Rédiger « OVH/VPC02/ReverseProxy » ici.
NginX - ReverseProxy
Installation
Se référer a la documentation : AUF - PROCÉDURE D'INSTALLATION DU REVERSE PROXY IDNEUF.
Configurer un site comportant un cluster
Dans le fichier de configuration du site :
upstream proxy-idneuf { ip_hash; server prod-drupal02-idneuf.vpc02.auf; server prod-drupal03-idneuf.vpc02.auf; } server { listen 80; listen [::]:80; server_name prod-prox-vip.vpc02.auf; #server_name prod-proxy01.vpc02.auf; #server_name idneuf.org; #server_name ori-oai.idneuf.org; root /var/www/html/; # log level access_log /var/log/nginx/www.idneuf.org.access; #error_log /var/log/nginx/www.idneuf.org.error debug; #debug error_log /var/log/nginx/www.idneuf.org.error; #normal location / { if ($args ~ q=user){ rewrite ^$ http://prod-proxy-vip.vpc02.auf/user permanent; } if ($args ~ q=admin){ rewrite ^$ http://prod-proxy-vip.vpc02.auf/admin permanent; } proxy_set_header Host prod-proxy-vip.vpc02.auf; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://proxy-idneuf; } location /admin { proxy_set_header Host prod-drupal01-idneuf.vpc02.auf; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://prod-drupal01-idneuf.vpc02.auf; } location /user { proxy_set_header Host prod-drupal01-idneuf.vpc02.auf; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://prod-drupal01-idneuf.vpc02.auf; } location /ressources/ { #try_files $uri $uri/ $uri/index.html =404; proxy_set_header Host prod-proxy-vip.vpc02.auf; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://prod-ori-oai01-idneuf.vpc02.auf; } location /ori-oai-thumbnail/ { proxy_set_header Host prod-proxy-vip.vpc02.auf; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://prod-ori-oai01-idneuf.vpc02.auf; } }
L'option ip_hash permet de conserver la connexion de chaque client sur le même serveur.
Keepalived ACTIF/PASSIF
Installation des paquets
apt-get install keepalived
Configuration
Dans le fichier /etc/keepalivedd/keepalived.conf, ajouter :
# Global Configuration global_defs { notification_email { root } notification_email_from keepalived@ca.auf.org smtp_server localhost smtp_connect_timeout 30 router_id KeepAlivedProxy } vrrp_script chk_nginx { script "pidof nginx" interval 2 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 150 advert_int 1 authentication { auth_type PASS auth_pass xxxxxxxxx } virtual_ipaddress { 10.242.1.196/25 dev eth0 } track_script { chk_nginx } }
Ainsi, si Nginx tombe ou si le serveur tombe, l'IPV va être attribuée au BACKUP.
La directive STATE indique le status au démarrage de keepalived.
Mise en maintenance du site
Définition du site de maintenance
Dans le fichier /etc/nginx/sites-available/maintenance_www.idneuf.org :
server{ listen 80 default; server_name www.idneuf.org; root /var/www/html/; index index.html; }
Script de bascule
Le script maintenance_nginx.sh contient:
ALT_SITE='maintenance_www.idneuf.org' MAIN_SITE='dev.www.idneuf.org' BASE_A='/etc/nginx/sites-available' BASE_E='/etc/nginx/sites-enabled' case "$1" in down) rm $BASE_E/$MAIN_SITE ln -s $BASE_A/$ALT_SITE $BASE_E/$ALT_SITE systemctl restart nginx ;; up) rm $BASE_E/$ALT_SITE ln -s $BASE_A/$MAIN_SITE $BASE_E/$MAIN_SITE systemctl restart nginx ;; *) echo "Usage: $0 {up|down}" exit 1 ;; esac exit 0