Haproxy配置应用文档

sunkezai

一、配置HAProxy Session亲缘性的三种方式
haproxy负载均衡保持客户端和服务器Session亲缘性的三种方式:
1 用户IP 识别
　　haroxy 将用户IP经过hash计算后 指定到固定的真实服务器上（类似于nginx 的IP hash 指令）
配置指令 balance source
backend SOURCE_srv
mode http
balance source
server REALsrv_70 184.82.239.70:80 cookie 11 check inter 1500 rise 3 fall 3 weight 1
server REALsrv_120 220.162.237.120:80 cookie 12 check inter 1500 rise 3 fall 3 weight 1

2 cookie 识别
haproxy 将WEB服务端发送给客户端的cookie中插入(或添加加前缀)haproxy定义的后端的服务器COOKIE ID。
配置指令例举 cookie SESSION_COOKIE insert indirect nocache
用firebug可以观察到用户的请求头的cookie里 有类似" Cookie jsessionid=0bc588656ca05ecf7588c65f9be214f5;
SESSION_COOKIE=app1"
SESSION_COOKIE=app1就是haproxy添加的内容。

#vi /usr/local/haproxy/haproxy.cfg
backend COOKIE_srv
mode http
cookie SESSION_COOKIE insert indirect nocache
server REALsrv_70 184.82.239.70:80 cookie 11 check inter 1500 rise 3 fall 3 weight 1
server REALsrv_120 220.162.237.120:80 cookie 12 check inter 1500 rise 3 fall 3 weight 1

3 session 识别
haproxy 将后端服务器产生的session和后端服务器标识存在haproxy中的一张表里。客户端请求时先查询这张表。
配置指令例举 appsession JSESSIONID len 64 timeout 5h request-learn
配置举例
backend APPSESSION_srv
mode http
appsession JSESSIONID len 64 timeout 5h request-learn
server REALsrv_70 184.82.239.70:80 cookie 11 check inter 1500 rise 3 fall 3 weight 1
server REALsrv_120 220.162.237.120:80 cookie 12 check inter 1500 rise 3 fall 3 weight 1[2]
　　
#启动haproxy
/usr/local/haproxy/haproxy -f /usr/local/haproxy/haproxy.cfg
#查看是否启动
ps -e|grep haproxy
　　4859 ? 00:00:00 haproxy
　　4860 ? 00:00:00 haproxy
测试
/usr/local/bin/webbench -c 100 -t 30 http://localhost:1080/phpinfo.php


二、安装配置
1、安装
groupadd haproxy
useradd -g haproxy haproxy

tar -xvzf haproxy-1.4.22.tar.gz
cd haproxy-1.4.22
make TARGET=linux26 PREFIX=/usr/local/haproxy
make install PREFIX=/usr/local/haproxy
cd /usr/local/haproxy            
mkdir conf
cd conf

2、配置HAproxy 虚拟主机配置
vi /usr/local/haproxy/conf/haproxy.cfg

global
    log 127.0.0.1 local0
    log 127.0.0.1 local1 notice
    maxconn 65535
    user haproxy
    group haproxy
    daemon
   # nbproc 4
    pidfile /usr/local/haproxy/haproxy.pid

defaults
    log global
    mode http
    option httplog
    option dontlognull
    retries 3
    option redispatch
    maxconn 65535
    contimeout 5000
    clitimeout 50000
    srvtimeout 50000

listen admin_status
   bind 0.0.0.0:65532
   mode http
#log 127.0.0.1 local3 err
   stats refresh 5s
   stats uri /admin?stats
   stats realm itnihao\ itnihao
   stats auth admin:admin
   stats auth admin1:admin1
   stats hide-version
   stats admin if TRUE

frontend http-in
    bind *:80

   acl sso_web hdr_dom(host) -i sso.qlteacher.com
   use_backend sso_qlteacher_com if sso_web

   acl base_web hdr_dom(host) -i base.qlteacher.com
   use_backend base_qlteacher_com if base_web

   acl plat_web hdr_dom(host) -i plat.qlteacher.com
   use_backend plat_qlteacher_com if plat_web

   

backend sso_qlteacher_com
    balance roundrobin
    cookie SERVERID insert nocache indirect
    option httpchk HEAD /check.txt HTTP/1.0
    option httpclose
    option forwardfor
    server sso1 10.0.0.20:7005 cookie sso1
    server sso2 10.0.0.21:7005 cookie sso2


backend base_qlteacher_com
    balance roundrobin
    cookie SERVERID insert nocache indirect
    option httpchk HEAD /check.txt HTTP/1.0
    option httpclose
    option forwardfor
    server base1 10.0.0.30:7007 cookie base1
    server base2 10.0.0.31:7007 cookie base2


backend plat_qlteacher_com
    balance roundrobin
    cookie SERVERID insert nocache indirect
    option httpchk HEAD /check.txt HTTP/1.0
    option httpclose
    option forwardfor
    server plat1 10.0.0.22:7009 cookie plat1
    #server Server2 10.0.0.31:7007 cookie Server2


3、启动haproxy
# /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/haproxy.cfg、重启haproxy
/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg -st `cat /usr/local/haproxy/haproxy.pid`
5、停止haproxy
# killall haproxy
4


三、配置监控页面
访问地址：http://10.0.0.72:65532/admin?stats

listen admin_status
        bind 0.0.0.0:65532
        mode http
        #log 127.0.0.1 local3 err
       stats refresh 5s               
        stats uri /admin?stats         
        stats realm itnihao\ itnihao   
        stats auth admin:admin         
        stats auth admin1:admin1      
        stats hide-version            
        stats admin if TRUE         


