HAProxy详细配置过程
一、HAProxy安装
http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.22.tar.gz
# tar xvzf haproxy-1.4.22.tar.gz
# cd haproxy-1.4.22
# make TARGET=linux26 PREFIX=/usr/local/haproxy
# make install PREFIX=/usr/local/haproxy
# mkdir /usr/local/haproxy/etc
# mkdir -p /data/logs/haproxy
=========================================================================================
二、HAProxy配置
# vim /usr/local/haproxy/etc/haproxy.conf
- global
- log 127.0.0.1 local0
- maxconn 32768
- chroot /usr/local/haproxy
- uid haproxy
- gid haproxy
- daemon
- nbproc 8
- pidfile /var/run/haproxy.pid
- spread-checks 4
- defaults
- log global
- mode http
- retries 3
- option httplog
- option httpclose
- option dontlognull
- option forwardfor
- option redispatch
- option abortonclose
- log 127.0.0.1 local3
- balance roundrobin
- maxconn 20480
- contimeout 5000
- clitimeout 50000
- srvtimeout 50000
- timeout check 2000
- stats enable
- stats admin if TRUE
- stats refresh 30s
- stats uri /server_health_status
- stats realm Haproxy\ statistics
- stats hide-version
- stats auth admin:admin2590159HAHA
- frontend MY_PROXY_SERVER
- bind 0.0.0.0:80
- appsession JSESSIONID len 52 timeout 3h
- cookie SRV insert indirect nocache
- mode http
- log global
- capture request header Host len 40
- capture request header Content-Length len 10
- capture request header Referer len 200
- capture response header Server len 40
- capture response header Content-Length len 10
- capture response header Cache-Control len 8
- acl WEB_SERVER_POLICY1 hdr_dom(host) -i mytest.qq.com
- use_backend BEHIND_APACHE_SERVER1 if WEB_SERVER_POLICY1
- acl SITE_DEAD nbsrv(BEHIND_APACHE_SERVER1) lt 1
- acl SITE_DEAD nbsrv(BEHIND_APACHE_SERVER2) lt 1
- monitor fail if SITE_DEAD
- default_backend BEHIND_APACHE_SERVER1
- backend BEHIND_APACHE_SERVER1
- mode http
- balance roundrobin
- cookie SERVERID
- option httpchk HEAD /index.html HTTP/1.0
- server WEBSRV1 192.168.1.101:80 maxconn 1500 cookie SRV1 check inter 2000 rise 2 fall 3 weight 1
- server WEBSRV2 192.168.1.102:80 maxconn 1500 cookie SRV2 check inter 2000 rise 2 fall 3 weight 1
- backend BEHIND_APACHE_SERVER2
- mode http
- balance roundrobin
- cookie SERVERID
- option httpchk HEAD /index.html HTTP/1.0
- server WEBSRV1 192.168.1.201:80 maxconn 1500 cookie SRV1 check inter 2000 rise 2 fall 3 weight 1
- server WEBSRV2 192.168.1.202:80 maxconn 1500 cookie SRV2 check inter 2000 rise 2 fall 3 weight 1
- server WEBSRV3 192.168.1.203:80 maxconn 1500 cookie SRV3 check inter 2000 rise 2 fall 3 weight 1
=========================================================================================
三、HAProxy日志记录配置
# vim /etc/syslog-ng/syslog-ng.conf
- source src_haproxy {
- udp(ip("0.0.0.0") port(514));
- };
- filter f_local03 {
- facility(local0,local3);
- };
- filter custom {
- program("haproxy");
- };
- destination dst_haproxy {
- file("/data/logs/haproxy/haproxy.log");
- };
- log {
- source(src_haproxy);
- filter(f_local03);
- destination(dst_haproxy);
- };
- log {
- source(src_haproxy);
- filter(custom);
- destination(dst_haproxy);
- };
# vim /etc/syslog.conf
- local3.* /data/logs/haproxy/haproxy.log
- local0.* /data/logs/haproxy/haproxy.log
- # vim /etc/sysconfig/syslog
- SYSLOGD_OPTIONS="-r -m 0"
最后执行命令:
# service syslog restart
=========================================================================================
四、HAProxy命令启动及启动脚本
1、启动命令
# /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/etc/haproxy.conf
2、启动脚本
# vim /etc/init.d/haproxy
- #!/bin/sh
- #
- # haproxy - this script start and stop the haproxy daemon
- #
- # chkconfig 35 on
- # description: HAProxy is a TCP/HTTP reverse proxy.
- # processname: haproxy
- # config: /usr/local/haproxy/etc/haproxy.conf
- # pidfile: /var/run/haproxy.pid
- #
- PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
- BINFILE="/usr/local/haproxy/sbin/haproxy"
- CFGFILE="/usr/local/haproxy/etc/haproxy.conf"
- PIDFILE="/var/run/haproxy.pid"
- LOCKFILE="/var/lock/haproxy.lock"
- RETVAL=0
- start() {
- [[ -x $BINFILE ]] || exit 5
- [[ -f $CFGFILE ]] || exit 6
- $BINFILE -c -q -f $CFGFILE
- [[ $? -ne 0 ]] && echo "The HAProxy configure has error." && return 1
- echo -n "Starting HAProxy......"
- $BINFILE -f $CFGFILE -p $PIDFILE
- RETVAL=$?
- echo
- [[ $RETVAL -eq 0 ]] && touch $LOCKFILE
- return $RETVAL
- }
- stop() {
- echo -n "Shutting down HAProxy......"
