haproxy反向代理

实验环境

主机名                IP           版本
haproxy        192.168.14.210    1.5.18    
web1           192.168.14.211    nginx/1.12.2
web2           192.168.14.212    nginx/1.12.2

一、haproxy

1、关闭防火墙和selinux

[root@haproxy ~]# systemctl stop firewalld
[root@haproxy ~]# systemctl disable  firewalld
[root@haproxy ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

2、yum安装haproxy

[root@haproxy ~]# yum install -y haproxy
[root@haproxy ~]# systemctl start haproxy
[root@haproxy ~]# systemctl enable  haproxy

3、开启haproxy日志记录

#查看proxy配置文件，提示添加-r和日志保存路径
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

#添加-r
[root@haproxy ~]# vim /etc/sysconfig/rsyslog 
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
SYSLOGD_OPTIONS="-r"

[root@haproxy ~]# vim /etc/rsyslog.conf
#由于haproxy的日志是用udp传输的，所以要启用rsyslog的udp监听
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

#启用级别为local2的设备，并将该设备的所有级别的日志全部输出到/var/log/haproxy.log
local2.*                                                /var/log/haproxy.log

#haproxy日志文件不会自动创建，需要手动添加
[root@haproxy ~]# touch /var/log/haproxy.log

#重启服务
[root@haproxy ~]# systemctl restart rsyslog

4、修改配置文件（直接复制，修改后端主机IP）

[root@haproxy ~]# cat /etc/haproxy/haproxy.cfg 
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
listen stats
    mode http
    bind 0.0.0.0:1080        #图形化管理页面端口
    stats enable
    stats hide-version
    stats uri     /haproxyadmin?stats    #图形化管理页面
    stats realm   Haproxy\ Statistics
    stats auth    admin:admin            #管理用户名和密码
    stats admin if TRUE


frontend http-in
    bind *:80
    mode http
    log global
    option httpclose
    option logasap
    option dontlognull
    capture request  header Host len 20
    capture request  header Referer len 60
    default_backend servers

frontend healthcheck
    bind :1099
    mode http
    option httpclose
    option forwardfor
    default_backend servers

backend servers    #后端主机组
    balance roundrobin    #负载
    server websrv1 192.168.14.211:80 check maxconn 2000
    server websrv2 192.168.14.212:80 check maxconn 2000

二、web1

#关闭防火墙和selinux
[root@web1 ~]# systemctl stop  firewalld
[root@web1 ~]# systemctl disable   firewalld
[root@web1 ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

#安装nginx并启动
[root@web1 ~]# yum install -y nginx
[root@web1 ~]# systemctl start nginx
[root@web1 ~]# systemctl enable nginx

#修改主页面
[root@web1 ~]# echo "nginx web1" > /usr/share/nginx/html/index.html

三、web2

#关闭防火墙和selinux
[root@web2 ~]# systemctl stop  firewalld
[root@web2 ~]# systemctl disable   firewalld
[root@web2 ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

#安装nginx并启动
[root@web2 ~]# yum install -y nginx
[root@web2 ~]# systemctl start nginx
[root@web2 ~]# systemctl enable nginx

#修改主页面
[root@web1 ~]# echo "nginx web2" > /usr/share/nginx/html/index.html

四、客户端

1、访问haproxy

[root@client ~]# curl http://192.168.14.210
nginx web1
[root@client ~]# curl http://192.168.14.210
nginx web2
[root@client ~]# curl http://192.168.14.210
nginx web1

2、管理页面192.168.14.210:1080/haproxyadmin?stats