背景:
情况是这样的,我们要支撑高并发业务,需要多个web服务器来支持,如果一台机器只部署一个tomcat的话,那资源没有办法充分利用,所以我们的办法是在一台物理机部署数十个tomcat,前端使用haproxy做负载均衡,并且网站需要https访问,所以证书需要在haproxy中配置。
部署:
1、haproxy的配置
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot
/var/lib/haproxy
pidfile
/var/run/haproxy
.pid
maxconn 400000
user haproxy
group haproxy
daemon
tune.ssl.default-dh-param 2048
# turn on stats unix socket
stats socket
/var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0
/8
option redispatch
retries 3
option httpclose
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
stats
enable
stats hide-version
stats uri
/haproxy
?status
stats realm Haproxy\ Statistics
stats auth admin:admin123
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend wzlinux_ssl
bind *:80
bind *:443 ssl crt
/etc/haproxy/wzlinux
.pem
mode http
default_backend wzlinuxs
backend wzlinuxs
mode http
balance roundrobin
option forwardfor
# option httpchk HEAD / HTTP/1.1\r\nHost:localhost
server tomcat01 127.0.0.1:8080 check inter 15000 rise 2 fall 4 weight 1
server tomcat02 127.0.0.1:8081 check inter 15000 rise 2 fall 4 weight 1
server tomcat03 127.0.0.1:8082 check inter 15000 rise 2 fall 4 weight 1
server tomcat04 127.0.0.1:8083 check inter 15000 rise 2 fall 4 weight 1
server tomcat05 127.0.0.1:8084 check inter 15000 rise 2 fall 4 weight 1
server tomcat06 127.0.0.1:8085 check inter 15000 rise 2 fall 4 weight 1
server tomcat07 127.0.0.1:8086 check inter 15000 rise 2 fall 4 weight 1
# http-request set-header X-Forwarded-Port %[dst_port]
# http-request add-header X-Forwarded-Proto https if { ssl_fc }
|
2、tomcat的配置设定
因为tomcat日志需要知道真正的来源IP是什么,所以默认的是不满足要求的,我们需要修改日志格式的内容如下。
|
1
2
3
4
5
6
7
8
|
<
Host
name
=
"localhost"
appBase
=
"/home/webapps"
unpackWARs
=
"true"
autoDeploy
=
"true"
>
<
Valve
className
=
"org.apache.catalina.valves.AccessLogValve"
directory
=
"/var/log/tomcat"
prefix
=
"wzlinux."
suffix
=
".txt"
pattern
=
"%{X-Forwarded-For}i %l %u %t "%r" %s %b"
/>
</
Host
>
|
本文转自 wzlinux 51CTO博客,原文链接:http://blog.51cto.com/wzlinux/1956323,如需转载请自行联系原作者
