= NginX - ReverseProxy = == Installation == Se référer a la documentation : ''AUF - PROCÉDURE D'INSTALLATION DU REVERSE PROXY IDNEUF''. == Configurer un site comportant un cluster == Dans le fichier de configuration du site : {{{ upstream proxy-idneuf { ip_hash; server prod-drupal02-idneuf.vpc02.auf; server prod-drupal03-idneuf.vpc02.auf; } server { listen 80; listen [::]:80; server_name prod-prox-vip.vpc02.auf; #server_name prod-proxy01.vpc02.auf; #server_name idneuf.org; #server_name ori-oai.idneuf.org; root /var/www/html/; # log level access_log /var/log/nginx/www.idneuf.org.access; #error_log /var/log/nginx/www.idneuf.org.error debug; #debug error_log /var/log/nginx/www.idneuf.org.error; #normal location / { if ($args ~ q=user){ rewrite ^$ http://prod-proxy-vip.vpc02.auf/user permanent; } if ($args ~ q=admin){ rewrite ^$ http://prod-proxy-vip.vpc02.auf/admin permanent; } proxy_set_header Host prod-proxy-vip.vpc02.auf; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://proxy-idneuf; } location /admin { proxy_set_header Host prod-drupal01-idneuf.vpc02.auf; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://prod-drupal01-idneuf.vpc02.auf; } location /user { proxy_set_header Host prod-drupal01-idneuf.vpc02.auf; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://prod-drupal01-idneuf.vpc02.auf; } location /ressources/ { #try_files $uri $uri/ $uri/index.html =404; proxy_set_header Host prod-proxy-vip.vpc02.auf; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://prod-ori-oai01-idneuf.vpc02.auf; } location /ori-oai-thumbnail/ { proxy_set_header Host prod-proxy-vip.vpc02.auf; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://prod-ori-oai01-idneuf.vpc02.auf; } } }}} L'option `ip_hash` permet de conserver la connexion de chaque client sur le même serveur. == Keepalived ACTIF/PASSIF == === Installation des paquets === {{{ apt-get install keepalived }}} === Configuration === Contenu du fichier `/etc/keepalived/keepalived.conf` sur le primaire : {{{ # Global Configuration global_defs { notification_email { root } notification_email_from keepalived@ca.auf.org smtp_server localhost smtp_connect_timeout 30 router_id KeepAlivedProxy enable_script_security } vrrp_script chk_nginx { script "/usr/bin/pgrep nginx" interval 2 } vrrp_instance VI_1 { interface eth0 virtual_router_id 51 state MASTER priority 150 advert_int 1 authentication { auth_type PASS auth_pass xxxxxxxx } virtual_ipaddress { 137.74.32.196/25 dev eth1 } virtual_ipaddress_excluded { 2001:41d0:129:5700::196/64 dev eth1 } track_script { chk_nginx } } }}} Contenu du fichier identique sur le secondaire, à l'exception de ces lignes : {{{ state BACKUP priority 100 }}} Ainsi, si NginX tombe ou si le serveur tombe, l'IPV(irtuelle) va être attribuée au BACKUP. La directive STATE indique le status au démarrage de keepalived. == Mise en maintenance du site == === Définition du site de maintenance === Dans le fichier `/etc/nginx/sites-available/maintenance_www.idneuf.org` : {{{ server { listen 80 default; server_name www.idneuf.org; root /var/www/html/; index index.html; } }}} === Script de bascule === Le script maintenance_nginx.sh contient : {{{#!bash #!/bin/bash ALT_SITE='maintenance_www.idneuf.org' MAIN_SITE='dev.www.idneuf.org' BASE_A='/etc/nginx/sites-available' BASE_E='/etc/nginx/sites-enabled' case "$1" in down) rm $BASE_E/$MAIN_SITE ln -s $BASE_A/$ALT_SITE $BASE_E/$ALT_SITE systemctl restart nginx ;; up) rm $BASE_E/$ALT_SITE ln -s $BASE_A/$MAIN_SITE $BASE_E/$MAIN_SITE systemctl restart nginx ;; *) echo "Usage: $0 {up|down}" exit 1 ;; esac exit 0 }}}