haproxy配置

配置环境：
server1：调度器1（172.25.254.1）
server2：real server1（172.25.254.2）
server3：real server2（172.25.254.3）

一、haproxy负载均衡

1、haproxy安装

haproxy可以使用源码安装，rpm直接安装和rpmbuild安装三种方式，本次采用rpmbuild安装
1、在官网下载haproxy安装包，并解压

[root@server1 ~]# ls
haproxy-1.6.11  haproxy-1.6.11.tar.gz

2、安装rpm-build
[root@server1 ~]# yum install rpm-build -y
3、执行命令生成rpmbuild目录
[root@server1 ~]# rpmbuild -bb haproxy-1.6.11
4、进入到解压的haproxy目录下

[root@server1 haproxy-1.6.11]# cd examples/
[root@server1 examples]# ls
acl-content-sw.cfg     debug2html    init.haproxy
auth.cfg               debugfind     option-http_proxy.cfg
check                  errorfiles    seamless_reload.txt
check.conf             haproxy.init  ssl.cfg
content-sw-sample.cfg  haproxy.spec  stats_haproxy.sh
debug2ansi             haproxy.vim   transparent_proxy.cfg
[root@server1 examples]# rpmbuild -bb haproxy.spec    ##rpmbuild来生成rpm包
error: Failed build dependencies:
    pcre-devel is needed by haproxy-1.6.11-1.x86_64  ##报错缺少pcre-devel包
[root@server1 examples]# yum install pcre-devel  ##安装
[root@server1 examples]# rpmbuild -bb haproxy.spec  继续执行

遇到此报错意思是缺少gcc，安装即可

[root@server1 examples]# rpmbuild -bb haproxy.spec继续

[root@server1 examples]# cd /root/rpmbuild/RPMS/x86_64/   ##成功后会生成x86_64目录下 会有haproxy的rpm包，rpm-ivh安装即可
[root@server1 x86_64]# ls
haproxy-1.6.11-1.x86_64.rpm
[root@server1 x86_64]# rpm -ivh haproxy-1.6.11-1.x86_64.rpm 
Preparing...                ########################################### [100%]
   1:haproxy                ########################################### [100%]

2、负载均衡配置

1、修改配置文件

/root/haproxy-1.6.11/examples
[root@server1 examples]# ls
acl-content-sw.cfg     debug2html    init.haproxy
auth.cfg               debugfind     option-http_proxy.cfg
check                  errorfiles    seamless_reload.txt
check.conf             haproxy.init  ssl.cfg
content-sw-sample.cfg  haproxy.spec  stats_haproxy.sh
debug2ansi             haproxy.vim   transparent_proxy.cfg
[root@server1 examples]# cp content-sw-sample.cfg /etc/haproxy/haproxy.cfg
[root@server1 examples]# cd /etc/ha
-bash: cd: /etc/ha: No such file or directory
[root@server1 examples]# cd /etc/haproxy/
[root@server1 haproxy]# pwd
/etc/haproxy
[root@server1 haproxy]# vim haproxy.cfg 

10 global
11 maxconn 65535 ##最大连接数
12 stats socket /var/run/haproxy.stat mode 600 level admin
13 log 127.0.0.1 local0 ##日志
14 uid 200 ##指定uid
15 gid 200 ##指定gid
16 chroot /var/empty
17 daemon
18
19 defaults ##默认变量
20 mode http ##http服务
21 log global ##日志格式
22 option httplog
23 option dontlognull
24 monitor-uri /monitoruri ##调度器健康检查页面
25 maxconn 8000 ##默认最大连接
26 timeout client 30s ##客户端中断时间
27 stats uri /admin/stats ##后端健康检查页面
28 option redispatch
29 timeout connect 5s ##连接断开
30 timeout server 30s ##服务断开
31 retries 2 ##再次连接
32 # The public 'www' address in the DMZ
33 frontend public
34 bind *:80
35 #bind 192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
36 #use_backend static if { hdr_beg(host) -i img }
37 #use_backend static if { path_beg /img /css }
38 default_backend dynamic
39
40
41 # the application servers go here
42 backend dynamic
43 balance roundrobin
44 server web1 172.25.254.2:80 check inter 1000
45 server web2 172.25.254.3:80 check inter 1000
2、修改限制文件
[root@server1 haproxy]# vim /etc/security/limits.conf

3、建立配置文件中指定的user和group
[root@server1 haproxy]# groupadd -g 200 haproxy
[root@server1 haproxy]# useradd -u 200 -g 200 -M -s /sbin/nologin haproxy
4、后端服务器开启httpd服务


5、调度器开启haproxy服务
[root@server1 haproxy]# /etc/init.d/haproxy start
Starting haproxy: [ OK ]
6、物理机测试：

