haproxy介绍
HAProxy是一个使用C语言编写的自由及开放源代码软件[1],其提供高可用性、负载均衡,以及基于TCP和HTTP的应用程序代理。
haproxy部署
- 下载地址
https://github.com/haproxy/haproxy/tags
准备工作
//准备工作,关闭三台主机的防火墙和selinunx
[root@localhost ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# vim /etc/selinux/config
[root@localhost ~]# setenforce 0
//配置RS的网站
[root@RS1 ~]# dnf -y install httpd
[root@RS1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS1 ~]# echo 'RS1' > /var/www/html/index.html
[root@RS1 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
[root@RS2 ~]# dnf -y install httpd
[root@RS2 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS2 ~]# echo 'RS2' > /var/www/html/index.html
[root@RS2 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
haproxy安装
//下载包
[root@haproxy ~]# wget https://github.com/haproxy/haproxy/archive/refs/tags/v2.6.0.tar.gz
[root@haproxy ~]# yum -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel
//创建系统用户
[root@haproxy ~]# useradd -r -M -s /sbin/nologin haproxy
//解压包
[root@haproxy ~]# tar xf v2.6.0.tar.gz
[root@haproxy ~]# cd haproxy-2.6.0/
[root@haproxy haproxy-2.6.0]# ls
addons BRANCHES CONTRIBUTING doc include LICENSE Makefile reg-tests src tests VERSION
admin CHANGELOG dev examples INSTALL MAINTAINERS README scripts SUBVERS VERDATE
//INSTALL 说明
//README 说明
[root@haproxy haproxy-2.6.0]# make clean
[root@haproxy haproxy-2.6.0]# make -j $(grep 'processor' /proc/cpuinfo |wc -l) TARGET=linux-glibc USE_OPENSSL=1 USE_ZLIB=1 USE_PCRE=1 USE_SYSTEMD=1
[root@haproxy haproxy-2.6.0]# make install PREFIX=/usr/local/haproxy //编译安装
[root@haproxy haproxy]# cd
[root@haproxy ~]# cd /usr/local/haproxy/
//设置软连接
[root@haproxy haproxy]# ln -s /usr/local/haproxy/sbin/haproxy /usr/sbin/
[root@haproxy haproxy]# which haproxy
/usr/sbin/haproxy
[root@haproxy haproxy]#
配置各个负载的内核参数
[root@haproxy haproxy]# echo 'net.ipv4.ip_nonlocal_bind = 1' >> /etc/sysctl.conf
[root@haproxy haproxy]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
[root@haproxy haproxy]# sysctl -p //读取
net.ipv4.ip_nonlocal_bind = 1 //ip绑定,让系统可以用虚拟IP,没有配置的IP
net.ipv4.ip_forward = 1 //ip转发
[root@haproxy haproxy]#
提供配置文件
[root@haproxy haproxy]# mkdir -p /etc/haproxy
[root@haproxy haproxy]# cd /etc/haproxy/
[root@haproxy haproxy]# cat > /etc/haproxy/haproxy.cfg <<EOF
> #--------------全局配置----------------
> global
> log 127.0.0.1 local0 info
> #log loghost local0 info
> maxconn 20480
> #chroot /usr/local/haproxy
> pidfile /var/run/haproxy.pid
> #maxconn 4000
> user haproxy
> group haproxy
> daemon
> #---------------------------------------------------------------------
> #common defaults that all the 'listen' and 'backend' sections will
> #use if not designated in their block
> #---------------------------------------------------------------------
> defaults
> mode http
> log global
> option dontlognull
> option httpclose
> option httplog
> #option forwardfor
> option redispatch
> balance roundrobin
> timeout connect 10s
> timeout client 10s
> timeout server 10s
> timeout check 10s
> maxconn 60000
> retries 3
> #--------------统计页面配置------------------
> listen admin_stats
> bind 0.0.0.0:8189
> stats enable
> mode http
> log global
> stats uri /haproxy_stats
> stats realm Haproxy\ Statistics
> stats auth admin:admin
> #stats hide-version
> stats admin if TRUE
> stats refresh 30s
> #---------------web设置-----------------------
> listen webcluster
> bind 0.0.0.0:80
> mode http
> #option httpchk GET /index.html
> log global
> maxconn 3000
> balance roundrobin
> cookie SESSION_COOKIE insert indirect nocache
> server web01 172.16.103.130:80 check inter 2000 fall 5
> #server web01 192.168.80.102:80 cookie web01 check inter 2000 fall 5
> EOF
[root@haproxy haproxy]#
//自定义设置配置文件,看目录下的事例
[root@haproxy ~]# cd haproxy-2.6.0/
[root@haproxy haproxy-2.6.0]# ls
addons BRANCHES CONTRIBUTING doc haproxy INSTALL MAINTAINERS README scripts SUBVERS VERDATE
admin CHANGELOG dev examples include LICENSE Makefile reg-tests src tests VERSION
//启用日志
[root@haproxy ~]# vim /etc/rsyslog.conf
# Save boot messages also to boot.log
local0.* /var/log/haproxy.log //添加这么一行
local7.* /var/log/boot.log
//重启服务
[root@haproxy ~]# systemctl enable --now rsyslog
[root@haproxy ~]# systemctl status rsyslog
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2022-05-26 14:49:41 CST; 2 months 20 days ago
Docs: man:rsyslogd(8)
https://www.rsyslog.com/doc/
Main PID: 1381 (rsyslogd)
Tasks: 3 (limit: 11160)
Memory: 2.3M
[root@haproxy ~]# systemctl restart rsyslog
//更改
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
#---------------web设置-----------------------
listen webcluster
bind 0.0.0.0:80
mode http
#option httpchk GET /index.html
log global
maxconn 3000
balance roundrobin
cookie SESSION_COOKIE insert indirect nocache
server web01 192.168.70.134:80 check inter 2000 fall 5 // 添加RS
server web02 192.168.70.139:80 check inter 2000 fall 5 //添加RS
#server web01 192.168.80.102:80 cookie web01 check inter 2000 fall 5
haproxy.service文件编写
[root@haproxy ~]# cat /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
ExecReload=/bin/kill -USR2
[Install]
WantedBy=multi-user.target
[root@haproxy ~]# systemctl daemon-reload
[root@haproxy ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
//开机自启
[root@haproxy ~]# systemctl enable --now haproxy
Created symlink /etc/systemd/system/multi-user.target.wants/haproxy.service → /usr/lib/systemd/system/haproxy.service.
[root@haproxy ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 //虚拟接口 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 0.0.0.0:8189 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [: