1. Introduction to HAProxy
HAProxy is an open source, high-performance load balancing software based on TCP (Layer 4) and HTTP (Layer 7) applications. With HAProxy, you can quickly and reliably provide load balancing solutions based on TCP and HTTP applications. HAProxy is a professional load balancing software.
2. Advantages of HAProxy
1. The reliability and stability are very good, comparable to the hardware-level F5 load balancing device.
2. It can maintain up to 40,000~50,000 concurrent connections at the same time. The maximum number of requests processed per unit time is: 20,000. The maximum data processing capacity can reach 10Gbps. As a software-level load balancing, HAProxy’s powerful performance can be seen A spot.
3. Supports more than 8 load balancing algorithms and also supports session retention.
4. Support virtual host function, which makes Web load balancing more flexible.
5. Starting from version 1.3 of HAProxy, it supports functions such as connection rejection and fully transparent proxy. These functions are not available in other load balancers.
6. HAProxy has a powerful server status monitoring page, through which you can understand the operating status of the system in real time.
7. HAProxy has powerful ACL support, which can bring great convenience to use.
HAProxy relies on the technical characteristics of the operating system to maximize performance. Therefore, when using HAProxy, it is very important to perform performance tuning of the operating system. In terms of business, HAProxy is very suitable for Web systems that have particularly large concurrency and require persistent connections or layer 4 and layer 7 processing mechanisms, such as portal websites or e-commerce websites. in addition. HAproxy can also be used for load balancing of MySQL databases (read operations)
3. HAProxy support functions
TCP and HTTP reverse proxy
Support reverse proxy for dynamic programs
Supports database-based reverse proxy
SSL/TSL server
Cookies can be added to HTTP requests for routing back-end servers
Can balance load to backend servers and support persistent connections
Supports failover of all primary servers to standby servers
Support dedicated ports to implement monitoring services
Support stopping accepting new connection requests without affecting existing connections
HTTP message headers can be added, modified or deleted in both directions
Response message compression
Support access control of connection requests based on pattern
Provide detailed status information to authorized users via a specific URI
4. Lua environment solution—Centos environment
HAProxy supports functional expansion based on Lua . Lua is a small scripting language developed in 1993 by a research group at the Pontifical Catholic University of Rio de Janeiro in Brazil . It is designed to be embedded in applications. , thereby providing flexible expansion and customization capabilities for applications.
当前系统版本
[root@shen ~]# lua -v
Lua 5.1.4 Copyright (C) 1994-2008 Lua.org, PUC-Rio
安装基础命令以及编译依赖环境
[root@shen ~]# yum install wget gcc readline-devel -y
[root@shen ~]# wget http://www.lua.org/ftp/lua-5.3.5.tar.gz
[root@shen ~]# tar xf lua-5.3.5.tar.gz -C /usr/local/src/
[root@shen src]# cd /usr/local/src/lua-5.3.5/
[root@shen lua-5.3.5]# make linux test
查看编译安装的版本
[root@shen lua-5.3.5]# src/lua -v
Lua 5.3.5 Copyright (C) 1994-2018 Lua.org, PUC-Rio
5. Compile and install HAProxy
1. Install HAProxy
#HAProxy 1.8及1.9版本编译参数:
make ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/usr/local/haproxy
#HAProxy 2.0以上版本编译参数:本文使用的是社区版2.6.13
[root@shen ~]# yum -y install gcc openssl-devel pcre-devel systemd-devel
[root@shen ~]# tar xf haproxy-2.6.13.tar.gz -C /usr/local/src/
[root@shen ~]# cd /usr/local/src/haproxy-2.6.13/
[root@shen haproxy-2.6.13]# cat README
