HAProxy的安装与应用
2018-05-31 本文已影响92人
dabule
HAProxy是一个使用C语言编写的自由及开放源代码软件[1],其提供高可用性、负载均衡,以及基于TCP和HTTP的应用程序代理。这里贴出yum仓库中对haproxy的介绍,这里主要将如何安装应用,对程序不多过多描述.
: HAProxy is a TCP/HTTP reverse proxy which is particularly suited for
: high availability environments. Indeed, it can:
: - route HTTP requests depending on statically assigned cookies
: - spread load among several servers while assuring server persistence
: through the use of HTTP cookies
: - switch to backup servers in the event a main server fails
: - accept connections to special ports dedicated to service monitoring
: - stop accepting connections without breaking existing ones
: - add, modify, and delete HTTP headers in both directions
: - block requests matching particular patterns
: - report detailed status to authenticated users from a URI
: intercepted by the application
说明一下实验环境配置:
haproxy server: 192.168.1.106
server1: 192.168.1.105
server2: 192.168.1.109
在配置之前要用ntpdate命令对3台机子进行时间同步.
[root@localhost ~]# ntpdate 192.168.1.0
31 May 20:59:49 ntpdate[11432]: no servers can be used, exiting
1.在server上安装web服务:
在两台真实的web服务机器上安装httpd或者nginx,前面的博客有提到了,这里选择安装httpd服务,在两台机器上直接yum安装即可.
[root@localhost ~]# yum -y install httpd
2.配置web服务的主页:
一般后端的主页应该是一致的,这里为了演示效果两台web服务的主页都不一样.
109主机上:
[root@localhost ~]# vim /var/www/html/index.html
<109@com>
~
:wq
105主机上:
[root@localhost ~]# vim /var/www/html/index.html
<105@com>
~
~
~
:wq
3.关闭防火墙:
防止iptable对实验有影响可以先将两个主机的iptable清空,有必要也可以将firewalld停掉.在105和109主机上运行如下两个命令..
[root@localhost ~]# iptables -F
[root@localhost ~]# systemctl stop firewalld.service
4.启动服务并检验:
启动httpd服务并在客户端验证配置,在105和109上运行如下命令
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
在客户端验证,出现如下信息则说明配置成功,提示没有curl命令就自己yum安装一个.
[root@localhost ~]# curl http://192.168.1.109/index.html
<109@com>
[root@localhost ~]# curl http://192.168.1.105/index.html
<105@com>
5.在haproxy服务器端安装:
haproxy在centos6.7之后就默认在base的yum仓库中直接yum安装就可以了,这里我已经安装好了.
[root@localhost ~]# yum -y install haproxy
Loaded plugins: fastestmirror, langpacks
Repository epel is listed more than once in the configuration
Repository epel-debuginfo is listed more than once in the configuration
Repository epel-source is listed more than once in the configuration
base | 3.6 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/2): epel/x86_64/updateinfo | 930 kB 00:00:02
(2/2): epel/x86_64/primary_db | 6.4 MB 00:00:02
Loading mirror speeds from cached hostfile
* base: mirror.bit.edu.cn
* epel: mirrors.aliyun.com
* extras: mirrors.nju.edu.cn
* updates: mirrors.nju.edu.cn
Package haproxy-1.5.18-7.el7.x86_64 already installed and latest version
Nothing to do
6.查询并配置:
对于刚安装的服务不知道配置文件路径的可以使用rpm命令查询.如下是haproxy服务安装的所有所有文件路径.
