[转][笔记]|[转][笔记] 3. HAProxy 安装配置 [转][笔记]3.HAProxy安装配置

转自:
http://freeloda.blog.51cto.com/2033581/1294094
1.实验拓扑

node1(192.168.0.71) / HAProxy (192.168.0.120) \ node2(192.168.0.171)

2.环境准备操作系统：CentOS 6.8
软件版本： haproxy-1.5.4-3.el6.x86_64
安装 httpd:

[root@node1 ~]# yum install -y httpd [root@node2 ~]# yum install -y httpd

提供测试文件

[root@node1 ~]# cat /var/www/html/index.html node1.test.com [root@node2 ~]# cat /var/www/html/index.html node2.test.com

启动httpd

[root@node1 ~]# service httpd start 正在启动 httpd：[确定] [root@node2 ~]# service httpd start 正在启动 httpd：[确定]

测试一下：

[root@vm_mac ~]# curl http://node1.test.com node1.test.com [root@vm_mac ~]# curl http://node2.test.com node2.test.com

3.安装yum源

[root@node1 ~]# rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm [root@node2 ~]# rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm [root@haproxy ~]# rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

4.同步时间

[root@node1 ~]# ntpdate 202.120.2.101 [root@node2 ~]# ntpdate 202.120.2.101 [root@haproxy ~]# ntpdate 202.120.2.101

5.关闭防火墙与SELinux

[root@node1 ~]# service iptables stop [root@node1 ~]# chkconfig iptables off [root@node1 ~]# getenforce Disabled [root@node2 ~]# service iptables stop [root@node2 ~]# chkconfig iptables off [root@node2 ~]# getenforce Disabled [root@haproxy ~]# service iptables stop [root@haproxy ~]# chkconfig iptables off [root@haproxy ~]# getenforce Disabled

6.安装haproxy

[root@haproxy ~]# yum install -y haproxy

7.查看一下安装文件

[root@vm_mac ~]# rpm -ql haproxy /etc/haproxy /etc/haproxy/haproxy.cfg /etc/logrotate.d/haproxy /etc/rc.d/init.d/haproxy /etc/sysconfig/haproxy /usr/bin/halog /usr/bin/iprange /usr/sbin/haproxy /usr/share/doc/haproxy-1.5.4 /usr/share/doc/haproxy-1.5.4/CHANGELOG /usr/share/doc/haproxy-1.5.4/LICENSE /usr/share/doc/haproxy-1.5.4/README /usr/share/doc/haproxy-1.5.4/acl-content-sw.cfg /usr/share/doc/haproxy-1.5.4/acl.fig /usr/share/doc/haproxy-1.5.4/architecture.txt /usr/share/doc/haproxy-1.5.4/close-options.txt /usr/share/doc/haproxy-1.5.4/coding-style.txt /usr/share/doc/haproxy-1.5.4/configuration.txt /usr/share/doc/haproxy-1.5.4/content-sw-sample.cfg /usr/share/doc/haproxy-1.5.4/cookie-options.txt /usr/share/doc/haproxy-1.5.4/cttproxy-src.cfg /usr/share/doc/haproxy-1.5.4/design-thoughts /usr/share/doc/haproxy-1.5.4/design-thoughts/backends-v0.txt /usr/share/doc/haproxy-1.5.4/design-thoughts/backends.txt /usr/share/doc/haproxy-1.5.4/design-thoughts/be-fe-changes.txt /usr/share/doc/haproxy-1.5.4/design-thoughts/binding-possibilities.txt /usr/share/doc/haproxy-1.5.4/design-thoughts/buffer-redesign.txt /usr/share/doc/haproxy-1.5.4/design-thoughts/buffers.fig /usr/share/doc/haproxy-1.5.4/design-thoughts/config-language.txt /usr/share/doc/haproxy-1.5.4/design-thoughts/connection-reuse.txt /usr/share/doc/haproxy-1.5.4/design-thoughts/cttproxy-changes.txt /usr/share/doc/haproxy-1.5.4/design-thoughts/entities-v2.txt /usr/share/doc/haproxy-1.5.4/design-thoughts/how-it-works.txt /usr/share/doc/haproxy-1.5.4/design-thoughts/http_load_time.url /usr/share/doc/haproxy-1.5.4/design-thoughts/rate-shaping.txt /usr/share/doc/haproxy-1.5.4/design-thoughts/sess_par_sec.txt /usr/share/doc/haproxy-1.5.4/gpl.txt /usr/share/doc/haproxy-1.5.4/haproxy-en.txt /usr/share/doc/haproxy-1.5.4/haproxy-fr.txt /usr/share/doc/haproxy-1.5.4/haproxy.1 /usr/share/doc/haproxy-1.5.4/haproxy.cfg /usr/share/doc/haproxy-1.5.4/internals /usr/share/doc/haproxy-1.5.4/internals/acl.txt /usr/share/doc/haproxy-1.5.4/internals/body-parsing.txt /usr/share/doc/haproxy-1.5.4/internals/buffer-operations.txt /usr/share/doc/haproxy-1.5.4/internals/buffer-ops.fig /usr/share/doc/haproxy-1.5.4/internals/connect-status.txt /usr/share/doc/haproxy-1.5.4/internals/connection-header.txt /usr/share/doc/haproxy-1.5.4/internals/connection-scale.txt /usr/share/doc/haproxy-1.5.4/internals/entities.fig /usr/share/doc/haproxy-1.5.4/internals/entities.pdf /usr/share/doc/haproxy-1.5.4/internals/entities.svg /usr/share/doc/haproxy-1.5.4/internals/entities.txt /usr/share/doc/haproxy-1.5.4/internals/hashing.txt /usr/share/doc/haproxy-1.5.4/internals/header-parser-speed.txt /usr/share/doc/haproxy-1.5.4/internals/header-tree.txt /usr/share/doc/haproxy-1.5.4/internals/http-cookies.txt /usr/share/doc/haproxy-1.5.4/internals/http-docs.txt /usr/share/doc/haproxy-1.5.4/internals/http-parsing.txt /usr/share/doc/haproxy-1.5.4/internals/naming.txt /usr/share/doc/haproxy-1.5.4/internals/pattern.dia /usr/share/doc/haproxy-1.5.4/internals/pattern.pdf /usr/share/doc/haproxy-1.5.4/internals/polling-states.fig /usr/share/doc/haproxy-1.5.4/internals/repartition-be-fe-fi.txt /usr/share/doc/haproxy-1.5.4/internals/sequence.fig /usr/share/doc/haproxy-1.5.4/internals/stats-v2.txt /usr/share/doc/haproxy-1.5.4/internals/stream-sock-states.fig /usr/share/doc/haproxy-1.5.4/internals/todo.cttproxy /usr/share/doc/haproxy-1.5.4/lgpl.txt /usr/share/doc/haproxy-1.5.4/proxy-protocol.txt /usr/share/doc/haproxy-1.5.4/queuing.fig /usr/share/doc/haproxy-1.5.4/tarpit.cfg /usr/share/doc/haproxy-1.5.4/url-switching.cfg /usr/share/haproxy /usr/share/haproxy/400.http /usr/share/haproxy/403.http /usr/share/haproxy/408.http /usr/share/haproxy/500.http /usr/share/haproxy/502.http /usr/share/haproxy/503.http /usr/share/haproxy/504.http /usr/share/haproxy/README /usr/share/man/man1/halog.1.gz /usr/share/man/man1/haproxy.1.gz /var/lib/haproxy