[root@shen haproxy-2.6.13]# ll Makefile
-rw-rw-r--. 1 root root 49679 May 2 20:20 Makefile
参考INSTALL文件进行编译安装
[root@shen haproxy-2.6.13]# cat INSTALL
[root@shen haproxy-2.6.13]# make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_LUA=1 LUA_INC=/usr/local/src/lua-5.3.5/src/ LUA_LIB=/usr/local/src/lua-5.3.5/src/
[root@shen haproxy-2.6.13]# make install PREFIX=/apps/haproxy
[root@shen haproxy-2.6.13]# ln -s /apps/haproxy/sbin/haproxy /usr/sbin/
查看生成文件
[root@shen haproxy-2.6.13]# tree /apps/haproxy/
/apps/haproxy/
├── doc
│ └── haproxy
│ ├── 51Degrees-device-detection.txt
│ ├── architecture.txt
│ ├── close-options.txt
│ ├── configuration.txt
│ ├── cookie-options.txt
│ ├── DeviceAtlas-device-detection.txt
│ ├── intro.txt
│ ├── linux-syn-cookies.txt
│ ├── lua.txt
│ ├── management.txt
│ ├── netscaler-client-ip-insertion-protocol.txt
│ ├── network-namespaces.txt
│ ├── peers.txt
│ ├── peers-v2.0.txt
│ ├── proxy-protocol.txt
│ ├── regression-testing.txt
│ ├── seamless_reload.txt
│ ├── SOCKS4.protocol.txt
│ ├── SPOE.txt
│ └── WURFL-device-detection.txt
├── sbin
│ └── haproxy
└── share
└── man
└── man1
└── haproxy.1
6 directories, 22 files
2. Verify HAProxy version
验证HAProxy版本
[root@shen haproxy-2.6.13]# which haproxy
/usr/sbin/haproxy
[root@shen haproxy-2.6.13]# haproxy -v
HAProxy version 2.6.13-234aa6d 2023/05/02 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2027.
Known bugs: http://www.haproxy.org/bugs/bugs-2.6.13.html
Running on: Linux 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64
[root@shen haproxy-2.6.13]# haproxy -vv
HAProxy version 2.6.13-234aa6d 2023/05/02 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2027.
Known bugs: http://www.haproxy.org/bugs/bugs-2.6.13.html
Running on: Linux 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64
Build options :
TARGET = linux-glibc
CPU = generic
CC = cc
CFLAGS = -m64 -march=x86-64 -O2 -g -Wall -Wextra -Wundef -Wdeclaration-after-statement -Wfatal-errors -Wtype-limits -fwrapv -Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wno-string-plus-int -Wno-atomic-alignment
OPTIONS = USE_PCRE=1 USE_OPENSSL=1 USE_LUA=1 USE_ZLIB=1 USE_SYSTEMD=1
DEBUG = -DDEBUG_STRICT -DDEBUG_MEMORY_POOLS
Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H -DEVICEATLAS +DL -ENGINE +EPOLL -EVPORTS +GETADDRINFO -KQUEUE +LIBCRYPT +LINUX_SPLICE +LINUX_TPROXY +LUA -MEMORY_PROFILING +NETFILTER +NS -OBSOLETE_LINKER +OPENSSL -OT +PCRE -PCRE2 -PCRE2_JIT -PCRE_JIT +POLL +PRCTL -PROCCTL -PROMEX -QUIC +RT -SLZ -STATIC_PCRE -STATIC_PCRE2 +SYSTEMD +TFO +THREAD +THREAD_DUMP +TPROXY -WURFL +ZLIB
Default settings :
bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with multi-threading support (MAX_THREADS=64, default=2).
Built with OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.5
Built with network namespace support.
Support for malloc_trim() is enabled.
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Encrypted password support via crypt(3): yes
Built with gcc compiler version 4.8.5 20150623 (Red Hat 4.8.5-44)
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
h2 : mode=HTTP side=FE|BE mux=H2 flags=HTX|HOL_RISK|NO_UPG
fcgi : mode=HTTP side=BE mux=FCGI flags=HTX|HOL_RISK|NO_UPG
<default> : mode=HTTP side=FE|BE mux=H1 flags=HTX
h1 : mode=HTTP side=FE|BE mux=H1 flags=HTX|NO_UPG
<default> : mode=TCP side=FE|BE mux=PASS flags=
none : mode=TCP side=FE|BE mux=PASS flags=NO_UPG
Available services : none
Available filters :
[CACHE] cache
[COMP] compression
[FCGI] fcgi-app
[SPOE] spoe
[TRACE] trace
3. HAProxy startup script
[root@shen ~]# vim /usr/lib/systemd/system/haproxy.service
[root@shen ~]# cat /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
默认缺少配置文件,无法启动
[root@shen ~]# systemctl daemon-reload
[root@shen ~]# systemctl start haproxy
Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xe" for details.
