haproxy是個高性能的tcp和http的反向代理。它就是個代理。不像nginx還作web服務器css
官網地址爲www.haproxy.org
nginx的優勢和缺點html
|
1
2
3
4
5
6
7
8
9
10
11
|
優勢:
一、web服務器,應用比較普遍,你們都會
二、能夠做爲7層負載均衡,location設置複雜的基於HTTP的負載均衡
三、性能強大,網絡依賴小
四、安裝配置簡單
缺點:
一、健康檢查單一,不支持基於url的健康檢查(可使用第三方插件實現)
二、負載均衡算法少
三、不能動態管理,好比踢出某個web節點,須要reload配置
四、沒有集羣upstream的狀態頁面
|
haproxy的優勢和缺點前端
|
1
2
3
4
5
6
7
8
9
10
11
|
優勢:
一、專門作反向代理負載均衡
二、負載均衡算法比較多,大於等於8種,比nginx豐富
三、性能不低於nginx,大於等於nginx
四、支持動態管理,經過和haproxy的sock進行通訊,能夠進行管理
五、有比較豐富的Dashboard的頁面,監控方便。有管理頁面
六、比較強大的7層反向代理功能,在7層方便,功能強大
七、會話保持比nginx豐富。能夠基於cookie和源IP(nginx也能作到基於IP和cookie)
缺點:
配置沒有Nginx簡單(相對熟悉)
|
先殺掉原先的nginx進程,防止80端口被佔用,致使haproxy沒法啓動node
|
1
2
3
4
|
[root@linux-node1 conf]
# pkill nginx
[root@linux-node1 conf]
# ps aux | grep nginx
root 27201 0.0 0.0 112664 972 pts
/0
S+ 05:39 0:00
grep
--colour=auto nginx
[root@linux-node1 conf]
#
|
部署haproxy,這裏是編譯安裝,版本是1.6.3,執行命令以下linux
|
1
2
3
4
5
6
7
8
|
cd
/usr/local/src/
wget http:
//www
.haproxy.org
/download/1
.6
/src/haproxy-1
.6.3.
tar
.gz
tar
xfz haproxy-1.6.3.
tar
.gz
cd
haproxy-1.6.3
make
TARGET=linux2628 PREFIX=
/usr/local/haproxy-1
.6.3
make
install
cp
/usr/local/sbin/haproxy
/usr/sbin/
haproxy -
v
|
顯示版本以下
|
1
2
3
4
5
|
[root@linux-node1 haproxy-1.6.3]
# haproxy -v
HA-Proxy version 1.6.3 2015
/12/25
Copyright 2000-2015 Willy Tarreau <willy@haproxy.org>
[root@linux-node1 haproxy-1.6.3]
#
|
源碼包裏有啓動腳本,拷貝大init.d目錄下
|
1
2
3
4
5
6
7
8
|
[root@linux-node1 haproxy-1.6.3]
# pwd
/usr/local/src/haproxy-1
.6.3
[root@linux-node1 haproxy-1.6.3]
# cd examples/
[root@linux-node1 examples]
# ls haproxy.init
haproxy.init
[root@linux-node1 examples]
# cp haproxy.init /etc/init.d/haproxy
[root@linux-node1 examples]
# chmod +x /etc/init.d/haproxy
[root@linux-node1 examples]
#
|
建立haproxy用戶和相關目錄
useradd -r表示建立系統帳號nginx
|
1
2
3
4
5
|
[root@linux-node1 examples]
# useradd -r haproxy
[root@linux-node1 examples]
#
[root@linux-node1 examples]
# mkdir /etc/haproxy -p
[root@linux-node1 examples]
# mkdir /var/lib/haproxy -p
[root@linux-node1 examples]
#
|
先配置下機器的rsyslog(centos6以後就是rsyslog了),15行去掉下面2行註釋
重啓rsyslogweb
|
1
2
3
4
5
6
|
[root@linux-node1 ~]
# vim /etc/rsyslog.conf
[root@linux-node1 ~]
# systemctl restart rsyslog
[root@linux-node1 ~]
