2024年网络安全最全Haproxy 基础

备:

 页面主要参数解释
 Queue
 Cur: current queued requests //当前的队列请求数量
 Max：max queued requests     //最大的队列请求数量
 Limit：           //队列限制数量
 ​
 Errors
 Req：request errors             //错误请求
 Conn：connection errors          //错误的连接
 ​
 Server列表：
 Status:状态，包括up(后端机活动)和down(后端机挂掉)两种状态
 LastChk:    持续检查后端服务器的时间
 Wght: (weight) : 权重
 ========================================================
 2.测试访问
 通过访问haparoxy的ip地址访问到后端服务器
 # curl http://192.168.246.169
 如果出现bind失败的报错，执行下列命令
 setsebool -P haproxy_connect_any=1
 二、Keepalived实现调度器HA
 注：主/备调度器均能够实现正常调度
 1. 主/备调度器安装软件
 [root@ha-proxy-master ~]# yum install -y keepalived
 [root@ha-proxy-slave ~]# yum install -y keepalived
 [root@ha-proxy-master ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
 [root@ha-proxy-master ~]# vim /etc/keepalived/keepalived.conf
 ! Configuration File for keepalived
 ​
 global_defs {
    router_id director1
 }
 vrrp_instance VI_1 {
     state MASTER
     interface ens33
     virtual_router_id 80
     priority 100
     advert_int 1
     authentication {
         auth_type PASS
         auth_pass 1111
     }
     virtual_ipaddress {
         192.168.246.17/24
     }
 }
 ​
 [root@ha-proxy-slave ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
 [root@ha-proxy-slave ~]# vim /etc/keepalived/keepalived.conf
 ! Configuration File for keepalived
 ​
 global_defs {
    router_id directory2
 }
 vrrp_instance VI_1 {
     state BACKUP
     interface ens33
     virtual_router_id 80
     priority 50
     advert_int 1
     authentication {
         auth_type PASS
         auth_pass 1111
     }
     virtual_ipaddress {
         192.168.246.17/24
     }
 }
 3. 启动KeepAlived（主备均启动）
 [root@ha-proxy-master ~]# chkconfig keepalived on
 [root@ha-proxy-master ~]# service keepalived start
 [root@ha-proxy-master ~]# ip a
 ​
 4. 扩展对调度器Haproxy健康检查（可选）
 思路：一台机器做
 让Keepalived以一定时间间隔执行一个外部脚本，脚本的功能是当Haproxy失败，则关闭本机的Keepalived
 a. script
 [root@ha-proxy-master ~]# cat /etc/keepalived/check_haproxy_status.sh
 #!/bin/bash                                                                                /usr/bin/curl -I http://localhost &>/dev/null   
 if [ $? -ne 0 ];then                                                                            
 #       /etc/init.d/keepalived stop
         systemctl stop keepalived
 fi                                                                      
 [root@ha-proxy-master ~]# chmod a+x /etc/keepalived/check_haproxy_status.sh
 b. keepalived使用script
 [root@ha-proxy-master keepalived]# vim keepalived.conf
 ! Configuration File for keepalived
 ​
 global_defs {
    router_id director1
 }
 vrrp_script check_haproxy {
    script "/etc/keepalived/check_haproxy_status.sh"
    interval 5
 }
 ​
 vrrp_instance VI_1 {
     state MASTER
     interface ens33
     virtual_router_id 80
     priority 100
     advert_int 1
     authentication {
         auth_type PASS
         auth_pass 1111
     }
     virtual_ipaddress {
         192.168.246.17/24
     }
     track_script {
         check_haproxy
     }
 }
 [root@ha-proxy-slave keepalived]# vim keepalived.conf
 ! Configuration File for keepalived
 ​
 global_defs {
    router_id directory2
 }
 vrrp_script check_haproxy {
    script "/etc/keepalived/check_haproxy_status.sh"
    interval 5
 }
 ​
 vrrp_instance VI_1 {
     state BACKUP
     interface ens33
     virtual_router_id 80
     priority 50
     advert_int 1
     authentication {
         auth_type PASS
         auth_pass 1111
     }
     virtual_ipaddress {
         192.168.246.17/24
     }
     track_script {
         check_haproxy
     }
 }
 [root@ha-proxy-master keepalived]# systemctl restart keepalived
 [root@ha-proxy-slave keepalived]# systemctl restart keepalived
 注：必须先启动haproxy，再启动keepalived
 两台机器都配置haproxy的日志:需要打开注释并添加
 [root@ha-proxy-master ~]# vim /etc/rsyslog.conf 
 # Provides UDP syslog reception  #由于haproxy的日志是用udp传输的,所以要启用rsyslog的udp监听
 $ModLoad imudp
 $UDPServerRun 514
 找到  #### RULES ####   下面添加
 local2.info                       /var/log/haproxy.log
 [root@ha-proxy-master ~]# systemctl restart rsyslog
 [root@ha-proxy-master ~]# systemctl restart haproxy
 [root@ha-proxy-master ~]# tail -f /var/log/haproxy.log 
 2019-07-13T23:11:35+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56866 to 192.168.246.17:80 (web/HTTP)
 2019-07-13T23:11:35+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56867 to 192.168.246.17:80 (web/HTTP)
 2019-07-13T23:13:39+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56889 to 192.168.246.17:80 (stats/HTTP)
 2019-07-13T23:13:39+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56890 to 192.168.246.17:80 (web/HTTP)
 2019-07-13T23:14:07+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56895 to 192.168.246.17:80 (web/HTTP)
 2019-07-13T23:14:07+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56896 to 192.168.246.17:80 (stats/HTTP)

