负载均衡类型
四层:
- LVS:Linux Virtual Server
- Nginx:1.9版之后
- HAProxy:High Availability Proxy
七层:
- HAProxy
- Nginx
应用场景
- 四层:Redis、Mysql、RabbitMQ、Memcached等
- 七层:Nginx、Tomcat、Apache、PHP、图片、动静分离、API等
HAProxy
介绍:
- HAProxy是法国开发者威利塔罗(Willy Tarreau) 在2000年使用C语言开发的一个开源软件,是一款具备高并发(一万以上)、高性能的TCP和HTTP负载均衡器,支持基于cookie的持久性,自动故障切换,支持正则表达式及web状态统计
#社区版:
社区版网站:http://www.haproxy.org/
github:https://github.com/haproxy
支持功能:
TCP 和 HTTP反向代理
支持http反向代理
支持动态程序的反向代理
支持基于数据库的反向代理
SSL/TSL服务器
可以针对HTTP请求添加cookie,进行路由后端服务器
可平衡负载至后端服务器,并支持持久连接
支持所有主服务器故障切换至备用服务器
支持专用端口实现监控服务
支持停止接受新连接请求,而不影响现有连接
可以在双向添加,修改或删除HTTP报文首部
响应报文压缩
支持基于pattern实现连接请求的访问控制
通过特定的URI为授权用户提供详细的状态信息
不具备的功能:
正向代理--squid,nginx
缓存代理--varnish
web服务--nginx、tengine、apache、php、tomcat
UDP--目前不支持UDP协议
单机性能--相比LVS性能较差
HAProxy 安装
- 解决 lua 环境
有的环境比较老旧,编译安装haproxy依赖lua,准备一下
案例:
#安装基础命令及编译依赖环境
[root@ubuntu2204 ~]#apt install gcc make libssl-dev libpcre3 libpcre3-dev zlib1g-dev libreadline-dev libsystemd-dev
[root@ubuntu2204 src]#wget http://www.lua.org/ftp/lua-5.4.4.tar.gz
[root@ubuntu2204 src]#ll
总用量 364
drwxr-xr-x 2 root root 4096 1月 16 11:50 ./
drwxr-xr-x 10 root root 4096 8月 9 19:53 ../
-rw-r--r-- 1 root root 360876 1月 16 11:50 lua-5.4.4.tar.gz
[root@ubuntu2204 src]#tar xvf lua-5.4.4.tar.gz
lua-5.4.4/
lua-5.4.4/Makefile
lua-5.4.4/doc/
lua-5.4.4/doc/luac.1
lua-5.4.4/doc/manual.html
lua-5.4.4/doc/manual.css
lua-5.4.4/doc/contents.html
lua-5.4.4/doc/lua.css
lua-5.4.4/doc/osi-certified-72x60.png
lua-5.4.4/doc/logo.gif
lua-5.4.4/doc/lua.1
lua-5.4.4/doc/index.css
lua-5.4.4/doc/readme.html
lua-5.4.4/src/
lua-5.4.4/src/ldblib.c
lua-5.4.4/src/lmathlib.c
lua-5.4.4/src/loslib.c
lua-5.4.4/src/lvm.c
lua-5.4.4/src/ldo.h
lua-5.4.4/src/lua.h
lua-5.4.4/src/lgc.h
lua-5.4.4/src/ltm.h
lua-5.4.4/src/loadlib.c
lua-5.4.4/src/lmem.c
lua-5.4.4/src/lstate.h
lua-5.4.4/src/Makefile
lua-5.4.4/src/lzio.h
lua-5.4.4/src/luaconf.h
lua-5.4.4/src/lopcodes.c
lua-5.4.4/src/lua.c
lua-5.4.4/src/lundump.h
lua-5.4.4/src/ljumptab.h
lua-5.4.4/src/lbaselib.c
lua-5.4.4/src/ltable.c
lua-5.4.4/src/ldump.c
lua-5.4.4/src/liolib.c
lua-5.4.4/src/llimits.h
lua-5.4.4/src/lfunc.h
lua-5.4.4/src/lualib.h
lua-5.4.4/src/lzio.c
lua-5.4.4/src/lopnames.h
lua-5.4.4/src/lctype.c
lua-5.4.4/src/lmem.h
lua-5.4.4/src/llex.h
lua-5.4.4/src/ltable.h
lua-5.4.4/src/lstring.c
lua-5.4.4/src/ldebug.h
lua-5.4.4/src/lprefix.h
lua-5.4.4/src/llex.c
lua-5.4.4/src/linit.c
lua-5.4.4/src/lobject.h
lua-5.4.4/src/lapi.h
lua-5.4.4/src/ldebug.c
lua-5.4.4/src/ldo.c
lua-5.4.4/src/lvm.h
lua-5.4.4/src/lauxlib.c
lua-5.4.4/src/luac.c
lua-5.4.4/src/lctype.h
lua-5.4.4/src/lstring.h
lua-5.4.4/src/lcorolib.c
lua-5.4.4/src/lutf8lib.c
lua-5.4.4/src/lgc.c
lua-5.4.4/src/lstate.c
lua-5.4.4/src/lundump.c
lua-5.4.4/src/ltablib.c
lua-5.4.4/src/lauxlib.h
lua-5.4.4/src/ltm.c
lua-5.4.4/src/lparser.c
lua-5.4.4/src/lcode.h
lua-5.4.4/src/lobject.c
lua-5.4.4/src/lcode.c
lua-5.4.4/src/lopcodes.h
lua-5.4.4/src/lfunc.c
lua-5.4.4/src/lapi.c
lua-5.4.4/src/lparser.h
lua-5.4.4/src/lua.hpp
lua-5.4.4/src/lstrlib.c
lua-5.4.4/README
[root@ubuntu2204 src]#cd lua-5.4.4
[root@ubuntu2204 lua-5.4.4]#make linux test
make[1]: 进入目录“/usr/local/src/lua-5.4.4/src”
make all SYSCFLAGS="-DLUA_USE_LINUX" SYSLIBS="-Wl,-E -ldl"
make[2]: 进入目录“/usr/local/src/lua-5.4.4/src”
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lapi.o lapi.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c lcode.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lctype.o lctype.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o ldebug.o ldebug.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o ldo.o ldo.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o ldump.o ldump.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lfunc.o lfunc.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lgc.o lgc.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c llex.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lmem.o lmem.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lobject.o lobject.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lopcodes.o lopcodes.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c lparser.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lstate.o lstate.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lstring.o lstring.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o ltable.o ltable.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o ltm.o ltm.