环境准备
//RS分别关闭防火墙,selinux
//设置好网页内容
[root@RS1 ~]# yum -y install httpd
[root@RS1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS1 ~]# echo hello rs1 > /var/www/html/index.html
[root@RS1 ~]# systemctl restart httpd
[root@RS2 ~]# yum -y install httpd
[root@RS2 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS2 ~]# echo hello rs2 > /var/www/html/index.html
[root@RS2 ~]# systemctl restart httpd
DR上
//从github下载haproxy包
https://github.com/haproxy/haproxy/archive/refs/tags/v2.4.0.tar.gz
//下载相关包
[root@dr ~]# yum -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel
//创建系统用户
[root@dr ~]# useradd -r -M -s /sbin/nologin haproxy
//解压
[root@dr ~]# tar xf v2.4.0.tar.gz
[root@dr ~]# ls
anaconda-ks.cfg Desktop Documents Downloads haproxy-2.4.0 Music original-ks.cfg Pictures Public Templates v2.4.0.tar.gz Videos
[root@dr ~]# cd haproxy-2.4.0/
[root@dr haproxy-2.4.0]# ls
addons BRANCHES CONTRIBUTING doc include LICENSE Makefile reg-tests scripts SUBVERS VERDATE
admin CHANGELOG dev examples INSTALL MAINTAINERS README ROADMAP src tests VERSION
//查看安装文档
[root@dr haproxy-2.4.0]# cat INSTALL
Installation instructions for HAProxy
=====================================
HAProxy 2.4 is a long-term supported version, which means that it will get
fixes for bugs as they are discovered till around Q2 2026 and will not receive
new features. This version is suitable for general deployment as it is expected
to receive less frequent updates than regular stable branches which have an odd
digit in the minor version number. New users are strongly advised encouraged to
use only such long-term supported versions such as the ones provided by their
software vendor or Linux distribution. If for any reason you would prefer a
different version than the one packaged for your system, you want to be certain
to have all the fixes or to get some commercial support, other choices are
available at http://www.haproxy.com/.
Areas covered in this document
==============================
1) Quick build & install
2) Basic principles
3) Build environment
4) Dependencies
5) Advanced build options
6) How to install HAProxy
1) Quick build & install
========================
If you've already built HAProxy and are just looking for a quick reminder, here
are a few build examples :
- recent Linux system with all options, make and install :
$ make clean
$ make -j $(nproc) TARGET=linux-glibc \ ///这个
USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1 USE_SYSTEMD=1
$ sudo make install
- FreeBSD and OpenBSD, build with all options :
$ gmake -j 4 TARGET=freebsd USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1
- embedded Linux, build using a cross-compiler :
$ make -j $(nproc) TARGET=linux-glibc USE_OPENSSL=1 USE_PCRE=1 \
CC=/opt/cross/gcc730-arm/bin/gcc ADDLIB=-latomic
- Build with static PCRE on Solaris / UltraSPARC :
$ make TARGET=solaris CPU=ultrasparc USE_STATIC_PCRE=1
[root@dr haproxy-2.4.0]# nproc //取cpu核心数
2
[root@dr haproxy-2.4.0]# grep 'processor' /proc/cpuinfo |wc -l
2
//开始编译
[root@dr haproxy-2.4.0]# make clean
[root@dr haproxy-2.4.0]# make -j $(grep 'processor' /proc/cpuinfo |wc -l) \
> TARGET=linux-glibc \
> USE_OPENSSL=1 \
> USE_ZLIB=1 \
> USE_PCRE=1 \
> USE_SYSTEMD=1
>
//安装
[root@dr haproxy-2.4.0]# make install PREFIX=/usr/local/haproxy
//不是系统默认安装位置,所以需要设置环境变量
[root@dr ~]# vim /etc/profile.d/haproxy.sh
[root@dr ~]# cat /etc/profile.d/haproxy.sh
export PATH=/usr/local/haproxy/sbin:$PATH
[root@dr ~]# source /etc/profile.d/haproxy.sh
[root@dr ~]# which haproxy
/usr/local/haproxy/sbin/haproxy
//也可以直接复制过去
[root@dr sbin]# pwd
/usr/local/haproxy/sbin
[root@dr sbin]# cp haproxy /usr/bin/
[root@dr sbin]# which haproxy
/usr/bin/haproxy
//配置各个负载的内核参数
[root@dr ]# echo 'net.ipv4.ip_nonlocal_bind = 1' >> /etc/sysctl.conf
[root@dr ]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf //开启转发功能
[root@dr ]# cd
[root@dr ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
//生成配置文件
[root@dr ]# mkdir /etc/haproxy
[root@dr ]# vim /etc/haproxy/haproxy.cfg
#--------------全局配置----------------
global
log 127.0.0.1 local0 info #记录日志到本机的local0里,级别为info
#log loghost local0 info
maxconn 20480
#chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid
#maxconn 4000
user haproxy
group haproxy
daemon #在后台运行
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http #http协议
log global
option dontlognull
option httpclose
option httplog
#option forwardfor
option redispatch
balance roundrobin #轮询
timeout connect 10s
timeout client 10s
timeout server 10s
timeout check 10s
maxconn 60000
retries 3 #尝试连接3次
#--------------统计页面配置------------------
listen admin_stats
bind 0.0.0.0:8189 #监听本机8189
stats enable
mode http
log global
stats uri /haproxy_stats #访问的url
stats realm Haproxy\ Statistics
stats auth admin:admin #网站的账户和密码
#stats hide-version
stats admin if TRUE
stats refresh 30s #30s刷新一次
#---------------web设置-----------------------
listen webcluster
bind 0.0.0.0:80
mode http
#option httpchk GET /index.html
log global
maxconn 3000
balance roundrobin
cookie SESSION_COOKIE insert indirect nocache
server web01 192.168.216.200:80 check inter 2000 fall 5 # 检查5次失败后不调度
server web02 192.168.216.202:80 check inter 2000 fall 5
//web01,02为别名,不可重复,
//编写haproxy.service文件
[root@dr ~]# cat > /usr/lib/systemd/system/haproxy.service <<EOF
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q # 启动之前检查配置文件
ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
EOF
[root@dr ~]# haproxy --help
HAProxy version 2.4.0-6cbbecf09 2021/05/14 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2026.
Known bugs: http://www.haproxy.org/bugs/bugs-2.4.0.html
Running on: Linux 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64
Usage : haproxy [-f <cfgfile|cfgdir>]* [ -vdVD ] [ -n <maxconn> ] [ -N <maxpconn> ]
[ -p <pidfile> ] [ -m <max megs> ] [ -C <dir> ] [-- <cfgfile>*]
-v displays version ; -vv shows known build options.
-d enters debug mode ; -db only disables background mode.
-dM[<byte>] poisons memory with <byte> (defaults to 0x50)
-V enters verbose mode (disables quiet mode)
-D goes daemon ; -C changes to <dir> before loading files.
-W master-worker mode.
-Ws master-worker mode with systemd notify support.
-q quiet mode : don't display messages
-c check mode : only check config files and exit
-n sets the maximum total # of connections (uses ulimit -n)
-m limits the usable amount of memory (in MB)
-N sets the default, per-proxy maximum # of connections (0)
-L set local peer name (default to hostname)
-p writes pids of all children to this file
[root@dr ~]# systemctl daemon-reload //重新加载
//启动服务
[root@dr ~]# systemctl restart haproxy.service
[root@dr ~]# ss -antl //查看端口号确保80和8189端口启动,有httpd服务记得关闭,防止端口冲突
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:8189 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:80 *:*
[root@dr ~]# ss -antlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:8189 *:* users:(("haproxy",pid=92384,fd=6))
LISTEN 0 128 *:111 *:* users:(("rpcbind",pid=568,fd=8))
LISTEN 0 128 *:80 *:* users:(("haproxy",pid=92384,fd=7))
两个端口都由haproxy提供
输入调度器ip测试
刷新后
进入web管理页面,输入之前设置的url
//停掉一台主机的服务
[root@RS2 ~]# systemctl stop httpd
刷新
状态变红
[root@RS2 ~]# systemctl start httpd
启动后变绿恢复正常
haproxy具有自我检查功能,并将状态反应在web页面上
实现https加密访问
1.HTTP和HTTPS的基本概念
HTTP:是互联网上应用最为广泛的一种网络协议,是一个客户端和服务器端请求和应答的标准(TCP),用于从WWW服务器传输超文本到本地浏览器的传输协议,它可以使浏览器更加高效,使网络传输减少。
HTTPS:是以安全为目标的HTTP通道,简单讲是HTTP的安全版,即HTTP下加入SSL层,HTTPS的安全基础是SSL,因此加密的详细内容就需要SSL。
HTTPS协议的主要作用可以分为两种:一种是建立一个信息安全通道,来保证数据传输的安全;另一种就是确认网站的真实性。
2.HTTP与HTTPS有什么区别?
HTTP协议传输的数据都是未加密的,也就是明文的,因此使用HTTP协议传输隐私信息非常不安全,为了保证这些隐私数据能加密传输,于是网景公司设计了SSL(Secure Sockets Layer)协议用于对HTTP协议传输的数据进行加密,从而就诞生了HTTPS。简单来说,HTTPS协议是由SSL+HTTP协议构建的可进行加密传输、身份认证的网络协议,要比http协议安全。
HTTPS和HTTP的主要区别:
1、https协议需要到ca申请证书,一般免费证书较少,因而需要一定费用。
2、http是超文本传输协议,信息是明文传输,https则是具有安全性的ssl加密传输协议。
3、http和https使用的是完全不同的连接方式,用的端口也不一样,前者是80,后者是443。
4、http的连接很简单,是无状态的;HTTPS协议是由SSL+HTTP协议构建的可进行加密传输、身份认证的网络协议,比http协议安全。
//修改配置文件
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
#--------------全局配置----------------
global
log 127.0.0.1 local0 info
#log loghost local0 info
maxconn 20480
#chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid
#maxconn 4000
user haproxy
group haproxy
daemon
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
mode tcp 改成tcp协议
log global
option dontlognull
option httpclose
option httplog
#option forwardfor
option redispatch
balance roundrobin
timeout connect 10s
timeout client 10s
timeout server 10s
timeout check 10s
#---------------web设置-----------------------
listen webcluster
bind 0.0.0.0:443 将端口改成443
mode tcp 改为tcp协议
#option httpchk GET /index.html
log global
maxconn 3000
balance roundrobin
# cookie SESSION_COOKIE insert indirect nocache
server web01 192.168.216.200:443 check inter 2000 fall 5 将80端口改成443
server web02 192.168.216.202:443 check inter 2000 fall 5
等待一会后访问即可
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