- while true
- do
- /sbin/killproc -TERM $BINFILE
- [[ -z `ps aux | grep sbin/haproxy | grep -v grep` ]] && break
- done
- RETVAL=$?
- echo
- [[ $RETVAL -eq 0 ]] && rm -f $LOCKFILE $PIDFILE
- return $RETVAL
- }
- restart() {
- stop
- sleep 1
- start
- }
- reload() {
- [[ -z `ps aux | grep sbin/haproxy | grep -v grep` ]] && echo "The HAProxy is not running." && return 1
- echo -n $"Reloading HAProxy......"
- if [[ -f $PIDFILE ]]; then
- $BINFILE -f $CFGFILE -st `cat $PIDFILE`
- else
- $BINFILE -f $CFGFILE -st `ps aux | grep sbin/haproxy | grep -v grep | awk '{print $2}'`
- fi
- RETVAL=$?
- echo
- return $RETVAL
- }
- case "$1" in
- start)
- start
- ;;
- stop)
- stop
- ;;
- restart)
- restart
- ;;
- reload)
- reload
- ;;
- condrestart)
- [[ -e $LOCKFILE ]] && restart || :
- ;;
- check)
- $BINFILE -c -q -V -f $CFGFILE
- ;;
- *)
- echo "Usage: service haproxy {start|stop|restart|reload|condrestart|check}"
- RETVAL=1
- esac
- exit $RETVAL
- # chmod +x /etc/init.d/haproxy
- # chkconfig --add haproxy
- # service haproxy start
=========================================================================================
五、日志切割脚本
# vim /usr/local/haproxy/sbin/cut_haproxy_log.sh
- #!/bin/bash
- # This script run at 00:00
- # The haproxy log path
- LOGPATH="/data/logs/haproxy"
- [[ -z `ps aux | grep sbin/haproxy | grep -v grep` ]] && exit 1
- mv ${LOGPATH}/haproxy.log ${LOGPATH}/haproxy_$(date -d "yesterday" +"%Y-%m-%d").log
- /sbin/service syslog restart
- # chmod +x /usr/local/haproxy/sbin/cut_haproxy_log.sh
# crontab -e
00 00 * * * /usr/local/haproxy/sbin/cut_haproxy_log.sh >/dev/null 2>&1
=========================================================================================
六、日志清理脚本
# vim /usr/local/haproxy/sbin/clean_haproxy_log.sh
- #!/bin/bash
- # This script run at 00:30
- # The haproxy log path
- LOGPATH="/data/logs/haproxy"
- [[ -z `ps aux | grep sbin/haproxy | grep -v grep` ]] && exit 1
- rm -f ${LOGPATH}/haproxy_$(date -d "10 days ago" +"%Y-%m-%d").log
- # chmod +x /usr/local/haproxy/sbin/clean_haproxy_log.sh
# crontab -e
30 00 * * * /usr/local/haproxy/sbin/clean_haproxy_log.sh >/dev/null 2>&1
=========================================================================================
七、网络优化部分
# vim /etc/sysctl.conf
- net.ipv4.tcp_syncookies = 1
- net.ipv4.tcp_tw_reuse = 1
- net.ipv4.tcp_tw_recycle = 1
- net.ipv4.tcp_fin_timeout = 30
- net.ipv4.tcp_keepalive_time = 1200
- net.ipv4.ip_local_port_range = 1024 65000
- net.ipv4.tcp_max_syn_backlog = 8192
- net.ipv4.tcp_max_tw_buckets = 80000
- net.core.somaxconn = 32768
- net.ipv4.tcp_keepalive_probes = 5
- net.ipv4.tcp_keepalive_intvl = 20
- net.core.wmem_default = 8388608
- net.core.rmem_default = 8388608
- net.core.rmem_max = 16777216
- net.core.wmem_max = 16777216
- net.ipv4.tcp_rmem = 4096 87380 16777216
- net.ipv4.tcp_wmem = 4096 65536 16777216
- net.core.netdev_max_backlog = 32768
- net.ipv4.tcp_timestamps = 0
- net.ipv4.tcp_synack_retries = 2
- net.ipv4.tcp_syn_retries = 2
- net.ipv4.tcp_retries2 = 5
- net.ipv4.tcp_mem = 41943040 73400320 94371840
- net.ipv4.tcp_max_orphans = 3276800
- fs.file-max = 1300000
- # /sbin/sysctl -p
=========================================================================================
八、HAProxy自身健康检查
# vim /usr/local/haproxy/sbin/check_haproxy.sh
- #!/bin/sh
- PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
- [[ -e "/usr/local/haproxy/sbin" ]] || exit 1
- [[ -z `ps aux | grep sbin/haproxy | grep -v grep` ]] && /sbin/service haproxy start && exit 1
- ETH1_ADDR=`/sbin/ifconfig eth1 | awk -F ':' '/inet addr/{print $2}' | sed 's/[a-zA-Z ]//g'`
- [[ -z `curl -I -s "http://${ETH1_ADDR}" | grep "200 OK"` ]] && /sbin/service haproxy restart
- # chmod +x /usr/local/haproxy/sbin/check_haproxy.sh
# crontab -e
*/5 * * * * /usr/local/haproxy/sbin/check_haproxy.sh >/dev/null 2>&1
=========================================================================================
九、测试过程
主机地址:192.168.1.100
绑定本地HOSTS访问:192.168.1.100 mytest.qq.com
后端服务器健康监控页面
http://mytest.qq.com/server_health_status