Rédiger « OVH/VPC02/ReverseProxy » ici.
NginX - ReverseProxy
Installation
Se référer a la documentation : AUF - PROCÉDURE D'INSTALLATION DU REVERSE PROXY IDNEUF.
Configurer un site comportant un cluster
Dans le fichier de configuration du site :
upstream proxy-idneuf {
ip_hash;
server prod-drupal02-idneuf.vpc02.auf;
server prod-drupal03-idneuf.vpc02.auf;
}
server {
listen 80;
listen [::]:80;
server_name prod-prox-vip.vpc02.auf;
#server_name prod-proxy01.vpc02.auf;
#server_name idneuf.org;
#server_name ori-oai.idneuf.org;
root /var/www/html/;
# log level
access_log /var/log/nginx/www.idneuf.org.access;
#error_log /var/log/nginx/www.idneuf.org.error debug; #debug
error_log /var/log/nginx/www.idneuf.org.error; #normal
location / {
if ($args ~ q=user){
rewrite ^$ http://prod-proxy-vip.vpc02.auf/user permanent;
}
if ($args ~ q=admin){
rewrite ^$ http://prod-proxy-vip.vpc02.auf/admin permanent;
}
proxy_set_header Host prod-proxy-vip.vpc02.auf;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://proxy-idneuf;
}
location /admin {
proxy_set_header Host prod-drupal01-idneuf.vpc02.auf;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://prod-drupal01-idneuf.vpc02.auf;
}
location /user {
proxy_set_header Host prod-drupal01-idneuf.vpc02.auf;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://prod-drupal01-idneuf.vpc02.auf;
}
location /ressources/ {
#try_files $uri $uri/ $uri/index.html =404;
proxy_set_header Host prod-proxy-vip.vpc02.auf;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://prod-ori-oai01-idneuf.vpc02.auf;
}
location /ori-oai-thumbnail/ {
proxy_set_header Host prod-proxy-vip.vpc02.auf;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://prod-ori-oai01-idneuf.vpc02.auf;
}
}L'option ip_hash permet de conserver la connexion de chaque client sur le même serveur.
Keepalived ACTIF/PASSIF
Installation des paquets
apt-get install keepalived
Configuration
Dans le fichier /etc/keepalivedd/keepalived.conf, ajouter :
# Global Configuration
global_defs {
notification_email {
root
}
notification_email_from keepalived@ca.auf.org
smtp_server localhost
smtp_connect_timeout 30
router_id KeepAlivedProxy
}
vrrp_script chk_nginx {
script "pidof nginx"
interval 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass xxxxxxxxx
}
virtual_ipaddress {
10.242.1.196/25 dev eth0
}
track_script {
chk_nginx
}
}Ainsi, si Nginx tombe ou si le serveur tombe, l'IPV va être attribuée au BACKUP.
La directive STATE indique le status au démarrage de keepalived.
Mise en maintenance du site
Définition du site de maintenance
Dans le fichier /etc/nginx/sites-available/maintenance_www.idneuf.org :
server{
listen 80 default;
server_name www.idneuf.org;
root /var/www/html/;
index index.html;
}
Script de bascule
Le script maintenance_nginx.sh contient:
ALT_SITE='maintenance_www.idneuf.org'
MAIN_SITE='dev.www.idneuf.org'
BASE_A='/etc/nginx/sites-available'
BASE_E='/etc/nginx/sites-enabled'
case "$1" in
down)
rm $BASE_E/$MAIN_SITE
ln -s $BASE_A/$ALT_SITE $BASE_E/$ALT_SITE
systemctl restart nginx
;;
up)
rm $BASE_E/$ALT_SITE
ln -s $BASE_A/$MAIN_SITE $BASE_E/$MAIN_SITE
systemctl restart nginx
;;
*)
echo "Usage: $0 {up|down}"
exit 1
;;
esac
exit 0