3. HAProxy的安装
1) 下载并解压HAProxy
我们可以到HAProxy官网去下载最新版本的HAProxy(可能需要FQ),然后进行安装。
# mkdir -P /server/tools # cd tools # wget https://www.haproxy.org/download/2.0/src/haproxy-2.2.3.tar.gz
# # tar -zxvf haproxy-2.2.3.tar.gz
# cd haproxy-2.2.3
2) 安装HAProxy
[root@haproxy-node1 haproxy-2.2.3]#useradd -s /sbin/nologin haproxy -M
[root@haproxy-node1 haproxy-2.2.3]#yum -y install gcc openssl-devel pcre-devel systemd-devel 安装依赖包
[root@haproxy-node1 haproxy-2.2.3]# mkdir -p /usr/local/haproxy [root@localhost haproxy-2.2.3]# make TARGET=linux-glibc PREFIX=/usr/local/haproxy SBINDIR=/usr/local/sbin ARCH=x86_64 CC src/ev_poll.o CC src/ev_epoll.o CC src/namespace.o CC src/mux_fcgi.o CC src/mux_h1.o CC src/mux_h2.o CC src/backend.o CC src/cfgparse.o CC src/cli.o CC src/cfgparse-listen.o CC src/stats.o CC src/http_ana.o CC src/stream.o CC src/check.o CC src/sample.o CC src/tools.o CC src/server.o CC src/listener.o CC src/tcpcheck.o CC src/pattern.o CC src/log.o CC src/stick_table.o CC src/flt_spoe.o CC src/stream_interface.o CC src/filters.o CC src/http_fetch.o CC src/map.o CC src/session.o CC src/sink.o CC src/flt_http_comp.o CC src/debug.o CC src/tcp_rules.o CC src/haproxy.o CC src/peers.o CC src/flt_trace.o CC src/queue.o CC src/proxy.o CC src/http_htx.o CC src/dns.o CC src/raw_sock.o CC src/pool.o CC src/http_act.o CC src/http_rules.o CC src/compression.o CC src/cfgparse-global.o CC src/payload.o CC src/signal.o CC src/activity.o CC src/mworker.o CC src/cache.o CC src/proto_uxst.o CC src/lb_chash.o CC src/connection.o CC src/proto_tcp.o CC src/http_conv.o CC src/arg.o CC src/lb_fas.o CC src/xprt_handshake.o CC src/fcgi-app.o CC src/applet.o CC src/acl.o CC src/task.o CC src/ring.o CC src/vars.o CC src/trace.o CC src/mux_pt.o CC src/xxhash.o CC src/mworker-prog.o CC src/h1_htx.o CC src/frontend.o CC src/extcheck.o CC src/channel.o CC src/action.o CC src/mailers.o CC src/proto_sockpair.o CC src/ebmbtree.o CC src/thread.o CC src/lb_fwrr.o CC src/time.o CC src/regex.o CC src/lb_fwlc.o CC src/htx.o CC src/h2.o CC src/hpack-tbl.o CC src/lru.o CC src/wdt.o CC src/lb_map.o CC src/eb32sctree.o CC src/ebistree.o CC src/h1.o CC src/sha1.o CC src/http.o CC src/fd.o CC src/ev_select.o CC src/chunk.o CC src/hash.o CC src/hpack-dec.o CC src/freq_ctr.o CC src/http_acl.o CC src/dynbuf.o CC src/uri_auth.o CC src/protocol.o CC src/auth.o CC src/ebsttree.o CC src/pipe.o CC src/hpack-enc.o CC src/fcgi.o CC src/eb64tree.o CC src/dict.o CC src/shctx.o CC src/ebimtree.o CC src/eb32tree.o CC src/ebtree.o CC src/dgram.o CC src/hpack-huff.o CC src/base64.o CC src/version.o LD haproxy [root@haproxy-node1 haproxy-2.2.3]# make install PREFIX=/usr/local/haproxy SBINDIR=/usr/local/sbin "haproxy" -> "/usr/local/sbin/haproxy" install: 正在创建目录"/usr/local/haproxy/share" install: 正在创建目录"/usr/local/haproxy/share/man" install: 正在创建目录"/usr/local/haproxy/share/man/man1" "doc/haproxy.1" -> "/usr/local/haproxy/share/man/man1/haproxy.1" install: 正在创建目录"/usr/local/haproxy/doc" install: 正在创建目录"/usr/local/haproxy/doc/haproxy" "doc/configuration.txt" -> "/usr/local/haproxy/doc/haproxy/configuration.txt" "doc/management.txt" -> "/usr/local/haproxy/doc/haproxy/management.txt" "doc/seamless_reload.txt" -> "/usr/local/haproxy/doc/haproxy/seamless_reload.txt" "doc/architecture.txt" -> "/usr/local/haproxy/doc/haproxy/architecture.txt" "doc/peers-v2.0.txt" -> "/usr/local/haproxy/doc/haproxy/peers-v2.0.txt" "doc/regression-testing.txt" -> "/usr/local/haproxy/doc/haproxy/regression-testing.txt" "doc/cookie-options.txt" -> "/usr/local/haproxy/doc/haproxy/cookie-options.txt" "doc/lua.txt" -> "/usr/local/haproxy/doc/haproxy/lua.txt" "doc/WURFL-device-detection.txt" -> "/usr/local/haproxy/doc/haproxy/WURFL-device-detection.txt" "doc/proxy-protocol.txt" -> "/usr/local/haproxy/doc/haproxy/proxy-protocol.txt" "doc/linux-syn-cookies.txt" -> "/usr/local/haproxy/doc/haproxy/linux-syn-cookies.txt" "doc/SOCKS4.protocol.txt" -> "/usr/local/haproxy/doc/haproxy/SOCKS4.protocol.txt" "doc/network-namespaces.txt" -> "/usr/local/haproxy/doc/haproxy/network-namespaces.txt" "doc/DeviceAtlas-device-detection.txt" -> "/usr/local/haproxy/doc/haproxy/DeviceAtlas-device-detection.txt" "doc/51Degrees-device-detection.txt" -> "/usr/local/haproxy/doc/haproxy/51Degrees-device-detection.txt" "doc/netscaler-client-ip-insertion-protocol.txt" -> "/usr/local/haproxy/doc/haproxy/netscaler-client-ip-insertion-protocol.txt" "doc/peers.txt" -> "/usr/local/haproxy/doc/haproxy/peers.txt" "doc/close-options.txt" -> "/usr/local/haproxy/doc/haproxy/close-options.txt" "doc/SPOE.txt" -> "/usr/local/haproxy/doc/haproxy/SPOE.txt" "doc/intro.txt" -> "/usr/local/haproxy/doc/haproxy/intro.txt"
[root@haproxy-node1 haproxy-2.2.3]# tree /usr/local/haproxy/ /usr/local/haproxy/ ├── doc │ └── haproxy │ ├── 51Degrees-device-detection.txt │ ├── architecture.txt │ ├── close-options.txt │ ├── configuration.txt │ ├── cookie-options.txt │ ├── DeviceAtlas-device-detection.txt │ ├── intro.txt │ ├── linux-syn-cookies.txt │ ├── lua.txt │ ├── management.txt │ ├── netscaler-client-ip-insertion-protocol.txt │ ├── network-namespaces.txt │ ├── peers.txt │ ├── peers-v2.0.txt │ ├── proxy-protocol.txt │ ├── regression-testing.txt │ ├── seamless_reload.txt │ ├── SOCKS4.protocol.txt │ ├── SPOE.txt │ └── WURFL-device-detection.txt └── share └── man └── man1 └── haproxy.1
5 directories, 21 files
3) 生成配置文件
默认情况下haproxy会加载/etc/haproxy/haproxy.cfg文件,当然我们也可以通过-f选项来指定加载别处的配置文件。新版的HAProxy在编译安装后并不会默认为我们生成haproxy.cfg,但是在安装源代码的examples目录下有一些示例可以参考,我们将其都复制到/etc/haproxy目录下:
[root@haproxy-node1 haproxy-2.2.3]# mkdir -p /etc/haproxy [root@haproxy-node1 haproxy-2.2.3]# cp -ar examples/* /etc/haproxy/ [root@haproxy-node1 haproxy-2.2.3]# tree /etc/haproxy/ /etc/haproxy/ ├── acl-content-sw.cfg ├── content-sw-sample.cfg ├── errorfiles │ ├── 400.http │ ├── 403.http │ ├── 408.http │ ├── 500.http │ ├── 502.http │ ├── 503.http │ ├── 504.http │ └── README ├── haproxy.init ├── option-http_proxy.cfg ├── socks4.cfg ├── transparent_proxy.cfg └── wurfl-example.cfg 1 directory, 15 files
4) 配置启动脚本
将安装源代码的examples目录下的haproxy.init文件复制到/etc/init.d/目录下,并改名为haproxy,并赋予可执行权限:
[root@haproxy-node1 haproxy-2.2.3]# cp examples/haproxy.init /etc/init.d/haproxy [root@haproxy-node1 haproxy-2.2.3]# chmod 0755 /etc/init.d/haproxy
注意此处需要根据我们上面编译时的安装目录,对/etc/init.d/haproxy稍作修改:
#BIN=/usr//sbin/$BASENAME
BIN=/usr/local/sbin/$BASENAME
5. HAProxy使用示例
如下我们给出一个HAProxy的使用实例: 使用Haproxy作为负载均衡器访问后端的Web服务。当前我们的示例环境如下:
haproxy主机: 192.168.79.128 http服务器器1(nginx): 10.0.108.111 http服务器器2(nginx): 10.0.108.112
在进行具体工作之前,我们最好先关闭SELinux:
# setenforce 0 setenforce: SELinux is disabled
1) 修改配置文件
修改默认配置文件/etc/haproxy/haproxy.cfg:
[root@haproxy-node1 haproxy-2.2.3]# vim /etc/haproxy/haproxy.cfg [root@haproxy-node1 haproxy-2.2.3]# cat /etc/haproxy/haproxy.cfg global log 127.0.0.1 local0 info maxconn 4096 user haproxy group haproxy daemon nbproc 1 pidfile /usr/local/haproxy/logs/haproxy.pid defaults mode http retries 3 timeout connect 10s timeout client 20s timeout server 30s timeout check 5s frontend www bind *:80 mode http option httplog option forwardfor option httpclose log global #acl host_www hdr_dom(host) -i www.zb.com #acl host_img hdr_dom(host) -i img.zb.com #use_backend htmpool if host_www #use_backend imgpool if host_img default_backend htmpool backend htmpool mode http option redispatch option abortonclose balance static-rr cookie SERVERID option httpchk GET /index.jsp server 237server 192.168.81.237:8080 cookie server1 weight 6 check inter 2000 rise 2 fall 3 server iivey234 192.168.81.234:8080 cookie server2 weight 3 check inter 2000 rise 2 fall 3 backend imgpool mode http option redispatch option abortonclose balance static-rr cookie SERVERID option httpchk GET /index.jsp server host236 192.168.81.236:8080 cookie server1 weight 6 check inter 2000 rise 2 fall 3 listen admin_stats bind 0.0.0.0:9188 mode http log 127.0.0.1 local0 err stats refresh 30s stats uri /haproxy-status stats realm welcome login\ Haproxy stats auth admin:admin stats hide-version stats admin if TRUE [root@haproxy-node1 haproxy-2.2.3]#
注意这里我们采用nobody/nobody来启动HAProxy,如果要采用其他用户/组来启动,可能需要先创建。
2) 配置HAProxy日志
HAProxy默认是不记录日志的,需要借助rsyslog来记录。这里有两种方法:
- 方法1
直接在/etc/rsyslog.conf文件中配置:
# 对如下两行取消注释 $ModLoad imudp $UDPServerRun 514 # 在末尾添加如下行 local3.* /var/log/haproxy.log
此外,为了使haproxy的日志不会记录到/var/log/messages中,我们还需要找到/etc/rsyslog.conf中的如下行,然后在其末尾加上local3.none:
*.info;mail.none;authpriv.none;cron.none;local3.none /var/log/messages
最后执行如下的命令重启rsyslog服务:
# systemctl restart rsyslog
- 方法2
因为我们从/etc/rsyslog.conf中我们可以看到rsyslog会读取/etc/rsyslog.d/目录下所有以.conf结尾的配置文件,因此我们在/etc/rsyslog.d目录下添加haproxy_log.conf配置文件:
$ModLoad imudp
$UDPServerRun 514
local3.* /var/log/haproxy.log
同样与上面方法1相似,我们也要避免haproxy被记录到/var/log/messages中,因此需要加上local3.none。最后执行如下命令重启rsyslog服务:
# systemctl restart rsyslog
在这里我们采用方法2来进行配置。
3) 启动相关服务器
在192.168.79.129与192.168.79.131服务器上启动nginx服务。在192.168.79.128主机上通过如下命令启动HAProxy:
[root@haproxy-node1 haproxy-2.2.3]# service haproxy start Reloading systemd: [ 确定 ] Starting haproxy (via systemctl): [ 确定 ] [root@haproxy-node1 haproxy-2.2.3]# systemctl daemon-reload [root@haproxy-node1 haproxy-2.2.3]# systemctl restart haproxy.service [root@haproxy-node1 haproxy-2.2.3]# [root@haproxy-node1 haproxy-2.2.3]# [root@haproxy-node1 haproxy-2.2.3]# netstat -lntup Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:9188 0.0.0.0:* LISTEN 3179/haproxy tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3179/haproxy tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1062/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1210/master tcp6 0 0 :::22 :::* LISTEN 1062/sshd tcp6 0 0 ::1:25 :::* LISTEN 1210/master udp 0 0 0.0.0.0:514 0.0.0.0:* 3028/rsyslogd udp 0 0 0.0.0.0:35384 0.0.0.0:* 3179/haproxy udp6 0 0 :::514 :::* 3028/rsyslogd
第一次启动haproxy先使用service命令,以后就可以使用systemctl命令来操作了:
# systemctl daemon-reload
# systemctl restart haproxy
4) 测试haproxy服务
我们可以通过Web浏览器请求http://192.168.79.128:10080/,可以看到能够正常请求成功。另外,可以查看/var/log/haproxy.log文件看相应的请求日志。
http://10.0.108.113:9188/haproxy-status
浙公网安备 33010602011771号