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lundump.o lundump.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lvm.o lvm.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lzio.o lzio.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lauxlib.o lauxlib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lbaselib.o lbaselib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lcorolib.o lcorolib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o ldblib.o ldblib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o liolib.o liolib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lmathlib.o lmathlib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o loadlib.o loadlib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o loslib.o loslib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lstrlib.o lstrlib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o ltablib.o ltablib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lutf8lib.o lutf8lib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o linit.o linit.c
ar rcu liblua.a lapi.o lcode.o lctype.o ldebug.o ldo.o ldump.o lfunc.o lgc.o llex.o lmem.o lobject.o lopcodes.o lparser.o lstate.o lstring.o ltable.o ltm.o lundump.o lvm.o lzio.o lauxlib.o lbaselib.o lcorolib.o ldblib.o liolib.o lmathlib.o loadlib.o loslib.o lstrlib.o ltablib.o lutf8lib.o linit.o
ar: `u' 修饰符被忽略,因为 `D' 为默认(参见 `U')
ranlib liblua.a
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lua.o lua.c
gcc -std=gnu99 -o lua lua.o liblua.a -lm -Wl,-E -ldl
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o luac.o luac.c
gcc -std=gnu99 -o luac luac.o liblua.a -lm -Wl,-E -ldl
make[2]: 离开目录“/usr/local/src/lua-5.4.4/src”
make[1]: 离开目录“/usr/local/src/lua-5.4.4/src”
make[1]: 进入目录“/usr/local/src/lua-5.4.4/src”
./lua -v
Lua 5.4.4 Copyright (C) 1994-2022 Lua.org, PUC-Rio
make[1]: 离开目录“/usr/local/src/lua-5.4.4/src”
[root@ubuntu2204 lua-5.4.4]#./src/lua -v
Lua 5.4.4 Copyright (C) 1994-2022 Lua.org, PUC-Rio
- 编译安装HAProxy
[root@ubuntu2204 src]#wget http://www.haproxy.org/download/2.7/src/haproxy-2.7.1.tar.gz
[root@ubuntu2204 src]#tar xf haproxy-2.7.1.tar.gz
[root@ubuntu2204 src]#ls
haproxy-2.7.1 haproxy-2.7.1.tar.gz lua-5.4.4 lua-5.4.4.tar.gz
[root@ubuntu2204 src]#cd haproxy-2.7.1
#目录下有个INSTALL手册,可以参考
[root@ubuntu2204 haproxy-2.7.1]#ls
addons BRANCHES CONTRIBUTING doc include LICENSE Makefile reg-tests src tests VERSION
admin CHANGELOG dev examples INSTALL MAINTAINERS README scripts SUBVERS VERDATE
[root@ubuntu2204 haproxy-2.7.1]#cat INSTALL
Installation instructions for HAProxy
=====================================
HAProxy 2.7 is a stable version, which means that it will get fixes for bugs as
they are discovered till around Q1 2024 and should not receive new features.
This version is mostly suited at experienced users who are willing to quickly
follow updates. New users are encouraged to use long term supported versions
such as the ones provided by their software vendor or Linux distribution, as
such versions require far less common updates.
If for any reason you'd prefer to use a different version than the one packaged
for your system, you want to be certain to have all the fixes or to get some
commercial support, other choices are available at http://www.haproxy.com/.
Areas covered in this document
==============================
1) Quick build & install
2) Basic principles
3) Build environment
4) Dependencies
5) Advanced build options
6) How to install HAProxy
1) Quick build & install
========================
If you've already built HAProxy and are just looking for a quick reminder, here
are a few build examples :
- recent Linux system with all options, make and install :
$ make clean
$ make -j $(nproc) TARGET=linux-glibc \
USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1 USE_SYSTEMD=1
$ sudo make install
- FreeBSD and OpenBSD, build with all options :
$ gmake -j 4 TARGET=freebsd USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1
- embedded Linux, build using a cross-compiler :
$ make -j $(nproc) TARGET=linux-glibc USE_OPENSSL=1 USE_PCRE=1 \
CC=/opt/cross/gcc730-arm/bin/gcc ADDLIB=-latomic
- Build with static PCRE on Solaris / UltraSPARC :
$ make TARGET=solaris CPU=ultrasparc USE_STATIC_PCRE=1
For more advanced build options or if a command above reports an error, please
read the following sections.
....
#参考INSTALL文件进行编译安装
[root@ubuntu2204 haproxy-2.7.1]#make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_LUA=1 LUA_INC=/usr/local/src/lua-5.4.4/src/ LUA_LIB=/usr/local/src/lua-5.4.4/src/
CC src/ev_poll.o
CC src/ev_epoll.o
CC src/cpuset.o
CC src/ssl_sock.o
CC src/ssl_ckch.o
CC src/ssl_sample.o
CC src/ssl_crtlist.o
CC src/cfgparse-ssl.o
CC src/ssl_utils.o
CC src/jwt.o
CC src/hlua.o
CC src/hlua_fcn.o
CC src/namespace.o
CC src/mux_h2.o
CC src/mux_fcgi.o
CC src/mux_h1.o
CC src/tcpcheck.o
CC src/stream.o
CC src/stats.o
CC src/http_ana.o
CC src/server.o
CC src/stick_table.o
CC src/sample.o
CC src/flt_spoe.o
CC src/tools.o
CC src/log.o
CC src/cfgparse.o
CC src/peers.o
CC src/backend.o
CC src/resolvers.o
CC src/cli.o
CC src/connection.o
CC src/proxy.o
CC src/http_htx.o
CC src/cfgparse-listen.o
CC src/pattern.o
CC src/check.o
CC src/haproxy.o
CC src/cache.o
CC src/stconn.o
CC src/http_act.o
CC src/http_fetch.o
CC src/http_client.o
CC src/listener.o
CC src/dns.o
CC src/vars.o
CC src/debug.o
CC src/tcp_rules.o
CC src/sink.o
CC src/h1_htx.o
CC src/task.o
CC src/mjson.o
CC src/h2.o
CC src/filters.o
CC src/server_state.o
CC src/payload.o
CC src/fcgi-app.o
CC src/map.o
CC src/htx.o
CC src/h1.o
CC src/pool.o
CC src/cfgparse-global.o
CC src/trace.o
CC src/tcp_sample.o
CC src/flt_http_comp.o
CC src/mux_pt.o
CC src/flt_trace.o
CC src/mqtt.o
CC src/acl.o
CC src/sock.o
CC src/mworker.o
CC src/tcp_act.o
CC src/ring.o
CC src/session.o
CC src/proto_tcp.o
CC src/fd.o
CC src/channel.o
CC src/activity.o
CC src/queue.o
CC src/lb_fas.o
CC src/http_rules.o
CC src/extcheck.o
CC src/flt_bwlim.o
CC src/thread.o
CC src/http.o
CC src/lb_chash.o
CC src/applet.o
CC src/compression.o
CC src/raw_sock.o
CC src/ncbuf.o
CC src/frontend.o
CC src/errors.o
CC src/uri_normalizer.o
CC src/http_conv.o
CC src/lb_fwrr.o
CC src/sha1.o
CC src/proto_sockpair.o
CC src/mailers.o
CC src/lb_fwlc.o
CC src/ebmbtree.o
CC src/cfgcond.o
CC src/action.o
CC src/xprt_handshake.o
CC src/protocol.o
CC src/proto_uxst.o
CC src/proto_udp.o
CC src/lb_map.o
CC src/fix.o
CC src/ev_select.o
CC src/arg.o
CC src/sock_inet.o
CC src/mworker-prog.o
CC src/hpack-dec.o
CC src/cfgparse-tcp.o
CC src/sock_unix.o
CC src/shctx.o
CC src/proto_uxdg.o
CC src/fcgi.o
CC src/eb64tree.o
CC src/clock.o
CC src/chunk.o
CC src/cfgdiag.o
CC src/signal.o
CC src/regex.o
CC src/lru.o
CC src/eb32tree.o
CC src/eb32sctree.o
CC src/cfgparse-unix.o
CC src/hpack-tbl.o
CC src/ebsttree.o
CC src/ebimtree.o
CC src/base64.o
CC src/auth.o
CC src/uri_auth.o
CC src/time.o
CC src/ebistree.o
CC src/dynbuf.o
CC src/wdt.o
CC src/pipe.o
CC src/init.o
CC src/http_acl.o
CC src/hpack-huff.o
CC src/hpack-enc.o
CC src/dict.o
CC src/freq_ctr.o
CC src/ebtree.o
CC src/hash.o
CC src/dgram.o
CC src/version.o
LD haproxy
CC dev/flags/flags.o
LD dev/flags/flags
[root@ubuntu2204 haproxy-2.7.1]#make install PREFIX=/apps/haproxy
[root@ubuntu2204 haproxy-2.7.1]#ln -s /apps/haproxy/sbin/haproxy /usr/sbin/
[root@ubuntu2204 haproxy-2.7.1]#tree /apps/haproxy/
/apps/haproxy/
├── doc
│ └── haproxy
│ ├── 51Degrees-device-detection.txt
│ ├── architecture.txt
│ ├── close-options.txt
│ ├── configuration.txt
│ ├── cookie-options.txt
│ ├── DeviceAtlas-device-detection.txt
│ ├── intro.txt
│ ├── linux-syn-cookies.txt
│ ├── lua.txt
│ ├── management.txt
│ ├── netscaler-client-ip-insertion-protocol.txt
│ ├── network-namespaces.txt
│ ├── peers.txt
│ ├── peers-v2.0.txt
│ ├── proxy-protocol.txt
│ ├── regression-testing.txt
│ ├── seamless_reload.txt
│ ├── SOCKS4.protocol.txt
│ ├── SPOE.txt
│ └── WURFL-device-detection.txt
├── sbin
│ └── haproxy
└── share
└── man
└── man1
└── haproxy.1
6 directories, 22 files
#验证HAProxy版本
[root@ubuntu2204 haproxy-2.7.1]#which haproxy
/usr/sbin/haproxy
[root@ubuntu2204 haproxy-2.7.1]#haproxy -v
HAProxy version 2.7.1-3e4af0e 2022/12/19 - https://haproxy.org/
Status: stable branch - will stop receiving fixes around Q1 2024.
