实验环境:
node3 varnish服务器: ens192 192.168.170.10
ens224 192.168.10.254
node1 backend server 1:192.168.10.10
node2 backend server 2:192.168.10.11
示例1:
[root@node1 ~]# vi /etc/rsyslog.conf
$ModLoad imudp 监听udp协议
$UDPServerRun 514 监听514端口
local2.* /var/log/haproxy.log
[root@node1 ~]# systemctl restart rsyslog.service
[root@node1 ~]# ss -tunlp | grep 514 日志功能生效
安装haproxy并启动
[root@node1 ~]# yum -y install haproxy
[root@node1 ~]# systemctl start haproxy
[root@node1 ~]# rpm -ql haproxy
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web
bind *:80
default_backend websrvs
backend websrvs
balance roundrobin
server srv1 172.16.100.6:80 check
server srv2 172.16.100.7:80 check
:.,$s@[^{^#]@#$@g 从光标指定的当前行到最后一行没有#的行,在行首添加#
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp
node2 backend server 2
[root@node2 ~]# yum -y install httpd
[root@node2 ~]# vi /etc/www/html/index.html
<h1>Backend Server 2</h1>
yum -y install ab
ab -c 10 -n 1000000 http://172.16.0.67
node3 backend serve:3
[root@node3 ~]# yum -y install httpd
[root@node3 ~]# vi /etc/www/html/index.html
<h1>Backend Server3</h1>
客户端:
for i in {1..10}; do curl http://ip/; done
示例2:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web
bind *:8
default_backend websrvs
backend websrvs
balance uri
server srv1 172.16.100.6:80 check maxconn 3
server srv2 172.16.100.7:80 check
hash-type consistent
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp
[root@node2 ~]# cd /var/www/html
[root@node2 ~]# for i in {1..10}; do echo "Test Page $i @BES 1"> test$i.html; done
[root@node3 ~]# cd /var/www/html
[root@node3 ~]# for i in {1..10}; do echo "Test Page $i @BES 2"> test$i.html; done
测试:
for i in {1..10}; do curl http://172.16.0.67/test1.html; done
示例3:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web
bind *:8
default_backend websrvs
backend websrvs
balance hdr(User-Agent)
server srv1 172.16.100.6:80 check maxconn 3
server srv2 172.16.100.7:80 check
hash-type consistent
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp
示例4:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web
bind *:8
compression algo gzip
compression type text/html text/plain application/xml application/javascript
default_backend websrvs
backend websrvs
balance roundrobin
server srv1 172.16.100.6:80 check maxconn 3
server srv2 172.16.100.7:80 check backup
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp
[root@node2~]# cp /var/log/httpd/access_log /var/www/html/log.txt
[root@node3 ~]# cp /var/log/httpd/access_log /var/www/html/log.txt
客户端浏览器:http://172.16.0.67 or http://172.16.0.67/log.txt 是否压缩
示例5:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web
bind *:8
compression algo gzip
compression type text/html text/plain application/xml application/javascript
default_backend websrvs
backend websrvs
balance roundrobin
option httpchk GET /test1.html HTTP/1.0
server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2
server srv2 172.16.100.7:80 check backup
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp
node2
[root@node2 ~]# tail /var/log/httpd/access_log 有健康状态检查log信息
示例6:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web
bind *:8
compression algo gzip
compression type text/html text/plain application/xml application/javascript
default_backend websrvs
backend websrvs
balance roundrobin
#option httpchk GET /test1.html HTTP/1.0
server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 redir http://www.baidu.com/
server srv2 172.16.100.7:80 check backup
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp
浏览器访问:http://172.16.0.67 发现重定向到百度
示例7:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web
bind *:8
compression algo gzip
compression type text/html text/plain application/xml application/javascript
default_backend websrvs
backend websrvs
balance roundrobin
#option httpchk GET /test1.html HTTP/1.0
