# 部署架构 典型单实例部署结构 ![典型单实例部署结构](/files/-LQ8ab4q4v01BaeWK-1n) {% hint style="success" %} 新版本中已把ws proxy合并到Coolpy7 tcp core,所以新版本用户无需再下载运行Coolpy7 ws proxy. {% endhint %} ## LB (负载均衡) LB (负载均衡器) 负责分发设备的 MQTT 连接与消息到 CP7 集群,LB 提高 CP7 集群可用性、实现负载平衡以及动态扩容。 部署架构推荐在 LB 终结 SSL 连接。设备与 LB 之间 TLS 安全连接,LB 与 CP7 之间普通 TCP 连接。这种部署模式下 CP7 单集群可轻松支持100万设备。 公有云厂商 LB 产品: | 云计算厂商 | 是否支持 TLS 终结 | LB 产品介绍 | | --------------------------------- | ----------- | ---------------------------------------------------- | | [青云](https://qingcloud.com/) | 是 | | | [AWS](https://aws.amazon.com/) | 是 | | | [阿里云](https://www.aliyun.com/) | 否 | | | [UCloud](https://ucloud.cn/) | 未知 | | | [QCloud](https://www.qcloud.com/) | 未知 | | 私有部署 LB 服务器: | 开源 LB | 是否支持 TLS 终结 | 方案介绍 | | ----------------------------------- | ----------- | ------------------------------------------------------- | | [HAProxy](https://www.haproxy.org/) | 是 | | | [NGINX](https://www.nginx.com/) | PLUS 产品支持 | | 国内公有云部署推荐青云,国外部署推荐 AWS 。私有部署推荐使用 HAProxy 作为 LB ## Coolpy7 应用程序说明 | 应用程序 | 默认端口 | 协议 | 说明 | | ------------------------------------------------------------------------------------------------------------------------------------------ | ---- | --- | ------------------------ | | [go\_build\_Coolpy7\_go\_linux](https://github.com/Coolpy7/Coolpy7/blob/master/go_build_Coolpy7_go_linux.zip) | 1883 | TCP | MQTT 协议端口 | | [go\_build\_Coolpy7\_tls\_go\_linux\_linux](https://github.com/Coolpy7/Coolpy7/blob/master/go_build_Coolpy7_tls_go_linux_linux.zip) | 8883 | TCP | MQTT/TLS1.2 端口 | | [go\_build\_Coolpy7\_ws\_tls\_go\_linux\_linux](https://github.com/Coolpy7/Coolpy7/blob/master/go_build_Coolpy7_ws_tls_go_linux_linux.zip) | 8084 | TCP | MQTT/WebSocket/TLS1.2 端口 | 防火墙根据使用的 MQTT 接入方式,开启上述端口的访问权限。 ## 私有网络部署 CP7 单机服务运行。此方式建议使用于测试或确定当前业务量并不大的情况,由于CP7单节点性能超强,所以一般创业公司可以先以单实例运行,开启快速且低成本的产品运营。运行方式请参阅上一章《*一分钟下载启动Coolpy7*》 ## HAProxy -> CP7 1.HAProxy 作为 LB 部署 CP7 集群,并终结 SSL 连接: | 节点 | IP 地址 | | ------ | ----------- | | cp7\_1 | 192.168.0.2 | | cp7\_2 | 192.168.0.3 | 2\. 配置 /etc/haproxy/haproxy.cfg,示例: ``` listen mqtt-ssl bind *:8883 ssl crt /etc/ssl/cp7/server.pem no-sslv3 mode tcp maxconn 50000 timeout client 600s default_backend emq_cluster backend cp7_cluster mode tcp balance source timeout server 50s timeout check 5000 server cp71 192.168.0.2:1883 check inter 10000 fall 2 rise 5 weight 1 server cp72 192.168.0.3:1883 check inter 10000 fall 2 rise 5 weight 1 source 0.0.0.0 usesrc clientip ``` ## NGINX Plus -> CP7 NGINX Plus 产品作为 CP7 集群 LB,并终结 SSL 连接: 1. 注册 NGINX Plus 试用版,Ubuntu 下安装: 2. 创建 CP7 节点集群,例如: | 节点 | IP 地址 | | ------ | ----------- | | cp7\_1 | 192.168.0.2 | | cp7\_2 | 192.168.0.3 | 3.配置 /etc/nginx/nginx.conf,示例: ``` stream { # Example configuration for TCP load balancing upstream stream_backend { zone tcp_servers 64k; hash $remote_addr; server 192.168.0.2:1883 max_fails=2 fail_timeout=30s; server 192.168.0.3:1883 max_fails=2 fail_timeout=30s; } server { listen 8883 ssl; status_zone tcp_server; proxy_pass stream_backend; proxy_buffer_size 4k; ssl_handshake_timeout 15s; ssl_certificate /etc/cp7/certs/cert.pem; ssl_certificate_key /etc/cp7/certs/key.pem; } } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://coolpy7.gitbook.io/coolpy7book/kai-shi-shi-yong/bu-shu-jia-gou-deployment.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.