Known bugs: http://www.haproxy.org/bugs/bugs-2.7.1.html
Running on: Linux 5.15.0-52-generic #58-Ubuntu SMP Thu Oct 13 08:03:55 UTC 2022 x86_64
- 准备 HAProxy service 文件
[root@ubuntu2204 haproxy-2.7.1]#vim /usr/lib/systemd/system/haproxy.service
[root@ubuntu2204 haproxy-2.7.1]#cat /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
LimitNOFILE=100000
[Install]
WantedBy=multi-user.target
[root@ubuntu2204 haproxy-2.7.1]#systemctl daemon-reload
[root@ubuntu2204 haproxy-2.7.1]#systemctl status haproxy
○ haproxy.service - HAProxy Load Balancer
Loaded: loaded (/lib/systemd/system/haproxy.service; disabled; vendor preset: enabled)
Active: inactive (dead)
- 准备配置文件
#查看配置文件范例
[root@ubuntu2204 haproxy-2.7.1]#tree examples/
examples/
├── basic-config-edge.cfg
├── content-sw-sample.cfg
├── errorfiles
│ ├── 400.http
│ ├── 403.http
│ ├── 408.http
│ ├── 500.http
│ ├── 502.http
│ ├── 503.http
│ ├── 504.http
│ └── README
├── haproxy.init
├── option-http_proxy.cfg
├── quick-test.cfg
├── socks4.cfg
├── transparent_proxy.cfg
└── wurfl-example.cfg
1 directory, 16 files
#创建自定义的配置文件
[root@ubuntu2204 haproxy-2.7.1]#cd
[root@ubuntu2204 ~]#mkdir /etc/haproxy
[root@ubuntu2204 ~]#vim /etc/haproxy/haproxy.cfg
[root@ubuntu2204 ~]#cat /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /apps/haproxy
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 99
gid 99
user haproxy
group haproxy
daemon
#nbproc 4
#cpu-map 1 0
#cpu-map 2 1
#cpu-map 3 2
#cpu-map 4 3
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local2 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:123456
listen web_port
bind 10.0.0.7:80
mode http
log global
server web1 127.0.0.1:8080 check inter 3000 fall 2 rise 5
#检查配置文件语法
[root@ubuntu2204 ~]#haproxy -c -f /etc/haproxy/haproxy.cfg
[NOTICE] (30016) : haproxy version is 2.7.1-3e4af0e
[NOTICE] (30016) : path to executable is /usr/sbin/haproxy
[ALERT] (30016) : config : parsing [/etc/haproxy/haproxy.cfg:7] : user/uid already specified. Continuing.
[ALERT] (30016) : config : parsing [/etc/haproxy/haproxy.cfg:8] : gid/group was already specified. Continuing.
Configuration file is valid
- 启动 haproxy
#准备socket文件目录
[root@ubuntu2204 ~]#mkdir /var/lib/haproxy
#设置用户和目录权限
[root@ubuntu2204 ~]#useradd -r -s /sbin/nologin -d /var/lib/haproxy haproxy
[root@ubuntu2204 ~]#systemctl enable --now haproxy
Created symlink /etc/systemd/system/multi-user.target.wants/haproxy.service → /lib/systemd/system/haproxy.service.
#验证 haproxy 状态
[root@ubuntu2204 ~]#systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
Loaded: loaded (/lib/systemd/system/haproxy.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2023-01-16 14:18:36 CST; 49s ago
Process: 2941 ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q (code=exited, status=0/SUCCESS)
Main PID: 2943 (haproxy)
Tasks: 3 (limit: 2196)
Memory: 23.3M
CPU: 235ms
CGroup: /system.slice/haproxy.service
├─2943 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
└─2946 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
1月 16 14:18:36 ubuntu2204.wang.org systemd[1]: Starting HAProxy Load Balancer...
1月 16 14:18:36 ubuntu2204.wang.org systemd[1]: Started HAProxy Load Balancer.
1月 16 14:18:36 ubuntu2204.wang.org haproxy[2943]: [NOTICE] (2943) : haproxy version is 2.7.1-3e4af0e
1月 16 14:18:36 ubuntu2204.wang.org haproxy[2943]: [NOTICE] (2943) : path to executable is /usr/sbin/haproxy
1月 16 14:18:36 ubuntu2204.wang.org haproxy[2943]: [ALERT] (2943) : config : parsing [/etc/haproxy/haproxy.cfg:8] : 'pidfile' already specified. Continuing.
1月 16 14:18:36 ubuntu2204.wang.org haproxy[2943]: [NOTICE] (2943) : New worker (2946) forked
1月 16 14:18:36 ubuntu2204.wang.org haproxy[2943]: [NOTICE] (2943) : Loading success.
- 查看haproxy的状态页面
浏览器访问: http://haproxy-server:9999/haproxy-status
HAProxy 基础配置
配置文件官方帮助文档:
http://docs.haproxy.org/
*以下案例以下图架构为基础进行说明
HAProxy 的配置文件haproxy.cfg由两大部分组成,分别是global和proxies部分
- global:全局配置段
chroot #锁定运行目录
deamon #以守护进程运行
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin process 1
#socket文件,并可以通过此文件管理
user, group, uid, gid #运行haproxy的用户身份
#nbproc n #开启的haproxy worker 进程数,默认进程数是一个, nbproc从HAProxy2.5开始不再支持
nbthread 1 #和多进程 nbproc配置互斥(版本有关,CentOS8的haproxy1.8无此问题),指定每个haproxy进程开启的线程数,默认为每个进程一个线程
#如果同时启用nbproc和nbthread 会出现以下日志的错误,无法启动服务
Apr 7 14:46:23 haproxy haproxy: [ALERT] 097/144623 (1454) : config : cannotenable multiple processes if multiple threads are configured. Please use either nbproc or nbthread but not both.
