Haproxy introduction and use Haproxy to build a web cluster

1. Common Web cluster scheduler

• The current common Web cluster scheduler is divided into software and hardware.
• The software usually uses open source LVS, Haproxy, Nginx
• The most commonly used hardware is F5, and many people use some domestic products, such as Barracuda, NSFOCUS, etc.

1.1 Haproxy application analysis

• LVS has strong anti-load ability in enterprise applications, but there are some shortcomings.
  LVS does not support regular processing and cannot achieve dynamic and static separation.
  For large-scale websites, the implementation and configuration of LVS are complicated and the maintenance cost is relatively high.
• Haproxy is a software that provides high availability, load balancing, and proxy based on TCP and HTTP applications. It is
  suitable for heavily loaded Web sites. It
  runs on hardware and supports tens of thousands of concurrent connections.

1.2 Haproxy scheduling algorithm

• RR (Round Robin)
  RR algorithm is the simplest and most commonly used algorithm, namely round-robin scheduling
• LC (Least Connections)
  minimum connections algorithm dynamically allocates front-end requests according to the number of back-end node connections.
• SH (Source Hashing) is
  based on the source access scheduling algorithm. It is used in some scenarios where Session sessions are recorded on the server side. Cluster scheduling can be based on the source IP, Cookie, etc. For
  example:
  There are two nodes A and B, the first user first The second visit was assigned to A, the second user was assigned to B for the first visit. When the first user visits for the second time, it will continue to be assigned to A, and the second user will continue to be assigned for the second visit. To B

2. Detailed explanation of Haproxy configuration file

2.1 Global configuration global

parameter	Description
log 127.0.0.1 local0	Configure logging, local0 is the logging device, which is stored in the system log by default
log 127.0.0.1 local1 notice	Notice is the log level, usually there are 24 levels
maxconn 4096	Maximum number of connections
uid 99	User uid
guide 99	User gid

2.2 Default configuration defaults

• If there is no special statement in the application component, it will be set according to the default configuration parameters

parameter	Description
log global	Define the log as the log definition in the global configuration
mode http	Mode is http
option httplog	Use http log format to record logs
retries 3	Check the node server failure for three consecutive times, the node is considered unavailable
maxconn 2000	Maximum number of connections
contimeout 5000	Connection timeout
clitimeout 5000	Client timeout
srvtimeout 5000	Server timeout

2.3 Application component configuration listen

parameter	Description
listen appli4-backup 0.0.0.0：10004	Define an appli4-backup application
option httpchk /indexhtml	Check the index.html file of the server
option persist	Force the request to be sent to the server that has been down (comment out when configuring)
balance roundrobin	Load balancing scheduling algorithm uses polling algorithm
server inst1 192.168.114.56:80 check inter 2000 fall 3	Define online nodes
server inst1 192.168.114.56:80 check inter 2000 fall 3 backup	Define backup node

Three, Haproxy parameter optimization

parameter	Description
maxconn	Maximum number of connections, adjusted according to the actual situation of the application, 10 240 is recommended
daemon	Daemon mode, Haproxy can be started in non-daemon mode, it is recommended to start in daemon mode
nbproc	The number of concurrent processes for load balancing is recommended to be equal to or twice the number of CPU cores of the current server
retries	The number of retries is mainly used to check the cluster nodes. If there are many nodes and a large number of them, set it to 2 or 3 times
option http-server-close	Actively close the http request option, it is recommended to use this option in a production environment
timeout http-keep-alive	Long connection timeout time, set long connection timeout time, you can set 10s
timeout http-request	http请求超时时间，建议将此时间设置为5~10 s，增加http连接释放速度
timeout client	客户端超时时间，如果访问量过大，节点响应慢，可以将此时间设置短一些，建议设置为1min左右就可以了

四、Haproxy 日志管理

• 默认是输出到系统的syslog中，生产环境中一般单独定义
• 定义的方法步骤
  修改Hapeoxy配置文件中关于日志 配置的选项，加入配置
  log /dev/log local0 info
  log /dev/log local0 notice
• 修改rsyslog配置，将Haproxy相关的配置独立定义到haproxy.conf 并放到 /etc/rsrslog.d/ 下
• 保存配置文件并重启rsyslog服务，完成rsyslog配置

五、Haproxy搭建Web群集实验

5.1 实验环境

• 3台Centos 虚拟机 一台win10 系统
• 1台虚拟即充当Haproxy站点，IP地址为192.168.233.200
• 2台CentOS 虚拟机模拟Nginx服务器 IP地址分别为192.168.233.180 192.168.233.50
• win10 充当客户端
  

