Haproxy 安装配置

官方文档参考https://docs.haproxy.org/

四层的haproxy不支持把客户端真实的IP地址传到后端服务器。

1、安装

1.1 二进制编译安装。

https://github.com/haproxy/haproxy/releases/tag/v2.8.0

yum groupinstall -y "Development Tools"
yum install pcre pcre-devel openssl-devel systemd-devel -y

完整的说明文档在二进制的INSTALL文档中。

# 一般代理使用使用下面的编译参数足够
$ make clean
$ make -j $(nproc) TARGET=linux-glibc \
USE_OPENSSL=1  USE_PCRE=1 USE_SYSTEMD=1
$ sudo make install

编译好之后会在源代码目录下生成可执行文件haproxy的可执行文件。

可执行文件的目录放在/usr/local/sbin/haproxy下面。

[root@localhost systemd]# pwd
/opt/haproxy/admin/systemd
[root@localhost systemd]# cp haproxy.service /usr/lib/systemd/system/

systemd]# mkdir /etc/haproxy/
systemd]# cat /etc/haproxy/haproxy.cfg 
global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /opt/haproxy/stats

listen stats
  bind 0.0.0.0:1080
  mode http
  stats enable
  stats uri /
  stats realm jfbym\ Haproxy
  stats auth admin:kailin@0ps1
  stats  refresh 30s
  stats  show-node
  stats  show-legends
  stats  hide-version

                        
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000


listen dama
  bind  192.168.21.209:80
  balance roundrobin
  mode tcp
  option tcplog
  log  127.0.0.1 local2 info
  log-format {"haproxy_clientIP":"%ci","haproxy_clientPort":"%cp","haproxy_dateTime":"%t","haproxy_frontendNameTransport":"%ft","haproxy_backend":"%b","haproxy_serverName":"%s","haproxy_Tw":"%Tw","haproxy_Tc":"%Tc","haproxy_Tt":"%Tt","haproxy_bytesRead":"%B","haproxy_terminationState":"%ts","haproxy_actconn":%ac,"haproxy_FrontendCurrentConn":%fc,"haproxy_backendCurrentConn":%bc,"haproxy_serverConcurrentConn":%sc,"haproxy_retries":%rc,"haproxy_srvQueue":%sq,"haproxy_backendQueue":%bq,"haproxy_backendSourceIP":"%bi","haproxy_backendSourcePort":"%bp"}
                        
  server dama-web 172.17.0.3:80 check inter 2000 rise 2 fall 5

启动服务

useradd haproxy -s /sbin/nologin
ln -s haproxy-2.8.0/ haproxy
mkdir /var/lib/haproxy

systemctl start haproxy
systemctl enable haproxy

1.2 使用rpm仓库安装

yum -y install haproxy

[root@deploy-146 ~]# systemctl start haproxy
[root@deploy-146 ~]# systemctl enable haproxy
Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.
[root@deploy-146 ~]# 
[root@deploy-146 ~]# ss -lntup | grep haproxy
udp    UNCONN     0      0         *:34387                 *:*                   users:(("haproxy",pid=1356508,fd=6),("haproxy",pid=1356507,fd=6))
tcp    LISTEN     0      3000      *:5000                  *:*                   users:(("haproxy",pid=1356508,fd=5))

# 校验配置文件
haproxy -c -f /etc/haproxy/haproxy.cfg

2、配置日志输出

haproxy的日志不能直接输出到文件,这里使用centos自带的rsyslog去接收haproxy生成的日志并生成文件存储。

cat /etc/sysconfig/rsyslog 

SYSLOGD_OPTIONS="-r -m 0"

# -r:   打开接受外来日志消息的功能,其监控514 UDP端口;
# -x:   关闭自动解析对方日志服务器的FQDN信息,这能避免DNS不完整所带来的麻烦;
# -m:  修改syslog的内部mark消息写入间隔时间(0为关闭),例如240为每隔240分钟写入一次"--MARK--"信息;
# -h:   默认情况下,syslog不会发送从远端接受过来的消息到其他主机,而使用该选项,则把该开关打开,所有接受到的信息都可根据syslog.conf中定义的@主机转发过去. 

vi /etc/rsyslog.conf

# 设置rstslog服务,打开端口监听
$ModLoad imudp
$UDPServerRun 514

$ModLoad imtcp
$InputTCPServerRun 514

# 新增配置
local2.*                       /var/log/haproxy.log


systemctl restart rsyslog.service