haproxy 负载均衡,基础搭建
haproxy 典型的七层负载服务器。可以对web服务、mysql 数据库提供负载
七层负载,应用层,调度器会和客户端建立tcp链接(三次握手,四次断开)
接收客户端请求,并且通过RUL和调度算法过滤出请求的资源,交给后端比较适合的服务器。拒绝空连接(ddos攻击)增加安全性。
优点:
1.可以对后端进行健康检查,剔除后端宕机的服务器
2.单进程的工作模式
3.支持拒绝连接,防止DDOS攻击
haproxy的调度算法:
roundrobin:动态轮询 设置权重时不需要重启haproxy
static-rr:静态轮询 重启才能将haproxy生效
leastconnect:最小连接
source:源地址散列 把源地址hash
haproxy部署
1.解决依赖关系
[root@localhost ~]# yum -y install pcre-devel
zlib-devel openssl-devel
systemd-devel
2.tar包编译安装
[root@localhost ~]# tar zxvf haproxy-2.0.7.tar -C /usr/src
[root@localhost ~]# cd /usr/src/haproxy-2.0.7
[root@localhost ~]# uname -r 查看内核版本号
#[root@localhost ~]# make TARGET=内核版本号 PREFIX=/usr/local/haproxy # 1.4~1.8版本安装方法
2.0版本安装如下:
[root@localhost ~]# make TARGET=linux-glibc \
USE_OPENSSL=1 \
USE_SYSTEMD=1 \
USE_PCRE=1 \
USE_ZLIB=1 \
PREFIX=/usr/local/haproxy
[root@localhost ~]# make install PREFIX=/usr/local/haproxy
说明:
USE_OPENSSL=1 开启https
USE_SYSTEMD=1 指定为systemd模式
PREFIX=/usr/local/haproxy 指定安装目录
3、创建一个haproxy用户
[root@localhost ~]# useradd -M -s /sbin/nologin haproxy
[root@localhost ~]# ll /usr/local/haproxy #验证是否安装成功
4、设置优化
1.路径优化
[root@localhost ~]# echo 'PATH=$PATH:/usr/local/haproxy/sbin' >> /etc/profile
[root@localhost ~]# source /etc/profile
[root@localhost haproxy-2.0.7]# haproxy -v
HA-Proxy version 2.0.7 2019/09/27 - https://haproxy.org/
2.配置文件
[root@localhost ~]# mkdir /etc/haproxy
[root@localhost ~]# touch /etc/haproxy/haproxy.cfg
#[root@localhost ~]# mkdir -p /var/lib/haproxy
#[root@localhost ~]# touch /var/lib/haproxy/stats
3.启动文件
[root@localhost ~]# cp /usr/src/haproxy-2.0.7/examples/haproxy.init /etc/init.d/haproxy
[root@localhost ~]# chmod a+x /etc/init.d/haproxy
[root@localhost ~]# chkconfig --add haproxy
[root@localhost ~]# chkconfig haproxy on
5.基础的Haproxy配置文件(web负载均衡)
vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local0
#log 127.0.0.1 local0 notice
#log 127.0.0.1 local0 info
maxconn 4096
chroot /usr/local/haproxy
uid 1001
gid 1001
daemon
nbproc 3
pidfile /usr/local/haproxy/run/haproxy.pid
debug
defaults
log global
mode http
maxconn 4096
option httplog
option http-server-close
option dontlognull
option forwardfor except 127.0.0.1
option redispatch
option abortonclose
stats refresh 10
retries 3
balance roundrobin
timeout connect 5000
timeout client 50000
timeout server 50000
frontend www
bind *:80
mode http
option httplog
option forwardfor
option httpclose
log global
default_backend web
backend web
mode http
#option redispatch
option abortonclose
balance roundrobin
cookie SERVERID
option httpchk GET /index.html
server web1 192.168.10.2:80 cookie server1 weight 1 check inter 2000 rise 2 fall 3
server web2 192.168.10.3:80 cookie server2 weight 1 check inter 2000 rise 2 fall 3
listen web_stats
bind *:80
log 127.0.0.1 local0
mode http
option httplog
stats refresh 30s
stats uri /haproxy-stats
stats realm welcome logn\Haproxy
stats auth admin:123.com
stats hide-version
2.haproxy-mysql的配置文件写法
global
log 127.0.0.1 local0
#log 127.0.0.1 local0 notice
#log 127.0.0.1 local0 info
maxconn 4096
chroot /usr/local/haproxy
uid 1001
gid 1001
daemon
nbproc 3
pidfile /usr/local/haproxy/run/haproxy.pid
debug
defaults
log global
mode tcp
maxconn 4096
option abortonclose
stats refresh 10
retries 3
balance roundrobin
timeout connect 5000
timeout client 50000
timeout server 50000
frontend sql
bind *:3306
mode tcp
option tcplog
log global
default_backend mysql
backend mysql
mode tcp
option tcplog
option redispatch
option abortonclose
balance roundrobin
server db_one 192.168.10.2:3306 weight 6 check port 3306 maxconn 100
server db_two 192.168.10.3:3306 weight 6 check port 3306 maxconn 100
listen web_stats
bind *:8080
log 127.0.0.1 local0
mode http
option httplog
stats enable
stats refresh 30s
stats uri /haproxy-stats
stats realm welcome logn\Haproxy
stats auth admin:123.com
stats hide-version
stats admin if TRUE
6.开启haproxy服务,检查配置文件语法
[root@localhost ~]# haproxy -c -f /etc/haproxy/haproxy.cfg
Configuration file is valid — 此配置文件有效
[root@localhost ~]# systemctl start haproxy
[root@localhost ~]# netstat -anpt | grep haproxy
如果启动时出现报错:/haproxy.main()] Cannot chroot(/usr/share/haproxy)
则手动创建:
[root@localhost ~]# mkdir /usr/share/haproxy
如果启动时出现报错:Starting proxy cacti: cannot bind socket
则执行:
[root@localhost ~]# sysctl -e net.ipv4.ip_nonlocal_bind=1