About HAProxy
Official website: http: //www.haproxy.com
HAProxy provide high availability, load balancing, and application-based TCP and HTTP proxy support virtual hosts, it's free, fast and reliable a load balancing solution. Suitable for handling high load site of seven data requests. Similar proxy service can shield the internal real servers, internal servers to prevent attacks.
HAProxy features and advantages:
1. Original support the SSL, client and server support of the SSL
2. IPv6 support sleeve and UNIX bytes (Sockets)
3. the Keep-Alive support the HTTP
4. supports HTTP / 1.1 compression, save bandwidth
5 support for optimizing health detection mechanisms (SSL, TCP Scripted, the Check Agent ...)
6. support layer 7 load balancing.
7. reliability and stability is very good.
8. 40000-50000 a concurrent connections, maximum request unit time 20000, the maximum data processing 10Gbps.
9. The load balancing algorithm supports 8, while maintaining support session.
10. Supports virtual hosts.
11. Support connection refused, transparent proxy.
12. have server status monitoring page.
13. Support ACL.
HAProxy order for the same Client Access server can keep the session. There are three solutions: client IP, Cookie and Session
computing 1.HAProxy by client IP Hash and stored, in order to ensure when the same IP Access Proxy can be forwarded to a fixed real server.
2.HAProxy rely Cookie real server sends the client a session information maintained.
3.HAProxy Session will save the real server and server to identify, implement session remains.
(HAProxy backend server can only requires network connectivity, not as tedious as LVS ARP configuration)
HAProxy balance8 kind of load balancing algorithms:
1.roundrobin: Weight-based polling.
2.static-rr: Weight-based polling. Static algorithm, change can not take effect runtime
3.source: request source IP-based algorithm. A request source IP performs the hash function, then the total number of back-end server with the right results forwarded to a re-think the other matching server station. The same IP client requests are always forwarded to a specific back-end server.
4.leastconn: minimum connection. (For database load balancing, not suitable for short sessions of environment)
5.uri: URI part or as a whole performs the hash function, then the total weight want to the server in addition to, and finally forwarded to the back-end match.
6.uri_param: forwarded based on the URL path parameters to ensure that in the case of the number of back-end server unchanged, the same user requests are distributed to the same machine.
7.hdr (<name>): The forwarding http header, if there is no http header. It uses simple round robin.
HAProxy main mode
1.tcp mode: In this mode, between the client and the server will establish a full-duplex connection, and will not have to do any simple mode packet processing layer 7. This default mode, typically used for SSL, SSH, SMTP application.
2.http mode (general use): In this mode, in-depth analysis by the client before being forwarded to the backend server requests, all non-RFC-compliant format requests are denied.
HAProxy installation and configuration file parameters
HAProxy installation
yum -y install haproxy
HAProxy environment
haproxy profile generally divided into three parts: global (Global portion) Defaults (default configuration section) the listen (application component part)
Profile: /etc/haproxy/haproxy.cfg
- #################### global configuration ########################
- ####### is a process-level parameters, usually operating system (OS) related #########
- global
- maxconn 20480 # default maximum number of connections
- log 127.0.0.1 local0 # log output configuration, all log records are present in the system log, the output local0
- log 127.0.0.1 local1 notice #notice for the log level, usually 24 levels (error warringinfo debug)
- Path chroot / var / haproxy #chroot run
- User uid 99 # belongs run uid
- User group belongs running gid 99 #
- After running daemon # table form haproxy
- nbproc number # 1 process (you can set up multiple processes to improve performance)
