HAProxy配置参数---代理配置段: 4.server:用于在backend中定义一个主机; ★格式:server <name> <address>[:[port]] [param*] ⊙<name> ⊙<address> ⊙<param*>:参数 weight <weight>: 当前server的权重; check: 对当前server进行健康状态检测; 。inter <delay>: 时间间隔; 。rise <count>: 判定为“健康”状态需要检测的次数,默认2; 。fall <count>: 判定为“不健康”状态需要检测的次数,默认3; 。addr <ipv4|ipv6>:健康状态检测时使用的地址; 。port <port>: 健康状态检测时使用的端口; 注意: 默认为传输层检测,即探测端口是否能响应;需要执行应用层检测,则需要httpchk, smtpchk, mysql-check, pgsql-check, ssl-hello-chk; cookie <value>:
为当前server指定其cookie值,此值会在收到请求报文时进行检测,其功能在于 实现基于cookie会话保持; 演示:
1.为后端主机指明权重,最大并发连接数,cookie等参数,编辑配置文件/etc/haproxy/haprosy.crg,如下:
使用curl请求haproxy可以发现以加权轮询的方式调度后端主机,如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| # 没有定义后端主机权重之前以轮询的方式响应
[iyunv@centos7 ~]# for i in {0..9};do curl http://10.1.252.153/index.html;done
<h1>Backend Server 1</h1>
<h1>Backend Server 2</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 2</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 2</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 2</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 2</h1>
# 定义主机权重之后,可以看到权重大的响应次数多
[iyunv@centos7 ~]# for i in {0..9};do curl http://10.1.252.153/index.html;done
<h1>Backend Server 1</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 2</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 2</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 1</h1>
<h1>Backend Server 2</h1>
<h1>Backend Server 1</h1>
|
5.option httpchk
★option httpchk option httpchk <uri> option httpchk <method> <uri> option httpchk <method> <uri> <version> 作用:基于http协议作7层健康状态检测机制; Examples : # Relay HTTPS traffic to Apache instance and check service availability# using HTTP request "OPTIONS * HTTP/1.1" on port 80.backend https_relay mode tcp option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www server apache1 192.168.1.1:443 check port 80★http-check expect [!] <match> <pattern>:
作用:定义做健康状态检测后返回的响应码 Examples : # only accept status 200 as valid http-check expect status 200
6.cookie:
★cookie: 作用: 格式:
Examples : cookie JSESSIONID prefixcookie SRV insert indirect nocache //常用方法cookie SRV insert postonly indirect 演示:
1.基于浏览器的用户会话绑访问,对于haproxy服务器来说,第一次调度到某一主机,之后也要调度到这一主机,编辑配置文件,如下:
2.在浏览器中访问可以发现在响应报文中的Set-Cookie: WEBSRV=web1; path=/,插入cookie,之后再次使用此浏览器请求,就会始终发往同一个后端主机,如下:
-----------------------------------------------------------------------------------------
6.default_backend <backend>:
★default_backend <backend>: 作用:为前端设定默认的后端主机 范围:frontend和default
Example : use_backend dynamic if url_dyn //如果请求动态内容,就使用dynamic主机use_backend static if url_css url_img extension_img //如果请求静态内容,就使用static主机default_backend dynamic //剩余的使用默认的dynamic主机
7.log:日志相关的参数
★log: 作用:为frontend或backend定义日志记录机制; 格式: Example : log globallog 127.0.0.1:514 local0 notice # only send important eventslog 127.0.0.1:514 local0 notice notice # same but limit output levellog ${LOCAL_SYSLOG}:514 local0 notice # send to local server★capture request header <name> len <length> Example: capture request header Host len 15capture request header X-Forwarded-For len 15capture request header Referer len 15 # 从哪里跳转而来★capture response header <name> len <length> Example: capture response header Content-length len 9capture response header Location len 15
7.错误页面自定义:
★errorfile <code> <file> 作用:返回由haproxy自定义的错误页面 参数: <code> :is the HTTP status code. Currently, HAProxy is capable of generating codes 200, 400, 403, 408, 500, 502, 503, and 504. <file> :designates a file containing the full HTTP response.
