HAProxy provide high availability, load balancing, and proxy TCP and HTTP-based applications, support for virtual hosts, it's free, fast and reliable a solution. According to official data, the maximum limit of concurrent 10G. Also supported from its network switching layer 4 to layer 7, i.e., to cover all the TCP protocol, in other words, even Haproxy Mysql support load balancing.
HAProxy especially for those large load of web sites that usually they need to maintain or seven treatment sessions. HAProxy running on current hardware can support thousands of concurrent connections. And its mode of operation makes it really simple to integrate into your current security architecture, while protecting your web server is not exposed to the network.
Functionally haproxy achieve Web load balancing, and nginx, ApacheProxy, lighttpd, Cheroke and other ways, like through a reverse proxy. The difference is that, haproxy not the Web server, reverse proxy load balancing with all the products mentioned above are Web server. Is simply, HAProxy just a load balancing application agent itself does not provide Web services .
haproxy simple configuration, has a very good server health check function, there is a special monitor system status page. When its agents back-end server fails, haproxy automatically removed the server, then automatically added to the recovery.
Download: https://github.com/haproxy/haproxy/releases/
(1) .haproxy load balancing algorithms
The load balancing algorithm haproxy disposed etc / haproxy.cfg the balance parameters, the parameters used in conjunction with the server. haproxy provided to eight kinds of loads are very Algorithm: roundrobin according to the weight polling (dynamic), static-rr according to the weight polling (static), source minimum connection according to the request source IP, leastconn, first processing, uri The uri request, url_param the url parameter request, rdp-cookie data according cookie (name) to lock and every request hash, hdr (name) every HTTP request according to the HTTP request the locking head.
I did not find the dynamic weight distribution and static weight distribution What is the difference.
Detailed view: https://blog.csdn.net/eddie_cm/article/details/79796883
haproxy profile parameters Details: https://blog.csdn.net/wngua/article/details/54618299
(2) Experimental environment
youxi1 192.168.1.6 load balancer (haproxy)
youxi2 192.168.1.7 host 1
youxi3 192.168.1.8 host 2
(3) Experimental
1) mounted on the load balancer disposed haproxy youxi1
Installation dependencies
[root@youxi1 ~]# yum -y install make gcc gcc-c++ openssl-devel
The downloaded installation package uploaded to the server, extract the installation
[root@youxi1 ~]# tar -xf haproxy-1.7.9.tar -C /usr/local/src/ //解压 [root@youxi1 ~]# cd /usr/local/src/haproxy-1.7.9/ [root@youxi1 haproxy-1.7.9]# cat README //找到如下部分 To build haproxy, you have to choose your target OS amongst the following ones and assign it to the TARGET variable : - linux22 for Linux 2.2 - linux24 for Linux 2.4 and above (default) - linux24e for Linux 2.4 with support for a working epoll (> 0.21) - linux26 for Linux 2.6 and above - linux2628 for Linux 2.6.28, 3.x, and above (enables splice and tproxy) - solaris for Solaris 8 or 10 (others untested) - freebsd for FreeBSD 5 to 10 (others untested) - netbsd for NetBSD - OSX for Mac OS / the X- - OpenBSD for OpenBSD 5.7 and above - aix51 for AIX 5.1 - aix52 for AIX 5.2 - Cygwin for Cygwin - Haiku for Haiku - the Generic for the any OTHER OS or Version. - Custom to Manually the ADJUST Every Setting [root @ youxi1 haproxy-1.7.9] # uname -r // with the above control information, the corresponding value found TARGET 3.10.0-957.el7.x86_64 // different from the other, the make Makefile generated herein, but While adding to the Makefile parameters but did not write on, had to go change [root @ youxi1 HAProxy-1.7.9] # the make the TARGET = linux2628 PREFIX = / usr / local / HAProxy [root @ youxi1 HAProxy-1.7.9] # vim Makefile // modify the following parameters, the CPU may be noted that the parameter PREFIX = / usr / local / haproxy // line 94 TARGET = linux2628 // 104 OK [@ youxi1 HAProxy the root-1.7.9] # the make the install the install -d "/ usr / local / HAProxy / sbin" install haproxy haproxy-systemd-wrapper "/usr/local/haproxy/sbin" install -d "/usr/local/haproxy/share/man"/man1 install -m 644 doc/haproxy.1 "/usr/local/haproxy/share/man"/man1 install -d "/usr/local/haproxy/doc/haproxy" for x in configuration management architecture cookie-options lua WURFL-device-detection proxy-protocol linux-syn-cookies network-namespaces DeviceAtlas-device-detection 51Degrees-device-detection netscaler-client-ip-insertion-protocol close-options SPOE intro; do \ install -m 644 doc/$x.txt "/usr/local/haproxy/doc/haproxy" ; \ done [root@youxi1 haproxy-1.7.9]# echo $? 0 [root@youxi1 haproxy-1.7.9]# ls /usr/local/haproxy/ doc sbin share // total on three directories, look after the installation is complete