server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 weight2
server srv2 172.16.100.7:80 check weight 1
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp
客户端:命令行输入 2:1
for i in {1..10}; do curl http://172.16.0.67/test1.html; done
示例8:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web
bind *:80
compression algo gzip
compression type text/html text/plain application/xml application/javascript
default_backend websrvs
backend websrvs
balance roundrobin
state enable
#option httpchk GET /test1.html HTTP/1.0
server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 weight2
server srv2 172.16.100.7:80 check weight 1
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp
浏览器输入:http://172.16.0.67/haproxy?/stats
示例9:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web
bind *:80
state enable
state realm "HAProxy State Page"
state uri /myproxy?admin
stats auth admin:admin
stats admin if TRUE
compression algo gzip
compression type text/html text/plain application/xml application/javascript
default_backend websrvs
backend websrvs
balance roundrobin
#option httpchk GET /test1.html HTTP/1.0
server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 weight2
server srv2 172.16.100.7:80 check weight 1
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp
示例10:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
compression algo gzip
compression type text/html text/plain application/xml application/javascript
default_backend websrvs
backend websrvs
balance roundrobin
option httpchk 做七层检查,如果不加是四层检测
server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 weight2
server srv2 172.16.100.7:80 check weight 1
listen stats
bind :9099
stats enable
state uri /myproxy?admin
stats realm HAPorxy\ Stats\ Page
stats auth admin:admin
stats admin if TRUE
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp
浏览器输入:http://172.16.0.67:9099/myproxy?admin 正常
示例11:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
compression algo gzip
compression type text/html text/plain application/xml application/javascript
default_backend websrvs
backend websrvs
balance roundrobin
option httpchk 做七层检查,如果不加是四层检测
server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 weight2
server srv2 172.16.100.7:80 check weight 1
listen stats
bind :9099
stats enable
state uri /myproxy?admin
stats realm HAPorxy\ Stats\ Page
stats auth admin:admin
stats admin if TRUE
listen sshsrvs
bind *:22022
balance leastconn
mode tcp
server sshsrv1 172.16.100.6:22 check
server sshsrv2 172.16.100.7:22 check
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp
客户端:ssh root@172.16.0.67 -p 22022 连接
ssh root@172.16.0.67 -p 22022 再连接
示例12:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
compression algo gzip
compression type text/html text/plain application/xml application/javascript
default_backend websrvs
backend websrvs
balance roundrobin
cookie WEBSRV insert nocache indirect
server srv1 172.16.100.6:80 weight 2 check rise 1 fall 2 maxconn 3000 cookie srv1
server srv2 172.16.100.7:80 weight 1 check rise 1 fall 2 maxconn 3000 cookie srv2option httpchk
server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 weight2
server srv2 172.16.100.7:80 check weight 1
listen stats
bind :9099
stats enable
state uri /myproxy?admin
stats realm HAPorxy\ Stats\ Page
stats auth admin:admin
stats admin if TRUE
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80
浏览器:http://172.160.67/test3.html http://172.160.67/test7.html 请求报文srv=srv1
示例13:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
default
option forwarddor except 127.0.0.0/8 if-none
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80
[root@node2 ~]# vi /etc/httpd/httpd.conf
LogFormat "%{X-Forwarded-For}i
[root@node1 ~]# systemctl restart httpd
浏览器:http://172.160.67/test3.html 可看到响应的是backend server
示例14:
[root@node1 ~]# mkdir /etc/proxy/errorfiles
