haproxy安装部署

4gw · 发表于 2015-6-2 09:15:57

一、环境
系统：CentOS 6.4x64最小化安装

haproxy:192.168.3.15

httpd-16:192.168.3.16

httpd-17:192.168.3.17

二、配置测试用的httpd服务
在httpd-16和httpd-17配置httpd服务

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

#在httpd-16上操作
[iyunv@httpd-16 ~]# yum install httpd -y
[iyunv@httpd-16 ~]# service httpd restart

#开放80端口
[iyunv@httpd-16 ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT
[iyunv@httpd-16 ~]# service iptables save
[iyunv@httpd-16 ~]# echo "httpd-16" >>/var/www/html/index.html
#确认httpd服务正常
[iyunv@httpd-16 ~]# curl http://127.0.0.1
httpd-16

#在httpd-17上进行同样的操作
[iyunv@httpd-17 ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT
[iyunv@httpd-17 ~]# service iptables save
[iyunv@httpd-17 ~]# yum install httpd -y
[iyunv@httpd-17 ~]# echo "httpd-17" >>/var/www/html/index.html
[iyunv@httpd-17 ~]# service httpd start
[iyunv@httpd-17 ~]# curl http://127.0.0.1
httpd-17

三、安装haproxy服务
安装yum源

1
2
3
4
5
6
7
8

[iyunv@haproxy ~]# rpm -ivh http://download.fedoraproject.or ... ease-6-8.noarch.rpm
[iyunv@haproxy ~]# sed -i 's@#b@b@g' /etc/yum.repos.d/epel.repo
[iyunv@haproxy ~]# sed -i 's@mirrorlist@#mirrorlist@g' /etc/yum.repos.d/epel.repo

#安装haproxy
[iyunv@haproxy ~]# yum list |grep haproxy
haproxy.x86_64 1.5.2-2.el6 base
[iyunv@haproxy ~]# yum install haproxy -y

haproxy命令解释

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

[iyunv@haproxy ~]# haproxy -h
HA-Proxy version 1.5.2 2014/07/12
Copyright 2000-2014 Willy Tarreau <w@1wt.eu>

Usage : haproxy [-f <cfgfile>]* [ -vdVD ] [ -n <maxconn> ] [ -N <maxpconn> ]
      [ -p <pidfile> ] [ -m <max megs> ] [ -C <dir> ]
      -v displays version ; -vv shows known build options.
      -d enters debug mode ; -db only disables background mode.
      -dM[<byte>] poisons memory with <byte> (defaults to 0x50)
      -V enters verbose mode (disables quiet mode)
      -D goes daemon ; -C changes to <dir> before loading files.
      -q quiet mode : don't display messages
      -c check mode : only check config files and exit
      -n sets the maximum total # of connections (2000)
      -m limits the usable amount of memory (in MB)
      -N sets the default, per-proxy maximum # of connections (2000)
      -L set local peer name (default to hostname)
      -p writes pids of all children to this file
      -de disables epoll() usage even when available
      -dp disables poll() usage even when available
      -dS disables splice usage (broken on old kernels)
      -dV disables SSL verify on servers side
      -sf/-st [pid ]* finishes/terminates old pids. Must be last arguments.
haproxy [-f < 配置文件>] [ -vdVD ] [-n 最大并发连接总数] [-N 每个侦听的最大并发数]
[ -p <当前的PID文件> ] [-m <内存限制M>]
-v 显示当前版本信息；-vv 显示已知的创建选项
-d 前台，debug模式；-db 禁用后台模式，程序跑在前台
-V 详细模式
-D daemon模式启动
-q 安静模式,不输出信息
-c 对配置文件进行语法检查
-n 最大并发连接总数
-m 限制的可用内存大小
-N 设置默认的连接数
-p 设置当前的PID文件
-de 不使用epoll
-ds 不使用speculative epoll
-dp 不使用poll
-sf 程序启动后向pidlist里的进程发送FINISH信号，这个参数放在命令行的最后
-st 程序启动后向pidlist里的进程发送TERMINATE信号，这个参数放在命令行的最后

查看haproxy配置文件内容

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

[iyunv@haproxy ~]# cat  /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#官方配置文档说明
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings    全局配置
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to: #配置日志
#
# 1) configure syslog to accept network log events.  This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog       #修改syslog配置文件
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog       #定义日志设备
#
# local2.*                      /var/log/haproxy.log
#
log       127.0.0.1 local2
#全局的日志配置其中日志级别是[err warning info debug]
#local0 是日志设备，必须为如下24种标准syslog设备的一种:

chroot    /var/lib/haproxy
pidfile    /var/run/haproxy.pid #将所有进程的pid写入文件启动进程的用户必须有权限访问此文件。
maxconn    4000                   #最大连接数，默认4000
user       haproxy                #用户
group    haproxy                #组
daemon                            ##创建1个进程进入deamon模式运行。此参数要求将运行模式设置为"daemon"