[root@shen ~]# tail /var/log/messages
Aug 31 09:55:24 shen dbus[665]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Aug 31 09:55:24 shen nm-dispatcher: req:1 'dhcp4-change' [ens33]: new request (2 scripts)
Aug 31 09:55:24 shen systemd: Started Network Manager Script Dispatcher Service.
Aug 31 09:55:24 shen nm-dispatcher: req:1 'dhcp4-change' [ens33]: start running ordered scripts...
Aug 31 09:55:37 shen systemd: Reloading.
Aug 31 09:55:46 shen systemd: Starting HAProxy Load Balancer...
Aug 31 09:55:46 shen systemd: haproxy.service: control process exited, code=exited status=1
Aug 31 09:55:46 shen systemd: Failed to start HAProxy Load Balancer.
Aug 31 09:55:46 shen systemd: Unit haproxy.service entered failed state.
Aug 31 09:55:46 shen systemd: haproxy.service failed.
4. Configuration file
查看配置文件范例
[root@shen ~]# tree /usr/local/src/haproxy-2.6.13/examples/
/usr/local/src/haproxy-2.6.13/examples/
├── basic-config-edge.cfg
├── content-sw-sample.cfg
├── errorfiles
│ ├── 400.http
│ ├── 403.http
│ ├── 408.http
│ ├── 500.http
│ ├── 502.http
│ ├── 503.http
│ ├── 504.http
│ └── README
├── haproxy.init
├── option-http_proxy.cfg
├── quick-test.cfg
├── socks4.cfg
├── transparent_proxy.cfg
└── wurfl-example.cfg
1 directory, 16 file
创建自定义的配置文件
[root@shen ~]# mkdir /etc/haproxy
[root@shen ~]# vim /etc/haproxy/haproxy.cfg
[root@shen ~]# cat /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /apps/haproxy
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
#uid 99
#gid 99
user haproxy
group haproxy
daemon
#nbproc 4
#cpu-map 1 0
#cpu-map 2 1
#cpu-map 3 2
#cpu-map 4 3
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local2 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:123456
listen web_port
bind 192.168.226.150:80
mode http
log global
server web1 127.0.0.1:8080 check inter 3000 fall 2 rise 5
5. Start HAProxy
[root@shen ~]# mkdir /var/lib/haproxy
[root@shen ~]# useradd -r -s /sbin/nologin -d /var/lib/haproxy haproxy
[root@shen ~]# systemctl enable --now haproxy
Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.
6. Verify HAProxy status
The haproxy.cfg file defines chroot , pidfile , user , group and other parameters. If the system does not have the corresponding resources, haproxy will not start. For details, refer to the log file /var/log/messages.
[root@shen ~]# systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2023-08-31 10:02:48 +08; 2min 12s ago
Process: 2577 ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q (code=exited, status=0/SUCCESS)
Main PID: 2580 (haproxy)
CGroup: /system.slice/haproxy.service
├─2580 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
└─2584 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
Aug 31 10:02:48 shen.example.com systemd[1]: Starting HAProxy Load Balancer...
Aug 31 10:02:48 shen.example.com systemd[1]: Started HAProxy Load Balancer.
Aug 31 10:02:48 shen.example.com haproxy[2580]: [NOTICE] (2580) : haproxy version is 2.6.13-234aa6d
Aug 31 10:02:48 shen.example.com haproxy[2580]: [NOTICE] (2580) : path to executable is /usr/sbin/...oxy
Aug 31 10:02:48 shen.example.com haproxy[2580]: [ALERT] (2580) : config : parsing [/etc/haproxy/h...ng.
Aug 31 10:02:48 shen.example.com haproxy[2580]: [NOTICE] (2580) : New worker (2584) forked
Aug 31 10:02:48 shen.example.com haproxy[2580]: [NOTICE] (2580) : Loading success.
Aug 31 10:02:48 shen.example.com haproxy[2580]: [WARNING] (2584) : Server web_port/web1 is DOWN, re...ue.
Aug 31 10:02:48 shen.example.com haproxy[2580]: [ALERT] (2584) : proxy 'web_port' has no server a...le!
Hint: Some lines were ellipsized, use -l to show in full.
7. View the status page of HAProoxy
Browser access: http://192.168.226.150:9999/haproxy-status
If it cannot be accessed, make sure the firewall is turned off.