haproxy安装文档
系统环境
[root@haproxy ~]# cat /etc/redhat-release
CentOS release 6.5 (Final)
[root@haproxy ~]# uname -a
Linux haproxy 2.6.32-431.el6.i686 #1 SMP Fri Nov 22 00:26:36 UTC 2013 i686 i686 i386 GNU/Linux
[root@haproxy~]# ifconfig eth0|sed -n "2p"|awk -F "[ :]+" '{print $4}'
192.168.88.72
[root@web1]# ifconfig eth0|awk -F "[ :]+" 'NR==2{print $4}'
192.168.88.73
[root@web2]# ifconfig eth0|grep "inet addr"|sed 's/^.*addr://g'|sed 's/Bcast.*$//g'
192.168.88.74
- http安装
[root@web1 ~]# yum install -y httpd
[root@web2 ~]# yum install -y httpd
提供测试文件
[root@web1 ~]# echo "<h1>web1.test.com</h1>" >>/var/www/html/index.html
[root@web2 ~]# echo "<h1>web2.test.com</h1>" >>/var/www/html/index.html
启动httpd
[root@web1 ~]# service httpd start
正在启动 httpd: [确定]
[root@web2 ~]# service httpd start
正在启动 httpd: [确定]
2.防火墙与SELinux
[root@web1 ~]# service iptables stop
[root@web1 ~]# chkconfig iptables off
[root@web1 ~]# getenforce
Disabled
[root@web2 ~]# service iptables stop
[root@web2 ~]# chkconfig iptables off
[root@web2 ~]# getenforce
Disabled
[root@haproxy ~]# service iptables stop
[root@haproxy ~]# chkconfig iptables off
[root@haproxy ~]# getenforce
Disabled
- 测试
[root@web1 ~]# curl 192.168.88.73
<h1>web1.test.com</h1>
[root@web2 ~]# curl 192.168.88.74
<h1>web2.test.com</h1>
- 安装haproxy
[root@haproxy ~]# yum install -y haproxy
[root@haproxy ~]# rpm -ql haproxy
/etc/haproxy #配置文件目录
/etc/haproxy/haproxy.cfg #配置文件
/etc/logrotate.d/haproxy
/etc/rc.d/init.d/haproxy #启动脚本
/etc/sysconfig/haproxy
/usr/bin/halog
/usr/bin/iprange
/usr/sbin/haproxy #haproxy命令
/usr/share/doc/haproxy-1.5.4
/usr/share/doc/haproxy-1.5.4/CHANGELOG
/usr/share/doc/haproxy-1.5.4/LICENSE
/usr/share/doc/haproxy-1.5.4/README
/usr/share/doc/haproxy-1.5.4/acl-content-sw.cfg
/usr/share/doc/haproxy-1.5.4/acl.fig
/usr/share/doc/haproxy-1.5.4/architecture.txt
/usr/share/doc/haproxy-1.5.4/close-options.txt
/usr/share/doc/haproxy-1.5.4/coding-style.txt
/usr/share/doc/haproxy-1.5.4/configuration.txt
/usr/share/doc/haproxy-1.5.4/content-sw-sample.cfg
/usr/share/doc/haproxy-1.5.4/cookie-options.txt
/usr/share/doc/haproxy-1.5.4/cttproxy-src.cfg
/usr/share/doc/haproxy-1.5.4/design-thoughts
/usr/share/doc/haproxy-1.5.4/design-thoughts/backends-v0.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/backends.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/be-fe-changes.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/binding-possibilities.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/buffer-redesign.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/buffers.fig
/usr/share/doc/haproxy-1.5.4/design-thoughts/config-language.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/connection-reuse.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/cttproxy-changes.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/entities-v2.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/how-it-works.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/http_load_time.url
/usr/share/doc/haproxy-1.5.4/design-thoughts/rate-shaping.txt
/usr/share/doc/haproxy-1.5.4/design-thoughts/sess_par_sec.txt
/usr/share/doc/haproxy-1.5.4/gpl.txt
/usr/share/doc/haproxy-1.5.4/haproxy-en.txt
/usr/share/doc/haproxy-1.5.4/haproxy-fr.txt