vi /etc/proxy/errorfiles/403.html
forbiden
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
compression algo gzip
compression type text/html text/plain application/xml application/javascript
errorfile 403 /etc/haproxy/errorfiles/403.html
errorloc 403 http://172.16.0.67:10080/errorloc/403.html
default_backend websrvs
backend websrvs
balance roundrobin
cookie WEBSRV insert nocache indirect
server srv1 172.16.100.6:80 weight 2 check rise 1 fall 2 maxconn 3000 cookie srv1
server srv2 172.16.100.7:80 weight 1 check rise 1 fall 2 maxconn 3000 cookie srv2option httpchk
server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 weight2
server srv2 172.16.100.7:80 check weight 1
listen stats
bind :9099
stats enable
state uri /myproxy?admin
stats realm HAPorxy\ Stats\ Page
stats auth admin:admin
stats admin if TRUE
[root@node1 ~]# yum -y install nginx
[root@node1 ~]# vi /etc/nginx/conf.d/errorfile.conf
server {
listen 10080;
server_name error.magedu.com;
root /data/nginx/html;
}
[root@node1 ~]# mkdir -pv /etc/nginx/html/errorloc
[root@node1 ~]# vi /etc/nginx/html/errorloc/403.html
403 from nginx
[root@node1 ~]# systemctl restart nginx
[root@node1 ~]# vi /etc/nginx/nginx.conf
server {
listen 8089 default_server;
}
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80
浏览器:http://172.160.67/test3.html http://172.160.67/test7.html 请求报文srv=srv1
示例15:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
compression algo gzip
compression type text/html text/plain application/xml application/javascript
errorfile 403 /etc/haproxy/errorfiles/403.html
errorloc 403 http://172.16.0.67:10080/errorloc/403.html
reqadd -X Proxy-By:\ HAProxy
rsqadd -X Proxy-By:\ HAProxy-1.5
default_backend websrvs
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80
[root@node2 ~]# vi /etc/httpd/httpd.conf
LogFormat "%{X Proxy-By}i
[root@node2 ~]# tail /var/log/message
示例16:
示例14:添加请求首部
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
compression algo gzip
compression type text/html text/plain application/xml application/javascript
errorfile 403 /etc/haproxy/errorfiles/403.html
errorloc 403 http://172.16.0.67:10080/errorloc/403.html
reqadd -X Proxy-By:\ HAProxy
rspadd -X Proxy-By:\ HAProxy-1.5
rspdel -X Proxy-By:.*
default_backend websrvs
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80
浏览器输入:http://172.16.0.67/test1.html 响应首部带haproxy
示例17:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
listen stats
bind :9099
acl allowstats src 172.16.0.67
block if ! allowstats
errorloc 403 http://172.16.0.67:10080/errorloc/403.html
stats enable
state uri /myproxy?admin
stats realm HAPorxy\ Stats\ Page
stats auth admin:admin
stats admin if TRUE
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80
浏览器输入:http://172.16.0.67:9099/myproxy?admin 正常
相反去掉!重启服务 http://172.16.0.67:10080/errorloc/403.html 自定义错误页
示例18:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
listen stats
bind :9099
http-request allow if allowstats
acl allowstats src 172.16.0.67
stats enable
state uri /myproxy?admin
stats realm HAPorxy\ Stats\ Page
stats auth admin:admin
stats admin if TRUE
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80
客户端访问:
[root@node2 ~]# curl --basic --user admin:admin http://172.16.0.67:9099/myproxy?admin 正常访问
示例19:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
listen stats
bind :9099
acl all src 0.0.0.0/0.0.0.0
acl allowstats src 172.16.0.67
http-request allow if allowstats
http-request deny if all
stats enable
state uri /myproxy?admin
stats realm HAPorxy\ Stats\ Page
stats auth admin:admin
stats admin if TRUE
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80
客户端访问:
[root@node2 ~]# curl --basic --user admin:admin http://172.16.0.67:9099/myproxy?admin 无法正常访问
示例20:
node2
[root@node2 ~]# yum -y install php
[root@node2 ~]# mkdir /data/web/vhost{1,2} -pv
