1, HAPROXY Profile
HAProxy provide high availability, load balancing, and proxy TCP and HTTP-based applications, support for virtual hosts, it's free, fast and reliable a load balancing solution. HAProxy especially for those large load of web sites that usually they need to maintain or seven treatment sessions. HAProxy running on current hardware can support thousands of concurrent connections. And its mode of operation makes it really simple to integrate into your current security architecture, while protecting your web server is not exposed to the network.
Official website: http: //www.haproxy.com
2, HAProxy is characterized by:
1, HAProxy support virtual hosts.
2, can complement the advantages HAProxy Nginx some disadvantages, such as the support Session holding, guiding the Cookie; support back-end server state detected by obtaining a specified url.
3, HAProxy similar with LVS, itself just a load balancing software; simple HAProxy will have better load balancing in terms of speed from the efficiency ratio Nginx, on concurrent processing is superior to the Nginx.
4, HAProxy support load balancing of TCP forwarding , load balancing can be read on MySQL, MySQL nodes on the back end to detect and load balancing, you can use LVS + Keepalived to do load balancing MySQL master-slave.
5, HAProxy load balancing strategy very much, HAProxy load balancing algorithm is now specific There are eight types:
① the RoundRobin, represents a simple poll, This much said, this is basically have load balancing;
② static-rr, expressed according to the weight, the proposed attention;
③ leastconn, represents the minimum connection, first treatment, the proposed attention;
④ source, shows a request source IP, this with IP_hash mechanism Nginx similar, we use it as a way to solve the session problem, proposes a focus on ;
⑤ RI, shows a request URI;
⑥ rl_param, shows a request parameter URl 'Balance url_param' the requires the URL AN parameter name;
⑦ HDR (name), a locking head shows a HTTP request for each HTTP request;
⑧ rdp-cookie (name), represents, according cookie (name) to lock in accordance with TCP and hash every request.
3, haproxy configuration into five parts Detailed
1, global: process-level parameters are usually related and operating system. These parameters are generally set once, if configured correctly, you do not need to be modified again
2, defaults: the default configuration parameters that can be used frontend, backend, Listen assembly
3, frontend: front end virtual node that receives the request, Frontend rules can be more particularly used directly specified backend backend
4, backend: cluster configuration back-end services, real server, a Backend server corresponds to one or more entities
5, Listen Fronted backend and combinations thereof
4, Case environment:
IP address of the primary host operating system software
------------------------------------------ ----------------------------------
Haproxy CentOS6.6 x86_64 192.168.200.101 HAProxy-1.4.24.tar. GZ
Nginx1 CentOS6.6 the x86_64 192.168.200.103 Nginx-1.6.2.tar.gz
Nginx2 CentOS6.6 the x86_64 192.168.200.104 Nginx-1.6.2.tar.gz
5, the installation configuration Haproxy
5.1 Installation Haproxy source package dependencies and compiler installation
[root@localhost ~]# yum -y install gcc gcc-c++ make pcre-devel bzip2-devel
[root@localhost ~]# tar xf haproxy-1.4.24.tar.gz -C /usr/src/
[root@localhost ~]# cd /usr/src/haproxy-1.4.24/
[root@localhost haproxy-1.4.24]# make TARGET=linux26 && make install
|
5.2 Establishing the Configuration directory and file of haproxy
[root@localhost haproxy-1.4.24]# mkdir /etc/haproxy
[root@localhost haproxy-1.4.24]# cp examples/haproxy.cfg /etc/haproxy/
|
Introduction 5.3 haproxy configuration items
###########全局配置#########
global
log 127.0.0.1 local0 #日志输出配置,所有日志都记录在本机系统日志,通过local0输出
log 127.0.0.1 local1 notice #notice为日志级别,通常有24个级别(error warringinfo debug)
nbproc 1 #设置进程数量,通常是CPU核心数或者2倍
pidfile /etc/haproxy/haproxy.pid #haproxy 进程PID文件
maxconn 4096 #最大连接数(需考虑ulimit-n限制 )
#chroot /usr/share/haproxy #chroot运行路径
uid 99 #用户uid
gid 99 #用户gid
daemon #守护进程模式,以后台服务形式允许
#debug #haproxy 调试级别,建议只在开启单进程的时候调试
########默认配置############
defaults
log global #定义日志为global配置中的日志定义
mode http #默认的模式mode { tcp|http|health },tcp是4层,http是7层,health只会返回OK
option httplog #日志类别,采用http日志格式记录日志
#option dontlognull #不记录健康检查日志信息
retries 3 #检查节点服务器失败次数,连续达到三次失败,则认为节点不可用
#option forwardfor #如果后端服务器需要获得客户端真实ip需要配置的参数,可以从Http Header中获得客户端i
#option httpclose #每次请求完毕后主动关闭http通道,haproxy不支持keep-alive,只能模拟这种模式的实现
maxconn 4096 #最大连接数
contimeout 5000 #连接超时时间
clitimeout 50000 #客户端超时时间
srvtimeout 50000 #服务器超时时间
#timeout check 2000 #心跳检测超时
#timeout http-keep-alive10s #默认持久连接超时时间
#timeout http-request 10s #默认http请求超时时间
#timeoutqueue 1m #默认队列超时时间
########统计页面配置########
listen admin_stats
bind 0.0.0.0:1080 #设置Frontend和Backend的组合体,监控组的名称,按需要自定义名称
mode http #http的7层模式
option httplog #采用http日志格式
#log 127.0.0.1 local0 err #错误日志记录
maxconn 10 #默认的最大连接数
stats refresh 30s #统计页面自动刷新时间
stats uri /stats #统计页面url
stats realm Crushlinux\ Haproxy #统计页面密码框上提示文本
stats auth admin:admin #设置监控页面的用户和密码:admin,可以设置多个用户名
stats hide-version #隐藏统计页面上HAProxy的版本信息
#stats admin if TRUE #设置手工启动/禁用,后端服务器(haproxy-1.4.9以后版本)
########设置haproxy 错误页面#####
errorfile 403 /home/haproxy/haproxy/errorfiles/403.http
errorfile 500 /home/haproxy/haproxy/errorfiles/500.http
errorfile 502 /home/haproxy/haproxy/errorfiles/502.http
errorfile 503 /home/haproxy/haproxy/errorfiles/503.http
errorfile 504 /home/haproxy/haproxy/errorfiles/504.http
########frontend前端配置##############
bibind *:80 #这里建议使用bind *:80的方式,要不然做集群高可用的时候有问题,vip切换到其他机器就不能访问了。
acl web hdr(host) -i www.abc.com #acl后面是规则名称,-i是要访问的域名,
acl img hdr(host) -i img.abc.com #如果访问www.abc.com这个域名就分发到下面的webserver 的作用域。
#如果访问img.abc.com.cn就分发到imgserver这个作用域。
use_backend webserver if web
use_backend imgserver if img
########backend后端配置##############
backend webserver #webserver作用域
mode http
balance roundrobin #banlance roundrobin 轮询,balance source 保存session值,支持static-rr,leastconn,first,uri等参数
option httpchk /index.html HTTP/1.0 #健康检查,检测文件,如果分发到后台index.html访问不到就不再分发给它
server web1 192.168.200.103:80 cookie 1 weight 1 check inter 2000 rise 2 fall 3
server web2 192.168.200.104:80 cookie 2 weight 1 check inter 2000 rise 2 fall 3
#cookie 1表示serverid为1,check inter 1500 是检测心跳频率
#rise 2是2次正确认为服务器可用,fall 3是3次失败认为服务器不可用,weight代表权重
backend imgserver
mode http
option httpchk /index.php
balance roundrobin
server img01 192.168.200.105:80 check inter 2000 fall 3
server img02 192.168.200.106:80 check inter 2000 fall 3
########tcp配置#################
listen test1
bind 0.0.0.0:90
mode tcp
option tcplog #日志类别,采用tcplog
maxconn 4086
#log 127.0.0.1 local0 debug
server s1 192.168.200.107:80 weight 1
server s2 192.168.200.108:80 weight 1
|
5.4 haproxy modify configuration files
[root@localhost ~]# vim /etc/haproxy/haproxy.cfg
# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
# log 127.0.0.1 local0
# log 127.0.0.1 local1 notice
log /dev/log local0 info
log /dev/log local0 notice
maxconn 4096
uid 99
gid 99
daemon
defaults
