文章目录
- 一、HAProxy介绍
- 1.rpm安装HAProxy
- 2.源码安装HAProxy
- 3.配置haproxy实现L4负载均衡
- 4.实现haproxy基于地址目录7层跳转
- 5.haproxy健康检查
- 4.1 配置一个健康检查
- 6.haproxy的会话保持:添加balance source
一、HAProxy介绍
HAProxy是一款基于TCP和HTTP应用的代理软件,它可作为负载均衡器,而且完全免费。HAProxy最主要的优点是性能突出,它特别适合那些负载特别大的web站点,这些站点通常需要具备会话保持或七层处理功能。
优点如下:
1.免费且开源,稳定性非常好。
2.支持连接拒绝。因为维护一个连接保持打开状态的开销是很低的,有时我们需要防止蠕虫攻击,也就是通过限制它们的连接打开来防止它们的危害。这个功能已经拯救了很多被DDOS攻击的小型站点,这也是其他负载均衡器所不具备的。
3.支持全透明代理。可以用客户端IP地址或任何其他地址来连接后端服务器,这个特性使得为某特殊服务器处理部分流量的同时又不修改服务器的地址成为可能。
4.自带强大的监控服务器状态的页面,在实际环境中我们可以结合Nagios来实现邮件或短信报警。
5.支持虚拟主机
四种常见算法:
1.roundrobin:轮询
2.static-rr:加权轮询
3.leastconn:最小连接
4.source:会话保持
1.rpm安装HAProxy
[root@node1 ~]# yum list | grep -i haproxy
haproxy.x86_64 1.5.18-9.el7 base
pcp-pmda-haproxy.x86_64 4.3.2-7.el7_8 updates
[root@node1 ~]# yum install -y haproxy
配置文件:/etc/haproxy/haproxy.cfg
主要由两部分组成:
Global setting:对haproxy进程自身属性设定
proxies:对代理配置(如defaults、listen、frontend前端和backend后端)
2.源码安装HAProxy
1、下载
wget -c http://download.openpkg.org/components/cache/haproxy/haproxy-2.1.0.tar.gz
wget -c https://www.lua.org/ftp/lua-5.3.5.tar.gz
2、源码编译安装lua及haproxy
1› 安装依赖
yum install gcc gcc-c++ make openssl-devel readline-devel systemd-devel make pcre-devel -y
2› 编译安装lua
[root@node2 ~]# tar -xzf lua-5.3.5.tar.gz -C /usr/local/src/
[root@node2 ~]# cd /usr/local/src/lua-5.3.5/
[root@node2 lua-5.3.5]# make linux
[root@node2 lua-5.3.5]# make install INSTALL_TOP=/usr/local/lua
cd src && mkdir -p /usr/local/lua/bin /usr/local/lua/include /usr/local/lua/lib /usr/local/lua/man/man1 /usr/local/lua/share/lua/5.3 /usr/local/lua/lib/lua/5.3
cd src && install -p -m 0755 lua luac /usr/local/lua/bin
cd src && install -p -m 0644 lua.h luaconf.h lualib.h lauxlib.h lua.hpp /usr/local/lua/include
cd src && install -p -m 0644 liblua.a /usr/local/lua/lib
cd doc && install -p -m 0644 lua.1 luac.1 /usr/local/lua/man/man1
[root@node2 lua-5.3.5]# /usr/local/lua/bin/lua -v
Lua 5.3.5 Copyright (C) 1994-2018 Lua.org, PUC-Rio
3› 编译安装haproxy
[root@node2 ~]# tar -xzf haproxy-2.1.0.tar.gz -C /usr/local/src/
[root@node2 ~]# cd /usr/local/src/haproxy-2.1.0/
[root@node2 haproxy-2.1.0]# make USE_NS=1 USE_TFO=1 USE_OPENSSL=1 USE_ZLIB=1 USE_LUA=1 USE_PCRE=1 USE_SYSTEMD=1 USE_LIBCRYPT=1 USE_THREAD=1 TARGET=linux-glibc LUA_INC=/usr/local/lua/include LUA_LIB=/usr/local/lua/lib
[root@node2 haproxy-2.1.0]# make install PREFIX=/usr/local/haproxy
USE_SYSTEMD=1为支持使用 -Ws参数(systemd-aware master-worker 模式)启动Haproxy,从而实现单主进程多子进程运行模式
3、配置HAProxy
1› 创建用户和组
[root@node2 haproxy-2.1.0]# groupadd -r -g 188 haproxy
[root@node2 haproxy-2.1.0]# useradd -r -u 188 -g 188 -d /usr/local/haproxy -c haproxy -s /sbin/nologin haproxy
2› 配置服务启动脚本
[root@node2 haproxy-2.1.0]# vim /usr/lib/systemd/system/haproxy.service
[root@node2 ~]# cat /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed
[Install]
WantedBy=multi-user.target
3› 编辑配置文件
[root@node2 haproxy-2.1.0]# mkdir /etc/haproxy
[root@node2 haproxy-2.1.0]# vim /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /usr/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /usr/local/haproxy/haproxy.sock
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind *:5000
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
server app1 127.0.0.1:5001 check
server app2 127.0.0.1:5002 check
server app3 127.0.0.1:5003 check
server app4 127.0.0.1:5004 check
4› 测试脚本
systemctl daemon-reload
systemctl enable --now haproxy
systemctl is-active haproxy
active
systemctl is-enabled haproxy
enabled
3.配置haproxy实现L4负载均衡
准备环境:
方法一:使用前端和后端的方法
步骤:1.haproxy负载编辑配置文件,设置默认前端,轮询算法,指定后端服务器;再编辑/etc/rsyslog.conf开启日志功能;之后开启rsyslog和haproxy服务
[root@node1 ~]# vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend web *:80
default_backend app
#--------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
server app1 192.168.131.108:80 check
server app2 192.168.131.109:80 check
[root@node1 ~]# vim /etc/rsyslog.conf
[root@node1 ~]# systemctl restart rsyslog
[root@node1 ~]# systemctl start haproxy
