haproxy
1. 集群
1.1 负载均衡集群
lvs 四层负载,到传输层 nginx 七层负载 到应用层 haproxy 可四层,可七层负载 slb 云主机服务,付费 F5 硬件设备,付费
1.2 高可用集群
1.3 高性能集群
2. haproxy安装
HAProxy是一个使用C语言编写的自由及开放源代码软件 HAProxy是一个使用C语言编写的自由及开放源代码软件,其提供高可用性、负载均衡,以及基于TCP和HTTP的应用程序代理。 HAProxy是一个免费的负载均衡软件,可以运行于大部分主流的Linux操作系统上。 HAProxy提供了L4(TCP)和L7(HTTP)两种负载均衡能力,具备丰富的功能。HAProxy的社区非常活跃,版本更新快速。最关键的是,HAProxy具备媲美商用负载均衡器的性能和稳定性。
2.1 环境
主机 IP haproxy 192.168.232.132 RS1 192.168.232.134 RS2 192.168.232.128
[root@haproxy ~]# systemctl disable - - now firewalld
Removed / etc/ systemd/ system / multi- user.target.wants/ firewalld.service.
Removed / etc/ systemd/ system / dbus- org.fedoraproject.FirewallD1.service.
[root@haproxy ~]# vim / etc/ selinux/ config
[root@haproxy ~]# setenforce 0
[root@haproxy ~]#
[root@RS1 ~]# systemctl disable - - now firewalld
Removed / etc/ systemd/ system / multi- user.target.wants/ firewalld.service.
Removed / etc/ systemd/ system / dbus- org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# vim / etc/ selinux/ config
[root@RS1 ~]# setenforce 0
[root@RS1 ~]# dnf - y install httpd
[root@RS1 ~]# systemctl enable - - now httpd
Created symlink / etc/ systemd/ system / multi- user.target.wants/ httpd.service 鈫� / usr/ lib/ systemd/ system / httpd.service.
[root@RS1 ~]# echo '120120120 RS1' > / var/ www/ html/ index.html
[root@RS1 ~]# cat / var/ www/ html/ index.html
120120120 RS1
[root@RS1 ~]# ss - antl
State Recv- Q Send- Q Local Address: Port Peer Address: Port Process
LISTEN 0 128 0.0 .0 .0 : 22 0.0 .0 .0 : *
LISTEN 0 128 [: : ]: 22 [: : ]: *
LISTEN 0 128 * : 80 * : *
[root@RS1 ~]#
[root@RS2 ~]# systemctl disable - - now firewalld
Removed / etc/ systemd/ system / multi- user.target.wants/ firewalld.service.
Removed / etc/ systemd/ system / dbus- org.fedoraproject.FirewallD1.service.
[root@RS2 ~]# vim / etc/ selinux/ config
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# dnf - y install httpd
[root@RS2 ~]# systemctl enable - - now httpd
Created symlink / etc/ systemd/ system / multi- user.target.wants/ httpd.service → / usr/ lib/ systemd/ system / httpd.service.
[root@RS2 ~]# echo '9999999 RS2' > / var/ www/ html/ index.html[root@RS2 ~]# cat / var/ www/ html/ index.html
9999999 RS2
[root@RS2 ~]# ss - antl
State Recv- Q Send- Q Local Address: Port Peer Address: Port Process
LISTEN 0 128 0.0 .0 .0 : 22 0.0 .0 .0 : *
LISTEN 0 128 [: : ]: 22 [: : ]: *
LISTEN 0 128 * : 80 * : *
[root@RS2 ~]#
2.2 软件网址
[root@haproxy ~]# wget https: / / github.com / haproxy/ haproxy/ archive/ refs/ tags/ v2.7 - dev0.tar.gz
[root@haproxy ~]# ls
anaconda- ks.cfg v2.7 - dev0.tar.gz
[root@haproxy ~]# yum - y install make gcc pcre- devel bzip2- devel openssl- devel systemd- devel
[root@haproxy ~]# tar xf v2.7 - dev0.tar.gz
[root@haproxy ~]# useradd - r - M - s / sbin/ nologin haproxy
注意:
make clean
make - j $( grep 'processor' / proc/ cpuinfo |wc - l) \
TARGET= linux- glibc \
USE_OPENSSL= 1 \
USE_ZLIB= 1 \
USE_PCRE= 1 \
USE_SYSTEMD= 1
make install PREFIX= / usr/ local/ haproxy
正式编译:
[root@haproxy ~]# ls
anaconda- ks.cfg haproxy- 2.7 - dev0 v2.7 - dev0.tar.gz
[root@haproxy ~]# cd haproxy- 2.7 - dev0/
[root@haproxy haproxy- 2.7 - dev0]# ls
BRANCHES MAINTAINERS VERSION examples tests
CHANGELOG Makefile addons include
CONTRIBUTING README admin reg- tests
INSTALL SUBVERS dev scripts
LICENSE VERDATE doc src
[root@haproxy haproxy- 2.7 - dev0]# make clean
[root@haproxy haproxy- 2.7 - dev0]# make - j $( grep 'processor' / proc/ cpuinfo |wc - l) \
> TARGET= linux- glibc \目标
> USE_OPENSSL= 1 \
> USE_ZLIB= 1 \
> USE_PCRE= 1 \
> USE_SYSTEMD= 1
[root@haproxy haproxy- 2.7 - dev0]# make install PREFIX= / usr/ local/ haproxy
[root@haproxy ~]# cd haproxy- 2.7 - dev0/
[root@haproxy haproxy- 2.7 - dev0]# ls
BRANCHES MAINTAINERS VERSION examples tests
CHANGELOG Makefile addons include
CONTRIBUTING README admin reg- tests
INSTALL SUBVERS dev scripts
LICENSE VERDATE doc src
[root@haproxy haproxy- 2.7 - dev0]#
[root@haproxy haproxy- 2.7 - dev0]# ls INSTALL
INSTALL
[root@haproxy haproxy- 2.7 - dev0]# ls README
README
[root@haproxy haproxy- 2.7 - dev0]#
2.3 安装完成,设置
[root@haproxy ~]# cd / usr/ local/
[root@haproxy local]# ls
bin games include lib64 sbin src
etc haproxy lib libexec share
[root@haproxy local]# cd haproxy/
[root@haproxy haproxy]# ls
doc sbin share
[root@haproxy haproxy]# ls sbin/
haproxy
[root@haproxy haproxy]#
[root@haproxy haproxy]# which haproxy
/ usr/ bin/ which: no haproxy in ( / usr/ local/ sbin: / usr/ local/ bin: / usr/ sbin: / usr/ bin: / root/ bin)
[root@haproxy haproxy]# ln - s / usr/ local/ haproxy/ sbin/ haproxy / usr/ sbin/
[root@haproxy haproxy]# which haproxy/ usr/ sbin/ haproxy
[root@haproxy haproxy]#
3. 配置各个负载的内核参数
[root@haproxy ~]# vim / etc/ sysctl.conf
[root@haproxy ~]# sysctl - p
net.ipv4.ip_nonlocal_bind = 1 / / ip 绑定非本地地址,打开,能够用没有配置当期主机的ip
net.ipv4.ip_forward = 1 / / ip 转发功能
[root@haproxy ~]#
4. 提供配置文件
[root@haproxy ~]# cd haproxy- 2.7 - dev0/
[root@haproxy haproxy- 2.7 - dev0]# ls examples/
basic- config- edge.cfg quick- test.cfg
content- sw- sample.cfg socks4.cfg
errorfiles transparent_proxy.cfg
haproxy.init wurfl- example.cfg
option - http_proxy.cfg
[root@haproxy haproxy- 2.7 - dev0]#
