HaProxy 负载均衡集群

2022-12-28 14:22:00 浏览数 (2)

HAProxy是一个使用C语言编写的自由及开放源代码软件,其提供高可用性、负载均衡,以及基于TCP和HTTP的应用程序代理,特别适用于那些负载特大的web站点,这些站点通常又需要会话保持或七层处理。HAProxy运行在当前的硬件上,完全可以支持数以万计的并发连接。并且它的运行模式使得它可以很简单安全的整合进您当前的架构中, 同时可以保护你的web服务器不被暴露到网络上。

编译安装HaProxy

1.安装编译环境和Haproxy所依赖的包文件.

代码语言:javascript复制
[root@localhost ~]# yum install -y gcc autoconf automake
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Package gcc-4.8.5-36.el7.x86_64 already installed and latest version
Package autoconf-2.69-11.el7.noarch already installed and latest version
Package automake-1.13.4-3.el7.noarch already installed and latest version
Nothing to do

2.编译并安装Haproxy.

代码语言:javascript复制
[root@localhost ~]# wget https://src.fedoraproject.org/repo/pkgs/haproxy/
[root@localhost ~]# mkdir -p /usr/local/haproxy
[root@localhost ~]# useradd -s /sbin/nologin -M haproxy

[root@localhost ~]# tar -xzvf haproxy-1.8.8.tar.gz
[root@localhost ~]# cd haproxy-1.8.8/
[root@localhost ~]# make TARGET=linux2628 ARCH=x86_64 PREFIX=/usr/local/haproxy
[root@localhost ~]# make install PREFIX=/usr/local/haproxy
[root@localhost ~]# /usr/local/haproxy/sbin/haproxy -v

3.内核优化,开启NAT转发,追加写入以下两个选项即可.

代码语言:javascript复制
[root@localhost ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1           #开启转发功能
net.ipv4.ip_nonlocal_bind = 1     #允许没监听IP时启动

[root@localhost ~]# echo "1" > /proc/sys/net/ipv4/ip_forward
[root@localhost ~]# echo "1" > /proc/sys/net/ipv4/ip_nonlocal_bind
[root@localhost ~]# sysctl -p

4.由于Haproxy不会生成日志文件,下面自己添加haproxy日志路径.

代码语言:javascript复制
[root@localhost ~]# sed -i 's/^#$ModLoad imudp/$ModLoad imudp/g' /etc/rsyslog.conf
[root@localhost ~]# sed -i 's/^#$UDPServerRun 514/$UDPServerRun 514/g' /etc/rsyslog.conf
[root@localhost ~]# echo 'local0.* /var/log/haproxy.log'>>/etc/rsyslog.conf
[root@localhost ~]# systemctl restart rsyslog

实现Web集群

1.手动生成配置文件,由于Haproxy不会生成配置文件,所有应手动创建(写入以下内容)

代码语言:javascript复制
[root@localhost ~]# vim /usr/local/haproxy/haproxy.cfg

######################全局配置####################

global
    log 127.0.0.1 local0
    log 127.0.0.1 local1 notice
    daemon
    #nbproc 1				#进程数量 
    maxconn 4096			#最大连接数
    user haproxy			#运行用户
    group haproxy			#运行组
    chroot /usr/local/haproxy		#haproxy路径
    pidfile /var/run/haproxy.pid	#进程ID

###################默认配置#######################

defaults
    log global
    mode http				#默认模式{ tcp|http|health }
    option httplog			#日志类别,采用httplog
    option dontlognull			#不记录健康检查日志信息
    retries 2				#2次连接失败不可用
    option forwardfor			#后端服务获得真实ip
    option httpclose			#请求完毕后主动关闭http通道
    option abortonclose			#服务器负载很高,自动结束比较久的链接
    maxconn 4096			#最大连接数
    timeout connect 5m			#连接超时
    timeout client 1m			#客户端超时
    timeout server 31m			#服务器超时
    timeout check 10s			#心跳检测超时
    balance roundrobin			#负载均衡方式,轮询

###################统计页面配置###################

listen stats
    bind 0.0.0.0:1080
    mode http
    option httplog
    log 127.0.0.1 local0 err
    stats refresh 30s
    maxconn 10				#最大连接数 
    stats uri /admin			#状态页面 http//ip:1080/admin访问  
    stats realm Haproxy Statistics
    stats auth admin:admin		#用户和密码:admin
    stats hide-version			#隐藏版本信息 
    stats admin if TRUE			#设置手工启动/禁用
  
