1.下载地址
国外下载网站 https://www.haproxy.org/download
http://download.openpkg.org/components/cache/haproxy/
2.上传到服务器上面并且解压
下载2.4.0版本的haproxy
3.编译安装
#确认linux系统内核
uname -r
3.10.0-957.el7.x86_64
#centos7内核的系统,对应linux31
make TARGET=linux31
#开始安装
make install PREFIX=/home/proxy
###另外其他编译参数
make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/usr/local/haproxy #编译并指定开启的参数
USE_LUA=1 LUA_INC=/usr/local/src/lua-5.3.5/src LUA_LIB=/usr/local/src/lua-5.3.5/src # 使用lua脚本,需安装lua
ARCH=x86_64 #CPU架构,arch命令查看
TARGET=linux-glibc #通用linux内核
USE_PCRE=1 #PCRE支持正则表达式,用于用户请求的uri
USE_OPENSSL=1 #https,证书
USE_ZLIB=1 #开启压缩
USE_SYSTEMD=1 #使用systemd启动haproxy主进程
USE_CPU_AFFINITY=1 #CPU亲和性,让haproxy指定的进程工作在指定的CPU核心上
USE_LUA=1 LUA_INC=/usr/local/src/lua-5.3.5/src LUA_LIB=/usr/local/src/lua-5.3.5/src #开启lua,及lua和lua库所在路径
PREFIX=/usr/local/haproxy #指定安装路径
make install PREFIX=/usr/local/haproxy
看到proxy家目录下如下
./haproxy -v查看安装haproxy版本
4.创建启动关闭等脚本和目录
mkdir -p bin
mkdir -p etc
mkdir -p logs
mkdir -p temp
1.在etc目录下创建配置文件
创建后端转发规则配置文件
touch haproxy-api.conf
global
maxconn 20000 # 限制单个进程的最大连接数
#chroot /home/proxy/haproxy
daemon # 让进程作为守护进程在后台运行
quiet
nbproc 1 # 指定作为守护进程运行时的进程数
pidfile /home/proxy/haproxy-api.pid
defaults
log global
mode http
option httplog
option dontlognull #不记录空连接
option httpclose
log 127.0.0.1 local0 info #日志级别[err warning info debug]
#retries 0 # 设置在一个服务器上链接失败后的重连次数
#option redispatch # 在连接失败或断开的情况下,允许当前会话被重新分发
maxconn 20000 # 可被发送到后端服务器的最大并发连接数
contimeout 5000ms # 设置等待连接到服务器成功的最大时间
clitimeout 600000ms # 设置客户端的最大超时时间
srvtimeout 600000ms # 设置服务器端的最大超时时间
frontend controller
bind 0.0.0.0:10000
mode http
log global
option httplog
option dontlognull
maxconn 20000
clitimeout 600000
srvtimeout 600000
acl acl-controller-order path_beg /api/order
use_backend order if acl-controller-order
acl acl-controller-base path_beg /api/base
use_backend base if acl-controller-base
acl acl-controller-sec path_beg /api/sec
use_backend sec if acl-controller-sec
acl acl-controller-prod path_beg /api/prod
use_backend prod if acl-controller-prod
backend order
mode http
balance roundrobin
contimeout 5000
clitimeout 600000
srvtimeout 600000
#redispatch
retries 2
option httpchk GET /probe.jsp
server svc-node01-order01 10.1.207.227:10501 check inter 5000
backend base
mode http
balance roundrobin
contimeout 5000
clitimeout 600000
srvtimeout 600000
#redispatch
retries 2
option httpchk GET /probe.jsp
server svc-node01-base01 10.1.207.227:10601 check inter 5000
backend sec
mode http
balance roundrobin
contimeout 5000
clitimeout 600000
srvtimeout 600000
#redispatch
retries 2
option httpchk GET /probe.jsp
server svc-node01-sec01 10.1.207.227:10301 check inter 5000
backend prod
mode http
balance roundrobin
contimeout 5000
clitimeout 600000
srvtimeout 600000
#redispatch
retries 2
option httpchk GET /probe.jsp
server svc-node01-prod01 10.1.207.227:10401 check inter 5000
frontend ftpgw
bind 0.0.0.0:14004
mode http
log global
option httplog
option dontlognull
maxconn 20000
clitimeout 600000
srvtimeout 600000
acl acl-ftp-gateway path_beg /gateway
use_backend ftp_gw if acl-ftp-gateway
backend ftp_gw
mode http
balance roundrobin
contimeout 5000
srvtimeout 600000
redispatch
retries 2
#option httpchk GET /probe
server web-node01-ftpgw01 10.1.208.227:14004 check inter 5000
listen manager
bind 0.0.0.0:2000
mode http
balance roundrobin
stats uri /status
stats realm Global\ statistics
stats auth admin:admin
2.在bin目录下添加启动脚本
touch start-api.sh
touch stop-api.sh
修改start-api.sh脚本
#!/bin/sh
../sbin/haproxy -f ../etc/haproxy-api.conf
