首先默认配置前面global,defaults 先贴出,后面就不贴出这两项配置了,不然过于冗长,haproxy 由 global,defaults和 listen组成,当然了,frontend+backend可以替代listen。
root@youyou:~# cat /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /run/haproxy
stats socket /run/haproxy.sock mode 600 level admin
user haproxy
group haproxy
daemon
#nbproc 4
#cpu-map 1 0
#cpu-map 2 1
#cpu-map 3 2
#cpu-map 4 3
pidfile /run/haproxy.pid
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen web
bind 192.168.19.30:80
mode tcp
balance leastconn
server web1 192.168.19.15:80 check
server web2 192.168.19.16:80 check
- haproxy 配置简单的四层代理
listen web bind 192.168.19.30:80 mode tcp balance leastconn server web1 192.168.19.15:80 check inter 3000 fall 3 rise 5 server web2 192.168.19.16:80 check inter 3000 fall 3 rise 5
- haproxy 配置状态页面
stats enable #基于默认的参数启用stats page
stats hide-version #隐藏版本
stats refresh #设定自动刷新时间间隔
stats uri #自定义stats page uri,默认值:/haproxy?stats
stats realm #账户认证时的提示信息,示例:stats realm : HAProxy\ Statistics
stats auth : #认证时的账号和密码,可使用多次,默认:no authentication
stats admin { if | unless } #启用stats page中的管理功能listen stats bind 192.168.19.30:8008 stats enable stats uri /stats stats realm login stats auth youyou:youyou stats refresh 30s
- haproxy 配置七层代理和七层检测
需要后端服务器有check.html这个文件listen web bind 192.168.19.30:80 mode http balance roundrobin option httpchk HEAD /check.html HTTP/1.0\r\nHost:\ 192.168.19.30 server web1 192.168.19.15:80 check inter 3000 fall 3 rise 5 server web2 192.168.19.16:80 check inter 3000 fall 3 rise 5
- haproxy 配置自动跳转https
自签证书
配置haproxyroot@youyou:/apps/haproxy/certs# pwd /apps/haproxy/certs root@youyou:/apps/haproxy/certs# openssl genrsa -out haproxy.key 2048 Generating RSA private key, 2048 bit long modulus (2 primes) ....................+++++ .................................+++++ e is 65537 (0x010001) root@youyou:/apps/haproxy/certs# openssl req -new -x509 -key haproxy.key -out haproxy.crt -subj "/CN=www.youyou.com" Can't load /root/.rnd into RNG 139620787372480:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd root@youyou:/apps/haproxy/certs# cat haproxy.key haproxy.crt > haproxy.pem root@youyou:/apps/haproxy/certs# ll total 20 drwxr-xr-x 2 root root 4096 Jan 17 08:45 ./ drwxr-xr-x 6 root root 4096 Jan 17 08:44 ../ -rw-r--r-- 1 root root 1127 Jan 17 08:45 haproxy.crt -rw------- 1 root root 1675 Jan 17 08:45 haproxy.key -rw-r--r-- 1 root root 2802 Jan 17 08:45 haproxy.pem root@youyou:/apps/haproxy/certs#
重新加载查看效果,发现访问http 自动302跳转了frontend web_http bind 192.168.19.30:80 redirect scheme https if ! { ssl_fc } frontend web_https bind 192.168.19.30:443 ssl crt /apps/haproxy/certs/haproxy.pem use_backend web backend web mode http server web1 192.168.19.15:80 check server web2 192.168.19.16:80 check