在Linux上配置高可用的端口转发通常需要结合多种技术来实现负载均衡和故障转移。以下是几种常见的解决方案:
安装必要软件:
sudo apt-get install keepalived ipvsadm # Debian/Ubuntu
sudo yum install keepalived ipvsadm # CentOS/RHEL
配置Keepalived (/etc/keepalived/keepalived.conf):
vrrp_instance VI_1 {
state MASTER # 主节点设为MASTER,备节点设为BACKUP
interface eth0 # 监听的网络接口
virtual_router_id 51
priority 100 # 主节点优先级高于备节点
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.100 # 虚拟IP地址
}
}
virtual_server 192.168.1.100 80 {
delay_loop 6
lb_algo rr # 轮询算法
lb_kind DR # 直接路由模式
protocol TCP
real_server 192.168.1.101 80 {
weight 1
TCP_CHECK {
connect_timeout 3
}
}
real_server 192.168.1.102 80 {
weight 1
TCP_CHECK {
connect_timeout 3
}
}
}
启用IP转发:
echo 1 > /proc/sys/net/ipv4/ip_forward
启动服务:
systemctl start keepalived
systemctl enable keepalived
安装HAProxy:
sudo apt-get install haproxy # Debian/Ubuntu
sudo yum install haproxy # CentOS/RHEL
配置HAProxy (/etc/haproxy/haproxy.cfg):
frontend http-in
bind *:80
default_backend servers
backend servers
balance roundrobin
server server1 192.168.1.101:80 check
server server2 192.168.1.102:80 check
listen stats
bind *:8080
stats enable
stats uri /haproxy?stats
启动HAProxy:
systemctl start haproxy
systemctl enable haproxy
对于较新版本的Nginx(1.9.0+),可以支持TCP/UDP负载均衡:
安装带stream模块的Nginx:
sudo apt-get install nginx-extras # Debian/Ubuntu
配置Nginx (/etc/nginx/nginx.conf):
stream {
upstream backend {
server 192.168.1.101:12345;
server 192.168.1.102:12345;
}
server {
listen 12345;
proxy_pass backend;
}
}
启动Nginx:
systemctl start nginx
systemctl enable nginx
对于简单的端口转发(无负载均衡):
# 启用IP转发
echo 1 > /proc/sys/net/ipv4/ip_forward
# 设置端口转发规则
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.101:80
iptables -t nat -A POSTROUTING -j MASQUERADE
# 保存规则
iptables-save > /etc/iptables.rules
结合Keepalived和HAProxy/Nginx:
健康检查:
监控:
日志记录:
以上方案可以根据实际需求进行组合和调整,以达到最佳的高可用端口转发效果。