修改stop-api.sh脚本
#!/bin/sh
ps -ef | grep haproxy-api | grep -v grep | awk '{print $2}' | xargs kill -9
5.启动报错
haproxy 2.1后面版本相关配置修改了
6.修改对应版本ha的配置文件关键字
global
maxconn 20000 # 限制单个进程的最大连接数
#chroot /home/proxy/haproxy
daemon # 让进程作为守护进程在后台运行
quiet
nbproc 1 # 指定作为守护进程运行时的进程数
pidfile /home/proxy/haproxy-api.pid
defaults
log global
mode http
option httplog
option dontlognull #不记录空连接
option httpclose
log 127.0.0.1 local0 info #日志级别[err warning info debug]
#retries 0 # 设置在一个服务器上链接失败后的重连次数
#option option redispatch # 在连接失败或断开的情况下,允许当前会话被重新分发
maxconn 20000 # 可被发送到后端服务器的最大并发连接数
timeout connect 5000ms # 设置等待连接到服务器成功的最大时间
timeout client 600000ms # 设置客户端的最大超时时间
timeout server 600000ms # 设置服务器端的最大超时时间
frontend controller
bind 0.0.0.0:10000
mode http
log global
option httplog
option dontlognull
maxconn 20000
timeout client 600000
timeout server 600000
acl acl-controller-order path_beg /api/order
use_backend order if acl-controller-order
acl acl-controller-base path_beg /api/base
use_backend base if acl-controller-base
acl acl-controller-sec path_beg /api/sec
use_backend sec if acl-controller-sec
acl acl-controller-prod path_beg /api/prod
use_backend prod if acl-controller-prod
backend order
mode http
balance roundrobin
timeout connect 5000
timeout client 600000
timeout server 600000
#option redispatch
retries 2
option httpchk GET /probe.jsp
server svc-node01-order01 10.1.207.227:10501 check inter 5000
backend base
mode http
balance roundrobin
timeout connect 5000
timeout client 600000
timeout server 600000
#option redispatch
retries 2
option httpchk GET /probe.jsp
server svc-node01-base01 10.1.207.227:10601 check inter 5000
backend sec
mode http
balance roundrobin
timeout connect 5000
timeout client 600000
timeout server 600000
#option redispatch
retries 2
option httpchk GET /probe.jsp
server svc-node01-sec01 10.1.207.227:10301 check inter 5000
backend prod
mode http
balance roundrobin
timeout connect 5000
timeout client 600000
timeout server 600000
#option redispatch
retries 2
option httpchk GET /probe.jsp
server svc-node01-prod01 10.1.207.227:10401 check inter 5000
frontend ftpgw
bind 0.0.0.0:14004
mode http
log global
option httplog
option dontlognull
maxconn 20000
timeout client 600000
timeout server 600000
acl acl-ftp-gateway path_beg /gateway
use_backend ftp_gw if acl-ftp-gateway
backend ftp_gw
mode http
balance roundrobin
timeout connect 5000
timeout client 600000
timeout server 600000
#option redispatch
retries 2
#option httpchk GET /probe
server web-node01-ftpgw01 10.1.208.227:14004 check inter 5000
listen manager
bind 0.0.0.0:2000
mode http
balance roundrobin
stats uri /status
stats realm Global\ statistics
stats auth admin:admin
7.进入管理页面并且输入配置的账号密码
8.探针安全检查服务正常
9.配置日志
1.修改rsyslog配置
vi /etc/rsyslog.conf 打开如下配置并且增加haproxy日志级别和haproxy的日志存放地址
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Save haproxy log
local3.* /home/proxy/logs/haproxy.log
vi /etc/sysconfig/rsyslog 配置文件
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"# See rsyslogd(8) for more details
SYSLOGD_OPTIONS="-r -m 0 "
相关解释说明:
-r:打开接受外来日志消息的功能,其监控514 UDP端口;
-x:关闭自动解析对方日志服务器的FQDN信息,这能避免DNS不完整所带来的麻烦;
-m:修改syslog的内部mark消息写入间隔时间(0为关闭),例如240为每隔240分钟写入一次"--MARK--"信息;
-h:默认情况下,syslog不会发送从远端接受过来的消息到其他主机,而使用该选项,则把该开关打开,所有
接受到的信息都可根据syslog.conf中定义的@主机转发过去
2.修改haproxy.conf配置
vi /home/proxy/etc/haproxy-api.conf 配置haproxy日志级别
log 127.0.0.1 local3 #日志级别[err warning info debug]
3.重启haproxy并且访问页面
http://10.1.208.228:2000/status 访问 即可查看到日志生成.访问一次即可看到haproxy日志多一行访问记录
224
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