#cpu-map 1 0 #绑定haproxy worker 进程至指定CPU,将第1个worker进程绑定至0号CPU
#cpu-map 2 1 #绑定haproxy worker 进程至指定CPU,将第2个worker进程绑定至1号CPU
cpu-map auto:1/1-8 0-7 #haproxy2.4中启用nbthreads,在global配置中添加此选项,可以进行线程和CPU的绑定,nbproc选项2.5版本中将会删除,每个进程中1-8个线程分别绑定0-7号CPU
maxconn n #每个haproxy进程的最大并发连接数
maxsslconn n #每个haproxy进程ssl最大连接数,用于haproxy配置了证书的场景下
maxconnrate n #每个进程每秒创建的最大连接数量
spread-checks n #后端server状态check随机提前或延迟百分比时间,建议2-5(20%-50%)之间,默认值0
pidfile #指定pid文件路径
log 127.0.0.1 local2 info #定义全局的syslog服务器;日志服务器需要开启UDP协议,最多可以定义两个
案例:多线程和CPU绑定
[root@haproxy ~]#cat /etc/haproxy/haproxy.cfg
global
maxconn 100000
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 99
gid 99
daemon
nbthread 4
cpu-map auto:1/1-4 0-3
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth admin:123456
#listen kubernetes-6443
# bind 192.168.10.100:6443
# mode tcp
# log global
# server 192.168.10.101 192.168.10.101:6443 check inter 3000 fall 2 rise 5
# server 192.168.10.102 192.168.10.102:6443 check inter 3000 fall 2 rise 5
# server 192.168.10.103 192.168.10.102:6443 check inter 3000 fall 2 rise 5
#语法检查
[root@haproxy ~]#haproxy -f /etc/haproxy/haproxy.cfg -c
Configuration file is valid
[root@haproxy ~]#apt install -y sysstat
[root@haproxy ~]#systemctl restart haproxy
[root@haproxy ~]#systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
Loaded: loaded (/lib/systemd/system/haproxy.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2023-01-16 18:15:08 CST; 2min 50s ago
Process: 758 ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q (code=exited, status=0/SUCCESS)
Main PID: 794 (haproxy)
Tasks: 5 (limit: 2196)
Memory: 24.4M
CPU: 319ms
CGroup: /system.slice/haproxy.service
├─794 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
└─798 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
1月 16 18:15:05 haproxy systemd[1]: Starting HAProxy Load Balancer...
1月 16 18:15:08 haproxy systemd[1]: Started HAProxy Load Balancer.
1月 16 18:15:08 haproxy haproxy[794]: [NOTICE] (794) : haproxy version is 2.7.1-3e4af0e
1月 16 18:15:08 haproxy haproxy[794]: [NOTICE] (794) : path to executable is /usr/sbin/haproxy
1月 16 18:15:08 haproxy haproxy[794]: [ALERT] (794) : config : parsing [/etc/haproxy/haproxy.cfg:10] : 'pidfile' already specified. Continuing.
1月 16 18:15:08 haproxy haproxy[794]: [NOTICE] (794) : New worker (798) forked
1月 16 18:15:08 haproxy haproxy[794]: [NOTICE] (794) : Loading success.
[root@haproxy ~]#pidstat -p 798 -t
Linux 5.15.0-58-generic (haproxy) 2023年01月16日 _x86_64_ (4 CPU)
18时18分08秒 UID TGID TID %usr %system %guest %wait %CPU CPU Command
18时18分08秒 99 798 - 0.00 0.00 0.00 0.00 0.00 0 haproxy
18时18分08秒 99 - 798 0.00 0.00 0.00 0.00 0.00 0 |__haproxy
18时18分08秒 99 - 799 0.00 0.00 0.00 0.00 0.00 1 |__haproxy
18时18分08秒 99 - 800 0.00 0.00 0.00 0.00 0.00 2 |__haproxy
18时18分08秒 99 - 801 0.00 0.00 0.00 0.00 0.00 3 |__haproxy
案例:启动本地和远程日志 - 生产不建议,日志记录尽量在后端服务器上,减轻负载均衡机器的IO压力
#配置日志记录
[root@haproxy ~]#cat /etc/haproxy/haproxy.cfg
global
maxconn 100000
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 99
gid 99
daemon
nbthread 4
cpu-map auto:1/1-4 0-3
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info
log 10.0.0.202 local3 info
....
#开启514端口
[root@haproxy ~]#cat /etc/rsyslog.conf
# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
#module(load="immark") # provides --MARK-- message capability
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
....
