本文参考http://freeloda.blog.51cto.com/2033581/1294094
一、环境
系统:CentOS 6.4x64最小化安装
haproxy:192.168.3.15
httpd-16:192.168.3.16
httpd-17:192.168.3.17
二、配置测试用的httpd服务
在httpd-16和httpd-17配置httpd服务
#在httpd-16上操作 [root@httpd-16 ~]# yum install httpd -y [root@httpd-16 ~]# service httpd restart #开放80端口 [root@httpd-16 ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT [root@httpd-16 ~]# service iptables save [root@httpd-16 ~]# echo "httpd-16" >>/var/www/html/index.html #确认httpd服务正常 [root@httpd-16 ~]# curl http://127.0.0.1 httpd-16 #在httpd-17上进行同样的操作 [root@httpd-17 ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT [root@httpd-17 ~]# service iptables save [root@httpd-17 ~]# yum install httpd -y [root@httpd-17 ~]# echo "httpd-17" >>/var/www/html/index.html [root@httpd-17 ~]# service httpd start [root@httpd-17 ~]# curl http://127.0.0.1 httpd-17
三、安装haproxy服务
安装yum源
[root@haproxy ~]# rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm [root@haproxy ~]# sed -i 's@#b@b@g' /etc/yum.repos.d/epel.repo [root@haproxy ~]# sed -i 's@mirrorlist@#mirrorlist@g' /etc/yum.repos.d/epel.repo #安装haproxy [root@haproxy ~]# yum list |grep haproxy haproxy.x86_64 1.5.2-2.el6 base [root@haproxy ~]# yum install haproxy -y
haproxy命令解释
[root@haproxy ~]# haproxy -h HA-Proxy version 1.5.2 2014/07/12 Copyright 2000-2014 Willy Tarreau <w@1wt.eu> Usage : haproxy [-f <cfgfile>]* [ -vdVD ] [ -n <maxconn> ] [ -N <maxpconn> ] [ -p <pidfile> ] [ -m <max megs> ] [ -C <dir> ] -v displays version ; -vv shows known build options. -d enters debug mode ; -db only disables background mode. -dM[<byte>] poisons memory with <byte> (defaults to 0x50) -V enters verbose mode (disables quiet mode) -D goes daemon ; -C changes to <dir> before loading files. -q quiet mode : don't display messages -c check mode : only check config files and exit -n sets the maximum total # of connections (2000) -m limits the usable amount of memory (in MB) -N sets the default, per-proxy maximum # of connections (2000) -L set local peer name (default to hostname) -p writes pids of all children to this file -de disables epoll() usage even when available -dp disables poll() usage even when available -dS disables splice usage (broken on old kernels) -dV disables SSL verify on servers side -sf/-st [pid ]* finishes/terminates old pids. Must be last arguments. haproxy [-f < 配置文件>] [ -vdVD ] [-n 最大并发连接总数] [-N 每个侦听的最大并发数] [ -p <当前的PID文件> ] [-m <内存限制M>] -v 显示当前版本信息;-vv 显示已知的创建选项 -d 前台,debug模式;-db 禁用后台模式,程序跑在前台 -V 详细模式 -D daemon模式启动 -q 安静模式,不输出信息 -c 对配置文件进行语法检查 -n 最大并发连接总数 -m 限制的可用内存大小 -N 设置默认的连接数 -p 设置当前的PID文件 -de 不使用epoll -ds 不使用speculative epoll -dp 不使用poll -sf 程序启动后向pidlist里的进程发送FINISH信号,这个参数放在命令行的最后 -st 程序启动后向pidlist里的进程发送TERMINATE信号,这个参数放在命令行的最后
查看haproxy配置文件内容
[root@haproxy ~]# cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
#官方配置文档说明
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings 全局配置
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to: #配置日志
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog #修改syslog配置文件
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog #定义日志设备
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
#全局的日志配置 其中日志级别是[err warning info debug]
#local0 是日志设备,必须为如下24种标准syslog设备的一种:
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid #将所有进程的pid写入文件启动进程的用户必须有权限访问此文件。
maxconn 4000 #最大连接数,默认4000
user haproxy #用户
group haproxy #组
daemon ##创建1个进程进入deamon模式运行。此参数要求将运行模式设置为"daemon"
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#默认的全局设置,这些参数可以被利用配置到frontend,backend,listen组件
#---------------------------------------------------------------------
defaults
mode http #默认的模式mode { tcp|http|health },tcp是4层,http是7层,health只会返回OK
log global #采用全局定义的日志
option httplog #日志类别http日志格式
option dontlognull #不记录健康检查的日志信息
option http-server-close #每次请求完毕后主动关闭http通道
option forwardfor except 127.0.0.0/8 #不记录本机转发的日志
option redispatch #serverId对应的服务器挂掉后,强制定向到其他健康的服务器
retries 3 #3次连接失败就认为服务不可用,也可以通过后面设置
timeout http-request 10s #请求超时
timeout queue 1m #队列超时
timeout connect 10s #连接超时
timeout client 1m #客户端连接超时
timeout server 1m #服务器连接超时
timeout http-keep-alive 10s #长连接超时
timeout check 10s #检查超时
maxconn 3000 #最大连接数
#---------------------------------------------------------------------
# main frontend which proxys to the backends #这里是frontend 与backends的代理配置
#---------------------------------------------------------------------
#acl策略配置
frontend main *:5000
acl url_static path_beg -i /static /p_w_picpaths /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static #满足策略要求,则响应策略定义的backend页面
default_backend app #不满足则响应backend的默认页面
#---------------------------------------------------------------------
# static backend for serving up p_w_picpaths, stylesheets and such
#---------------------------------------------------------------------
#定义使用静态后端图像,样式表等
backend static
balance roundrobin #负载均衡模式轮询
server static 127.0.0.1:4331 check #服务器定义
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin #负载均衡模式轮询
server app1 127.0.0.1:5001 check #服务器定义,check进行健康检查
server app2 127.0.0.1:5002 check
server app3 127.0.0.1:5003 check
server app4 127.0.0.1:5004 check四、haproxy负载均衡案例演示
配置haproxy的日志编辑文件/etc/sysconfig/rsyslog
[root@haproxy ~]# cat /etc/sysconfig/rsyslog # Options for rsyslogd # Syslogd options are deprecated since rsyslog v3. # If you want to use them, switch to compatibility mode 2 by "-c 2" # See rsyslogd(8) for more details SYSLOGD_OPTIONS="-c 2"
增加日志设备
[root@haproxy ~]# grep haproxy.log /etc/rsyslog.conf #增加下面一行 local2.* /var/log/haproxy.log #重启日志服务 [root@haproxy ~]# service rsyslog restart
修改haproxy配置文件
[root@haproxy ~]# cat /etc/haproxy/haproxy.cfg #修改后的内容如下 #--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- frontend http bind *:80 mode http log global option logasap option dontlognull capture request header Host len 20 capture request header Referer len 20 default_backend web frontend healthcheck bind :1099 mode http option httpclose option forwardfor default_backend web backend web balance roundrobin server web16 192.168.3.16:80 check maxconn 2000 server web17 192.168.3.17:80 check maxconn 2000 #--------------------------------------------------------------------- # static backend for serving up p_w_picpaths, stylesheets and such #--------------------------------------------------------------------- #--------------------------------------------------------------------- # round robin balancing between the various backends #---------------------------------------------------------------------
检查配置文件是否有误
[root@haproxy ~]# haproxy -c -f /etc/haproxy/haproxy.cfg Configuration file is valid
启动haproxy
[root@haproxy ~]# service haproxy start Starting haproxy: [ OK ] [root@haproxy ~]# netstat -anpt |grep haproxy tcp 0 0 0.0.0.0:1099 0.0.0.0:* LISTEN 22307/haproxy tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 22307/haproxy
开放80端口
[root@haproxy ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT [root@haproxy ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
测试结果
从上面的结果能看出,我们能正常访问到后端的2台web server
我们将httpd-16的web服务停止掉,再次测试
[root@httpd-16 ~]# service httpd stop Stopping httpd: [ OK ] #测试如下,结果显示我们只能访问到httpd-17的web资源 [root@haproxy ~]# curl http://192.168.3.15 httpd-17 [root@haproxy ~]# curl http://192.168.3.15 httpd-17 [root@haproxy ~]# curl http://192.168.3.15 httpd-17 [root@haproxy ~]# curl http://192.168.3.15 httpd-17 [root@haproxy ~]# curl http://192.168.3.15 httpd-17 [root@haproxy ~]# curl http://192.168.3.15 httpd-17 [root@haproxy ~]# curl http://192.168.3.15 httpd-17 [root@haproxy ~]# curl http://192.168.3.15 httpd-17 #这里我们再讲httpd-16的web服务启动 [root@httpd-16 ~]# service httpd start #再次访问结果,能够看到httpd-16能正常提供服务 [root@haproxy ~]# curl http://192.168.3.15 httpd-17 [root@haproxy ~]# curl http://192.168.3.15 httpd-16 [root@haproxy ~]# curl http://192.168.3.15 httpd-17 [root@haproxy ~]# curl http://192.168.3.15 httpd-16 [root@haproxy ~]# curl http://192.168.3.15 httpd-17 [root@haproxy ~]# curl http://192.168.3.15 httpd-16 [root@haproxy ~]# curl http://192.168.3.15 httpd-17 [root@haproxy ~]# curl http://192.168.3.15 httpd-16
以上结果说明haproxy能自动对后端服务进行健康状况检查
配置文件说明
[root@haproxy ~]# cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Global settings 全局配置
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
#上面的注释是告诉我们怎么配置日志的
log 127.0.0.1 local2 #定义日志
chroot /var/lib/haproxy #安全模式
pidfile /var/run/haproxy.pid #pid文件
maxconn 4000 #最大连接数
user haproxy #用户
group haproxy #组合
daemon
#---------------------------------------------------------------------
# Proxy settings 代理配置,下面全是代理配置
#---------------------------------------------------------------------
defaults #配置默认参数的,这些参数可以被利用配置到frontend,backend,listen组件
mode http #默认的模式mode { tcp|http|health },tcp是4层,http是7层,health只会返回OK(注,health已经废弃)
log global #采用全局定义的日志
option httplog #日志类别http日志格式
option dontlognull #不记录健康检查的日志信息
option http-server-close #每次请求完毕后主动关闭http通道
option forwardfor except 127.0.0.0/8 #不记录本机转发的日志
option redispatch #serverId对应的服务器挂掉后,强制定向到其他健康的服务器
retries 3 #3次连接失败就认为服务不可用,也可以通过后面设置
timeout http-request 10s #请求超时
timeout queue 1m #队列超时
timeout connect 10s #连接超时
timeout client 1m #客户端连接超时
timeout server 1m #服务器连接超时
timeout http-keep-alive 10s #长连接超时
timeout check 10s #检查超时
maxconn 30000 #最大连接数
listen stats #listen是Frontend和Backend的组合体。这里定义的是haproxy监控!
mode http #模式http
bind 0.0.0.0:1080 #绑定的监控ip与端口
stats enable #启用监控
stats hide-version #隐藏haproxy版本
stats uri /haproxyadmin?stats #定义的uri
stats realm Haproxy\ Statistics #定义显示文字
stats auth admin:admin #认证
stats admin if TRUE
frontend http-in #接收请求的前端虚拟节点,Frontend可以根据规则直接指定具体使用后端的 backend(可动态选择)。这里定义的是http服务!
bind *:80 #绑定的监控ip与端口
mode http #模式http
log global #定义日志
option httpclose #每次请求完毕后主动关闭http通道
option logasap
option dontlognull #不记录健康检查的日志信息
capture request header Host len 20
capture request header Referer len 60
default_backend web #定义的默认backend
frontend healthcheck
bind :1099
mode http
option httpclose
option forwardfor
default_backend web #定义的默认backend
backend servers #后端服务集群的配置,是真实的服务器,一个Backend对应一个或者多个实体服务器。
balance roundrobin #负载均衡方式为轮询
server web16 192.168.3.16:80 check maxconn 2000 #定义server,check 健康检查,maxconn 定义最大连接数
server web17 192.168.3.17:80 check maxconn 2000