# netstat -lnup | grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:* 27509
/rsyslogd
udp6 0 0 :::514 :::* 27509
/rsyslogd
[root@linux-node1 ~]
#
|
寫配置文件,defaults裏面默認參數能夠被前端和後端繼承
關於mode http 你若是不寫,默認繼承defaults裏面的
defaults默認不寫好像也是http。
tcp的須要註明。
mode tcp算法
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
[root@linux-node1 ~]
# cd /etc/haproxy/
[root@linux-node1 haproxy]
# vim haproxy.cfg
[root@linux-node1 haproxy]
# cat haproxy.cfg
global
chroot
/var/lib/haproxy
daemon
group haproxy
user haproxy
log 127.0.0.1:514 local3 info
defaults
log global
#使用全局的日誌配置
mode http
option httplog
option dontlognull
#日誌中不記錄空鏈接,好比不記錄健康檢查的鏈接
timeout client 50000
timeout server 50000
timeout connect 5000
frontend http_front
bind *:80
stats uri
/haproxy
?stats
default_backend http_back
backend http_back
balance roundrobin
server linux-node1 10.0.1.105:8080 check
server linux-node2 10.0.1.106:8080 check
[root@linux-node1 haproxy]
#
|
啓動haproxyapache
|
1
2
3
4
5
6
7
8
|
[root@linux-node1 ~]
# /etc/init.d/haproxy start
Reloading systemd: [ 肯定 ]
Starting haproxy (via systemctl): [ 肯定 ]
[root@linux-node1 ~]
#
[root@linux-node1 ~]
# netstat -lntp | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 27556
/haproxy
tcp6 0 0 :::8080 :::* LISTEN 20130
/httpd
[root@linux-node1 ~]
#
|
如今尚未日誌,由於沒配置local3
配置以下,配置完畢重啓rsyslog
|
1
2
3
4
5
|
[root@linux-node1 ~]
# grep local3 /etc/rsyslog.conf
local3.*
/var/log/haproxy
.log
[root@linux-node1 ~]
#
[root@linux-node1 ~]
# systemctl restart rsyslog
[root@linux-node1 ~]
#
|
再次重啓haproxy服務,就能夠看到haproxy的日誌文件生成了。能夠看到啓動過程vim
|
1
2
3
4
5
6
7
8
9
|
[root@linux-node1 ~]
# /etc/init.d/haproxy restart
Restarting haproxy (via systemctl): [ 肯定 ]
[root@linux-node1 ~]
# tail -f /var/log/haproxy.log
Feb 27 06:33:43 localhost haproxy[27648]: Stopping frontend http_front
in
0 ms.
Feb 27 06:33:43 localhost haproxy[27648]: Stopping backend http_back
in
0 ms.
Feb 27 06:33:43 localhost haproxy[27648]: Proxy http_front stopped (FE: 0 conns, BE: 0 conns).
Feb 27 06:33:43 localhost haproxy[27648]: Proxy http_back stopped (FE: 0 conns, BE: 0 conns).
Feb 27 06:33:43 localhost haproxy[27687]: Proxy http_front started.
Feb 27 06:33:43 localhost haproxy[27687]: Proxy http_back started.