- pid storage path pidfile /var/run/haproxy.pid #haproxy, the user starts the process must have permission to access this file
- Quantity of ulimit-n 65535 #ulimit
- #####################default setting######################
- These parameters ## may be configured to use frontend, backend, listen assembly ##
- defaults
- log global
- Category mode http # processed (# 7 layer http; 4 layer tcp)
- maxconn 20480 # maximum number of connections
- option httplog # http log format log category
- After the completion of each option httpclose # http request to close the active channel
- option dontlognull # does not record health check log information
- option forwardfor # If the back-end server need to get real client ip parameters need to be configured, you can get the client ip from the Http Header
- After the option redispatch #serverId corresponding server hang, forcing directed to other healthy server
- option abortonclose # when high server load time, automatically off the end of the current queue processing relatively long connection
- stats refresh 30 # statistics page refresh interval
- retries 3 # 3 times the connection fails considers service is unavailable, you can also set back
- balance roundrobin # default load balancing mode, polling
- #balance source # default load-balanced manner, similar nginx's ip_hash
- #balance leastconn # default load balancing mode, the minimum connection
- contimeout 5000 # connection timeout
- clitimeout 50000 # client timeout
- srvtimeout 50000 # server timeout
- timeout check 2000 # heartbeat timeout
- Set ####################### #################### monitoring page
- Backend listen admin_status #Frontend and combinations thereof, the name of the group to monitor, on-demand custom name
- bind 0.0.0.0:65532 # listening port
- mode http #http the 7-layer model
- log 127.0.0.1 local3 err # error logging
- stats refresh 5s # monitor automatically refresh every 5 seconds a page
- stats uri / admin? url stats # monitoring page
- stats realm itnihao \ prompt itnihao # monitoring page
- stats auth admin: user and password admin admin # monitoring page, you can set up multiple user names
- stats auth admin1: admin1 # monitoring page of user and password admin1
- stats hide-version # version HAproxy hide information on the statistics page
- stats admin if TRUE # manually enable / disable, back-end server (after haproxy-1.4.9 version)
- errorfile 403 /etc/haproxy/errorfiles/403.http
- errorfile 500 /etc/haproxy/errorfiles/500.http
- errorfile 502 /etc/haproxy/errorfiles/502.http
- errorfile 503 /etc/haproxy/errorfiles/503.http
- errorfile 504 /etc/haproxy/errorfiles/504.http
- Logging content ################# HAProxy set ###################
- capture request header Host len 40
- capture request header Content-Length len 10
- capture request header Referer len 200
- capture response header Server len 40
- capture response header Content-Length len 10
- capture response header Cache-Control len 8
- ####################### Website Monitoring listen to configure #####################
- ########### This is mainly to monitor usage haproxy back-end server monitoring status ############
- listen site_status
- bind 0.0.0.0:1081 # listening port
- mode http #http the 7-layer model
- log 127.0.0.1 local3 err #[err warning info debug]
- monitor-uri / site_status # health monitoring website URL, used to detect whether the site can be managed HAProxy with a normal return 200, 503 does not return to normal
- Returns true if the number of effective strategies when the machine lt 2 # define site down acl site_dead nbsrv (server_web) hanging on the load balancing when the stage 1 is less than the specified backend
- acl site_dead nbsrv(server_blog) lt 2
- acl site_dead nbsrv(server_bbs) lt 2
- monitor fail if site_dead # when satisfied return policy 503, online documentation says that 500, 503 for the actual test
- monitor-net 192.168.16.2/32 # 192.168.16.2 from the log information will not be recorded and forwarded
- monitor-net 192.168.16.3/32
- ######## frontend configuration ############
