1. Haproxy download address (download version 1.7.9 ): http://www.haproxy.org/
2. Upload haproxy-1.7.9.tar.gz to Centos
3. Installation
yum install -y gcc #Install gcc (CentOS does not have gcc installed, you need to install gcc first, and ignore it if gcc is installed) tar zxvf haproxy-1.7.9.tar.gz cd haproxy-1.7.9 # yum install SSL, if you need to support SSL yum install -y openssl openssl-devel readline-devel pcre-devel libssl-dev libpcre3 # Add compile parameters that support ssl #If you don't need it, you can remove USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1 make TARGET=linux3100 CPU=x86_64 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1 make install PREFIX=/usr/local/haproxy #安装 #Parameter Description: #TARGET=linux3100 #Use uname -r to view CentOS kernel information, information: 2.6.32-642.el6.x86_64 #For use greater than 2.6.28: TARGET=linux2628 #CPU=x86_64 #PREFIX=/usr/local/haprpxy #/usr/local/haprpxy is the haprpxy installation path
3. Set up HAProxy
mkdir -p /usr/local/haproxy/conf #Create a configuration file directory mkdir -p /etc/haproxy #Create a configuration file directory touch /usr/local/haproxy/conf/haproxy.cfg #Create a configuration file ln -s /usr/local/haproxy/conf/haproxy.cfg /etc/haproxy/haproxy.cfg #Add configuration file soft connection cp -r /usr/dev/haproxy/haproxy-1.7.9/examples/errorfiles /usr/local/haproxy/errorfiles #Copy error pages ln -s /usr/local/haproxy/errorfiles /etc/haproxy/errorfiles #Add soft connection mkdir -p /usr/local/haproxy/log #Create log file directory touch /usr/local/haproxy/log/haproxy.log #Create log file ln -s /usr/local/haproxy/log/haproxy.log /var/log/haproxy.log #Add soft connection cp /usr/dev/haproxy/haproxy-1.7.9/examples/haproxy.init /etc/rc.d/init.d/haproxy #Copy boot files chmod +x /etc/rc.d/init.d/haproxy #Add script execution permission chkconfig haproxy on #Set boot up ln -s /usr/local/haproxy/sbin/haproxy /usr/sbin #Add soft connection
5. Configure haproxy.cfg parameters
Detailed analysis of haproxy configuration file parameters
| chroot<jail dir> |
Change working directory to <jail dir> and execute chroot |
| daemon |
Background work mode |
| uid |
Process account id, it is recommended to set it as a dedicated account for haproxy |
| guide |
Process group id, it is recommended to set it to the haproxy dedicated group |
| log<address><facility> |
Configure global syslog, you can set up two log servers |
| nbproc<number> |
Specify the number of background processes |
| pidfile<file> |
Specify pid file |
| ulimit-n<number> |
Set the maximum number of file descriptors per process |
| maxconn<number> |
Maximum number of concurrency supported per process |
| tune.bufsize<number> |
Set the buffer size, the default is 16384B |
| mode |
Optional tcp, http, health |
| timeout check<timeout> |
Set check timeout |
| contimeout<timeout> |
Set connection timeout |
| balance roundrobin |
Set polling load |
| bind<address>:port |
Define one or more listening addresses and ports |
| stats auth admin:admin |
Set the user name and password of the monitoring interface |
| stats refresh<number> |
Statistics page refresh interval |
| option httplog |
use http logs |
| cookie<name> |
Keep-alive with cookies enabled |
| option forwardfor |
Allows insertion of this header, allowing the backend server to obtain the client ip |
| option abortonclose |
Automatically close requests that take a long time to process when the load is high |
| option allbackups |
The back-end server is down, whether to activate all the standby machines, and start the first standby machine by default |
| option dontlognull |
Do not record empty connection logs, mainly used to not record health check logs |
| option redispatch |
A backend machine is down, forcing the request to be forwarded to a healthy machine |
| monitor-uri <URi> |
Check whether the uri file exists, and judge the health status of the host in turn |
| monitor-fail if site_dead |
When the server is down, a 503 code is returned |
| option httpchk<uri> |
Check server health status using http protocol |
| retries<value> |
Number of retries after server connection failure |
| timeout client |
The maximum timeout of the client, in milliseconds |
| timeout server |
Maximum server timeout, in milliseconds |
| timeout connect |
Maximum connection timeout, in milliseconds |
| default_backend |
Default backend server group |
| use_backend |
When the conditions are met, specify the backend server group |
| acl<name><criterion> |
Define an access control list |
vi /usr/local/haproxy/conf/haproxy.cfg #Edit\Modify\Save
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log 127.0.0.1 local2
maxconn 3000 ###Maximum number of connections, default 4000
chroot /usr/local/haproxy ###Change directory
pidfile /usr/local/haproxy/conf/haproxy.pid ###haproxy's pid storage path, write all processes into the pid file, the user who starts the process must have permission to access this file
daemon ###Configure haproxy to enter background mode
nbproc 1 ###Number of processes, multiple can be opened at the same time
#---------------------------------------------------------------------
# Defaults settings
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
log global ###Use the globally defined log
mode http ###Default mode mode { tcp|http|health }, tcp is layer 4, http is layer 7, health will only return OK
option httplog ###Log category http log format
option dontlognull ###Do not record health check log information
option httpclose ###Actively close the http channel after each request is completed
retries 3 ###If the connection fails for 3 times, the service is considered to be unavailable, and it can also be set later.
