HAproxy + Keepalive实现Exchange反向代理服务

日期：2020-07-23 栏目：程序人生浏览：次

之前做了一个Haproxy + Keealived 实现LDAP查询代理的服务（见 HAproxy + Keepalive实现LDAP代理服务），感觉还不错，决定用它代理公网Exchange请求。TMG不更新了，而且配置有点繁琐，且动不动服务就死。

如果下文有地方看不懂，可以去我上一篇文章Haproxy+keepalived配置LDAP代理中去查看。

介绍一下架构：
用户通过公网DNS，分别会被指向到联通和电信的两个出口上，两个出口分别有两个HAproxy代理服务器，通过Keepalived做热备，虚拟出两个VIP，VIP01和VIP02,访问VIP01的用户被分配到黄线所连的CAS服务器上，访问VIP02的特殊用户群，被分配到蓝线的VIPCAS服务器上,VIPCAS服务器只提供OWA服务。电信出口一样，就不画线了，乱的慌。

开始讲解配置：
安装需要的组件，keepalived和haproxy
yum install gcc kernel-headers kernel-devel
yum install keepalived
yum install haproxy

配置keepalived的配置文件：
vi /etc/keepalived/keepalived.conf

如下配置：
vrrp_scriptchk_http_port {
script"/etc/keepalived/check_haproxy.sh" #检测haproxy健康状态的脚本
interval 2
weight 2 }
vrrp_instanceVI_1 {
interface eth0
state MASTER #备机配置为BACKUP
priority 101 #备机配置为100
virtual_router_id 51 #keepalived组表示，同一组中的主机该值要一样
smtp_alert
virtual_ipaddress {
x.x.x.1 #虚拟VIP01
x.x.x.2 #虚拟VIP02
}
track_script {
chk_http_port
}
}

接下来编辑检测Haprxoy健康的脚本：
vi /etc/keepalived/check_haproxy.sh
#!/bin/bash
A=`ps -C haproxy --no-header |wc -l`
if [ $A -eq 0 ];then
/etc/haproxy/haproxy -f /etc/haproxy/haproxy.cfg
sleep 3
if [ `ps -C haproxy --no-header |wc -l` -eq 0 ];then
/etc/init.d/keepalived stop
fi
fi
chmod 755 /etc/keepalived/check_haproxy.sh

编辑Haproxy的配置文件：
1 vi /etc/haproxy/haproxy.cfg

配置文件如下：
global
log /dev/log local0 info
log /dev/log local0 notice
maxconn 4096
user root
group root
daemon
defaults
log global
maxconn 10000
contimeout 5000
clitimeout 3600000
srvtimeout 3600000
option redispatch
retries 3
frontend owa_redirect
mode http
bind 1.x.x.x:80
redirect location https://mail.contoso.com
frontend vipowa_redirect
mode http
bind 2.x.x.x:80
redirect location https://mailvip.contoso.com
frontend vipowa_443
mode tcp
bind 2.x.x.x:443
default_backend pool_vipowa
log global
option tcplog
backend pool_vipowa
balance roundrobin
option redispatch
option abortonclose
option persist
stick on src
stick-table type ip size 10240k expire 240m
server CASVIP01 x.x.x.1:443 check inter 5000 weight 1 rise 2 fall 3
server CASVIP02 x.x.x.2:443 check inter 5000 weight 1 rise 2 fall 3
frontend owa_443
mode tcp
bind 1.x.x.x:443
default_backend pool_owa
log global
option tcplog
backend pool_owa
balance roundrobin
option redispatch
option abortonclose
option persist
stick on src
stick-table type ip size 10240k expire 240m
server CAS00 x.x.x.0:443 check inter 5000 weight 1 rise 2 fall 3
server CAS01 x.x.x.1:443 check inter 5000 weight 1 rise 2 fall 3
server CAS02 x.x.x.2:443 check inter 5000 weight 1 rise 2 fall 3
server CAS03 x.x.x.3:443 check inter 5000 weight 1 rise 2 fall 3
frontend smtp_25
mode tcp
bind 1.x.x.x:25
default_backend pool_smtp
log global
option tcplog
backend pool_smtp
balance roundrobin
option redispatch
option abortonclose
option persist
stick on src
stick-table type ip size 10240k expire 240m
server CAS00 x.x.x.0:25 check inter 5000 weight 1 rise 2 fall 3
server CAS01 x.x.x.1:25 check inter 5000 weight 1 rise 2 fall 3
server CAS02 x.x.x.2:25 check inter 5000 weight 1 rise 2 fall 3
server CAS03 x.x.x.3:25 check inter 5000 weight 1 rise 2 fall 3
frontend pop_110
mode tcp
bind 1.x.x.x:110
default_backend pool_pop
log global
option tcplog
backend pool_pop
balance roundrobin
option redispatch
option abortonclose
option persist
stick on src
stick-table type ip size 10240k expire 240m
server CAS00 x.x.x.0:110 check inter 5000 weight 1 rise 2 fall 3
server CAS01 x.x.x.1:110 check inter 5000 weight 1 rise 2 fall 3
server CAS02 x.x.x.2:110 check inter 5000 weight 1 rise 2 fall 3
server CAS03 x.x.x.3:110 check inter 5000 weight 1 rise 2 fall 3
frontend vs_stats :8081
mode http
log global
option httplog
default_backend stats_backend
backend stats_backend
mode http
stats enable
stats uri /stats
stats auth admin:admin

转载注明出处：http://www.heiqu.com/8495aa5570f03b89f773e8c79e011fc5.html

HAproxy + Keepalive实现Exchange反向代理服务

相关推荐