysql服务器:

MysqlServer:172.16.39.150

思考:

1、负载均衡动静分离后,会话如何保持?

2、负载均衡动静分离后,存储如何解决?

3、该方案适用于什么样的场景?

4、该方案缺陷有哪些?

5、如何改进?

一、部署HAProxy

1、安装HAProxy
~]# yum install HAProxy
2、配置HAProxy
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend  web *:80
    #acl url_static       path_beg       -i /static /images /javascript /stylesheets
    #acl url_static       path_end       -i .jpg .gif .png .css .js .html .txt .htm
    #acl url_dynamic      path_begin     -i .php .jsp     
    #default_backend      static_srv if url_static
    #use_backend          dynamic_srv if url_dynamic
    use_backend        varnish_srv
 
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend varnish_srv
    balance     uri           #使用基于URL的一致性哈希调度算法             
    hash-type   consistent 
    server varnish1 172.16.39.14:9527 check
    server varnish2 172.16.39.15:9527 check
 
listen stats     #开启HAProxy图形化Web管理功能
    bind :9091
    stats enable
    stats uri   /simpletime?admin
    stats hide-version
    stats auth admin:abc.123
    stats admin if TRUE
3、启动服务
~]# systemctl start haproxy 
~]# systemctl status haproxy #查看状态
~]# ss -tnlp #查看80和9091端口是否启用
~]# systemctl enable haproxy #设置开机启动

二、部署Varnish,两台配置一致(172.16.39.14|15)

1、安装及配置
~]# yum install varnish -y
~]# vim /etc/varnish/varnish.params 
VARNISH_LISTEN_PORT=9527 #更改默认端口
~]# systemctl start varnish 
~]# systemctl enable varnish 
~]# vim /etc/varnish/default.vcl
vcl 4.0;
##############启用负载均衡模块###############
import directors;
################定义Purge-ACL控制#######################
acl purgers {
    "127.0.0.1";
    "172.16.39.0"/16;
}
# Default backend definition. Set this to point to your content server.
##############配置健康状态探测##############
probe HE {                      #静态检测
    .url = "/health.html";      #指定检测URL
    .timeout = 2s;              #探测超时时长
    .window = 5;                #探测次数
    .threshold = 2;             #探测次数成功多少次才算健康
    .initial = 2;               #Varnish启动探测后端主机2次健康后加入主机
    .interval = 2s;             #探测间隔时长
    .expected_response = 200;   #期望状态响应码
}
probe HC {                      #动态监测
    .url = "/health.php";       
    .timeout = 2s;              
    .window = 5;               
    .threshold = 2;             
    .initial = 2;               
    .interval = 2s;             
    .expected_response = 200;   
}
#############添加后端主机################
backend web1 {
    .host = "172.16.39.151:80";
    .port = "80";
    .probe = HC;
}
 
backend web2 {
    .host = "172.16.39.152:80";
    .port = "80";
    .probe = HC;
}
 
backend app1 {
    .host = "172.16.39.14:80";
    .port = "80";
    .probe = HE;
}
 
backend app2 {
    .host = "172.16.39.15:80";
    .port = "80";
    .probe = HE;
}
 
#############定义负载均衡及算法###############
sub vcl_init {
    new webcluster = directors.round_robin();
    webcluster.add_backend(web1);
    webcluster.add_backend(web2);
 