四层代理mysql

 准备两台机器，关闭防火墙和selinux。
 1.两台机器部署mysql并制作互为主从----略
 2.安装haproxy制作代理
 [root@haproxy-server ~]# yum -y install haproxy
 [root@haproxy-server ~]# cp -rf /etc/haproxy/haproxy.cfg{,.bak}
 [root@haproxy-server ~]# sed -i -r '/^[ ]*#/d;/^$/d' /etc/haproxy/haproxy.cfg
 [root@haproxy-server ~]# vim /etc/haproxy/haproxy.cfg
 global
     log         127.0.0.1 local2
     pidfile     /var/run/haproxy.pid
     maxconn     4000
     user        haproxy
     group       haproxy
     daemon
     nbproc 1
 defaults
     mode                    http
     log                     global
     option                  redispatch
     retries                 3
     maxconn                 3000
     contimeout              5000
     clitimeout              50000
     srvtimeout              50000
 listen stats
     bind            *:81
     stats                       enable
     stats uri               /haproxy
     stats auth              qianfeng:123
 listen mysql
     bind *:3307
     mode tcp
     balance roundrobin
     server mysql1 192.168.198.149:3306 weight 1  check inter 1s rise 2 fall 2
     server mysql2 192.168.198.150:3306 weight 1  check inter 1s rise 2 fall 2
 [root@haproxy-server ~]# systemctl start haproxy
 [root@haproxy-server ~]# netstat -lntp | grep 3307
 tcp        0      0 0.0.0.0:3307            0.0.0.0:*               LISTEN      11866/haproxy
 ​
 3.验证：
 [root@haproxy-server ~]# mysql -uroot -p'QianFeng@123!' -P 3307
 mysql: [Warning] Using a password on the command line interface can be insecure.
 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 6
 Server version: 5.7.31-log MySQL Community Server (GPL)
 ​
 Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
 ​
 Oracle is a registered trademark of Oracle Corporation and/or its
 affiliates. Other names may be trademarks of their respective
 owners.
 ​
 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 ​
 mysql> show databases;
**先自我介绍一下，小编浙江大学毕业，去过华为、字节跳动等大厂，目前阿里P7**

**深知大多数程序员，想要提升技能，往往是自己摸索成长，但自己不成体系的自学效果低效又漫长，而且极易碰到天花板技术停滞不前！**

**因此收集整理了一份《2024年最新网络安全全套学习资料》，初衷也很简单，就是希望能够帮助到想自学提升又不知道该从何学起的朋友。**
![img](https://img-blog.csdnimg.cn/img_convert/0f7ef4ed118f883d4229477e5e674902.png)
![img](https://img-blog.csdnimg.cn/img_convert/dede02a32cac7904698015a0b7b0647c.png)
![img](https://img-blog.csdnimg.cn/img_convert/d2040e96a7f4646a9ebc22e19a6b0cce.png)
![img](https://img-blog.csdnimg.cn/img_convert/679b1a7e381b38fa385178d5e76ab980.png)
![img](https://img-blog.csdnimg.cn/img_convert/75fd9b564679b73532acbc169d6af750.png)
![img](https://img-blog.csdnimg.cn/img_convert/52d763212a127eaf845e281e74f26b10.png)

**既有适合小白学习的零基础资料，也有适合3年以上经验的小伙伴深入学习提升的进阶课程，涵盖了95%以上网络安全知识点，真正体系化！**

**由于文件比较多，这里只是将部分目录截图出来，全套包含大厂面经、学习笔记、源码讲义、实战项目、大纲路线、讲解视频，并且后续会持续更新**

**[需要这份系统化资料的朋友，可以点击这里获取](https://bbs.csdn.net/topics/618540462)**
片转存中...(img-QcvxhH1F-1714560842800)]

**既有适合小白学习的零基础资料，也有适合3年以上经验的小伙伴深入学习提升的进阶课程，涵盖了95%以上网络安全知识点，真正体系化！**

**由于文件比较多，这里只是将部分目录截图出来，全套包含大厂面经、学习笔记、源码讲义、实战项目、大纲路线、讲解视频，并且后续会持续更新**

**[需要这份系统化资料的朋友，可以点击这里获取](https://bbs.csdn.net/topics/618540462)**