[root@node2 ~]# vi /data/web/vhost1/info.php
<h1>Application Server 1 </h1>
?php>
phpinfo();
?>
[root@node2 ~]# cp /data/web/vhost{1,2}/info.php
[root@node2 ~]# vi /data/web/vhost2/info.php
<h1>Application Server 2 </h1>
?php>
phpinfo();
?>
[root@node2 ~]#vi /etc/httpd/conf.d/vhost1.conf
<VirtualHost*:80>
ServerName www1.magedu.com
DocumentRoot "/data/web/vhost1"
<Dirctory "/data/web/vhost1">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</Virtualhost>
[root@node2 ~]#cp /etc/httpd/conf.d/vhost1.conf /etc/httpd/conf.d/vhost2.conf
[root@node2 ~]#vi /etc/httpd/conf.d/vhost2.conf
listen :8080
<VirtualHost*:8080>
ServerName www1.magedu.com
DocumentRoot "/data/web/vhost1"
<Dirctory "/data/web/vhost1">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</Virtualhost>
[root@node2 ~]# systemctl restart httpd
[root@node2 ~]# ss tunlp
测试:http://172.16.0.68:80/info.php
http://172.16.0.68:8080/info.php
node3
[root@node3 ~]# mkdir /data/web/vhost{1,2} -pv
[root@node3 ~]# cd /data/web/vhost1/
[root@node3 ~]#
[root@node3 ~]# vi /data/web/vhost1/test.txt
Image Server 1
[root@node3 ~]# vi /data/web/vhost2/test.txt
Image Server 2
[root@node2 ~]# scp /etc/httpd/conf.d/vhost* 172.16.0.69:/etc/httpd/conf.d/
测试:
http://172.16.0.69:80/test.txt
http://172.16.0.69:8080/test.txt
node1 配置
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
compression algo gzip
compression type text/html text/plain application/xml application/javascript
errorfile 403 /etc/haproxy/errorfiles/403.html
errorloc 403 http://172.16.0.67:10080/errorloc/403.html
reqadd -X Proxy-By:\ HAProxy
rspadd -X Proxy-By:\ HAProxy-1.5
rspidel -X ^Server:.*
acl static path_end .jpg .jpeg .gif .txt .html .css .javascript .js
acl static path_beg /imgs /images /css /javascripts
use _backend staticsrvs if static
default_backend dynsrvs
backend dynsrvs
cookie SRV insert indirect nocache
balance roundrobin
option httpchk
server dynsrv1 172.16.100.6:80 check cookie dynsrv1
server dynsrv2 172.16.100.7:8080 check cookie dynsrv2
backend staticsrvs
balance roundrobin
server staticsrv1 172.16.100.6:80 check
server staticsrv2 172.16.100.7:8080 check
listen stats
bind :9099
stats enable
state uri /myproxy?admin
stats realm HAPorxy\ Stats\ Page
stats auth admin:admin
stats admin if TRUE
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp
浏览器输入:http://172.16.0.67/info.php 正常
http://172.16.0.67/test.txt 正常
http://172.16.0.67/ski.jgp 正常
示例21:
示例21:拒绝curl访问
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
compression algo gzip
compression type text/html text/plain application/xml application/javascript
errorfile 403 /etc/haproxy/errorfiles/403.html
errorloc 403 http://172.16.0.67:10080/errorloc/403.html
reqadd -X Proxy-By:\ HAProxy
rspadd -X Proxy-By:\ HAProxy-1.5
rspidel -X ^Server:.*
acl static path_end .jpg .jpeg .gif .txt .html .css .javascript .js
acl static path_beg /imgs /images /css /javascripts
acl bad_browsers hdr_reg(User-Agent) .*curl.*
block if bad_browsers
use _backend staticsrvs if static
default_backend dynsrvs
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp
浏览器输入http://172.16.0.67/test.txt 正常
curl http://172.16.0.67/test.txt 无显示
示例22:
示例23:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80
compression algo gzip
compression type text/html text/plain application/xml application/javascript
errorfile 403 /etc/haproxy/errorfiles/403.html
errorloc 403 http://172.16.0.67:10080/errorloc/403.html
reqadd -X Proxy-By:\ HAProxy
rspadd -X Proxy-By:\ HAProxy-1.5
rspidel -X ^Server:.*
acl static path_end .jpg .jpeg .gif .txt .html .css .javascript .js
acl static path_beg /imgs /images /css /javascripts
acl valid_referers hdr_reg(Referer) \.magedu\.com
block unless valid_referers
use _backend staticsrvs if static
default_backend dynsrvs
客户端使用curl命令
curl -e "http://www.magedu.com/admin.php" http://172.16.0.67/test.txt
正在完善中请见谅!