Create a profile manually haproxy
[@ youxi1 HAProxy the root-1.7.9] # mkdir / usr / local / HAProxy / etc [@ youxi1 HAProxy the root-1.7.9] # Vim /usr/local/haproxy/etc/haproxy.cfg Global # global configuration #define global syslog server, you can define a maximum of two. # Format log [IP address] [log device] [log level] # logging device must be one of 24 kinds of standard syslog facility the following: # Kern, the User, mail, daemon, auth, syslog, LPR, News, uucp, cron, auth2, the FTP, ntp, # Audit, Alert, cron2, local0, local1, local2, local3, local4, local5, local6, local7 # where log device to be defined in the /etc/syslog.conf log collection consistent. # Log level four: err, warning, info, debug , defaults to info log 127.0.0.1 local0 maximum number of connections # 4096 maxconn chroot / usr / local / HAProxy # current working directory user uid 99 # belongs run uid, also can use user [username] user group id gid 99 # ordinary operation, may be used group [group name] daemon runs as station # after haproxy # start number haproxy process. Practical work, the process is generally the same with the number of cores CPU. So you can play the greatest performance nbproc 1 pidfile /usr/local/haproxy/run/haproxy.pid #pid file location #debug # debug mode, output enable information to standard output. When using the wrong tune #quiet # silent mode, no output at startup defaults # default settings log global # application log configuration global output orientation # log file. Log level is generated local3 system local1-7, user-defined. Log 127.0.0.1 local3 # mode of operation, the protocol type of process # parameter value may be http | tcp | health, the default mode uses http #tcp 4 layers , http layer 7, Health only returns the OK mODE http Option # HTTPLOG log category describes http log # closed after each request is finished active http channel, do not support HAProxy keep-alive, only an analog implementation of this mode option httpclose option dontlognull # does not record the log generated air link # backend server if the client needs to obtain real ip, need to configure this parameter can be obtained from the client ip in Http Header Option forwardfor Option # redispatch when serverid hang the corresponding server, forced directed to other healthy server retries 2 # 2 times the connection fails considers server is not available, mainly through the back of the check to check maxconn 2000 # maximum number of connections balance roundrobin # load balancing algorithm to access address #haproxy monitoring page, by http: // localhost: 80 / haproxy -stats access stats URI / HAProxy-stats timeout connect 5000 # connection timeout, unit: ms ms. Equivalents contimeout timeout Client # 50000 client connection time. Equivalents clitimeout timeout # 50000 Server connection time server. Equivalent srvtimeout the MODE HTTP # health monitoring, full format as the Option httpchk <Method,> <uri> <Version> # Note that the actual work in the test, you should download a page for testing, # so this page should be a small page instead with the home side. Here are inspected once every second page. GET /index.html httpchk the Option frontend http # front-end configuration, port group receiving the request, the name can be customized http bind 0.0.0.0:80 # listening port, initiate http request to port 80, it will be forwarded to the backend ip settings and port default_backend http_back # forwarded to the back-end, back-end can customize the name http_back backend http_back # backend configuration, the rear end of the front end of the name must be the same configuration of Host server s1 192.168.1.7:80 weight 3 IP check # rear end of the port and weigh host IP s2 192.168.1.8:80 weight 3 check # backend server, port and tradeoffs
Above uid99, and gid99 are nobody, the system comes with.