$IncludeConfig /etc/rsyslog.d/*.conf
#追加日志文件路径到子配置目录下,127和202都一样
[root@haproxy ~]#cat /etc/rsyslog.d/50-default.conf
...
local3.* /var/log/haproxy.log
#测试访问http://haproxy-server:9999/haproxy-status查看日志生成
#127
[root@haproxy ~]#cat /var/log/haproxy.log
Jan 16 20:10:12 localhost haproxy[918]: Connect from 10.0.0.1:14730 to 10.0.0.200:9999 (stats/HTTP)
Jan 16 20:15:20 localhost haproxy[918]: Connect from 10.0.0.1:14756 to 10.0.0.200:9999 (stats/HTTP)
Jan 16 20:15:20 localhost haproxy[918]: Connect from 10.0.0.1:14762 to 10.0.0.200:9999 (stats/HTTP)
Jan 16 20:15:21 localhost haproxy[918]: Connect from 10.0.0.1:14766 to 10.0.0.200:9999 (stats/HTTP)
Jan 16 20:16:32 localhost haproxy[918]: Connect from 10.0.0.1:14781 to 10.0.0.200:9999 (stats/HTTP)
Jan 16 20:16:32 localhost haproxy[918]: Connect from 10.0.0.1:14782 to 10.0.0.200:9999 (stats/HTTP)
Jan 16 20:16:32 localhost haproxy[918]: Connect from 10.0.0.1:14783 to 10.0.0.200:9999 (stats/HTTP)
Jan 16 20:16:32 localhost haproxy[918]: Connect from 10.0.0.1:14784 to 10.0.0.200:9999 (stats/HTTP)
#202
[root@web01-mooreyxia ~]#tail /var/log/haproxy.log
Jan 16 20:16:32 10.0.0.200 haproxy[918]: Connect from 10.0.0.1:14781 to 10.0.0.200:9999 (stats/HTTP)
Jan 16 20:16:32 10.0.0.200 haproxy[918]: Connect from 10.0.0.1:14782 to 10.0.0.200:9999 (stats/HTTP)
Jan 16 20:16:32 10.0.0.200 haproxy[918]: Connect from 10.0.0.1:14783 to 10.0.0.200:9999 (stats/HTTP)
Jan 16 20:16:32 10.0.0.200 haproxy[918]: Connect from 10.0.0.1:14784 to 10.0.0.200:9999 (stats/HTTP)
#确认下是否是918线程发出的信息
[root@haproxy ~]#pstree -p
systemd(1)─┬─agetty(779)
├─dbus-daemon(754)
├─haproxy(916)───haproxy(918)─┬─{haproxy}(919)
│ ├─{haproxy}(920)
│ └─{haproxy}(921)
.....
- proxies:代理配置段
defaults 配置参数:
option redispatch #当server Id对应的服务器挂掉后,强制定向到其他健康的服务器,重新派发
option abortonclose #当服务器负载很高时,自动结束掉当前队列处理比较久的连接,针对业务情况选择开启
option http-keep-alive #开启与客户端的会话保持
option forwardfor #透传客户端真实IP至后端web服务器
mode http|tcp #设置默认工作类型,使用TCP服务器性能更好,减少压力
timeout http-keep-alive 120s #session 会话保持超时时间,此时间段内会转发到相同的后端服务器
timeout connect 120s #客户端请求从haproxy到后端server最长连接等待时间(TCP连接之前),默认单位ms
timeout server 600s #客户端请求从haproxy到后端服务端的请求处理超时时长(TCP连接之后),默认单位ms,如果超时,会出现502错误,此值建议设置较大些,防止出现502错误
timeout client 600s #设置haproxy与客户端的最长非活动时间,默认单位ms,建议和timeoutserver相同
timeout check 5s #对后端服务器的默认检测超时时间
default-server inter 1000 weight 3 #指定后端服务器的默认设置
#案例:
[root@haproxy ~]#cat /etc/haproxy/haproxy.cfg
global
maxconn 100000
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 99
gid 99
daemon
nbthread 4
cpu-map auto:1/1-4 0-3
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info
log 10.0.0.202 local3 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth admin:123456
Proxies配置-listen - 使用listen替换 frontend和backend的配置方式,可以简化设置,常用于TCP协议的应用
案例:
[root@haproxy ~]#cat /etc/haproxy/haproxy.cfg
...
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth admin:123456
listen web_http_80
bind 192.168.10.200:80
server web01 10.0.0.202:80
server web02 10.0.0.203:80
[root@haproxy ~]#haproxy -f /etc/haproxy/haproxy.cfg -c
Configuration file is valid
[root@haproxy ~]#systemctl restart haproxy.service
[root@haproxy ~]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 192.168.10.200:80 0.0.0.0:*
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:6010 0.0.0.0:*
LISTEN 0 4096 0.0.0.0:9999 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 [::1]:6010 [::]:*
#测试 - 负载均衡访问两个服务IP
[root@internet ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:42:b4:d3 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.8/24 brd 192.168.10.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe42:b4d3/64 scope link
valid_lft forever preferred_lft forever
[root@internet ~]#vim /etc/hosts
[root@internet ~]#ping www.mooreyxia.org
PING www.mooreyxia.org (192.168.10.200) 56(84) bytes of data.
64 bytes from www.mooreyxia.org (192.168.10.200): icmp_seq=1 ttl=64 time=0.895 ms
64 bytes from www.mooreyxia.org (192.168.10.200): icmp_seq=2 ttl=64 time=0.309 ms
64 bytes from www.mooreyxia.org (192.168.10.200): icmp_seq=3 ttl=64 time=0.866 ms
^C
--- www.mooreyxia.org ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2089ms
rtt min/avg/max/mdev = 0.309/0.690/0.895/0.269 ms
#配置代理服务之前
[root@internet ~]#curl www.mooreyxia.org
curl: (7) Failed to connect to www.mooreyxia.org port 80: Connection refused
#配置代理服务之后
[root@internet ~]#curl www.mooreyxia.org
10.0.0.202 _web01-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
10.0.0.203 _web02-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
10.0.0.202 _web01-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
10.0.0.203 _web02-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
10.0.0.202 _web01-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
10.0.0.203 _web02-www.mooreyxia.org
观察状态页面的变化
注意:上面虽然实现了代理访问,由于代理访问对客户端信息拆包之后重新包装,给到后端服务器的包信息不不包含客户端的,那么在后端记录日志方面导致客户端方面的访问信息缺失,可以用IP透传技术解决这个问题。稍后解决这个问题。
#停止一个后端服务,观察调度信息
[root@web02-mooreyxia ~]#systemctl stop nginx
#说明目前还没有对后端进行健康性检查
[root@internet ~]#curl www.mooreyxia.org
10.0.0.202 _web01-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>
#添加建康性检查属性 - 主动检查,相对nginx是懒检查,即服务等待被调用时检查
[root@haproxy ~]#cat /etc/haproxy/haproxy.cfg
...
