LNMP + HAProxy + Keepalived 부하 균형 (3) - 프로필 집합

  • Nginx 의 조작 명령
    vim /usr/local/nginx/conf/nginx.conf
    #     80   10001,      :
    listen 10001 default_server;
    #           nginx    
    
    #   Nginx,      ;
    service nginx restart & service nginx status
  • Nginx 프로필 (웹 서버 에서 수정 해 야 할 설정, 참고 만)
    user  www www;
    worker_processes auto;
    error_log  /home/wwwlogs/nginx_error.log  crit;
    pid        /usr/local/nginx/logs/nginx.pid;
    
    #Specifies the value for maximum file descriptors that can be opened by this process.
    worker_rlimit_nofile 51200;
    events
    {
       use epoll;
       worker_connections 51200;
       multi_accept on;
    }
    http
    {
       include       mime.types;
       default_type  application/octet-stream;
       server_names_hash_bucket_size 128;
       client_header_buffer_size 32k;
       large_client_header_buffers 4 32k;
       client_max_body_size 50m;
    
       sendfile   on;
       tcp_nopush on;
       keepalive_timeout 60;
       tcp_nodelay on;
    
       fastcgi_connect_timeout 300;
       fastcgi_send_timeout 300;
       fastcgi_read_timeout 300;
       fastcgi_buffer_size 64k;
       fastcgi_buffers 4 64k;
       fastcgi_busy_buffers_size 128k;
       fastcgi_temp_file_write_size 256k;
    
       gzip on;
       gzip_min_length  1k;
       gzip_buffers     4 16k;
       gzip_http_version 1.1;
       gzip_comp_level 2;
       gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
       gzip_vary on;
       gzip_proxied   expired no-cache no-store private auth;
       gzip_disable   "MSIE [1-6]\.";
       #limit_conn_zone $binary_remote_addr zone=perip:10m;
       ##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.
    
       server_tokens off;
       access_log off;
    
       server
       {
           #            
           listen 10001 default_server;
           server_name _;
           index index.html index.htm index.php default.html default.htm default.php;
           #      
           root  /home/wwwroot/publishPath;
    
           include rewrite/laravel.conf;
           #error_page   404   /404.html;
    
           # Deny access to PHP files in specific directory
           #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
    
           include enable-php.conf;
    
           location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
           {
               expires      30d;
           }
           location ~ .*\.(js|css)?$
           {
               expires      12h;
           }
           location ~ /.well-known {
               allow all;
           }
           location ~ /\.
           {
               deny all;
           }
           access_log off;
       }
        #            ,                    server    ;
       # include vhost/*.conf;
    }
  • MySQL 의 조작 명령
    vim /etc/my.cnf
    service mysql restart & service mysql status
    lnmp restart
  • MySQL 의 설정 파일 (DB 서버 에서 수정 해 야 할 설정, 참고 용)
    [client]
    port        = 10002
    socket      = /tmp/mysql.sock
    
    [mysqld]
    port        = 10002
    socket      = /tmp/mysql.sock
    #          
    datadir = /home/lnmp/mysql/data
    skip-external-locking
    key_buffer_size = 128M
    max_allowed_packet = 1M
    table_open_cache = 512
    sort_buffer_size = 2M
    net_buffer_length = 8K
    read_buffer_size = 2M
    read_rnd_buffer_size = 512K
    myisam_sort_buffer_size = 32M
    thread_cache_size = 64
    query_cache_size = 64M
    tmp_table_size = 64M
    performance_schema_max_table_instances = 4000
    
    explicit_defaults_for_timestamp = true
    #skip-networking
    max_connections = 500
    max_connect_errors = 100
    open_files_limit = 65535
    
    log-bin=mysql-bin
    binlog_format=mixed
    server-id = 51
    lower_case_table_names = 1
    expire_logs_days = 10
    replicate_wild_do_table=lgd_system.%
    # relay_log=mysqld-relay-bin
    log-slave-updates=YES
    
    default_storage_engine = InnoDB
    innodb_file_per_table = 1
    innodb_data_home_dir = /home/lnmp/mysql/data
    innodb_data_file_path = ibdata1:10M:autoextend
    innodb_log_group_home_dir = /home/lnmp/mysql/data
    innodb_buffer_pool_size = 512M
    innodb_log_file_size = 128M
    innodb_log_buffer_size = 8M
    innodb_flush_log_at_trx_commit = 1
    innodb_lock_wait_timeout = 50
    
