PS:想了解haproxy理论知识,请移步haproxy理论篇
一、实验环境
主机名 | 角色 | IP地址 |
---|---|---|
haproxy | 172.25.254.100 | |
web1 | RS1 | 172.25.254.10 |
web2 | RS2 | 172.25.254.20 |
client | 客户机 | 172.25.254.254 |
二、haproxy的基本部署
1、安装nginx服务(web1、web2)
#安装nginx服务
dnf install -y nginx
#开机自启
systemctl enable --now nginx
2、网页文件(web1、web2)
#在web1中
echo web1 > /usr/share/nginx/html/index.html
#在web2中
echo web2 > /usr/share/nginx/html/index.html
3、安装haproxy服务(haproxy)
#下载haproxy
dnf install -y haproxy
#开机自启
systemctl enable --now haproxy
三、haproxy的全局配置
1、编辑配置文件(haproxy)
第一种:
vim /etc/haproxy/haproxy.cfg
frontend webcluster
bind *:80
mode http
use_backend webcluster-host
backend webcluster-host
balance roundrobin
server web1 172.25.254.10:80
server web2 172.25.254.20:80
第二种:(就是将第一种整合起来)
vim /etc/haproxy/haproxy.cfg
listen webcluster
bind *:80
mode http
balance roundrobin
server web1 172.25.254.10:80
server web2 172.25.254.20:80
2、重启服务 (haproxy)
systemctl restart haproxy
3、测试(client)
curl 172.25.254.100
四、haproxy代理参数
1、关闭 RS1 和 RS2 的 nginx ,网页页面跳转 haproxy 的页面
1.1 apache服务(haproxy)
#安装
dnf install -y httpd
#修改端口号
vim /etc/httpd/conf/httpd.conf
listen 8080
#开机自启
systemctl enable --now httpd
#网页内容
echo fail > /var/www/html/index.html
1.2 配置文件(haproxy)
#编辑配置文件
vim /etc/haproxy/haproxy.cfg
listen webcluster
bind *:80
mode http
balance roundrobin
#inter:健康状态次数 fall:失效次数 rise:有效次数 weight:权重
server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1
server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
server web_sorry 172.25.254.100:8080 backup
#重启服务
systemctl restart haproxy
1.3 停止nginx(web1、web2)
systemctl stop nginx
1.4 测试(client)
curl 172.25.254.100
结果:显示haproxy的页面 fail
2、关闭 RS1
2.1 配置文件(haproxy)
#编辑配置文件
vim /etc/haproxy/haproxy.cfg
listen webcluster
bind *:80
mode http
balance roundrobin
#inter:健康状态次数 fall:失效次数 rise:有效次数 weight:权重
server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1 disabled
server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
server web_sorry 172.25.254.100:8080 backup
#重启服务
systemctl restart haproxy
2.2 测试
curl 172.25.254.100
结果 :只显示web2的页面
3、网页重定向(百度为例)
3.1 配置文件(haproxy)
#编辑配置文件
vim /etc/haproxy/haproxy.cfg
listen webcluster
bind *:80
mode http
balance roundrobin
redirect prefix http://www.baidu.com
#重启服务
systemctl restart haproxy
3.2 测试
curl 172.25.254.100
结果:看到百度页面
五、haproxy热处理
1、单线程
1.1 配置文件(haproxy)
#编辑配置文件
vim /etc/haproxy/haproxy.cfg
#加上admin变为超级用户
stats socket /var/lib/haproxy/stats mode 600 level admin
listen webcluster
bind *:80
mode http
balance roundrobin
#inter:健康状态次数 fall:失效次数 rise:有效次数 weight:权重
server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1
server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
server web_sorry 172.25.254.100:8080 backup
#重启服务
systemctl restart haproxy
1.2 安装socat工具(haproxy)
dnf install socat -y
1.3 热处理(haproxy)
echo get weight server webcluster/web1 | socat stdio /var/lib/haproxy/stats
echo "set weight server webcluster/web1 2" | socat stdio /var/lib/haproxy/stats
echo "set weight server webcluster/web1 1" | socat stdio /var/lib/haproxy/stats
echo 'get server stats' | socat stdio /var/lib/haproxy/stats
echo 'show server stats' | socat stdio /var/lib/haproxy/stats
echo "disenable server webcluster/web1" | socat stdio /var/lib/haproxy/stats
echo "enable server webcluster/web1" | socat stdio /var/lib/haproxy/stats
2、多线程
2.1 配置文件(haproxy)
#编辑配置文件
vim /etc/haproxy/haproxy.cfg
stats socket /var/lib/haproxy/haproxy.sock1 mode 600 level admin process 1
stats socket /var/lib/haproxy/haproxy.sock2 mode 600 level admin process 2
nbproc 2
cpu-map 10
cpu-map 2 1
2.2 查看
ll /var/lib/haproxy
六、haproxy的算法
1、静态算法
1.1 static-rr
listen webcluster
bind *:80
mode http
balance static-rr
server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1
server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
1.2 first
listen webcluster
bind *:80
mode http
balance first
server web1 172.25.254.10:80 maxconn 3 check inter 3s fal1 3 rise 5
server web2 172.25.254.20:80 check inter 3s fal1 3 rise 5
2、动态算法
2.1 roundrobin
listen webcluster
bind *:80
mode http
balance roundrobin
server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1
server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
2.2 leastconn
listen webcluster
bind *:80
mode http
balance leastconn
server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1
server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
3、其他算法
3.1 source
listen webcluster
bind *:80
mode http
balance source
server web1 172.25.254.10:80 weight 1 check inter 3s fal1 3 rise 5
server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
3.1.1 map-base取模法
listen webcluster
bind *:80
mode http
balance source
server web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5
server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
