Ubuntu haproxy配置实例

  首先默认配置前面global，defaults 先贴出，后面就不贴出这两项配置了，不然过于冗长，haproxy 由 global，defaults和 listen组成，当然了，frontend+backend可以替代listen。

root@youyou:~# cat /etc/haproxy/haproxy.cfg
global
	maxconn 100000
	chroot /run/haproxy
	stats socket /run/haproxy.sock mode 600 level admin
	user haproxy
	group haproxy
	daemon
	#nbproc 4
	#cpu-map 1 0
	#cpu-map 2 1
	#cpu-map 3 2
	#cpu-map 4 3
	pidfile /run/haproxy.pid
defaults
	option http-keep-alive
	option forwardfor
	maxconn 100000
	mode http
	timeout connect 300000ms
	timeout client 300000ms
	timeout server 300000ms
listen web
	bind 192.168.19.30:80
	mode tcp
	balance leastconn
	server web1 192.168.19.15:80 check 
	server web2 192.168.19.16:80 check 

1. haproxy 配置简单的四层代理

   listen web
           bind 192.168.19.30:80
           mode tcp
           balance leastconn
           server web1 192.168.19.15:80 check inter 3000 fall 3 rise 5
           server web2 192.168.19.16:80 check inter 3000 fall 3 rise 5
   
   

2. haproxy 配置状态页面
   stats enable #基于默认的参数启用stats page
   stats hide-version #隐藏版本
   stats refresh #设定自动刷新时间间隔
   stats uri #自定义stats page uri，默认值：/haproxy?stats
   stats realm #账户认证时的提示信息，示例：stats realm : HAProxy\ Statistics
   stats auth : #认证时的账号和密码，可使用多次，默认：no authentication
   stats admin { if | unless } #启用stats page中的管理功能

   listen stats
   	bind 192.168.19.30:8008
   	stats enable
   	stats uri /stats
   	stats realm login
   	stats auth youyou:youyou
   	stats refresh 30s
   

   
3. haproxy 配置七层代理和七层检测
   需要后端服务器有check.html这个文件

   listen web
       bind 192.168.19.30:80
       mode http
       balance roundrobin
       option httpchk HEAD /check.html HTTP/1.0\r\nHost:\ 192.168.19.30
       server web1 192.168.19.15:80 check inter 3000 fall 3 rise 5
       server web2 192.168.19.16:80 check inter 3000 fall 3 rise 5
   

4. haproxy 配置自动跳转https
   自签证书

   root@youyou:/apps/haproxy/certs# pwd
   /apps/haproxy/certs
   root@youyou:/apps/haproxy/certs# openssl genrsa -out haproxy.key 2048
   Generating RSA private key, 2048 bit long modulus (2 primes)
   ....................+++++
   .................................+++++
   e is 65537 (0x010001)
   root@youyou:/apps/haproxy/certs# openssl req -new -x509 -key haproxy.key -out haproxy.crt -subj "/CN=www.youyou.com"
   Can't load /root/.rnd into RNG
   139620787372480:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
   root@youyou:/apps/haproxy/certs# cat haproxy.key haproxy.crt > haproxy.pem
   root@youyou:/apps/haproxy/certs# ll
   total 20
   drwxr-xr-x 2 root root 4096 Jan 17 08:45 ./
   drwxr-xr-x 6 root root 4096 Jan 17 08:44 ../
   -rw-r--r-- 1 root root 1127 Jan 17 08:45 haproxy.crt
   -rw------- 1 root root 1675 Jan 17 08:45 haproxy.key
   -rw-r--r-- 1 root root 2802 Jan 17 08:45 haproxy.pem
   root@youyou:/apps/haproxy/certs#
   

   配置haproxy

   frontend web_http
           bind 192.168.19.30:80
           redirect scheme https if ! { ssl_fc }
   frontend web_https
           bind 192.168.19.30:443 ssl crt /apps/haproxy/certs/haproxy.pem
           use_backend web
   backend web
           mode http
           server web1 192.168.19.15:80 check
           server web2 192.168.19.16:80 check
   

   重新加载查看效果，发现访问http 自动302跳转了