转自:
http://freeloda.blog.51cto.com/2033581/1294094
1.实验拓扑
node1(192.168.0.71)
/
HAProxy
(192.168.0.120)
\
node2(192.168.0.171)
2.环境准备
操作系统:CentOS 6.8
软件版本: haproxy-1.5.4-3.el6.x86_64
安装 httpd:
[root@node1 ~]# yum install -y httpd
[root@node2 ~]# yum install -y httpd
提供测试文件
[root@node1 ~]# cat /var/www/html/index.html
<h1>node1.test.com</h1>
[root@node2 ~]# cat /var/www/html/index.html
<h1>node2.test.com</h1>
启动httpd
[root@node1 ~]# service httpd start
正在启动 httpd: [确定]
[root@node2 ~]# service httpd start
正在启动 httpd: [确定]
测试一下:
[root@vm_mac ~]# curl http://node1.test.com
<h1>node1.test.com</h1>
[root@vm_mac ~]# curl http://node2.test.com
<h1>node2.test.com</h1>
3.安装yum源
[root@node1 ~]# rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[root@node2 ~]# rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[root@haproxy ~]# rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
4.同步时间
[root@node1 ~]# ntpdate 202.120.2.101
[root@node2 ~]# ntpdate 202.120.2.101
[root@haproxy ~]# ntpdate 202.120.2.101
5.关闭防火墙与SELinux
[root@node1 ~]# service iptables stop
[root@node1 ~]# chkconfig iptables off
[root@node1 ~]# getenforce
Disabled
[root@node2 ~]# service iptables stop
[root@node2 ~]# chkconfig iptables off
[root@node2 ~]# getenforce
Disabled
[root@haproxy ~]# service iptables stop
[root@haproxy ~]# chkconfig iptables off
[root@haproxy ~]# getenforce
Disabled
6.安装haproxy
[root@haproxy ~]# yum install -y haproxy
7.查看一下安装文件
[root@vm_mac ~]# rpm -ql haproxy
/etc/haproxy
/etc/haproxy/haproxy.cfg
/etc/logrotate.d/haproxy
/etc/rc.d/init.d/haproxy
/etc/sysconfig/haproxy
/usr/bin/halog
/usr/bin/iprange
/usr/sbin/haproxy
/usr/share/doc/haproxy-1.5.4
/usr/share/doc/haproxy-1.5.4/CHANGELOG
/usr/share/doc/haproxy-1.5.4/LICENSE
/usr/share/doc/haproxy-1.5.4/README
/usr/share/doc/haproxy-1.5.4/acl-content-sw.cfg
/usr/share/doc/haproxy-1.5.4/acl.fig
/usr/share/doc/haproxy-1.5.4/architecture.txt
/usr/share/doc/haproxy-1.5.4/close-options.txt
/usr/share/doc/haproxy-1.5.4/coding-style.txt
/usr/share/doc/haproxy-1.5.4/configuration.txt
/usr/share/doc/haproxy-1.5.4/content-sw-sample.cfg
/usr/share/doc/haproxy-1.5.4/cookie-options.txt
/usr/share/doc/haproxy-1.5.4/cttproxy-src.cfg
/usr/share/doc/haproxy-1.5.4/design-thoughts
/usr/share/doc/haproxy-1.5.4/design-thoughts/backends-v0.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/backends.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/be-fe-changes.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/binding-possibilities.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/buffer-redesign.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/buffers.fig
/usr/share/doc/haproxy-1.5.4/design-thoughts/config-language.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/connection-reuse.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/cttproxy-changes.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/entities-v2.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/how-it-works.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/http_load_time.url
/usr/share/doc/haproxy-1.5.4/design-thoughts/rate-shaping.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/sess_par_sec.txt
/usr/share/doc/haproxy-1.5.4/gpl.txt
/usr/share/doc/haproxy-1.5.4/haproxy-en.txt