    [mysqldump]
    #        ,            
    user=bakuser
    password=ZXdfty^&
    quick
    max_allowed_packet = 16M
    
    [mysql]
    no-auto-rehash
    
    [myisamchk]
    key_buffer_size = 128M
    sort_buffer_size = 2M
    read_buffer = 2M
    write_buffer = 2M
    
    [mysqlhotcopy]
    interactive-timeout
  • HAProxy 의 조작 명령
    #       :
    # Web   HAProxy - http://192.168.6.111:8080/web
    # DB   HAProxy - http://192.168.6.211:8080/db
    #           ,   8080           。
    #     :
    vim /etc/haproxy/haproxy.cfg
    service haproxy restart & service haproxy status
  • HAProxy 의 프로필 (웹 서버)
    #---------------------------------------------------------------------
    # Global settings
    #---------------------------------------------------------------------
    global
       #        ,  log   ,    127.0.0.1  syslog    local0    ,       info   
       log         127.0.0.1 local3
       #       
       chroot      /var/lib/haproxy
       # haproxy pid    ,                 
       pidfile     /usr/local/haproxy/haproxy.pid
       #      ,  4000
       maxconn     30000
       #     
       user        haproxy
       #    
       group       haproxy
       #          haproxy
       daemon
       # turn on stats unix socket
       # stats socket /var/lib/haproxy/stats    # socket  
    
    #---------------------------------------------------------------------
    # common defaults that all the 'listen' and 'backend' sections will
    # use if not designated in their block
    #---------------------------------------------------------------------
    defaults
       mode                    http    #      mode { tcp|http|health },tcp 4 ,http 7 ,health    OK
       log                     global    #          
       option                  httplog    #       HTTP  ,  haproxy        HTTP    
       option                  dontlognull    #             
       option http-server-close    #            http  
       
       #                 ip       ,   Http Header      ip
       option forwardfor       except 127.0.0.0/8
       option                  redispatch    # serverId         ,             
       retries                 3    # 3             ,          
       timeout http-request    10s      # http      
       timeout queue           1m       #              
       timeout connect         10s      #     
       timeout client          1m       #        
       timeout server          1m       #        
       timeout http-keep-alive 10s      #   http-keep-alive     
       timeout check           10s      #     
       maxconn                 3000    #      
    
    #---------------------------------------------------------------------
    # main frontend which proxys to the backends
    #---------------------------------------------------------------------
    #     
    frontend  main *:80
       acl url_static       path_beg       -i /static /images /javascript /stylesheets
       acl url_static       path_end       -i .jpg .gif .png .css .js
    
       use_backend static          if url_static
       default_backend             servers
    
    #---------------------------------------------------------------------
    # static backend for serving up images, stylesheets and such
    #---------------------------------------------------------------------
    #           
    backend static
       balance     roundrobin
       server    static1 192.168.6.100:10001 check inter 2000 fall 3 weight 50
       server    static2 192.168.6.110:10001 check inter 2000 fall 3 weight 50
    
    #---------------------------------------------------------------------
    # round robin balancing between the various backends
    #---------------------------------------------------------------------
    #       
    backend servers
       balance     roundrobin
       #   cookie  ,                      ,            ,        
       cookie app_cook    insert nocache
       server    app1 192.168.6.100:10001 check inter 2000 fall 3 weight 50 cookie server1
       server    app2 192.168.6.110:10001 check inter 2000 fall 3 weight 50 cookie server2
    
    # HAProxy        
    listen stats
       #     
       bind *:8080
       mode http
       # stats enable
       #     :192.168.6.100:8080/web   192.168.6.110:8080/web
       stats uri /web
       stats realm Global\ statistics
       #      
       stats auth hapadmin:1qazse$#2
  • HAProxy 의 프로필 (DB 서버)
    #---------------------------------------------------------------------
    # Global settings
    #---------------------------------------------------------------------
    global
       pidfile     /var/run/haproxy.pid
       maxconn     30000
       user        haproxy
       group       haproxy
       daemon
       nbproc    1
    
