基于Centos7.9编译安装HAProxy

一、HAProxy介绍

HAProxy是一个开源的、高性能的、基于TCP（第四层）和HTTP（第七层）应用的负载均衡软件，借助HAProxy可以快速、可靠地提供基于TCP和HTTP应用地负载均衡解决方案。HAProxy作为一个专业地负载均衡软件。

二、HAProxy优点

1、可靠性和稳定性非常好，可以与硬件级的F5负载均衡设备相媲美。

2、最高可以同时维护40000~50000个·并发连接，单位时间内处理的最带请求数为：20000个，最大数据处理能力可达10Gbps，作为软件级别的负载均衡来说，HAProxy的性能强大可见一斑。

3、支持多于8中的负载均衡算法，同时也支持session保持。

4、支持虚拟主机功能，这样实现Web负载均衡更加灵活。

5、从HAProxy1.3版本后开始支持连接拒绝、全透明代理等功能，这些功能是其他负载均衡器所不具备的。

6、HAProxy拥有一个功能强大的服务器状态监控页面，通过此页面可以实时了解系统的运行状况。

7、HAProxy拥有功能强大的ACL支持，能给使用带来很大方便。

HAProxy是借助于操作系统的技术特性来实现性能最大化的，因此，在使用HAProxy时，对操作系统进行性能调优时是非常重要的。在业务方面HAProxy非常适用于并发量特别大且需要持久连接或四层和七层处理机制的Web系统，例如门户网站或者电商网站等。另外。HAproxy也可用于MySQL数据库（读操作）的负载均衡

 三、HAProxy支持功能

TCP 和 HTTP反向代理

支持动态程序的反向代理

支持基于数据库的反向代理

SSL/TSL服务器

可以针对HTTP请求添加cookie，进行路由后端服务器

可平衡负载至后端服务器，并支持持久连接

支持所有主服务器故障切换至备用服务器

支持专用端口实现监控服务

支持停止接受新连接请求，而不影响现有连接

可以在双向添加，修改或删除HTTP报文首部

响应报文压缩

支持基于pattern实现连接请求的访问控制

通过特定的URI为授权用户提供详细的状态信

 四、lua环境解决—Centos环境

HAProxy 支持基于 lua 实现功能扩展， lua 是一种小巧的脚本语言，于 1993 年由巴西里约热内卢天主教大 学（Pontifical Catholic University of Rio de Janeiro ）里的一个研究小组开发，其设计目的是为了嵌入 应用程序中，从而为应用程序提供灵活的扩展和定制功能。

当前系统版本
[root@shen ~]# lua -v
Lua 5.1.4  Copyright (C) 1994-2008 Lua.org, PUC-Rio

安装基础命令以及编译依赖环境
[root@shen ~]# yum install wget gcc readline-devel -y
[root@shen ~]# wget http://www.lua.org/ftp/lua-5.3.5.tar.gz
[root@shen ~]# tar xf lua-5.3.5.tar.gz -C /usr/local/src/
[root@shen src]# cd /usr/local/src/lua-5.3.5/
[root@shen lua-5.3.5]# make linux test

查看编译安装的版本
[root@shen lua-5.3.5]# src/lua -v
Lua 5.3.5  Copyright (C) 1994-2018 Lua.org, PUC-Rio

五、编译安装HAProxy

1、安装HAProxy

#HAProxy 1.8及1.9版本编译参数：
make ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/usr/local/haproxy
#HAProxy 2.0以上版本编译参数：本文使用的是社区版2.6.13
[root@shen ~]#  yum -y install gcc openssl-devel pcre-devel systemd-devel
[root@shen ~]# tar xf haproxy-2.6.13.tar.gz -C /usr/local/src/
[root@shen ~]# cd /usr/local/src/haproxy-2.6.13/
[root@shen haproxy-2.6.13]# cat README
[root@shen haproxy-2.6.13]# ll Makefile
-rw-rw-r--. 1 root root 49679 May  2 20:20 Makefile


参考INSTALL文件进行编译安装
[root@shen haproxy-2.6.13]# cat INSTALL
[root@shen haproxy-2.6.13]# make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_LUA=1 LUA_INC=/usr/local/src/lua-5.3.5/src/ LUA_LIB=/usr/local/src/lua-5.3.5/src/
[root@shen haproxy-2.6.13]# make install PREFIX=/apps/haproxy  
[root@shen haproxy-2.6.13]# ln -s /apps/haproxy/sbin/haproxy /usr/sbin/

