HAProxy杂记（2）

haproxy高级配置

haproxy cookie

1、配置插入cookie

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend websrvs
    balance     roundrobin
    cookie SERVERID insert nocache indirect
    server web1 10.201.106.132:80 check weight 1 cookie websrv1
    server web2 10.201.106.133:80 check weight 3 cookie websrv2

重载服务：
[root@master1 haproxy]# systemctl reload haproxy.service

由于每次请求头部的cookie都是websrv2字段，10个子网页全部都是由web2响应；

状态监控页

1、配置文件配置

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#--
frontend  main
    bind *:80
    bind *:8080
    default_backend            websrvs

listen statistics
    bind *:9090
    stats enable
    stats hide-version
#    stats scope .

[root@master1 haproxy]# systemctl restart haproxy.service
[root@master1 haproxy]# ss -tnl
State       Recv-Q Send-Q Local Address:Port               Peer Address:Port              
LISTEN      0      128           *:8080                      *:*                  
LISTEN      0      128           *:80                        *:*                  
LISTEN      0      128           *:22                        *:*                  
LISTEN      0      100    127.0.0.1:25                        *:*                  
LISTEN      0      128           *:9090                      *:*                  
LISTEN      0      128          :::22                       :::*                  
LISTEN      0      100         ::1:25                       :::*                  
[root@master1 haproxy]# 

访问测试：http://10.201.106.131:9090/haproxy?stats

2、修改状态页路径

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend  main
    bind *:80
    bind *:8080
    default_backend            websrvs

listen statistics
    bind *:9090
    stats enable
    stats hide-version
    stats scope .
    stats uri /haproxyadmin?stats		#修改状态页地址
    stats realm "HAPorxy\ Statistics"	#认证提醒	
    stats auth admin:mageedu			#账号密码

重载服务：[root@master1 haproxy]# systemctl reload haproxy.service

测试：再次登陆需要账号密码；

3、配置认证成功时，开启管理接口

listen statistics
    bind *:9090
    stats enable
    stats hide-version
    #stats scope .  				#去掉当前有效
    stats uri /haproxyadmin?stats
    stats realm "HAPorxy\ Statistics"
    stats auth admin:mageedu
    stats admin if TRUE				#

option，记录真实客户端地址

1、默认在default开启

2、修改后端httpd的配置文件

[root@master2 ~]# vim /etc/httpd/conf/httpd.conf 

    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

[root@master2 ~]# systemctl reload httpd.service

3、后端web查看日志

[root@master2 ~]# tail /var/log/httpd/access_log 
10.201.106.1 - - [06/Feb/2017:11:02:11 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
10.201.106.1 - - [06/Feb/2017:11:02:11 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
10.201.106.1 - - [06/Feb/2017:11:02:11 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
10.201.106.1 - - [06/Feb/2017:11:02:12 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
10.201.106.1 - - [06/Feb/2017:11:02:12 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
10.201.106.1 - - [06/Feb/2017:11:02:12 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
10.201.106.1 - - [06/Feb/2017:11:02:12 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
10.201.106.1 - - [06/Feb/2017:11:02:13 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
10.201.106.1 - - [06/Feb/2017:11:02:13 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
10.201.106.1 - - [06/Feb/2017:11:02:13 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
[root@master2 ~]# 

响应报文首部修改

1、修改haproxy配置文件

frontend  main
    bind *:80
    bind *:8080
    rspadd Via:\ node1.magedu.com
    default_backend            websrvs

[root@master1 haproxy]# systemctl reload haproxy.service