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#默认的全局设置，这些参数可以被利用配置到frontend，backend，listen组件
#---------------------------------------------------------------------
defaults
mode                   http                   #默认的模式mode { tcp|http|health }，tcp是4层，http是7层，health只会返回OK
log                   global                #采用全局定义的日志
option                httplog                #日志类别http日志格式
option                dontlognull          #不记录健康检查的日志信息
option http-server-close                      #每次请求完毕后主动关闭http通道
option forwardfor    except 127.0.0.0/8    #不记录本机转发的日志
option                redispatch             #serverId对应的服务器挂掉后,强制定向到其他健康的服务器
retries                3                      #3次连接失败就认为服务不可用，也可以通过后面设置
timeout http-request 10s                   #请求超时
timeout queue          1m                   #队列超时
timeout connect       10s                   #连接超时
timeout client       1m                   #客户端连接超时
timeout server       1m                   #服务器连接超时
timeout http-keep-alive 10s                   #长连接超时
timeout check          10s                   #检查超时
maxconn                3000                   #最大连接数

#---------------------------------------------------------------------
# main frontend which proxys to the backends       #这里是frontend 与backends的代理配置
#---------------------------------------------------------------------
#acl策略配置
frontend  main *:5000
acl url_static    path_beg    -i /static /images /javascript /stylesheets
acl url_static    path_end    -i .jpg .gif .png .css .js

use_backend static       if url_static #满足策略要求，则响应策略定义的backend页面
default_backend          app             #不满足则响应backend的默认页面

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#定义使用静态后端图像，样式表等
backend static
balance    roundrobin                      #负载均衡模式轮询
server    static 127.0.0.1:4331 check    #服务器定义

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance    roundrobin                      #负载均衡模式轮询
server  app1 127.0.0.1:5001 check          #服务器定义，check进行健康检查
server  app2 127.0.0.1:5002 check
server  app3 127.0.0.1:5003 check
server  app4 127.0.0.1:5004 check

四、haproxy负载均衡案例演示
配置haproxy的日志编辑文件/etc/sysconfig/rsyslog

1
2
3
4
5
6

[iyunv@haproxy ~]# cat /etc/sysconfig/rsyslog
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
SYSLOGD_OPTIONS="-c 2"

增加日志设备

1
2
3
4
5
6

[iyunv@haproxy ~]# grep haproxy.log /etc/rsyslog.conf
#增加下面一行
local2.* /var/log/haproxy.log

#重启日志服务
[iyunv@haproxy ~]# service rsyslog restart

修改haproxy配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

[iyunv@haproxy ~]# cat /etc/haproxy/haproxy.cfg
#修改后的内容如下
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events.  This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.*                      /var/log/haproxy.log
#
log       127.0.0.1 local2

chroot    /var/lib/haproxy
pidfile    /var/run/haproxy.pid
maxconn    4000
user       haproxy
group    haproxy
daemon

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode                   http
log                   global
option                httplog
option                dontlognull
option http-server-close
option forwardfor    except 127.0.0.0/8
option                redispatch
retries                3
timeout http-request 10s
timeout queue          1m
timeout connect       10s
timeout client       1m
timeout server       1m
timeout http-keep-alive 10s
timeout check          10s
maxconn                3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend http
bind *:80
mode http
log global
option logasap
option dontlognull
capture request header Host len 20
capture request header Referer len 20
default_backend web

frontend healthcheck
bind :1099
mode http
option httpclose
option forwardfor
default_backend web

backend web
balance roundrobin
server web16 192.168.3.16:80 check maxconn 2000
server web17 192.168.3.17:80 check maxconn 2000
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------

检查配置文件是否有误

1 2	[iyunv@haproxy ~]# haproxy -c -f /etc/haproxy/haproxy.cfg Configuration file is valid

启动haproxy

1
2
3
4
5

[iyunv@haproxy ~]# service haproxy start
Starting haproxy:                                        [  OK  ]
[iyunv@haproxy ~]# netstat -anpt |grep haproxy
tcp       0    0 0.0.0.0:1099             0.0.0.0:*                LISTEN    22307/haproxy
tcp       0    0 0.0.0.0:80                0.0.0.0:*                LISTEN    22307/haproxy

开放80端口

1
2
3

[iyunv@haproxy ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT
[iyunv@haproxy ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

测试结果

从上面的结果能看出，我们能正常访问到后端的2台web server

我们将httpd-16的web服务停止掉，再次测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

[iyunv@httpd-16 ~]# service httpd stop
Stopping httpd: [ OK ]

