haproxy简介:
HAProxy是一个使用C语言编写的自由及开放源代码软件[1],其提供高可用性、负载均衡,以及基于TCP和HTTP的应用程序代理。
HAProxy特别适用于那些负载特大的web站点,这些站点通常又需要会话保持或七层处理。HAProxy运行在当前的硬件上,完全可以支持数以万计的并发连接。并且它的运行模式使得它可以很简单安全的整合进您当前的架构中, 同时可以保护你的web服务器不被暴露到网络上。
HAProxy实现了一种事件驱动, 单一进程模型,此模型支持非常大的并发连接数。多进程或多线程模型受内存限制 、系统调度器限制以及无处不在的锁限制,很少能处理数千并发连接。事件驱动模型因为在有更好的资源和时间管理的用户空间(User-Space) 实现所有这些任务,所以没有这些问题。此模型的弊端是,在多核系统上,这些程序通常扩展性较差。这就是为什么他们必须进行优化以 使每个CPU时间片(Cycle)做更多的工作。
包括 GitHub、Bitbucket[3]、Stack Overflow[4]、Reddit、Tumblr、Twitter[5][6]和 Tuenti[7]在内的知名网站,及亚马逊网络服务系统都使用了HAProxy。 [1]
环境
| 调度服务器 | 192.168.11.150 |
|---|---|
| Web1服务器 | 192.168.11.146/24 |
| Web2服务器 | 192.168.11.148/24 |
关闭防火墙和seliunx
[root@RS2 ~]# systemctl stop firewalld
[root@RS2 ~]# setenforce 0
//安装httpd
[root@RS1 ~]# yum -y install httpd
[root@RS1 ~]# cd /var/www/html/
[root@RS1 html]# echo 'rs1' > index.html
[root@RS1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS2 html]# yum -y install httpd
[root@RS2 ~]# cd /var/www/html/
[root@RS2 html]# echo 'rs2' > index.html
[root@RS2 html]# systemctl enable --now httpd
[root@RS1 ~]# scp www.example.com.crt www.example.com.key 192.168.11.148:/root
[root@RS1 ~]# vim /etc/httpd/conf.d/ssl.conf
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
SSLCertificateFile /etc/httpd/ssl/www.example.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/www.example.com.key
//安装模块mod_ssl
[root@RS1 ~]# yum -y install mod_ssl
[root@RS2 ~]# yum -y install mod_ssl
取消注释
[root@RS1 ~]# vim /etc/httpd/conf.d/ssl.conf
DocumentRoot "/var/www/html" 取消注释
ServerName www.example.com:443 取消注释
//修改证书存放位置
SSLCertificateFile /etc/httpd/ssl/www.example.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/www.example.com.key
[root@RS1 ~]# systemctl restart httpd
[root@RS1 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
[root@RS1 ~]#
[root@RS2 ~]# mkdir /etc/httpd/ssl && mv www.example.com.* /etc/httpd/ssl/
[root@RS2 ~]# vim /etc/httpd/conf.d/ssl.conf
[root@localhost ~]# mkdir /etc/httpd/ssl && mv www.example.com.* /etc/httpd/ssl/
取消注释
[root@RS2 ~]# vim /etc/httpd/conf.d/ssl.conf
DocumentRoot "/var/www/html" 取消注释
ServerName www.example.com:443 取消注释
//修改证书存放位置
SSLCertificateFile /etc/httpd/ssl/www.example.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/www.example.com.key
[root@RS2 ~]# systemctl restart httpd
[root@RS2 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:443 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
[root@RS2 ~]#
haproxy安装
//安装依赖包
[root@haproxy ~]# yum -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel
//创建账户
[root@haproxy ~]# useradd -r -M -s /sbin/nologin haproxy
//解压
[root@haproxy ~]# tar xf haproxy-2.3.0.tar.gz
[root@haproxy ~]# cd haproxy-2.3.0
[root@haproxy haproxy-2.3.0]# make clean //清除临时文件; 清理临时文件
```
//编译
[root@haproxy haproxy-2.3.0]# make -j $(grep 'processor' /proc/cpuinfo |wc -l) \
TARGET=linux-glibc \
USE_OPENSSL=1 \
USE_ZLIB=1 \
USE_PCRE=1 \
USE_SYSTEMD=1
[root@haproxy haproxy-2.3.0]# make install PREFIX=/usr/local/haproxy
[root@haproxy haproxy-2.3.0]# cp haproxy /usr/sbin/
配置各个负载的内核参数
[root@haproxy haproxy-2.3.0]# echo 'net.ipv4.ip_nonlocal_bind = 1' >> /etc/sysctl.conf
[root@haproxy haproxy-2.3.0]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
[root@haproxy haproxy-2.3.0]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
[root@haproxy haproxy-2.3.0]#
提供配置文件
[root@haproxy haproxy-2.3.0]# mkdir /etc/haproxy //创建一个haproxy目录
[root@haproxy haproxy-2.3.0]# cat > /etc/haproxy/haproxy.cfg <<EOF
#--------------全局配置----------------
global
log 127.0.0.1 local0 info
#log loghost local0 info
maxconn 20480
#chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid
#maxconn 4000
user haproxy
group haproxy
daemon
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option dontlognull
option httpclose
