国产精品黄,超碰探花综合,亚洲人妻综合区网

實驗環(huán)境

后端主機1

設置seLinux、取消防火墻和同步時間

yum install -y ntpdate
ntpdate time1.aliyun.com

[root@node-73 ~]# yum -y install httpd
[root@node-73 ~]# mkdir /data/web/vhost{1,2} -pv
mkdir: 已創(chuàng)建目錄 "/data/web"
mkdir: 已創(chuàng)建目錄 "/data/web/vhost1"
mkdir: 已創(chuàng)建目錄 "/data/web/vhost2"
[root@node-73 ~]# find /usr/share -iname "*.jpg" -exec cp {} /data/web/vhost1/ \;
[root@node-73 ~]# find /usr/share -iname "*.jpg" -exec cp {} /data/web/vhost2/ \;

[root@node-73 ~]# vim /data/web/vhost1/test.txt
ImageServer 1
[root@node-73 ~]# vim /data/web/vhost2/test.txt
ImageServer 2
[root@node-73 ~]# vim /etc/httpd/conf.d/vhost1.conf
[root@node-73 ~]# vim /etc/httpd/conf.d/vhost2.conf
[root@node-73 ~]# systemctl start httpd
[root@node-73 ~]# ss -tnl                
LISTEN      0      128    :::8080               :::*                  
LISTEN      0      128    :::80                 :::*

后端主機2：

設置seLinux、取消防火墻和同步時間

yum install -y ntpdate
ntpdate time1.aliyun.com

[root@node-74 ~]# yum -y install httpd
[root@node-74 ~]# mkdir /data/web/vhost{1,2} -pv
mkdir: 已創(chuàng)建目錄 "/data/web"
mkdir: 已創(chuàng)建目錄 "/data/web/vhost1"
mkdir: 已創(chuàng)建目錄 "/data/web/vhost2"
[root@node-74 ~]# vim /data/web/vhost1/info.php

<h1>Application Server1</h1>
 <?php
        phpinfo();
   ?>   
[root@node-74 ~]# cp  /data/web/vhost{1,2}/info.php #復制文件到vhsot2
[root@node-74 ~]# vim /data/web/vhost2/info.php

<h1>Application Server2</h1>  #修改
 <?php
        phpinfo();
   ?> 
[root@node-74 ~]# vim /etc/httpd/conf.d/vhost1.conf #配置虛擬主機1

<VirtualHost *:80>
         ServerName www1.hehe.com
         DocumentRoot "/data/web/vhost1"
         <Directory "/data/web/vhost1">
               Options FollowSymLinks
               AllowOverride None
               Require all granted
         </Directory>
</VirtualHost>
[root@node-74 ~]# cp /etc/httpd/conf.d/vhost{1,2}.conf #拷貝配置
[root@node-74 ~]# vim /etc/httpd/conf.d/vhost2.conf #編輯虛擬主機2

listen 8080
<VirtualHost *:8080>
         ServerName www1.hehe.com
         DocumentRoot "/data/web/vhost2"
         <Directory "/data/web/vhost2">
               Options FollowSymLinks
               AllowOverride None
               Require all granted
         </Directory>
</VirtualHost>
[root@node-74 ~]# scp /etc/httpd/conf.d/vhost*.conf 192.168.1.73:/etc/httpd/conf.d/   #把配置拷貝到node1主機上

[root@node-74 ~]# systemctl start httpd.service #啟動httpd
[root@node-74 ~]# ss -tnl                 
LISTEN      0      128    :::8080               :::*                  
LISTEN      0      128    :::80                 :::*

haproxy主機

設置seLinux、取消防火墻和同步時間

yum install -y ntpdate
ntpdate time1.aliyun.com

創(chuàng)建CA自簽證

[root@haproxy-75 ~]# cd /etc/pki/CA/
[root@haproxy-75 CA]# (umask 077; openssl genrsa -out private/cakey.pem 4096)
[root@haproxy-75 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
[root@haproxy-75 CA]# touch index.txt
[root@haproxy-75 CA]# echo 01 > serial

[root@haproxy-75 CA]# cd /etc/haproxy/
[root@haproxy-75 haproxy]# mkdir certs
[root@haproxy-75 haproxy]# cd certs

[root@haproxy-75 certs]# openssl genrsa -out haproxy.key 2048
[root@haproxy-75 certs]# openssl req -new -key haproxy.key -out haproxy.csr
[root@haproxy-75 certs]# ls
haproxy.csr  haproxy.key

[root@haproxy-75 certs]# openssl ca -in haproxy.csr -out haproxy.crt
[root@haproxy-75 certs]# cat haproxy.crt haproxy.key > haproxy.pem
[root@haproxy-75 certs]# ls
haproxy.crt  haproxy.csr  haproxy.key  haproxy.pem
[root@haproxy-75 certs]# chmod 600 haproxy.pem

[root@haproxy-75 ~]# vim /etc/haproxy/haproxy.cfg
frontend web *:80
   compression algo gzip
   compression type text/html text/plain /application/xml application/javascript
   acl static path_end .jpg .jpeg.png .gif .txt .html .css .javascript .
js  #定義靜態(tài)acl匹配規(guī)則，后綴匹配
   acl static path_beg /imgs /css /javascripts #定義靜態(tài)acl匹配規(guī)則，前綴匹配
   acl bad_browsers hdr_reg(User-Agent) .*curl.* #定義名為bad_browsers的acl規(guī)則，url中后綴匹配字符中有curl
   block if bad_browsers #調(diào)用bad_browsers規(guī)則 ，符合就阻塞
   acl valid_referers hdr_reg(Referer) \.hehe1\.com #定義一個名為valid_referers的acl，正則表達式匹配
   block unless valid_referers #調(diào)用acl，如果匹配則放行
   use_backend staticsrvs if static  #使用靜態(tài)acl匹配規(guī)則
   default_backend dynsrvs #未匹配到acl的，使用默認后端主機，動態(tài)內(nèi)容

frontend https
   bind *:443 ssl crt /etc/haproxy/certs/haproxy.pem #使用認證并指明pem認證文件路徑
   acl static path_end .jpg .jpeg.png .gif .txt .html .css .javascript .js #定義后綴匹配規(guī)則
   acl static path_beg /imgs /css /javascripts
   use_backend staticsrvs if static
   default_backend dynsrvs

frontend http
    bind *.8080
    redirect scheme https if !{ ssl_fc } #把8080端口的請求重向定443

backend dynsrvs   #動態(tài)主機組
   cookie SRV insert indirect nocache #啟用cookie綁定
   balance roundrobin
   server dynsrv1 192.168.1.74:80 check cookie dynsrv1
   server dynsrv2 192.168.1.74:8080 check cookie dynsrv2

backend staticsrvs  #靜態(tài)主機組
   balance roundrobin
   server staticsrv1 192.168.1.73:80 check               
   server staticsrv2 192.168.1.73:8080 check 


listen stats
   bind *:9099
   stats enable
   stats uri /myproxy?admin #自定義信息頁地址
   stats realm "HAProxy Stats Page" #認證提示
   stats auth admin:admin #認證時用的用戶名和密碼
   stats admin if TRUE  #啟用信息頁管理功能，總是為真
[root@haproxy-75 ~]# systemctl restart haproxy
[root@haproxy-75 ~]# ss -tnl
LISTEN     0      128                                                                           *:9099                                                                                      *:*                  
LISTEN     0      128                                                                           *:8080                                                                                      *:*                  
LISTEN     0      128                                                                           *:80                                                                                        *:*                         
LISTEN     0      128                                                                           *:443                                                                                       *:*

訪問測試