HAproxy详解(1)

 

实验环境:
node3  varnish服务器: ens192 192.168.170.10  
                                         ens224 192.168.10.254
node1  backend server 1:192.168.10.10          
node2  backend server 2:192.168.10.11

 

 

示例1: 

[root@node1 ~]# vi /etc/rsyslog.conf
$ModLoad imudp  监听udp协议
$UDPServerRun 514  监听514端口

local2.*  /var/log/haproxy.log

[root@node1 ~]# systemctl restart rsyslog.service 
[root@node1 ~]# ss -tunlp | grep 514  日志功能生效

安装haproxy并启动
[root@node1 ~]# yum -y install haproxy
[root@node1 ~]# systemctl start haproxy
[root@node1 ~]# rpm -ql haproxy

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
	frontend web
	bind *:80
	default_backend     websrvs

	backend websrvs
	balance roundrobin
	server srv1 172.16.100.6:80 check
	server srv2 172.16.100.7:80 check	


:.,$s@[^{^#]@#$@g    从光标指定的当前行到最后一行没有#的行,在行首添加#
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp



node2 backend server 2

[root@node2 ~]# yum -y install httpd
[root@node2 ~]# vi /etc/www/html/index.html
<h1>Backend Server 2</h1>

yum -y install ab
ab -c 10 -n 1000000 http://172.16.0.67

node3 backend serve:3

[root@node3 ~]# yum -y install httpd
[root@node3 ~]# vi /etc/www/html/index.html
<h1>Backend Server3</h1>


客户端:
for i in {1..10}; do curl http://ip/; done

示例2: 

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web
	bind *:8
	default_backend     websrvs

backend websrvs
	balance uri
	server srv1 172.16.100.6:80 check maxconn 3
	server srv2 172.16.100.7:80 check
	hash-type consistent
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp


[root@node2 ~]# cd /var/www/html
[root@node2 ~]# for i in {1..10}; do echo "Test Page $i @BES 1"> test$i.html; done

[root@node3 ~]# cd /var/www/html
[root@node3 ~]# for i in {1..10}; do echo "Test Page $i @BES 2"> test$i.html; done


测试:
for i in {1..10}; do curl http://172.16.0.67/test1.html; done

示例3:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web
	bind *:8
	default_backend     websrvs

backend websrvs
	balance hdr(User-Agent)
	server srv1 172.16.100.6:80 check maxconn 3
	server srv2 172.16.100.7:80 check
	hash-type consistent
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp

 示例4:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web
	bind *:8
	compression algo gzip
	compression type text/html text/plain application/xml application/javascript
	default_backend     websrvs

backend websrvs
	balance roundrobin
	server srv1 172.16.100.6:80 check maxconn 3
	server srv2 172.16.100.7:80 check backup

[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp

[root@node2~]# cp /var/log/httpd/access_log /var/www/html/log.txt

[root@node3 ~]# cp /var/log/httpd/access_log /var/www/html/log.txt

客户端浏览器:http://172.16.0.67 or http://172.16.0.67/log.txt 是否压缩

示例5: 

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web
	bind *:8
	compression algo gzip
	compression type text/html text/plain application/xml application/javascript
	default_backend     websrvs

backend websrvs
	balance roundrobin
	option httpchk GET /test1.html HTTP/1.0
	server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 
	server srv2 172.16.100.7:80 check backup
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp



node2
[root@node2 ~]# tail /var/log/httpd/access_log  有健康状态检查log信息

示例6:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web
	bind *:8
	compression algo gzip
	compression type text/html text/plain application/xml application/javascript
	default_backend     websrvs

backend websrvs
	balance roundrobin
	#option httpchk GET /test1.html HTTP/1.0
	server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2  redir http://www.baidu.com/
	server srv2 172.16.100.7:80 check backup
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp

浏览器访问:http://172.16.0.67  发现重定向到百度

示例7:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web
	bind *:8
	compression algo gzip
	compression type text/html text/plain application/xml application/javascript
	default_backend     websrvs

backend websrvs
	balance roundrobin
	#option httpchk GET /test1.html HTTP/1.0
	server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2  weight2
	server srv2 172.16.100.7:80 check weight 1
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp

客户端:命令行输入 2:1
for i in {1..10}; do curl http://172.16.0.67/test1.html; done

示例8:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web
	bind *:80
	compression algo gzip
	compression type text/html text/plain application/xml application/javascript
	default_backend     websrvs

backend websrvs
	balance roundrobin
	state enable 
	#option httpchk GET /test1.html HTTP/1.0
	server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2  weight2
	server srv2 172.16.100.7:80 check weight 1
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp


浏览器输入:http://172.16.0.67/haproxy?/stats

示例9:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web
	bind *:80
	state enable 
	state realm "HAProxy State Page" 
	state uri /myproxy?admin
	stats auth admin:admin
	stats admin if TRUE
	compression algo gzip
	compression type text/html text/plain application/xml application/javascript
	default_backend     websrvs

backend websrvs
	balance roundrobin
	#option httpchk GET /test1.html HTTP/1.0
	server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2  weight2
	server srv2 172.16.100.7:80 check weight 1
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp

示例10:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
	compression algo gzip
	compression type text/html text/plain application/xml application/javascript
	default_backend     websrvs

backend websrvs
	balance roundrobin
	option httpchk  做七层检查,如果不加是四层检测
	server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2  weight2
	server srv2 172.16.100.7:80 check weight 1
listen stats
	bind :9099
	stats enable
	state uri /myproxy?admin
	stats realm HAPorxy\ Stats\ Page
	stats auth admin:admin
	stats admin if TRUE
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp

浏览器输入:http://172.16.0.67:9099/myproxy?admin  正常



示例11:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
	compression algo gzip
	compression type text/html text/plain application/xml application/javascript
	default_backend     websrvs

backend websrvs
	balance roundrobin
	option httpchk  做七层检查,如果不加是四层检测
	server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2  weight2
	server srv2 172.16.100.7:80 check weight 1
listen stats
	bind :9099
	stats enable
	state uri /myproxy?admin
	stats realm HAPorxy\ Stats\ Page
	stats auth admin:admin
	stats admin if TRUE

listen sshsrvs
	bind *:22022
	balance leastconn
	mode tcp
	server sshsrv1 172.16.100.6:22 check
	server sshsrv2 172.16.100.7:22 check	
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp

客户端:ssh root@172.16.0.67 -p 22022 连接
ssh root@172.16.0.67 -p 22022 再连接

示例12:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
	compression algo gzip
	compression type text/html text/plain application/xml application/javascript
	default_backend     websrvs

backend websrvs
	balance roundrobin
	cookie WEBSRV insert nocache indirect
	server srv1 172.16.100.6:80 weight 2 check rise 1 fall 2 maxconn 3000 cookie srv1
	server srv2 172.16.100.7:80 weight 1 check rise 1 fall 2 maxconn 3000 cookie srv2option httpchk
	server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2  weight2
	server srv2 172.16.100.7:80 check weight 1
listen stats
	bind :9099
	stats enable
	state uri /myproxy?admin
	stats realm HAPorxy\ Stats\ Page
	stats auth admin:admin
	stats admin if TRUE	
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80

浏览器:http://172.160.67/test3.html   http://172.160.67/test7.html 请求报文srv=srv1

示例13:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
default
	option forwarddor except 127.0.0.0/8 if-none
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80


[root@node2 ~]# vi /etc/httpd/httpd.conf
 LogFormat "%{X-Forwarded-For}i
[root@node1 ~]# systemctl restart httpd

浏览器:http://172.160.67/test3.html 可看到响应的是backend server

示例14:

[root@node1 ~]# mkdir /etc/proxy/errorfiles
vi /etc/proxy/errorfiles/403.html
forbiden

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
	compression algo gzip
	compression type text/html text/plain application/xml application/javascript
	errorfile 403 /etc/haproxy/errorfiles/403.html
	errorloc 403 http://172.16.0.67:10080/errorloc/403.html	
	default_backend     websrvs

backend websrvs
	balance roundrobin
	cookie WEBSRV insert nocache indirect
	server srv1 172.16.100.6:80 weight 2 check rise 1 fall 2 maxconn 3000 cookie srv1
	server srv2 172.16.100.7:80 weight 1 check rise 1 fall 2 maxconn 3000 cookie srv2option httpchk
	server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2  weight2
	server srv2 172.16.100.7:80 check weight 1

