Haproxy Detailed Description and configuration files

About HAProxy

   Official website: http: //www.haproxy.com

   HAProxy provide high availability, load balancing, and application-based TCP and HTTP proxy support virtual hosts, it's free, fast and reliable a load balancing solution. Suitable for handling high load site of seven data requests. Similar proxy service can shield the internal real servers, internal servers to prevent attacks.
   HAProxy features and advantages:
   1. Original support the SSL, client and server support of the SSL
   2. IPv6 support sleeve and UNIX bytes (Sockets)
   3. the Keep-Alive support the HTTP
   4. supports HTTP / 1.1 compression, save bandwidth
   5 support for optimizing health detection mechanisms (SSL, TCP Scripted, the Check Agent ...)
   6. support layer 7 load balancing.
   7. reliability and stability is very good.
   8. 40000-50000 a concurrent connections, maximum request unit time 20000, the maximum data processing 10Gbps.
   9. The load balancing algorithm supports 8, while maintaining support session.
   10. Supports virtual hosts.
   11. Support connection refused, transparent proxy.
   12. have server status monitoring page.
   13. Support ACL.

 

 HAProxy order for the same Client Access server can keep the session. There are three solutions: client IP, Cookie and Session
   computing 1.HAProxy by client IP Hash and stored, in order to ensure when the same IP Access Proxy can be forwarded to a fixed real server.
   2.HAProxy rely Cookie real server sends the client a session information maintained.
   3.HAProxy Session will save the real server and server to identify, implement session remains.
   (HAProxy backend server can only requires network connectivity, not as tedious as LVS ARP configuration)

 HAProxy balance8 kind of load balancing algorithms:
   1.roundrobin: Weight-based polling.
   2.static-rr: Weight-based polling. Static algorithm, change can not take effect runtime
   3.source: request source IP-based algorithm. A request source IP performs the hash function, then the total number of back-end server with the right results forwarded to a re-think the other matching server station. The same IP client requests are always forwarded to a specific back-end server.
   4.leastconn: minimum connection. (For database load balancing, not suitable for short sessions of environment) 
   5.uri: URI part or as a whole performs the hash function, then the total weight want to the server in addition to, and finally forwarded to the back-end match.
   6.uri_param: forwarded based on the URL path parameters to ensure that in the case of the number of back-end server unchanged, the same user requests are distributed to the same machine.
   7.hdr (<name>): The forwarding http header, if there is no http header. It uses simple round robin.

 HAProxy main mode
   1.tcp mode: In this mode, between the client and the server will establish a full-duplex connection, and will not have to do any simple mode packet processing layer 7. This default mode, typically used for SSL, SSH, SMTP application.
   2.http mode (general use): In this mode, in-depth analysis by the client before being forwarded to the backend server requests, all non-RFC-compliant format requests are denied.
   

 

HAProxy installation and configuration file parameters

   HAProxy installation

yum -y install haproxy

   HAProxy environment

haproxy profile generally divided into three parts: global (Global portion) Defaults (default configuration section) the listen (application component part)
Profile: /etc/haproxy/haproxy.cfg 

