=========================================================================================
一、HAProxy安装
http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.22.tar.gz
# tar xvzf haproxy-1.4.22.tar.gz
# cd haproxy-1.4.22
# make TARGET=linux26 PREFIX=/usr/local/haproxy
# make install PREFIX=/usr/local/haproxy
# mkdir /usr/local/haproxy/etc
# mkdir -p /data/logs/haproxy
=========================================================================================
二、HAProxy配置
#vim /usr/local/haproxy/etc/haproxy.confglobal
log 127.0.0.1 local0
maxconn 32768
chroot /usr/local/haproxy
uid haproxy
gid haproxy
daemon
nbproc 8
pidfile /var/run/haproxy.pid
spread-checks 4
defaults
log global
mode http
retries 3
option httplog
option httpclose
option dontlognull
option forwardfor
option redispatch
option abortonclose
log 127.0.0.1 local3
balance roundrobin
maxconn 20480
contimeout 5000
clitimeout 50000
srvtimeout 50000
timeout check 2000
stats enable
stats admin if TRUE
stats refresh 30s
stats uri /server_health_status
stats realm Haproxy\ statistics
stats hide-version
stats auth admin:admin2590159HAHA
frontend MY_PROXY_SERVER
bind 0.0.0.0:80
appsession JSESSIONID len 52 timeout 3h
cookie SRV insert indirect nocache
mode http
log global
capture request header Host len 40
capture request header Content-Length len 10
capture request header Referer len 200
capture response header Server len 40
capture response header Content-Length len 10
capture response header Cache-Control len 8
acl WEB_SERVER_POLICY1 hdr_dom(host) -i mytest.qq.com
use_backend BEHIND_APACHE_SERVER1 if WEB_SERVER_POLICY1
acl SITE_DEAD nbsrv(BEHIND_APACHE_SERVER1) lt 1
acl SITE_DEAD nbsrv(BEHIND_APACHE_SERVER2) lt 1
monitor fail if SITE_DEAD
default_backend BEHIND_APACHE_SERVER1
backend BEHIND_APACHE_SERVER1
mode http
balance roundrobin
cookie SERVERID
option httpchk HEAD /index.html HTTP/1.0
server WEBSRV1 192.168.1.101:80 maxconn 1500 cookie SRV1 check inter 2000 rise 2 fall 3 weight 1
server WEBSRV2 192.168.1.102:80 maxconn 1500 cookie SRV2 check inter 2000 rise 2 fall 3 weight 1
backend BEHIND_APACHE_SERVER2
mode http
balance roundrobin
cookie SERVERID
option httpchk HEAD /index.html HTTP/1.0
server WEBSRV1 192.168.1.201:80 maxconn 1500 cookie SRV1 check inter 2000 rise 2 fall 3 weight 1
server WEBSRV2 192.168.1.202:80 maxconn 1500 cookie SRV2 check inter 2000 rise 2 fall 3 weight 1
server WEBSRV3 192.168.1.203:80 maxconn 1500 cookie SRV3 check inter 2000 rise 2 fall 3 weight 1
=========================================================================================
三、HAProxy日志记录配置
# vim /etc/syslog-ng/syslog-ng.confsource src_haproxy {
udp(ip("0.0.0.0") port(514));
};
filter f_local03 {
facility(local0,local3);
};
filter custom {
program("haproxy");
};
destination dst_haproxy {
file("/data/logs/haproxy/haproxy.log");
};
log {
source(src_haproxy);
filter(f_local03);
destination(dst_haproxy);
};
log {
source(src_haproxy);
filter(custom);
destination(dst_haproxy);
};
#vim /etc/syslog.conflocal3.* /data/logs/haproxy/haproxy.log
local0.* /data/logs/haproxy/haproxy.log
#vim /etc/sysconfig/syslogSYSLOGD_OPTIONS="-r -m 0"
最后执行命令:
# service syslog restart
=========================================================================================
四、HAProxy命令启动及启动脚本
1、启动命令
# /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/etc/haproxy.conf
2、启动脚本
# vim /etc/init.d/haproxy#!/bin/sh
#
# haproxy - this script start and stop the haproxy daemon
#
# chkconfig 35 on
# description: HAProxy is a TCP/HTTP reverse proxy.
# processname: haproxy
# config: /usr/local/haproxy/etc/haproxy.conf
# pidfile: /var/run/haproxy.pid
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
BINFILE="/usr/local/haproxy/sbin/haproxy"
CFGFILE="/usr/local/haproxy/etc/haproxy.conf"
PIDFILE="/var/run/haproxy.pid"
LOCKFILE="/var/lock/haproxy.lock"
RETVAL=0
start() {
[[ -x $BINFILE ]] || exit 5
[[ -f $CFGFILE ]] || exit 6
$BINFILE -c -q -f $CFGFILE
[[ $? -ne 0 ]] && echo "The HAProxy configure has error." && return 1
echo -n "Starting HAProxy......"