8.haproxy 命令详解

[root@vm_mac ~]# haproxy -h HA-Proxy version 1.5.4 2014/09/02 Copyright 2000-2014 Willy Tarreau Usage : haproxy [-f ]* [ -vdVD ] [ -n ] [ -N ] [ -p ] [ -m ] [ -C] -v displays version ; -vv shows known build options. -d enters debug mode ; -db only disables background mode. -dM[] poisons memory with (defaults to 0x50) -V enters verbose mode (disables quiet mode) -D goes daemon ; -C changes tobefore loading files. -q quiet mode : don't display messages -c check mode : only check config files and exit -n sets the maximum total # of connections (2000) -m limits the usable amount of memory (in MB) -N sets the default, per-proxy maximum # of connections (2000) -L set local peer name (default to hostname) -p writes pids of all children to this file -de disables epoll() usage even when available -dp disables poll() usage even when available -dS disables splice usage (broken on old kernels) -dV disables SSL verify on servers side -sf/-st [pid ]* finishes/terminates old pids. Must be last arguments.

说明：

haproxy [-f < 配置文件>] [ -vdVD ] [-n 最大并发连接总数] [-N 每个侦听的最大并发数] [ -p <当前的PID文件> ] [-m <内存限制M>] -v 显示当前版本信息；-vv 显示已知的创建选项 -d 前台，debug模式；-db 禁用后台模式，程序跑在前台 -V 详细模式 -D daemon模式启动 -q 安静模式,不输出信息 -c 对配置文件进行语法检查 -n 最大并发连接总数 -m 限制的可用内存大小 -N 设置默认的连接数 -p 设置当前的PID文件 -de 不使用epoll -ds 不使用speculative epoll -dp 不使用poll -sf 程序启动后向pidlist里的进程发送FINISH信号，这个参数放在命令行的最后 -st 程序启动后向pidlist里的进程发送TERMINATE信号，这个参数放在命令行的最后

9.查看一下默认配置文件

[root@haproxy haproxy]# cat haproxy.cfg #--------------------------------------------------------------------- # Example configuration for a possible web application.See the # full configuration options online. # #http://haproxy.1wt.eu/download/1.4/doc/configuration.txt#官方配置文档，很详细，英文没问题的博友，可以看看 # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #全局配置文件 #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to:#配置日志 # # 1) configure syslog to accept network log events.This is done #by adding the '-r' option to the SYSLOGD_OPTIONS in #/etc/sysconfig/syslog #修改syslog配置文件 # # 2) configure local2 events to go to the /var/log/haproxy.log #file. A line like the following can be added to #/etc/sysconfig/syslog#定义日志设备 # #local2.*/var/log/haproxy.log # log127.0.0.1 local2 # #全局的日志配置其中日志级别是[err warning info debug] #local0 是日志设备，必须为如下24种标准syslog设备的一种: #kern user mail daemon auth syslog lpr news #uucp cron auth2 ftp ntp audit alert cron2 #local0 local1 local2 local3 local4 local5 local6 local7 chroot/var/lib/haproxy pidfile/var/run/haproxy.pid #将所有进程的pid写入文件启动进程的用户必须有权限访问此文件。 maxconn4000 #最大连接数，默认4000 userhaproxy #用户 grouphaproxy #组 daemon ##创建1个进程进入deamon模式运行。此参数要求将运行模式设置为"daemon" # turn on stats unix socket#unix socket 文件 stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block#默认的全局设置，这些参数可以被利用配置到frontend，backend，listen组件 #--------------------------------------------------------------------- defaults modehttp#默认的模式mode { tcp|http|health }，tcp是4层，http是7层，health只会返回OK logglobal #采用全局定义的日志 optionhttplog #日志类别 http 日志格式 optiondontlognull #不记录健康检查的日志信息 option http-server-close #每次请求完毕后主动关闭http通道 option forwardforexcept 127.0.0.0/8 #不记录本机转发的日志 optionredispatch #serverId 对应的服务器挂掉后,强制定向到其他健康的服务器 retries3 #3次连接失败就认为服务不可用，也可以通过后面设置 timeout http-request10s#请求超时 timeout queue1m #队列超时 timeout connect10s #连接超时 timeout client1m #客户端连接超时 timeout server1m #服务器连接超时 timeout http-keep-alive 10s #长连接超时 timeout check10s#检查超时 maxconn3000 #最大连接数 #--------------------------------------------------------------------- # main frontend which proxys to the backends #frontend 与backends代理配置 #--------------------------------------------------------------------- frontendmain *:5000 #acl策略配置 acl url_staticpath_beg-i /static /images /javascript /stylesheets acl url_staticpath_end-i .jpg .gif .png .css .js use_backend staticif url_static#满足策略要求，则响应策略定义的backend页面 default_backendapp #不满足则响应 backend 的默认页面 #--------------------------------------------------------------------- # static backend for serving up images, stylesheets and such #定义使用静态后端图像，样式表等 #--------------------------------------------------------------------- backend static balanceroundrobin #负载均衡模式轮询 serverstatic 127.0.0.1:4331 check #服务器定义 #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend app balanceroundrobin #负载均衡模式轮询 serverapp1 127.0.0.1:5001 check #服务器定义，check进行健康检查 serverapp2 127.0.0.1:5002 check serverapp3 127.0.0.1:5003 check serverapp4 127.0.0.1:5004 check

