HAProxy:提供高可用性、负载均衡以及基于TCP和HTTP应用的代理,支持虚拟主机,它是免费、快速并且可靠的一种解决方案。HAProxy特别适用于那些负载特大的web站点,这些站点通常又需要会话保持或七层处理。HAProxy运行在当前的硬件上,完全可以支持数以万计的并发连接。并且它的运行模式使得它可以很简单安全的整合进您当前的架构中,同时可以保护你的web服务器不被暴露到网络上.
haproxy 配置中分成五部分内容,分别如下:
1、global:参数是进程级的,通常是和操作系统相关。这些参数一般只设置一次,如果配置无误,就不需要再次进行修改
2、defaults:配置默认参数,这些参数可以被用到frontend,backend,Listen组件
3、frontend:接收请求的前端虚拟节点,Frontend可以更加规则直接指定具体使用后端的backend
4、backend:后端服务集群的配置,是真实服务器,一个Backend对应一个或者多个实体服务器
5、Listen Fronted和backend的组合体
使用rhel7.3系统自带的1.4版本的haproxy:
实验环境:server2充当调度器 server3 server4充当后端服务器
1:配置yum源
[rhel6.5]
name=rhel6.5
gpgcheck=0
enabled=1
baseurl=http://172.25.60.250/rhel6.5
[HighAvailability]
name=HighAvailability
baseurl=http://172.25.60.250/rhel6.5/HighAvailability
gpgcheck=0
[LoadBalancer]
name=LoadBalancer
baseurl=http://172.25.60.250/rhel6.5/LoadBalancer
gpgcheck=0
[ResilientStorage]
name=ResilientStorage
baseurl=http://172.25.60.250/rhel6.5/ResilientStorage
gpgcheck=0
[ScalableFileSystem]
name=ScalableFileSystem
baseurl=http://172.25.60.250/rhel6.5/ScalableFileSystem
gpgcheck=02:安装haproxy
[root@server2 ~]# yum install haproxy -y3:编辑配置文件:
[root@server2 ~]# cd /etc/haproxy/
[root@server2 haproxy]# vim haproxy.cfg
global:
maxconn 20000
#设定HAProxy进程可接受的最大并发数
ulimit-n 41000
#linux命令行选项,等同于上参数
log 127.0.0.1 local0
#全局的日志中配置,local0 是日志设备 info(err,warnig,minfo,debug)为日志级别,使用rsyslog
uid 200
gid 200
#用户和组 ,可以用uid,gid代替
chroot /var/empty
nbproc 1
#HAProxy启动时可创建的进程数,配合daemon参数使用,默认只启动一个进程,该值应小于cpu核数。
daemon
#进程后台运行,(推荐模式)
defaults
mode http
#实例的默认运行模式
retries 3
#连接后端服务器的失败重试次数
timeout connect 10s
#连接服务器的最长等待时间,默认单位为毫秒,可使用其它时间单位
timeout client 20s
#连接客户端发送数据时最长等待时间,默认单位为毫秒,可使用其它时间单位
timeout server 30s
#服务器回应给客户端数据发送的最长等待时间,默认单位为毫秒,可使用其它时间单位
timeout check 5s
#对后端服务器的检查超时时间,默认单位为毫秒,可使用其它时间单位
listen www.westos.com *:80
balance roundrobin #负载均衡算法
server web1 172.25.60.3:80 cookie applinst1 check inter 2000 rise 2 fall 5
server web2 172.25.60.4:80 cookie applinst2 check inter 2000 rise 2 fall 5
#cookie app1inst1:表示 serverid 为 app1inst1
#check inter 2000 :检测心跳频率
#rise 2:表示 2 次正确认为服务器可用
#fall 5:表示 5 次失败认为服务器不可用
其余的可以删除4:生成目录:(可以是已经存在的目录,也可以是不存在的目录)
[root@server2 haproxy]# mkdir /var/empty5:开启服务:
[root@server2 haproxy]# /etc/init.d/haproxy start
Starting haproxy: [ OK ]6:检测:
server3 和 server4安装httpd服务并开启
[root@server3 ~]# yum install httpd -y
[root@server3 ~]# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.60.3 for ServerName
[ OK ]
[root@server4 ~]# yum install httpd -y
[root@server4 ~]# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.60.4 for ServerName
[ OK ]7:给apache默认发布目录分别导入server3 和server4
[root@server3 ~]# echo server3 > /var/www/html/index.html
[root@server4 ~]# echo server3 > /var/www/html/index.html8:真机浏览器进行检测:
(1):输入ip
(2):输入域名
访问的主机进行域名解析
[root@foundation60 ~]# vim /etc/hosts (真机)
172.25.60.2 www.westos.com
浏览器访问www.westos.com测试负载均衡
利用新版本的haproxy实现负载均衡:
1:haproxy负载均衡安装及其配置:
[root@server1 ~]# ls
haproxy-1.6.11.tar.gz
[root@server1 ~]# yum install rpm-build gcc pcre-devel
[root@server1 ~]# rpmbuild -tb haproxy-1.6.11.tar.gz
[root@server1 ~]# cd rpmbuild/
[root@server1 rpmbuild]# cd RPMS/
[root@server1 RPMS]# cd x86_64/
[root@server1 x86_64]# ls
haproxy-1.6.11-1.x86_64.rpm
[root@server1 x86_64]# rpm -ivh haproxy-1.6.11-1.x86_64.rpm
Preparing... ########################################### [100%]
1:haproxy ########################################### [100%]
[root@server1 ~]# tar zxf haproxy-1.6.11.tar.gz
[root@server1 ~]# cd haproxy-1.6.11
[root@server1 haproxy-1.6.11]# cd examples/
[root@server1 examples]# cp content-sw-sample.cfg /etc/haproxy/haproxy.cfg
[root@server1 examples]# cd
[root@server1 ~]# rm -fr haproxy-1.6.11
[root@server1 ~]# cd /etc/haproxy/
##设置haproxy用户和haproxy用户组
[root@server1 haproxy]# groupadd -g 200 haproxy
[root@server1 haproxy]# useradd -u 200 -g 200 haproxy
[root@server1 haproxy]# id haproxy
uid=200(haproxy) gid=200(haproxy) groups=200(haproxy)
##设置最大连接数,最大连接数与系统最大文件数有关
[root@server1 haproxy]# vim /etc/security/limits.conf
haproxy - nofile 65535
[root@server1 haproxy]# sysctl -a | grep file
fs.file-nr = 416 0 98864
fs.file-max = 98864
##编辑配置文件
[root@server1 haproxy]# vim haproxy.cfg
#
# This is a sample configuration. It illustrates how to separate static objects
# traffic from dynamic traffic, and how to dynamically regulate the server load.
#
# It listens on 192.168.1.10:80, and directs all requests for Host 'img' or
# URIs starting with /img or /css to a dedicated group of servers. URIs
# starting with /admin/stats deliver the stats page.
#
global
maxconn 10000
stats socket /var/run/haproxy.stat mode 600 level admin
log 127.0.0.1 local0
uid 200
gid 200
chroot /var/empty
daemon
defaults
mode http
log global
option httplog
option dontlognull
monitor-uri /monitoruri
maxconn 8000
timeout client 30s
option prefer-last-server
retries 2
option redispatch
timeout connect 5s
timeout server 5s
stats uri /admin/stats
# The public 'www' address in the DMZ
frontend public
bind *:80 name clear
#bind 192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
#use_backend static if { hdr_beg(host) -i img }
#use_backend static if { path_beg /img /css }
default_backend static
# The static backend backend for 'Host: img', /img and /css.
backend static
balance roundrobin
server web1 172.25.60.2:80 check inter 1000
server web2 172.25.60.3:80 check inter 1000
# the application servers go here
#backend dynamic
# mode http
# balance roundrobin
# retries 2
# option redispatch
# timeout connect 5s
# timeout server 30s
# timeout queue 30s
[root@server1 haproxy]# /etc/init.d/haproxy start
[root@server1 haproxy]# netstat -antlp
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 7895/haproxy
[root@server1 haproxy]# /etc/init.d/haproxy restart
Shutting down haproxy: [ OK ]
Starting haproxy: [ OK ]
server2上:
[root@server2 ~]# /etc/init.d/httpd start
[root@server2 ~]# echo server2 > /var/www/html/index.html
server3上:
[root@server3 ~]# /etc/init.d/httpd start
[root@server3 ~]# echo server3 > /var/www/html/index.html
浏览器访问
http://172.25.60.1/admin/stats
管理界面
http://172.25.60.1/
实现负载均衡
http://172.25.60.1/monitoruri
200 OK
Service ready.
haproxy日志:
[root@server1 haproxy]# vim /etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
*.info;mail.none;authpriv.none;cron.none;local0.none /var/log/messages
# Save boot messages also to boot.log
local7.* /var/log/boot.log
local0.* /var/log/haproxy.log
[root@server1 log]# /etc/init.d/rsyslog restart
[root@server1 haproxy]# cd /var/log/
[root@server1 log]# ll haproxy.log
-rw------- 1 root root 0 May 15 23:55 haproxy.log
浏览器访问172.25.60.1产生日志
[root@server1 log]# cat haproxy.log
May 16 00:00:57 localhost haproxy[1493]: 172.25.60.250:45504 [16/May/2018:00:00:57.698] public static/web2 0/0/0/0/0 200 274 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"
May 16 00:00:59 localhost haproxy[1493]: 172.25.60.250:45504 [16/May/2018:00:00:57.699] public static/web1 1557/0/0/0/1557 200 274 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"
May 16 00:01:01 localhost haproxy[1493]: 172.25.60.250:45504 [16/May/2018:00:00:59.256] public static/web2 2038/0/0/0/2038 200 274 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"
May 16 00:01:02 localhost haproxy[1493]: 172.25.60.250:45504 [16/May/2018:00:01:01.294] public static/web1 904/0/1/0/905 200 274 - - ---- 1/1/0/0/0 0/0 "GET / HTTP/1.1"
May 16 00:01:02 localhost haproxy[1493]: 172.25.60.250:45504 [16/May/2018:00:01:02.199] public static/web2 705/0/1/0/706 200 274 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"
2:haproxy权限设置
访问控制
[root@server1 ~]# vim /etc/haproxy/haproxy.cfg
acl blacklist src 172.25.60.250 ##黑名单
http-request deny if blacklist
default_backend static
[root@server1 ~]# /etc/init.d/haproxy reload
172.25.60.250这台主机再次访问172.25.60.1的时候被拒
server3主机进行访问时实现负载均衡
[root@server3 ~]# curl 172.25.60.1
server2
[root@server3 ~]# curl 172.25.60.1
server3
[root@server3 ~]# curl 172.25.60.1
server2
[root@server3 ~]# curl 172.25.60.1
server3
172.25.60.250主机进行访问时:
[root@foundation60 kiosk]# curl 172.25.60.1
<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>
[root@server1 ~]# vim /etc/haproxy/haproxy.cfg
acl blacklist src 172.25.60.250
#http-request deny if blacklist
#errorloc 403 http://172.25.60.1:8080/index.html
redirect location http://172.25.60.1:8080/ index.html if blacklist
default_backend static
172.25.60.250这台主机在访问172.25.60.1:8080的时候会显示172.25.60.1:8080/index.html文件中的内容,其它主机访问时,启用负载均衡
三:haproxy动静分离:
在server3主机上安装php
[root@server3 ~]# yum install -y php
[root@server3 ~]# /etc/init.d/httpd restart
[root@server1 ~]# vim /etc/haproxy/haproxy.cfg
#acl blacklist src 172.25.60.250
#http-request deny if blacklist
#errorloc 403 http://172.25.60.1:8080/index.html
#redirect location http://172.25.60.1:8080/index.html if blacklisti
use_backend dynamic if { path_end .php }
default_backend static
# The static backend backend for 'Host: img', /img and /css.
backend static ##静态
balance roundrobin
server web1 172.25.60.2:80 check inter 1000
# the application servers go here
backend dynamic ##动态
balance roundrobin
server web2 172.25.60.3:80 check inter 1000
[root@server1 ~]# /etc/init.d/haproxy reload
浏览器访问172.25.60.1时,指向server2的静态页面
访问172.25.60.1/index.php时,指向server3的php页面(动态)
四: haproxy读写分离
[root@server2 ~]# cd /var/www/html/
[root@server2 html]# ls
index.html upload
[root@server2 html]# cd upload/
[root@server2 upload]# mv * ..
[root@server2 html]# ls
index.html index.php upload upload_file.php
[root@server2 html]# chmod 777 upload
[root@server2 html]# vim upload_file.php
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 2000000))
[root@server2 html]# scp -rp index.php upload upload_file.php server3:/var/www/html/
[root@server2 html]# /etc/init.d/httpd restart
[root@server1 ~]# vim /etc/haproxy/haproxy.cfg
frontend public
bind *:80 name clear
#bind 192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
#use_backend static if { hdr_beg(host) -i img }
#use_backend static if { path_beg /img /css }
acl read method GET
acl read method HEAD
acl write method POST
acl write method PUT
#acl blacklist src 172.25.60.250
#http-request deny if blacklist
#errorloc 403 http://172.25.60.1:8080/index.html
#redirect location http://172.25.60.1:8080/index.html if blac
[root@server1 ~]# /etc/init.d/haproxy reload
http://172.25.60.1/上传图片并提交
server2里面没有数据
[root@server2 html]# cd upload
[root@server2 upload]# ls
图片上传到了server3上 ###写服务都放在server3主机上
[root@server3 html]# cd upload
[root@server3 upload]# ls
Screenshot from 2018-05-23 20-12-47.png