HAProxy配置及使用

HAProxy

HAProxy 是一款提供高可用性、负载均衡以及基于TCP(第四层)和HTTP(第七层)应用的代理软件,支持虚拟主机,它是免费、快速并且可靠的一种解决方案。 HAProxy特别适用于那些负载特大的web站点,这些站点通常又需要会话保持或七层处理。HAProxy运行在时下的硬件上,完全可以支持数以万计的 并发连接。并且它的运行模式使得它可以很简单安全的整合进您当前的架构中, 同时可以保护你的web服务器不被暴露到网络上。


HAProxy搭建HTTP负载集群

本次环境为:

环境 IP地址 需要安装的应用 系统版本
client 192.168.100.1 / RedHat 8
LB 192.168.100.2 haproxy RedHat 8
RS1 192.168.100.3 httpd RedHat 8
RS2 192.168.100.4 httpd RedHat 8

准备工作:

#LB
[root@LB ~]# systemctl disable --now firewalld
[root@LB ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
[root@LB ~]# setenforce 0

#RS1:
[root@RS1 ~]# systemctl disable --now firewalld
[root@RS1 ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
[root@RS1 ~]# setenforce 0
[root@RS1 ~]# yum -y install httpd
[root@RS1 ~]# systemctl enable --now httpd
[root@RS1 ~]# echo haproxy-web1 > /var/www/html/index.html

#RS2:
[root@RS2 ~]# systemctl disable --now firewalld
[root@RS2 ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# yum -y install httpd
[root@RS2 ~]# systemctl enable --now httpd
[root@RS2 ~]# echo haproxy-web2 > /var/www/html/index.html

安装haproxy

#LB
//下载haproxy
[root@LB ~]# wget https://www.haproxy.org/download/2.3/src/haproxy-2.3.10.tar.gz
[root@LB ~]# ls
anaconda-ks.cfg  haproxy-2.3.10.tar.gz

//安装依赖包
[root@LB ~]# yum -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel

//创建用户
[root@LB ~]# useradd -r -M -s /sbin/nologin haproxy

//编译安装haproxy
[root@LB ~]# tar xf haproxy-2.3.10.tar.gz 
[root@LB ~]# cd haproxy-2.3.10/
[root@DR haproxy-2.3.10]# make -j $(grep 'processor' /proc/cpuinfo |wc -l)  \
TARGET=linux-glibc  \
USE_OPENSSL=1  \
USE_ZLIB=1  \
USE_PCRE=1  \
USE_SYSTEMD=1

[root@DR haproxy-2.3.10]# make install PREFIX=/usr/local/haproxy
[root@DR haproxy-2.3.10]# cp haproxy /usr/sbin/

配置各个负载的内核参数

#LB
[root@LB ~]# echo 'net.ipv4.ip_nonlocal_bind = 1' >>  /etc/sysctl.conf
[root@LB ~]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf

[root@LB ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1

提供配置文件

#LB
[root@LB ~]# mkdir /etc/haproxy

[root@LB ~]# vim /etc/haproxy/haproxy.cfg
global
    daemon
    maxconn 256
    
defaults
    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms
    
frontend http-in
    bind *:80
    default_backend servers
    
backend servers
    server web01 192.168.100.3:80
    server web02 192.168.100.4:80
    
[root@LB ~]# haproxy -f /etc/haproxy/haproxy.cfg -c
Configuration file is valid

启动服务

#LB
//直接启动
[root@LB ~]# haproxy -f /etc/haproxy/haproxy.cfg
[root@LB ~]# ss -antl
State     Recv-Q     Send-Q         Local Address:Port         Peer Address:Port    
LISTEN    0          128                  0.0.0.0:80                0.0.0.0:*       
LISTEN    0          128                  0.0.0.0:22                0.0.0.0:*       
LISTEN    0          128                     [::]:22                   [::]:* 

//守护进程启动
[root@LB ~]# vim /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg   -c -q
ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg  -p /var/run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID

[Install]
WantedBy=multi-user.target

[root@LB ~]# systemctl daemon-reload
[root@LB ~]# systemctl enable --now haproxy
[root@LB ~]# ss -antl
State     Recv-Q     Send-Q         Local Address:Port         Peer Address:Port    
LISTEN    0          128                  0.0.0.0:22                0.0.0.0:*             
LISTEN    0          128                  0.0.0.0:80                0.0.0.0:*       
LISTEN    0          128                     [::]:22                   [::]:* 

client访问测试

#client
[root@client ~]# curl 192.168.100.2
haproxy-web1
[root@client ~]# curl 192.168.100.2
haproxy-web2
[root@client ~]# curl 192.168.100.2
haproxy-web1
[root@client ~]# curl 192.168.100.2
haproxy-web2


HAProxy搭建HTTPS负载集群

在以上配置基础下搭建https

# RS上安装mod_ssl
[root@RS1 ~]# yum -y install mod_ssl
[root@RS2 ~]# yum -y install mod_ssl

# 这里就不做证书,使用默认的证书,重启服务查看443是否启动
[root@RS1 ~]# systemctl restart httpd
[root@RS2 ~]# systemctl restart httpd

# 443端口已经起来
[root@RS1 ~]# ss -antl
State       Recv-Q      Send-Q           Local Address:Port             Peer Address:Port 
LISTEN      0           128                    0.0.0.0:22                    0.0.0.0:*   
LISTEN      0           128                          *:80                          *:*   
LISTEN      0           128                       [::]:22                       [::]:*   
LISTEN      0           128                          *:443                         *:*  

[root@RS2 ~]# ss -antl
State       Recv-Q      Send-Q           Local Address:Port             Peer Address:Port 
LISTEN      0           128                    0.0.0.0:22                    0.0.0.0:*   
LISTEN      0           128                          *:80                          *:*   
LISTEN      0           128                       [::]:22                       [::]:*   
LISTEN      0           128                          *:443                         *:*  

修改配置文件

#LB
[root@LB ~]# vim /etc/haproxy/haproxy.cfg
global
    log 127.0.0.1 local2  info
    maxconn 20480
    chroot /usr/local/haproxy
    pidfile /var/run/haproxy.pid
    stats socket  /var/lib/haproxy/haproxy.sock mode 600 level admin
    user haproxy
    group haproxy
    daemon
    nbproc 1
    nbthread 4
    spread-checks 5

defaults
    mode http
    log global
    option dontlognull
    option httpclose
    option  http-keep-alive
    option redispatch
    balance roundrobin
    timeout connect 60s
    timeout client 30s
    timeout server 30s
    timeout check 10s
    maxconn 60000
    retries 3

listen https
    bind 0.0.0.0:443
    log global
    mode tcp
    balance  roundrobin 
    server web01 192.168.100.3:443 check inter 2s fall 3 rise 5
    server web02 192.168.100.4:443 check inter 2s fall 3 rise 5

[root@LB ~]# mkdir /var/lib/haproxy

//重启服务
[root@LB ~]# systemctl restart haproxy
[root@LB ~]# ss -antl
State     Recv-Q     Send-Q         Local Address:Port         Peer Address:Port    
LISTEN    0          128                  0.0.0.0:22                0.0.0.0:*       
LISTEN    0          128                  0.0.0.0:443               0.0.0.0:*           
LISTEN    0          128                     [::]:22                   [::]:*  

client访问测试

#client
[root@client ~]# curl -k https://192.168.100.2
haproxy-web1
[root@client ~]# curl -k https://192.168.100.2
haproxy-web2
[root@client ~]# curl -k https://192.168.100.2
haproxy-web1
[root@client ~]# curl -k https://192.168.100.2
haproxy-web2
[root@client ~]# curl -k https://192.168.100.2
haproxy-web1
[root@client ~]# curl -k https://192.168.100.2
haproxy-web2


访问haproxy网页界面

//修改配置文件
[root@LB ~]# vim /etc/haproxy/haproxy.cfg
#--------------全局配置----------------
global
    log 127.0.0.1 local0  info
    #log loghost local0 info
    maxconn 20480
#chroot /usr/local/haproxy
    pidfile /var/run/haproxy.pid
    #maxconn 4000
    user haproxy
    group haproxy
    daemon
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode http
    log global
    option dontlognull
    option httpclose
    option httplog
    #option forwardfor
    option redispatch
    balance roundrobin
    timeout connect 10s
    timeout client 10s
    timeout server 10s
    timeout check 10s
    maxconn 60000
    retries 3
#--------------统计页面配置------------------
listen admin_stats
    bind 0.0.0.0:8189
    stats enable
    mode http
    log global
    stats uri /haproxy_stats
    stats realm Haproxy\ Statistics
    stats auth admin:admin
    #stats hide-version
    stats admin if TRUE
    stats refresh 30s
#---------------web设置-----------------------
listen webcluster
    bind 0.0.0.0:80
    mode http
    #option httpchk GET /index.html
    log global
    maxconn 3000
    balance roundrobin
    cookie SESSION_COOKIE insert indirect nocache
    server web01 192.168.100.3:80 check inter 2000 fall 5
    server web02 192.168.100.4:80 check inter 2000 fall 5
    #server web01 192.168.80.102:80 cookie web01 check inter 2000 fall 5
    
//重启服务
[root@LB ~]# systemctl restart haproxy
[root@LB ~]# ss -antl
State     Recv-Q     Send-Q         Local Address:Port         Peer Address:Port    
LISTEN    0          128                  0.0.0.0:80                0.0.0.0:*       
LISTEN    0          128                  0.0.0.0:22                0.0.0.0:*       
LISTEN    0          128                  0.0.0.0:8189              0.0.0.0:*       
LISTEN    0          128                     [::]:22                   [::]:* 

启用日志

#LB
[root@LB ~]# vim /etc/rsyslog.conf
······
# Save boot messages also to boot.log
(插入一行内容如下)
local0.info                                             /var/log/haproxy.log
local7.*                                                /var/log/boot.log

[root@LB ~]# systemctl restart rsyslog

访问测试

访问 192.168.100.2:8189/haproxy_stats

1

#LB
[root@LB ~]# cat /etc/haproxy/haproxy.cfg 
······
#--------------统计页面配置------------------
	stats uri /haproxy_stats  		 //访问方式
    stats realm Haproxy\ Statistics  
    stats auth admin:admin  		 //用户名和密码admin

访问成功

2

posted @ 2021-05-09 22:34  Serein)  阅读(278)  评论(0编辑  收藏  举报