HAproxy基础(2)-基本配置
六.基础配置阶段1.安装haproxy
1
2
3
4
5
# yum install -y haproxy
# cd /etc/haproxy/
# cp haproxy.cfg{,.bak}
# ls
haproxy.cfg haproxy.cfg.bak
2.开启haproxy的系统日志
1
2
3
4
# vim/etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
local2.* /var/log/haproxy.log
重新启动rsyslog服务:
1
2
3
# service rsyslog restart
Shutting down system logger:
Starting system logger:
3.编辑配置文件,添加后端web服务器
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# vim/etc/haproxy/haproxy.cfg
global
#to have these messages end up in /var/log/haproxy.log you will
#need to:
#
#1) configure syslog to accept network log events.This is done
# by adding the '-r' option tothe SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
#2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like thefollowing can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
#turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend main *:80
default_backend websrvs
backend websrvs
balance roundrobin
servernode7 172.16.31.30:80check
servernode8 172.16.31.31:80check
4.启动服务:
1
2
# service haproxy start
Starting haproxy: [ OK]
5.访问测试:
是基于轮询调度算法的。
七.常用配置解析:
1.cookie会话保持
1
2
3
4
5
backend websrvs
balance roundrobin
cookieSRV insert indirectnocache
servernode7 172.16.31.30:80cookie node7 check rise 1 fall 2
servernode8 172.16.31.31:80cookie node8 check
重启haproxy服务:
1
2
3
# service haproxy restart
Stopping haproxy:
Starting haproxy:
访问测试:
记录了cookie,实现了会话保持:
2.启用反向服务器状态信息页面
1
2
3
4
5
backend websrvs
balance roundrobin
servernode7 172.16.31.30:80cookie node7 check rise 1 fall 2
servernode8 172.16.31.31:80cookie node8 check
stats enable
重启haproxy服务,访问测试:
状态页安全性配置:
1
2
3
4
5
6
7
8
9
10
backend websrvs
balance roundrobin
servernode7 172.16.31.30:80cookie node7 check rise 1 fall 2
servernode8 172.16.31.31:80cookie node8 check
stats enable
stats uri /haproxyadm?stats
stats hide-version
stats realm HAProxy Status
stats auth admin:admin
stats admin if TRUE
重启haproxy服务,访问测试:
3.让后端web服务器记录真实的访问客户端IP地址
更改后端web服务器的日志格式:
1
2
3
4
# vim/etc/httpd/conf/httpd.conf
#LogFormat "%h %l %u %t\"%r\" %>s %b \"%{Referer}i\"\"%{User-Agent}i\"" combined
#将如上日志格式更改为下面的格式即可
LogFormat "%{X-Forwarded-For}i %l %u%t \"%r\" %>s %b \"%{Referer}i\"\"%{User-Agent}i\"" combined
重新启动web服务器后进行测试访问后查看日志:
1
2
3
4
5
6
# tail/var/log/httpd/access_log
#以前访问的记录地址都是haproxy服务器的地址
172.16.31.32 - - "GET / HTTP/1.1" 200 16 "-" "Mozilla/5.0(Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/37.0.2062.124 Safari/537.36"
#更改记录日志格式后记录的是真实的客户端IP地址
172.16.31.254 - - "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0(Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/37.0.2062.124 Safari/537.36"
172.16.31.254 - - "GET / HTTP/1.1" 200 16 "-" "Mozilla/5.0(Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/37.0.2062.124 Safari/537.36"
4.通过ACL实现网站访问的动静分离
我通过ACL将动态资源的访问到节点7,而静态资源的访问定位到节点8
先在节点7和节点8安装php,实现php动态资源和httpd服务器的结合:
1
# yum install -y php
创建phpinfo测试页:
1
2
3
4
#cat /var/www/html/index.php
phpinfo();
?>
节点7和节点8都存在动态的php测试页:
我们配置haproxy实现动静分离:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# cat /etc/haproxy/haproxy.cfg
global
# to have these messages end up in/var/log/haproxy.log you will
#need to:
#
#1) configure syslog to accept network log events.This is done
# by adding the '-r' option tothe SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
#2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like thefollowing can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
#turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen stats
bind :1080
mode http
stats enable
stats uri /haproxy?stats
stats realm HAProxy Status
stats auth admin:admin
stats admin if TRUE
frontend http-in
bind *:80
mode http
log global
option httpclose
option logasap
option dontlognull
capture request header Host len 20
capture request header Referer len 60
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i.html.jpg .jpeg .gif .png .css .js
acl url_dynamic path_end -i .php .jsp
use_backend static_servers ifurl_static
use_backend dynamic_servers if url_dynamic
default_backend dynamic_servers
backend static_servers
balance roundrobin
servernode7 172.16.31.30:80check maxconn 1000
backend dynamic_servers
balance roundrobin
cookie srv insert nocache
server node8 172.16.31.31:80 check maxconn 1000 cookie node8
重新启动haproxy服务进行访问测试:
我们访问静态的html页面,代理服务器就定位到节点7上进行访问;
我们访问动态页面,代理服务器就将请求定位到了节点8上,并记录了session会话状态;
至此,一些基础的haproxy实用配置就介绍到这里。
页:
[1]