CentOS7安装HAProxy2.4.3
https://src.fedoraproject.org/repo/pkgs/haproxy/ #下载haproxy包
yum install make gcc gcc-c++ openssl openssl-devel readline-devel pcre-devel systemd-devel zlib-devel -y #安装haproxy、lua依赖
yum -y install pcre-static make perl -y #这个应该是不需要,如果make失败,可尝试运行
yum install build-essential libssl-dev zlib1g-dev libpcre3 libpcre3-dev -y #这个不需要
#下载并安装lua-5.3.5
wget http://www.lua.org/ftp/lua-5.3.5.tar.gz tar xvf lua-5.4.3.tar.gz cp lua-5.4.3 /usr/local/lua-5.4.3 -r cd /usr/local/lua-5.4.3 make linux test /usr/local/lua.5.4.3/src/lua -v #显示lua版本即表示安装正确
#编译安装haproxy
cd /root/haproxy-2.4.3 make TARGET=linux-glic USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 USE_DL=1 USE_LUA=1 LUA_INC=/usr/local/lua-5.4.3/src LUA_LIB=/usr/local/lua-5.4.3/src PREFIX=/usr/local/haproxy
#USE_DL表示允许系统自动寻找ldl依赖,否则会报错误“undefined reference to symbol 'dlclose@@GLIBC_2.2.5'”,cat Makefile,可以看到USE_DL参数,加上即可 make install PREFIX=/usr/local/haproxy ln -s /usr/local/haproxy/sbin/haproxy /usr/sbin/haproxy #添加软链接
安装完成后,添加haproxy服务,内容如下:
vim /usr/lib/systemd/system/haproxy.service
[Unit] Description=HAProxy Load Balancer After=rsyslog.target network.target [Service] EnvironmentFile=-/usr/local/haproxy/sbin/haproxy Environment="CONFIG=/usr/local/haproxy/sbin/haproxy.cfg" "PIDFILE=/dev/shm/tmp/haproxy.pid" "EXTRAOPTS=-S /dev/shm/tmp/haproxy.sock" ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS ExecReload=/usr/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS ExecReload=/bin/kill -USR2 $MAINPID KillMode=mixed Restart=always SuccessExitStatus=143 Type=notify [Install] WantedBy=multi-user.target
mkdir /var/lib/haproxy
systemctl start haproxy
参考:https://blog.csdn.net/studywinwin/article/details/104717662/
普通安装haproxy,没有支持lua
yum install make gcc gcc-c++ openssl openssl-devel -y
wget https://www.haproxy.org/download/2.4/src/haproxy-2.4.3.tar.gz
tar haproxy-2.4.3.tar.gz
make TARGET=linux-glic PREFIX=/srv/app/haproxy
make install PREFIX=/srv/app/haproxy
cat /usr/lib/systemd/system/haproxy.service
[Unit] Description=HAProxy Load Balancer After=rsyslog.target network.target [Service] EnvironmentFile=-/usr/local/haproxy/sbin/haproxy Environment="CONFIG=/usr/local/haproxy/sbin/haproxy.cfg" "PIDFILE=/dev/shm/tmp/haproxy.pid" "EXTRAOPTS=-S /dev/shm/tmp/haproxy.sock" ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS ExecReload=/usr/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS ExecReload=/bin/kill -USR2 $MAINPID KillMode=mixed Restart=always SuccessExitStatus=143 Type=notify [Install] WantedBy=multi-user.target
haproxy.cfg内容如下:
global log 127.0.0.1 local0 debug #info lua-load /usr/local/haproxy/scripts/check.lua #chroot /usr/share/haproxy #user haproxy #group haproxy stats socket /dev/shm/tmp/haproxy.sock mode 600 level admin expose-fd listeners stats timeout 2m pidfile /dev/shm/tmp/haproxy.pid daemon maxconn 50000 tune.ssl.default-dh-param 2048 defaults log global retries 3 #try to connect to backend option dontlognull # null log option redispatch timeout queue 1m timeout connect 10s #Wait for a tcp conn to backend to be established. timeout client 15m timeout server 15m timeout check 10s #check backend health timeout option tcpka frontend f_mail_80_443 mode http bind *:80 bind *:443 ssl crt /usr/local/haproxy/cert/cer_test19.pem redirect scheme https if !{ ssl_fc } #reqadd X-Forwarded-Proto:\ https option forwardfor option httplog option originalto timeout http-request 10s timeout http-keep-alive 10s default_backend b_mail_80 log-format %t\ %H\ %ci\ %HM\ %HP\ %HQ\ %ID\ %CC\ %ST\ %U\ %B\ ##### %f\ %fi\ %fp\ %b\ %bi\ %bc\ %bq\ %hrl\ %hsl #log-format %ci:%cp\ %B\ %H\ %HM\ %HP\ %HQ\ %HU\ %HV\ %ID\ %CC\ %ST\ %U\ %hrl\ %hsl\ rrrrrr:::\ %r\ %sslc\ %sslv\ %CC\ %CS frontend f_mail_25 mode tcp bind *:25 option tcplog default_backend b_mail_25 log 127.0.0.1 local1 info backend b_mail_80 mode http balance roundrobin #leastconn #server ex1901 10.10.22.13:801 maxconn 1000 server ex1901 10.10.22.13:80 check inter 2000 rise 2 fall 3 maxconn 10000 backend b_mail_25 mode tcp balance roundrobin server ex1901 10.10.22.13:25 check inter 2000 rise 2 fall 3 maxconn 10000 listen stats bind *:8100 mode http option httplog option dontlognull #option forwardfor stats enable stats auth admin:123 stats uri /monitor stats refresh 5s
参数解释:http://www.ttlsa.com/linux/haproxy-study-tutorial/
service haproxy status
修改配置文件后,热加载
ln -s /srv/app/haproxy/sbin/haproxy /usr/sbin/haproxy
haproxy -f /srv/app/haproxy/sbin/config/haproxy.cfg -p /run/haproxy.pid -sf $(cat /run/haproxy.pid)
配置haproxy日志:
vim /etc/rsyslog.conf,内容如下:
#haproxy的日志是用udp传输的,所以要启用rsyslog的udp监听 $ModLoad imudp $UDPServerRun 514 local0.* /var/log/haproxy.log
systemctl restart rsyslog
重启haproxy服务,可以看到haproxy.log已生成
注:可以在不同的frontend中定义不同的日志输出到不同的log文件,比如 tcp的frontend的日志输出到 haproxy_tcp.log中
1.vim /usr/local/haproxy/sbin/haproxy.cfg
frontend f_mail_25 mode tcp bind *:25 option tcplog default_backend b_mail_25 log 127.0.0.1 local1 info
2.vim /etc/rsyslog.conf中添加如下内容:
local1.* /var/log/haproxy_tcp.log
重启haproxy和rsyslog服务
haproxy常用命令:
# 检查配置文件语法 haproxy -c -f /etc/haproxy/haproxy.cfg # 以daemon模式启动,以systemd管理的daemon模式启动 haproxy -D -f /etc/haproxy/haproxy.cfg [-p /var/run/haproxy.pid] haproxy -Ds -f /etc/haproxy/haproxy.cfg [-p /var/run/haproxy.pid] # 启动调试功能,将显示所有连接和处理信息在屏幕 haproxy -d -f /etc/haproxy/haproxy.cfg # restart。需要使用st选项指定pid列表 haproxy -f /etc/haproxy.cfg [-p /var/run/haproxy.pid] -st `cat /var/run/haproxy.pid` # graceful restart,即reload。需要使用sf选项指定pid列表 haproxy -f /etc/haproxy.cfg [-p /var/run/haproxy.pid] -sf `cat /var/run/haproxy.pid` # 显示haproxy编译和启动信息 haproxy -vv
haproxy参数优化:https://www.cnblogs.com/276815076/p/8004039.html