查看生成文件
[root@shen haproxy-2.6.13]# tree /apps/haproxy/
/apps/haproxy/
├── doc
│   └── haproxy
│       ├── 51Degrees-device-detection.txt
│       ├── architecture.txt
│       ├── close-options.txt
│       ├── configuration.txt
│       ├── cookie-options.txt
│       ├── DeviceAtlas-device-detection.txt
│       ├── intro.txt
│       ├── linux-syn-cookies.txt
│       ├── lua.txt
│       ├── management.txt
│       ├── netscaler-client-ip-insertion-protocol.txt
│       ├── network-namespaces.txt
│       ├── peers.txt
│       ├── peers-v2.0.txt
│       ├── proxy-protocol.txt
│       ├── regression-testing.txt
│       ├── seamless_reload.txt
│       ├── SOCKS4.protocol.txt
│       ├── SPOE.txt
│       └── WURFL-device-detection.txt
├── sbin
│   └── haproxy
└── share
    └── man
        └── man1
            └── haproxy.1

6 directories, 22 files

2、验证HAProxy版本

验证HAProxy版本
[root@shen haproxy-2.6.13]# which haproxy
/usr/sbin/haproxy
[root@shen haproxy-2.6.13]# haproxy -v
HAProxy version 2.6.13-234aa6d 2023/05/02 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2027.
Known bugs: http://www.haproxy.org/bugs/bugs-2.6.13.html
Running on: Linux 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64

[root@shen haproxy-2.6.13]# haproxy -vv
HAProxy version 2.6.13-234aa6d 2023/05/02 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2027.
Known bugs: http://www.haproxy.org/bugs/bugs-2.6.13.html
Running on: Linux 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64
Build options :
  TARGET  = linux-glibc
  CPU     = generic
  CC      = cc
  CFLAGS  = -m64 -march=x86-64 -O2 -g -Wall -Wextra -Wundef -Wdeclaration-after-statement -Wfatal-errors -Wtype-limits -fwrapv -Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wno-string-plus-int -Wno-atomic-alignment
  OPTIONS = USE_PCRE=1 USE_OPENSSL=1 USE_LUA=1 USE_ZLIB=1 USE_SYSTEMD=1
  DEBUG   = -DDEBUG_STRICT -DDEBUG_MEMORY_POOLS

Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H -DEVICEATLAS +DL -ENGINE +EPOLL -EVPORTS +GETADDRINFO -KQUEUE +LIBCRYPT +LINUX_SPLICE +LINUX_TPROXY +LUA -MEMORY_PROFILING +NETFILTER +NS -OBSOLETE_LINKER +OPENSSL -OT +PCRE -PCRE2 -PCRE2_JIT -PCRE_JIT +POLL +PRCTL -PROCCTL -PROMEX -QUIC +RT -SLZ -STATIC_PCRE -STATIC_PCRE2 +SYSTEMD +TFO +THREAD +THREAD_DUMP +TPROXY -WURFL +ZLIB

Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_THREADS=64, default=2).
Built with OpenSSL version : OpenSSL 1.0.2k-fips  26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips  26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.5
Built with network namespace support.
Support for malloc_trim() is enabled.
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Encrypted password support via crypt(3): yes
Built with gcc compiler version 4.8.5 20150623 (Red Hat 4.8.5-44)

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
         h2 : mode=HTTP  side=FE|BE  mux=H2    flags=HTX|HOL_RISK|NO_UPG
       fcgi : mode=HTTP  side=BE     mux=FCGI  flags=HTX|HOL_RISK|NO_UPG
  <default> : mode=HTTP  side=FE|BE  mux=H1    flags=HTX
         h1 : mode=HTTP  side=FE|BE  mux=H1    flags=HTX|NO_UPG
  <default> : mode=TCP   side=FE|BE  mux=PASS  flags=
       none : mode=TCP   side=FE|BE  mux=PASS  flags=NO_UPG

Available services : none

Available filters :
	[CACHE] cache
	[COMP] compression
	[FCGI] fcgi-app
	[SPOE] spoe
	[TRACE] trace

3、HAProxy启动脚本

[root@shen ~]# vim /usr/lib/systemd/system/haproxy.service
[root@shen ~]# cat /usr/lib/systemd/system/haproxy.service 
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID

[Install]
WantedBy=multi-user.target

默认缺少配置文件，无法启动
[root@shen ~]# systemctl daemon-reload
[root@shen ~]# systemctl start haproxy
Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xe" for details.
[root@shen ~]# tail /var/log/messages 
Aug 31 09:55:24 shen dbus[665]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Aug 31 09:55:24 shen nm-dispatcher: req:1 'dhcp4-change' [ens33]: new request (2 scripts)
Aug 31 09:55:24 shen systemd: Started Network Manager Script Dispatcher Service.
Aug 31 09:55:24 shen nm-dispatcher: req:1 'dhcp4-change' [ens33]: start running ordered scripts...
Aug 31 09:55:37 shen systemd: Reloading.
Aug 31 09:55:46 shen systemd: Starting HAProxy Load Balancer...
Aug 31 09:55:46 shen systemd: haproxy.service: control process exited, code=exited status=1
Aug 31 09:55:46 shen systemd: Failed to start HAProxy Load Balancer.
Aug 31 09:55:46 shen systemd: Unit haproxy.service entered failed state.
Aug 31 09:55:46 shen systemd: haproxy.service failed.

