一、HAProxy简介
- HAProxy 是一款提供高可用性、负载均衡以及基于TCP(第四层)和HTTP(第七层)应用的代理软件,支持虚拟主机,它是免费、快速并且可靠的一种解决方案。 HAProxy特别适用于那些负载特大的web站点,这些站点通常又需要会话保持或七层处理。HAProxy运行在时下的硬件上,完全可以支持数以万计的 并发连接。并且它的运行模式使得它可以很简单安全的整合进您当前的架构中, 同时可以保护你的web服务器不被暴露到网络上
二、 实验环境
- haproxy服务器 :server1: 172.25.2.1/24
- 后端服务器:
- server:3: 172.25.2.3/24
- server4 : 172.25.2.4/24
- 物理主机:172.25.2.250/24
此次实验安装包地址链接: https://pan.baidu.com/s/1NilIuNn1-W28M7WcBW4IJQ 密码: yw8e
三、实验、
1.配置haproxy设置负载均衡
1.1安装haproxy
Server1:
[root@server1 ~]# ls
haproxy-1.6.11.tar.gz
[root@server1 ~]# yum install rpm-bulid -y //安装rpm编译软件
[root@server1 ~]# rpmbuild -tb haproxy-1.6.11.tar.gz //编译安装包
error: Failed build dependencies:
pcre-devel is needed by haproxy-1.6.11-1.x86_64
[root@server1 ~]# yum install pcre-devel -y //解决依赖性
[root@server1 ~]# rpmbuild -tb haproxy-1.6.11.tar.gz
//编译,如果还不能成功查看以下有没有安装gcc包。
[root@server1 ~]# cd rpmbuild/
[root@server1 rpmbuild]# ls
BUILD BUILDROOT RPMS SOURCES SPECS SRPMS
[root@server1 rpmbuild]# cd RPMS/
[root@server1 RPMS]# ls
x86_64
[root@server1 RPMS]# cd x86_64/
[root@server1 x86_64]# ls
haproxy-1.6.11-1.x86_64.rpm //安装包
[root@server1 x86_64]# rpm -qpl haproxy-1.6.11-1.x86_64.rpm //查看安装文件
/etc/haproxy
/etc/rc.d/init.d/haproxy
/usr/sbin/haproxy
/usr/share/doc/haproxy-1.6.11
/usr/share/doc/haproxy-1.6.11/CHANGELOG
/usr/share/doc/haproxy-1.6.11/README
/usr/share/doc/haproxy-1.6.11/architecture.txt
/usr/share/doc/haproxy-1.6.11/configuration.txt
/usr/share/doc/haproxy-1.6.11/intro.txt
/usr/share/doc/haproxy-1.6.11/management.txt
/usr/share/doc/haproxy-1.6.11/proxy-protocol.txt
/usr/share/man/man1/haproxy.1.gz
[root@server1 x86_64]# rpm -ivh haproxy-1.6.11-1.x86_64.rpm //安装
Preparing... ########################################### [100%]
1:haproxy ########################################### [100%]
[root@server1 x86_64]# cd1.2.配置haproxy,设置负载均衡
[root@server1 ~]# tar zxf haproxy-1.6.11.tar.gz //解压压缩包
[root@server1 ~]# ls
haproxy-1.6.11 haproxy-1.6.11.tar.gz rpmbuild
[root@server1 ~]# cd haproxy-1.6.11
[root@server1 haproxy-1.6.11]# find -name *.spec
./examples/haproxy.spec
[root@server1 haproxy-1.6.11]# cd examples/
[root@server1 examples]# ls
acl-content-sw.cfg debug2ansi haproxy.spec ssl.cfg
auth.cfg debug2html haproxy.vim stats_haproxy.sh
check debugfind init.haproxy transparent_proxy.cfg
check.conf errorfiles option-http_proxy.cfg
content-sw-sample.cfg haproxy.init seamless_reload.txt
[root@server1 examples]# cp content-sw-sample.cfg /etc/haproxy/haproxy.cfg
//拷贝配置文件
[root@server1 haproxy]# vim /etc/init.d/haproxy 
//因为启动脚本访问文件为etc/haproxy/haproxy.cfg,所以我们起名要一致。
[root@server1 haproxy]# vim haproxy.cfg 
root@server1 haproxy]# groupadd -g 200 haproxy /为haproxy创建指定用户
[root@server1 haproxy]# useradd -u 200 -g -M 200 haproxy
[root@server1 haproxy]# id haproxy
uid=200(haproxy) gid=200(haproxy) groups=200(haproxy)
[root@server1 haproxy]# vim /etc/security/limits.conf //修改系统限定文件
[root@server1 haproxy]# vim haproxy.cfg 
【配置文件】
global
maxconn 10000 //最大连接数
stats socket /var/run/haproxy.stat mode 600 level admin
log 127.0.0.1 local0 //日志
uid 200 //默认用户uid
gid 200 //默认用户gid
chroot /var/empty //安全设置,根目录切换,锁在/var/empty下
daemon
defaults
mode http
log global
option httplog
option dontlognull
monitor-uri /monitoruri
maxconn 8000 //最大连接数,这个会覆盖前面的10000
timeout client 30s
stats uri /admin/stats
option prefer-last-server
retries 2
option redispatch
timeout connect 5s
timeout server 5s
# The public 'www' address in the DMZ
frontend public //前端访问配置
bind *:80 name clear //允许访问本机所有的ip
#bind 192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
#use_backend static if { hdr_beg(host) -i img }
#use_backend static if { path_beg /img /css }
default_backend static //默认访问static
# The static backend backend for 'Host: img', /img and /css.
backend static
balance roundrobin //轮叫算法
server statsrv1 172.25.2.3:80 check inter 1000
//realserver1,默认1000毫秒检查一次
server statsrv2 172.25.2.4:80 check inter 1000
//realserver2
[root@server1 haproxy]# /etc/init.d/haproxy start //开启服务
Starting haproxy: [ OK ]
8种算法:
1.balance roundrobin // 轮询,软负载均衡基本都具备这种算法 2.balance static-rr //根据权重,建议使用 3.balance leastconn // 最少连接者先处理,建议使用 4.balance source //根据请求源IP,建议使用 5.balance uri //根据请求的URI 6.balance url_param // 根据请求的URl参数'balance url_param' requires an URL parameter name 7.balance hdr(name) // 根据HTTP请求头来锁定每一次HTTP请求 8.balance rdp-cookie(name) //根据据cookie(name)来锁定并哈希每一次TCP请求
1.3后端启动服务:
[root@server3 ~]# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server fully qualified domain name, using 172.25.2.3 for ServerName
[ OK ]
[root@server4 ~]# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server fully qualified domain name, using 172.25.2.3 for ServerName
[ OK ]
1.4测试:
//此页面表示haproxy服务器完好
//监控页面,不同颜色代表不同状态
2.设置采集日志目录:
[root@server1 log]# vim /etc/rsyslog.conf //配置采集规则文件
[root@server1 ~]# /etc/init.d/rsyslog restart //重启服务
Shutting down system logger: [ OK ]
Starting system logger:
[ OK ]此时浏览器进行访问
[root@server1 log]# cat haproxy.log //查看日志
Aug 4 10:57:24 localhost haproxy[2010]: 172.25.2.250:33890 [04/Aug/2018:10:57:24.522] public static/statsrv1 0/0/0/1/1 200 274 - - ---- 1/1/0/0/0 0/0 "GET / HTTP/1.1"
Aug 4 10:57:24 localhost haproxy[2010]: 172.25.2.250:33890 [04/Aug/2018:10:57:24.523] public static/statsrv2 300/0/0/1/301 200 274 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"
Aug 4 10:57:24 localhost haproxy[2010]: 172.25.2.250:33890 [04/Aug/2018:10:57:24.825] public static/statsrv1 173/0/0/1/174 200 274 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"
Aug 4 10:57:25 localhost haproxy[2010]: 172.25.2.250:33890 [04/Aug/2018:10:57:24.999] public static/statsrv2 264/0/0/1/265 200 274 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"3.后端服务器动静分离:
[root@server1 ~]# vim /etc/haproxy/haproxy.cfg
frontend public
bind *:80 name clear
#bind 192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
#use_backend static if { hdr_beg(host) -i img }
acl blacklist src 172.25.2.250
http-request deny if blacklist
use_backend static2 if { path_end -i .php } //动态访问跳到static2
default_backend static1 //默认访问static1
# The static backend backend for 'Host: img', /img and /css.
backend static1
balance roundrobin
server statsrv1 172.25.2.3:80 check inter 1000
backend static2
balance roundrobin
server statsrv2 172.25.2.4:80 check inter 1000
[root@server1 ~]# /etc/init.d/haproxy reload //刷新策略
Server4配置动态网页
[root@server4 html]# yum install php -y //安装php
[root@server4 html]# /etc/init.d/httpd restart //重启apache,一定要重启
Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.2.4 for ServerName
[root@server4 ~]# cd /var/www/html/
[ OK ]
[root@server4 html]# vim index.php //设置发布网页
静态访问:
动态访问:
4.访问控制设置
[root@server1 ~]# vim /etc/haproxy/haproxy.cfg
frontend public
bind *:80 name clear
#bind 192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
#use_backend static if { hdr_beg(host) -i img }
acl blacklist src 172.25.2.250 //访问控制
http-request deny if blacklist //对172.25.2.250的访问禁止
use_backend static2 if { path_end -i .php }
default_backend static1
[root@server1 ~]# /etc/init.d/haproxy reload
5.报错访问重定向
[root@server1 ~]# vim /etc/haproxy/haproxy.cfg
frontend public
bind *:80 name clear
#bind 192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
#use_backend static if { hdr_beg(host) -i img }
acl blacklist src 172.25.2.250
http-request deny if blacklist
errorloc 403 http://172.25.2.1:8080
//当403报错时重定向到172.25.2.1:8080上
use_backend static2 if { path_end -i .php }
[root@server1 ~]# /etc/init.d/haproxy reload //刷新策略[root@server1 ~]# vim /etc/httpd/conf/httpd.conf //启用8080端口
[root@server1 ~]# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.2.1 for ServerName
[ OK ]
[root@server1 ~]# vim /var/www/html/index.html //设置发布页面
访问:
6.直接访问重定向
[root@server1 ~]# vim /etc/haproxy/haproxy.cfg
frontend public
bind *:80 name clear
#bind 192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
#use_backend static if { hdr_beg(host) -i img }
acl blacklist src 172.25.2.250
#http-request deny if blacklist
#errorloc 403 http://172.25.2.1:8080
redirect location http:172.25.2.3:80 //重定向到server4的80端口
use_backend static2 if { path_end -i .php }
default_backend static1
[root@server1 ~]# /etc/init.d/haproxy reload //刷新策略
访问:
物理机:
[kiosk@foundation2 ~]$ curl -I 172.25.2.1 //查看响应信息
HTTP/1.1 302 Found
Cache-Control: no-cache
Content-length: 0
Location: http://172.25.2.4:80 //访问被重定向到server4
Connection: close
7.读写分离
后端配置动态上传网页(前面的百度云链接有写好的):
[root@server3 ~]# yum install php -y //安装php
[root@server3 ~]# cd /var/www/html/
[root@server3 html]# ls
index.html upload
[root@server3 html]# cd upload/
[root@server3 upload]# ls
index.php upload_file.php
[root@server3 upload]# mv * ..
[root@server3 upload]# cd ..
[root@server3 html]# ls
index.html index.php upload upload_file.php
[root@server3 html]# chmod 777 upload //加读写权限
[root@server3 html]# vim upload_file.php //修改上传图片限定大小
在server4上做相同步骤
设置配置文件
[root@server1 ~]# vim /etc/haproxy/haproxy.cfg
frontend public
bind *:80 name clear
#bind 192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
#use_backend static if { hdr_beg(host) -i img }
acl blacklist src 172.25.2.250
acl write method POST //写控制
acl write method PUT
#http-request deny if blacklist
#errorloc 403 http://172.25.2.1:8080
#redirect location http://172.25.2.4:80
use_backend static2 if { path_end -i .php }
use_backend static2 if write //如果执行写操作则调转到server4
default_backend static1
# The static backend backend for 'Host: img', /img and /css.
backend static1
balance roundrobin
server statsrv1 172.25.2.3:80 check inter 1000
backend static2
balance roundrobin
server statsrv2 172.25.2.4:80 check inter 1000
[root@server1 ~]# /etc/init.d/haproxy reload //刷新策略
上传图片
[root@server3 html]# cd upload
[root@server3 upload]# ls //图片未上传到server3
[root@server4 html]# cd upload
[root@server4 upload]# ls
index.php redhat.jpg //图片上传到server4