listen web_http_80
bind 192.168.10.200:80
server web01 10.0.0.202:80 check inter 3000 fall 3 rise 5 --3000毫秒检查一次,3此失败就判定服务失效,下线处理5次成功判定服务有效,上线处理
server web02 10.0.0.203:80 check inter 3000 fall 3 rise 5
[root@haproxy ~]#haproxy -f /etc/haproxy/haproxy.cfg -c
Configuration file is valid
[root@haproxy ~]#systemctl restart haproxy.service
#再次访问后端发现只调度202服务
[root@internet ~]#curl www.mooreyxia.org
10.0.0.202 _web01-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
10.0.0.202 _web01-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
10.0.0.202 _web01-www.mooreyxia.org
#203服务80端口扫描 3秒一次
[root@web01-mooreyxia ~]#tcpdump -i eth0 -nn port 80
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
16:40:12.576267 IP 10.0.0.200.56838 > 10.0.0.203.80: Flags [S], seq 4152154529, win 64240, options [mss 1460,sackOK,TS val 731593195 ecr 0,nop,wscale 7], length 0
16:40:12.576565 IP 10.0.0.203.80 > 10.0.0.200.56838: Flags [S.], seq 1836204874, ack 4152154530, win 65160, options [mss 1460,sackOK,TS val 3395582796 ecr 731593195,nop,wscale 7], length 0
16:40:12.576977 IP 10.0.0.200.56838 > 10.0.0.203.80: Flags [R.], seq 1, ack 1, win 502, options [nop,nop,TS val 731593195 ecr 3395582796], length 0
16:40:14.103344 IP 10.0.0.200.54970 > 10.0.0.202.80: Flags [S], seq 1891704514, win 64240, options [mss 1460,sackOK,TS val 2444235999 ecr 0,nop,wscale 7], length 0
16:40:14.103372 IP 10.0.0.202.80 > 10.0.0.200.54970: Flags [S.], seq 3811458082, ack 1891704515, win 65160, options [mss 1460,sackOK,TS val 566056266 ecr 2444235999,nop,wscale 7], length 0
16:40:14.103894 IP 10.0.0.200.54970 > 10.0.0.202.80: Flags [R.], seq 1, ack 1, win 502, options [nop,nop,TS val 2444235999 ecr 566056266], length 0
16:40:15.580268 IP 10.0.0.200.56840 > 10.0.0.203.80: Flags [S], seq 3235526820, win 64240, options [mss 1460,sackOK,TS val 731596199 ecr 0,nop,wscale 7], length 0
16:40:15.580517 IP 10.0.0.203.80 > 10.0.0.200.56840: Flags [S.], seq 2372330128, ack 3235526821, win 65160, options [mss 1460,sackOK,TS val 3395585800 ecr 731596199,nop,wscale 7], length 0
16:40:15.580776 IP 10.0.0.200.56840 > 10.0.0.203.80: Flags [R.], seq 1, ack 1, win 502, options [nop,nop,TS val 731596199 ecr 3395585800], length 0
^C
9 packets captured
9 packets received by filter
0 packets dropped by kernel
观察状态信息
#再度开启203服务后访问发现后端服务正常均衡负载访问请求
[root@web02-mooreyxia ~]#systemctl start nginx
[root@internet ~]#curl www.mooreyxia.org
10.0.0.202 _web01-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
10.0.0.203 _web02-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
10.0.0.202 _web01-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
10.0.0.203 _web02-www.mooreyxia.org
观察状态信息
注意:check属性只能粗略检查端口开启问题,端口占用等其他问题还不能很好的反映出来
案例:根据域名做负载均衡调度向不同服务器
实现:
www.mooreyxia.org --> 202,203
www.mooreyxia.net --> 204,205
#client
[root@internet ~]#cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 rocky8.wang.org
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.200 www.mooreyxia.org
192.168.10.100 www.mooreyxia.net
#haproxy
[root@haproxy ~]#vim /etc/netplan/01-netcfg.yaml
[root@haproxy ~]#cat /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.200/24
gateway4: 10.0.0.2
nameservers:
search: [wang.org, wang.com]
addresses: [180.76.76.76, 223.6.6.6]
eth1:
addresses:
- 192.168.10.200/24
- 192.168.10.100/24
[root@haproxy ~]#netplan apply
** (generate:1057): WARNING **: 16:44:58.057: `gateway4` has been deprecated, use default routes instead.
See the 'Default routes' section of the documentation for more details.
** (process:1055): WARNING **: 16:44:58.512: `gateway4` has been deprecated, use default routes instead.
See the 'Default routes' section of the documentation for more details.