Example : errorfile 400 /etc/haproxy/errorfiles/400badreq.httperrorfile 408 /dev/null # workaround Chrome pre-connect bugerrorfile 403 /etc/haproxy/errorfiles/403forbid.httperrorfile 503 /etc/haproxy/errorfiles/503sorry.http★errorloc <code> <url> errorloc302 <code> <url> 作用:由haproxy服务返回一个HTTP重定向的URL; 演示1:
1.自定义haproxy的错误返回页面,编辑配置文件在frontend中定义,如下:
2.创建指定的目录和文件内容,然后重载haproxy服务如下:
[iyunv@centos7 haproxy]# mkdir /etc/haproxy/errorfiles
[iyunv@centos7 haproxy]# echo "<h1>Something Wrong</h1>" > /etc/haproxy/errorfiles/503sorry.http
[iyunv@centos7 haproxy]# cat /etc/haproxy/errorfiles/503sorry.http
<h1>Something Wrong</h1>
[iyunv@centos7 haproxy]# systemctl reload haproxy.service
3.停掉后端两台web服务器,在浏览器中访问,发现错误页面为我们自定义的内容,如下:
-----------------------------------------------------------------------------------------
演示2:
1.定义由haproxy服务器返回一个HTTP重定向的URL,编辑配置文件如下:
2.在本机httpd服务的根目录中/var/www/html中创建指定的url,并启动本机httpd服务【注意,为了不和haproxy监听的端口起冲突,这里我修改httpd监听的端口为8088】如下:
[iyunv@centos7 ~]# echo "<h1>A URL from other server</h1>" > /var/www/html/errorpagetest.html
[iyunv@centos7 ~]# cat /var/www/html/errorpagetest.html
<h1>A URL from other server</h1>
[iyunv@centos7 ~]# systemctl start httpd
[iyunv@centos7 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 25 *:514 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 25 :::514 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 ::1:631 :::*
LISTEN 0 128 :::8088 :::*
LISTEN 0 100 ::1:25 :::*
3.重载haprosy服务,停掉后端两台web服务器,在浏览器中访问,发现错误页面为我们自定义重定向的URL的内容,如下:
:
8.修改请求或响应报文首部相关:
★option forwardfor [ except <network> ] [ header <name> ] [ if-none ] 作用: 范围:都可以使用 参数: Examples : # Public HTTP address also used by stunnel on the same machinefrontend www mode http option forwardfor except 127.0.0.1 # stunnel already adds the header# Those servers want the IP Address in X-Clientbackend www mode http option forwardfor header X-Client★添加或删除请求,响应报文的首部 ★reqadd <string> [{if | unless} <cond>] ★rspadd <string> [{if | unless} <cond>] ★reqdel <search> [{if | unless} <cond>] reqidel <search> [{if | unless} <cond>] (ignore case)忽略大小写 ★rspdel <search> [{if | unless} <cond>] rspidel <search> [{if | unless} <cond>] (ignore case) 注意: 添加或者删除请求响应报文首部的参数的使用范围是frontend、listen和backend 演示1:AProxy把请求报文发往后端主机之前在请求报文添加“X-Forwared-For”首部;
1.首先编辑haproxy的配置文件,定义除了本机外把请求报文添加X-Forwared-For,发往后端主机,如下:
2.编辑后端主机RS1的httpd服务的配置文件/etc/httpd/conf/httpd.conf,修改日志的格式,如下:
3.在启动RS1后端主机,在浏览器中访问,在RS1中查看日志,可以看到记录的日志为用户远端地址,而非haproxy的代理地址;
1
2
3
4
5
6
| [iyunv@centos7 ~]# tail -5 /var/log/httpd/access_log
192.168.1.105 - - [21/Nov/2016:23:48:54 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36"
192.168.1.105 - - [21/Nov/2016:23:49:39 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36"
192.168.1.105 - - [21/Nov/2016:23:50:29 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36"
192.168.1.105 - - [21/Nov/2016:23:50:30 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36"
192.168.1.105 - - [21/Nov/2016:23:50:30 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36"
|
------------------------------------------------------------------------------------------
演示2:
1.添加响应客户端报文的首部为经由haproxy转发的首部信息,如下:
重载haproxy服务,请求查看首部信息如下:
1
2
3
4
5
6
7
8
9
10
| [iyunv@centos7 ~]# curl -I http://192.168.1.111
HTTP/1.1 200 OK
Date: Mon, 21 Nov 2016 16:31:02 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Fri, 18 Nov 2016 16:09:35 GMT
ETag: "1a-54195883a68b2"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/html; charset=UTF-8
X-Via: HAProxy/1.5
|
2.删除响应首部信息Server,编辑配置文件如下:
重载haproxy服务,请求查看首部信息,发现已经删除了Server的首部,如下:
1
2
3
4
5
6
7
8
9
| [iyunv@centos7 ~]# curl -I http://192.168.1.111
HTTP/1.1 200 OK
Date: Mon, 21 Nov 2016 16:33:59 GMT
Last-Modified: Fri, 18 Nov 2016 16:09:35 GMT
ETag: "1a-54195883a68b2"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/html; charset=UTF-8
X-Via: HAProxy/1.5
|
|