[root@localhost ~]# rpm -ql haproxy
/etc/haproxy
/etc/haproxy/haproxy.cfg
/etc/logrotate.d/haproxy
/etc/sysconfig/haproxy
/usr/bin/halog
/usr/bin/iprange
/usr/lib/systemd/system/haproxy.service
/usr/sbin/haproxy
/usr/sbin/haproxy-systemd-wrapper
/usr/share/doc/haproxy-1.5.18
/usr/share/doc/haproxy-1.5.18/CHANGELOG
/usr/share/doc/haproxy-1.5.18/LICENSE
/usr/share/doc/haproxy-1.5.18/README
/usr/share/doc/haproxy-1.5.18/ROADMAP
/usr/share/doc/haproxy-1.5.18/VERSION
/usr/share/doc/haproxy-1.5.18/acl.fig
/usr/share/doc/haproxy-1.5.18/architecture.txt
/usr/share/doc/haproxy-1.5.18/close-options.txt
/usr/share/doc/haproxy-1.5.18/coding-style.txt
/usr/share/doc/haproxy-1.5.18/configuration.txt
/usr/share/doc/haproxy-1.5.18/cookie-options.txt
/usr/share/doc/haproxy-1.5.18/design-thoughts
/usr/share/doc/haproxy-1.5.18/design-thoughts/backends-v0.txt
/usr/share/doc/haproxy-1.5.18/design-thoughts/backends.txt
/usr/share/doc/haproxy-1.5.18/design-thoughts/be-fe-changes.txt
/usr/share/doc/haproxy-1.5.18/design-thoughts/binding-possibilities.txt
/usr/share/doc/haproxy-1.5.18/design-thoughts/buffer-redesign.txt
/usr/share/doc/haproxy-1.5.18/design-thoughts/buffers.fig
/usr/share/doc/haproxy-1.5.18/design-thoughts/config-language.txt
/usr/share/doc/haproxy-1.5.18/design-thoughts/connection-reuse.txt
/usr/share/doc/haproxy-1.5.18/design-thoughts/cttproxy-changes.txt
/usr/share/doc/haproxy-1.5.18/design-thoughts/entities-v2.txt
/usr/share/doc/haproxy-1.5.18/design-thoughts/how-it-works.txt
/usr/share/doc/haproxy-1.5.18/design-thoughts/http_load_time.url
/usr/share/doc/haproxy-1.5.18/design-thoughts/rate-shaping.txt
/usr/share/doc/haproxy-1.5.18/design-thoughts/sess_par_sec.txt
/usr/share/doc/haproxy-1.5.18/examples
/usr/share/doc/haproxy-1.5.18/examples/acl-content-sw.cfg
/usr/share/doc/haproxy-1.5.18/examples/auth.cfg
/usr/share/doc/haproxy-1.5.18/examples/build.cfg
/usr/share/doc/haproxy-1.5.18/examples/content-sw-sample.cfg
/usr/share/doc/haproxy-1.5.18/examples/cttproxy-src.cfg
/usr/share/doc/haproxy-1.5.18/examples/examples.cfg
/usr/share/doc/haproxy-1.5.18/examples/haproxy.cfg
/usr/share/doc/haproxy-1.5.18/examples/option-http_proxy.cfg
/usr/share/doc/haproxy-1.5.18/examples/ssl.cfg
/usr/share/doc/haproxy-1.5.18/examples/tarpit.cfg
/usr/share/doc/haproxy-1.5.18/examples/test-section-kw.cfg
/usr/share/doc/haproxy-1.5.18/examples/transparent_proxy.cfg
/usr/share/doc/haproxy-1.5.18/examples/url-switching.cfg
/usr/share/doc/haproxy-1.5.18/gpl.txt
/usr/share/doc/haproxy-1.5.18/haproxy-en.txt
/usr/share/doc/haproxy-1.5.18/haproxy-fr.txt
/usr/share/doc/haproxy-1.5.18/haproxy.1
/usr/share/doc/haproxy-1.5.18/internals
/usr/share/doc/haproxy-1.5.18/internals/acl.txt
/usr/share/doc/haproxy-1.5.18/internals/body-parsing.txt
/usr/share/doc/haproxy-1.5.18/internals/buffer-operations.txt
/usr/share/doc/haproxy-1.5.18/internals/buffer-ops.fig
/usr/share/doc/haproxy-1.5.18/internals/connect-status.txt
/usr/share/doc/haproxy-1.5.18/internals/connection-header.txt
/usr/share/doc/haproxy-1.5.18/internals/connection-scale.txt
/usr/share/doc/haproxy-1.5.18/internals/entities.fig
/usr/share/doc/haproxy-1.5.18/internals/entities.pdf
/usr/share/doc/haproxy-1.5.18/internals/entities.svg
/usr/share/doc/haproxy-1.5.18/internals/entities.txt
/usr/share/doc/haproxy-1.5.18/internals/hashing.txt
/usr/share/doc/haproxy-1.5.18/internals/header-parser-speed.txt
/usr/share/doc/haproxy-1.5.18/internals/header-tree.txt
/usr/share/doc/haproxy-1.5.18/internals/http-cookies.txt
/usr/share/doc/haproxy-1.5.18/internals/http-docs.txt
/usr/share/doc/haproxy-1.5.18/internals/http-parsing.txt
/usr/share/doc/haproxy-1.5.18/internals/naming.txt
/usr/share/doc/haproxy-1.5.18/internals/pattern.dia
/usr/share/doc/haproxy-1.5.18/internals/pattern.pdf
/usr/share/doc/haproxy-1.5.18/internals/polling-states.fig
/usr/share/doc/haproxy-1.5.18/internals/repartition-be-fe-fi.txt
/usr/share/doc/haproxy-1.5.18/internals/sequence.fig
/usr/share/doc/haproxy-1.5.18/internals/stats-v2.txt
/usr/share/doc/haproxy-1.5.18/internals/stream-sock-states.fig
/usr/share/doc/haproxy-1.5.18/internals/todo.cttproxy
/usr/share/doc/haproxy-1.5.18/lgpl.txt
/usr/share/doc/haproxy-1.5.18/proxy-protocol.txt
/usr/share/doc/haproxy-1.5.18/queuing.fig
/usr/share/haproxy
/usr/share/haproxy/400.http
/usr/share/haproxy/403.http
/usr/share/haproxy/408.http
/usr/share/haproxy/500.http
/usr/share/haproxy/502.http
/usr/share/haproxy/503.http
/usr/share/haproxy/504.http
/usr/share/haproxy/README
/usr/share/man/man1/halog.1.gz
/usr/share/man/man1/haproxy.1.gz
/var/lib/haproxy
看到有一个/etc/haproxy/haproxy.cfg可以猜测是配置文件了,打开看看
[root@localhost ~]# vim /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main *:5000
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
server app1 127.0.0.1:5001 check
server app2 127.0.0.1:5002 check
server app3 127.0.0.1:5003 check
server app4 127.0.0.1:5004 check
这里先简单说明一下配置参数,之后再详细配置到再进行说明.
