LVS+Keepalived+LNMP 组成防攻击假网站

这是生产环境中一个项目，该公司的网站经常受到同行的ddos攻击，故需要搭建一个环境让攻击者攻击时候转到公司的假网站上。我的任务就是搭建抗攻击的假网站。

我的设计这样的lvs（+keepalived组成高可用）+LNMP+组成公司的假网站。总过8台机器6台web服务器2台lvs
为了保密，ip和真正地web都不。。。web只用两台代替。

1，配置准备
CentOS下的yum环境，keepalived-1.1.17.tar.gz，ipvsadm-1.24.tar.gz

免费下载地址在

用户名与密码都是

具体下载目录在 /2012年资料/4月/3日/LVS+Keepalived+LNMP 组成防攻击假网站/

2，安装配置
配置时候要确保下面的连接正常ln -sv /usr/src/kernels/2.6.32-220.el6.i686/ linux，因为keepalived-1.1.17.tar.gz，ipvsadm-1.24.tar.gz这两个包的编译都依赖开发的内核。如果出现以下情况：

[root@localhost src]# ll
total 8
drwxr-xr-x 7 root root 4096 Mar  1 03:01 RedHat
[root@localhost src]#
因为在装系统的时候没有装kernels的开发包这时候需要自己装
yum install kernel*

安装ipvsadm-1.24.tar.gz
tar xf ipvsadm-1.24.tar.gz
cd ipvsadm-1.24
make && make install
安装keepalived-1.1.17.tar.gz
tar xf keepalived-1.1.17.tar.gz
cd keepalived-1.1.17
 ./configure
确保./configure的结果是下面样子
Keepalived configuration
------------------------
Keepalived version       : 1.1.17
Compiler                 : gcc
Compiler flags           : -g -O2
Extra Lib                : -lpopt -lssl -lcrypto
Use IPVS Framework       : Yes
IPVS sync daemon support : Yes
Use VRRP Framework       : Yes
Use LinkWatch            : No
Use Debug flags          : No
make && make install
cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
mkdir /etc/keepalived
cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/sbin/keepalived /usr/sbin/
3，配置keepalived的主备配置文件
vim /etc/keepalived/keepalived.conf
#######MASTER#####################
! Configuration File for keepalived
global_defs {
   notification_email {
        470499989@qq.com
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   router_id LVS_DEVEL
}
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.200
    }
}
virtual_server 192.168.1.200 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP

real_server 192.168.1.117 80 {
        weight 3
        TCP_CHECK {
        connect_timeout 10
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
    }
    real_server 192.168.1.118 80 {
        weight 3
        TCP_CHECK {
        connect_timeout 10
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
    }
}

#################BACKUP#########################
! Configuration File for keepalived
global_defs {
   notification_email {
        470499989@qq.com
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   router_id LVS_DEVEL
}
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.200
    }
}
virtual_server 192.168.1.200 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP