haproxy安装部署
一、环境系统:CentOS 6.4x64最小化安装
haproxy:192.168.3.15
httpd-16:192.168.3.16
httpd-17:192.168.3.17
二、配置测试用的httpd服务
在httpd-16和httpd-17配置httpd服务
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#在httpd-16上操作
# yum install httpd -y
# service httpd restart
#开放80端口
# iptables -I INPUT -p tcp --dport 80 -j ACCEPT
# service iptables save
# echo "httpd-16" >>/var/www/html/index.html
#确认httpd服务正常
# curl http://127.0.0.1
httpd-16
#在httpd-17上进行同样的操作
# iptables -I INPUT -p tcp --dport 80 -j ACCEPT
# service iptables save
# yum install httpd -y
# echo "httpd-17" >>/var/www/html/index.html
# service httpd start
# curl http://127.0.0.1
httpd-17
三、安装haproxy服务
安装yum源
1
2
3
4
5
6
7
8
# rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# sed -i 's@#b@b@g' /etc/yum.repos.d/epel.repo
# sed-i 's@mirrorlist@#mirrorlist@g' /etc/yum.repos.d/epel.repo
#安装haproxy
# yum list |grep haproxy
haproxy.x86_64 1.5.2-2.el6 base
# yum install haproxy -y
haproxy命令解释
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# haproxy -h
HA-Proxy version 1.5.2 2014/07/12
Copyright 2000-2014 Willy Tarreau <w@1wt.eu>
Usage : haproxy [-f <cfgfile>]* [ -vdVD ] [ -n <maxconn> ] [ -N <maxpconn> ]
[ -p <pidfile> ] [ -m <max megs> ] [ -C <dir> ]
-v displays version ; -vv shows known build options.
-d enters debug mode ; -db only disables background mode.
-dM[<byte>] poisons memory with <byte> (defaults to 0x50)
-V enters verbose mode (disables quiet mode)
-D goes daemon ; -C changes to <dir> before loading files.
-q quiet mode : don't display messages
-c check mode : only check config files and exit
-n sets the maximum total # of connections (2000)
-m limits the usable amount of memory (in MB)
-N sets the default, per-proxy maximum # of connections (2000)
-L set local peer name (default to hostname)
-p writes pids of all children to this file
-de disables epoll() usage even when available
-dp disables poll() usage even when available
-dS disables splice usage (broken on old kernels)
-dV disables SSL verify on servers side
-sf/-st * finishes/terminates old pids. Must be last arguments.
haproxy [-f < 配置文件>] [ -vdVD ] [-n 最大并发连接总数] [-N 每个侦听的最大并发数]
[ -p <当前的PID文件> ] [-m <内存限制M>]
-v 显示当前版本信息;-vv 显示已知的创建选项
-d 前台,debug模式;-db 禁用后台模式,程序跑在前台
-V 详细模式
-D daemon模式启动
-q 安静模式,不输出信息
-c 对配置文件进行语法检查
-n 最大并发连接总数
-m 限制的可用内存大小
-N 设置默认的连接数
-p 设置当前的PID文件
-de 不使用epoll
-ds 不使用speculative epoll
-dp 不使用poll
-sf 程序启动后向pidlist里的进程发送FINISH信号,这个参数放在命令行的最后
-st 程序启动后向pidlist里的进程发送TERMINATE信号,这个参数放在命令行的最后
查看haproxy配置文件内容
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# cat/etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application.See the
# full configuration options online.
#
#官方配置文档说明
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings 全局配置
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to: #配置日志
#
# 1) configure syslog to accept network log events.This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog #修改syslog配置文件
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog #定义日志设备
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
#全局的日志配置 其中日志级别是
#local0 是日志设备,必须为如下24种标准syslog设备的一种:
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid #将所有进程的pid写入文件启动进程的用户必须有权限访问此文件。
maxconn 4000 #最大连接数,默认4000
user haproxy #用户
group haproxy #组
daemon ##创建1个进程进入deamon模式运行。此参数要求将运行模式设置为"daemon"
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#默认的全局设置,这些参数可以被利用配置到frontend,backend,listen组件
#---------------------------------------------------------------------
defaults
mode http #默认的模式mode { tcp|http|health },tcp是4层,http是7层,health只会返回OK
log global #采用全局定义的日志
option httplog #日志类别http日志格式
option dontlognull #不记录健康检查的日志信息
option http-server-close #每次请求完毕后主动关闭http通道
option forwardfor except 127.0.0.0/8 #不记录本机转发的日志
option redispatch #serverId对应的服务器挂掉后,强制定向到其他健康的服务器
retries 3 #3次连接失败就认为服务不可用,也可以通过后面设置
timeout http-request 10s #请求超时
timeout queue 1m #队列超时
timeout connect 10s #连接超时
timeout client 1m #客户端连接超时
timeout server 1m #服务器连接超时
timeout http-keep-alive 10s #长连接超时
timeout check 10s #检查超时
maxconn 3000 #最大连接数
#---------------------------------------------------------------------
# main frontend which proxys to the backends #这里是frontend 与backends的代理配置
#---------------------------------------------------------------------
#acl策略配置
frontendmain *:5000
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static #满足策略要求,则响应策略定义的backend页面
default_backend app #不满足则响应backend的默认页面
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#定义使用静态后端图像,样式表等
backend static
balance roundrobin #负载均衡模式轮询
server static 127.0.0.1:4331 check #服务器定义
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin #负载均衡模式轮询
serverapp1 127.0.0.1:5001 check #服务器定义,check进行健康检查
serverapp2 127.0.0.1:5002 check
serverapp3 127.0.0.1:5003 check
serverapp4 127.0.0.1:5004 check
四、haproxy负载均衡案例演示
配置haproxy的日志编辑文件/etc/sysconfig/rsyslog
1
2
3
4
5
6
# cat /etc/sysconfig/rsyslog
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
SYSLOGD_OPTIONS="-c 2"
增加日志设备
1
2
3
4
5
6
# grep haproxy.log /etc/rsyslog.conf
#增加下面一行
local2.* /var/log/haproxy.log
#重启日志服务
# service rsyslog restart
修改haproxy配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# cat /etc/haproxy/haproxy.cfg
#修改后的内容如下
#---------------------------------------------------------------------
# Example configuration for a possible web application.See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events.This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend http
bind *:80
mode http
log global
option logasap
option dontlognull
capture request header Host len 20
capture request header Referer len 20
default_backend web
frontend healthcheck
bind :1099
mode http
option httpclose
option forwardfor
default_backend web
backend web
balance roundrobin
server web16 192.168.3.16:80 check maxconn 2000
server web17 192.168.3.17:80 check maxconn 2000
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
检查配置文件是否有误
1
2
# haproxy -c -f /etc/haproxy/haproxy.cfg
Configuration file is valid
启动haproxy
1
2
3
4
5
# service haproxy start
Starting haproxy:
# netstat -anpt |grep haproxy
tcp 0 0 0.0.0.0:1099 0.0.0.0:* LISTEN 22307/haproxy
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 22307/haproxy
开放80端口
1
2
3
# iptables -I INPUT -p tcp --dport 80 -j ACCEPT
# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:
测试结果
从上面的结果能看出,我们能正常访问到后端的2台web server
我们将httpd-16的web服务停止掉,再次测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# service httpd stop
Stopping httpd:
#测试如下,结果显示我们只能访问到httpd-17的web资源
# curl http://192.168.3.15
httpd-17
# curl http://192.168.3.15
httpd-17
# curl http://192.168.3.15
httpd-17
# curl http://192.168.3.15
httpd-17
# curl http://192.168.3.15
httpd-17
# curl http://192.168.3.15
httpd-17
# curl http://192.168.3.15
httpd-17
# curl http://192.168.3.15
httpd-17
#这里我们再讲httpd-16的web服务启动
# service httpd start
#再次访问结果,能够看到httpd-16能正常提供服务
# curl http://192.168.3.15
httpd-17
# curl http://192.168.3.15
httpd-16
# curl http://192.168.3.15
httpd-17
# curl http://192.168.3.15
httpd-16
# curl http://192.168.3.15
httpd-17
# curl http://192.168.3.15
httpd-16
# curl http://192.168.3.15
httpd-17
# curl http://192.168.3.15
httpd-16
以上结果说明haproxy能自动对后端服务进行健康状况检查
配置文件说明
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Global settings 全局配置
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events.This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
#上面的注释是告诉我们怎么配置日志的
log 127.0.0.1local2 #定义日志
chroot /var/lib/haproxy #安全模式
pidfile /var/run/haproxy.pid #pid文件
maxconn 4000 #最大连接数
user haproxy #用户
group haproxy #组合
daemon
#---------------------------------------------------------------------
# Proxy settings 代理配置,下面全是代理配置
#---------------------------------------------------------------------
defaults #配置默认参数的,这些参数可以被利用配置到frontend,backend,listen组件
mode http #默认的模式mode { tcp|http|health },tcp是4层,http是7层,health只会返回OK(注,health已经废弃)
log global #采用全局定义的日志
option httplog #日志类别http日志格式
option dontlognull #不记录健康检查的日志信息
option http-server-close #每次请求完毕后主动关闭http通道
option forwardfor except 127.0.0.0/8 #不记录本机转发的日志
option redispatch #serverId对应的服务器挂掉后,强制定向到其他健康的服务器
retries 3 #3次连接失败就认为服务不可用,也可以通过后面设置
timeout http-request 10s#请求超时
timeout queue 1m #队列超时
timeout connect 10s #连接超时
timeout client 1m #客户端连接超时
timeout server 1m #服务器连接超时
timeout http-keep-alive 10s #长连接超时
timeout check 10s#检查超时
maxconn 30000 #最大连接数
listen stats #listen是Frontend和Backend的组合体。这里定义的是haproxy监控!
mode http #模式http
bind 0.0.0.0:1080 #绑定的监控ip与端口
stats enable #启用监控
stats hide-version #隐藏haproxy版本
stats uri /haproxyadmin?stats #定义的uri
stats realm Haproxy\ Statistics #定义显示文字
stats auth admin:admin #认证
stats admin if TRUE
frontend http-in #接收请求的前端虚拟节点,Frontend可以根据规则直接指定具体使用后端的 backend(可动态选择)。这里定义的是http服务!
bind *:80 #绑定的监控ip与端口
mode http #模式http
log global #定义日志
option httpclose #每次请求完毕后主动关闭http通道
option logasap
option dontlognull #不记录健康检查的日志信息
capture requestheader Host len 20
capture requestheader Referer len 60
default_backend web #定义的默认backend
frontend healthcheck
bind :1099
mode http
option httpclose
option forwardfor
default_backend web #定义的默认backend
backend servers #后端服务集群的配置,是真实的服务器,一个Backend对应一个或者多个实体服务器。
balance roundrobin #负载均衡方式为轮询
server web16 192.168.3.16:80 check maxconn 2000 #定义server,check 健康检查,maxconn 定义最大连接数
server web17 192.168.3.17:80 check maxconn 2000
页:
[1]