好了，默认的配置文件我们就说到这里，相信大家对配置文件已有了大致的了解，下面我们配置一个案例，让大家更深入的了解haproxy。
10.haproxy 案例演示 1.负载均衡Web服务器的案例

#--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events.This is done #by adding the '-r' option to the SYSLOGD_OPTIONS in #/etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log #file. A line like the following can be added to #/etc/sysconfig/syslog # #local2.*/var/log/haproxy.log # log127.0.0.1 local2 chroot/var/lib/haproxy pidfile/var/run/haproxy.pid maxconn4000 userhaproxy grouphaproxy daemon defaults modehttp logglobal optionhttplog optiondontlognull option http-server-close option forwardforexcept 127.0.0.0/8 optionredispatch retries3 timeout http-request10s timeout queue1m timeout connect10s timeout client1m timeout server1m timeout http-keep-alive 10s timeout check10s maxconn30000 listen stats mode http bind 0.0.0.0:1080 stats enable stats hide-version stats uri/haproxyadmin?stats stats realmHaproxy\ Statistics stats authadmin:admin stats admin if TRUE frontend http-in bind *:80 mode http log global option httpclose option logasap option dontlognull capture requestheader Host len 20 capture requestheader Referer len 60 default_backend servers frontend healthcheck bind :1099 mode http option httpclose option forwardfor default_backend servers backend servers balance roundrobin server websrv1 192.168.0.71:80 check maxconn 2000 server websrv2 192.168.0.171:80 check maxconn 2000

注，首先我们来配置一下日志，不然haproxy无法记录日志。
2.配置haproxy日志
注，配置方法配置文件中已说明，我们这里来演示一下
(1).修改系统日志的配置文件

[root@haproxy ~]# vim /etc/sysconfig/rsyslog # Options for rsyslogd # Syslogd options are deprecated since rsyslog v3. # If you want to use them, switch to compatibility mode 2 by "-c 2" # See rsyslogd(8) for more details SYSLOGD_OPTIONS="-c 2 -r"

(2).增加日志设备

[root@haproxy ~]# vim /etc/rsyslog.conf # Provides TCP syslog reception # 使其接收 TCP 连接 $ModLoad imtcp $InputTCPServerRun 514#增加一行 local2.*/var/log/haproxy.log

(3).重新启动一下日志服务

[root@haproxy ~]# service rsyslog restart 关闭系统日志记录器：[确定] 启动系统日志记录器：[确定][root@vm_mac haproxy]# ss -tnl LISTEN025:::514:::* LISTEN025*:514

3.修改配置文件
如上：负载均衡Web服务器的案例
4.查检一下配置文件

[root@haproxy ~]# haproxy -c -f /etc/haproxy/haproxy.cfg Configuration file is valid

5.启动haproxy

[root@haproxy ~]# service haproxy start 正在启动 haproxy：

6.查看一下端口

[root@haproxy ~]# netstat -ntulp | grep :80 tcp00 0.0.0.0:800.0.0.0:*LISTEN3695/haproxy

