HAproxy-1.6.X 安裝部署

1. 源碼包下載及安裝

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

root@iZ23tsilmb7Z: /usr/local/src # apt-get -y install make gcc root@iZ23tsilmb7Z: /usr/local/src # wget http://fossies.org/linux/misc/haproxy-1.6.6.tar.gz --2016-07-03 20:28:35--  http: //fossies .org /linux/misc/haproxy-1 .6.6. tar .gz Resolving fossies.org (fossies.org)... 138.201.17.217 Connecting to fossies.org (fossies.org)|138.201.17.217|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1565046 (1.5M) [application /x-gzip ] Saving to: ‘haproxy-1.6.6. tar .gz’   100%[==============================================================>] 1,565,046    210KB /s    in  8.1s      2016-07-03 20:28:44 (190 KB /s ) - ‘haproxy-1.6.6. tar .gz’ saved [1565046 /1565046 ]   root@iZ23tsilmb7Z: /usr/local/src # tar -zxvf haproxy-1.6.6.tar.gz root@iZ23tsilmb7Z: /usr/local/src # cd haproxy-1.6.6 root@iZ23tsilmb7Z: /usr/local/src/haproxy-1 .6.6 # make TARGET=linux2628 PREFIX=/usr/local/haproxy root@iZ23tsilmb7Z: /usr/local/src/haproxy-1 .6.6 # make install PREFIX=/usr/local/haproxy   // 參數說明 TARGET=linux26 #使用uname -r查看內核，如：2.6.18-371.el5，此時該參數就爲linux26 #kernel 大於2.6.28的用：TARGET=linux2628 PREFIX= /usr/local/haprpxy    #/usr/local/haprpxy爲haprpxy安裝路徑

 

 2.配置啓動腳本

1 2  3

cp /usr/local/src/haproxy-1 .6.3 /examples/haproxy .init /etc/init .d /haproxy chmod +x /etc/init .d /haproxy useradd -r haproxy -s /sbin/nologin

若是是ubuntu系統須要/etc/init.d/functions爲/lib/lsb/init-functins

註釋/etc/sysconfig/network   [ ${NETWORKING} = "no" ] && exit 0

同時去除start 裏面damon

 3.配置環境變量

1 2	echo 'PATH="/usr/local/haproxy/sbin:$PATH"' >> /etc/profile source /etc/profile

 4.haproxy配置文件

1 2 3 4

mkdir /etc/haproxy mkdir /var/lib/haproxy cd /etc/haproxy/ vim haproxy.cfg

 5.啓動腳本更改

1 2	vim /etc/init .d /haproxy   35 BIN= /usr/sbin/ $BASENAME   # 替換BIN=/usr/local/haproxy/sbin/$BASENAME

 6.配置haproxy日誌

1 2 3 4 5 6 7

[root@localhost haproxy-1.6.3] # vim /etc/rsyslog.conf     #17,18是關於tcp行註釋取消，#最後增長一行   16 # Provides TCP syslog reception   17 $ModLoad imtcp   18 $InputTCPServerRun 514    local3.* /var/log/haproxy .log [root@localhost haproxy-1.6.3] # /etc/init.d/rsyslog restart

 

7.haproxy.cfg配置文件

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85

# 全局配置,日誌，運行安裝路徑， global          log 127.0.0.1 local3 info  # 日誌存儲到127.0.0.1，端口是514，            chroot /var/lib/haproxy          pidfile /var/run/haproxy .pid        #配置haproxy的sock文件，權限是600，等級是admin權限，超時2分鐘          stats socket /var/lib/haproxy/haproxy .sock mode 660 level admin          stats timeout 2m          user haproxy          group haproxy          daemon   # 默認配置 defaults          log global          mode http          #option httplog         # 訪問日誌關閉          option dontlognull      # 不記錄空連接，如監控連接          timeout connect 5000          timeout client 50000          timeout server 50000          timeout check 10000          maxconn 3000   # 狀態監控頁面 listen haproxy_status          # 綁定地址，每5s自動刷新，隱藏版本，狀態訪問頁面，認證帳號，密碼,條件知足進入管理界面          bind 172.16.1.14:8888          stats enable          stats refresh 100s          stats hide-version          stats uri /haproxy-status          stats realm "HAProxy/ static"          stats auth admin:admin123          stats admin if TRUE          # 容許的網段，容許，拒絕          #acl allow src 192.168.12.0/24          #tcp-request content accept if allow          #tcp-request content reject   # 1.匹配到www.pinhui001.com域名，跳轉到www_backend frontend ph_web          bind 172.16.1.14:80          acl www hdr_end(host) pinhui001.com        #ACL規則定義的方式有hdr_reg(host)、hdr_dom(host)、hdr_beg(host)、url_sub、url_dir、path_beg、path_end等，-i表示不匹配大小寫          acl www hdr_end(host) www.pinhui001.com          use_backend www_backend if www   # 2.匹配到目錄static,images及jpg,png結尾的跳轉到 frontend ph_static          bind 172.16.1.14:1802          acl url_static path_beg -i /static /images /stylesheets          #acl url_static path_end -i .jpg .gif .png .css .js          acl static_reg url_reg /*.(css|jpg|js|jpeg|gif)$          use_backend static_backend if url_static   # test frontend test_web          bind 172.16.1.14:8899          acl test hdr_beg(host) -i test .pinhui001.cc          use_backend test_backend if test   backend test_backend          mode http          balance roundrobin          option forwardfor header X-REAL-IP          option httpchk GET /iisstart .htm HTTP /1 .1\r\nHost:172.16.1.25:80          server web-node1 172.16.1.25:80 check inter 2000 rise 3 fall 3 weight 1   # 1. backend www_backend          # 隨機,2秒檢測，2次成功認爲服務可用，3次失敗認爲服務不可用，權重爲1          # option httpchk GET /index.html          balance roundrobin          option forwardfor header X-REAL-IP          server web-node1 172.16.1.25:18201 check inter 2000 rise 3 fall 3 weight 1          server web-node3 192.168.2.16:80 check inter 2000 rise 3 fall 3 weight 1   # 2. backend static_backend          balance roundrobin          option forwardfor header X-REAL-IP          # cookie中插入srv字串防止登陸信息丟失          cookie srv insert nocache          server static01 172.16.1.110:80 check inter 2000 rise 2 fall 3 weight 1          server static02 172.16.1.111:80 check inter 2000 rise 2 fall 3 weight 1

 8.動態管理haproxy

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

# 配置文件全局加入2行 vim /etc/haproxy/haproxy .cfg global     stats socket /var/lib/haproxy/haproxy .sock mode 600 level admin     stats timeout 2m   # 安裝socker yum list | grep socat yum install -y socat   # 查看支持的命令 [root@ha-node01 haproxy] # echo "help" | socat stdio /var/lib/haproxy/haproxy.sock [root@ha-node01 haproxy] # echo "show info" | socat stdio /var/lib/haproxy/haproxy.sock  # 查看狀態信息   # 關閉某臺主機，開啓 cho "disable server test_backend/web-node1" | socat stdio /var/lib/haproxy/haproxy .sock echo "enable server test_backend/web-node1" | socat stdio /var/lib/haproxy/haproxy .sock

 9.haproxy性能調優

1 2 3 4 5 6

[root@ha-node01 haproxy] # cat /proc/sys/net/ipv4/ip_local_port_range  # 端口範圍調大 32768   61000   [root@ha-node01 haproxy] # cat /proc/sys/net/ipv4/tcp_tw_reuse         # 設置1 1              [root@ha-node01 haproxy] # cat /proc/sys/net/ipv4/tcp_fin_timeout      # 時間調短 30