option redispatch ###After the server corresponding to the serverId hangs up, force it to be directed to other healthy servers
option forwardfor ###If the backend server needs to obtain the parameters that need to be configured by the client's real ip, you can obtain the client ip from the Http Header
timeout connect 10000 #default 10 second timeout if a backend is not found
timeout client 300000 ###Client connection timeout
timeout server 300000 ###Server connection timeout
maxconn 60000 ###Maximum number of connections
####################################################################
listen stats
bind 0.0.0.0:1080 #Listening port
stats refresh 30s #Automatic refresh time of statistics page
stats uri /stats #Statistics page url
stats realm Haproxy Manager #Prompt text on the password box on the statistics page
stats auth admin:admin #Statistics page username and password settings
#stats hide-version #Hide the version information of HAProxy on the stats page
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind 0.0.0.0:80
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static ###Meet the policy requirements, then respond to the backend page defined by the policy
default_backend dynamic ###If not satisfied, respond to the default page of backend
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin ###Load balancing mode polling
server static 127.0.0.1:80 check ###Backend server definition
backend dynamic
balance roundrobin
server websrv1 10.118.66.69:8081 check maxconn 2000
server websrv2 10.118.66.69:8082 check maxconn 2000
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
#errorloc 503 http://www.osyunwei.com/404.html
errorfile 403 /etc/haproxy/errorfiles/403.http
errorfile 500 /etc/haproxy/errorfiles/500.http
errorfile 502 /etc/haproxy/errorfiles/502.http
errorfile 503 /etc/haproxy/errorfiles/503.http
errorfile 504 /etc/haproxy/errorfiles/504.http
:wq! #Save and exit
service haproxy start #start
service haproxy stop #close
service haproxy restart #restart
7. Firewall settings
Open ports 80 and 1080
8. Test
Browser input address: http://192.168.117.128:1080/stats
Enter: http://192.168.117.128, you can access the configured web application load
webapp1: 10.118.66.69:8081
webapp2: 10.118.66.69:8082
9. Add SSL configuration
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log 127.0.0.1 local2 ###[err warning info debug]
maxconn 4000 ###Maximum number of connections, default 4000
chroot /usr/local/haproxy ###Change directory
pidfile /usr/local/haproxy/conf/haproxy.pid ###haproxy's pid storage path, write all processes into the pid file, the user who starts the process must have permission to access this file
daemon ###Configure haproxy to enter background mode
nbproc 1 ###Number of processes, multiple can be opened at the same time
tune.ssl.default-dh-param 2048
#---------------------------------------------------------------------
# Defaults settings
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
log global ###Use the globally defined log
mode http ###Default mode mode { tcp|http|health }, tcp is layer 4, http is layer 7, health will only return OK
option httplog ###Log category http log format
option dontlognull ###Do not record health check log information
option httpclose ###Actively close the http channel after each request is completed
retries 3 ###If the connection fails for 3 times, the service is considered to be unavailable, and it can also be set later.
option redispatch ###After the server corresponding to the serverId hangs up, force it to be directed to other healthy servers
option forwardfor ###If the backend server needs to obtain the parameters that need to be configured by the client's real ip, you can obtain the client ip from the Http Header
timeout connect 10000 #default 10 second timeout if a backend is not found
timeout client 300000 ###Client connection timeout
timeout server 300000 ###Server connection timeout
maxconn 60000 ###Maximum number of connections
####################################################################
listen stats
bind 0.0.0.0:1080 #Listening port
stats refresh 30s #Automatic refresh time of statistics page
stats uri /stats #Statistics page url
stats realm Haproxy Manager #Prompt text on the password box on the statistics page
stats auth admin:admin #Statistics page username and password settings
#stats hide-version #Hide the version information of HAProxy on the stats page
frontend http_its
bind :80
maxconn 32000
option http-keep-alive
option forwardfor
option httpclose
default_backend http_ITS_WEB
frontend https_its
bind :443 ssl crt /usr/local/haproxy/conf/itsweb.pem
maxconn 32768
option forwardfor
option httpclose
option http-keep-alive
default_backend http_ITS_WEB
backend http_ITS_WEB
cookie http_ITS_WEB insert indirect
hash-type consistent
fullconn 32768
option httpclose
balance leastconn
server p_01 10.118.66.69:8081 cookie web1 check inter 2000 rise 3 fall 5 check port 8081
server p_02 10.118.66.69:8082 cookie web2 check inter 2000 rise 3 fall 5 check port 8082
Test effect:
