HAProxy详细配置过程

cl_303303303

　　=========================================================================================
　　一、HAProxy安装
　　http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.22.tar.gz
　　# tar xvzf haproxy-1.4.22.tar.gz
　　# cd haproxy-1.4.22
　　# make TARGET=linux26 PREFIX=/usr/local/haproxy
　　# make install PREFIX=/usr/local/haproxy
　　

　　# mkdir /usr/local/haproxy/etc

　　# mkdir -p /data/logs/haproxy
　　

　　=========================================================================================
　　二、HAProxy配置
　　# vim /usr/local/haproxy/etc/haproxy.conf
global
    log 127.0.0.1 local0
    maxconn 32768
    chroot /usr/local/haproxy
    uid haproxy
    gid haproxy
    daemon
    nbproc 8
    pidfile /var/run/haproxy.pid
    spread-checks 4
defaults
    log global
    mode http
    retries 3
    option httplog
    option httpclose
    option dontlognull
    option forwardfor
    option redispatch
    option abortonclose
    log 127.0.0.1 local3
    balance roundrobin
    maxconn 20480
    contimeout 5000
    clitimeout 50000
    srvtimeout 50000
    timeout check 2000
    stats enable
    stats admin if TRUE
    stats refresh 30s
    stats uri /server_health_status
    stats realm Haproxy\ statistics
    stats hide-version
    stats auth admin:admin2590159HAHA
frontend MY_PROXY_SERVER
    bind 0.0.0.0:80
    appsession JSESSIONID len 52 timeout 3h
    cookie SRV insert indirect nocache
    mode http
    log global
    capture request header Host len 40
    capture request header Content-Length len 10
    capture request header Referer len 200
    capture response header Server len 40
    capture response header Content-Length len 10
    capture response header Cache-Control len 8
    acl WEB_SERVER_POLICY1 hdr_dom(host) -i mytest.qq.com
    use_backend BEHIND_APACHE_SERVER1 if WEB_SERVER_POLICY1
    acl SITE_DEAD nbsrv(BEHIND_APACHE_SERVER1) lt 1
    acl SITE_DEAD nbsrv(BEHIND_APACHE_SERVER2) lt 1
    monitor fail if SITE_DEAD
    default_backend BEHIND_APACHE_SERVER1
backend BEHIND_APACHE_SERVER1
    mode http
    balance roundrobin
    cookie SERVERID
    option httpchk HEAD /index.html HTTP/1.0
    server WEBSRV1 192.168.1.101:80 maxconn 1500 cookie SRV1 check inter 2000 rise 2 fall 3 weight 1
    server WEBSRV2 192.168.1.102:80 maxconn 1500 cookie SRV2 check inter 2000 rise 2 fall 3 weight 1
backend BEHIND_APACHE_SERVER2
    mode http
    balance roundrobin
    cookie SERVERID
    option httpchk HEAD /index.html HTTP/1.0
    server WEBSRV1 192.168.1.201:80 maxconn 1500 cookie SRV1 check inter 2000 rise 2 fall 3 weight 1
    server WEBSRV2 192.168.1.202:80 maxconn 1500 cookie SRV2 check inter 2000 rise 2 fall 3 weight 1
    server WEBSRV3 192.168.1.203:80 maxconn 1500 cookie SRV3 check inter 2000 rise 2 fall 3 weight 1　　=========================================================================================
　　三、HAProxy日志记录配置
　　# vim /etc/syslog-ng/syslog-ng.conf
source src_haproxy {
    udp(ip("0.0.0.0") port(514));
};
filter f_local03 {
    facility(local0,local3);
};
filter custom {
    program("haproxy");
};
destination dst_haproxy {
    file("/data/logs/haproxy/haproxy.log");
};
log {
    source(src_haproxy);
    filter(f_local03);
    destination(dst_haproxy);
};
log {
    source(src_haproxy);
    filter(custom);
    destination(dst_haproxy);
};　　# vim /etc/syslog.conf

local3.*        /data/logs/haproxy/haproxy.log
local0.*        /data/logs/haproxy/haproxy.log　　# vim /etc/sysconfig/syslog

SYSLOGD_OPTIONS="-r -m 0"　　最后执行命令：

　　# service syslog restart
　　

　　=========================================================================================
　　四、HAProxy命令启动及启动脚本
　　1、启动命令
　　# /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/etc/haproxy.conf
　　