2.两台web服务器安装httpd,且编辑/var/www/html/index.html为测试内容,之后开启httpd服务。
[root@node2 ~]# cat /var/www/html/index.html
192.168.131.108 web
[root@node3 ~]# cat /var/www/html/index.html
192.168.131.109 web
3.测试haproxy负载均衡功能
[root@node2 html]# for ((i=1;i<=6;i++));do curl 192.168.131.107;done
192.168.131.108 web
192.168.131.109 web
192.168.131.108 web
192.168.131.109 web
192.168.131.108 web
192.168.131.109 web
方法二:使用listen方法
[root@node1 ~]# vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
listen app
bind *:80 balance roundrobin
server app1 192.168.131.108:80 check
server app2 192.168.131.109:80 check
[root@node1 ~]# systemctl restart haproxy
测试:
[root@node2 html]# for ((i=1;i<=6;i++));do curl 192.168.131.107;done
192.168.131.108 web
192.168.131.109 web
192.168.131.108 web
192.168.131.109 web
192.168.131.108 web
192.168.131.109 web
4.实现haproxy基于地址目录7层跳转
准备环境:
[root@pyy html]# mkdir -p /var/nginx/nginx
[root@pyy html]# echo "nginx123" > /var/nginx/nginx/index.html
[root@pyy html]# mkdir -p /var/php/php
[root@pyy html]# echo "php123" > /var/php/php/index.html
[root@pyy html]# mkdir -p /var/resin/resin
[root@pyy html]# echo "resin123" > /var/resin/resin/index.html
步骤:
1.在web服务器配置基于域名的虚拟主机
[root@node4 conf.d]# cat httpd-vhost.conf
<Directory "/var">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<VirtualHost *:80>
ServerName nginx.test.org
DocumentRoot "/var/nginx"
</VirtualHost>
<VirtualHost *:80>
ServerName php.test.org
DocumentRoot "/var/php"
</VirtualHost>
<VirtualHost *:80>
ServerName resin.test.org
DocumentRoot "/var/resin"
</VirtualHost>
[root@pyy conf.d]# systemctl restart httpd
2.haproxy负载器编写配置文件
[root@node1 haproxy]# cat /etc/haproxy/haproxy.cfg
frontend test
bind *:80
acl static path_beg /nginx/
acl php path_beg /php/
acl java path_beg /resin/
use_backend nginxpools if static
use_backend phppools if php
use_backend javapools if java
default_backend nginxpools
backend nginxpools
balance roundrobin
server nginx 192.168.131.109
backend phppools
balance roundrobin
server php 192.168.131.109
backend javapools
balance roundrobin
server java 192.168.131.109
[root@node1 haproxy]# systemctl restart haproxy
3.在node2编写/etc/hosts文件,编写域名所对应的地址(此时应是vip)
[root@node2 html]# cat /etc/host
192.168.131.107 nginx.test.org php.test.org resin.test.org
4.测试:
[root@node2 html]# curl http://nginx.test.org/nginx/
nginx123
[root@node2 html]# curl http://resin.test.org/resin/
resin123
[root@node2 html]# curl http://php.test.org/php/
php123
5.haproxy健康检查
4.1基于tcp端口的健康检查:haproxy只会检查后端server服务的对应端口。
4.1 配置一个健康检查
[root@node1 ~]# vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
listen app
bind *:80 balance roundrobin
server app1 192.168.131.108:80 check
server app2 192.168.131.109:80 check
listen stats *:88
mode http
stats uri /admin?stats
stats auth proxy:123456
balance roundrobin
option httpclose
option forwardfor
option httpchk
server web1 192.168.131.108:80 cookie web1 check port 80 inter 5000 fall 5
server web2 192.168.131.109:80 cookie web2 check port 80 inter 5000 fall 5
[root@node1 haproxy]# systemctl start haproxy
测试:在web界面输入192.168.131.107/admin?stats后会让你输入登录的用户名和密码(proxy:123456),之后会显示健康检查的结果
4.2基于http的直接IP URL方式的健康检查
6.haproxy的会话保持:添加balance source
[root@node1 ~]# vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
listen app
bind *:80 balance roundrobin
balance source
server app1 192.168.131.108:80 check
server app2 192.168.131.109:80 check
listen stats *:88
mode http
stats uri /admin?stats
stats auth proxy:123456
balance roundrobin
option httpclose
option forwardfor
option httpchk
server web1 192.168.131.108:80 cookie web1 check port 80 inter 5000 fall 5
server web2 192.168.131.109:80 cookie web2 check port 80 inter 5000 fall 5
[root@node1 haproxy]# systemctl start haproxy
测试:始终为一个会话
[root@node2 html]# for ((i=1;i<=6;i++));do curl 192.168.131.107;done
192.168.131.108 web
192.168.131.108 web
192.168.131.108 web
192.168.131.108 web
192.168.131.108 web
192.168.131.108 web