概述:
本章将继续介绍haproxy的一些其他应用,具体内容如下:
- use_backend <backend> 后端主机调用:
- haproxy中tcp模式的应用;
- haproxy中listen的应用
================================================================================
HAProxy配置参数---代理配置段: 12.后端主机调用:
★use_backend <backend> [{if | unless} <condition>] ---Switch to a specific backend if/unless an ACL-based condition is matched.(满足acl条件时就调度到指定的后端主机) 示例:
使用use_backend实现动静分离
HAProxy的tcp模式应用实验:
使用haproxy调度后端主机的SSH服务 实验环境描述: - 三台虚拟主机,一台作为haproxy的调度器,另外两台作为后端的原始web服务器;
- haproxy调度器有两块网卡,一块作为外网网卡,负责接收用户的请求,一块为内网网卡,负责与内网的后端原始web服务器通信;(要打开核心件转发功能)
IP地址规划:
实验过程如下: ------------------------------------------------------------------------------------------------------ 1.编辑haproxy的配置文件,定义前端frontend和后端backend具体如下: frontend ssh
bind *:22022 //为了和本机区分使用22022
mode tcp
default_backend sshsrvs
backend sshsrvs
balance leastconn //使用最少连接算法
server ssh1 192.168.111.128:22 check
server ssh2 192.168.111.129:22 check
2.重载haproxy服务,然后登录SSH服务,可以发现可以正常连接到后端的两台原始服务器,如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
| [iyunv@centos7 haproxy]# ssh -p 22022 10.1.252.153
The authenticity of host '[10.1.252.153]:22022 ([10.1.252.153]:22022)' can't be established.
ECDSA key fingerprint is cb:36:da:6b:15:d6:60:25:a7:28:f1:bf:b3:22:ce:c0.
Are you sure you want to continue connecting (yes/no)? yes
[iyunv@centos7 ~]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.111.129 netmask 255.255.255.0 broadcast 192.168.111.255
inet6 fe80::20c:29ff:feca:6ef1 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ca:6e:f1 txqueuelen 1000 (Ethernet)
RX packets 156021 bytes 13141000 (12.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24359 bytes 1858526 (1.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 32 bytes 2720 (2.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 32 bytes 2720 (2.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[iyunv@centos7 ~]# exit
logout
Connection to 10.1.252.153 closed.
[iyunv@centos7 haproxy]# ssh -p 22022 10.1.252.153
The authenticity of host '[10.1.252.153]:22022 ([10.1.252.153]:22022)' can't be established.
ECDSA key fingerprint is 56:78:d2:e8:41:b0:62:ad:4f:47:90:75:01:a4:fa:8c.
Are you sure you want to continue connecting (yes/no)? yes
[iyunv@centos7 ~]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.111.128 netmask 255.255.255.0 broadcast 192.168.111.255
inet6 fe80::20c:29ff:fed6:e460 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:d6:e4:60 txqueuelen 1000 (Ethernet)
RX packets 157051 bytes 13309701 (12.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 25174 bytes 1963784 (1.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 59 bytes 4880 (4.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59 bytes 4880 (4.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
HAProxy中listen的应用 1.如上例,我们也可以使用listen将两个单独的forontend和backend整合到一起,如下: listen ssh
bind *:22022
mode tcp
balance leastconn
server ssh1 192.168.111.128:22 check
server ssh2 192.168.111.129:22 check
2.我们也可以将stats统计信息状态页使用listen整合到一起,如下:
listen stats
bind *:9527
stats enable
stats uri /admin?stats
stats realm Stats\ Page\ Area
stats auth taotao:xiuxiu
stats refresh 5s
stats hide-version
3.重载haproxy服务,查看监听的端口9527,如下:
[iyunv@centos7 haproxy]# systemctl reload haproxy.service
[iyunv@centos7 haproxy]# ss -tnl
State Recv-Q Send-Q Local Address:Port
LISTEN 0 128 127.0.0.1:6012
LISTEN 0 25 *:514
LISTEN 0 128 *:22022
LISTEN 0 128 *:8080
LISTEN 0 128 *:80
LISTEN 0 128 *:22
LISTEN 0 128 *:9527
4.在浏览器中访问stats统计页状态信息如下:
=========================================================================================
|