[root@haproxy ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:df:99:92 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 10.0.0.200/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fedf:9992/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:df:99:9c brd ff:ff:ff:ff:ff:ff
altname enp2s5
altname ens37
inet 192.168.10.200/24 brd 192.168.10.255 scope global eth1
valid_lft forever preferred_lft forever
inet 192.168.10.100/24 brd 192.168.10.255 scope global secondary eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fedf:999c/64 scope link
valid_lft forever preferred_lft forever
[root@haproxy ~]#vim /etc/haproxy/haproxy.cfg
[root@haproxy ~]#cat /etc/haproxy/haproxy.cfg
...
listen www.mooreyxia.org_80
bind 192.168.10.200:80
server web01 10.0.0.202:80 check inter 3000 fall 3 rise 5
server web02 10.0.0.203:80 check inter 3000 fall 3 rise 5
listen www.mooreyxia.net_80
bind 192.168.10.100:80
server web01 10.0.0.204:80 check inter 3000 fall 3 rise 5
server web02 10.0.0.205:80 check inter 3000 fall 3 rise 5
Proxies配置-frontend 和 backend
frontend 配置参数:
bind: #指定HAProxy的监听地址,可以是IPV4或IPV6,可以同时监听多个IP或端口,可同时用于listen字段中
#格式:
bind [<address>]:<port_range> [, ...] [param*]
#注意:如果需要绑定在非本机的IP,需要开启内核参数:net.ipv4.ip_nonlocal_bind=1
backlog <backlog> #针对所有server配置,当前端服务器的连接数达到上限后的后援队列长度,注意:不支持backend
backend 配置参数:
mode http|tcp #指定负载协议类型,和对应的frontend必须一致
option #配置选项
server #定义后端real server,必须指定IP和端口
案例:
[root@haproxy ~]#vim /etc/haproxy/haproxy.cfg
[root@haproxy ~]#cat /etc/haproxy/haproxy.cfg
...
#listen www.mooreyxia.org_80
# bind 192.168.10.200:80
# server web01 10.0.0.202:80 check inter 3000 fall 3 rise 5
# server web02 10.0.0.203:80 check inter 3000 fall 3 rise 5
#listen www.mooreyxia.net_80
# bind 192.168.10.100:80
# server web01 10.0.0.204:80 check inter 3000 fall 3 rise 5
# server web02 10.0.0.205:80 check inter 3000 fall 3 rise 5
frontend www.mooreyxia.org
bind 192.168.10.200:80
use_backend www.mooreyxia.org_servers --> 类似函数调用
backend www.mooreyxia.org_servers
server web01 10.0.0.202:80 check inter 3000 fall 3 rise 5
server web02 10.0.0.203:80 check inter 3000 fall 3 rise 5
[root@haproxy ~]#haproxy -f /etc/haproxy/haproxy.cfg -c
Configuration file is valid
[root@haproxy ~]#systemctl restart haproxy.service
#测试均衡调度访问
[root@internet ~]#curl www.mooreyxia.org
10.0.0.202 _web01-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
10.0.0.203 _web02-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
10.0.0.202 _web01-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
10.0.0.203 _web02-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
10.0.0.202 _web01-www.mooreyxia.org
观察状态显示
使用子配置文件保存配置
- 当业务众多时,将所有配置都放在一个配置文件中,会造成维护困难。可以考虑按业务分类,将配置信息拆分,放在不同的子配置文件中,从而达到方便维护的目的。
注意: 子配置文件的文件后缀必须为.cfg
案例:
#指定子配置文件路径 /etc/haproxy/conf.d
[root@haproxy ~]#vim /lib/systemd/system/haproxy.service
[root@haproxy ~]#cat /lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf.d -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf.d -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2
[Install]
WantedBy=multi-user.target
[root@haproxy ~]#systemctl daemon-reload
[root@haproxy ~]#systemctl restart haproxy.service
#配置子文件信息
root@haproxy ~]#mkdir /etc/haproxy/conf.d
[root@haproxy ~]#vim /etc/haproxy/conf.d/www.mooreyxia.org.cfg
[root@haproxy ~]#vim /etc/haproxy/conf.d/www.mooreyxia.net.cfg
[root@haproxy ~]#cat /etc/haproxy/conf.d/www.mooreyxia.org.cfg
#listen www.mooreyxia.org_80
# bind 192.168.10.200:80
# server web01 10.0.0.202:80 check inter 3000 fall 3 rise 5
# server web02 10.0.0.203:80 check inter 3000 fall 3 rise 5
frontend www.mooreyxia.org
bind 192.168.10.200:80
use_backend www.mooreyxia.org_servers
backend www.mooreyxia.org_servers
server web01 10.0.0.202:80 check inter 3000 fall 3 rise 5
server web02 10.0.0.203:80 check inter 3000 fall 3 rise 5
[root@haproxy ~]#cat /etc/haproxy/conf.d/www.mooreyxia.net.cfg
listen www.mooreyxia.net_80
bind 192.168.10.100:80
server web01 10.0.0.204:80 check inter 3000 fall 3 rise 5
server web02 10.0.0.205:80 check inter 3000 fall 3 rise 5
[root@haproxy ~]#tree /etc/haproxy/
/etc/haproxy/
├── conf.d
│ ├── www.mooreyxia.net.cfg
│ └── www.mooreyxia.org.cfg
└── haproxy.cfg
1 directory, 3 files
[root@haproxy ~]#systemctl restart haproxy.service
#测试均衡调度访问
[root@internet ~]#curl www.mooreyxia.org
10.0.0.202 _web01-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
10.0.0.203 _web02-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
10.0.0.202 _web01-www.mooreyxia.org
[root@internet ~]#curl www.mooreyxia.org
10.0.0.203 _web02-www.mooreyxia.org
观察状态信息
我是moore,祝大家新年快乐!!!