#测试如下，结果显示我们只能访问到httpd-17的web资源
[iyunv@haproxy ~]# curl http://192.168.3.15
httpd-17
[iyunv@haproxy ~]# curl http://192.168.3.15
httpd-17
[iyunv@haproxy ~]# curl http://192.168.3.15
httpd-17
[iyunv@haproxy ~]# curl http://192.168.3.15
httpd-17
[iyunv@haproxy ~]# curl http://192.168.3.15
httpd-17
[iyunv@haproxy ~]# curl http://192.168.3.15
httpd-17
[iyunv@haproxy ~]# curl http://192.168.3.15
httpd-17
[iyunv@haproxy ~]# curl http://192.168.3.15
httpd-17

#这里我们再讲httpd-16的web服务启动
[iyunv@httpd-16 ~]# service httpd start

#再次访问结果，能够看到httpd-16能正常提供服务
[iyunv@haproxy ~]# curl http://192.168.3.15
httpd-17
[iyunv@haproxy ~]# curl http://192.168.3.15
httpd-16
[iyunv@haproxy ~]# curl http://192.168.3.15
httpd-17
[iyunv@haproxy ~]# curl http://192.168.3.15
httpd-16
[iyunv@haproxy ~]# curl http://192.168.3.15
httpd-17
[iyunv@haproxy ~]# curl http://192.168.3.15
httpd-16
[iyunv@haproxy ~]# curl http://192.168.3.15
httpd-17
[iyunv@haproxy ~]# curl http://192.168.3.15
httpd-16

以上结果说明haproxy能自动对后端服务进行健康状况检查

配置文件说明

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

[iyunv@haproxy ~]# cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Global settings 全局配置
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events.  This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.*                      /var/log/haproxy.log
#
#上面的注释是告诉我们怎么配置日志的
log       127.0.0.1  local2 #定义日志
chroot    /var/lib/haproxy #安全模式
pidfile    /var/run/haproxy.pid #pid文件
maxconn    4000 #最大连接数
user       haproxy #用户
group    haproxy #组合
daemon
#---------------------------------------------------------------------
# Proxy settings 代理配置，下面全是代理配置
#---------------------------------------------------------------------
defaults #配置默认参数的，这些参数可以被利用配置到frontend，backend，listen组件
mode                   http #默认的模式mode { tcp|http|health }，tcp是4层，http是7层，health只会返回OK（注，health已经废弃）
log                   global #采用全局定义的日志
option                httplog #日志类别http日志格式
option                dontlognull #不记录健康检查的日志信息
option http-server-close #每次请求完毕后主动关闭http通道
option forwardfor    except 127.0.0.0/8 #不记录本机转发的日志
option                redispatch #serverId对应的服务器挂掉后,强制定向到其他健康的服务器
retries                3 #3次连接失败就认为服务不可用，也可以通过后面设置
timeout http-request 10s  #请求超时
timeout queue          1m #队列超时
timeout connect       10s #连接超时
timeout client       1m #客户端连接超时
timeout server       1m #服务器连接超时
timeout http-keep-alive 10s #长连接超时
timeout check          10s  #检查超时
maxconn                30000 #最大连接数
listen stats                #listen是Frontend和Backend的组合体。这里定义的是haproxy监控！
mode http                #模式http
bind 0.0.0.0:1080       #绑定的监控ip与端口
stats enable             #启用监控
stats hide-version       #隐藏haproxy版本
stats uri    /haproxyadmin?stats #定义的uri
stats realm Haproxy\ Statistics #定义显示文字
stats auth admin:admin #认证
stats admin if TRUE
frontend http-in #接收请求的前端虚拟节点，Frontend可以根据规则直接指定具体使用后端的 backend(可动态选择)。这里定义的是http服务！
bind *:80                #绑定的监控ip与端口
mode http                   #模式http
log global                   #定义日志
option httpclose                #每次请求完毕后主动关闭http通道
option logasap
option dontlognull          #不记录健康检查的日志信息
capture request  header Host len 20
capture request  header Referer len 60
default_backend web          #定义的默认backend
frontend healthcheck
bind :1099
mode http
option httpclose
option forwardfor
default_backend web          #定义的默认backend
backend servers #后端服务集群的配置，是真实的服务器，一个Backend对应一个或者多个实体服务器。
balance roundrobin          #负载均衡方式为轮询
server web16 192.168.3.16:80 check maxconn 2000 #定义server，check 健康检查，maxconn 定义最大连接数
server web17 192.168.3.17:80 check maxconn 2000

账号		自动登录	找回密码
密码			立即注册

VMware vcenter+vSphere 6.5 U2共享

【跟谁学】韩宇极简英语课-技术人员不得不

用Zabbix通过JMX方式监控weblogic

winhex数据恢复教程（非常巨大，内容丰富）

Symantec Backup Exec 2015 2016/2012 BE20

NetScaler VPX部署之：NetScaler Gateway调

zabbix3.4.1安装部署+微信推送信息+大屏显

[经验分享] haproxy安装部署

扫码加入运维网微信交流群