Haproxy 安装配置
官方文档参考https://docs.haproxy.org/
四层的haproxy不支持把客户端真实的IP地址传到后端服务器。
1、安装
1.1 二进制编译安装。
https://github.com/haproxy/haproxy/releases/tag/v2.8.0
yum groupinstall -y "Development Tools"
yum install pcre pcre-devel openssl-devel systemd-devel -y完整的说明文档在二进制的INSTALL文档中。
# 一般代理使用使用下面的编译参数足够
$ make clean
$ make -j $(nproc) TARGET=linux-glibc \
USE_OPENSSL=1 USE_PCRE=1 USE_SYSTEMD=1
$ sudo make install编译好之后会在源代码目录下生成可执行文件haproxy的可执行文件。
可执行文件的目录放在/usr/local/sbin/haproxy下面。
[root@localhost systemd]# pwd
/opt/haproxy/admin/systemd
[root@localhost systemd]# cp haproxy.service /usr/lib/systemd/system/
systemd]# mkdir /etc/haproxy/
systemd]# cat /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /opt/haproxy/stats
listen stats
bind 0.0.0.0:1080
mode http
stats enable
stats uri /
stats realm jfbym\ Haproxy
stats auth admin:kailin@0ps1
stats refresh 30s
stats show-node
stats show-legends
stats hide-version
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen dama
bind 192.168.21.209:80
balance roundrobin
mode tcp
option tcplog
log 127.0.0.1 local2 info
log-format {"haproxy_clientIP":"%ci","haproxy_clientPort":"%cp","haproxy_dateTime":"%t","haproxy_frontendNameTransport":"%ft","haproxy_backend":"%b","haproxy_serverName":"%s","haproxy_Tw":"%Tw","haproxy_Tc":"%Tc","haproxy_Tt":"%Tt","haproxy_bytesRead":"%B","haproxy_terminationState":"%ts","haproxy_actconn":%ac,"haproxy_FrontendCurrentConn":%fc,"haproxy_backendCurrentConn":%bc,"haproxy_serverConcurrentConn":%sc,"haproxy_retries":%rc,"haproxy_srvQueue":%sq,"haproxy_backendQueue":%bq,"haproxy_backendSourceIP":"%bi","haproxy_backendSourcePort":"%bp"}
server dama-web 172.17.0.3:80 check inter 2000 rise 2 fall 5启动服务
useradd haproxy -s /sbin/nologin
ln -s haproxy-2.8.0/ haproxy
mkdir /var/lib/haproxy
systemctl start haproxy
systemctl enable haproxy1.2 使用rpm仓库安装
yum -y install haproxy
[root@deploy-146 ~]# systemctl start haproxy
[root@deploy-146 ~]# systemctl enable haproxy
Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.
[root@deploy-146 ~]#
[root@deploy-146 ~]# ss -lntup | grep haproxy
udp UNCONN 0 0 *:34387 *:* users:(("haproxy",pid=1356508,fd=6),("haproxy",pid=1356507,fd=6))
tcp LISTEN 0 3000 *:5000 *:* users:(("haproxy",pid=1356508,fd=5))
# 校验配置文件
haproxy -c -f /etc/haproxy/haproxy.cfg2、配置日志输出
haproxy的日志不能直接输出到文件,这里使用centos自带的rsyslog去接收haproxy生成的日志并生成文件存储。
cat /etc/sysconfig/rsyslog
SYSLOGD_OPTIONS="-r -m 0"
# -r: 打开接受外来日志消息的功能,其监控514 UDP端口;
# -x: 关闭自动解析对方日志服务器的FQDN信息,这能避免DNS不完整所带来的麻烦;
# -m: 修改syslog的内部mark消息写入间隔时间(0为关闭),例如240为每隔240分钟写入一次"--MARK--"信息;
# -h: 默认情况下,syslog不会发送从远端接受过来的消息到其他主机,而使用该选项,则把该开关打开,所有接受到的信息都可根据syslog.conf中定义的@主机转发过去.
vi /etc/rsyslog.conf
# 设置rstslog服务,打开端口监听
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
# 新增配置
local2.* /var/log/haproxy.log
systemctl restart rsyslog.service