#不支持动态调整权重值
echo "set weight webcluster/web1 2" socat stdio/var/lib/haproxy/haproxy.sock
Backend is using a static LB algorithm and only accepts weights '0%' and '100%'
#只能动态上线和下线
echo "set weight webcluster/web1 0" socat stdio /var/lib/haproxy/stats
echo "get weight webcluster/web1" socat stdio /var/lib/haproxy/stats
0(initial 1)
3.1.2 一致性hash
listen webcluster
bind *:80
mode http
balance source
hash-type consistent
server web1 172.25.254.10:80 weight 1 check inter 3s fal1 3 rise 5
server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
3.2 uri
3.2.1 uri 取模法配置示例
listen webcluster
bind *:80
mode http
balance uri
server web1 172.25.254.10:80 weight 1 check inter 3s fal1 3 rise 5
server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
3.2.2 uri -致性hash配置示例
listen webcluste
bind *:80
mode http
balance uri
hash-type consistent
server web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5
server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
3.2.3 访问测试
#在web1中
echo web1 11 > /usr/share/nginx/html/index1.html
echo web1 22 > /usr/share/nginx/html/index2.html
echo web1 33 > /usr/share/nginx/html/index3.html
#在客户机中
curl 172.25.254.100/index1.html
curl 172.25.254.100/index2.html
curl 172.25.254.100/index3.html
3.3 ur]_param
3.3.1 url_param取模法配置示例
listen webcluster
bind *:80
mode http
balance urlparam name,userid #支持对多个ur]_param hash
server web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5
server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
3.3.2 url_param一致性hash配置示例
listen webcluster
bind *:80
mode http
balance urlparam name,userid #支持对多个ur]_param hash
hash-type consistent
server web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5
server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
3.3.3 访问测试
#在客户机中
curl 172.25.254.100/index1.html?userid=111
curl 172.25.254.100/index2.html?userid=111
curl 172.25.254.100/index3.html?userid=111
3.4 hdr
3.4.1 hdr取模法配置示例
listen webcluster
bind *:80
mode http
balance hdr(user-Agent)
server web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5
server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
3.4.2 hdr一致性hash配置示例
listen webcluster
bind *:80
mode http
balance hdr(user-Agent)
hash-type consistent
server web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5
server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
3.4.3 访问测试
curl -v 172.25.254.100
curl -v "baidu" 172.25.254.100
七、基于cookie的会话保持
1、配置文件(haproxy)
#编辑配置文件
vim /etc/haproxy/haproxy.cfg
listen webcluster
bind *:80
mode http
balance roundrobin
cookie WEBCOOKIE insert nocache indirect
server web1 172.25.254.10:80 cookie moon1 check inter 2 fall 3 rise 5 weight 1
server web2 172.25.254.20:80 cookie moon2 check inter 2 fall 3 rise 5 weight 1
#重启服务
systemctl restart haproxy.service
2、测试
curl -b WEBCOOKIE=moon1 172.25.254.100
curl -b WEBCOOKIE=moon2 172.25.254.100
八、ip透传
#web1
#卸载nginx
rpm -e nginx
#下载apache
dnf install -y httpd
#开机自启
systemctl enable --now httpd
1、四层
listen webcluster
bind *:80
mode tcp
balance roundrobin
server web1 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
2、七层
listen webcluster
option forwardfor
bind *:80
mode tcp
balance roundrobin
server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1
server web1 172.25.254.10:80 send-proxy check inter 2 fall 3 rise 5 weight 1
九、自定义错误页面
vim /etc/haproxy/haproxy.cfg
errorfie 503 haproxy/errorpages/503page.http
mkdir /haproxy/errorpages/ -p
cp usr/share/haproxy/503.http/haproxy/errorpages/503page.http
vim /haproxy/errorpages/503page.http
HTTP/1.0 503 Service Unavailable
Cache-Control:no-cache
Connection:close
Content-Type:text/html;charset=UTF-8
<htm]><body><h1>什么动物生气最安静</h1>大猩猩!!
</body></htm1>
十、四层负载示例
vim /etc/haproxy/haproxy.cfg
frontend mysql_port
bind :3306
mode tcp
use_backend mysql_rs
listen mysql_port
bind :3306
mode tcp
balance leastconn
server mysql1 172.25.254.10:3306 check
server mysql2 172.25.254.20:3306 check
#RS1和RS2下载数据库
dnf install mariadb-server -y
dnf install mariadb-server -y
#RS1
vim /etc/my.cnf
server-id=1
mysql -e "grant all on *.* to lee'%' identified by 'lee';"
#RS2
vim /etc/my.cnf
server-id=2
mysql -e "grant all on *.* to lee'%' identified by 'lee';"
十一、haproxy的https
#证书制作
mkdir /etc/haproxy/certs/
opensslreg -newkey rsa:2048 -nodes -sha256 -keyout /etc/haproxy/certs/timinglee.org.key -x509 -days 365 out /etc/haproxy/certs/timinglee.org.crt
vim /etc/haproxy/haproxy.cfg
frontend webserver
bind *:80
redirect scheme https if !{ ssl_fc }
mode http
use backend webcluster
frontend webserver-https
bind *:443 ssl crt /etc/haproxy/timinglee.org.pem
mode http
use backend webcluster
backend webcluster
mode http
balance roundrobin
server webl 172.25.254.10:80 check inter 3s fall 3 rise 5
server web2 172.25.254.20:80 check inter 3s fall 3 rise 5