一:安装haproxy
三台主机,一台负载均衡主机haproxy,两台后端服务器。
主机 | IP地址 |
---|---|
node1(haproxy) | 10.5.100102 |
node3(webserver1) | 10.5.100.183 |
node4(webserver2) | 10.5.100.146 |
node1相关配置:
安装haporxy
node3和node4相关配置:
安装web httpd服务
[root@node3 html]# echo "yan" > index.html
[root@node4 html]# echo "ni" > index.html
二:配置负载均衡。
第一种负载均衡为默认调度归则,roundrobin
frontend main
bind *:80 定义前端负载均衡器监听80和8080
bind *:8080
default_backend webserver 负载给后端服务器组,组名称为webserver
backend webserver
balance roundrobin
server web2 10.5.100.183:80 check weight 1 weight:定义权重。
server web1 10.5.100.146:80 check weight 3
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# curl 10.5.100.102 发起请求,因为设置权重所以调度到web1上
ni
[root@node1 ~]#
第二种:基于cookie实现固定调度到webserver上。因为每一server有唯一的cookie标识。
为两台webserver定义多个测试页面,验证cookieid
[root@node3 html]# for i in {1..10};do echo "$i" > /var/www/html/index$i.html;done
[root@node4 html]# for i in {1..10};do echo "$i"a > /var/www/html/index$i.html;done
frontend main
bind *:80
bind *:8080
default_backend webserver
backend webserver
balance roundrobin
cookie serverid insert nocache indirect 这表示当我们在调度的过程中,如果第一此调度到了web2上,那么cookie serverid的值就是webserver2 ,调度到web1上cookie serverid的值就是webserver1
server web2 10.5.100.183:80 check weight 1 cookie webserver2
server web1 10.5.100.146:80 check weight 3 cookie webserver1
注意:当我们设置了cookie绑定时,那么权重就没有作用了。
验证一下cookie的作用;不管我们请求那个页面都加载到webserver1这台webserver上
三:如何开启haproxy的stats状态功能。
[root@node1 ~]# vim /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
listen status 单独为haproxy的stats设置监听端口。
bind *:9090 绑定端口为9090:端口随即设置,尽量奇葩些
stats enable 开启功能。
stats hide-version 隐藏haproxy的版本号,防止恶意攻击
stats uri /haproxyadmin?stats 设置访问stats的url的路径
stats realm Haproxy\statistics 显示登录到stats装态的认证信息
stats auth admin:yanss 登录到haproxystats的用户名,密码
stats admin if TRUE 提供管理接口,如不想提供,那不添加此项。
四:如何开启haproxy的独立日志文件。
[root@node1 ~]# vim /etc/rsyslog.conf
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514---->启动udp,启动端口后将为服务器工作。
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514 --->这表示启动TCP端口
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
local2.* /var/log/haproxy.log 下面添加日志级别2,定义harpoxy日志路径
[root@node1 ~]# systemctl restart rsyslog
[root@node1 ~]# ss -ulp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:syslog *:* users:(("rsyslogd",pid=71771,fd=3))
UNCONN 0 0 *:45112 *:* users:(("haproxy",pid=4335,fd=7),("haproxy",pid=4334,fd=7))
UNCONN 0 0 *:bootpc *:* users:(("dhclient",pid=6550,fd=6))
UNCONN 0 0 *:sunrpc *:* users:(("rpcbind",pid=6215,fd=6))
UNCONN 0 0 *:837 *:* users:(("rpcbind",pid=6215,fd=7))
UNCONN 0 0 :::syslog :::* users:(("rsyslogd",pid=71771,fd=4))
UNCONN 0 0 :::sunrpc :::* users:(("rpcbind",pid=6215,fd=9))
UNCONN 0 0 :::837 :::* users:(("rpcbind",pid=6215,fd=10))
动静分离实列:
[root@node1 ~]# vim /etc/haproxy/haproxy.cfg
frontend http-in 定义前端接受的用户请求
bind *:80 绑定监听端口
mode http 工作模式为http
log global 为每个实列启动事件和流量日志
option httpclose 记录http请求
option logasap 启用提前将http请求记录日志
option dontlognull
capture request header Host len 20 捕获记录指定首部最近一次出现的值,名称为host,长度为20个字符
capture request header Referer len 60
acl url_static path_beg -i /static /image /javascript /stylesheets
使用acl过滤,设定请求头部是以/static /image /javascript /stylesheets -i不区分大小写。
acl url_static path_end -i .jpg .jpeg .gif .png .css .js
定义请求的URL是否以.jpg .jpeg .gif .png .css .js
use_backend static_servers if url_static 定义调用后端服务器规则,如果匹配上述的ACL规则,那么就调度到static_servers后端服务器组
default_backend dynamic_servers 如果不匹配上述的ACL规则,默认到dynamic_servers动态组
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
listen status
bind *:9090
stats enable
stats hide-version
stats uri /haproxyadmin?stats
stats realm Haproxy\statistics
stats auth admin:yanss
stats admin if TRUE
backend static_servers 定义静态组服务器
balance roundrobin
server imsrv1 10.5.100.183:80 check maxconn 6000
server imsrv2 10.5.100.146:80 check maxconn 6000
backend dynamic_servers 定义动态组服务器。
cookie srv insert nocache
balance roundrobin
server websrv1 10.5.100.183:80 check maxconn 1000 cookie websrv1
server websrv2 10.5.100.208:80 check maxconn 1000 cookie websrv2
记录真实客户端的IP
node3这台后端主机上,在frontend中无需定义option forwardfor参数,因为在全局global中已经定义。
[root@node3 html]# vim /etc/httpd/conf/httpd.conf
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
[root@node1 ~]# curl 10.5.100.183/1.jpg
[root@node3 html]# cat /var/log/httpd/access_log 查看请求记录日志。
10.5.100.48 - - [17/Jun/2020:04:33:10 +0800] "GET /1.jpg HTTP/1.1" 200 16414226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36"
10.5.100.48 - - [17/Jun/2020:04:36:38 +0800] "GET /1.jpg HTTP/1.1" 200 16414226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36"
10.5.100.48 - - [17/Jun/2020:04:36:42 +0800] "GET /1.jpg HTTP/1.1" 200 16414226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36"
10.5.100.48 - - [17/Jun/2020:04:36:46 +0800] "GET /1.jpg HTTP/1.1" 200 16414226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36"
记录的本机宿主机的真实IP
haproxy基本配置已经完成。