    #---------------------------------------------------------------------
    # common defaults that all the 'listen' and 'backend' sections will
    # use if not designated in their block
    #---------------------------------------------------------------------
    defaults
       mode                    tcp
       option                  redispatch
       retries                 3
       timeout queue           1m
       timeout connect         10s
       timeout client          1m
       timeout server          1m
       timeout check           10s
       maxconn                 4096
       option        abortonclose
    
    frontend main
        bind *:3306
         default_backend servers
    
    backend servers
       server    mysql1 192.168.6.200:10002 check inter 3000 fall 3 weight 50
       server    mysql2 192.168.6.210:10002 check inter 3000 fall 3 weight 50
    
    #       :192.168.6.210:8080/db   192.168.6.200:8080/db
    listen stats
       mode http
       bind 0.0.0.0:8080
       stats enable
       stats uri /db
       stats realm Global\ statistics
       stats auth dbadmin:1qazse$#2
  • Keeplived 의 조작 명령
    #       Keepalived   :
    keepalived -v
    #     :
    cat /etc/keepalived/keepalived.conf
    #       :
    vim /etc/keepalived/keepalived.conf
    #           :
    mysql -h      ip   -P    -u     -p
    mysql -h 192.168.6.200 -P 3306 -u dbuser -p
    
    #         vrrp     ,  Keepalived  :
    firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface      --destination 224.0.0.18 --protocol vrrp -j ACCEPT;
    firewall-cmd --reload;
    #                   ,
    # INPUT    224.0.0.18   。
    #  VIP      VIP  :
    ip addr | grep     
    #   VIP      keepalived  ,   VIP    ,             VIP:
    service keepalived stop && service keepalived status
    ip addr | grep     
    #      keepalived         keepalived  ,  VIP     :
    service keepalived start && service keepalived status
    ip addr | grep     
  • Keeplived 설정 (웹 서버)
  • 웹 메 인 서버 설정:
    # Master     :
    ! Configuration File for keepalived
    global_defs {
      notification_email {
          [email protected]    #     ,      
      }
      notification_email_from [email protected]    #    ,   
      smtp_server 127.0.0.1    #           
      smtp_connect_timeout 30    #       
      no_email_faults
      router_id WebMaster
      vrrp_skip_check_adv_addr
      vrrp_strict
      vrrp_garp_interval 0
      vrrp_gna_interval 0
    }
    vrrp_script chk_haproxy { # HAProxy      
      script '/etc/keepalived/check_haproxy.sh'
      interval 2
      weight 2
    }
    vrrp_instance VI_1 {    #    vrrp_instance           
      state MASTER    #           master  
      interface         #     , eth0,         
      virtual_router_id 100    #      id ,      255 
      priority 100    #    ,    ,     ,    
      advert_int 1    #      
      authentication {    #     
          auth_type PASS
          auth_pass 666    #   ,    ,      
      }    
      track_script {
          chk_haproxy
      }
      virtual_ipaddress {    # Web     ip  :vip,          IP。
          #/ brd  dev  scope  label 
  • 웹 서버 설정:
    # Backup     :
    ! Configuration File for keepalived
    global_defs {
      notification_email {
          [email protected]    #     ,      
      }
      notification_email_from [email protected]    #    ,   
      smtp_server 127.0.0.1    #           
      smtp_connect_timeout 30    #       
      no_email_faults
      router_id WebBackup
      vrrp_skip_check_adv_addr
      vrrp_strict
      vrrp_garp_interval 0
      vrrp_gna_interval 0
    }
    vrrp_script chk_haproxy { # HAProxy      
      script '/etc/keepalived/check_haproxy.sh'
      interval 2
      weight 2
    }
    vrrp_instance VI_1 {    #    vrrp_instance           
      state BACKUP    #           backup  
      interface         #     , eth0,         
      virtual_router_id 100    #      id ,      255 
      priority 90    #    ,    ,     ,    
      advert_int 1    #      
      authentication {    #     
          auth_type PASS