/usr/share/doc/haproxy-1.5.4/haproxy-fr.txt
/usr/share/doc/haproxy-1.5.4/haproxy.1
/usr/share/doc/haproxy-1.5.4/haproxy.cfg
/usr/share/doc/haproxy-1.5.4/internals
/usr/share/doc/haproxy-1.5.4/internals/acl.txt
/usr/share/doc/haproxy-1.5.4/internals/body-parsing.txt
/usr/share/doc/haproxy-1.5.4/internals/buffer-operations.txt
/usr/share/doc/haproxy-1.5.4/internals/buffer-ops.fig
/usr/share/doc/haproxy-1.5.4/internals/connect-status.txt
/usr/share/doc/haproxy-1.5.4/internals/connection-header.txt
/usr/share/doc/haproxy-1.5.4/internals/connection-scale.txt
/usr/share/doc/haproxy-1.5.4/internals/entities.fig
/usr/share/doc/haproxy-1.5.4/internals/entities.pdf
/usr/share/doc/haproxy-1.5.4/internals/entities.svg
/usr/share/doc/haproxy-1.5.4/internals/entities.txt
/usr/share/doc/haproxy-1.5.4/internals/hashing.txt
/usr/share/doc/haproxy-1.5.4/internals/header-parser-speed.txt
/usr/share/doc/haproxy-1.5.4/internals/header-tree.txt
/usr/share/doc/haproxy-1.5.4/internals/http-cookies.txt
/usr/share/doc/haproxy-1.5.4/internals/http-docs.txt
/usr/share/doc/haproxy-1.5.4/internals/http-parsing.txt
/usr/share/doc/haproxy-1.5.4/internals/naming.txt
/usr/share/doc/haproxy-1.5.4/internals/pattern.dia
/usr/share/doc/haproxy-1.5.4/internals/pattern.pdf
/usr/share/doc/haproxy-1.5.4/internals/polling-states.fig
/usr/share/doc/haproxy-1.5.4/internals/repartition-be-fe-fi.txt
/usr/share/doc/haproxy-1.5.4/internals/sequence.fig
/usr/share/doc/haproxy-1.5.4/internals/stats-v2.txt
/usr/share/doc/haproxy-1.5.4/internals/stream-sock-states.fig
/usr/share/doc/haproxy-1.5.4/internals/todo.cttproxy
/usr/share/doc/haproxy-1.5.4/lgpl.txt
/usr/share/doc/haproxy-1.5.4/proxy-protocol.txt
/usr/share/doc/haproxy-1.5.4/queuing.fig
/usr/share/doc/haproxy-1.5.4/tarpit.cfg
/usr/share/doc/haproxy-1.5.4/url-switching.cfg
/usr/share/haproxy
/usr/share/haproxy/400.http
/usr/share/haproxy/403.http
/usr/share/haproxy/408.http
/usr/share/haproxy/500.http
/usr/share/haproxy/502.http
/usr/share/haproxy/503.http
/usr/share/haproxy/504.http
/usr/share/haproxy/README
/usr/share/man/man1/halog.1.gz
/usr/share/man/man1/haproxy.1.gz
/var/lib/haproxy
8.haproxy 命令详解
[root@vm_mac ~]# haproxy -h
HA-Proxy version 1.5.4 2014/09/02
Copyright 2000-2014 Willy Tarreau <w@1wt.eu>
Usage : haproxy [-f <cfgfile>]* [ -vdVD ] [ -n <maxconn> ] [ -N <maxpconn> ]
[ -p <pidfile> ] [ -m <max megs> ] [ -C <dir> ]
-v displays version ; -vv shows known build options.
-d enters debug mode ; -db only disables background mode.
-dM[<byte>] poisons memory with <byte> (defaults to 0x50)
-V enters verbose mode (disables quiet mode)
-D goes daemon ; -C changes to <dir> before loading files.
-q quiet mode : don't display messages
-c check mode : only check config files and exit
-n sets the maximum total # of connections (2000)
-m limits the usable amount of memory (in MB)
-N sets the default, per-proxy maximum # of connections (2000)
-L set local peer name (default to hostname)
-p writes pids of all children to this file
-de disables epoll() usage even when available
-dp disables poll() usage even when available
-dS disables splice usage (broken on old kernels)
-dV disables SSL verify on servers side
-sf/-st [pid ]* finishes/terminates old pids. Must be last arguments.
