文章目录

一、HAProxy介绍

HAProxy是一款基于TCP和HTTP应用的代理软件,它可作为负载均衡器,而且完全免费。HAProxy最主要的优点是性能突出,它特别适合那些负载特别大的web站点,这些站点通常需要具备会话保持或七层处理功能。

优点如下:
1.免费且开源,稳定性非常好。
2.支持连接拒绝。因为维护一个连接保持打开状态的开销是很低的,有时我们需要防止蠕虫攻击,也就是通过限制它们的连接打开来防止它们的危害。这个功能已经拯救了很多被DDOS攻击的小型站点,这也是其他负载均衡器所不具备的。
3.支持全透明代理。可以用客户端IP地址或任何其他地址来连接后端服务器,这个特性使得为某特殊服务器处理部分流量的同时又不修改服务器的地址成为可能。
4.自带强大的监控服务器状态的页面,在实际环境中我们可以结合Nagios来实现邮件或短信报警。
5.支持虚拟主机

四种常见算法:
1.roundrobin:轮询
2.static-rr:加权轮询
3.leastconn:最小连接
4.source:会话保持

1.rpm安装HAProxy

[root@node1 ~]# yum list | grep -i haproxy
haproxy.x86_64                            1.5.18-9.el7                 base     
pcp-pmda-haproxy.x86_64                   4.3.2-7.el7_8                updates  
[root@node1 ~]# yum install -y haproxy

配置文件:/etc/haproxy/haproxy.cfg
主要由两部分组成:
Global setting:对haproxy进程自身属性设定
proxies:对代理配置(如defaults、listen、frontend前端和backend后端)

2.源码安装HAProxy

1、下载

wget -c http://download.openpkg.org/components/cache/haproxy/haproxy-2.1.0.tar.gz
wget -c https://www.lua.org/ftp/lua-5.3.5.tar.gz

2、源码编译安装lua及haproxy
1› 安装依赖

yum install gcc gcc-c++ make openssl-devel readline-devel systemd-devel make pcre-devel -y

2› 编译安装lua

[root@node2 ~]# tar -xzf lua-5.3.5.tar.gz -C /usr/local/src/
[root@node2 ~]# cd /usr/local/src/lua-5.3.5/
[root@node2 lua-5.3.5]# make linux
[root@node2 lua-5.3.5]# make install INSTALL_TOP=/usr/local/lua
cd src && mkdir -p /usr/local/lua/bin /usr/local/lua/include /usr/local/lua/lib /usr/local/lua/man/man1 /usr/local/lua/share/lua/5.3 /usr/local/lua/lib/lua/5.3
cd src && install -p -m 0755 lua luac /usr/local/lua/bin
cd src && install -p -m 0644 lua.h luaconf.h lualib.h lauxlib.h lua.hpp /usr/local/lua/include
cd src && install -p -m 0644 liblua.a /usr/local/lua/lib
cd doc && install -p -m 0644 lua.1 luac.1 /usr/local/lua/man/man1
[root@node2 lua-5.3.5]# /usr/local/lua/bin/lua -v
Lua 5.3.5  Copyright (C) 1994-2018 Lua.org, PUC-Rio

3› 编译安装haproxy

[root@node2 ~]# tar -xzf haproxy-2.1.0.tar.gz -C /usr/local/src/
[root@node2 ~]# cd /usr/local/src/haproxy-2.1.0/
[root@node2 haproxy-2.1.0]# make USE_NS=1 USE_TFO=1 USE_OPENSSL=1 USE_ZLIB=1 USE_LUA=1 USE_PCRE=1 USE_SYSTEMD=1 USE_LIBCRYPT=1 USE_THREAD=1 TARGET=linux-glibc LUA_INC=/usr/local/lua/include LUA_LIB=/usr/local/lua/lib
[root@node2 haproxy-2.1.0]# make install PREFIX=/usr/local/haproxy

USE_SYSTEMD=1为支持使用 -Ws参数(systemd-aware master-worker 模式)启动Haproxy,从而实现单主进程多子进程运行模式

3、配置HAProxy
1› 创建用户和组

[root@node2 haproxy-2.1.0]# groupadd -r -g 188 haproxy
[root@node2 haproxy-2.1.0]# useradd -r -u 188 -g 188 -d /usr/local/haproxy -c haproxy -s /sbin/nologin haproxy