- ##### Note, frontend configuration which can define a plurality of matching operation ######## acl
- frontend http_80_in
- bind 0.0.0.0:80 # listening port, which provides web services haproxy port, and the port lvs similar vip
- mode http #http the 7-layer model
- log global # apply global logging configuration
- option httplog # Enable the log http
- each option httpclose # http request After completion of the actively closed channel, HA-Proxy keep-alive mode is not supported
- option forwardfor # If the back-end server need to get real IP clients need to configure the time parameters, you will be able to get the client IP from the Http Header
- ######## acl policy configuration #############
- acl itnihao_web hdr_reg(host) -i ^(www.itnihao.cn|ww1.itnihao.cn)$
- # If the requested domain name to meet the regular expression in the two domain names are case insensitive return true -i
- acl itnihao_blog hdr_dom(host) -i blog.itnihao.cn
- # If the requested domain name is to meet www.itnihao.cn return true -i to ignore case
- #acl itnihao hdr(host) -i itnihao.cn
- # If the requested domain name is to meet itnihao.cn return true -i to ignore case
- #acl file_req url_sub -i killall=
- # Included in the request url in killall =, then this control strategy returns true, false otherwise
- #acl dir_req url_dir -i allow
- # Presence allow a portion of the address path, this control strategy returns true in the request url, false otherwise
- #acl missing_cl hdr_cnt(Content-length) eq 0
- When the request header # Content-length equal Returns true 0 when
- ######## acl policy match the corresponding #############
- #block if missing_cl
- When the request # Content-length header is equal to 0 to prevent return request 403
- #block if !file_req || dir_req
- #block represents block requests, returns a 403 error, if the current representation does not meet the policy file_req, or to meet the policy dir_req, the request is blocked
- use_backend server_web if itnihao_web
- # Use backend server_web when itnihao_web strategy to meet
- use_backend server_blog if itnihao_blog
- # When using backend server_blog meet itnihao_blog strategy
- #redirect prefix http://blog.itniaho.cn code 301 if itnihao
- # When the access itnihao.cn, with 301 http pick to http://192.168.16.3
- default_backend server_bbs
- # Above are not met when using the default server_bbs the backend
- ########## backend settings ##############
- # Now I will set up three groups of servers server_web, server_blog, server_bbs
- ###########################backend server_web#############################
- backend server_web
- mode http #http the 7-layer model
- balance roundrobin # load-balanced manner, roundrobin average way
- cookie SERVERID # serverid permit insertion in a cookie, may be defined later serverid
- option httpchk GET /index.html # heartbeat file
- server web1 192.168.16.2:80 cookie web1 check inter 1500 rise 3 fall 3 weight 1
- # Server definition, cookie 1 represents serverid is web1, check inter 1500 is to detect heart rate rise 3 times 3 is considered correct server is available,
- #fall 3 is 3 failed think server is unavailable, weight represents the weight
- server web2 192.168.16.3:80 cookie web2 check inter 1500 rise 3 fall 3 weight 2
- # Server definition, cookie 1 represents serverid as web2, check inter 1500 is to detect heart rate rise 3 times 3 is considered correct server is available,
- #fall 3 is 3 failed think server is unavailable, weight represents the weight
- ###################################backend server_blog###############################################
- backend server_blog
- mode http #http the 7-layer model
- balance roundrobin # load-balanced manner, roundrobin average way
- cookie SERVERID # serverid permit insertion in a cookie, may be defined later serverid
- option httpchk GET /index.html # heartbeat file
- server blog1 192.168.16.2:80 cookie blog1 check inter 1500 rise 3 fall 3 weight 1
- # Server definition, cookie 1 represents serverid is web1, check inter 1500 is to detect heart rate rise 3 times 3 is considered correct server is available, fall 3 is 3 failed think server is unavailable, weight represents the weight