4、配置文件

查看配置文件范例
[root@shen ~]# tree /usr/local/src/haproxy-2.6.13/examples/
/usr/local/src/haproxy-2.6.13/examples/
├── basic-config-edge.cfg
├── content-sw-sample.cfg
├── errorfiles
│   ├── 400.http
│   ├── 403.http
│   ├── 408.http
│   ├── 500.http
│   ├── 502.http
│   ├── 503.http
│   ├── 504.http
│   └── README
├── haproxy.init
├── option-http_proxy.cfg
├── quick-test.cfg
├── socks4.cfg
├── transparent_proxy.cfg
└── wurfl-example.cfg

1 directory, 16 file

创建自定义的配置文件
[root@shen ~]# mkdir /etc/haproxy
[root@shen ~]# vim /etc/haproxy/haproxy.cfg
[root@shen ~]# cat /etc/haproxy/haproxy.cfg 
global
	maxconn 100000
	chroot /apps/haproxy
	stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
	#uid 99
	#gid 99
	user haproxy
	group haproxy
	daemon
	#nbproc 4
	#cpu-map 1 0
	#cpu-map 2 1
	#cpu-map 3 2
	#cpu-map 4 3
	pidfile /var/lib/haproxy/haproxy.pid
	log 127.0.0.1 local2 info

defaults
	option http-keep-alive
	option forwardfor
	maxconn 100000
	mode http
	timeout connect 300000ms
	timeout client 300000ms
	timeout server 300000ms
	listen stats
	mode http
	bind 0.0.0.0:9999
	stats enable
	log global
	stats uri /haproxy-status
	stats auth haadmin:123456

listen web_port
	bind 192.168.226.150:80
	mode http
	log global
	server web1 127.0.0.1:8080 check inter 3000 fall 2 rise 5

5、启动HAProxy

[root@shen ~]# mkdir /var/lib/haproxy
[root@shen ~]# useradd -r -s /sbin/nologin -d /var/lib/haproxy haproxy
[root@shen ~]# systemctl enable --now haproxy
Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.

6、验证HAProxy状态

haproxy.cfg 文件中定义了 chroot 、 pidfile 、 user 、 group 等参数，如果系统没有相应的资源会导致 haproxy无法启动，具体参考日志文件 /var/log/messages

[root@shen ~]# systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
   Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2023-08-31 10:02:48 +08; 2min 12s ago
  Process: 2577 ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q (code=exited, status=0/SUCCESS)
 Main PID: 2580 (haproxy)
   CGroup: /system.slice/haproxy.service
           ├─2580 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
           └─2584 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid

Aug 31 10:02:48 shen.example.com systemd[1]: Starting HAProxy Load Balancer...
Aug 31 10:02:48 shen.example.com systemd[1]: Started HAProxy Load Balancer.
Aug 31 10:02:48 shen.example.com haproxy[2580]: [NOTICE]   (2580) : haproxy version is 2.6.13-234aa6d
Aug 31 10:02:48 shen.example.com haproxy[2580]: [NOTICE]   (2580) : path to executable is /usr/sbin/...oxy
Aug 31 10:02:48 shen.example.com haproxy[2580]: [ALERT]    (2580) : config : parsing [/etc/haproxy/h...ng.
Aug 31 10:02:48 shen.example.com haproxy[2580]: [NOTICE]   (2580) : New worker (2584) forked
Aug 31 10:02:48 shen.example.com haproxy[2580]: [NOTICE]   (2580) : Loading success.
Aug 31 10:02:48 shen.example.com haproxy[2580]: [WARNING]  (2584) : Server web_port/web1 is DOWN, re...ue.
Aug 31 10:02:48 shen.example.com haproxy[2580]: [ALERT]    (2584) : proxy 'web_port' has no server a...le!
Hint: Some lines were ellipsized, use -l to show in full.

7、查看HAProoxy的状态页面

浏览器访问： http://192.168.226.150:9999/haproxy-status

如果无法访问，注意防火墙是否关闭