option httplog
#option forwardfor
option redispatch
balance roundrobin
timeout connect 10s
timeout client 10s
timeout server 10s
timeout check 10s
maxconn 60000
retries 3
#--------------统计页面配置------------------
listen admin_stats
bind 0.0.0.0:8189
stats enable
mode http
log global
stats uri /haproxy_stats
stats realm Haproxy\ Statistics
stats auth admin:admin
#stats hide-version
stats admin if TRUE
stats refresh 30s
#---------------web设置-----------------------
listen webcluster
bind 0.0.0.0:80
mode http
#option httpchk GET /index.html
log global
maxconn 3000
balance roundrobin
# cookie SESSION_COOKIE insert indirect nocache
server web01 192.168.11.148:80 check inter 2000 fall 5
server web01 192.168.146:80 cookie web01 check inter 2000 fall 5
[root@ld ~]# vim /etc/haproxy/haproxy.cfg
cookie SESSION_COOKIE insert indirect nocache
server web01 192.168.11.148:80 check inter 2000 fall 5
server web01 192.168.146:80 cookie web01 check inter 2000 fall 5
EOF
haproxy.service文件编写
[[root@localhost haproxy-2.3.0]# vim /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
[Install]
WantedBy=multi-user.target
~
[root@haproxy ~]# systemctl daemon-reload //重新加载
启用日志
[root@haproxy ~]# vim /etc/rsyslog.conf
local0.* /var/log/boot.log
[root@haproxy ~]# systemctl restart rsyslog
[root@localhost haproxy-2.3.0]# systemctl restart rsyslog //查看状态
[root@localhost haproxy-2.3.0]# systemctl status rsyslog
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.serv>
Active: active (running) since Fri 2020-11-13 11:06:>
Docs: man:rsyslogd(8)
https://www.rsyslog.com/doc/
Main PID: 17129 (rsyslogd)
Tasks: 3 (limit: 12320)
Memory: 1.3M
CGroup: /system.slice/rsyslog.service
└─17129 /usr/sbin/rsyslogd -n
Nov 12 20:39:15 localhost.localdomain systemd[1]: Start>
Nov 12 20:39:15 localhost.localdomain rsyslogd[16917]: >
Nov 12 20:39:15 localhost.localdomain systemd[1]: Start>
Nov 12 20:39:15 localhost.localdomain rsyslogd[16917]: >
lines 1-15/15 (END)
启动服务
[root@ld ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:8189 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
//验证
[root@localhost ~]# curl http://192.168.11.150
rs2
[root@localhost ~]# curl http://192.168.11.150
rs1
[root@localhost ~]# curl http://192.168.11.150
rs2
[root@localhost ~]# curl http://192.168.11.150
rs1
[root@localhost ~]#
实现https负载均衡
修改配置文件
[root@localhost ~]# cat /etc/haproxy/haproxy.cfg
#--------------全局配置----------------
global
log 127.0.0.1 local0 info
#log loghost local0 info
maxconn 20480
#chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid
#maxconn 4000
user haproxy
group haproxy
daemon
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
mode tcp
log global
option dontlognull
option httpclose
option httplog
#option forwardfor
option redispatch
balance roundrobin
timeout connect 10s
timeout client 10s
timeout server 10s
timeout check 10s
maxconn 60000
retries 3
#--------------统计页面配置------------------
listen admin_stats
bind 0.0.0.0:8189
stats enable
mode http
log global
stats uri /haproxy_stats
stats realm Haproxy\ Statistics
stats auth admin:admin
#stats hide-version
stats admin if TRUE
stats refresh 30s
#---------------web设置-----------------------
listen webcluster
bind 0.0.0.0:443
mode tcp
#option httpchk GET /index.html
log global
maxconn 3000
balance roundrobin
cookie SESSION_COOKIE insert indirect nocache
server web01 192.168.11.146:443 check inter 2000 fall 5
server web02 192.168.11.148:443 check inter 2000 fall 5
#server web02 192.168.11.148:443 cookie web01 check inter 2000 fall 5
[root@localhost ~]# systemctl restart haproxy
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:443 0.0.0.0:*
LISTEN 0 128 0.0.0.0:8189 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
管理页面
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
