一、部署第一台Nginx网站

关于Nginx的原理概述及详细配置请参考博文：Centos 7部署Nginx网站服务

[[email protected] ~]# yum -y install prce-devel zlib-devel <!--安装Nginx依赖-->
[[email protected] ~]# useradd -M -s /sbin/nologin nginx  <!--创建管理Nginx账户-->
[[email protected] ~]# umount /mnt/      <!--切换Linux光盘->
[[email protected] ~]# mount /dev/cdrom /mnt/      <!--挂载光盘-->
mount: /dev/sr0 写保护，将以只读方式挂载
[[email protected] ~]# scp /mnt/nginx-1.6.0.tar.gz [email protected]:/root
          <!--复制Nginx包到第二台Nginx服务器-->
The authenticity of host ‘192.168.100.20 (192.168.100.20)‘ can‘t be established.
ECDSA key fingerprint is SHA256:PUueT9fU9QbsyNB5NC5hbSXzaWxxQavBxXmfoknXl4I.
ECDSA key fingerprint is MD5:6d:f7:95:0e:51:1a:d8:9e:7b:b6:3f:58:51:51:4b:3b.
Are you sure you want to continue connecting (yes/no)? yes   <!--输入yes-->
Warning: Permanently added ‘192.168.100.20‘ (ECDSA) to the list of known hosts.
[email protected]‘s password:
nginx-1.6.0.tar.gz                                      100%  784KB  68.2MB/s   00:00
[[email protected] ~]# scp /mnt/haproxy-1.4.24.tar.gz [email protected]:/root
           <!--复制haproxy软件包到100.30服务器-->
The authenticity of host ‘192.168.100.30 (192.168.100.30)‘ can‘t be established.
ECDSA key fingerprint is SHA256:PUueT9fU9QbsyNB5NC5hbSXzaWxxQavBxXmfoknXl4I.
ECDSA key fingerprint is MD5:6d:f7:95:0e:51:1a:d8:9e:7b:b6:3f:58:51:51:4b:3b.
Are you sure you want to continue connecting (yes/no)? yes   <!--输入yes-->
Warning: Permanently added ‘192.168.100.30‘ (ECDSA) to the list of known hosts.
[email protected]‘s password:
haproxy-1.4.24.tar.gz                                                                               100%  817KB  31.1MB/s   00:00  00:00
[[email protected] ~]# tar zxvf /mnt/nginx-1.6.0.tar.gz -C /usr/src/  <!--解压缩nginx包-->
[[email protected] ~]# cd /usr/src/nginx-1.6.0/    <!--进入nginx目录-->
[[email protected] nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx
        <!--配置nginx-->
[[email protected] nginx-1.6.0]# make && make install  <!--编辑及安装nginx-->
[[email protected] ~]# ln -s /usr/local/nginx/sbin/* /usr/local/sbin/  <!--优化执行命令-->
[[email protected] ~]# echo "192.168.100.10:nginx" > /usr/local/nginx/html/index.html
      <!--创建nginx网站主页，写入测试数据-->
[[email protected] ~]# nginx  <!--启动nginx服务-->
[[email protected] ~]# netstat -anptu | grep nginx <!--监听Nginx服务端口号-->
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      3685/ngin: master  

二、部署第二台Nginx网站

[[email protected] ~]# yum -y install pcre-devel zlib-devel  <!--安装依赖软件包-->
[[email protected] ~]# ls
anaconda-ks.cfg  initial-setup-ks.cfg  nginx-1.6.0.tar.gz
[[email protected] ~]# tar zxvf nginx-1.6.0.tar.gz -C /usr/src/   <!--解压缩nginx软件包-->
[[email protected] ~]# useradd -M -s /sbin/nologin nginx   <!--创建管理nginx账户-->
[[email protected] ~]# cd /usr/src/nginx-1.6.0/
[[email protected] nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx
           <!--配置nginx-->
[[email protected] nginx-1.6.0]# make && make install <!--编译及安装-->
[[email protected] ~]# ln -s /usr/local/nginx/sbin/* /usr/local/sbin/ <!--优化执行路径-->
[[email protected] ~]# echo "192.168.100.20:nginx" > /usr/local/nginx/html/index.html
          <!--创建nginx网站主页，写入测试数据-->
[[email protected] ~]# nginx <!--启动nginx服务-->
[[email protected] ~]# netstat -anptu | grep nginx
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      6059/ngin: master  