    new appcluster = directors.round_robin();
    appcluster.add_backend(app1);
    appcluster.add_backend(app2);
}
################定义vcl_recv函数段######################
sub vcl_recv {
#####ACL未授权,不允许PURGE,并返回405#####
    if (req.method == "PURGE") {
        if(!client.ip ~ purgers){
            return(synth(405,"Purging not allowed for" + client.ip));
        }
        return (purge);
    }
#####添加首部信息,使后端服务记录访问者的真实IP
#    if (req.restarts == 0) {
#        set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
#    } else {
#        set req.http.X-Forwarded-For = client.ip;
#    }
#    set req.backend_hint = webcluster.backend();
#    set req.backend_hint = appcluster.backend();
#注:因为Varnish不是一级代理,配置forward只能取到上级代理IP,而上级代理IP,本身就包含在HAProxy发送过来的Forward里,所以没必要配置,而后端服务器只要日志格式有启用记录Forward信息,并且上级代理没有做限制,那么,就能获取到客户端真实IP;
#####动静分离#####
    if (req.url ~ "(?i)/.(php|asp|aspx|jsp|do|ashx|shtml)($|/?)") {
        set req.backend_hint = appcluster.backend();
    }
#####不正常的请求不缓存#####
    if (req.method != "GET" &&
        req.method != "HEAD" &&
        req.method != "PUT" &&
        req.method != "POST" &&
        req.method != "TRACE" &&
        req.method != "OPTIONS" &&
        req.method != "PATCH" &&
        req.method != "DELETE") {
        return (pipe);
    }
#####如果请求不是GET或者HEAD,不缓存#####
    if (req.method != "GET" && req.method != "HEAD") {
        return (pass);
    }
#####如果请求包含Authorization授权或Cookie认证,不缓存#####
    if (req.http.Authorization || req.http.Cookie) {
        return (pass);
    }
#####启用压缩,但排除一些流文件压缩#####
    if (req.http.Accept-Encoding) {
        if (req.url ~ "/.(bmp|png|gif|jpg|jpeg|ico|gz|tgz|bz2|tbz|zip|rar|mp3|mp4|ogg|swf|flv)$") {
            unset req.http.Accept-Encoding;
        } elseif (req.http.Accept-Encoding ~ "gzip") {
            set req.http.Accept-Encoding = "gzip";
        } elseif (req.http.Accept-Encoding ~ "deflate") {
            set req.http.Accept-Encoding = "deflate";
        } else {
            unset req.http.Accept-Encoding;
        }
    }
        return (hash);
}
####################定义vcl_pipe函数段#################
sub vcl_pipe {
    return (pipe);
}
sub vcl_miss {
    return (fetch);
}
####################定义vcl_hash函数段#################
sub vcl_hash {
    hash_data(req.url);
    if (req.http.host) {
        hash_data(req.http.host);
    } else {
        hash_data(server.ip);
    }
    if (req.http.Accept-Encoding ~ "gzip") {
        hash_data ("gzip");
    } elseif (req.http.Accept-Encoding ~ "deflate") {
        hash_data ("deflate");
    }
}
##############设置资源缓存时长#################
sub vcl_backend_response {
    if (beresp.http.cache-control !~ "s-maxage") {
       if (bereq.url ~ "(?i)/.(jpg|jpeg|png|gif|css|js|html|htm)$") {
          unset beresp.http.Set-Cookie;
          set beresp.ttl = 3600s;
       }
    }
}
################启用Purge#####################
sub vcl_purge {
    return(synth(200,"Purged"));
}
###############记录缓存命中状态##############
sub vcl_deliver {
    if (obj.hits > 0) {
        set resp.http.X-Cache = "HIT from " + req.http.host;
        set resp.http.X-Cache-Hits = obj.hits;
    } else {
        set resp.http.X-Cache = "MISS from " + req.http.host;
    }
    unset resp.http.X-Powered-By;
    unset resp.http.Server;
    unset resp.http.Via;
    unset resp.http.X-Varnish;
    unset resp.http.Age;
}
2、加载配置,因为还没有配置后端应用服务器,可以看到后端主机健康检测全部处于Sick状态
~]# varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082
varnish> vcl.load conf1 default.vcl   
200        
VCL compiled.
varnish> vcl.use conf1
200        
VCL 'conf1' now active
varnish> backend.list 
200        
Backend name                   Refs   Admin      Probe
web1(172.16.39.151,,80)        15     probe      Sick 0/5
web2(172.16.39.152,,80)        15     probe      Sick 0/5
app1(172.16.39.14,,80)         15     probe      Sick 0/5
app2(172.16.39.15,,80)         15     probe      Sick 0/5

三、部署Mysql(172.16.39.150)

 

八、总结

1、架构优点: (1)HAProxy为Varnish缓存服务器提供了高可用的负载均衡,其使用的算法,也为Varnish提升了缓存命中率; (2)HAProxy提供Web图形化管理界面,节约了学习成本; (3)Varnish的高效缓存机制极大的提升了Web应用的性能,降低了Web服务器的压力; (4)Varnish给后端Web服务器提供了高可用负载均衡,并使用了动态分离技术,保障了后端主机的冗余,显著提升了其性能; (5)NFS+Rsync+inodify基本解决了该架构存储的问题,该架构文件存储因服务器有限,并没有设计好,储存服务器因有单独的网络存储服务器来提供; 2、冗余不足: (1)Nginx负载均衡调度器,没有冗余能力,易出现单点故障。 解决方案:增加服务器,使用Keepalive做高可用。 (2)MysqlServer,没有冗余能力。 解决方案:主从复制、MHA。 (3)NFS文件服务,没有冗余能力。 解决方案:可以增加服务器,使用rsync+inodify实现数据实时同步,再用keepalive做高可用。 3、性能瓶颈: (1)NFS文件系统,因网络IO能力与磁盘本身性能,多台主机同时挂载执行读取读写操作,势必带来性能下降,根据木桶原理,此短板已成为该群集方案性能瓶颈。 (2)在大量的读写访问下,数据库的压力会非常大,从而影响性能。 解决方案:数据库主从复制,读写分离; 友情链接: 1、Nginx日志过滤模块官网下载链接 https://github.com/cfsego/ngx_log_if/ 2、Varnish4.0官方帮助指南 http://www.varnish-cache.org/docs/4.0/users-guide/ 以上均为个人观点,本架构还有许多不足之处,仅作学习交流之用; 作者:AllenYang1990

原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/54645.html

(0)
上一篇 2021年8月7日 03:54
下一篇 2021年8月7日 03:54

相关推荐

发表回复

登录后才能评论