/usr/share/doc/haproxy-1.5.4/haproxy.1
/usr/share/doc/haproxy-1.5.4/haproxy.cfg
/usr/share/doc/haproxy-1.5.4/internals
/usr/share/doc/haproxy-1.5.4/internals/acl.txt
/usr/share/doc/haproxy-1.5.4/internals/body-parsing.txt
/usr/share/doc/haproxy-1.5.4/internals/buffer-operations.txt
/usr/share/doc/haproxy-1.5.4/internals/buffer-ops.fig
/usr/share/doc/haproxy-1.5.4/internals/connect-status.txt
/usr/share/doc/haproxy-1.5.4/internals/connection-header.txt
/usr/share/doc/haproxy-1.5.4/internals/connection-scale.txt
/usr/share/doc/haproxy-1.5.4/internals/entities.fig
/usr/share/doc/haproxy-1.5.4/internals/entities.pdf
/usr/share/doc/haproxy-1.5.4/internals/entities.svg
/usr/share/doc/haproxy-1.5.4/internals/entities.txt
/usr/share/doc/haproxy-1.5.4/internals/hashing.txt
/usr/share/doc/haproxy-1.5.4/internals/header-parser-speed.txt
/usr/share/doc/haproxy-1.5.4/internals/header-tree.txt
/usr/share/doc/haproxy-1.5.4/internals/http-cookies.txt
/usr/share/doc/haproxy-1.5.4/internals/http-docs.txt
/usr/share/doc/haproxy-1.5.4/internals/http-parsing.txt
/usr/share/doc/haproxy-1.5.4/internals/naming.txt
/usr/share/doc/haproxy-1.5.4/internals/pattern.dia
/usr/share/doc/haproxy-1.5.4/internals/pattern.pdf
/usr/share/doc/haproxy-1.5.4/internals/polling-states.fig
/usr/share/doc/haproxy-1.5.4/internals/repartition-be-fe-fi.txt
/usr/share/doc/haproxy-1.5.4/internals/sequence.fig
/usr/share/doc/haproxy-1.5.4/internals/stats-v2.txt
/usr/share/doc/haproxy-1.5.4/internals/stream-sock-states.fig
/usr/share/doc/haproxy-1.5.4/internals/todo.cttproxy
/usr/share/doc/haproxy-1.5.4/lgpl.txt
/usr/share/doc/haproxy-1.5.4/proxy-protocol.txt
/usr/share/doc/haproxy-1.5.4/queuing.fig
/usr/share/doc/haproxy-1.5.4/tarpit.cfg
/usr/share/doc/haproxy-1.5.4/url-switching.cfg
/usr/share/haproxy
/usr/share/haproxy/400.http
/usr/share/haproxy/403.http
/usr/share/haproxy/408.http
/usr/share/haproxy/500.http
/usr/share/haproxy/502.http
/usr/share/haproxy/503.http
/usr/share/haproxy/504.http
/usr/share/haproxy/README
/usr/share/man/man1/halog.1.gz
/usr/share/man/man1/haproxy.1.gz #man文档
/var/lib/haproxy
- haproxy命令详解
[root@haproxy ~]# haproxy -h
HA-Proxy version 1.5.4 2014/09/02
Copyright 2000-2014 Willy Tarreau <w@1wt.eu>
Usage : haproxy [-f <cfgfile>]* [ -vdVD ] [ -n <maxconn> ] [ -N <maxpconn> ]
[ -p <pidfile> ] [ -m <max megs> ] [ -C <dir> ]
-v displays version ; -vv shows known build options.
-d enters debug mode ; -db only disables background mode.
-dM[<byte>] poisons memory with <byte> (defaults to 0x50)
-V enters verbose mode (disables quiet mode)
-D goes daemon ; -C changes to <dir> before loading files.
-q quiet mode : don't display messages
-c check mode : only check config files and exit
-n sets the maximum total # of connections (2000)
-m limits the usable amount of memory (in MB)
-N sets the default, per-proxy maximum # of connections (2000)
-L set local peer name (default to hostname)
-p writes pids of all children to this file
-de disables epoll() usage even when available
-dp disables poll() usage even when available
-dS disables splice usage (broken on old kernels)
-dV disables SSL verify on servers side
-sf/-st [pid ]* finishes/terminates old pids. Must be last arguments.
haproxy [-f < 配置文件>] [ -vdVD ] [-n 最大并发连接总数] [-N 每个侦听的最大并发数]
[ -p <当前的PID文件> ] [-m <内存限制M>]
-v 显示当前版本信息;-vv 显示已知的创建选项
-d 前台,debug模式;-db 禁用后台模式,程序跑在前台
-V 详细模式
-D daemon模式启动
-q 安静模式,不输出信息
-c 对配置文件进行语法检查
-n 最大并发连接总数
-m 限制的可用内存大小
-N 设置默认的连接数
-p 设置当前的PID文件
-de 不使用epoll
-ds 不使用speculative epoll
-dp 不使用poll
-sf 程序启动后向pidlist里的进程发送FINISH信号,这个参数放在命令行的最后
-st 程序启动后向pidlist里的进程发送TERMINATE信号,这个参数放在命令行的最后
7. 查看一下默认配置文件
[root@haproxy ~]# cd /etc/haproxy/
[root@haproxy haproxy]# cat haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt #官方配置文件
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings #全局配置文件
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to: #配置日志
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog #修改syslog配置文件
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog #定义日志设备
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
#全局的日志配置 其中日志级别是[err warning info debug]
#local0 是日志设备,必须为如下24种标准syslog设备的一种:
#kern user mail daemon auth syslog lpr news
#uucp cron auth2 ftp ntp audit alert cron2
#local0 local1 local2 local3 local4 local5 local6 local7
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid #将所有进程的pid写入文件启动进程的用户必须有权限访问此文件。
maxconn 4000 #最大连接数,默认4000
user haproxy #用户
group haproxy #组
daemon ##创建1个进程进入deamon模式运行。此参数要求将运行模式设置为"daemon"
# turn on stats unix socket #unix socket 文件
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block #默认的全局设置,这些参数可以被利用配置到frontend,backend,listen组件
#---------------------------------------------------------------------
defaults
mode http #默认的模式mode { tcp|http|health },tcp是4层,http是7层,health只会返回OK
log global #采用全局定义的日志
option httplog #日志类别http日志格式
option dontlognull #不记录健康检查的日志信息
option http-server-close #每次请求完毕后主动关闭http通道
option forwardfor except 127.0.0.0/8 #不记录本机转发的日志
option redispatch #serverId对应的服务器挂掉后,强制定向到其他健康的服务器
retries 3 #3次连接失败就认为服务不可用,也可以通过后面设置
timeout http-request 10s #请求超时
timeout queue 1m #队列超时
timeout connect 10s #连接超时
timeout client 1m #客户端连接超时
timeout server 1m #服务器连接超时
timeout http-keep-alive 10s #长连接超时
timeout check 10s #检查超时
maxconn 3000 #最大连接数
#---------------------------------------------------------------------
# main frontend which proxys to the backends #frontend 与backends 代理配置
#---------------------------------------------------------------------
frontend main *:5000
#acl策略配置
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static #满足策略要求,则响应策略定义的backend页面
default_backend app #不满足则响应backend的默认页面
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such #定义使用静态后端图像,样式表等
#---------------------------------------------------------------------
backend static
balance roundrobin #负载均衡模式轮询
server static 127.0.0.1:4331 check #服务器定义
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin #负载均衡模式轮询
server app1 127.0.0.1:5001 check #服务器定义,check进行健康检查
server app2 127.0.0.1:5002 check
server app3 127.0.0.1:5003 check
server app4 127.0.0.1:5004 check
- haproxy 案例演示
1.负载均衡Web服务器的案例
注,首先我们来配置一下日志,不然haproxy无法记录日志。
2.配置haproxy日志(注,配置方法配置文件中已说明,我们这里来演示一下。)
(1).修改系统日志的配置文件
[root@haproxy ~]# vim /etc/sysconfig/rsyslog
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
SYSLOGD_OPTIONS="-c 2 -r"
(2).增加日志设备
[root@haproxy ~]# vim /etc/rsyslog.conf
#增加一行
local2.* /var/log/haproxy.log
(3).重新启动一下日志服务
[root@haproxy ~]# service rsyslog restart
关闭系统日志记录器: [确定]
启动系统日志记录器: [确定]
3.修改haproxy配置文件
[root@haproxy haproxy]# cat haproxy.cfg
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 30000
listen stats
mode http
bind 0.0.0.0:1080
stats enable
stats hide-version
stats uri /haproxyadmin?stats
stats realm Haproxy\ Statistics
stats auth admin:admin
stats admin if TRUE
frontend http-in
bind *:80
mode http
log global
option httpclose
option logasap
option dontlognull
capture request header Host len 20
capture request header Referer len 60
default_backend servers
frontend healthcheck
bind :1099
mode http
option httpclose
option forwardfor
default_backend servers
backend servers
balance roundrobin
server websrv1 192.168.88.73:80 check maxconn 2000
server websrv2 192.168.88.74:80 check maxconn 2000
4.查检一下配置文件
[root@haproxy ~]# haproxy -c -f /etc/haproxy/haproxy.cfg
Configuration file is valid
5.启动haproxy
[root@haproxy ~]# service haproxy start
正在启动 haproxy:
6.查看一下端口
[root@haproxy ~]# netstat -ntulp | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3695/haproxy
- 测试
[root@haproxy haproxy]# curl 192.168.88.72
<h1>web1.test.com</h1>
[root@haproxy haproxy]# curl 192.168.88.72
<h1>web2.test.com</h1>
8.配置文件详解
注,现在大家再来看这个配置文件应该就很容易理解了。好了,下面我们来具体说一下。
[root@haproxy ~]# cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Global settings 全局配置
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
#上面的注释是告诉我们怎么配置日志的
log 127.0.0.1 local2 #定义日志
chroot /var/lib/haproxy #安全模式
pidfile /var/run/haproxy.pid #pid文件
maxconn 4000 #最大连接数
user haproxy #用户
group haproxy #组合
daemon
#---------------------------------------------------------------------
# Proxy settings 代理配置,下面全是代理配置
#---------------------------------------------------------------------
defaults #配置默认参数的,这些参数可以被利用配置到frontend,backend,listen组件
mode http #默认的模式mode { tcp|http|health },tcp是4层,http是7层,health只会返回OK(注,health已经废弃)
log global #采用全局定义的日志
option httplog #日志类别http日志格式
option dontlognull #不记录健康检查的日志信息
option http-server-close #每次请求完毕后主动关闭http通道
option forwardfor except 127.0.0.0/8 #不记录本机转发的日志
option redispatch #serverId对应的服务器挂掉后,强制定向到其他健康的服务器
retries 3 #3次连接失败就认为服务不可用,也可以通过后面设置
timeout http-request 10s #请求超时
timeout queue 1m #队列超时
timeout connect 10s #连接超时
timeout client 1m #客户端连接超时
timeout server 1m #服务器连接超时
timeout http-keep-alive 10s #长连接超时
timeout check 10s #检查超时
maxconn 30000 #最大连接数
listen stats #listen是Frontend和Backend的组合体。这里定义的是haproxy监控!
mode http #模式http
bind 0.0.0.0:1080 #绑定的监控ip与端口
stats enable #启用监控
stats hide-version #隐藏haproxy版本
stats uri /haproxyadmin?stats #定义的uri
stats realm Haproxy\ Statistics #定义显示文字
stats auth admin:admin #认证
stats admin if TRUE
frontend http-in #接收请求的前端虚拟节点,Frontend可以根据规则直接指定具体使用后端的 backend(可动态选择)。这里定义的是http服务!
bind *:80 #绑定的监控ip与端口
mode http #模式http
log global #定义日志
option httpclose #每次请求完毕后主动关闭http通道
option logasap #
option dontlognull ##不记录健康检查的日志信息
capture request header Host len 20
capture request header Referer len 60
default_backend servers #定义的默认backend
frontend healthcheck
bind :1099
mode http
option httpclose
option forwardfor
default_backend servers #定义的默认backend
backend servers #后端服务集群的配置,是真实的服务器,一个Backend对应一个或者多个实体服务器。
balance roundrobin #负载均衡方式为轮询
server websrv1 192.168.88.73:80 check maxconn 2000 #定义server,check 健康检查,maxconn 定义最大连接数
server websrv2 192.168.88.74:80 check maxconn 2000
好了,配置文件中的常用关键字参考 blog 中的haproxy 文档
haproxy访问器的监控功能
1.浏览器访问一下
http://192.168.88.72:1080/haproxyadmin?stats
10.模拟故障测试
[root@web1 ~]# service httpd stop
Stopping httpd: [ OK ]