说明:
haproxy [-f < 配置文件>] [ -vdVD ] [-n 最大并发连接总数] [-N 每个侦听的最大并发数]
[ -p <当前的PID文件> ] [-m <内存限制M>]
-v 显示当前版本信息;-vv 显示已知的创建选项
-d 前台,debug模式;-db 禁用后台模式,程序跑在前台
-V 详细模式
-D daemon模式启动
-q 安静模式,不输出信息
-c 对配置文件进行语法检查
-n 最大并发连接总数
-m 限制的可用内存大小
-N 设置默认的连接数
-p 设置当前的PID文件
-de 不使用epoll
-ds 不使用speculative epoll
-dp 不使用poll
-sf 程序启动后向pidlist里的进程发送FINISH信号,这个参数放在命令行的最后
-st 程序启动后向pidlist里的进程发送TERMINATE信号,这个参数放在命令行的最后
9.查看一下默认配置文件
[root@haproxy haproxy]# cat haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt #官方配置文档,很详细,英文没问题的博友,可以看看
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings #全局配置文件
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to: #配置日志
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog #修改syslog配置文件
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog #定义日志设备
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2 #
#全局的日志配置 其中日志级别是[err warning info debug]
#local0 是日志设备,必须为如下24种标准syslog设备的一种:
#kern user mail daemon auth syslog lpr news
#uucp cron auth2 ftp ntp audit alert cron2
#local0 local1 local2 local3 local4 local5 local6 local7
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid #将所有进程的pid写入文件启动进程的用户必须有权限访问此文件。
maxconn 4000 #最大连接数,默认4000
user haproxy #用户
group haproxy #组
daemon ##创建1个进程进入deamon模式运行。此参数要求将运行模式设置为"daemon"
# turn on stats unix socket #unix socket 文件
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block #默认的全局设置,这些参数可以被利用配置到frontend,backend,listen组件
#---------------------------------------------------------------------
defaults
mode http #默认的模式mode { tcp|http|health },tcp是4层,http是7层,health只会返回OK
log global #采用全局定义的日志
option httplog #日志类别 http 日志格式
option dontlognull #不记录健康检查的日志信息
option http-server-close #每次请求完毕后主动关闭http通道
option forwardfor except 127.0.0.0/8 #不记录本机转发的日志
option redispatch #serverId 对应的服务器挂掉后,强制定向到其他健康的服务器
retries 3 #3次连接失败就认为服务不可用,也可以通过后面设置
timeout http-request 10s #请求超时
timeout queue 1m #队列超时
timeout connect 10s #连接超时
timeout client 1m #客户端连接超时
timeout server 1m #服务器连接超时
timeout http-keep-alive 10s #长连接超时
timeout check 10s #检查超时
maxconn 3000 #最大连接数
#---------------------------------------------------------------------
# main frontend which proxys to the backends #frontend 与backends 代理配置
#---------------------------------------------------------------------
frontend main *:5000
#acl策略配置
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static #满足策略要求,则响应策略定义的backend页面
default_backend app #不满足则响应 backend 的默认页面
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such #定义使用静态后端图像,样式表等
#---------------------------------------------------------------------
backend static
balance roundrobin #负载均衡模式轮询
server static 127.0.0.1:4331 check #服务器定义
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin #负载均衡模式轮询
server app1 127.0.0.1:5001 check #服务器定义,check进行健康检查
server app2 127.0.0.1:5002 check
server app3 127.0.0.1:5003 check
server app4 127.0.0.1:5004 check
好了,默认的配置文件我们就说到这里,相信大家对配置文件已有了大致的了解,下面我们配置一个案例,让大家更深入的了解haproxy。
10.haproxy 案例演示
1.负载均衡Web服务器的案例
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 30000
listen stats
mode http
bind 0.0.0.0:1080
stats enable
stats hide-version
stats uri /haproxyadmin?stats
stats realm Haproxy\ Statistics
stats auth admin:admin
stats admin if TRUE
frontend http-in
bind *:80
mode http
log global
option httpclose
option logasap
option dontlognull
capture request header Host len 20
capture request header Referer len 60
default_backend servers
frontend healthcheck
bind :1099
mode http
option httpclose
option forwardfor
default_backend servers
backend servers
balance roundrobin