|
繼續優化更改下配置
haproxy能夠自定義健康檢查的url,這是nginx不具有的
check:啓用健康檢測
inter:健康檢測間隔
rise:檢測服務可用的連續次數
fall:檢測服務不可用的連續次數
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
[root@linux-node1 ~]
# cd /etc/haproxy/
[root@linux-node1 haproxy]
# vim haproxy.cfg
[root@linux-node1 haproxy]
# cat haproxy.cfg
global
chroot
/var/lib/haproxy
daemon
group haproxy
user haproxy
log 127.0.0.1:514 local3 info
defaults
log global
mode http
option httplog
option dontlognull
timeout client 50000
timeout server 50000
timeout connect 5000
frontend http_front
mode http
bind *:80
stats uri
/haproxy
?stats
default_backend http_back
backend http_back
option httpchk GET
/index
.html
balance roundrobin
server linux-node1 10.0.1.105:8080 check inter 2000 rise 3 fall 3 weight 1
server linux-node2 10.0.1.106:8080 check inter 2000 rise 3 fall 3 weight 1
[root@linux-node1 haproxy]
#
|
重啓服務
|
1
2
3
4
5
6
|
[root@linux-node1 haproxy]
# /etc/init.d/haproxy restart
Restarting haproxy (via systemctl): [ 肯定 ]
[root@linux-node1 haproxy]
# netstat -lntp | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 27849
/haproxy
tcp6 0 0 :::8080 :::* LISTEN 20130
/httpd
[root@linux-node1 haproxy]
#
|
打開監控頁面
頁面測試,目前也是輪詢的
多訪問幾回,健康頁面有新的數據變化
sessions這裏能夠看到有沒有失敗的訪問
L7 OK 表示7層檢測OK
結合haproxy的acl配置反向代理功能,先備份原先配置文件
設置acl
這樣能支持多個域名,讓不一樣的域名,訪問不一樣的backend上面去
|
1
2
|
[root@linux-node1 conf]
# cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.ori
[root@linux-node1 conf]
# vim /etc/haproxy/haproxy.cfg
|
修改配置文件爲以下
注意,配置文件中,前端和後端不要用特殊符號以及點。它對這些敏感。推薦使用下劃線
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
[root@linux-node1 conf]
# vim /etc/haproxy/haproxy.cfg
[root@linux-node1 conf]
# cat /etc/haproxy/haproxy.cfg
global
chroot
/var/lib/haproxy
daemon
group haproxy
user haproxy
log 127.0.0.1:514 local3 info
stats socket
/var/lib/haproxy/haproxy
.sock mode 600 level admin
stats timeout 2m
defaults
log global
mode http
option httplog
option dontlognull
timeout client 50000
timeout server 50000
timeout connect 5000
frontend www_nmap_com
mode http
bind *:80
stats uri
/haproxy
?stats
default_backend www_nmap_com_backend
acl is_other_nmap_com hdr_end(host) other.nmap-blog.com
use_backend other_nmap_com_backend
if
is_other_nmap_com
backend www_nmap_com_backend
option forwardfor header X-REAL-IP
option httpchk GET
/index
.html
balance roundrobin
server linux-node1 10.0.1.105:8080 check inter 2000 rise 3 fall 3 weight 1
backend other_nmap_com_backend
option forwardfor header X-REAL-IP
option httpchk GET
/index
.html
balance roundrobin
server linux-node2 10.0.1.106:8080 check inter 2000 rise 3 fall 3 weight 1
[root@linux-node1 conf]
#
|
重啓haproxy
|
1
2
|
[root@linux-node1 conf]
# /etc/init.d/haproxy restart
Restarting haproxy (via systemctl): [ 肯定 ]
|
windows客戶端配置host文件
|
1
|
10.0.1.105 www.nmap-blog.com other.nmap-blog.com
|
這樣也實現了haproxy的多域名反向代理
haproxy的acl,也能夠根據正則,和後綴設置,下面2種方法。推薦第一種,正則方式匹配
|
1
2
|
acl is_static_reg url_reg /*.(css|jpg|png|js|jpeg|gif)$
acl is_static_path path_end .gif .png .js
|
修改配置文件作基於正則的acl
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