三、部署内网客户端

1、客户端添加VM1网卡，配置和服务器同网段IP地址

2、访问第一台nginx服务器

3、客户端更换IP地址访问第二台nginx服务器

四、部署Haproxy服务器

Haproxy概述及工作原理详细配置参考博文：Haproxy搭建Web群集概述
Centos 7基于Haproxy搭建高可用Web群集

1、安装haproxy

[[email protected] ~]# yum -y install pcre-devel bzip2-devel  <!--安装依赖程序-->
[[email protected] ~]# ls
anaconda-ks.cfg  haproxy-1.4.24.tar.gz  initial-setup-ks.cfg
[[email protected] ~]# tar zxvf haproxy-1.4.24.tar.gz -C /usr/src/  <!--解压缩haproxy压缩包-->
[[email protected] ~]# cd /usr/src/haproxy-1.4.24/
[[email protected] haproxy-1.4.24]# make TARGET=linux26 <!--编译haproxy支持64位系统-->
[[email protected] haproxy-1.4.24]# make install  <!--安装haproxy-->

2、生成haproxy配置文件

[[email protected] ~]# mkdir /etc/haproxy  <!--创建保存haproxy配置文件目录-->
[[email protected] ~]# cp /usr/src/haproxy-1.4.24/examples/haproxy.cfg /etc/haproxy/
                <!--生成配置文件-->
[[email protected] ~]# cp /usr/src/haproxy-1.4.24/examples/haproxy.init /etc/init.d/haproxy
         <!--创建haproxy服务控制脚本-->
[[email protected] ~]# chmod +x /etc/init.d/haproxy <!--添加执行权限-->
[[email protected] ~]# chkconfig --add haproxy <!--添加为系统服务-->
 [[email protected] ~]# chkconfig --level 35 haproxy on <!--设置开机自动启动-->
[[email protected] ~]# cp /usr/src/haproxy-1.4.24/haproxy /usr/sbin/ <!--优化程序执行命令-->
[[email protected] ~]# mkdir -p /usr/share/haproxy <!--创建服务运行的临时目录-->

3、配置haproxy群集

[[email protected] ~]# vim /etc/haproxy/haproxy.cfg   <!--修改haproxy主配置文件-->
listen  nginx 192.168.100.30:80   <!--Haproxy服务器IP地址-->
        balance roundrobin
        server  web01 192.168.100.10:80 check inter 2000 fall 3   <!--第一台Nginx的IP-->
        server  web02 192.168.100.20:80 check inter 2000 fall 3  <!--第二台Nginx的IP-->
[[email protected] ~]# /etc/init.d/haproxy start  <!--启动haproxy服务-->
Starting haproxy (via systemctl):                          [  确定  ]

1）客户端访问192.168.100.30

2）客户端更换IP地址重新访问

五、配置Firewalld防火墙（双网卡）

关于Firewalld防火墙的概述及详细配置请参考博文：Centos 7的Firewalld防火墙基础
Centos 7的firewalld防火墙地址伪装和端口转发原理
centos 7之firewalld防火墙配置IP伪装和端口转发案例详解

[[email protected] ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-ens34   <!--复制ens34网卡配置文件-->
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens34
                 <!--编辑ens34网卡配置文件-->
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.200.254  <!--外网的IP地址-->
NATEMASK=255.255.255.0
DNS1=192.168.200.254   <!--添加DNS-->
[[email protected] ~]# systemctl restart network   <!--重新启动网卡服务-->
[[email protected] ~]# vim /etc/sysctl.conf   <!--开启路由功能-->
net.ipv4.ip_forward = 1
[[email protected] ~]# sysctl -p  <!--刷新配置-->
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
                 <!--编辑ens32网卡配置文件-->
GATEWAY=192.168.100.40
     <!--网站服务器和Haproxy服务器添加网关（内网所有服务器都要添加网关）-->
[[email protected] ~]# systemctl restart network  <!--重新启动网卡服务-->
[[email protected] ~]# systemctl start firewalld.service   <!--启动防火墙-->
[[email protected] ~]# systemctl enable firewalld.service  <!--设置开机自动启动-->
[[email protected] ~]# firewall-cmd --add-interface=ens34 --zone=external
        <!--将ens34接口加入到external区域-->
The interface is under control of NetworkManager, setting zone to ‘external‘.
success
[[email protected] ~]# firewall-cmd --add-interface=ens32 --zone=trusted
            <!--将ens32接口加入到trusted区域-->
The interface is under control of NetworkManager, setting zone to ‘trusted‘.
success
[[email protected] ~]# firewall-cmd --get-active-zones   <!--查看所有激活的区域-->
external
  interfaces: ens34
trusted
  interfaces: ens32
[[email protected] ~]# firewall-cmd --remove-masquerade --zone=external
           <!--关闭默认的IP地址伪装-->
success
[[email protected] ~]# firewall-cmd --add-rich-rule=‘rule family=ipv4 source address=192.168.100.0/24 masquerade‘ <!--external区域配置IP地址伪装-->
success
[[email protected] ~]# firewall-cmd --add-rich-rule=‘rule family=ipv4 destination address=192.168.200.254/32 forward-port port=80 protocol=tcp to-addr=192.168.100.30‘
<!--配置端口映射；将trusted区域的192.168.100.30的80端口映射到external区域的
 192.168.200.254的80端口-->
success
[[email protected] ~]# firewall-cmd --zone=external --add-service=http
            <!--external区域允许http协议-->
success
[[email protected] ~]# firewall-cmd --zone=external --add-service=dns
        <!--external区域允许 dns协议-->
success
[[email protected] ~]# firewall-cmd --zone=external --list-all<!--查看external区域的详细信息-->
external (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens34
  sources:
  services: ssh http dns
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
    rule family="ipv4" source address="192.168.100.0/24" masquerade
    rule family="ipv4" destination address="192.168.200.254/32" forward-port port="80" protocol="tcp" to-addr="192.168.100.30"

六、部署DNS

关于DNS详细配置及概述请参考博文：CentOS7简单搭建DNS服务

[[email protected] ~]# yum -y install bind bind-chroot bind-utils <!--安装依赖软件-->
[[email protected] ~]# echo "" > /etc/named.conf
[[email protected] ~]# vim /etc/named.conf   <!--编辑DNS主配置文件-->
options {
        listen-on       port    53      { any; };
        directory       "/var/named";
};
zone    benet.com        IN      {
        type    master;
        file    "benet.com.zone";
};

[[email protected] ~]# named-checkconf -z /etc/named.conf
          <!--检查DNS主配置文件是否错误-->
[[email protected] ~]# vim /var/named/benet.com.zone
           <!--编辑benet.com正向解析区域配置文件-->
$TTL    86400
@       SOA     benet.com.       root.benet.com.(
        2020021801
        1H
        15M
        1W
        1D
)
@       NS      centos04.benet.com.
centos04 A      192.168.200.254
www      A      192.168.200.254
[[email protected] ~]# named-checkzone benet.com /var/named/benet.com.zone
         <!--检查正向解析区域配置文件是否错误-->
zone benet.com/IN: loaded serial 2020021801
OK
[[email protected] ~]# chmod +x /var/named/benet.com.zone
        <!--正向解析区域配置文件添加执行权限-->
[[email protected] ~]# chown named:named /var/named/benet.com.zone<!--修改属组属组-->
[[email protected] ~]# systemctl start named  <!--启动服务-->
[[email protected] ~]# systemctl enable named  <!--设置服务开机自动启动-->

七、部署外网客户端

1、客户端配置IP地址、添加DNS地址

2、客户端使用域名访问

3、客户端更换IP地址重新访问

———————— 本文至此结束，感谢阅读 ————————

原文地址：https://blog.51cto.com/14156658/2473396