log global
mode http
option httplog
retries 3
maxconn 4096
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen webcluster 0.0.0.0:80
option httpchk GET /index.html
balance roundrobin
server inst1 192.168.200.103:80 check inter 2000 fall 3
server inst1 192.168.200.104:80 check inter 2000 fall 3
listen admin_stats
bind 0.0.0.0:8000
mode http
option httplog
maxconn 100
stats refresh 30s
stats uri /stats
stats realm Crushlinux\ Haproxy
stats auth admin:admin
stats hide-version
|
5.5 Preparation Services from startup script
[root@localhost ~]# cp /usr/src/haproxy-1.4.24/examples/haproxy.init /etc/init.d/haproxy
[root@localhost ~]# ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy
[root@localhost ~]# chmod +x /etc/init.d/haproxy
[root@localhost ~]# /etc/init.d/haproxy start
Starting haproxy: [确定]
|
6, installation configuration Nginx Web Service
6.1 Set up a Nginx1,
|
1
2
3
4
5
6
7
8
9
10
|
[root@localhost ~]# yum -y install gcc gcc-c++ make pcre-devel zlib-devel openssl-devel
[root@localhost ~]# useradd -M -s /sbin/nologin nginx
[root@localhost ~]# tar xf nginx-1.6.2.tar.gz -C /usr/src
[root@localhost ~]# cd /usr/src/nginx-1.6.2
[root@localhost nginx-1.6.2]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx && make && make install
[root@localhost nginx-1.6.2]# cd /usr/local/nginx/html/
[root@localhost html]# echo "server 192.168.200.103" > index.html
[root@localhost html]# /usr/local/nginx/sbin/nginx
[root@localhost html]# netstat -anpt |grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4503/nginx
|
6.2 搭建nginx2, 同nginx1搭建方式是一样的。
与6.1唯一不同的是:
[root@localhost html]# echo "server 192.168.200.104" > index.html
|
注意:nginx服务控制方式
/usr/local/nginx/sbin/nginx 启动服务
killall -s HUP nginx 重新加载服务
killall -s QUIT nginx 退出服务
7、客户端访问测试:
用浏览器打开 http://192.168.200.101
打开一个新的浏览器再次访问 http://192.168.200.101
可以验证两次访问到的结果分别为:
server 192.168.200.103
server 192.168.200.104
8、Haproxy 日志
Haproxy 的日志默认输出到系统的syslog中,为了更好的管理Haproxy 的日志,在生产环境中一般单独定义出来。
8.1 修改Haproxy配置文件中关于日志配置选项,
[root@localhost ~]# vim /etc/haproxy/haproxy.cfg
# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
#log 127.0.0.1 local0
#log 127.0.0.1 local1 notice
log /dev/log local0 info
log /dev/log local0 notice
[root@localhost ~]# service haproxy restart
Shutting down haproxy: [确定]
Starting haproxy: [确定]
|
这两行配置放到global选项中,主要是将Haproxy的info和notice日志分别记录到不同的日志文件中
8.2 修改rsyslog配置
为了便于管理,将Haproxy相关的配置独立定义到haproxy.conf 并放到/etc/rsyslog.d/ 下,rsyslog启动时会自动加载此目录下的所有配置文件。
[root@localhost ~]# vim /etc/rsyslog.d/haproxy.conf
if ($programname == 'haproxy' and $syslogserverity-text == 'info') then -/var/log/haproxy/haproxy-info.log
&~
if ($programname == 'haproxy' and $syslogserverity-text == 'notice') then -/var/log/haproxy/haproxy-notice.log
&~
|
将haproxy的info日志记录到/var/log/haproxy/haproxy-info.log中,将notice日志记录到/var/log/haproxy/haproxy-notice.log中,将notice日志记录到/var/log/haproxy/haproxy-notice
&~ 表示当写入到日志文件后,rsyslog停止处理这个信息,(rainerscript 脚本语言)
重启rsyslog服务
[root@localhost ~]# service rsyslog restart
关闭系统日志记录器: [确定]
启动系统日志记录器: [确定]
8.3 查看日志文件是否创建成功
[root@localhost ~]# ls -l /var/log/haproxy/haproxy-info.log
[root@localhost ~]# ls -l /var/log/haproxy/haproxy-notice.log
Sep 20 23:39:26 localhost haproxy[2674]: 192.168.200.1:51629 [20/Sep/2015:23:38:27.256] web-cluster web-cluster/inst2 0/0/0/1/59740 200 1648 - - CD-- 0/0/0/0/0 0/0 "GET / HTTP/1.1"
Sep 20 23:40:06 localhost haproxy[2674]: 192.168.200.1:51693 [20/Sep/2015:23:39:34.423] web-cluster web-cluster/inst2 0/0/0/0/32120 200 580 - - ---- 1/1/1/1/0 0/0 "GET / HTTP/1.1"
|
8.4 状态统计功能测试