global:全局配置段,全局有效
进程及安全配置相关的参数
有chroot, deamon, user,group,uid, gid,log.等等很多参数,详情可以看官方文档,这里简单说说几个.
log: 定义全局的syslog服务器,最多只能定义两个,使用格式如下:
log <address> [len <length>] <facility> [max level [min level]]
facility:收集日志流并统一存放在统一位置,
nbproc <number>:要启动的haproxy的进程数量
ulimit-n <number>:每个haproxy进程可打开的最大文件数量
因为的配置文件中的log是这样的配置(haproxy没有日志功能)
log 127.0.0.1 local2
所以要在本地本机上 vim /etc/rsyslog.conf 添加如下的配置,监听udp并指定local2的位置,
$ModLoad imudp
$UDPServerRun 514
local2.* /var/log/haproxy.log
然后重启
[root@localhost ~]# systemctl start rsyslog.service
[root@localhost ~]# ss -uln
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:54689 *:*
UNCONN 0 0 *:59841 *:*
UNCONN 0 0 *:514 *:*
UNCONN 0 0 *:57283 *:*
UNCONN 0 0 192.168.122.1:53 *:*
UNCONN 0 0 *%virbr0:67 *:*
UNCONN 0 0 *:68 *:*
UNCONN 0 0 *:5353 *:*
UNCONN 0 0 127.0.0.1:323 *:*
UNCONN 0 0 :::514 #监听了514端口了 :::*
UNCONN 0 0 :::24181 :::*
UNCONN 0 0 ::1:323
性能调整相关参数
maxconn <number>:每个haproxy进程所能接受的最大并发连接数
maxconnrate <number>:每个haproxy进程每秒种所能创建的最大连接数量
maxsessrate <number>:在SSL安全套接字下每个haproxy进程每秒种所能创建的最大连接数量
maxsslconn <number>: 在SSL安全套接字下每个haproxy进程所能接受的最大并发连接数
proxies:代理配置段,近在代理服务器从生效.
defaults:
为frontend, listen, backend提供默认配置
fronted:
前端代理服务器,相当于nginx, server {}
backend:
后端真实服务器,相当于nginx, upstream {}
listen:
同时拥前端和后端
7.配置haproxy服务:
在 /etc/haproxy/haproxy.cfg注释掉默认的代理配置并添加如下的配置.
[root@localhost ~]# vim /etc/haproxy/haproxy.cfg
...省略...
#frontend main *:5000
# acl url_static path_beg -i /static /images /javascript /stylesheets
# acl url_static path_end -i .jpg .gif .png .css .js
#
# use_backend static if url_static
# default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#backend static
# balance roundrobin
# server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
#backend app
# balance roundrobin
# server app1 127.0.0.1:5001 check
# server app2 127.0.0.1:5002 check
# server app3 127.0.0.1:5003 check
# server app4 127.0.0.1:5004 check
frontend testweb #定义名称为 testweb 的frontend
bind *:80 #监听所有地址的web服务80端口
default_backend mywebs #定义名称为mywebs的backend后端web服务
backend mywebs #定义名称为mywebs的backend
balance roundrobin #定义负载均衡算法
server srv1 192.168.1.105:80 check
server srv2 192.168.1.109:80 check
#定义server
# srv1: server的id名称
#check:进行健康检测
8.启动haproxy并检验:
[root@localhost ~]# systemctl enable haproxy
Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.
--------------分割线--------------
在客户端上实验
[root@localhost ~]# for i in {1..10}; do curl http://192.168.1.106/; done
<105@com>
<109@com>
<105@com>
<109@com>
<105@com>
<109@com>
<105@com>
<109@com>
<105@com>
<109@com>
到这里就完成了一个简单的haproxy服务的配置.
