haprorxy配置
1.准备工作
准备三台主机
RS1与RS2提供测试网站,haproxy当调度器
实验环境:
主机名 | IP |
haproxy | 192.168.80.132 |
RS1 | 192.168.80.128 |
RS2 | 192.168.80.130 |
三台主机均配置阿里源,并且关闭防火墙和selinux
//RS1
[root@RS1 ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# setenforce 0
[root@RS1 ~]# vim /etc/selinux/config
[root@RS1 ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled //改为disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
//RS2
[root@RS2 ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# vim /etc/selinux/config
[root@RS2 ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled //改为disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
//haproxy
[root@haproxy ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@haproxy ~]# setenforce 0
[root@haproxy ~]# vim /etc/selinux/config
[root@haproxy ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled //改为disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
//在两个RS主机上安装httpd
[root@RS2 ~]# yum -y install httpd
[root@RS1 ~]# yum -y install httpd
//配置网站页面并且启动加入开机自启
//RS2
[root@RS2 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS2 ~]# echo "hello world" > /var/www/html/index.html
//RS1
[root@RS1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS1 ~]# echo "hello myfriend" > /var/www/html/index.html
网页访问
2. haproxy安装配置
haproxy包下载链接
https://github.com/haproxy/haproxy/archive/refs/tags/v2.6.0.tar.gz
//下载软件包
[root@haproxy ~]# wget https://github.com/haproxy/haproxy/archive/refs/tags/v2.6.0.tar.gz
//安装依赖包
[root@haproxy ~]# yum -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel
//创建haproxy系统用户
[root@haproxy ~]# useradd -r -M -s /sbin/nologin haproxy
//解压软件包
[root@haproxy ~]# tar xf v2.6.0.tar.gz
[root@haproxy ~]# ls
anaconda-ks.cfg haproxy-2.6.0 v2.6.0.tar.gz
//编译安装
[root@haproxy ~]# cd haproxy-2.6.0/
[root@haproxy haproxy-2.6.0]# make clean
[root@haproxy haproxy-2.6.0]# make -j $(grep 'processor' /proc/cpuinfo |wc -l) TARGET=linux-glibc USE_OPENSSL=1 USE_ZLIB=1 USE_PCRE=1 USE_SYSTEMD=1
[root@haproxy haproxy-2.6.0]# make install PREFIX=/usr/local/haproxy
//创造软连接
[root@haproxy haproxy-2.6.0]# ln -s /usr/local/haproxy/sbin/haproxy /usr/sbin/
[root@haproxy haproxy-2.6.0]# which haproxy
/usr/sbin/haproxy
//配置各个负载的内核参数
[root@haproxy haproxy-2.6.0]# echo 'net.ipv4.ip_nonlocal_bind = 1' >> /etc/sysctl.conf
[root@haproxy haproxy-2.6.0]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
[root@haproxy haproxy-2.6.0]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
//提供配置文件
[root@haproxy ~]# mkdir /etc/haproxy
[root@haproxy ~]# cd /etc/haproxy/
[root@haproxy haproxy]# vim haproxy.cfg
[root@haproxy haproxy]# cat haproxy.cfg
#------------Global configuration-----------------
global
log 127.0.0.1 local0 info
#log loghost local0 info
maxconn 20480
#chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid
#maxconn 4000
user haproxy
group haproxy
daemon
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option dontlognull
option httpclose
option httplog
#option forwardfor
option redispatch
balance roundrobin
timeout connect 10s
timeout client 10s
timeout server 10s
timeout check 10s
maxconn 60000
retries 3
#--------------Statistics page configuration------------------
listen admin_stats
bind 0.0.0.0:8189
stats enable
mode http
log global
stats uri /haproxy_stats
stats realm Haproxy\ Statistics
stats auth admin:admin
#stats hide-version
stats admin if TRUE
stats refresh 30s
#---------------web settings-----------------------
listen webcluster
bind 0.0.0.0:80
mode http
#option httpchk GET /index.html
log global
maxconn 3000
balance roundrobin
cookie SESSION_COOKIE insert indirect nocache
server web01 192.168.80.128:80 check inter 2000 fall 5
server web02 192.168.80.130:80 check inter 2000 fall 5
#server web01 192.168.80.102:80 cookie web01 check inter 2000 fall 5
//haproxy.service文件编写
[root@haproxy haproxy]# vim /usr/lib/systemd/system/haproxy.service
[root@haproxy haproxy]# cat /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
ExecReload=/bin/kill -USR2
[Install]
WantedBy=multi-user.target
[root@haproxy haproxy]# systemctl daemon-reload
[root@haproxy haproxy]# systemctl enable --now haproxy
Created symlink /etc/systemd/system/multi-user.target.wants/haproxy.service → /usr/lib/systemd/system/haproxy.service.
[root@haproxy haproxy]# systemctl status haproxy.service
● haproxy.service - HAProxy Load Balancer
Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disa>
Active: active (running) since Mon 2022-08-15 14:19:17 EDT; 9s ago
Process: 53596 ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cf>
Main PID: 53598 (haproxy)
Tasks: 2 (limit: 11174)
Memory: 23.8M
CGroup: /system.slice/haproxy.service
├─53598 /usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /v>
└─53601 /usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /v>
8月 15 14:19:17 haproxy systemd[1]: Starting HAProxy Load Balancer...
8月 15 14:19:17 haproxy systemd[1]: Started HAProxy Load Balancer.
8月 15 14:19:17 haproxy haproxy[53598]: [NOTICE] (53598) : haproxy version is 2.6.0-a1>
8月 15 14:19:17 haproxy haproxy[53598]: [NOTICE] (53598) : path to executable is /usr/>
8月 15 14:19:17 haproxy haproxy[53598]: [ALERT] (53598) : config : parsing [/etc/hapr>
8月 15 14:19:17 haproxy haproxy[53598]: [NOTICE] (53598) : New worker (53601) forked
8月 15 14:19:17 haproxy haproxy[53598]: [NOTICE] (53598) : Loading success.
[root@haproxy haproxy]# ss -anlt //有80和8189端口即为成功
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:8189 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
//启用日志
[root@haproxy haproxy]# vim /etc/rsyslog.conf
local0.* /var/log/haproxy.log
[root@haproxy haproxy]# systemctl restart rsyslog
网页测试
在网页使用ip访问先访问再刷新即可看到两个页面
网页登录服务
用户名与密码都是admin
即可看到实时数据