haproxy
目录
haproxy
什么是haproxy
HAProxy是一种高效、可靠、免费的高可用及负载均衡解决方案,非常适合于高负载站点的七层数据请求。因为HAProxy实现了一种事件驱动、单一进程模型,此模型支持非常大的并发连接数。客户端通过HAProxy代理服务器获得站点页面,而代理服务器收到客户请求后根据负载均衡的规则将请求数据转发给后端真实服务器。HAProxy还支持Session的保持和Cookie的引导。
同一客户端访问服务器,HAProxy保持会话的三种方案:
1、 HAProxy将客户端ip进行Hash计算并保存,由此确保相同IP访问时被转发到同一真实服务器上。( 配置:balance source)
2、 HAProxy依靠真实服务器发送给客户端的cookie信息进行会话保持。
3、 HAProxy保存真实服务器的session及服务器标识,实现会话保持功能。
HAProxy工作原理
HAProxy有前端(frontend)和后端(backend),前端和后端都可以有多个。也可以只有一个listen块来同时实现前端和后端。这里主要讲一下frontend和backend工作模式。
前端(frontend)区域可以根据HTTP请求的header信息来定义一些规则,然后将符合某规则的请求转发到相应后端(backend)进行处理。因此HAProxy可以实现动静分离(动静分离简单来说就是指将静态请求转发到对应的静态资源服务器,将动态请求转发到动态资源服务器),LVS 就没有此功能。
环境说明:
| haproxy服务器 | 192.168.32.125 |
|---|---|
| web服务器(node1) | 192.168.32.130 |
| web服务器 (node2) | 192.168.32.135 |
1. haproxy安装
$ make clean
$ make -j $(nproc) TARGET=linux-glibc
USE_OPENSSL=1 USE_ZLIB=1 USE_LUA=1 USE_PCRE=1 USE_SYSTEMD=1
$ sudo make install
[root@localhost ~]# yum -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel
[root@localhost ~]# useradd -r -M -s /sbin/nologin haproxy
[root@localhost ~]# ls
anaconda-ks.cfg haproxy-2.2.0.tar.gz
[root@localhost ~]# tar xf haproxy-2.2.0.tar.gz
[root@localhost ~]# ls
anaconda-ks.cfg haproxy-2.2.0 haproxy-2.2.0.tar.gz
[root@localhost ~]# cd haproxy-2.2.0
[root@localhost haproxy-2.2.0]# make -j `nproc` TARGET=linux-glibc USE_OPENSSL=1 USE_ZLIB=1 USE_PCRE=1 USE_SYSTEMD=1
[root@localhost haproxy-2.2.0]# make install
‘haproxy’ -> ‘/usr/local/sbin/haproxy’
‘doc/haproxy.1’ -> ‘/usr/local/share/man/man1/haproxy.1’
......