[root@foundation77 ~]# for i in {1..20};do curl 172.25.254.1;done
<h1>server2</h1>
<h1>server3</h1>
<h1>server2</h1>
<h1>server3</h1>
<h1>server2</h1>
<h1>server3</h1>
<h1>server2</h1>
<h1>server3</h1>
<h1>server2</h1>
<h1>server3</h1>
<h1>server2</h1>
<h1>server3</h1>
<h1>server2</h1>
<h1>server3</h1>
<h1>server2</h1>
<h1>server3</h1>
<h1>server2</h1>
<h1>server3</h1>
<h1>server2</h1>
<h1>server3</h1>
负载均衡效果完成

调度器检测页面

后端检测页面

3、haproxy日志设置

[root@server1 ~]# vim /etc/rsyslog.conf

 13 $ModLoad imudp
 14 $UDPServerRun 514
42 *.info;mail.none;authpriv.none;cron.none;local0.none                /var/log    /messages
 62 local0.*                                                /var/log/haproxy.log

4、开启用户认证

[root@server1 ~]# vim /etc/haproxy/haproxy.cfg

 32         stats auth      admin:linux

[root@server1 ~]# /etc/init.d/haproxy reload

5、haproxy黑名单,网络限制

1、黑名单

 34 frontend public
 35         bind            *:80
 36         acl     denylist src 172.25.254.77    ##设置denylist来自77
 37         #acl    spaclelist src 172.25.254.177
 38         http-request deny if denylist       ##当denylist的访问时加入黑名单
 39         #errorloc 403 http://baidu.com     ##如碰到403报错，将访问转到百度

2、网络限制

 34 frontend public
 35         bind            *:80
 36         acl     denylist src 172.25.254.77
 37         acl     spaclelist src 172.25.254.177
 38         #http-request deny if denylist
 39         #errorloc 403 http://www.baidu.com
 40         redirect location http://taobao.com if denylist   ##来自denylist的访问全部转到淘宝
 41         redirect location http://jd.com if spaclelist   来自spaclelist的访问全部转到京东
 42         #bind            192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
 43         #use_backend     static if { hdr_beg(host) -i img }
 44         #use_backend     static if { path_beg /img /css   }
 45         default_backend dynamic

6、haproxy实现动静分离

server2安装php服务，并在http默认发布录下建php文件

server1修改配置文件

 34 frontend public
 35         bind            *:80
 36         #acl    denylist src 172.25.254.77
 37         #acl    spaclelist src 172.25.254.177
 38         #http-request deny if denylist
 39         #errorloc 403 http://www.baidu.com
 40         #redirect location http://taobao.com if denylist
 41         #redirect location http://jd.com if spaclelist 
 42         #bind            192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
 43         use_backend     static if { hdr_beg(host) -i img }
 44         use_backend     static if { path_beg /img /css   }
 45         use_backend     static if { path_end -i .php }    ##当访问以.php结尾的网页时。访问static域
 46         default_backend dynamic
 47 
 48 
 49 # the application servers go here
 50 backend dynamic
 51         balance         roundrobin
 52         #server          web1 172.25.254.2:80 check inter 1000
 53         server          web2 172.25.254.3:80 check inter 1000
 54 backend static
 55         balance         roundrobin
 56         server          web1 172.25.254.2:80 check inter 1000

重启服务访问

7、hproxy实现读写分离

将读的请求交给server2处理
将写的请求交给server3处理

 34 frontend public
 35         bind            *:80
 36         acl write method POST
 37         acl write method PUT
 38         acl read method  GET
 39         acl read method HEAD
 40         use_backend     dynamic if write
 41         use_backend     static  if read
 42         #acl    denylist src 172.25.254.77
 43         #acl    spaclelist src 172.25.254.177
 44         #http-request deny if denylist
 45         #errorloc 403 http://www.baidu.com
 46         #redirect location http://taobao.com if denylist
 47         #redirect location http://jd.com if spaclelist 
 48         #bind            192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
 49         #use_backend     static if { hdr_beg(host) -i img }
 50         #use_backend     static if { path_beg /img /css   }
 51         #use_backend    static if { path_end -i .php }
 52         default_backend static
 53 
 54 
 55 # the application servers go here
 56 backend dynamic
 57         balance         roundrobin
 58         #server          web1 172.25.254.2:80 check inter 1000
 59         server          web2 172.25.254.3:80 check inter 1000
 60 backend static
 61         balance         roundrobin
 62         server          web1 172.25.254.2:80 check inter 1000

8、备用

 56 backend dynamic
 57         balance         roundrobin
 58         server          web1 172.25.254.2:80 check inter 1000
 59         server          web2 172.25.254.3:80 check inter 1000
 60         server          web3 172.25.254.1:8080 backup