1. Haproxy download address (download version 1.7.9 ): http://www.haproxy.org/
2. Upload haproxy-1.7.9.tar.gz to Centos
3. Installation
yum install -y gcc #Install gcc (CentOS does not have gcc installed, you need to install gcc first, and ignore it if gcc is installed) tar zxvf haproxy-1.7.9.tar.gz cd haproxy-1.7.9 # yum install SSL, if you need to support SSL yum install -y openssl openssl-devel readline-devel pcre-devel libssl-dev libpcre3 # Add compile parameters that support ssl #If you don't need it, you can remove USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1 make TARGET=linux3100 CPU=x86_64 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1 make install PREFIX=/usr/local/haproxy #安装 #Parameter Description: #TARGET=linux3100 #Use uname -r to view CentOS kernel information, information: 2.6.32-642.el6.x86_64 #For use greater than 2.6.28: TARGET=linux2628 #CPU=x86_64 #PREFIX=/usr/local/haprpxy #/usr/local/haprpxy is the haprpxy installation path
3. Set up HAProxy
mkdir -p /usr/local/haproxy/conf #Create a configuration file directory mkdir -p /etc/haproxy #Create a configuration file directory touch /usr/local/haproxy/conf/haproxy.cfg #Create a configuration file ln -s /usr/local/haproxy/conf/haproxy.cfg /etc/haproxy/haproxy.cfg #Add configuration file soft connection cp -r /usr/dev/haproxy/haproxy-1.7.9/examples/errorfiles /usr/local/haproxy/errorfiles #Copy error pages ln -s /usr/local/haproxy/errorfiles /etc/haproxy/errorfiles #Add soft connection mkdir -p /usr/local/haproxy/log #Create log file directory touch /usr/local/haproxy/log/haproxy.log #Create log file ln -s /usr/local/haproxy/log/haproxy.log /var/log/haproxy.log #Add soft connection cp /usr/dev/haproxy/haproxy-1.7.9/examples/haproxy.init /etc/rc.d/init.d/haproxy #Copy boot files chmod +x /etc/rc.d/init.d/haproxy #Add script execution permission chkconfig haproxy on #Set boot up ln -s /usr/local/haproxy/sbin/haproxy /usr/sbin #Add soft connection
5. Configure haproxy.cfg parameters
Detailed analysis of haproxy configuration file parameters
chroot<jail dir> |
Change working directory to <jail dir> and execute chroot |
daemon |
Background work mode |
uid |
Process account id, it is recommended to set it as a dedicated account for haproxy |
guide |
Process group id, it is recommended to set it to the haproxy dedicated group |
log<address><facility> |
Configure global syslog, you can set up two log servers |
nbproc<number> |
Specify the number of background processes |
pidfile<file> |
Specify pid file |
ulimit-n<number> |
Set the maximum number of file descriptors per process |
maxconn<number> |
Maximum number of concurrency supported per process |
tune.bufsize<number> |
Set the buffer size, the default is 16384B |
mode |
Optional tcp, http, health |
timeout check<timeout> |
Set check timeout |
contimeout<timeout> |
Set connection timeout |
balance roundrobin |
Set polling load |
bind<address>:port |
Define one or more listening addresses and ports |
stats auth admin:admin |
Set the user name and password of the monitoring interface |
stats refresh<number> |
Statistics page refresh interval |
option httplog |
use http logs |
cookie<name> |
Keep-alive with cookies enabled |
option forwardfor |
Allows insertion of this header, allowing the backend server to obtain the client ip |
option abortonclose |
Automatically close requests that take a long time to process when the load is high |
option allbackups |
The back-end server is down, whether to activate all the standby machines, and start the first standby machine by default |
option dontlognull |
Do not record empty connection logs, mainly used to not record health check logs |
option redispatch |
A backend machine is down, forcing the request to be forwarded to a healthy machine |
monitor-uri <URi> |
Check whether the uri file exists, and judge the health status of the host in turn |
monitor-fail if site_dead |
When the server is down, a 503 code is returned |
option httpchk<uri> |
Check server health status using http protocol |
retries<value> |
Number of retries after server connection failure |
timeout client |
The maximum timeout of the client, in milliseconds |
timeout server |
Maximum server timeout, in milliseconds |
timeout connect |
Maximum connection timeout, in milliseconds |
default_backend |
Default backend server group |
use_backend |
When the conditions are met, specify the backend server group |
acl<name><criterion> |
Define an access control list |
vi /usr/local/haproxy/conf/haproxy.cfg #Edit\Modify\Save
#--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global log 127.0.0.1 local2 maxconn 3000 ###Maximum number of connections, default 4000 chroot /usr/local/haproxy ###Change directory pidfile /usr/local/haproxy/conf/haproxy.pid ###haproxy's pid storage path, write all processes into the pid file, the user who starts the process must have permission to access this file daemon ###Configure haproxy to enter background mode nbproc 1 ###Number of processes, multiple can be opened at the same time #--------------------------------------------------------------------- # Defaults settings # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults log global ###Use the globally defined log mode http ###Default mode mode { tcp|http|health }, tcp is layer 4, http is layer 7, health will only return OK option httplog ###Log category http log format option dontlognull ###Do not record health check log information option httpclose ###Actively close the http channel after