[root@youxi1 haproxy-1.7.9]# id nobody uid=99(nobody) gid=99(nobody) 组=99(nobody)
In addition, back-end servers to format server [server name] [the IP address: port number] [parameter], the following parameters:
backup: set standby server, the other server load balancing in only scene may not enable the server Check: Start to monitor server status check this execution, which can be accomplished by means of additional finer setting of other parameters, such as : Inter: setting stateful inspection interval, in milliseconds, the default is 2000, can also be used to optimize this downinter fastinter and events according to the server topic delay rise: check status check is set, the off-line from a server offline state to the normal state requires a successful check the number of fall: check status check is set in a off-line from the normal state to the server offline, you need to check the number of successful cookie: setting value for the specified server cookie value, here designated will be checked in the inbound request, the first value is selected for this server will request the selected subsequent times, its object is to realize the function persistent connection maxconn: Specifies the maximum number of concurrent connections accepted by the server, if the hair to this number of connections the server is higher than the value specified here, which is placed in the request queue In other connections waiting to be released maxqueue: to determine their health status by the communication server observation condition, is disabled by default, which is supported types are "layer 4" and "layer 7", "layer 7 " http proxy only for the scene redir: enable redirection functions, will be sent to this service are the GET HEAD requests and response status code 302, it is noted that, not later use prefix /, and the relative address can not be used, to avoid cycle, e.g. server srv1 192..168.1.202: 80 redir http://imageserver.wangfeng7399.com the Check weight: weight, the default is 1 and the maximum is 256,0 said they did not participate in load balancing
Profile parameters Detailed view: https://blog.csdn.net/wngua/article/details/54618299
Haproxy generated startup scripts to change too much trouble directly copied as well. Note: This is the examples directory under decompression / haproxy.init modifications, but the reload is problematic. Want to reload need to manually enter commands.
[root@youxi1 haproxy-1.7.9]# vim /etc/init.d/haproxy #!/bin/sh # chkconfig: - 85 15 # description: HA-Proxy server # processname: haproxy # config: /usr/local/haproxy/etc/haproxy.cfg # Source function library. if [ -f /etc/init.d/functions ]; then . /etc/init.d/functions elif [ -f /etc/rc.d/init.d/functions ] ; then . /etc/rc.d/init.d/functions else exit 0 fi # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0 # This is our service name BASENAME=`haproxy` BIN=/usr/sbin/haproxy CFG=/usr/local/haproxy/etc/haproxy.cfg [ -f $CFG ] || exit 1 PIDFILE=/usr/local/haproxy/run/haproxy.pid LOCKFILE=/usr/local/haproxy/run/haproxy RETVAL=0 start() { quiet_check if [ $? -ne 0 ]; then echo "Errors found in configuration file, check it with '$BASENAME check'." return 1 fi echo -n "Starting $BASENAME: " daemon $BIN -D -f $CFG -p $PIDFILE RETVAL=$? echo [ $RETVAL -eq 0 ] && touch $LOCKFILE return $RETVAL } stop() { echo -n "Shutting down $BASENAME: " killproc $BASENAME -USR1 RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f $LOCKFILE [ $RETVAL -eq 0 ] && rm -f $PIDFILE return $RETVAL } restart() { quiet_check if [ $? -ne 0 ]; then echo "Errors found in configuration file, check it with '$BASENAME check'." return 1 fi stop start } reload() { if ! [ -s $PIDFILE ]; then return 0 fi quiet_check if [ $? -ne 0 ]; then echo "Errors found in configuration file, check it with '$BASENAME check'." return 1 fi $BIN -D -f $CFG -p $PIDFILE -sf $(cat $PIDFILE) } check() { $BIN -c -q -V -f $CFG } quiet_check() { $BIN -c -q -f $CFG } rhstatus() { status $BASENAME } condrestart() { [ -e $LOCKFILE ] && restart || : } # See how we were called. case "$1" in start) start ;; stop) stop ;; restart) restart ;; reload) reload ;; condrestart) condrestart ;; status) rhstatus ;; check) check ;; *) $ echo "Usage: $ {BASENAME Start | STOP | restart | reload | condrestart | Status |} the Check" Exit 1 esac ? Exit $ ! [root @ youxi1 HAProxy-1.7.9] # chmod + $ // add the X-execute permissions chmod + x /etc/init.d/haproxy
Make a soft link to start using the script (add environment variables have not tried), can also be directly copied over
[root@youxi1 haproxy-1.7.9]# ln -s /usr/local/haproxy/sbin/haproxy /usr/sbin/ [root@youxi1 haproxy-1.7.9]# ll /usr/sbin/haproxy lrwxrwxrwx 1 root root 31 7月 21 01:28 /usr/sbin/haproxy -> /usr/local/haproxy/sbin/haproxy
Create a pid storage directory, and modify the main haproxy belongs
[root@youxi1 haproxy-1.7.9]# mkdir /usr/local/haproxy/run [root@youxi1 haproxy-1.7.9]# chown -R nobody /usr/local/haproxy [root@youxi1 haproxy-1.7.9]# ll -d /usr/local/haproxy drwxr-xr-x 7 nobody root 64 7月 21 01:31 /usr/local/haproxy
Configure log file collection
[@ youxi1 the root-HAProxy 1.7.9] Vim /etc/rsyslog.conf # $ ModLoad imudp 15 to 16 // comment lines removed $ 514 UDPServerRun local7. * // This line of /var/log/boot.log line 73, add the following two lines in this line local3. * /var/log/haproxy.log // haproxy above needs a corresponding profile of local0. /var/log/haproxy.log * [@ youxi1 haproxy the root-1.7. 9] # systemctl restart rsyslog
start up
A method # [@ youxi1 HAProxy the root-1.7.9] # / usr / local / HAProxy / sbin / HAProxy /usr/local/haproxy/etc/haproxy.cfg -f [@ youxi1 the root-HAProxy 1.7.9] PS # the AUX | grep HAProxy ? the nobody 0.0 0.0 10654 12272 808 Ss 01:39 0:00 / usr / local / HAProxy / sbin / HAProxy -f /usr/local/haproxy/etc/haproxy.cfg root 10656 0.0 0.0 112 724 996 PTS / + 01:40 0:00 grep S 0 = Auto --color HAProxy # method II [youxi1 the root @ ~] # /etc/init.d/haproxy Start Reloading systemd: [OK] Starting HAProxy (Via systemctl): [OK] [root @ youxi1 ~] # PS the AUX | grep HAProxy // two lines message prompt information server is unavailable, because no configuration, display relatively slow, direct <Enter> on it Message from syslogd@localhost at Jul 21 01:43:02 ... haproxy[10763]: backend http_back has no server available! Message from syslogd@localhost at Jul 21 01:43:02 ... haproxy[10763]: backend http_back has no server available! nobody 10763 0.0 0.0 12272 804 ? Ss 01:42 0:00 /usr/sbin/haproxy -D -f /usr/local/haproxy/etc/haproxy.cfg -p /usr/local/haproxy/run/haproxy.pid root 10766 0.0 0.0 112724 992 pts/0 S+ 01:43 0:00 grep --color=auto haproxy
Special Note reload manually enter command how to do, mainly non-stop service to reload the configuration file, smooth transition
