六.基础配置阶段
1.安装haproxy
[root@hap ~]# yum install -y haproxy
[root@hap ~]# cd /etc/haproxy/
[root@hap haproxy]# cp haproxy.cfg{,.bak}
[root@hap haproxy]# ls
haproxy.cfg haproxy.cfg.bak
2.开启haproxy的系统日志
[root@hap haproxy]# vim/etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
local2.* /var/log/haproxy.log
重新启动rsyslog服务:
[root@hap haproxy]# service rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
3.编辑配置文件,添加后端web服务器
[root@hap haproxy]# vim/etc/haproxy/haproxy.cfg
global
#to have these messages end up in /var/log/haproxy.log you will
#need to:
#
#1) configure syslog to accept network log events. This is done
# by adding the '-r' option tothe SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
#2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like thefollowing can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
#turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend main *:80
default_backend websrvs
backend websrvs
balance roundrobin
server node7 172.16.31.30:80check
server node8 172.16.31.31:80check
4.启动服务:
[root@hap haproxy]# service haproxy start
Starting haproxy: [ OK ]
5.访问测试:
是基于轮询调度算法的。
七.常用配置解析:
1.cookie会话保持
backend websrvs
balance roundrobin
cookie SRV insert indirectnocache
server node7 172.16.31.30:80cookie node7 check rise 1 fall 2
server node8 172.16.31.31:80cookie node8 check
重启haproxy服务:
[root@hap haproxy]# service haproxy restart
Stopping haproxy: [ OK ]
Starting haproxy: [ OK ]
访问测试:
记录了cookie,实现了会话保持:
2.启用反向服务器状态信息页面
backend websrvs
balance roundrobin
server node7 172.16.31.30:80cookie node7 check rise 1 fall 2
server node8 172.16.31.31:80cookie node8 check
stats enable
重启haproxy服务,访问测试:
状态页安全性配置:
backend websrvs
balance roundrobin
server node7 172.16.31.30:80cookie node7 check rise 1 fall 2
server node8 172.16.31.31:80cookie node8 check
stats enable
stats uri /haproxyadm?stats
stats hide-version
stats realm HAProxy\ Status
stats auth admin:admin
stats admin if TRUE
重启haproxy服务,访问测试:
3.让后端web服务器记录真实的访问客户端IP地址
更改后端web服务器的日志格式:
[root@node7 ~]# vim/etc/httpd/conf/httpd.conf
#LogFormat "%h %l %u %t\"%r\" %>s %b \"%{Referer}i\"\"%{User-Agent}i\"" combined
#将如上日志格式更改为下面的格式即可
LogFormat "%{X-Forwarded-For}i %l %u%t \"%r\" %>s %b \"%{Referer}i\"\"%{User-Agent}i\"" combined
重新启动web服务器后进行测试访问后查看日志:
[root@node7 ~]# tail/var/log/httpd/access_log
#以前访问的记录地址都是haproxy服务器的地址
172.16.31.32 - - [11/Jan/2015:10:03:45+0800] "GET / HTTP/1.1" 200 16 "-" "Mozilla/5.0(Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/37.0.2062.124 Safari/537.36"
#更改记录日志格式后记录的是真实的客户端IP地址
172.16.31.254 - - [11/Jan/2015:11:15:50+0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0(Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/37.0.2062.124 Safari/537.36"
172.16.31.254 - - [11/Jan/2015:11:15:56+0800] "GET / HTTP/1.1" 200 16 "-" "Mozilla/5.0(Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/37.0.2062.124 Safari/537.36"
4.通过ACL实现网站访问的动静分离
我通过ACL将动态资源的访问到节点7,而静态资源的访问定位到节点8
先在节点7和节点8安装php,实现php动态资源和httpd服务器的结合:
# yum install -y php
创建phpinfo测试页:
#cat /var/www/html/index.php
<?php
phpinfo();
?>
节点7和节点8都存在动态的php测试页:
我们配置haproxy实现动静分离:
[root@hap haproxy]# cat /etc/haproxy/haproxy.cfg
global
# to have these messages end up in/var/log/haproxy.log you will
#need to:
#
#1) configure syslog to accept network log events. This is done
# by adding the '-r' option tothe SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
#2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like thefollowing can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
#turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen stats
bind :1080
mode http
stats enable
stats uri /haproxy?stats
stats realm HAProxy\ Status
stats auth admin:admin
stats admin if TRUE
frontend http-in
bind *:80
mode http
log global
option httpclose
option logasap
option dontlognull
capture request header Host len 20
capture request header Referer len 60
acl url_static path_beg -i /static /p_w_picpaths /javascript /stylesheets
acl url_static path_end -i .html .jpg .jpeg .gif .png .css .js
acl url_dynamic path_end -i .php .jsp
use_backend static_servers if url_static
use_backend dynamic_servers if url_dynamic
default_backend dynamic_servers
backend static_servers
balance roundrobin
server node7 172.16.31.30:80check maxconn 1000
backend dynamic_servers
balance roundrobin
cookie srv insert nocache
server node8 172.16.31.31:80 check maxconn 1000 cookie node8
重新启动haproxy服务进行访问测试:
我们访问静态的html页面,代理服务器就定位到节点7上进行访问;
我们访问动态页面,代理服务器就将请求定位到了节点8上,并记录了session会话状态;
至此,一些基础的haproxy实用配置就介绍到这里。
转载于:https://blog.51cto.com/sohudrgon/1602199