server websrv1 192.168.0.71:80 check maxconn 2000
server websrv2 192.168.0.171:80 check maxconn 2000
注,首先我们来配置一下日志,不然haproxy无法记录日志。
2.配置haproxy日志
注,配置方法配置文件中已说明,我们这里来演示一下
(1).修改系统日志的配置文件
[root@haproxy ~]# vim /etc/sysconfig/rsyslog
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
SYSLOGD_OPTIONS="-c 2 -r"
(2).增加日志设备
[root@haproxy ~]# vim /etc/rsyslog.conf
# Provides TCP syslog reception
# 使其接收 TCP 连接
$ModLoad imtcp
$InputTCPServerRun 514
#增加一行
local2.* /var/log/haproxy.log
(3).重新启动一下日志服务
[root@haproxy ~]# service rsyslog restart
关闭系统日志记录器: [确定]
启动系统日志记录器: [确定]
[root@vm_mac haproxy]# ss -tnl
LISTEN 0 25 :::514 :::*
LISTEN 0 25 *:514
3.修改配置文件
如上:负载均衡Web服务器的案例
4.查检一下配置文件
[root@haproxy ~]# haproxy -c -f /etc/haproxy/haproxy.cfg
Configuration file is valid
5.启动haproxy
[root@haproxy ~]# service haproxy start
正在启动 haproxy:
6.查看一下端口
[root@haproxy ~]# netstat -ntulp | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3695/haproxy
7.测试一下
[root@vm_mac haproxy]# curl http://192.168.0.120
<h1>lamp1.guli.com</h1>
[root@vm_mac haproxy]# curl http://192.168.0.120
<h1>vm1.guli.com</h1>
[root@vm_mac haproxy]# curl http://192.168.0.120
<h1>lamp1.guli.com</h1>
[root@vm_mac haproxy]# curl http://192.168.0.120
<h1>vm1.guli.com</h1>
[root@vm_mac haproxy]# curl http://192.168.0.120
<h1>lamp1.guli.com</h1>
大家可以看到,你不断的刷新,node1与node2在不停的切换,说明我们的haproxy负载均衡配置成功。
8.配置文件详解
注,现在大家再来看这个配置文件应该就很容易理解了。好了,下面我们来具体说一下。
[root@haproxy ~]# cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Global settings 全局配置
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
#上面的注释是告诉我们怎么配置日志的
log 127.0.0.1 local2 #定义日志
chroot /var/lib/haproxy #安全模式
pidfile /var/run/haproxy.pid #pid文件
maxconn 4000 #最大连接数
user haproxy #用户
group haproxy #组合
daemon
#---------------------------------------------------------------------
# Proxy settings 代理配置,下面全是代理配置
#---------------------------------------------------------------------
defaults #配置默认参数的,这些参数可以被利用配置到frontend,backend,listen组件
mode http #默认的模式mode { tcp|http|health },tcp是4层,http是7层,health只会返回OK(注,health已经废弃)
log global #采用全局定义的日志
option httplog #日志类别http日志格式
option dontlognull #不记录健康检查的日志信息
option http-server-close #每次请求完毕后主动关闭http通道
option forwardfor except 127.0.0.0/8 #不记录本机转发的日志
option redispatch #serverId 对应的服务器挂掉后,强制定向到其他健康的服务器
retries 3 #3次连接失败就认为服务不可用,也可以通过后面设置
timeout http-request 10s #请求超时
timeout queue 1m #队列超时
timeout connect 10s #连接超时
timeout client 1m #客户端连接超时
timeout server 1m #服务器连接超时
timeout http-keep-alive 10s #长连接超时
timeout check 10s #检查超时
maxconn 30000 #最大连接数
listen stats #listen是Frontend和Backend的组合体。这里定义的是haproxy监控!
mode http #模式http
bind 0.0.0.0:1080 #绑定的监控ip与端口
stats enable #启用监控
stats hide-version #隐藏haproxy版本
stats uri /haproxyadmin?stats #定义的uri
stats realm Haproxy\ Statistics #定义显示文字
stats auth admin:admin #认证
stats admin if TRUE
frontend http-in #接收请求的前端虚拟节点,Frontend可以根据规则直接指定具体使用后端的 backend(可动态选择)。这里定义的是http服务!
bind *:80 #绑定的监控ip与端口
mode http #模式http
log global #定义日志
option httpclose #每次请求完毕后主动关闭http通道
option logasap #
option dontlognull ##不记录健康检查的日志信息
capture request header Host len 20
capture request header Referer len 60
default_backend servers #定义的默认backend
frontend healthcheck
bind :1099
mode http
option httpclose
option forwardfor
default_backend servers #定义的默认backend
backend servers #后端服务集群的配置,是真实的服务器,一个Backend对应一个或者多个实体服务器。
balance roundrobin #负载均衡方式为轮询
server websrv1 192.168.18.201:80 check maxconn 2000 #定义server,check 健康检查,maxconn 定义最大连接数
server websrv2 192.168.18.202:80 check maxconn 2000
好了,到这里我们案例就讲解完成了,下面我们再来补充一下,配置文件中的常用关键字参考。
网友评论