listen stats
	bind :9099
	stats enable
	state uri /myproxy?admin
	stats realm HAPorxy\ Stats\ Page
	stats auth admin:admin
	stats admin if TRUE	
[root@node1 ~]# yum -y install nginx
[root@node1 ~]# vi /etc/nginx/conf.d/errorfile.conf
server {
		listen 10080;
		server_name error.magedu.com;
		root /data/nginx/html;
}
[root@node1 ~]# mkdir -pv /etc/nginx/html/errorloc
[root@node1 ~]# vi /etc/nginx/html/errorloc/403.html
403 from nginx
[root@node1 ~]# systemctl restart nginx
[root@node1 ~]# vi /etc/nginx/nginx.conf
server {
	listen 8089 default_server;
}
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80



浏览器:http://172.160.67/test3.html   http://172.160.67/test7.html 请求报文srv=srv1

示例15:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
	compression algo gzip
	compression type text/html text/plain application/xml application/javascript
	errorfile 403 /etc/haproxy/errorfiles/403.html
	errorloc 403 http://172.16.0.67:10080/errorloc/403.html	
	reqadd -X Proxy-By:\ HAProxy
	rsqadd -X Proxy-By:\ HAProxy-1.5
	default_backend     websrvs
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80

[root@node2 ~]# vi /etc/httpd/httpd.conf
 LogFormat "%{X Proxy-By}i
[root@node2 ~]# tail /var/log/message

示例16:

示例14:添加请求首部
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
	compression algo gzip
	compression type text/html text/plain application/xml application/javascript
	errorfile 403 /etc/haproxy/errorfiles/403.html
	errorloc 403 http://172.16.0.67:10080/errorloc/403.html	
	reqadd -X Proxy-By:\ HAProxy
	rspadd -X Proxy-By:\ HAProxy-1.5
	rspdel -X Proxy-By:.*
	default_backend     websrvs
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80

浏览器输入:http://172.16.0.67/test1.html 响应首部带haproxy

示例17:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
listen stats
	bind :9099
	acl allowstats src 172.16.0.67
	block if ! allowstats
	errorloc 403 http://172.16.0.67:10080/errorloc/403.html
	stats enable
	state uri /myproxy?admin
	stats realm HAPorxy\ Stats\ Page
	stats auth admin:admin
	stats admin if TRUE	
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80

浏览器输入:http://172.16.0.67:9099/myproxy?admin 正常
相反去掉!重启服务 http://172.16.0.67:10080/errorloc/403.html 自定义错误页

示例18:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
listen stats
	bind :9099
	http-request allow if allowstats
	acl allowstats src 172.16.0.67
	stats enable
	state uri /myproxy?admin
	stats realm HAPorxy\ Stats\ Page
	stats auth admin:admin
	stats admin if TRUE	
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80
客户端访问:
[root@node2 ~]# curl --basic --user admin:admin http://172.16.0.67:9099/myproxy?admin 正常访问

示例19:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
listen stats
	bind :9099
	acl all src 0.0.0.0/0.0.0.0
	acl allowstats src 172.16.0.67
	http-request allow if allowstats
	http-request deny if all
	stats enable
	state uri /myproxy?admin
	stats realm HAPorxy\ Stats\ Page
	stats auth admin:admin
	stats admin if TRUE	
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80
客户端访问:
[root@node2 ~]# curl --basic --user admin:admin http://172.16.0.67:9099/myproxy?admin 无法正常访问

示例20:

node2
[root@node2 ~]# yum -y install php
[root@node2 ~]# mkdir /data/web/vhost{1,2} -pv
[root@node2 ~]# vi /data/web/vhost1/info.php
<h1>Application Server 1 </h1>
?php>
	phpinfo();
?>
[root@node2 ~]# cp /data/web/vhost{1,2}/info.php
[root@node2 ~]# vi /data/web/vhost2/info.php
<h1>Application Server 2 </h1>
?php>
	phpinfo();
?>
[root@node2 ~]#vi /etc/httpd/conf.d/vhost1.conf
<VirtualHost*:80>
	ServerName www1.magedu.com
	DocumentRoot "/data/web/vhost1"
	<Dirctory "/data/web/vhost1">
		Options FollowSymLinks
		AllowOverride None
		Require all granted
	</Directory>
</Virtualhost>
[root@node2 ~]#cp /etc/httpd/conf.d/vhost1.conf /etc/httpd/conf.d/vhost2.conf
[root@node2 ~]#vi /etc/httpd/conf.d/vhost2.conf
listen :8080
<VirtualHost*:8080>
	ServerName www1.magedu.com
	DocumentRoot "/data/web/vhost1"
	<Dirctory "/data/web/vhost1">
		Options FollowSymLinks
		AllowOverride None
		Require all granted
	</Directory>
</Virtualhost>
[root@node2 ~]# systemctl restart httpd
[root@node2 ~]# ss tunlp