2› 配置服务启动脚本

[root@node2 haproxy-2.1.0]# vim /usr/lib/systemd/system/haproxy.service
[root@node2 ~]# cat /usr/lib/systemd/system/haproxy.service 
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed
[Install]
WantedBy=multi-user.target

3› 编辑配置文件

[root@node2 haproxy-2.1.0]# mkdir /etc/haproxy
[root@node2 haproxy-2.1.0]# vim /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /usr/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /usr/local/haproxy/haproxy.sock

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend  main
	bind *:5000
    acl url_static       path_beg       -i /static /images /javascript /stylesheets
    acl url_static       path_end       -i .jpg .gif .png .css .js

    use_backend static          if url_static
    default_backend             app

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
    balance     roundrobin
    server      static 127.0.0.1:4331 check

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
    balance     roundrobin
    server  app1 127.0.0.1:5001 check
    server  app2 127.0.0.1:5002 check
    server  app3 127.0.0.1:5003 check
    server  app4 127.0.0.1:5004 check

4› 测试脚本

systemctl daemon-reload
systemctl enable --now haproxy
systemctl is-active haproxy
active
systemctl is-enabled haproxy
enabled

3.配置haproxy实现L4负载均衡

准备环境:
在这里插入图片描述
方法一:使用前端和后端的方法
步骤:
1.haproxy负载编辑配置文件,设置默认前端,轮询算法,指定后端服务器;再编辑/etc/rsyslog.conf开启日志功能;之后开启rsyslog和haproxy服务

[root@node1 ~]# vim /etc/haproxy/haproxy.cfg
global
    log         127.0.0.1 local2
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend  web *:80
    default_backend             app

#--------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
    balance     roundrobin
    server  app1 192.168.131.108:80 check
    server  app2 192.168.131.109:80 check
[root@node1 ~]# vim /etc/rsyslog.conf
[root@node1 ~]# systemctl restart rsyslog
[root@node1 ~]# systemctl start haproxy

2.两台web服务器安装httpd,且编辑/var/www/html/index.html为测试内容,之后开启httpd服务。

[root@node2 ~]# cat /var/www/html/index.html 
192.168.131.108  web
[root@node3 ~]# cat /var/www/html/index.html 
192.168.131.109  web

3.测试haproxy负载均衡功能

[root@node2 html]# for ((i=1;i<=6;i++));do curl 192.168.131.107;done
192.168.131.108  web 
192.168.131.109  web 
192.168.131.108  web 
192.168.131.109  web 
192.168.131.108  web 
192.168.131.109  web

方法二:使用listen方法

[root@node1 ~]# vim /etc/haproxy/haproxy.cfg
global
    log         127.0.0.1 local2
listen app
    bind *:80                                                             balance     roundrobin
    server  app1 192.168.131.108:80 check
    server  app2 192.168.131.109:80 check
[root@node1 ~]# systemctl restart haproxy

测试:

[root@node2 html]# for ((i=1;i<=6;i++));do curl 192.168.131.107;done
192.168.131.108  web 
192.168.131.109  web 
192.168.131.108  web 
192.168.131.109  web 
192.168.131.108  web 
192.168.131.109  web

4.实现haproxy基于地址目录7层跳转

准备环境:

[root@pyy html]# mkdir  -p /var/nginx/nginx 
[root@pyy html]# echo "nginx123" > /var/nginx/nginx/index.html
[root@pyy html]# mkdir  -p /var/php/php 
[root@pyy html]# echo "php123" > /var/php/php/index.html
[root@pyy html]# mkdir -p /var/resin/resin
[root@pyy html]# echo "resin123" > /var/resin/resin/index.html

步骤:
1.在web服务器配置基于域名的虚拟主机

[root@node4 conf.d]# cat httpd-vhost.conf 
<Directory "/var">
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted
</Directory>

<VirtualHost *:80>
	ServerName nginx.test.org
	DocumentRoot "/var/nginx"
</VirtualHost>
<VirtualHost *:80>
	ServerName php.test.org
	DocumentRoot "/var/php"
</VirtualHost>
<VirtualHost *:80>
	ServerName resin.test.org
	DocumentRoot "/var/resin"
</VirtualHost>
[root@pyy conf.d]# systemctl restart httpd

2.haproxy负载器编写配置文件

[root@node1 haproxy]# cat /etc/haproxy/haproxy.cfg
frontend test
	bind *:80
	acl static path_beg /nginx/
	acl php path_beg /php/
	acl java path_beg /resin/
	use_backend nginxpools if static
	use_backend phppools if php
	use_backend javapools if java
	default_backend nginxpools

backend nginxpools
	balance roundrobin
	server nginx 192.168.131.109
backend phppools
	balance roundrobin
	server php 192.168.131.109
backend javapools
	balance roundrobin
	server java 192.168.131.109
[root@node1 haproxy]# systemctl restart haproxy

3.在node2编写/etc/hosts文件,编写域名所对应的地址(此时应是vip)

[root@node2 html]# cat /etc/host
192.168.131.107 nginx.test.org php.test.org resin.test.org

4.测试:

[root@node2 html]# curl http://nginx.test.org/nginx/
nginx123
[root@node2 html]# curl http://resin.test.org/resin/
resin123
[root@node2 html]# curl http://php.test.org/php/
php123

5.haproxy健康检查

4.1基于tcp端口的健康检查:haproxy只会检查后端server服务的对应端口。

4.1 配置一个健康检查

[root@node1 ~]# vim /etc/haproxy/haproxy.cfg
global
    log         127.0.0.1 local2
listen app
    bind *:80                                                             balance     roundrobin
    server  app1 192.168.131.108:80 check
    server  app2 192.168.131.109:80 check
listen stats *:88
	mode http
	stats uri /admin?stats
	stats auth proxy:123456
	balance roundrobin
	option httpclose
	option forwardfor
	option httpchk
	server web1 192.168.131.108:80 cookie web1 check port 80 inter 5000 fall 5
	server web2 192.168.131.109:80 cookie web2 check port 80 inter 5000 fall 5
[root@node1 haproxy]# systemctl start haproxy

测试:在web界面输入192.168.131.107/admin?stats后会让你输入登录的用户名和密码(proxy:123456),之后会显示健康检查的结果
在这里插入图片描述
4.2基于http的直接IP URL方式的健康检查

6.haproxy的会话保持:添加balance source

[root@node1 ~]# vim /etc/haproxy/haproxy.cfg
global
    log         127.0.0.1 local2
listen app
    bind *:80                                                             balance     roundrobin
    balance	source
    server  app1 192.168.131.108:80 check
    server  app2 192.168.131.109:80 check
listen stats *:88
	mode http
	stats uri /admin?stats
	stats auth proxy:123456
	balance roundrobin
	option httpclose
	option forwardfor
	option httpchk
	server web1 192.168.131.108:80 cookie web1 check port 80 inter 5000 fall 5
	server web2 192.168.131.109:80 cookie web2 check port 80 inter 5000 fall 5
[root@node1 haproxy]# systemctl start haproxy

测试:始终为一个会话

[root@node2 html]# for ((i=1;i<=6;i++));do curl 192.168.131.107;done
192.168.131.108  web 
192.168.131.108  web 
192.168.131.108  web 
192.168.131.108  web 
192.168.131.108  web 
192.168.131.108  web
Logo
开放原子开发者工作坊

开放原子开发者工作坊旨在鼓励更多人参与开源活动,与志同道合的开发者们相互交流开发经验、分享开发心得、获取前沿技术趋势。工作坊有多种形式的开发者活动,如meetup、训练营等,主打技术交流,干货满满,真诚地邀请各位开发者共同参与!

更多推荐

第二届openEuler生态大会(中国·湖南)成功举办

10月30日,第二届openEuler生态大会(中国·湖南)成功举办。

avatar 开放原子开发者工作坊

“小满”安全车控操作系统正式在AtomGit开源

10月24日,由中国汽车工业协会指导,普华基础软件股份有限公司主办的“小满”安全车控操作系统开源发布会暨共建计划说明会成功举行。普华基础软件宣布将安全车控操作系统“小满”(简称“小满”)V24.10源代码正式在开放原子开源基金会(简称“基金会”)旗下AtomGit开源协作平台开源,并在AtomGit平

avatar 开放原子开发者工作坊

开放原子大赛——CIKM 2024赛果揭晓,10强争霸,角逐第33届国际信息与知识管理大会

开放原子大赛——CIKM 2024赛果揭晓,10强争霸,角逐第33届国际信息与知识管理大会

avatar 开放原子开发者工作坊