each request is completed retries 3 ###If the connection fails for 3 times, the service is considered to be unavailable, and it can also be set later. option redispatch ###After the server corresponding to the serverId hangs up, force it to be directed to other healthy servers option forwardfor ###If the backend server needs to obtain the parameters that need to be configured by the client's real ip, you can obtain the client ip from the Http Header timeout connect 10000 #default 10 second timeout if a backend is not found timeout client 300000 ###Client connection timeout timeout server 300000 ###Server connection timeout maxconn 60000 ###Maximum number of connections #################################################################### listen stats bind 0.0.0.0:1080 #Listening port stats refresh 30s #Automatic refresh time of statistics page stats uri /stats #Statistics page url stats realm Haproxy Manager #Prompt text on the password box on the statistics page stats auth admin:admin #Statistics page username and password settings #stats hide-version #Hide the version information of HAProxy on the stats page #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- frontend main bind 0.0.0.0:80 acl url_static path_beg -i /static /images /javascript /stylesheets acl url_static path_end -i .jpg .gif .png .css .js use_backend static if url_static ###Meet the policy requirements, then respond to the backend page defined by the policy default_backend dynamic ###If not satisfied, respond to the default page of backend #--------------------------------------------------------------------- # static backend for serving up images, stylesheets and such #--------------------------------------------------------------------- backend static balance roundrobin ###Load balancing mode polling server static 127.0.0.1:80 check ###Backend server definition backend dynamic balance roundrobin server websrv1 10.118.66.69:8081 check maxconn 2000 server websrv2 10.118.66.69:8082 check maxconn 2000 #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- #errorloc 503 http://www.osyunwei.com/404.html errorfile 403 /etc/haproxy/errorfiles/403.http errorfile 500 /etc/haproxy/errorfiles/500.http errorfile 502 /etc/haproxy/errorfiles/502.http errorfile 503 /etc/haproxy/errorfiles/503.http errorfile 504 /etc/haproxy/errorfiles/504.http
:wq! #Save and exit
service haproxy start #start
service haproxy stop #close
service haproxy restart #restart
7. Firewall settings
Open ports 80 and 1080
8. Test
Browser input address: http://192.168.117.128:1080/stats
Enter: http://192.168.117.128, you can access the configured web application load
webapp1: 10.118.66.69:8081
webapp2: 10.118.66.69:8082
9. Add SSL configuration
#--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global log 127.0.0.1 local2 ###[err warning info debug] maxconn 4000 ###Maximum number of connections, default 4000 chroot /usr/local/haproxy ###Change directory pidfile /usr/local/haproxy/conf/haproxy.pid ###haproxy's pid storage path, write all processes into the pid file, the user who starts the process must have permission to access this file daemon ###Configure haproxy to enter background mode nbproc 1 ###Number of processes, multiple can be opened at the same time tune.ssl.default-dh-param 2048 #--------------------------------------------------------------------- # Defaults settings # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults log global ###Use the globally defined log mode http ###Default mode mode { tcp|http|health }, tcp is layer 4, http is layer 7, health will only return OK option httplog ###Log category http log format option dontlognull ###Do not record health check log information option httpclose ###Actively close the http channel after each request is completed retries 3 ###If the connection fails for 3 times, the service is considered to be unavailable, and it can also be set later. option redispatch ###After the server corresponding to the serverId hangs up, force it to be directed to other healthy servers option forwardfor ###If the backend server needs to obtain the parameters that need to be configured by the client's real ip, you can obtain the client ip from the Http Header timeout connect 10000 #default 10 second timeout if a backend is not found timeout client 300000 ###Client connection timeout timeout server 300000 ###Server connection timeout maxconn 60000 ###Maximum number of connections #################################################################### listen stats bind 0.0.0.0:1080 #Listening port stats refresh 30s #Automatic refresh time of statistics page stats uri /stats #Statistics page url stats realm Haproxy Manager #Prompt text on the password box on the statistics page stats auth admin:admin #Statistics page username and password settings #stats hide-version #Hide the version information of HAProxy on the stats page frontend http_its bind :80 maxconn 32000 option http-keep-alive option forwardfor option httpclose default_backend http_ITS_WEB frontend https_its bind :443 ssl crt /usr/local/haproxy/conf/itsweb.pem maxconn 32768 option forwardfor option httpclose option http-keep-alive default_backend http_ITS_WEB backend http_ITS_WEB cookie http_ITS_WEB insert indirect hash-type consistent fullconn 32768 option httpclose balance leastconn server p_01 10.118.66.69:8081 cookie web1 check inter 2000 rise 3 fall 5 check port 8081 server p_02 10.118.66.69:8082 cookie web2 check inter 2000 rise 3 fall 5 check port 8082
Test effect: