CentOS7.9下编译安装HAPROXY2.4.15及应用实践

精选原创

njsummer 2022-04-05 10:45:18 博主文章分类：运维 ©著作权

文章标签 编译安装HAPROXY HAPROXY日志 HAPROXY2.4.反代理实现 HAPROXY2.4四层负载均衡及健康检 HAPROXY 文章分类 开源

©著作权归作者所有：来自51CTO博客作者njsummer的原创作品，请联系作者获取转载授权，否则将追究法律责任

内容说明：CentOS7.9下编译安装HAPROXY2.4.15;反向代理WEB实现负载均衡及健康检查；HAPROXY日志记录。

1. 概述

HAPROXY 官网没提供rpm包和yum安装的方法，在CentOS7自带的yum源内的HAPROXY的版本为1.5.18，很多新特性都不支持了。要最新的稳定版本要编译安装，或者从第三方源去安装，但是一般在生产环境中不用来历不明的软件。

# CentOS7 上的版本信息 1.5.18版本太早了，APROXY
[root@haproxy-ip07 <sub>]# yum info haproxy
..................
Available Packages
Name        : haproxy
Arch        : x86_64
Version     : 1.5.18
..................
[root@haproxy-ip07 </sub>]#

2. 编译安装HAProxy

简要说明：编译安装HAProxy 2.4.15 LTS版本，更多源码包下载地址：http://www.haproxy.org/download/ 这个网站因为有关键字符 proxy 经常无法打开，请预先下载好相应的软件包。下面是整个编译安装的过程记录。

2.1 准备好LUA环境

简要说明：由于CentOS7 之前版本自带的lua版本比较低并不符合HAProxy要求的lua最低版本(5.3)的要求，因此需要编译安装较新版本的lua环境，然后才能编译安装HAProxy。HAProxy 支持基于lua实现功能扩展，lua是一种小巧的脚本语言，于1993年由巴西里约热内卢天主教大学（Pontifical Catholic University of Rio de Janeiro）里的一个研究小组开发，其设计目的是为了嵌入应用程序中，从而为应用程序提供灵活的扩展和定制功能。

LUA 官网 http://www.lua.org/start.html CentOS7.9下编译安装HAPROXY2.4.15及应用实践_HAPROXY

CentOS7 下安装Lua的官网的安装说明

#  上图可以看到官方的安装说明，非常简单
curl -R -O http://www.lua.org/ftp/lua-5.4.4.tar.gz
tar zxf lua-5.4.4.tar.gz
cd lua-5.4.4
make all test

在CentOS7.9 环境下的安装LUA环境的过程记录如下

# 主机的基础环境，主机名等修改
[root@centos79 <sub>]# hostnamectl set-hostname HAPROXY-IP07
[root@centos79 </sub>]# exit
[root@haproxy-ip07 <sub>]# 

[root@haproxy-ip07 </sub>]# timedatectl set-timezone Asia/Shanghai 
[root@haproxy-ip07 <sub>]# ntpdate ntp.aliyun.com

# 查看系统自带的lua 版本，不符合haproxy 要求的5.3版本的标准
[root@haproxy-ip07 </sub>]# lua -v
Lua 5.1.4  Copyright (C) 1994-2008 Lua.org, PUC-Rio

# 准备软件包   haproxy-2.4.15.tar.gz     lua-5.4.4.tar.gz
[root@haproxy-ip07 <sub>]# wget http://www.lua.org/ftp/lua-5.4.4.tar.gz
[root@haproxy-ip07 </sub>]# rz
rz waiting to receive.
Starting zmodem transfer.  Press Ctrl+C to cancel.
Transferring haproxy-2.4.15.tar.gz...
  100%    3531 KB    3531 KB/sec    00:00:01       0 Errors  

[root@haproxy-ip07 <sub>]# ll
-rw-r--r--  1 root root 3616441 Apr  2 20:07 haproxy-2.4.15.tar.gz
-rw-r--r--  1 root root  360876 Jan 14 00:15 lua-5.4.4.tar.gz

[root@haproxy-ip07 </sub>]# tar xvf lua-5.4.4.tar.gz -C /usr/local/src 
[root@haproxy-ip07 ~]# cd /usr/local/src/lua-5.4.4/
[root@haproxy-ip07 lua-5.4.4]# make linux test
# 验证LUA 的版本
[root@haproxy-ip07 lua-5.4.4]# src/lua -v
Lua 5.4.4  Copyright (C) 1994-2022 Lua.org, PUC-Rio

