linux设置四层代理,centos 7 安装HAproxy四层TCP负载均衡配置及测试

centos 7 安装HAproxy四层TCP负载均衡配置及测试

2018-08-08 17:04

分享人：老牛

haproxy负载均衡166.110.110.100

后端服务器1 166.110.110.1

后端服务器2 166.110.110.2

--------------------------------------------------centos 7 处理----------------------------------------------------

关闭SELinux

vi /etc/selinux/config

#SELINUX=enforcing #注释掉

#SELINUXTYPE=targeted #注释掉

SELINUX=disabled #增加

:wq!  #保存退出

setenforce 0 #使配置立即生效

关闭centos 7的防火墙(仅在测试的时候)

systemctl stop firewalld.service

systemctl disable firewalld.service

--------------------------------------------------haproxy安装----------------------------------------------------

yum install wget gcc -y && wget -c --no-check-certificate https://src.fedoraproject.org/repo/pkgs/haproxy/haproxy-1.8.12.tar.gz && tar -xvf haproxy-1.8.12.tar.gz && cd haproxy-1.8.12

groupadd haproxy #添加haproxy组

useradd -g haproxy haproxy -s /bin/false #创建nginx运行账户haproxy并加入到haproxy组，不允许haproxy

--------------------------------------------------haproxy配置----------------------------------------------------

vi /etc/haproxy/haproxy.cfg

修改为以下配置

#---------------------------------------------------------------------

# Example configuration for a possible web application.  See the

# full configuration options online.

#

#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt

#

#---------------------------------------------------------------------

#---------------------------------------------------------------------

# Global settings

#---------------------------------------------------------------------

global

# to have these messages end up in /var/log/haproxy.log you will

# need to:

#

# 1) configure syslog to accept network log events.  This is done

#    by adding the '-r' option to the SYSLOGD_OPTIONS in

#    /etc/sysconfig/syslog

#

# 2) configure local2 events to go to the /var/log/haproxy.log

#   file. A line like the following can be added to

#   /etc/sysconfig/syslog

#

#    local2.*                       /var/log/haproxy.log

#

log         127.0.0.1 local2

chroot      /var/lib/haproxy

pidfile     /var/run/haproxy.pid

maxconn     4000

user        haproxy

group       haproxy

daemon

# turn on stats unix socket

stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------

# common defaults that all the 'listen' and 'backend' sections will

# use if not designated in their block

#---------------------------------------------------------------------

defaults

mode                    http

log                     global

option                  httplog

option                  dontlognull

option http-server-close

option forwardfor       except 127.0.0.0/8

option                  redispatch

retries                 3

timeout http-request    10s

timeout queue           1m

timeout connect         10s

timeout client          1m

timeout server          1m

timeout http-keep-alive 10s

timeout check           10s

maxconn                 3000

#---------------------------------------------------------------------

# main frontend which proxys to the backends

#---------------------------------------------------------------------

listen admin_stats

bind 127.0.0.1:1080               #监听端口

mode http                       #http的7层模式

option httplog                  #采用http日志格式

#log 127.0.0.1 local0 err

maxconn 10

stats refresh 30s               #统计页面自动刷新时间

stats uri /stats                #统计页面url

stats realm Proxy\ Haproxy  #统计页面密码框上提示文本

stats auth admin:admin          #统计页面用户名和密码设置

stats hide-version              #隐藏统计页面上HAProxy的版本信息

listen test1

bind 0.0.0.0:80

mode tcp

balance leastconn

#maxconn 40000

#log 127.0.0.1 local0 debug

server s1 166.110.110.1:80

server s2 166.110.110.2:80

------------------------------------------------------------------------------------------------------

centos7下haproxy启动停止重启重载状态等控制命令

systemctl (start, stop, restart, try-restart, reload, force-reload, status) haproxy.service

haproxy web监控信息166.110.110.100为haproxy安装所在服务器IP

http://166.110.110.100:1080/status

-----------------------------后端安装lighttpd 作为测试用----------------------------------------------

systemctl stop firewalld.service

systemctl disable firewalld.service

关闭SELinux

vi /etc/selinux/config

将SELINUX=enforcing改为SELINUX=disabled

安装

yum install -y epel-release gcc gcc-c++ autoconf automake  zlib zlib-devel pcre-devel zip unzip libtool bzip2-* && yum install -y lighttpd && systemctl enable lighttpd

编辑配置文件关闭ipv6

vi /etc/lighttpd/lighttpd.conf

注释掉ipv6

启动服务器

systemctl restart lighttpd.service

默认目录及首页

/var/www/lighttpd/index.html

对两个index.html进行修改进行区别

后端第一个服务器

echo "

this is upstream server 1" >> /var/www/lighttpd/index.html

后端第二个服务器

echo "

this is upstream server 2" >> /var/www/lighttpd/index.html

访问haproxy所在服务器IP或者解析的域名刷新试试

-----------------------------Haproxy 负载均衡的8种算法----------------------------------------

balance roundrobin # 轮询，软负载均衡基本都具备这种算法

balance static-rr # 根据权重，建议使用

balance leastconn # 最少连接者先处理，建议使用

balance source # 根据请求源IP，建议使用

balance uri # 根据请求的URI

balance url_param，# 根据请求的URl参数'balance url_param' requires an URL parameter name

balance hdr(name) # 根据HTTP请求头来锁定每一次HTTP请求

balance rdp-cookie(name) # 根据据cookie(name)来锁定并哈希每一次TCP请求