5.2 实验准备工作

• 准备好haproxy-1.5.19.tar和nginx-1.12.0.tar 安装包
• 开始操作前 关闭所有节点的防火墙和核心防护 防止干扰

[root@haproxy ~]# systemctl stop firewalld.service 
[root@haproxy ~]# setenforce 0

5.3 节点服务器

• 两台节点服务器都需要设置

root@localhost ~]# hostnamectl set-hostname web1
[root@localhost ~]# su
[root@web1 ~]# 
[root@web1 ~]# yum install pcre-devel zlib-devel gcc gcc-c++ make -y
[root@web1 ~]# useradd -M -s /sbin/nologin  nginx
准备安装包nginx-1.12.0.tar
[root@web1 ~]# tar zxvf nginx-1.12.0.tar.gz -C /opt/
[root@web1 ~]# cd /opt/nginx-1.12.0/
[root@web1 nginx-1.12.0]# ./configure  --prefix=/usr/local/nginx --user=nginx --group=nginx
[root@web1 nginx-1.12.0]# make && make install
[root@web1 nginx-1.12.0]# cd /usr/local/nginx/html/
[root@web1 html]# echo "this is accp web" > test.html         ## web2 网页内容可以写不一样的，但是文件名称要一样 便于测试
[root@web1 html]# ln -s /usr/local/nginx/sbin/nginx  /usr/local/sbin/
[root@web1 html]# nginx
[root@web1 html]# netstat -antp | grep nginx
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      14300/nginx: master

5.4 haproxy服务器

[root@haproxy ~]# yum install pcre-devel bzip2-devel gcc gcc-c++ make -y
准备压缩包haproxy-1.5.19.tar
[root@haproxy ~]# tar zxvf haproxy-1.5.19.tar.gz -C /opt/
[root@haproxy ~]# cd /opt/haproxy-1.5.19/
[root@haproxy haproxy-1.5.19]# make TARGET=linux26
[root@haproxy haproxy-1.5.19]# make install
[root@haproxy haproxy-1.5.19]# mkdir /etc/haproxy
[root@haproxy haproxy-1.5.19]# cp examples/haproxy.cfg /etc/haproxy/
[root@haproxy haproxy-1.5.19]# cd /etc/haproxy/
[root@haproxy haproxy]# vim haproxy.cfg 

#       chroot /usr/share/haproxy      ## 第八行 注释掉 否则服务起不来
#       redispatch			## 第二十一行，注释掉

######### 删掉所有的listen  写入下列的
listen webcluster 0.0.0.0:80
        option httpchk GET /test.html
        balance roundrobin
        server inst1 192.168.233.50:80 check inter 2000 fall 3
        server inst2 192.168.233.180:80 check inter 2000 fall 3


[root@haproxy haproxy]# cp /opt/haproxy-1.5.19/examples/haproxy.init /etc/init.d/haproxy
[root@haproxy haproxy]# chmod +x /etc/init.d/haproxy 
[root@haproxy haproxy]# chkconfig --add /etc/init.d/haproxy 
[root@haproxy haproxy]# ln -s /usr/local/sbin/haproxy  /usr/sbin/haproxy
[root@haproxy haproxy]# service haproxy start
Starting haproxy (via systemctl):                          [  确定  ]


访问http://192.168.233.200/test.html
刷新网页 ，发现两个网页来回切换

5.5 日志配置

[root@haproxy haproxy]# vim /etc/haproxy/haproxy.cfg 
  global
          log /dev/log    local0  info        ## /dev/log 只是一个设备工具  日志还是会生成到/var/log 里面  local0 级别得一样
          log /dev/log    local0 notice
[root@haproxy haproxy]# service haproxy restart
Restarting haproxy (via systemctl):                        [  确定  ]
[root@haproxy haproxy]# touch /etc/rsyslog.d/haproxy.conf
[root@haproxy haproxy]# vim /etc/rsyslog.d/haproxy.conf
if ($programname == 'haproxy' and $syslogseverity-text == 'info')
then -/var/log/haproxy/haproxy-info.log
&~
if ($programname == 'haproxy' and $syslogseverity-text == 'notice')
then -/var/log/haproxy/haproxy-notice.log
&~
~                                                                                                                                           
~                 
[root@haproxy ~]# systemctl restart rsyslog.service     
[root@haproxy ~]# service haproxy restart
Restarting haproxy (via systemctl):                        [  确定  ]
[root@haproxy ~]# ls /var/log/haproxy/
haproxy-info.log  haproxy-notice.log