maxconn:连接数
[root@haproxy ~]# mkdir - p / etc/ haproxy
[root@haproxy ~]# cd / etc/ haproxy
[root@haproxy haproxy]# vim haproxy.cfg
[root@haproxy haproxy]# cat haproxy.cfg
#- - - - - - - - - - - - - - 全局配置- - - - - - - - - - - - - - - -
global
log 127.0 .0 .1 local0 info
#log loghost local0 info
maxconn 20480
#chroot / usr/ local/ haproxy
pidfile / var/ run / haproxy.pid
#maxconn 4000
user haproxy
group haproxy
daemon
#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
defaults
mode http
log global
option dontlognull
option httpclose
option httplog
#option forwardfor
option redispatch
balance roundrobin
timeout connect 10 s
timeout client 10 s
timeout server 10 s
timeout check 10 s
maxconn 60000
retries 3
#- - - - - - - - - - - - - - 统计页面配置- - - - - - - - - - - - - - - - - -
listen admin_stats
bind 0.0 .0 .0 : 8189
stats enable
mode http
log global
stats uri / haproxy_stats
stats realm Haproxy\ Statistics
stats auth admin: admin
#stats hide- version
stats admin if TRUE
stats refresh 30 s
#- - - - - - - - - - - - - - - web设置- - - - - - - - - - - - - - - - - - - - - - -
listen webcluster
bind 0.0 .0 .0 : 80
mode http
#option httpchk GET / index.html
log global
maxconn 3000
balance roundrobin
cookie SESSION_COOKIE insert indirect nocache
server web01 192.168 .232 .134 : 80 check inter 2000 fall 5
server web02 192.168 .232 .128 : 80 check inter 2000 fall 5
#server web01 192.168 .80 .102 : 80 cookie web01 check inter 2000 fall 5
[root@haproxy haproxy]#
5. 启用日志
[root@haproxy ~]# systemctl enable - - now rsyslog
[root@haproxy ~]# vim / etc/ rsyslog.conf
[root@haproxy ~]# cat / etc/ rsyslog.conf|grep / var/ log / haproxy.log
local0.* / var/ log / haproxy.log
[root@haproxy ~]# systemctl restart rsyslog
6. haproxy.service文件编写
[root@haproxy ~]# vim / usr/ lib/ systemd/ system / haproxy.service
[root@haproxy ~]# cat / usr/ lib/ systemd/ system / haproxy.service
[Unit]
Description= HAProxy Load Balancer
After= syslog.target network.target
[Service]
ExecStartPre= / usr/ local/ haproxy/ sbin/ haproxy - f / etc/ haproxy/ haproxy.cfg - c - q
ExecStart= / usr/ local/ haproxy/ sbin/ haproxy - Ws - f / etc/ haproxy/ haproxy.cfg - p / var/ run / haproxy.pid
ExecReload= / bin/ kill - USR2
[Install]
WantedBy= multi- user.target
[root@haproxy ~]# systemctl daemon- reload
[root@haproxy ~]#
- f 指定配置文件
- c 检查
- q 静默模式
- p 指定pid
7. 启动服务
[root@haproxy ~]# ss - antl
State Recv- Q Send- Q Local Address: Port Peer Address: Port Process
LISTEN 0 128 0.0 .0 .0 : 22 0.0 .0 .0 : *
LISTEN 0 128 [: : ]: 22 [: : ]: *
[root@haproxy ~]# systemctl enable - - now haproxy
Created symlink / etc/ systemd/ system / multi- user.target.wants/ haproxy.service 鈫� / usr/ lib/ systemd/ system / haproxy.service.
[root@haproxy ~]# ss - antl
State Recv- Q Send- Q Local Address: Port Peer Address: Port Process
LISTEN 0 128 0.0 .0 .0 : 80 0.0 .0 .0 : *
LISTEN 0 128 0.0 .0 .0 : 22 0.0 .0 .0 : *
LISTEN 0 128 0.0 .0 .0 : 8189 0.0 .0 .0 : *
LISTEN 0 128 [: : ]: 22 [: : ]: *
[root@haproxy ~]#
8. 访问
8.1 192.168.232.132
8.2 访问界面
[root@RS1 ~]# systemctl stop httpd