          auth_pass 666    #   ,    ,      
      }    
      track_script {
          chk_haproxy
      }
      virtual_ipaddress {    # Web     ip  :vip,          IP。
          #/ brd  dev  scope  label 
  • Keeplived 설정 (DB 서버)
  • DB 메 인 서버 설정:
    # Master     :
    ! Configuration File for keepalived
    global_defs {
      notification_email {
          [email protected]    #     ,      
      }
      notification_email_from [email protected]    #    ,   
      smtp_server 127.0.0.1    #           
      smtp_connect_timeout 30    #       
      no_email_faults
      router_id DBMaster
      vrrp_skip_check_adv_addr
      vrrp_strict
      vrrp_garp_interval 0
      vrrp_gna_interval 0
    }
    vrrp_script chk_haproxy { # HAProxy      
      script '/etc/keepalived/check_haproxy.sh'
      interval 2
      weight 2
    }
    vrrp_instance VI_1 {    #    vrrp_instance           
      state MASTER    #           master  
      interface         #     , eth0,         
      virtual_router_id 99    #      id ,      255 
      priority 100    #    ,    ,     ,    
      advert_int 1    #      
      authentication {    #     
          auth_type PASS
          auth_pass 666    #   ,    ,      
      }    
      track_script {
          chk_haproxy    
      }    
      virtual_ipaddress {    # DB     ip  :vip,          IP。
          #/ brd  dev  scope  label 
  • DB 서버 설정:
    # Backup     :
    ! Configuration File for keepalived
    global_defs {
      notification_email {
          [email protected]    #     ,      
      }
      notification_email_from [email protected]    #    ,   
      smtp_server 127.0.0.1        #           
      smtp_connect_timeout 30    #       
      no_email_faults
      router_id DBBackup
      vrrp_skip_check_adv_addr
      vrrp_strict
      vrrp_garp_interval 0
      vrrp_gna_interval 0
    }
    vrrp_script chk_haproxy { # HAProxy      
      script '/etc/keepalived/check_haproxy.sh'
      interval 2
      weight 2
    }
    vrrp_instance VI_1 {    #    vrrp_instance           
      state BACKUP        #           master  
      interface      #     , eth0,         
      virtual_router_id 99    #      id ,      255 
      priority 90        #    ,    ,     ,    
      advert_int 1        #      
      authentication {        #     
          auth_type PASS
          auth_pass 666    #   ,    ,      
      }    
      track_script {
          chk_haproxy    
      }    
      virtual_ipaddress {    # DB     ip  :vip,          IP。
          #/ brd  dev  scope  label 
  • Keepalived 호출 스 크 립 트 만 들 기
  • 조작 명령
    mkdir /etc/keepalived/
    echo '' > /etc/keepalived/check_haproxy.sh
    echo '' > /etc/keepalived/clean_arp.sh
    chmod +x /etc/keepalived/*.sh
    #            ,  
  • /etc/keepalived/check_haproxy.sh
    #!/bin/bash
    #   haproxy      
    if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
      #       ,   haproxy  
      haproxy -f /etc/haproxy/haproxy.cfg
    fi
    #      ,  haproxy    
    sleep 2
    #   haproxy      
    if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
      #   haproxy      ,  keepalived  , VIP         haproxy  ,    haproxy    
      service keepalived stop
  • /etc/keepalived/clean_arp.sh
    #!/bin/sh
    VIP=$1
    GATEWAY=192.168.6.255 #          
    /sbin/arping -I ens160 -c 5 -s $VIP $GATEWAY &>/dev/null

  • 발표 파일 의 설정
    #        
    chmod -R 777 /home/wwwroot/publishPath
    # PHP    
    vim /home/wwwroot/publishPath/.env
    
    #       :
    APP_DEBUG=false
    # Web   VIP,      ,    192.168.6.111     ,      IP    IP
    APP_URL=http://192.168.6.111
    DB_CONNECTION=mysql
    # DB   VIP
    DB_HOST=192.168.6.211
    # DB     
    DB_PORT=3306
    #      
    DB_DATABASE=dbName
    #       
    DB_USERNAME=dbuser
    #      
    DB_PASSWORD=dbpwd
    #             ,    。
    
    #          php  :
    service php-fpm restart
  • IP 에 대한 설명 에서 말 한 IP 는 모두 내부 네트워크 IP 이 고 모든 설정 은 내부 네트워크 IP 를 사용 하면 됩 니 다.외부 네트워크 에 접근 하려 면 두 개의 가상 IP 와 포트 를 외부 네트워크 에 투사 하면 됩 니 다 (주의 php APP_URL.
  • 좋은 웹페이지 즐겨찾기