haproxy 反向代理 tomcat (https、负载均衡) |
您所在的位置:网站首页 › haproxy反向代理实例 › haproxy 反向代理 tomcat (https、负载均衡) |
haproxy 反向代理 tomcat (https、负载均衡)
|
haproxy 反向代理 tomcat (https、负载均衡)
原创
wzlinux 2017-08-15 10:35:02 博主文章分类:WEB服务 ©著作权 文章标签 haproxy 文章分类 负载均衡 服务器 ©著作权归作者所有:来自51CTO博客作者wzlinux的原创作品,请联系作者获取转载授权,否则将追究法律责任背景: 情况是这样的,我们要支撑高并发业务,需要多个web服务器来支持,如果一台机器只部署一个tomcat的话,那资源没有办法充分利用,所以我们的办法是在一台物理机部署数十个tomcat,前端使用haproxy做负载均衡,并且网站需要https访问,所以证书需要在haproxy中配置。 部署: 1、haproxy的配置 #--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 400000 user haproxy group haproxy daemon tune.ssl.default-dh-param 2048 # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 option httpclose timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s stats enable stats hide-version stats uri /haproxy?status stats realm Haproxy\ Statistics stats auth admin:admin123 #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- frontend wzlinux_ssl bind *:80 bind *:443 ssl crt /etc/haproxy/wzlinux.pem mode http default_backend wzlinuxs backend wzlinuxs mode http balance roundrobin option forwardfor # option httpchk HEAD / HTTP/1.1\r\nHost:localhost server tomcat01 127.0.0.1:8080 check inter 15000 rise 2 fall 4 weight 1 server tomcat02 127.0.0.1:8081 check inter 15000 rise 2 fall 4 weight 1 server tomcat03 127.0.0.1:8082 check inter 15000 rise 2 fall 4 weight 1 server tomcat04 127.0.0.1:8083 check inter 15000 rise 2 fall 4 weight 1 server tomcat05 127.0.0.1:8084 check inter 15000 rise 2 fall 4 weight 1 server tomcat06 127.0.0.1:8085 check inter 15000 rise 2 fall 4 weight 1 server tomcat07 127.0.0.1:8086 check inter 15000 rise 2 fall 4 weight 1 # http-request set-header X-Forwarded-Port %[dst_port] # http-request add-header X-Forwarded-Proto https if { ssl_fc }2、tomcat的配置设定 因为tomcat日志需要知道真正的来源IP是什么,所以默认的是不满足要求的,我们需要修改日志格式的内容如下。 上一篇:nginx 反向代理 tomcat (https、虚拟主机) 下一篇:Apache 2.2 反向代理 Tomcat (https、ajp) |
【本文地址】
今日新闻 |
推荐新闻 |