1.        #################### global configuration ######################## 
2.        ####### is a process-level parameters, usually operating system (OS) related ######### 
3. global 
4.        maxconn 20480 # default maximum number of connections 
5.        log 127.0.0.1 local0 # log output configuration, all log records are present in the system log, the output local0
6.        log 127.0.0.1 local1 notice #notice for the log level, usually 24 levels (error warringinfo debug)
7.        Path chroot / var / haproxy #chroot run 
8.        User uid 99 # belongs run uid 
9.        User group belongs running gid 99 # 
10.        After running daemon # table form haproxy 
11.        nbproc number # 1 process (you can set up multiple processes to improve performance) 
12.        pid storage path pidfile /var/run/haproxy.pid #haproxy, the user starts the process must have permission to access this file 
13.        Quantity of ulimit-n 65535 #ulimit 
14.        #####################default setting###################### 
15.        These parameters ## may be configured to use frontend, backend, listen assembly ## 
16. defaults 
17.        log global 
18.        Category mode http # processed (# 7 layer http; 4 layer tcp) 
19.        maxconn 20480 # maximum number of connections 
20.        option httplog # http log format log category 
21.        After the completion of each option httpclose # http request to close the active channel 
22.        option dontlognull # does not record health check log information 
23.        option forwardfor # If the back-end server need to get real client ip parameters need to be configured, you can get the client ip from the Http Header  
24.        After the option redispatch #serverId corresponding server hang, forcing directed to other healthy server  
25.        option abortonclose # when high server load time, automatically off the end of the current queue processing relatively long connection 
26.        stats refresh 30 # statistics page refresh interval 
27.        retries 3 # 3 times the connection fails considers service is unavailable, you can also set back 
28.        balance roundrobin # default load balancing mode, polling 
29.       #balance source # default load-balanced manner, similar nginx's ip_hash 
30.       #balance leastconn # default load balancing mode, the minimum connection 
31.        contimeout 5000 # connection timeout 
32.        clitimeout 50000 # client timeout 
33.        srvtimeout 50000 # server timeout 
34.        timeout check 2000 # heartbeat timeout 
35.        Set ####################### #################### monitoring page 
36. Backend listen admin_status #Frontend and combinations thereof, the name of the group to monitor, on-demand custom name 
37.         bind 0.0.0.0:65532 # listening port 
38.         mode http #http the 7-layer model 
39.         log 127.0.0.1 local3 err # error logging 
40.         stats refresh 5s # monitor automatically refresh every 5 seconds a page 
41.         stats uri / admin? url stats # monitoring page 
42.         stats realm itnihao \ prompt itnihao # monitoring page 
43.         stats auth admin: user and password admin admin # monitoring page, you can set up multiple user names 
44.         stats auth admin1: admin1 # monitoring page of user and password admin1 
45.         stats hide-version # version HAproxy hide information on the statistics page  
46.         stats admin if TRUE # manually enable / disable, back-end server (after haproxy-1.4.9 version) 
47.        errorfile 403 /etc/haproxy/errorfiles/403.http 
48.        errorfile 500 /etc/haproxy/errorfiles/500.http 
49.        errorfile 502 /etc/haproxy/errorfiles/502.http 
50.        errorfile 503 /etc/haproxy/errorfiles/503.http 
51.        errorfile 504 /etc/haproxy/errorfiles/504.http 
52.        Logging content ################# HAProxy set ################### 
53.        capture request  header Host           len 40 
54.        capture request  header Content-Length len 10 
55.        capture request  header Referer        len 200 
56.        capture response header Server         len 40 
57.        capture response header Content-Length len 10 
58.        capture response header Cache-Control  len 8 
59.        ####################### Website Monitoring listen to configure ##################### 
60.        ########### This is mainly to monitor usage haproxy back-end server monitoring status ############ 
61. listen site_status 
62.        bind 0.0.0.0:1081 # listening port 
63.        mode http #http the 7-layer model 
64.        log 127.0.0.1 local3 err             #[err warning info debug] 
65.        monitor-uri / site_status # health monitoring website URL, used to detect whether the site can be managed HAProxy with a normal return 200, 503 does not return to normal 
66.        Returns true if the number of effective strategies when the machine lt 2 # define site down acl site_dead nbsrv (server_web) hanging on the load balancing when the stage 1 is less than the specified backend 
67.        acl site_dead nbsrv(server_blog) lt 2 
68.        acl site_dead nbsrv(server_bbs)  lt 2  
69.        monitor fail if site_dead # when satisfied return policy 503, online documentation says that 500, 503 for the actual test 
70.        monitor-net 192.168.16.2/32 # 192.168.16.2 from the log information will not be recorded and forwarded 
71.        monitor-net 192.168.16.3/32 
72.        ######## frontend configuration ############ 
73.        ##### Note, frontend configuration which can define a plurality of matching operation ######## acl 
74. frontend http_80_in 
75.        bind 0.0.0.0:80 # listening port, which provides web services haproxy port, and the port lvs similar vip 
76.        mode http #http the 7-layer model 
77.        log global # apply global logging configuration 