　　2、启动脚本
　　# vim /etc/init.d/haproxy
#!/bin/sh
#
# haproxy - this script start and stop the haproxy daemon
#
# chkconfig 35 on
# description: HAProxy is a TCP/HTTP reverse proxy.
# processname: haproxy
# config: /usr/local/haproxy/etc/haproxy.conf
# pidfile: /var/run/haproxy.pid
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
BINFILE="/usr/local/haproxy/sbin/haproxy"
CFGFILE="/usr/local/haproxy/etc/haproxy.conf"
PIDFILE="/var/run/haproxy.pid"
LOCKFILE="/var/lock/haproxy.lock"
RETVAL=0
start() {
    [[ -x $BINFILE ]] || exit 5
    [[ -f $CFGFILE ]] || exit 6
    $BINFILE -c -q -f $CFGFILE
    [[ $? -ne 0 ]] && echo "The HAProxy configure has error." && return 1
    echo -n "Starting HAProxy......"
    $BINFILE -f $CFGFILE -p $PIDFILE
    RETVAL=$?
    echo
    [[ $RETVAL -eq 0 ]] && touch $LOCKFILE
    return $RETVAL
}
stop() {
    echo -n "Shutting down HAProxy......"
    while true
    do
        /sbin/killproc -TERM $BINFILE
        [[ -z `ps aux | grep sbin/haproxy | grep -v grep` ]] && break
    done
    RETVAL=$?
    echo
    [[ $RETVAL -eq 0 ]] && rm -f $LOCKFILE $PIDFILE
    return $RETVAL
}
restart() {
    stop
    sleep 1
    start
}
reload() {
    [[ -z `ps aux | grep sbin/haproxy | grep -v grep` ]] && echo "The HAProxy is not running." && return 1
    echo -n $"Reloading HAProxy......"
    if [[ -f $PIDFILE ]]; then
        $BINFILE -f $CFGFILE -st `cat $PIDFILE`
    else
        $BINFILE -f $CFGFILE -st `ps aux | grep sbin/haproxy | grep -v grep | awk '{print $2}'`
    fi
    RETVAL=$?
    echo
    return $RETVAL
}
case "$1" in
start)
    start
    ;;
stop)
    stop
    ;;
restart)
    restart
    ;;
reload)
    reload
    ;;
condrestart)
    [[ -e $LOCKFILE ]] && restart || :
    ;;
check)
    $BINFILE -c -q -V -f $CFGFILE
    ;;
*)
    echo "Usage: service haproxy {start|stop|restart|reload|condrestart|check}"
    RETVAL=1
esac
exit $RETVAL　　# chmod +x /etc/init.d/haproxy
　　# chkconfig --add haproxy
　　# service haproxy start
　　

　　=========================================================================================
　　五、日志切割脚本
　　# vim /usr/local/haproxy/sbin/cut_haproxy_log.sh
#!/bin/bash
# This script run at 00:00
# The haproxy log path
LOGPATH="/data/logs/haproxy"
[[ -z `ps aux | grep sbin/haproxy | grep -v grep` ]] && exit 1
mv ${LOGPATH}/haproxy.log ${LOGPATH}/haproxy_$(date -d "yesterday" +"%Y-%m-%d").log
/sbin/service syslog restart　　# chmod +x /usr/local/haproxy/sbin/cut_haproxy_log.sh
　　

　　# crontab -e
　　00 00 * * * /usr/local/haproxy/sbin/cut_haproxy_log.sh >/dev/null 2>&1
　　

　　=========================================================================================
　　六、日志清理脚本
　　# vim /usr/local/haproxy/sbin/clean_haproxy_log.sh
#!/bin/bash
# This script run at 00:30
# The haproxy log path
LOGPATH="/data/logs/haproxy"
[[ -z `ps aux | grep sbin/haproxy | grep -v grep` ]] && exit 1
rm -f ${LOGPATH}/haproxy_$(date -d "10 days ago" +"%Y-%m-%d").log　　# chmod +x /usr/local/haproxy/sbin/clean_haproxy_log.sh

　　

　　# crontab -e
　　30 00 * * * /usr/local/haproxy/sbin/clean_haproxy_log.sh >/dev/null 2>&1
　　

　　=========================================================================================
　　七、网络优化部分
　　# vim /etc/sysctl.conf
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 80000
net.core.somaxconn = 32768
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 20
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.core.netdev_max_backlog = 32768
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_mem = 41943040 73400320 94371840
net.ipv4.tcp_max_orphans = 3276800
fs.file-max = 1300000　　# /sbin/sysctl -p
　　

　　=========================================================================================
　　八、HAProxy自身健康检查
　　# vim /usr/local/haproxy/sbin/check_haproxy.sh
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
[[ -e "/usr/local/haproxy/sbin" ]] || exit 1
[[ -z `ps aux | grep sbin/haproxy | grep -v grep` ]] && /sbin/service haproxy start && exit 1
ETH1_ADDR=`/sbin/ifconfig eth1 | awk -F ':' '/inet addr/{print $2}' | sed 's/[a-zA-Z ]//g'`
[[ -z `curl -I -s "http://${ETH1_ADDR}" | grep "200 OK"` ]] && /sbin/service haproxy restart　　# chmod +x /usr/local/haproxy/sbin/check_haproxy.sh

　　

　　# crontab -e
　　*/5 * * * * /usr/local/haproxy/sbin/check_haproxy.sh >/dev/null 2>&1
　　

　　=========================================================================================
　　九、测试过程
　　主机地址：192.168.1.100
　　绑定本地HOSTS访问：192.168.1.100 mytest.qq.com
　　

　　后端服务器健康监控页面
　　http://mytest.qq.com/server_health_status