四、reqisetbe
#reqisetbe关键字定义，根据定义的关键字选择backend
reqisetbe ^Host:\ img dynamic
reqisetbe ^[^\ ]*\ /(img|css)/ dynamic
reqisetbe ^[^\ ]*\ /admin/stats stats
######reqisetbe自定义关键字匹配backend部分#######################
backend dynamic
mode http
balance source
option httpchk GET /welcome.html HTTP/1.1\r\nHost:www.taobao.net
server denlai1 10.3.5.114:80 check inter 1500 rise 3 fall 3
server denlai2 10.4.6.104:80 check inter 1500 rise 3 fall 3
backend stats
mode http

balance source
option httpchk GET /welcome.html HTTP/1.1\r\nHost:www.taobao.net
server denlai1 10.5.5.114:80 check inter 1500 rise 3 fall 3
server denlai2 10.6.6.104:80 check inter 1500 rise 3 fall 3
五、日志支持
global
log 127.0.0.1 local0 info

listen admin_status
     bind 0.0.0.0:65532
     mode http
     log 127.0.0.1 local3 err
#vim /etc/syslog.conf
添加：
local0.* /usr/local/haproxy/logs/haproxy.log
local3.* /usr/local/haproxy/logs/haproxy_err.log
#vim /etc/sysconfig/syslog
修改：
SYSLOGD_OPTIONS="-r -m 0"

service syslog restart


六、其它汇总
1、/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/etc/haproxy.cfg
[WARNING] 217/202150 (2857) : Proxy ’chinaapp.sinaapp.com’: in multi-process mode, stats will be limited to process assigned to the current request.
会提示如上信息，nbproc进程如果设置为1则不会提示，如果想去掉这个提示可以修改编译文件即可。 在源码配置src/cfgparse.c找到如下行
if (nbproc > 1) {
if (curproxy->uri_auth) {
- Warning(“Proxy ‘%s’: in multi-process mode, stats will be limited to process assigned to the current request.\n”,
+ Warning(“Proxy ‘%s’: in multi-process mode, stats will be limited to the process assigned to the current request.\n”,
调整nbproc > 1数值即可。


2、option httpchk HEAD /check.txt HTTP/1.0
此问题出在这句话上面，它的意思是Haproxy会判断你的后端web的根上存在check.txt没有，以此作为haproxy-status的监控状态依据，将它#掉即可；如果是生产环境，你可将check.txt改为index.jsp或index.php即可；

3、压力测试
session 识别会话保持测试1w登陆成功配置如下：
appsession JSESSIONID len 64 timeout 5h request-learn
  F5开启jn_source会话保持。
负载不平衡。

cookie 识别会话保持测试1w登陆成功配置如下：
   cookie SERVERID insert nocache indirect
F5开启jn_source会话保持。
负载均衡较好些。


七、生产环境配置

global
    log 127.0.0.1 local0
    log 127.0.0.1 local1 notice
    maxconn 65535
    user haproxy
    group haproxy
    daemon
pidfile /usr/local/haproxy/haproxy.pid

defaults
    log global
    mode http
    option httplog
    option dontlognull
    retries 3
    option redispatch
    maxconn 65535
    contimeout 5000
    clitimeout 50000
    srvtimeout 50000

listen admin_status
        bind 0.0.0.0:65532
        mode http
        #log 127.0.0.1 local3 err
        stats refresh 5s               
        stats uri /admin?stats         
        stats realm itnihao\ itnihao   
        stats auth admin:admin         
        stats auth admin1:admin1      
        stats hide-version            
    stats admin if TRUE
      
frontend http-in
    bind *:80
    acl sso_web hdr_dom(host) -i sso.qlteacher.com
    use_backend sso_qlteacher_com if sso_web

    acl base_web hdr_dom(host) -i base.qlteacher.com
    use_backend base_qlteacher_com if base_web

    acl plat_web hdr_dom(host) -i plat.qlteacher.com
    use_backend plat_qlteacher_com if plat_web
   


backend sso_qlteacher_com
    balance roundrobin
   #balance leastconn
    cookie SERVERID insert nocache indirect
   #appsession JSESSIONID len 64 timeout 5h request-learn
    option httpchk HEAD /check.txt HTTP/1.0
    option httpclose
   option forwardfor
    server sso1 10.0.0.20:7005 cookie sso1
    server sso2 10.0.0.21:7005 cookie sso2
    server sso3 10.0.0.22:7005 cookie sso3
    server sso4 10.0.0.23:7005 cookie sso4
    server sso5 10.0.0.24:7005 cookie sso5

backend base_qlteacher_com
    balance roundrobin
   #balance leastconn
    cookie SERVERID insert nocache indirect
   #appsession JSESSIONID len 64 timeout 5h request-learn
    option httpchk HEAD /check.txt HTTP/1.0
    option httpclose
    option forwardfor
    server base1 10.0.0.30:7007 cookie base1
    server base2 10.0.0.31:7007 cookie base2
    server base3 10.0.0.32:7007 cookie base3
    server base4 10.0.0.33:7007 cookie base4
    server base5 10.0.0.34:7007 cookie base5
backend plat_qlteacher_com
    balance roundrobin
   #balance leastconn
    cookie SERVERID insert nocache indirect
   #appsession JSESSIONID len 64 timeout 5h request-learn
    option httpchk HEAD /check.txt HTTP/1.0
    option httpclose
    option forwardfor
    server plat1 10.0.0.22:7009 cookie plat1
    #server Server2 10.0.0.31:7007 cookie Server2