- server blog2 192.168.16.3:80 cookie blog2 check inter 1500 rise 3 fall 3 weight 2
- # Server definition, cookie 1 represents serverid as web2, check inter 1500 is to detect heart rate rise 3 times 3 is considered correct server is available, fall 3 is 3 failed think server is unavailable, weight represents the weight
- ###################################backend server_bbs###############################################
- backend server_bbs
- mode http #http the 7-layer model
- balance roundrobin # load-balanced manner, roundrobin average way
- cookie SERVERID # serverid permit insertion in a cookie, may be defined later serverid
- option httpchk GET /index.html # heartbeat file
- server bbs1 192.168.16.2:80 cookie bbs1 check inter 1500 rise 3 fall 3 weight 1
- # Server definition, cookie 1 represents serverid is web1, check inter 1500 is to detect heart rate rise 3 times 3 is considered correct server is available, fall 3 is 3 failed think server is unavailable, weight represents the weight
- server bbs2 192.168.16.3:80 cookie bbs2 check inter 1500 rise 3 fall 3 weight 2
- # Server definition, cookie 1 represents serverid as web2, check inter 1500 is to detect heart rate rise 3 times 3 is considered correct server is available, fall 3 is 3 failed think server is unavailable, weight represents the weight
haproxy modify configuration files
[root@localhost ~]
# vim /etc/haproxy/haproxy.cfg
# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
# log 127.0.0.1 local0
# log 127.0.0.1 local1 notice
log
/dev/log
local0 info
log
/dev/log
local0 notice
maxconn 4096
uid 99
gid 99
daemon
defaults
log global
mode http
option httplog
retries 3
maxconn 4096
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen webcluster 0.0.0.0:80
option httpchk GET
/index
.html
balance roundrobin
server inst1 192.168.200.103:80 check inter 2000 fall 3
server inst1 192.168.200.104:80 check inter 2000 fall 3
listen admin_stats
bind 0.0.0.0:8000
mode http
option httplog
maxconn 100
stats refresh 30s
stats uri
/stats
stats realm Crushlinux\ Haproxy
stats auth admin:admin
stats hide-version
|
5.5 Preparation Services from startup script
[root@localhost ~]
# cp /usr/src/haproxy-1.4.24/examples/haproxy.init /etc/init.d/haproxy
[root@localhost ~]
# ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy
[root@localhost ~]
# chmod +x /etc/init.d/haproxy
[root@localhost ~]
# /etc/init.d/haproxy start
Starting haproxy: [确定]
|
Haproxy log
Haproxy 的日志默认输出到系统的syslog中,为了更好的管理Haproxy 的日志,在生产环境中一般单独定义出来。
8.1 修改Haproxy配置文件中关于日志配置选项,
[root@localhost ~]
# vim /etc/haproxy/haproxy.cfg
# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
#log 127.0.0.1 local0
#log 127.0.0.1 local1 notice
log
/dev/log
local0 info
log
/dev/log
local0 notice
[root@localhost ~]
# service haproxy restart
Shutting down haproxy: [确定]
Starting haproxy: [确定]
|
这两行配置放到global选项中,主要是将Haproxy的info和notice日志分别记录到不同的日志文件中
8.2 修改rsyslog配置
为了便于管理,将Haproxy相关的配置独立定义到haproxy.conf 并放到/etc/rsyslog.d/ 下,rsyslog启动时会自动加载此目录下的所有配置文件。
[root@localhost ~]
# vim /etc/rsyslog.d/haproxy.conf
if
($programname ==
'haproxy'
and $syslogserverity-text ==
'info'
)
then
-
/var/log/haproxy/haproxy-info
.log
&~
if
($programname ==
'haproxy'
and $syslogserverity-text ==
'notice'
)
then
-
/var/log/haproxy/haproxy-notice
.log
&~
|
将haproxy的info日志记录到/var/log/haproxy/haproxy-info.log中,将notice日志记录到/var/log/haproxy/haproxy-notice.log中,将notice日志记录到/var/log/haproxy/haproxy-notice
&~ 表示当写入到日志文件后,rsyslog停止处理这个信息,(rainerscript 脚本语言)
重启rsyslog服务
[root@localhost ~]# service rsyslog restart
关闭系统日志记录器: [确定]
启动系统日志记录器: [确定]
8.3 查看日志文件是否创建成功
[root@localhost ~]
# ls -l /var/log/haproxy/haproxy-info.log
[root@localhost ~]
# ls -l /var/log/haproxy/haproxy-notice.log
Sep 20 23:39:26 localhost haproxy[2674]: 192.168.200.1:51629 [20
/Sep/2015
:23:38:27.256] web-cluster web-cluster
/inst2
0
/0/0/1/59740
200 1648 - - CD-- 0
/0/0/0/0
0
/0
"GET / HTTP/1.1"
Sep 20 23:40:06 localhost haproxy[2674]: 192.168.200.1:51693 [20
/Sep/2015
:23:39:34.423] web-cluster web-cluster
/inst2
0
/0/0/0/32120
200 580 - - ---- 1
/1/1/1/0
0
/0
"GET / HTTP/1.1"
|
8.4 状态统计功能测试