##############设置haproxy 错误页面#################

    #errorfile 403 /opt/haproxy/errorfiles/403.http  
    #errorfile 500 /opt/haproxy/errorfiles/500.http  
    #errorfile 502 /opt/haproxy/errorfiles/502.http
    errorloc 503 https://www.baidu.com/
    #errorfile 504 /opt/errorfiles/504.http  
  
#################frontend前端配置#################

frontend http_main			#指定类型(http_main/mysql)
    bind *:80				#本机侦听端口(80/3306)
    option forwardfor
    acl web hdr(host) -i elven.win	#acl规则,-i忽略大小写,访问*就触发web规则
    use_backend web1 if web

    acl web_kvm path_beg -i /kvm
    use_backend kvm if web_kvm

    default_backend web1		#不满足则响应的默认页面

#################backend后端配置#################

backend web1				#www1作用域
    cookie   SERVERID
    balance roundrobin
    option httpchk HEAD /index.html HTTP/1.0

    server web1 192.168.1.10:80 weight 1 check inter 2000 rise 2 fall 3	#web1均衡(应添加内容)
    server web2 192.168.1.11:80 weight 1 check inter 2000 rise 2 fall 3	#web2均衡(应添加内容)
    
backend kvm
    server kvm1 127.0.0.1:8000

#################################################

2.设置权限

代码语言:javascript复制
[root@localhost ~]# chmod 755 -R /usr/local/haproxy
[root@localhost ~]# chown -R haproxy:haproxy /usr/local/haproxy

3.启动HaProxy,并设置开机自启动

代码语言:javascript复制
[root@localhost ~]# /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg
[root@localhost ~]# echo "/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg" >> /etc/profile

4.查看Web监控页面,和日志文件

代码语言:javascript复制
[root@localhost ~]# elinks http://127.0.0.1:1080/admin
[root@localhost ~]# cat /var/log/haproxy.log

实现MariaDB集群

1.手动生成配置文件,由于Haproxy不会生成配置文件,所有应手动创建(写入以下内容)

代码语言:javascript复制
[root@localhost ~]# vim /usr/local/haproxy/haproxy.cfg

global  
        maxconn 4096  
        daemon  
        chroot      /usr/local/haproxy  
        pidfile     /var/run/haproxy.pid  
        #debug  
        #quiet  
        user haproxy  
        group haproxy  
   
defaults  
        log     global  
        mode    http  
        option  httplog  
        option  dontlognull  
        log 127.0.0.1 local0  
        retries 3  
        option redispatch  
        maxconn 2000  
        #contimeout      5000  
        #clitimeout      50000  
        #srvtimeout      50000  
        timeout http-request    10s  
        timeout queue           1m  
        timeout connect         10s  
        timeout client          1m  
        timeout server          1m  
        timeout http-keep-alive 10s  
        timeout check           10s  
 
listen  admin_stats
	bind *:1080  
        mode        http  
        stats uri   /admin  
        stats realm     Global statistics  
        stats auth  admin:admin
	stats hide-version
   
listen  proxy-mysql                                 #MySQL代理字段
	bind *:3306
        mode tcp  
        balance roundrobin  
        option tcplog  
        option mysql-check user haproxy 		#在mysql中创建无任何权限用户haproxy且无密码
        server MySQL1 192.168.1.13:3306 check weight 1 maxconn 2000  #均衡主机1
        server MySQL2 192.168.1.14:3306 check weight 1 maxconn 2000  #均衡主机2
        option tcpka

2.进入从数据库,创建Mysql用户

代码语言:javascript复制
MariaDB [(none)]> create user 'haproxy'@'%';
Query OK, 0 rows affected (0.10 sec)

MariaDB [(none)]> create user 'haproxy'@'localhost';
Query OK, 0 rows affected (0.00 sec)

3.设置权限

代码语言:javascript复制
[root@localhost ~]# chmod 755 -R /usr/local/haproxy
[root@localhost ~]# chown -R haproxy:haproxy /usr/local/haproxy

4.启动HaProxy,并设置开机自启动

代码语言:javascript复制
[root@localhost ~]# /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg
[root@localhost ~]# echo "/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg" >> /etc/profile

