HAProxy四层负载均衡

原创已于 2025-08-28 11:34:36 修改 · 204 阅读

CC 4.0 BY-SA版权

文章标签：

于 2025-08-28 11:29:35 首次发布

环境准备
主机	ip	软件
VIP	192.168.121.200
haproxy01	192.168.121.100	haproxy，keepalived
haproxy02	192.168.121.101	haproxy，keepalived
web1	192.168.121.10	nginx
web2	192.168.121.20	nginx
nfs	192.168.121.30	nfs-utils
dns	192.168.121.40	bind

实验步骤：

1.关闭防火墙

在所有主机上执行

# 关闭防火墙
systemctl stop firewalld.service
# 关闭selinux
setenforce 0

2.搭建nfs

2.1安装软件

[root@nfs ~]# dnf install nfs-utils -y

2.2设置共享目录

# 1. 创建共享目录
[root@nfs ~]# mkdir /nfs/data/n1 -p
# 2. 创建共享文件
[root@nfs ~]# echo "index.html 192.168.121.20" > /nfs/data/index.html
[root@nfs ~]# echo "index.html 192.168.121.10" > /nfs/data/n1/index.html
# 3. 设置目录权限
[root@nfs ~]# chown -R nobody: /nfs/data
# 4. 导出目录
[root@nfs ~]# vim /etc/exports
/nfs/data 192.168.121.0/24(rw,sync)

2.3启动服务

[root@nfs ~]# systemctl start nfs-server

2.4验证共享

[root@nfs ~]# showmount -e 192.168.121.30
Export list for 192.168.121.30:
/nfs/data 192.168.121.0/24

3.搭建web服务器（以web1为例，web2需要做同样操作）

3.1安装软件

[root@web1 ~]# dnf install nginx nfs-utils -y

3.2挂载目录

[root@web1 ~]# mount -t nfs 192.168.121.30:/nfs/data /usr/share/nginx/html/

3.3启动服务

[root@web1 ~]# systemctl start nginx

4.搭建DNS

4.1安装软件

[root@dns ~]# dnf install bind -y

4.2配置核心文件

[root@dns ~]# vim /etc/named.conf

options {
	listen-on port 53 { 192.168.121.40; };
	directory	"/var/named";
};

zone "example.com" IN {
	type master;
	file "example.com";
};

4.3编辑区域文件

[root@dns ~]# vim /var/named/example.com

$TTL	1D
@	IN	SOA	example.com.	admin.example.com. (1D 1D 1H 2D 1D)
	IN	NS	ns.example.com.
ns	IN	A	192.168.121.40
www	IN	A	192.168.121.100

4.4启动服务

[root@dns ~]# systemctl start nfs-server

5.搭建haproxy

5.1安装软件

[root@haproxy01 ~]# dnf install haproxy -y
[root@haproxy01 ~]# dnf install keepalived -y

[root@haproxy02 ~]# dnf install haproxy -y
[root@haproxy02 ~]# dnf install keepalived -y

5.2修改网关

修改 haproxy 所在服务器的网关地址，将网关地址指定 dns 服务器的 IP 地址。

[root@haproxy01 ~]# nmcli connection m ens192 ipv4.gateway 192.168.121.30
[root@haproxy01 ~]# nmcli c up ens192 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)

5.3配置服务

[root@haproxy01 ~]# vim /etc/haproxy/haproxy.cfg

global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    stats socket /var/lib/haproxy/stats

    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

frontend main
    bind *:80
    acl n1 path_sub -m sub /n1
    use_backend n1server          if n1
    default_backend             nginxservers

backend n1server
    balance     roundrobin
    server    nginx1 192.168.121.10:80 check inter 2000 rise 3 fall 2 

backend nginxservers
    balance     roundrobin
    server nginx2 192.168.121.20:80 check inter 2000 rise 3 fall 2

[root@haproxy02 ~]# vim /etc/haproxy/haproxy.cfg

global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    stats socket /var/lib/haproxy/stats

    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

frontend main
    bind *:80
    acl n1 path_sub -m sub /n1
    use_backend n1server if n1
    default_backend             nginxservers

backend n1server
    balance     roundrobin
    server    nginx1 192.168.121.10:80 check inter 2000 rise 3 fall 2 

backend nginxservers
    balance     roundrobin
    server nginx2 192.168.121.20:80 check inter 2000 rise 3 fall 2

5.4搭建keepalived

在haproxy01上操作

[root@haproxy01 ~]# vim /etc/keepalived/keepalived.conf

global_defs {
   router_id LVS_DEVEL-1
}

vrrp_instance VI_1 {
    state MASTER
    interface ens192
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.200
    }
}

在haproxy02上操作

[root@haproxy02 ~]# vim /etc/keepalived/keepalived.conf

global_defs {
   router_id LVS_DEVEL-2
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens192
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.121.200
    }
}

5.5启动服务

[root@haproxy01 ~]# systemctl start keepalived.service 
[root@haproxy01 ~]# systemctl start haproxy

[root@haproxy02 ~]# systemctl start keepalived.service 
[root@haproxy02 ~]# systemctl start haproxy

5.6访问测试

[root@haproxy01 ~]# curl 192.168.121.100
index.html 192.168.121.20
[root@haproxy01 ~]# curl 192.168.121.100/n1/
index.html 192.168.121.10

[root@haproxy02 ~]# curl 192.168.121.100
index.html 192.168.121.20
[root@haproxy02 ~]# curl 192.168.121.100/n1/
index.html 192.168.121.10