2.2 编译安装HAProxy

简要说明：haproxy 2.0之前和之后的版本的编译安装差异较大，注意查看官方文档，按照对应版本去完成操作

# 准备编译环境和源码
[root@haproxy-ip07 <sub>]# yum -y install gcc openssl-devel pcre-devel systemd-devel
[root@haproxy-ip07 </sub>]# tar xvf haproxy-2.4.15.tar.gz -C /usr/local/src
[root@haproxy-ip07 <sub>]# 
[root@haproxy-ip07 </sub>]# cd /usr/local/src/haproxy-2.4.15/
[root@haproxy-ip07 haproxy-2.4.15]# 
[root@haproxy-ip07 <sub>]# cd /usr/local/src/haproxy-2.4.15/

# 下面这两个文件是源码包内的很重要的指导文件，可以浏览并理解
[root@haproxy-ip07 haproxy-2.4.15]# ll Makefile
-rw-rw-r-- 1 root root 46211 Mar 15 00:31 Makefile
[root@haproxy-ip07 haproxy-2.4.15]# cat README
[root@haproxy-ip07 </sub>]# cat /usr/local/src/haproxy-2.4.15/INSTALL

# 参考INSTALL文件，准备好编译参数，进行编译安装
[root@haproxy-ip07 haproxy-2.4.15]# make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_LUA=1 LUA_INC=/usr/local/src/lua-5.4.4/src/ LUA_LIB=/usr/local/src/lua-5.4.4/src/
[root@haproxy-ip07 haproxy-2.4.15]# make install PREFIX=/apps/haproxy
[root@haproxy-ip07 haproxy-2.4.15]# ln -s /apps/haproxy/sbin/haproxy /usr/sbin/

# 查看生成的文件及目录结构
[root@haproxy-ip07 haproxy-2.4.15]# tree /apps/haproxy/
/apps/haproxy/
├── doc
│   └── haproxy
│       ├── 51Degrees-device-detection.txt
│       ├── architecture.txt
│       ├── close-options.txt
│       ├── configuration.txt
│       ├── cookie-options.txt
│       ├── DeviceAtlas-device-detection.txt
│       ├── intro.txt
│       ├── linux-syn-cookies.txt
│       ├── lua.txt
│       ├── management.txt
│       ├── netscaler-client-ip-insertion-protocol.txt
│       ├── network-namespaces.txt
│       ├── peers.txt
│       ├── peers-v2.0.txt
│       ├── proxy-protocol.txt
│       ├── regression-testing.txt
│       ├── seamless_reload.txt
│       ├── SOCKS4.protocol.txt
│       ├── SPOE.txt
│       └── WURFL-device-detection.txt
├── sbin
│   └── haproxy
└── share
    └── man
        └── man1
            └── haproxy.1

6 directories, 22 files
[root@haproxy-ip07 haproxy-2.4.15]#

3. 验证HAProxy安装及版本

# 查看HAProxy版本
[root@haproxy-ip07 haproxy-2.4.15]# which haproxy
/usr/sbin/haproxy
[root@haproxy-ip07 haproxy-2.4.15]# haproxy -v
HAProxy version 2.4.15-7782e23 2022/03/14 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2026.
Known bugs: http://www.haproxy.org/bugs/bugs-2.4.15.html

# -V（大写V）选项显示版本和帮助用法
[root@haproxy-ip07 haproxy-2.4.15]# haproxy -V
HAProxy version 2.4.15-7782e23 2022/03/14 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2026.
Known bugs: http://www.haproxy.org/bugs/bugs-2.4.15.html
Running on: Linux 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64
Usage : haproxy [-f <cfgfile|cfgdir>]* [ -vdVD ] [ -n <maxconn> ] [ -N <maxpconn> ]
        [ -p <pidfile> ] [ -m <max megs> ] [ -C <dir> ] [-- <cfgfile>*]
        -v displays version ; -vv shows known build options.
        -d enters debug mode ; -db only disables background mode.
        -dM[<byte>] poisons memory with <byte> (defaults to 0x50)
        -V enters verbose mode (disables quiet mode)
        -D goes daemon ; -C changes to <dir> before loading files.
        -W master-worker mode.
        -Ws master-worker mode with systemd notify support.
        -q quiet mode : don't display messages
        -c check mode : only check config files and exit
        -n sets the maximum total # of connections (uses ulimit -n)
        -m limits the usable amount of memory (in MB)
        -N sets the default, per-proxy maximum # of connections (0)
        -L set local peer name (default to hostname)
        -p writes pids of all children to this file
        -de disables epoll() usage even when available
        -dp disables poll() usage even when available
        -dS disables splice usage (broken on old kernels)
        -dG disables getaddrinfo() usage
        -dR disables SO_REUSEPORT usage
        -dL dumps loaded object files after config checks
        -dr ignores server address resolution failures
        -dV disables SSL verify on servers side
        -dW fails if any warning is emitted
        -dD diagnostic mode : warn about suspicious configuration statements
        -sf/-st [pid ]* finishes/terminates old pids.
        -x <unix_socket> get listening sockets from a unix socket
        -S <bind>[,<bind options>...] new master CLI

[root@haproxy-ip07 haproxy-2.4.15]#

4. 准备HAProxy启动文件及配置文件

简要说明：编译安装完成后默认是没有启动文件和配置文件的，准备好启动文件没有配置文件也会报错，为此我们将两个文件一起准备好。

# 先准备启动文件
[root@haproxy-ip07 <sub>]# systemctl daemon-reload
[root@haproxy-ip07 </sub>]# systemctl start haproxy
Failed to start haproxy.service: Unit not found.
[root@haproxy-ip07 <sub>]# 
[root@haproxy-ip07 </sub>]# cat /usr/lib/systemd/system/haproxy.service
cat: /usr/lib/systemd/system/haproxy.service: No such file or directory
[root@haproxy-ip07 <sub>]# 

[root@haproxy-ip07 </sub>]# vim /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
LimitNOFILE=100000

[Install]
WantedBy=multi-user.target
[root@haproxy-ip07 <sub>]# 

# 再准备配置文件  从/examples/ 下去复制模板修改
[root@haproxy-ip07 </sub>]# ll /apps/haproxy/
total 0
drwxr-xr-x 3 root root 21 Apr  2 20:44 doc
drwxr-xr-x 2 root root 21 Apr  2 20:44 sbin
drwxr-xr-x 3 root root 17 Apr  2 20:44 share
[root@haproxy-ip07 <sub>]# ll /etc/haproxy/haproxy.cfg
ls: cannot access /etc/haproxy/haproxy.cfg: No such file or directory
[root@haproxy-ip07 </sub>]# tree /usr/local/src/haproxy-2.4.15/examples/
/usr/local/src/haproxy-2.4.15/examples/
├── acl-content-sw.cfg
├── basic-config-edge.cfg
├── content-sw-sample.cfg
├── errorfiles
│   ├── 400.http
│   ├── 403.http
│   ├── 408.http
│   ├── 500.http
│   ├── 502.http
│   ├── 503.http
│   ├── 504.http
│   └── README
├── haproxy.init
├── option-http_proxy.cfg
├── quick-test.cfg
├── socks4.cfg
├── transparent_proxy.cfg
└── wurfl-example.cfg

1 directory, 17 files

# 创建自定义的配置文件
[root@haproxy-ip07 <sub>]# mkdir /etc/haproxy
[root@haproxy-ip07 </sub>]# vim /etc/haproxy/haproxy.cfg
global
    maxconn 100000
    chroot /apps/haproxy
    stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
    #uid 99
    #gid 99
    user haproxy
    group haproxy
    daemon
    #nbproc 4
    #cpu-map 1 0
    #cpu-map 2 1
    #cpu-map 3 2
    #cpu-map 4 3
    pidfile /var/lib/haproxy/haproxy.pid
    log 127.0.0.1 local2 info

defaults
    option http-keep-alive
    option forwardfor
    maxconn 100000
    mode http
    timeout connect 300000ms
    timeout client 300000ms
    timeout server 300000ms

listen stats
    mode http
    bind 0.0.0.0:9999
    stats enable
    log global
    stats uri /haproxy-status
    stats auth haadmin:shone8888

listen web_port
    bind 192.168.250.17:80
    mode http
    log global
    #server web1 192.168.250.17:80 check inter 3000 fall 2 rise 5
[root@haproxy-ip07 ~]#

5. 启动并验证haproxy

#准备socket文件目录
[root@haproxy-ip07 <sub>]# mkdir /var/lib/haproxy

# 设置非登录用户haproxy和目录权限
[root@haproxy-ip07 </sub>]# useradd -r -s /sbin/nologin -d /var/lib/haproxy haproxy
[root@haproxy-ip07 <sub>]# systemctl daemon-reload
[root@haproxy-ip07 </sub>]# systemctl enable --now haproxy


# 验证 haproxy 状态
[root@haproxy-ip07 <sub>]# systemctl status haproxy.service           
[root@haproxy-ip07 </sub>]# systemctl status haproxy      
● haproxy.service - HAProxy Load Balancer
   Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2022-04-03 00:38:59 CST; 1 day 16h ago
 Main PID: 1971 (haproxy)
   CGroup: /system.slice/haproxy.service
           ├─1971 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf.d/ -p /var/lib/haproxy/haproxy.pid
           ├─1974 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf.d/ -p /var/lib/haproxy/haproxy.pid
           └─1975 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf.d/ -p /var/lib/haproxy/haproxy.pid

[root@haproxy-ip07 <sub>]# ss -tlnp | grep haproxy
LISTEN  0   20480  *:9999              *:*    users:(("haproxy",pid=1975,fd=8),("haproxy",pid=1974,fd=8))
LISTEN  0   20480  192.168.250.7:80    *:*    users:(("haproxy",pid=1975,fd=9),("haproxy",pid=1974,fd=9))
[root@haproxy-ip07 </sub>]#

# 因为虚拟机配置了8个CPU，默认有8个进程
[root@haproxy-ip07 haproxy]#  pstree -p |grep haproxy
           |-haproxy(3017)---haproxy(3019)-+-{haproxy}(3020)
           |                               |-{haproxy}(3021)
           |                               |-{haproxy}(3022)
           |                               |-{haproxy}(3023)
           |                               |-{haproxy}(3024)
           |                               |-{haproxy}(3025)
           |                               `-{haproxy}(3026)
[root@haproxy-ip07 haproxy]# 

[root@haproxy-ip07 <sub>]# ll /var/lib/haproxy/haproxy.pid
-rw-r--r-- 1 root root 5 Apr  2 21:49 /var/lib/haproxy/haproxy.pid

[root@haproxy-ip07 </sub>]# lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                8
On-line CPU(s) list:   0-7
Thread(s) per core:    1
Core(s) per socket:    1
Socket(s):             8

6. 查看haproxy的状态页

下图为没有开启后端 192.168.250.17 WEB配置的状态页面

CentOS7.9下编译安装HAPROXY2.4.15及应用实践_HAPROXY2.4.反代理实现_02

7. 实现对后端两台WEB服务器的代理转发

7.1 后端两台WEB服务器配置

准备两台后端WEB服务器 IP192.168.250.17 和 IP192.168.250.27

[root@webserver-ip17 ~]# yum -y install httpd;hostname > /var/www/html/indexTmp.html;hostname -I >> /var/www/html/indexTmp.html;cat /var/www/html/indexTmp.html | xargs > /var/www/html/index.html;rm -rf /var/www/html/indexTmp.html;systemctl  enable --now httpd

[root@webserver-ip27 ~]# yum -y install httpd;hostname > /var/www/html/indexTmp.html;hostname -I >> /var/www/html/indexTmp.html;cat /var/www/html/indexTmp.html | xargs > /var/www/html/index.html;rm -rf /var/www/html/indexTmp.html;systemctl  enable --now httpd

7.2 修改HAPROXY的配置文件

简要说明：在后端配置好两台WEB服务器，并修改好HAPROXY的配置文件，查看状态页面及WEB访问

[root@haproxy-ip07 haproxy]# vim /etc/haproxy/haproxy.cfg       
global
    maxconn 100000
    chroot /apps/haproxy
    #stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
    stats socket /var/lib/haproxy/haproxy.sock1 mode 600 level admin process 1
    stats socket /var/lib/haproxy/haproxy.sock2 mode 600 level admin process 2
    #uid 99
    #gid 99
    user haproxy
    group haproxy
    daemon
    nbproc 2
    #cpu-map 1 0
    #cpu-map 2 1
    #cpu-map 3 2
    #cpu-map 4 3
    pidfile /var/lib/haproxy/haproxy.pid
    log 127.0.0.1 local2 info

defaults
    option http-keep-alive
    option forwardfor
    maxconn 100000
    mode http
    timeout connect 300000ms
    timeout client 300000ms
    timeout server 300000ms

listen stats
    mode http
    bind 0.0.0.0:9999
    stats enable
    log global
    stats uri /haproxy-status
    stats auth haadmin:shone8888


frontend WEB_PORT_80
    bind 192.168.250.7:80
    mode http
    use_backend web_prot_http_nodes
    log global

backend web_prot_http_nodes
    mode http
    option forwardfor
    server web1 192.168.250.17:80 check inter 3000 fall 2 rise 5
    server web2 192.168.250.27:80 check inter 3000 fall 2 rise 5
[root@haproxy-ip07 haproxy]#