[root@linux-node1 conf]
# cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.2
[root@linux-node1 conf]
# vim /etc/haproxy/haproxy.cfg
[root@linux-node1 conf]
# cat /etc/haproxy/haproxy.cfg
global
chroot
/var/lib/haproxy
daemon
group haproxy
user haproxy
log 127.0.0.1:514 local3 info
stats socket
/var/lib/haproxy/haproxy
.sock mode 600 level admin
stats timeout 2m
defaults
log global
mode http
option httplog
option dontlognull
timeout client 50000
timeout server 50000
timeout connect 5000
frontend www_nmap_com
mode http
bind *:80
stats uri
/haproxy
?stats
default_backend www_nmap_com_backend
acl is_static_reg url_reg /*.(css|jpg|png|js|jpeg|gif)$
use_backend other_nmap_com_backend
if
is_static_reg
#acl is_static_path path_end .gif .png .js
#acl is_other_nmap_com hdr_end(host) other.nmap-blog.com
#use_backend other_nmap_com_backend if is_other_nmap_com
backend www_nmap_com_backend
option forwardfor header X-REAL-IP
option httpchk GET
/index
.html
balance roundrobin
server linux-node1 10.0.1.105:8080 check inter 2000 rise 3 fall 3 weight 1
backend other_nmap_com_backend
option forwardfor header X-REAL-IP
option httpchk GET
/index
.html
balance roundrobin
server linux-node2 10.0.1.106:8080 check inter 2000 rise 3 fall 3 weight 1
[root@linux-node1 conf]
#
|
重啓服務
|
1
2
3
4
5
6
|
[root@linux-node1 conf]
# /etc/init.d/haproxy restart
Restarting haproxy (via systemctl): [ 肯定 ]
[root@linux-node1 conf]
# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE
/OFF
NODE NAME
haproxy 48521 haproxy 5u IPv4 1371377 0t0 TCP *:http (LISTEN)
[root@linux-node1 conf]
#
|
由於匹配後會鏈接到node2,這裏就在node2上設置一個js文件,node1不作任何設置。
|
1
2
|
[root@linux-node2 ~]
# echo 'test111' >/var/www/html/test.js
[root@linux-node2 ~]
#
|
測試成功
關於後端web節點記錄檢查日誌的問題,由於我設置檢查check inter 2000 ,也就是2秒發一次檢查包。後端節點日誌這裏也能看到
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@linux-node2 ~]
# tail -f /var/log/httpd/access_log
10.0.1.105 - - [04
/Mar/2017
:00:35:46 +0800]
"GET /index.html HTTP/1.0"
200 24
"-"
"-"
10.0.1.105 - - [04
/Mar/2017
:00:35:48 +0800]
"GET /index.html HTTP/1.0"
200 24
"-"
"-"
10.0.1.105 - - [04
/Mar/2017
:00:35:50 +0800]
"GET /index.html HTTP/1.0"
200 24
"-"
"-"
10.0.1.105 - - [04
/Mar/2017
:00:35:52 +0800]
"GET /index.html HTTP/1.0"
200 24
"-"
"-"
10.0.1.105 - - [04
/Mar/2017
:00:35:54 +0800]
"GET /index.html HTTP/1.0"
200 24
"-"
"-"
10.0.1.105 - - [04
/Mar/2017
:00:35:56 +0800]
"GET /index.html HTTP/1.0"
200 24
"-"
"-"
10.0.1.105 - - [04
/Mar/2017
:00:35:58 +0800]
"GET /index.html HTTP/1.0"
200 24
"-"
"-"
10.0.1.105 - - [04
/Mar/2017
:00:36:00 +0800]
"GET /index.html HTTP/1.0"
200 24
"-"
"-"
10.0.1.105 - - [04
/Mar/2017
:00:36:02 +0800]
"GET /index.html HTTP/1.0"
200 24
"-"
"-"
10.0.1.105 - - [04
/Mar/2017
:00:36:04 +0800]
"GET /index.html HTTP/1.0"
200 24
"-"
"-"
10.0.1.105 - - [04
/Mar/2017
:00:36:06 +0800]
"GET /index.html HTTP/1.0"
200 24
"-"
"-"
10.0.1.105 - - [04
/Mar/2017
:00:36:08 +0800]
"GET /index.html HTTP/1.0"
200 24
"-"
"-"
|
關於怎麼讓後端apache不記錄健康檢查日誌,以及如何記錄真正的客戶端IP,這裏不作實驗。