Load balancing HAProxy-- HAProxy monitoring and management server, add a log, static and dynamic separation, page redirects, separate read and write

A, HAProxy (monocytes) What is?

HAProxy is a high availability, load balancing, and (seventh layer) application based on TCP (layer IV) and HTTP proxy software,Support for virtual hosts, it's free, fast and reliable a solution. HAProxy especially for those large load of web sites that usually they need to maintain or seven treatment sessions. HAProxy running on current hardware can support thousands of concurrent connections. And its mode of operation makes it really simple to integrate into your current security architecture, while protecting your web server is not exposed to the network.

• HAProxy Details

Second, load balancing of server monitoring and management haproxy

lab environment

CPU name	IP	service
Virtual machine server1	172.25.7.1	haproxy, httpd, the proxy server
Virtual Machine server2	172.25.7.2	httpd, php, back-end servers
Virtual Machine server3	172.25.7.3	httpd, php, back-end servers
Physical machine	172.25.7.250	End test

Set up a basic server haproxy

1, in server1Built above HAProxy server, install haproxy service yum install haproxy -y

view the version of the service

2, change the configuration file:vim /etc/haproxy/haproxy.cfg

 listen admin *:8080
       stats enable
       stats uri /status  		# 监控页面地址
       stats auth admin:westos  # 管理帐号和密码
       stats refresh 5s  		#刷新频率


listen  ranran *:80      		#监听的实例名称,地址和端口 
        balance roundrobin      #负载均衡算法
        server web1 172.25.7.2:80 check
        server web2 172.25.7.3:80 check

3, open haproxy service on server1

4, in server2 and server3 On the installation and configuration service httpd web resources.

 1）yum install httpd -y
 2）vim /var/www/html--》server2/server3
 3）systemctl start httpd  

5、In the physical machine test: curl 172.25.7.1, to achieve load balancing

In the physical test machine inside the browser, enter the monitoring page: 172.25.7.1: 8080 / status

Shoot down server3

Monitoring page will be displayed immediately

server3的服务重启

监控页面又显示正常

三、给haproxy服务器添加日志

1、更改日志监控的配置文件：vim /etc/rsyslog.conf

$ModLoad imudp     #接受 haproxy 日志
$UDPServerRun 514

*.info;mail.none;authpriv.none;cron.none;local2.none     /var/log/messages
local2.*                       /var/log/haproxy.log   #日志文件位置

2、重启haproxy和rsyslog服务

3、查看日志

四、动静态访问分离

1、更改配置文件：vim /etc/haproxy/haproxy.cfg，重启服务。

frontend  ranran *:80
    acl url_static       path_beg       -i  /images   (以/images开头 默认根目录)
    acl url_static       path_end       -i .jpg .gif .png （以.jpg .gif .png结尾）

    use_backend static   if url_static
    default_backend  	 app  

backend static  
       server web2 172.25.7.3:80 check

backend app
       server web1 172.25.7.2:80 check
	   server local 172.25.7.1:8000 backup

2、在server3的httpd服务的默认发布目录里，新建images目录，放置.jpg的图片。

3、在server1上安装httpd服务，且更改httpd服务的工作端口为8000，添加web服务的资源

5、当我访问静态资源的时候，服务器去找server3

五、页面重定向

5.1 403错误页面重定向

1、更改配置文件：vim /etc/haproxy/haproxy.cfg，重启服务。

frontend  ranran *:80
    acl url_static       path_beg       -i  /images   
    acl url_static       path_end       -i .jpg .gif .png  
	acl badhost  src  172.25.7.250  ##设定物理机不能访问server1 
    block if badhost
    errorloc 403 http://172.25.7.1:8000 ##注意端口不要冲突，如果是403错误就重定向到 172.25.7.1：8000
    use_backend static          if url_static
    default_backend  app
backend static
		server web2 172.25.7.3:80 check
backend app
		server web1 172.25.7.2:80 check
       

2、更改server1的web页面

3、在物理机测试：172.25.7.1：8000

5.2 任何错误页面重定向

1、更改配置文件：vim /etc/haproxy/haproxy.cfg，重启服务。

frontend  ranran *:80
    acl url_static       path_beg       -i  /images   
    acl url_static       path_end       -i .jpg .gif .png  
	acl badhost  src  172.25.7.250   
 	redirect location http://172.25.7.1:8000 if badhost #如果出现错误访问就重定向，无论什么错误 
    use_backend static          if url_static
    default_backend  app
backend static
		server web2 172.25.7.3:80 check
backend app
		server web1 172.25.7.2:80 check
       

2、为了实验效果明显更改server1的web页面

3、在物理机测试：172.25.7.1：8000

5.3 301永久重定向

• 301 redirect: 301 代表永久性转移(Permanently Moved）；302 redirect: 302 代表暂时性转移(Temporarily Moved )，ps:这里也顺带记住了两个比较相近的英语单词（permanently、temporarily）
• 详细来说，301和302状态码都表示重定向，就是说浏览器在拿到服务器返回的这个状态码后会自动跳转到一个新的URL地址，这个地址可以从响应的Location首部中获取（用户看到的效果就是他输入的地址A瞬间变成了另一个地址B）——这是它们的共同点。他们的不同在于。301表示旧地址A的资源已经被永久地移除了（这个资源不可访问了），搜索引擎在抓取新内容的同时也将旧的网址交换为重定向之后的网址；302表示旧地址A的资源还在（仍然可以访问），这个重定向只是临时地从旧地址A跳转到地址B，搜索引擎会抓取新的内容而保存旧的网址。

At this point we are in the physical machine test, we found to be 302 temporary redirect

1, change the configuration file:vim /etc/haproxy/haproxy.cfgTo restart the service.

frontend  ranran *:80
    acl westos.org  hdr_beg(host) -i westos.org  
    acl 172.25.7.1  hdr_beg(host) -i 172.25.7.1   
	redirect code 301 location http://www.westos.org if westos.org
     ###以westos.org访问 自动重定向 www.westos.org）
    redirect code 301 location http://www.westos.org if 172.25.7.1
     ###以172.25.7.1访问 自动重定向 www.westos.org）  
    use_backend static          if url_static
    default_backend  app
 	server web1 172.25.7.2:80 check
       

2, the physical machine browser testing:
172.25.7.1 access to automatically jump to www.westos.org

Westos.org access to automatically jump www.westos.org

Six, Haproxy the separate read and write

1, mounted to server2, and server3 php: yum install php -y

2, to server2 and server3 default upload directory permissions:chmod 777 upload

3, change the configuration file:vim /etc/haproxy/haproxy.cfgTo restart the service.

    acl read method GET      
    acl read method HEAD     ##两个read write 只用一个就行
    acl write method PUT
    acl write method POST
	use_backend app       if write  
    default_backend  static   
  backend static  
       server web2 172.25.7.3:80 check

  backend app
       server web1 172.25.7.2:80 check
	   server local 172.25.7.1:8000 backup  

4, the physical machine browser testing: 172.25.7.1/index.php
client upload .jpg picture

We will find uploaded to server2