5.查看Web监控页面,和日志文件

代码语言:javascript复制
[root@localhost ~]# elinks http://127.0.0.1:1080/admin
[root@localhost ~]# cat /var/log/haproxy.log

6.测试MySQL负载均衡

代码语言:javascript复制
[root@localhost ~]# mysql -uroot -p -h 192.168.1.12

grant all privileges  on *.* to root@'%' identified by "123";

MariaDB [(none)]> show databases;
 -------------------- 
| Database           |
 -------------------- 
| information_schema |
| mysql              |
| performance_schema |
| wang               |
 -------------------- 
4 rows in set (0.18 sec)


MariaDB [(none)]> show databases;
 -------------------- 
| Database           |
 -------------------- 
| information_schema |
| mysql              |
| performance_schema |
| rui                |
 -------------------- 
4 rows in set (0.01 sec)

实现Web动静分离

实际应用环境中,往往需要根据业务请求将相关不同请求跳转到指定的后端server,比如客户静态资源请求交给静态资源server处理,php请求交给php server处理,jsp请求交给tomcat处理,即业务上的应用请求分离,而haproxy完全可以利用acl匹配规则实现这一目的.

代码语言:javascript复制
角色名称    ip信息
haproxy server        eth0:172.51.96.233/24  &&  eth1:192.168.0.233/24
static server         eth1:192.168.0.247/24
php server            eth1:192.168.0.235/24
tomcat server         eth1:192.168.0.238/24
代码语言:javascript复制
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
        log 127.0.0.1   local3            
        maxconn 204800
        chroot /usr/local/haproxy
        user  haproxy
        group haproxy
        daemon
        nbproc 1
        pidfile /var/run/haproxy.pid
        stats socket /usr/local/haproxy/stats
        description haproxy server
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
        log     global
        mode    http
        maxconn 10000
        option  httplog
        option  httpclose
        option  dontlognull
        option  forwardfor      except 127.0.0.0/8
        retries 3
        option redispatch
        option abortonclose
        balance roundrobin
        timeout http-request    10s
        timeout queue           1m
        timeout connect         10s
        timeout client          1m
        timeout server          1m
        timeout http-keep-alive 10s
        timeout check           10s
#---------------------------------------------------------------------
# use listen setting the haproxy status for site
#---------------------------------------------------------------------
listen admin_status     #设置haproxy监控状态
        bind *:3030
        mode http
        log 127.0.0.1 local3 err
        stats refresh 5s
        stats uri /status     #监控状态页面访问url
        stats realm www.skeryp.com
        stats auth admin:admin
        stats hide-version
        stats admin if TRUE
#---------------------------------------------------------------------
# main listen which proxys to the backends
#---------------------------------------------------------------------
listen  www
        bind *:80
        maxconn 5000
        mode http
        log global
        option httplog
        option httpclose
        option forwardfor
        log         global
        default_backend default   #设置默认访问页面
        #定义当请求的内容是静态内容时,将请求转交给static server的acl规则       
        acl url_static path_beg  -i /static /images /img /javascript /stylesheets
        acl url_static path_end  -i .jpg .gif .png .css .js .html 
        acl host_static hdr_beg(host)  -i img. video. download. ftp. imags. videos.
        #定义当请求的内容是php内容时,将请求转交给php server的acl规则    
        acl url_php path_end     -i .php
        #定义当请求的内容是.jsp或.do内容时,将请求转交给tomcat server的acl规则    
        acl url_jsp path_end     -i .jsp .do
        #引用acl匹配规则
        use_backend static_pool if  url_static or host_static
        use_backend php_pool    if  url_php
        use_backend tomcat_pool if  url_jsp
        #定义后端backend server
 backend static_pool
        option  httpchk GET /index.html
        server static1 192.168.0.247:80 cookie id1  check inter 2000 rise 2 fall 3
 backend php_pool
        option  httpchk GET /info.php
        server php1 192.168.0.235:80 cookie id1 check inter 2000 rise 2 fall 3
 backend tomcat_pool
        option  httpchk GET /index.jsp
        server tomcat1 192.168.0.238:8086 cookie id2 check inter 2000 rise 2 fall 3

#<----------------------default site for listen and frontend------------------------------------>
backend default
        mode http
        option  httpchk GET /index.html
        server default 192.168.0.127:80 cookie id1 check inter 2000 rise 2 fall 3 maxconn 5000

0 人点赞