2. 配置内核参数
[root@localhost haproxy-2.2.0]# echo 'net.ipv4.ip_nonlocal_bind = 1' >> /etc/sysctl.conf
[root@localhost haproxy-2.2.0]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
[root@localhost haproxy-2.2.0]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
3. 提供配置文件
[root@localhost ~]# mkdir /etc/haproxy
[root@localhost ~]# cat > /etc/haproxy/haproxy.cfg <<EOF
#--------------全局配置----------------
global
log 127.0.0.1 local0 info
#log loghost local0 info
maxconn 20480
#chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid
#maxconn 4000
user haproxy
group haproxy
daemon
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option dontlognull
option httpclose
option httplog
#option forwardfor
option redispatch
balance roundrobin
timeout connect 10s
timeout client 10s
timeout server 10s
timeout check 10s
maxconn 60000
retries 3
#--------------统计页面配置------------------
listen admin_stats
bind 0.0.0.0:8189
stats enable
mode http
log global
stats uri /haproxy_stats
stats realm Haproxy\ Statistics
stats auth admin:admin
#stats hide-version
stats admin if TRUE
stats refresh 30s
#---------------web设置-----------------------
listen webcluster
bind *:80
mode http
#option httpchk GET /index.html
log global
maxconn 3000
balance roundrobin
cookie SESSION_COOKIE insert indirect nocache
server web01 192.168.32.130:80 weight 2 check inter 2000 fall 5
server web02 192.168.32.135:80 check inter 2000 fall 5
#server web01 192.168.80.102:80 cookie web01 check inter 2000 fall 5
EOF
4.编写haproxy.service
[root@localhost ~]#cat > /usr/lib/systemd/system/haproxy.service <<EOF
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/local/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/local/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
EOF
#重新加载配置文件
[root@localhost ~]# systemctl daemon-reload
5. 配置日志
[root@localhost ~]# vim /etc/rsyslog.conf
local0.* /var/log/haproxy.log
[root@localhost ~]# systemctl restart rsyslog
6. 启动服务
[root@localhost ~]# systemctl start haproxy
[root@localhost ~]# systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2020-07-27 10:51:55 EDT; 5s ago
Process: 2528 ExecStartPre=/usr/local/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q (code=exited, status=0/SUCCESS)
Main PID: 2529 (haproxy)
CGroup: /system.slice/haproxy.service
├─2529 /usr/local/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
└─2532 /usr/local/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
Jul 27 10:51:55 localhost.localdomain systemd[1]: Starting HAProxy Load Balancer...
Jul 27 10:51:55 localhost.localdomain systemd[1]: Started HAProxy Load Balancer.
Jul 27 10:51:55 localhost.localdomain haproxy[2529]: [NOTICE] 208/105155 (2529) : New worker #1 (2532) forked
Jul 27 10:51:55 localhost.localdomain haproxy[2529]: [WARNING] 208/105155 (2532) : Server webcluster/web01 is DOWN, rea...ueue.
Jul 27 10:51:56 localhost.localdomain haproxy[2529]: [WARNING] 208/105156 (2532) : Server webcluster/web02 is DOWN, rea...ueue.
Jul 27 10:51:56 localhost.localdomain haproxy[2529]: [NOTICE] 208/105156 (2532) : haproxy version is 2.2.0
Jul 27 10:51:56 localhost.localdomain haproxy[2529]: [NOTICE] 208/105156 (2532) : path to executable is /usr/local/sbin/haproxy
Jul 27 10:51:56 localhost.localdomain haproxy[2529]: [ALERT] 208/105156 (2532) : proxy 'webcluster' has no server available!
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:8189 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:22 [::]:*
7. web界面登录查看
访问http://IP/haproxy_stats
初始密码在配置文件中,账户和密码都是admin
8. ab压力测试
[root@client ~]# ab -n 50000 -c 10 http://192.168.32.125:80/index.html
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.32.125 (be patient)
Completed 5000 requests
Completed 10000 requests
Completed 15000 requests
Completed 20000 requests
Completed 25000 requests
Completed 30000 requests
Completed 35000 requests
Completed 40000 requests
Completed 45000 requests
Completed 50000 requests
Finished 50000 requests
Server Software:
Server Hostname: 192.168.32.125
Server Port: 80
Document Path: /index.html
Document Length: 7 bytes
Concurrency Level: 10
Time taken for tests: 14.969 seconds
Complete requests: 50000
Failed requests: 0
Write errors: 0
Total transferred: 18250000 bytes
HTML transferred: 350000 bytes
Requests per second: 3340.25 [#/sec] (mean)
Time per request: 2.994 [ms] (mean)
Time per request: 0.299 [ms] (mean, across all concurrent requests)
Transfer rate: 1190.62 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.1 0 3
Processing: 1 3 0.5 3 7
Waiting: 1 3 0.5 3 7
Total: 1 3 0.6 3 9
Percentage of the requests served within a certain time (ms)
50% 3
66% 3
75% 3
80% 3
90% 4
95% 4
98% 5
99% 5
100% 9 (longest request)