78.        option httplog # Enable the log http 
79.        each option httpclose # http request After completion of the actively closed channel, HA-Proxy keep-alive mode is not supported 
80.        option forwardfor # If the back-end server need to get real IP clients need to configure the time parameters, you will be able to get the client IP from the Http Header 
81.        ######## acl policy configuration ############# 
82.        acl itnihao_web hdr_reg(host) -i ^(www.itnihao.cn|ww1.itnihao.cn)$    
83.        # If the requested domain name to meet the regular expression in the two domain names are case insensitive return true -i 
84.        acl itnihao_blog hdr_dom(host) -i blog.itnihao.cn 
85.        # If the requested domain name is to meet www.itnihao.cn return true -i to ignore case 
86.        #acl itnihao    hdr(host) -i itnihao.cn 
87.        # If the requested domain name is to meet itnihao.cn return true -i to ignore case 
88.        #acl file_req url_sub -i  killall= 
89.        # Included in the request url in killall =, then this control strategy returns true, false otherwise 
90.        #acl dir_req url_dir -i allow 
91.        # Presence allow a portion of the address path, this control strategy returns true in the request url, false otherwise 
92.        #acl missing_cl hdr_cnt(Content-length) eq 0 
93.        When the request header # Content-length equal Returns true 0 when 
94.        ######## acl policy match the corresponding ############# 
95.        #block if missing_cl 
96.        When the request # Content-length header is equal to 0 to prevent return request 403 
97.        #block if !file_req || dir_req 
98.        #block represents block requests, returns a 403 error, if the current representation does not meet the policy file_req, or to meet the policy dir_req, the request is blocked 
99.        use_backend  server_web  if itnihao_web 
100.        # Use backend server_web when itnihao_web strategy to meet 
101.        use_backend  server_blog if itnihao_blog 
102.        # When using backend server_blog meet itnihao_blog strategy 
103.        #redirect prefix http://blog.itniaho.cn code 301 if itnihao 
104.        # When the access itnihao.cn, with 301 http pick to http://192.168.16.3 
105.        default_backend server_bbs 
106.        # Above are not met when using the default server_bbs the backend 
107.        ########## backend settings ############## 
108.        # Now I will set up three groups of servers server_web, server_blog, server_bbs
109. ###########################backend server_web############################# 
110. backend server_web 
111.        mode http #http the 7-layer model 
112.        balance roundrobin # load-balanced manner, roundrobin average way 
113.        cookie SERVERID # serverid permit insertion in a cookie, may be defined later serverid 
114.        option httpchk GET /index.html # heartbeat file 
115.        server web1 192.168.16.2:80 cookie web1 check inter 1500 rise 3 fall 3 weight 1  
116.        # Server definition, cookie 1 represents serverid is web1, check inter 1500 is to detect heart rate rise 3 times 3 is considered correct server is available, 
117.        #fall 3 is 3 failed think server is unavailable, weight represents the weight 
118.        server web2 192.168.16.3:80 cookie web2 check inter 1500 rise 3 fall 3 weight 2 
119.        # Server definition, cookie 1 represents serverid as web2, check inter 1500 is to detect heart rate rise 3 times 3 is considered correct server is available, 
120.        #fall 3 is 3 failed think server is unavailable, weight represents the weight 
121. ###################################backend server_blog############################################### 
122. backend server_blog 
123.        mode http #http the 7-layer model 
124.        balance roundrobin # load-balanced manner, roundrobin average way 
125.        cookie SERVERID # serverid permit insertion in a cookie, may be defined later serverid 
126.        option httpchk GET /index.html # heartbeat file 
127.        server blog1 192.168.16.2:80 cookie blog1 check inter 1500 rise 3 fall 3 weight 1  
128.        # Server definition, cookie 1 represents serverid is web1, check inter 1500 is to detect heart rate rise 3 times 3 is considered correct server is available, fall 3 is 3 failed think server is unavailable, weight represents the weight 
129.        server blog2 192.168.16.3:80 cookie blog2 check inter 1500 rise 3 fall 3 weight 2 
130.         # Server definition, cookie 1 represents serverid as web2, check inter 1500 is to detect heart rate rise 3 times 3 is considered correct server is available, fall 3 is 3 failed think server is unavailable, weight represents the weight 
131. ###################################backend server_bbs############################################### 
132. backend server_bbs 
133.        mode http #http the 7-layer model 
134.        balance roundrobin # load-balanced manner, roundrobin average way 
135.        cookie SERVERID # serverid permit insertion in a cookie, may be defined later serverid 
136.        option httpchk GET /index.html # heartbeat file 
137.        server bbs1 192.168.16.2:80 cookie bbs1 check inter 1500 rise 3 fall 3 weight 1  
138.        # Server definition, cookie 1 represents serverid is web1, check inter 1500 is to detect heart rate rise 3 times 3 is considered correct server is available, fall 3 is 3 failed think server is unavailable, weight represents the weight 
139.        server bbs2 192.168.16.3:80 cookie bbs2 check inter 1500 rise 3 fall 3 weight 2 
140.         # Server definition, cookie 1 represents serverid as web2, check inter 1500 is to detect heart rate rise 3 times 3 is considered correct server is available, fall 3 is 3 failed think server is unavailable, weight represents the weight 