// First use ps aux | grep haproxy view there are several processes [root @ youxi1 ~] # ps aux | grep haproxy ? The nobody 12272 7224 0.0 0.0 828 Ss 16:57 0:00 / usr / sbin / HAProxy -D -f -p /usr/local/haproxy/run/haproxy.pid /usr/local/haproxy/etc/haproxy.cfg the root 7511 0.0 0.0 112 724 996 PTS / S + 16:58 0:00 0 = Auto grep --color HAProxy / / If only one process, then the above command to copy it, append -sf [pid] [root @ youxi1 ~] # / usr / sbin / HAProxy -D -f /usr/local/haproxy/etc/haproxy.cfg - 7224 /usr/local/haproxy/run/haproxy.pid -sf the p- [root @ youxi1 ~] # PS the AUX | grep HAProxy ? the nobody 12272 7513 0.0 0.0 824 Ss 17:00 0:00 / usr / sbin / -D HAProxy -p /usr/local/haproxy/run/haproxy.pid -SF5 7224 /usr/local/haproxy/etc/haproxy.cfg -f the root 7516 0.0 0.0 112 724 996 PTS / S 0 + 17:00 0:00 grep - color = auto haproxy // If more than one command, or do not want to see the PID, you can also copy the above command, the best $ -sf (CAT /usr/local/haproxy/run/haproxy.pid) [root @ youxi1 ~] # / usr / sbin / haproxy -D -f /usr/local/haproxy/etc/haproxy.cfg -p /usr/local/haproxy/run/haproxy.pid -sf $ (cat /usr/local/haproxy/run/haproxy.pid ) [root @ youxi1 ~] # PS the AUX | grep HAProxy ? the nobody 12272 7532 0.0 0.0 824 Ss 17:03 0:00 / usr / sbin / HAProxy -D -f /usr/local/haproxy/etc/haproxy.cfg - /usr/local/haproxy/run/haproxy.pid -SF5 7513 P the root 7534 0.0 0.0 112 724 992 PTS / S + 17:03 0:00 0 = Auto HAProxy grep --color
Add boot from Kai
[root @ youxi1 ~] # the chkconfig --add HAProxy [root @ youxi1 ~] # HAProxy the chkconfig --list HAProxy 0: Off 1: Off 2: Off 3: Off 4: Off 5: Off 6: Off [root @ youxi1 ~] # HAProxy the chkconfig ON [youxi1 the root @ ~] # HAProxy the chkconfig --list HAProxy 0: off 1: off 2: opening 3: On 4: opening 5: opening 6: off
End all haproxy, using killall (do not use killall5, seems to lead to disconnection, it might be a problem with me), if not using the killall command yum -y install psmisc installation
[root@youxi1 ~]# killall haproxy [root@youxi1 ~]# ps aux | grep haproxy root 10786 0.0 0.0 112724 996 pts/0 S+ 01:44 0:00 grep --color=auto haproxy
If the firewall is turned on to remember to add the port number
[root@youxi1 ~]# firewall-cmd --permanent --zone=public --add-port=80/tcp && firewall-cmd --reload success success
2) arranged back-end servers and youxi3 youxi2
I am here to do the experiment, keep things simple.
[root@youxi2 ~]# yum -y install httpd php [root@youxi2 ~]# echo youxi2 > /var/www/html/index.html [root@youxi2 ~]# systemctl start httpd [root@youxi2 ~]# systemctl enable httpd Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. [root@youxi1 ~]# yum -y install httpd php [root@youxi1 ~]# echo youxi3 > /var/www/html/index.html [root@youxi1 ~]# systemctl start httpd [root@youxi1 ~]# systemctl enable httpd Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
Remember to add the port number when starting the firewall
[root@youxi2 ~]# firewall-cmd --permanent --zone=public --add-port=80/tcp && firewall-cmd --reload success success [root@youxi3 ~]# firewall-cmd --permanent --zone=public --add-port=80/tcp && firewall-cmd --reload success success
3) Testing
First check under the supervision of page
And direct access to the load balancer
Looking back at this time monitoring page, you can see the average allocation