$BINFILE -f $CFGFILE -p $PIDFILE
RETVAL=$?
echo
[[ $RETVAL -eq 0 ]] && touch $LOCKFILE
return $RETVAL
}
stop() {
echo -n "Shutting down HAProxy......"
while true
do
/sbin/killproc -TERM $BINFILE
[[ -z `ps aux | grep sbin/haproxy | grep -v grep` ]] && break
done
RETVAL=$?
echo
[[ $RETVAL -eq 0 ]] && rm -f $LOCKFILE $PIDFILE
return $RETVAL
}
restart() {
stop
sleep 1
start
}
reload() {
[[ -z `ps aux | grep sbin/haproxy | grep -v grep` ]] && echo "The HAProxy is not running." && return 1
echo -n $"Reloading HAProxy......"
if [[ -f $PIDFILE ]]; then
$BINFILE -f $CFGFILE -st `cat $PIDFILE`
else
$BINFILE -f $CFGFILE -st `ps aux | grep sbin/haproxy | grep -v grep | awk '{print $2}'`
fi
RETVAL=$?
echo
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
condrestart)
[[ -e $LOCKFILE ]] && restart || :
;;
check)
$BINFILE -c -q -V -f $CFGFILE
;;
*)
echo "Usage: service haproxy {start|stop|restart|reload|condrestart|check}"
RETVAL=1
esac
exit $RETVAL
# chmod +x /etc/init.d/haproxy
# chkconfig --add haproxy
# service haproxy start
=========================================================================================
五、日志切割脚本
# vim /usr/local/haproxy/sbin/cut_haproxy_log.sh#!/bin/bash
# This script run at 00:00
# The haproxy log path
LOGPATH="/data/logs/haproxy"
[[ -z `ps aux | grep sbin/haproxy | grep -v grep` ]] && exit 1
mv ${LOGPATH}/haproxy.log ${LOGPATH}/haproxy_$(date -d "yesterday" +"%Y-%m-%d").log
/sbin/service syslog restart
# chmod +x /usr/local/haproxy/sbin/cut_haproxy_log.sh
# crontab -e
00 00 * * * /usr/local/haproxy/sbin/cut_haproxy_log.sh >/dev/null 2>&1
=========================================================================================
六、日志清理脚本
# vim /usr/local/haproxy/sbin/clean_haproxy_log.sh#!/bin/bash
# This script run at 00:30
# The haproxy log path
LOGPATH="/data/logs/haproxy"
[[ -z `ps aux | grep sbin/haproxy | grep -v grep` ]] && exit 1
rm -f ${LOGPATH}/haproxy_$(date -d "10 days ago" +"%Y-%m-%d").log
#chmod +x /usr/local/haproxy/sbin/clean_haproxy_log.sh
# crontab -e
30 00 * * * /usr/local/haproxy/sbin/clean_haproxy_log.sh >/dev/null 2>&1
=========================================================================================
七、网络优化部分
# vim /etc/sysctl.confnet.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 80000
net.core.somaxconn = 32768
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 20
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.core.netdev_max_backlog = 32768
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_mem = 41943040 73400320 94371840
net.ipv4.tcp_max_orphans = 3276800
fs.file-max = 1300000
# /sbin/sysctl -p
=========================================================================================
八、HAProxy自身健康检查
#vim /usr/local/haproxy/sbin/check_haproxy.sh#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
[[ -e "/usr/local/haproxy/sbin" ]] || exit 1
[[ -z `ps aux | grep sbin/haproxy | grep -v grep` ]] && /sbin/service haproxy start && exit 1
ETH1_ADDR=`/sbin/ifconfig eth1 | awk -F ':' '/inet addr/{print $2}' | sed 's/[a-zA-Z ]//g'`
[[ -z `curl -I -s "http://${ETH1_ADDR}" | grep "200 OK"` ]] && /sbin/service haproxy restart
#chmod +x /usr/local/haproxy/sbin/check_haproxy.sh
# crontab -e
*/5 * * * * /usr/local/haproxy/sbin/check_haproxy.sh >/dev/null 2>&1
=========================================================================================
九、测试过程
主机地址:192.168.1.100
绑定本地HOSTS访问:192.168.1.100 mytest.qq.com
后端服务器健康监控页面
http://mytest.qq.com/server_health_status