测试:http://172.16.0.68:80/info.php
http://172.16.0.68:8080/info.php
node3
[root@node3 ~]# mkdir /data/web/vhost{1,2} -pv
[root@node3 ~]# cd /data/web/vhost1/
[root@node3 ~]# 
[root@node3 ~]# vi /data/web/vhost1/test.txt
Image Server 1
[root@node3 ~]# vi /data/web/vhost2/test.txt
Image Server 2

[root@node2 ~]# scp /etc/httpd/conf.d/vhost* 172.16.0.69:/etc/httpd/conf.d/
测试:
http://172.16.0.69:80/test.txt
http://172.16.0.69:8080/test.txt


node1 配置
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
	compression algo gzip
	compression type text/html text/plain application/xml application/javascript
	errorfile 403 /etc/haproxy/errorfiles/403.html
	errorloc 403 http://172.16.0.67:10080/errorloc/403.html	
	reqadd -X Proxy-By:\ HAProxy
	rspadd -X Proxy-By:\ HAProxy-1.5
	rspidel -X ^Server:.*
	acl static path_end .jpg .jpeg .gif .txt .html .css .javascript .js
	acl static path_beg /imgs /images /css /javascripts
	use _backend staticsrvs if static
	default_backend     dynsrvs

backend dynsrvs
	cookie SRV insert indirect nocache
	balance roundrobin
	option httpchk
	server dynsrv1 172.16.100.6:80 check cookie dynsrv1
	server dynsrv2 172.16.100.7:8080 check cookie dynsrv2

backend staticsrvs
	balance roundrobin
	server staticsrv1 172.16.100.6:80 check
	server staticsrv2 172.16.100.7:8080 check

listen stats
	bind :9099
	stats enable
	state uri /myproxy?admin
	stats realm HAPorxy\ Stats\ Page
	stats auth admin:admin
	stats admin if TRUE
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp

浏览器输入:http://172.16.0.67/info.php   正常
http://172.16.0.67/test.txt 正常
http://172.16.0.67/ski.jgp 正常

示例21:

示例21:拒绝curl访问
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
	compression algo gzip
	compression type text/html text/plain application/xml application/javascript
	errorfile 403 /etc/haproxy/errorfiles/403.html
	errorloc 403 http://172.16.0.67:10080/errorloc/403.html	
	reqadd -X Proxy-By:\ HAProxy
	rspadd -X Proxy-By:\ HAProxy-1.5
	rspidel -X ^Server:.*
	acl static path_end .jpg .jpeg .gif .txt .html .css .javascript .js
	acl static path_beg /imgs /images /css /javascripts
	acl bad_browsers hdr_reg(User-Agent) .*curl.*
	block if bad_browsers
	use _backend staticsrvs if static
	default_backend     dynsrvs
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp

浏览器输入http://172.16.0.67/test.txt 正常
curl http://172.16.0.67/test.txt 无显示

示例22:

示例23:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
	compression algo gzip
	compression type text/html text/plain application/xml application/javascript
	errorfile 403 /etc/haproxy/errorfiles/403.html
	errorloc 403 http://172.16.0.67:10080/errorloc/403.html	
	reqadd -X Proxy-By:\ HAProxy
	rspadd -X Proxy-By:\ HAProxy-1.5
	rspidel -X ^Server:.*
	acl static path_end .jpg .jpeg .gif .txt .html .css .javascript .js
	acl static path_beg /imgs /images /css /javascripts
	acl valid_referers hdr_reg(Referer) \.magedu\.com
	block unless valid_referers
	use _backend staticsrvs if static
	default_backend     dynsrvs


客户端使用curl命令
curl -e "http://www.magedu.com/admin.php" http://172.16.0.67/test.txt

正在完善中请见谅!

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值