 

 

 

haproxy modify configuration files

[root@localhost ~] # vim /etc/haproxy/haproxy.cfg # this config needs haproxy-1.1.28 or haproxy-1.2.1   global #   log 127.0.0.1   local0 #   log 127.0.0.1   local1 notice      log /dev/log     local0 info      log /dev/log     local0 notice      maxconn 4096      uid 99      gid 99      daemon   defaults      log global      mode    http      option  httplog      retries 3      maxconn 4096      contimeout  5000      clitimeout  50000      srvtimeout  50000   listen  webcluster 0.0.0.0:80      option  httpchk GET /index .html      balance roundrobin      server  inst1 192.168.200.103:80 check inter 2000 fall 3      server  inst1 192.168.200.104:80 check inter 2000 fall 3   listen admin_stats      bind 0.0.0.0:8000      mode http      option httplog      maxconn 100      stats refresh 30s      stats uri /stats      stats realm Crushlinux\ Haproxy          stats auth admin:admin      stats hide-version

　　

5.5 Preparation Services from startup script

[root@localhost ~] # cp /usr/src/haproxy-1.4.24/examples/haproxy.init /etc/init.d/haproxy [root@localhost ~] # ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy [root@localhost ~] # chmod +x /etc/init.d/haproxy [root@localhost ~] # /etc/init.d/haproxy start Starting haproxy:                                          [确定]

Haproxy log

Haproxy 的日志默认输出到系统的syslog中，为了更好的管理Haproxy 的日志，在生产环境中一般单独定义出来。
8.1 修改Haproxy配置文件中关于日志配置选项，

[root@localhost ~] # vim /etc/haproxy/haproxy.cfg # this config needs haproxy-1.1.28 or haproxy-1.2.1   global      #log 127.0.0.1  local0      #log 127.0.0.1  local1 notice            log /dev/log     local0 info      log /dev/log     local0 notice [root@localhost ~] # service haproxy restart Shutting down haproxy:                                     [确定] Starting haproxy:                                          [确定]

这两行配置放到global选项中，主要是将Haproxy的info和notice日志分别记录到不同的日志文件中

8.2 修改rsyslog配置
为了便于管理，将Haproxy相关的配置独立定义到haproxy.conf 并放到/etc/rsyslog.d/ 下，rsyslog启动时会自动加载此目录下的所有配置文件。

[root@localhost ~] # vim /etc/rsyslog.d/haproxy.conf if  ($programname == 'haproxy'  and $syslogserverity-text == 'info' ) then  - /var/log/haproxy/haproxy-info .log &~ if  ($programname == 'haproxy'  and $syslogserverity-text == 'notice' ) then  - /var/log/haproxy/haproxy-notice .log &~

将haproxy的info日志记录到/var/log/haproxy/haproxy-info.log中，将notice日志记录到/var/log/haproxy/haproxy-notice.log中，将notice日志记录到/var/log/haproxy/haproxy-notice
&~ 表示当写入到日志文件后，rsyslog停止处理这个信息，（rainerscript 脚本语言）

重启rsyslog服务
[root@localhost ~]# service rsyslog restart
关闭系统日志记录器： [确定]
启动系统日志记录器： [确定]

8.3 查看日志文件是否创建成功

[root@localhost ~] # ls -l /var/log/haproxy/haproxy-info.log [root@localhost ~] # ls -l /var/log/haproxy/haproxy-notice.log   Sep 20 23:39:26 localhost haproxy[2674]: 192.168.200.1:51629 [20 /Sep/2015 :23:38:27.256] web-cluster web-cluster /inst2  0 /0/0/1/59740  200 1648 - - CD-- 0 /0/0/0/0  0 /0  "GET / HTTP/1.1" Sep 20 23:40:06 localhost haproxy[2674]: 192.168.200.1:51693 [20 /Sep/2015 :23:39:34.423] web-cluster web-cluster /inst2  0 /0/0/0/32120  200 580 - - ---- 1 /1/1/1/0  0 /0  "GET / HTTP/1.1"

8.4 状态统计功能测试