HAProxy 示例

ThingWorx 高可用性 > HAProxy 示例

HAProxy 示例

HAProxy 信息

有关 HAProxy 的信息，可在以下位置找到：

• http://www.haproxy.org

• http://www.haproxy.org/download/1.5/doc/configuration.txt

• http://serverfault.com/questions/239749/possible-to-add-basic-http-access-authentication-via-haproxy

• http://stackoverflow.com/questions/13325882/haproxy-solr-healthcheck-with-authentication

• https://www.digitalocean.com/community/tutorials/how-to-use-haproxy-to-set-up-http-load-balancing-on-an-ubuntu-vps

HAProxy 示例配置

global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
option http-server-close
option forwardfor
timeout connect 4s
timeout client 20s
timeout server 20s
timeout client-fin 20s
timeout tunnel 1h
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend ft_app
bind *:80 name app
reqadd X-Forwarded-Proto:\ http
default_backend bk_app
frontend www-https
bind *:443 ssl crt /etc/ssl/thingworx/thingworx.pem
reqadd X-Forwarded-Proto:\ https
default_backend bk_app
backend bk_app
stick-table type ip size 1
stick on dst
# Server s1 and server s2 are ThingWorx server nodes 1 and 2.
server s1 10.68.75.208:8080 check
server s2 10.68.75.208:8081 check backup
option httpchk GET /Thingworx/Admin/HA/LeaderCheck HTTP/1.0\r\nAuthorization:\ Basic\ QWRtaW5pc3RyYXRvcjphZG1pbg==

多个 HAProxy 设置

对于多个 HAProxy 设置，请执行以下操作：

1. 在两台服务器上安装 HAProxy。

2. 在同样两个服务器上安装 Keepalived。

sudo apt-get install keepalived
sudo vi /etc/sysctl.conf

3. 向文件末尾添加以下行：

net.ipv4.ip_nonlocal_bind=1

4. 保存并关闭。

sudo sysctl -p
sudo vi /etc/keepalived/keepalived.conf

5. 将以下内容添加到 keepalived.conf:

# Settings for notifications
global_defs {
}

# Define the script used to check if haproxy is still working
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
fall 2
rise 2
}

# Configuation for the virtual interface
vrrp_instance VI_1 {
interface eth0
state MASTER # set this to BACKUP on the other machine
priority 101 # set this to 100 on the other machine
virtual_router_id 51
advert_int 1
lvs_sync_daemon_interface eth0
authentication {
auth_type AH
auth_pass myPassw0rd # Set this to some secret phrase
}

# The virtual ip address shared between the two loadbalancers
virtual_ipaddress {
192.168.234.200
}

# Use the script above to check if we should fail over
track_script {
chk_haproxy
}
}

6. 保存并退出。

sudo service keepalived start

7. 转至另一个服务器，并按照以上所述设置 Keepalived，其中唯一的区别在于 keepalived.conf:

Set
state MASTER # set this to BACKUP on the other machine
priority 101 # set this to 100 on the other machine
to
state BACKUP
priority 100

8. 启动 ThingWorx、HAProxy 和其他 Keepalived 过程。

在浏览器中转至 192.168.234.200/ThingWorx，验证已有 HAProxy。