7.测试一下

[root@vm_mac haproxy]# curl http://192.168.0.120 lamp1.guli.com [root@vm_mac haproxy]# curl http://192.168.0.120 vm1.guli.com [root@vm_mac haproxy]# curl http://192.168.0.120 lamp1.guli.com [root@vm_mac haproxy]# curl http://192.168.0.120 vm1.guli.com [root@vm_mac haproxy]# curl http://192.168.0.120 lamp1.guli.com

大家可以看到，你不断的刷新，node1与node2在不停的切换，说明我们的haproxy负载均衡配置成功。
8.配置文件详解
注，现在大家再来看这个配置文件应该就很容易理解了。好了，下面我们来具体说一下。

[root@haproxy ~]# cat /etc/haproxy/haproxy.cfg #--------------------------------------------------------------------- # Global settings 全局配置 #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events.This is done #by adding the '-r' option to the SYSLOGD_OPTIONS in #/etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log #file. A line like the following can be added to #/etc/sysconfig/syslog # #local2.*/var/log/haproxy.log # #上面的注释是告诉我们怎么配置日志的 log127.0.0.1local2 #定义日志 chroot/var/lib/haproxy #安全模式 pidfile/var/run/haproxy.pid #pid文件 maxconn4000 #最大连接数 userhaproxy #用户 grouphaproxy #组合 daemon #--------------------------------------------------------------------- # Proxy settings 代理配置，下面全是代理配置 #--------------------------------------------------------------------- defaults #配置默认参数的，这些参数可以被利用配置到frontend，backend，listen组件 modehttp #默认的模式mode { tcp|http|health }，tcp是4层，http是7层，health只会返回OK（注，health已经废弃） logglobal #采用全局定义的日志 optionhttplog #日志类别http日志格式 optiondontlognull #不记录健康检查的日志信息 option http-server-close #每次请求完毕后主动关闭http通道 option forwardforexcept 127.0.0.0/8 #不记录本机转发的日志 optionredispatch #serverId 对应的服务器挂掉后,强制定向到其他健康的服务器 retries3 #3次连接失败就认为服务不可用，也可以通过后面设置 timeout http-request10s#请求超时 timeout queue1m #队列超时 timeout connect10s #连接超时 timeout client1m #客户端连接超时 timeout server1m #服务器连接超时 timeout http-keep-alive 10s #长连接超时 timeout check10s#检查超时 maxconn30000 #最大连接数 listen stats #listen是Frontend和Backend的组合体。这里定义的是haproxy监控！ mode http #模式http bind 0.0.0.0:1080 #绑定的监控ip与端口 stats enable #启用监控 stats hide-version #隐藏haproxy版本 stats uri/haproxyadmin?stats #定义的uri stats realmHaproxy\ Statistics #定义显示文字 stats authadmin:admin #认证 stats admin if TRUE frontend http-in #接收请求的前端虚拟节点，Frontend可以根据规则直接指定具体使用后端的 backend(可动态选择)。这里定义的是http服务！ bind *:80#绑定的监控ip与端口 mode http #模式http log global #定义日志 option httpclose #每次请求完毕后主动关闭http通道 option logasap # option dontlognull ##不记录健康检查的日志信息 capture requestheader Host len 20 capture requestheader Referer len 60 default_backend servers #定义的默认backend frontend healthcheck bind :1099 mode http option httpclose option forwardfor default_backend servers #定义的默认backend backend servers #后端服务集群的配置，是真实的服务器，一个Backend对应一个或者多个实体服务器。 balance roundrobin #负载均衡方式为轮询 server websrv1 192.168.18.201:80 check maxconn 2000 #定义server，check 健康检查，maxconn 定义最大连接数 server websrv2 192.168.18.202:80 check maxconn 2000

【[转][笔记]|[转][笔记] 3. HAProxy 安装配置】好了，到这里我们案例就讲解完成了，下面我们再来补充一下，配置文件中的常用关键字参考。