haproxy应用

不用手动编译安装
haproxy-1.7.3.tar.gz
yum install -y rpm-build
rpmbuild --help
rpmbuild -tb haproxy-1.7.3.tar.gz
cd /root/rpmbuild/RPMS/x86_64
rpm -ivh haproxy-1.7.3-1.x86_64.rpm
rpm -ql haproxy-1.7.3

cd /root/rpmbuild/BUILD/haproxy-1.7.3/examples
mv content-sw-sample.cfg haproxy.cfg
mv haproxy.cfg /etc/haproxy/

vim /etc/passwd
vim /etc/group
改为200的id
vim /etc/haproxy/haproxy.cfg
###################################################
global
        maxconn         10000
        stats socket    /var/run/haproxy.stat mode 600 level admin
        log             127.0.0.1 local0
        uid             200
        gid             200
        chroot          /var/empty
        daemon
defaults
         mode            http
        log             global
        option          httplog
        option          dontlognull
        monitor-uri     /monitoruri
        maxconn         8000
        timeout client  30s

        stats uri       /admin/stats
# The public 'www' address in the DMZ
frontend public
        bind            *:80 name clear
        #bind            192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
        #use_backend     static if { hdr_beg(host) -i img }
        #use_backend     static if { path_beg /img /css   }
        default_backend dynamic

# the application servers go here
backend dynamic
        balance         roundrobin
        server          dynsrv1 172.25.11.2:80  check inter 1000
        server          dynsrv2 172.25.11.3:80  check inter 1000

############################################################
加入监控访问 172.25.11.1:8080/status
        #listen admin
    #bind  *:8080                  #前三个可以不写
        #stats enable
        stats uri /status  ## 监控页面地址
        stats auth admin:westos  ## 管理帐号和密码
        stats refresh 5s  ##刷新频率

 

server2 3 打开apache  server1打开haproxy

 

 

自己写日志

开启日志服务

vim /etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514

local0.*    /var/log/haproxy.log

/etc/init.d/rsyslog restart

 

增加黑名单（访问控制）

frontend public下

acl blacklist src 172.25.0.250
http-request deny if blacklist
errorloc 403 http://172.25.11.1:8080/index.html

#黑名单重定向

vim /etc/httpd/conf/http.conf    
Listen 8088
vim /var/www/html/index.html

 

#########动态静态分离访问

vim /etc/haproxy/haproxy.cfg

frontend public
        bind            *:80 name clear
        #bind            192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
        #use_backend     static if { hdr_beg(host) -i img }
        #use_backend     static if { path_beg /img /css   }

        use_backend     dynamic if { path_end .php   }
        default_backend static

# the application servers go here
backend static
        balance         roundrobin
        server          dynsrv1 172.25.11.2:80  check inter 1000

    
backend dynamic
        balance         roundrobin
        server          dynsrv2 172.25.11.3:80  check inter 1000

访问动态
curl http://172.25.11.1/index.php
访问静态
curl 172.25.11.1

 

#####################读写分离

传给server2上传页面
和777权限
yum install php -y

server1
acl write method POST
acl write method PUT

use_backend static if write
default_backend dynamic

# the application servers go here
backend static
        balance         roundrobin
        server          dynsrv1 172.25.11.2:80  check inter 1000

    
backend dynamic
        balance         roundrobin
        server          dynsrv2 172.25.11.3:80  check inter 1000

server4

acl read method GET
acl read method HEAD

use_backend dynamic if read
default_backend static

# the application servers go here
backend static
        balance         roundrobin
        server          dynsrv1 172.25.11.2:80  check inter 1000

    
backend dynamic
        balance         roundrobin
        server          dynsrv2 172.25.11.3:80  check inter 1000