haproxy做简单web代理

2019独角兽企业重金招聘Python工程师标准>>>

HAProxy是一款提供高可用性、负载均衡以及基于TCP（第四层）和HTTP（第七层）应用的开源代理软件，支持虚拟主机，可隐藏web服务器。

平台Centos 6.5 x86_64

yum update -y

yum install -y haproxy

cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bk

cat > /etc/haproxy/haproxy.cfg<<-EOF
global
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     32768
    user        haproxy
    group       haproxy
    daemon
    ulimit-n    100000
    stats socket /var/lib/haproxy/stats

defaults
    mode                    tcp
    option                  dontlognull
    retries                 3
    timeout queue           30s
    timeout connect         10s
    timeout client          1m
    timeout server          1m

frontend ss-in
    bind *:408
    default_backend ss-out

backend ss-out
    server server1 5.7.9.10:408 maxconn 32768
EOF

启动
haproxy -f /etc/haproxy/haproxy.cfg

网络优化

ulimit -n 65535

cat >> /etc/sysctl.conf<<-EOF
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
                                 
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 80000
                                 
net.core.somaxconn = 32768
                                 
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 20
                                 
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
                                 
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
                                 
net.core.netdev_max_backlog = 32768
                                 
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_retries2 = 5
                                 
net.ipv4.tcp_mem = 41943040 73400320 94371840
net.ipv4.tcp_max_orphans = 3276800
fs.file-max = 1300000

kernel.printk_ratelimit = 30
kernel.printk_ratelimit_burst = 200
EOF

关闭
killall haproxy

debian7 x86_64 上的安装

echo "deb http://ftp.us.debian.org/debian/ wheezy-backports main" >> /etc/apt/sources.list

apt-get update

apt-get install haproxy

vi /etc/haproxy/haproxy.cfg

global
    log         127.0.0.1 local3 err
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     32768
    user        haproxy
    group       haproxy
    daemon
    ulimit-n    100000
    stats socket /var/lib/haproxy/stats

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    option                  abortonclose
    retries                 3
    timeout http-request    10s
    timeout queue           30s
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 32768

frontend http-in
    bind *:80
    default_backend servers

backend servers
    option httpclose
    server server1 1.2.3.4:80

frontend  mirror_stats
    bind *:8808
    maxconn 10
    log 127.0.0.1 local0
    option httplog
    stats enable
    stats uri /status
    stats auth admin:123456
    stats hide-version
    stats admin if TRUE
    stats refresh 30s
 

启动haproxy -f /etc/haproxy/haproxy.cfg
关闭killall haproxy
查看ps aux | grep haproxy

打开浏览器http://1.2.3.4:8808/status
输入admin：123456即可看到

各参数详解http://blog.csdn.net/dylan_csdn/article/details/51261421

haproxy做https代理

haproxy 本身只提供代理，后端web服务器提供https

只需在/etc/haproxy/haproxy.cfg添加

frontend https_frontend
  bind *:443
  mode tcp
  default_backend web_server

backend web_server
  mode tcp
  balance roundrobin
  stick-table type ip size 200k expire 30m
  stick on src
  server s1 1.2.3.4:443

转载于:https://my.oschina.net/u/2404183/blog/698533