HAProxy 使用进阶
HAProxy配置参数---代理配置段: 4.server:用于在backend中定义一个主机;★格式:server <name> <address>[:] ⊙<name>[*]is the internal name assigned to this server. This name will appear in logs and alerts.
⊙<address>
[*]is the IPv4 or IPv6 address of the server
⊙<param*>:参数
[*]weight <weight>: 当前server的权重;
[*]check: 对当前server进行健康状态检测; 。inter <delay>: 时间间隔; 。rise <count>: 判定为“健康”状态需要检测的次数,默认2; 。fall <count>: 判定为“不健康”状态需要检测的次数,默认3; 。addr <ipv4|ipv6>:健康状态检测时使用的地址; 。port <port>: 健康状态检测时使用的端口;注意: 默认为传输层检测,即探测端口是否能响应;需要执行应用层检测,则需要httpchk, smtpchk, mysql-check, pgsql-check, ssl-hello-chk;
[*]cookie <value>:
为当前server指定其cookie值,此值会在收到请求报文时进行检测,其功能在于 实现基于cookie会话保持;
[*]disabled: 将主机标记为不可用;
[*]maxconn <maxconn>: 当前server的最大并发连接数;
[*]maxqueue <maxqueue>: 当前server的等待队列的最大长度;超出此长度的所有配置给服务器的连接将会被丢弃;
[*]redir <prefix>: 将发往当前server的所有请求GET和HEAD类的请求均重定向至指定的URL;
演示:
1.为后端主机指明权重,最大并发连接数,cookie等参数,编辑配置文件/etc/haproxy/haprosy.crg,如下:
使用curl请求haproxy可以发现以加权轮询的方式调度后端主机,如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# 没有定义后端主机权重之前以轮询的方式响应
# for i in {0..9};do curl http://10.1.252.153/index.html;done
<h1>Backend Server 1</h1>
<h1>Backend Server 2</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 2</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 2</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 2</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 2</h1>
# 定义主机权重之后,可以看到权重大的响应次数多
# for i in {0..9};do curl http://10.1.252.153/index.html;done
<h1>Backend Server 1</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 2</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 2</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 2</h1>
<h1>Backend Server 1</h1>
5.option httpchk
★option httpchk option httpchk <uri> option httpchk <method> <uri> option httpchk <method> <uri> <version>作用:基于http协议作7层健康状态检测机制;
[*]<method> <uri> <version>:请求报文的起始行;
Examples :# Relay HTTPS traffic to Apache instance and check service availability# using HTTP request "OPTIONS * HTTP/1.1" on port 80.backend https_relay mode tcp option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www server apache1 192.168.1.1:443 check port 80★http-check expect [!] <match> <pattern>:
作用:定义做健康状态检测后返回的响应码
[*]<match>:status(响应吗)或string;
[*]<pattern>:匹配期望的响应结果的模式;
Examples :# only accept status 200 as validhttp-check expect status 200 6.cookie:
★cookie:作用:
[*]启用基于cookie的会话黏性,要结合server指定的cookie参数一起实现;
格式:
Examples :cookie JSESSIONID prefixcookie SRV insert indirect nocache//常用方法cookie SRV insert postonly indirect演示:
1.基于浏览器的用户会话绑访问,对于haproxy服务器来说,第一次调度到某一主机,之后也要调度到这一主机,编辑配置文件,如下:
2.在浏览器中访问可以发现在响应报文中的Set-Cookie: WEBSRV=web1; path=/,插入cookie,之后再次使用此浏览器请求,就会始终发往同一个后端主机,如下:
-----------------------------------------------------------------------------------------
6.default_backend <backend>:
★default_backend <backend>:
[*]作用:为前端设定默认的后端主机
[*]范围:frontend和default
Example :use_backend dynamicifurl_dyn //如果请求动态内容,就使用dynamic主机use_backend static ifurl_css url_img extension_img//如果请求静态内容,就使用static主机default_backend dynamic//剩余的使用默认的dynamic主机 7.log:日志相关的参数
★log:作用:为frontend或backend定义日志记录机制;格式:
[*]log global
[*]log <address> <facility> [<level> [<minlevel>]]
[*]no log
Example :log globallog 127.0.0.1:514 local0 notice # only send important eventslog 127.0.0.1:514 local0 notice notice# same but limit output levellog ${LOCAL_SYSLOG}:514 local0 notice # send to local server★capture request header <name> len <length>
[*]作用:记录请求报文中的指定的首部的值于日志中;len用于指定要记录的信息的长度;
[*]范围:frontend和listen
Example:capture request header Host len 15capture request header X-Forwarded-For len 15capture request header Referer len 15# 从哪里跳转而来★capture response header <name> len <length>
[*]作用:记录响应报文中的指定的首部的值于日志中;len用于指定要记录的信息的长度;
[*]范围:frontend和listen
Example:capture response header Content-length len 9capture response header Location len 15 7.错误页面自定义:
★errorfile <code> <file>作用:返回由haproxy自定义的错误页面参数:
[*]<code> :is the HTTP status code. Currently, HAProxy is capable of generating codes 200, 400, 403, 408, 500, 502, 503, and 504.
[*]<file> :designates a file containing the full HTTP response.
Example :errorfile 400 /etc/haproxy/errorfiles/400badreq.httperrorfile 408 /dev/null# workaround Chrome pre-connect bugerrorfile 403 /etc/haproxy/errorfiles/403forbid.httperrorfile 503 /etc/haproxy/errorfiles/503sorry.http★errorloc <code> <url> errorloc302 <code> <url>作用:由haproxy服务返回一个HTTP重定向的URL;演示1:
1.自定义haproxy的错误返回页面,编辑配置文件在frontend中定义,如下:
2.创建指定的目录和文件内容,然后重载haproxy服务如下:
# mkdir/etc/haproxy/errorfiles
# echo "<h1>Something Wrong</h1>" > /etc/haproxy/errorfiles/503sorry.http
# cat /etc/haproxy/errorfiles/503sorry.http
<h1>Something Wrong</h1>
# systemctl reload haproxy.service
3.停掉后端两台web服务器,在浏览器中访问,发现错误页面为我们自定义的内容,如下:
-----------------------------------------------------------------------------------------
演示2:
1.定义由haproxy服务器返回一个HTTP重定向的URL,编辑配置文件如下:
2.在本机httpd服务的根目录中/var/www/html中创建指定的url,并启动本机httpd服务【注意,为了不和haproxy监听的端口起冲突,这里我修改httpd监听的端口为8088】如下:
# echo "<h1>A URL from other server</h1>" >/var/www/html/errorpagetest.html
# cat /var/www/html/errorpagetest.html
<h1>A URL from other server</h1>
# systemctl start httpd
# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 25 *:514 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 25 :::514 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 ::1:631 :::*
LISTEN 0 128 :::8088 :::*
LISTEN 0 100 ::1:25 :::*
3.重载haprosy服务,停掉后端两台web服务器,在浏览器中访问,发现错误页面为我们自定义重定向的URL的内容,如下:
:
8.修改请求或响应报文首部相关:
★option forwardfor [ except <network> ] [ header <name> ] [ if-none ]作用:
[*]AProxy把请求报文发往后端主机之前在请求报文添加“X-Forwared-For”首部;其值为客户端地址,
范围:都可以使用参数:
[*][ except <network> ]:除了xxx不添加外,如从本地访问
[*][ header <name> ]:可以自定义首部名称;
[*][ if-none ]:没有首部时才添加
Examples :# Public HTTP address also used by stunnel on the same machinefrontend www mode http option forwardfor except 127.0.0.1# stunnel already adds the header# Those servers want the IP Address in X-Clientbackend www mode http option forwardfor header X-Client★添加或删除请求,响应报文的首部★reqadd <string> [{if | unless} <cond>]
[*]在请求报文添加一个首部信息
★rspadd <string> [{if | unless} <cond>]
[*]在响应报文添加一个首部信息
★reqdel<search> [{if | unless} <cond>] reqidel <search> [{if | unless} <cond>](ignore case)忽略大小写
[*]删除请求报文首部
★rspdel<search> [{if | unless} <cond>] rspidel <search> [{if | unless} <cond>](ignore case)
[*]删除响应报文首部
注意:添加或者删除请求响应报文首部的参数的使用范围是frontend、listen和backend演示1:AProxy把请求报文发往后端主机之前在请求报文添加“X-Forwared-For”首部;
1.首先编辑haproxy的配置文件,定义除了本机外把请求报文添加X-Forwared-For,发往后端主机,如下:
2.编辑后端主机RS1的httpd服务的配置文件/etc/httpd/conf/httpd.conf,修改日志的格式,如下:
3.在启动RS1后端主机,在浏览器中访问,在RS1中查看日志,可以看到记录的日志为用户远端地址,而非haproxy的代理地址;
1
2
3
4
5
6
# tail -5/var/log/httpd/access_log
192.168.1.105 - - "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36"
192.168.1.105 - - "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36"
192.168.1.105 - - "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36"
192.168.1.105 - - "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36"
192.168.1.105 - - "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36"
------------------------------------------------------------------------------------------
演示2:
1.添加响应客户端报文的首部为经由haproxy转发的首部信息,如下:
重载haproxy服务,请求查看首部信息如下:
1
2
3
4
5
6
7
8
9
10
# curl -I http://192.168.1.111
HTTP/1.1 200 OK
Date: Mon, 21 Nov 2016 16:31:02 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Fri, 18 Nov 2016 16:09:35 GMT
ETag: "1a-54195883a68b2"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/html; charset=UTF-8
X-Via: HAProxy/1.5
2.删除响应首部信息Server,编辑配置文件如下:
重载haproxy服务,请求查看首部信息,发现已经删除了Server的首部,如下:
1
2
3
4
5
6
7
8
9
# curl -I http://192.168.1.111
HTTP/1.1 200 OK
Date: Mon, 21 Nov 2016 16:33:59 GMT
Last-Modified: Fri, 18 Nov 2016 16:09:35 GMT
ETag: "1a-54195883a68b2"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/html; charset=UTF-8
X-Via: HAProxy/1.5
页:
[1]