haproxy
如果官方文档进不去就通过github官网搜索haproxy,github官方文档:https://github.com/
安装haproxy
#修改主机名及关闭防火墙和selinux(三台)
[root@localhost ~]# hostnamectl set-hostname DR
[root@localhost ~]# bash
[root@DR ~]# systemctl disable firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR ~]# vim /etc/selinux/config
[root@DR ~]# setenforce 0
[root@localhost ~]# hostnamectl set-hostname RS1
[root@localhost ~]# bash
[root@RS1 ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# vim /etc/selinux/config
[root@RS1 ~]# setenforce 0
[root@localhost ~]# hostnamectl set-hostname RS2
[root@localhost ~]# bash
[root@RS2 ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS2 ~]# vim /etc/selinux/config
[root@RS2 ~]# setenforce 0
#安装包
[root@dr ~]# yum -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel
[root@dr ~]# cd /usr/src/
[root@dr src]# ls
debug kernels
[root@dr src]# ls
debug haproxy-2.4.0.tar.gz kernels
[root@dr src]# tar xf haproxy-2.4.0.tar.gz
[root@dr src]# cd haproxy-2.4.0
[root@dr haproxy-2.4.0]# make clean
[root@dr haproxy-2.4.0]# make -j $(nproc) TARGET=linux-glibc USE_OPENSSL=1 USE_PCRE=1 USE_SYSTEMD=1
[root@dr haproxy-2.4.0]# make install PREFIX=/usr/local/haproxy
[root@DR haproxy-2.4.0]# which haproxy
/usr/local/sbin/haproxy
#配置各个负载的内核参数
[root@dr ~]# echo 'net.ipv4.ip_nonlocal_bind = 1' >> /etc/sysctl.conf
[root@dr ~]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
[root@dr ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
#修改配置
[root@dr ~]# mkdir /etc/haproxy
[root@DR haproxy]# cat haproxy.cfg
#--------------全局配置----------------
global
log 127.0.0.1 local0 info
#log loghost local0 info
maxconn 20480
#chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid
#maxconn 4000
user haproxy
group haproxy
daemon
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option dontlognull
option httpclose
option httplog
#option forwardfor
option redispatch
balance roundrobin
timeout connect 10s
timeout client 10s
timeout server 10s
timeout check 10s
maxconn 60000
retries 3
#--------------统计页面配置------------------
listen admin_stats
bind 0.0.0.0:8189
stats enable
mode http
log global
stats uri /haproxy_stats
stats realm Haproxy\ Statistics
stats auth admin:admin
#stats hide-version
stats admin if TRUE
stats refresh 30s
#---------------web设置-----------------------
listen webcluster
bind 0.0.0.0:443 //端口改为443
mode tcp //模式改为tcp
#option httpchk GET /index.html
log global
maxconn 3000
balance roundrobin
cookie SESSION_COOKIE insert indirect nocache
server web01 192.168.230.131:443 check inter 2000 fall 5 //端口改为443
server web02 192.168.230.132:443 check inter 2000 fall 5 //端口改为443
#haproxy.service文件编写
[root@dr ~]# cat > /usr/lib/systemd/system/haproxy.service <<EOF
> [Unit]
> Description=HAProxy Load Balancer
> After=syslog.target network.target
>
> [Service]
> ExecStartPre=/usr/local/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
> ExecStart=/usr/local/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
> ExecReload=/bin/kill -USR2
>
> [Install]
> WantedBy=multi-user.target
> EOF
[root@dr ~]# systemctl daemon-reload
[root@DR haproxy]# systemctl enable --now haproxy
Created symlink /etc/systemd/system/multi-user.target.wants/haproxy.service → /usr/lib/systemd/system/haproxy.service.
#启用日志
[root@dr ~]# vim /etc/rsyslog.conf
# Save boot messages also to boot.log
local7.* /var/log/boot.log
local0.* /var/log/haproxy.log #添加此行
#启动服务
[root@DR haproxy]# systemctl restart rsyslog.service
[root@DR haproxy]# systemctl restart haproxy
[root@DR haproxy]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 0.0.0.0:8189 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
#RS1上操作:
[root@RS1 ~]# yum -y install httpd
[root@RS1 ~]# echo "awm-RS1" >/var/www/html/index.html
[root@RS1 ~]# systemctl restart httpd
[root@RS1 keys]# openssl req -new -key passport.com.key -out passport.com.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:test
Organizational Unit Name (eg, section) []:nnai
Common Name (eg, your name or your server's hostname) []:web01.com
Email Address []:naicha@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:naicha@qq.com
An optional company name []:
[root@RS1 keys]# openssl x509 -req -days 3650 -in passport.com.csr -signkey passport.com.key -out passport.com.crt
Signature ok
subject=C = CN, ST = HB, L = WH, O = test, OU = nnai, CN = web01.com, emailAddress = naicha@qq.com
Getting Private key
[root@RS1 keys]# yum -y install mod_ssl
[root@RS1 keys]# mkdir /etc/httpd/ssl
[root@RS1 keys]# cd
[root@RS1 ~]# cd keys/
[root@RS1 keys]# ls
passport.com.crt passport.com.csr passport.com.key
[root@RS1 keys]# mv passport.com.* /etc/httpd/ssl/
[root@RS1 keys]# cd /etc/httpd/ssl/
[root@RS1 ssl]# ls
passport.com.crt passport.com.csr passport.com.key
[root@RS1 ssl]# cd ..
[root@RS1 httpd]# cd conf.d/
[root@RS1 conf.d]# ls
autoindex.conf README ssl.conf userdir.conf welcome.conf
[root@RS1 conf.d]# vim ssl.conf
DocumentRoot "/var/www/html" //取消掉这两汉的注释
ServerName www.example.com:443
#修改此两行路径
SSLCertificateFile /etc/httpd/ssl/passport.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/passport.com.key
[root@RS1 conf.d]# systemctl restart httpd
[root@RS1 conf.d]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
#RS2上操作:
[root@RS2 ~]# yum -y install httpd
[root@RS2 ~]# echo "awm-RS2" >/var/www/html/index.html
[root@RS2 ~]# systemctl restart httpd
[root@RS2 ~]# curl 192.168.230.132
awm-RS2
[root@RS2 ~]# yum -y install mod_ssl
[root@RS2 ~]# mkdir /etc/httpd/ssl
[root@RS2 ~]# cd /etc/httpd/ssl/
[root@RS2 ssl]# ls
[root@RS2 ssl]# cd
[root@RS2 ~]# cd /root/
[root@RS2 ~]# ls
anaconda-ks.cfg passport.com.crt passport.com.key
[root@RS2 ~]# mv passport.com.crt /etc/httpd/ssl/
[root@RS2 ~]# mv passport.com.key /etc/httpd/ssl/
[root@RS2 ~]# cd /etc/httpd/ssl/
[root@RS2 ssl]# ls
passport.com.crt passport.com.key
[root@RS2 ssl]# cd ..
[root@RS2 httpd]# ls
conf conf.d conf.modules.d logs modules run ssl state
[root@RS2 httpd]# cd conf.d/
[root@RS2 conf.d]# ls
autoindex.conf README ssl.conf userdir.conf welcome.conf
[root@RS2 conf.d]# vim ssl.conf
DocumentRoot "/var/www/html" //取消掉这两汉的注释
ServerName www.example.com:443
#修改此两行路径
SSLCertificateFile /etc/httpd/ssl/passport.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/passport.com.key
[root@RS2 conf.d]# systemctl restart httpd
[root@RS2 conf.d]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*