7.3 查看haproxy的状态页

可以看到有两台后端服务器正常被代理

CentOS7.9下编译安装HAPROXY2.4.15及应用实践_HAPROXY2.4四层负载均衡及健康检_03

7.4 客户端访问验证

# 配置文件中采用的最基本的轮训算法
[root@CentOS84-IP172-08 ]# while :;do curl 192.168.250.7;sleep 1;done   
webserver-ip17 192.168.250.17
webserver-ip27 192.168.250.27
webserver-ip17 192.168.250.17
webserver-ip27 192.168.250.27
webserver-ip27 192.168.250.27
webserver-ip17 192.168.250.17
webserver-ip17 192.168.250.17
webserver-ip27 192.168.250.27
.........
[root@CentOS84-IP172-08 ]#

8. HAPROXY 日志

简要说明： HAPROXY 日志文件通过配置，可以存放本地也可以存放到网络上其他的机器，我们仅实现存放本地的过程。需要修改HAPROXY的配置文件和rsyslog的配置文件，记录如下：

8.1 HAPROXY 与日志相关配置

[root@haproxy-ip07 haproxy]# vim /etc/haproxy/haproxy.cfg       
global
............................
    log 127.0.0.1 local2 info
.............................
# 需要定义下接收日志的IP地址，本例仅在本机上实现日志的记录和查看
[root@haproxy-ip07 haproxy]#

8.2 rsyslog 的相关配置

# 需要打开514端口，同时需要和 HAPROXY配置文件内定义的日志  log 127.0.0.1 local2 info 对应的配置local2.* 选项
[root@haproxy-ip07 <sub>]# vim /etc/rsyslog.conf    
..................
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
..................
# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log
local2.*                                                /var/log/haproxy.log
..................

# 重启服务
[root@haproxy-ip07 </sub>]# systemctl restart rsyslog
# 我在试验过程中，重启服务一直看不到日志信息，尝试重启机器后问题得以解决，不得知什么原因
[root@haproxy-ip07 ~]# reboot

8.3 验证日志

[root@haproxy-ip07 haproxy]# tail -f /var/log/haproxy.log
Apr  4 19:21:19 localhost haproxy[3123]: Connect from 192.168.250.254:6196 to 192.168.250.7:9999 (stats/HTTP)
Apr  4 19:21:19 localhost haproxy[3123]: Connect from 192.168.250.254:6196 to 192.168.250.7:9999 (stats/HTTP)
Apr  4 19:21:19 localhost haproxy[3123]: Connect from 192.168.250.254:6196 to 192.168.250.7:9999 (stats/HTTP)
Apr  4 19:21:20 localhost haproxy[3123]: Connect from 192.168.250.254:6196 to 192.168.250.7:9999 (stats/HTTP)
Apr  4 19:21:20 localhost haproxy[3123]: Connect from 192.168.250.254:6196 to 192.168.250.7:9999 (stats/HTTP)
Apr  4 19:21:28 localhost haproxy[3123]: Connect from 192.168.250.254:6197 to 192.168.250.7:80 (WEB_PORT_80/HTTP)
Apr  4 19:21:28 localhost haproxy[3123]: Connect from 192.168.250.254:6197 to 192.168.250.7:80 (WEB_PORT_80/HTTP)
Apr  4 19:21:30 localhost haproxy[3123]: Connect from 192.168.250.254:6197 to 192.168.250.7:80 (WEB_PORT_80/HTTP)
Apr  4 19:21:30 localhost haproxy[3123]: Connect from 192.168.250.254:6197 to 192.168.250.7:80 (WEB_PORT_80/HTTP)
Apr  4 19:21:30 localhost haproxy[3123]: Connect from 192.168.250.254:6197 to 192.168.250.7:80 (WEB_PORT_80/HTTP)
Apr  4 19:21:30 localhost haproxy[3123]: Connect from 192.168.250.254:6197 to 192.168.250.7:80 (WEB_PORT_80/HTTP)
Apr  4 19:21:30 localhost haproxy[3123]: Connect from 192.168.250.254:6197 to 192.168.250.7:80 (WEB_PORT_80/HTTP)
Apr  4 19:21:31 localhost haproxy[3123]: Connect from 192.168.250.254:6197 to 192.168.250.7:80 (WEB_PORT_80/HTTP)
Apr  4 19:21:31 localhost haproxy[3123]: Connect from 192.168.250.254:6197 to 192.168.250.7:80 (WEB_PORT_80/HTTP)
Apr  4 19:21:31 localhost haproxy[3123]: Connect from 192.168.250.254:6197 to 192.168.250.7:80 (WEB_PORT_80/HTTP)
Apr  4 19:21:31 localhost haproxy[3123]: Connect from 192.168.250.254:6197 to 192.168.250.7:80 (WEB_PORT_80/HTTP)