一. 概念
HAProxy是一个特别适用于高可用性环境的TCP/HTTP开源的反向代理和负载均衡软件。实现了一种事件驱动,单一进程模型,支持非常大的并发连接,是因为事件驱动模型有更好的资源和时间管理的用户端(user-space)实现这些业务
- 在7层负载均衡方面的功能很强大(支持cookie track, header rewrite等等)
- 支持双机热备
- 支持虚拟主机
- 支持健康检查
- 同时还提供直观的监控页面,可以清晰实时的监控服务集群的运行状况。
- 同时支持Linux 2.6内核中System Epoll,通过简化系统调用,大幅的提高了网络I/O性能。
二. haproxy负载均衡服务器部署
1)实验环境
server2(haproxy服务器,关掉http) | 172.25.21.2 |
server3(httpd后台服务器) | 172.25.21.3 |
server4(httpd后台服务器) | 172.25.21.4 |
2)安装并进行配置
- server2上进行安装
[root@server2 ~]# yum install haproxy -y
- 启动服务并切换到/etc/haproxy
[root@server2 haproxy]# systemctl start haproxy
[root@server2 haproxy]# systemctl stop httpd
[root@server2 ~]# cd /etc/haproxy/
[root@server2 haproxy]# ls
haproxy.cfg
[root@server2 haproxy]# vim haproxy.cfg
- 编辑配置文件并重启服务
[root@server2 haproxy]# systemctl restart haproxy
[root@server2 haproxy]# cat haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main *:80
# acl url_static path_beg -i /static /images /javascript /stylesheets
# acl url_static path_end -i .jpg .gif .png .css .js
# use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#backend static
# balance roundrobin
# server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
server vm3 172.25.21.3:80 check
server vm4 172.25.21.4:80 check
3)测试
- 访问server2
- systemctl stop httpd 在sevrer3中关闭apache(判断实现负载均衡)
三. 实现监控
1)添加监控
[root@server2 ~]# vim /etc/haproxy/haproxy.cfg
59 stats uri /status
[root@server2 ~]# systemctl restart haproxy.service
- 绿色表示正常打开
- 当关闭sevrer3时,vm3那一行会先变黄(active UP, going down),再变成红色(active or backup DOWN)
访问以下,其信息也会显示在监控页面上,此处可以自行研究下页面所显示的功能
2)添加用户认证并设置自动刷新时间
[root@server2 haproxy]# vim haproxy.cfg
59 stats uri /status #添加监控
60 stats auth lyqiu:westos #添加用户认证 name:passwd
61 stats refresh 5s #5s刷新一次监控
[root@server2 haproxy]# systemctl restart haproxy
- 此时我们需要经过认证才可以查看监控界面
认证成功,并且也在进行5s一次的刷新活动。如果不想刷新了,可以点击界面右上角的Disable refresh就可以停止刷新
- 认证失败时会显示401错误