[系统运维]web集群之haproxy相关配置

1. 源码编译安装haproxy 2.x，配置服务启动脚本。

安装

1）、下载安装包

[root@localhost ~]# wget -c https://repo.huaweicloud.com/haproxy/2.4/src/haproxy-2.4.8.tar.gz

[root@localhost ~]# ls haproxy-2.4.8.tar.gz 
haproxy-2.4.8.tar.gz

2）、安装依赖

[root@localhost ~]# curl -R -O http://www.lua.org/ftp/lua-5.4.3.tar.gz
[root@localhost ~]# yum install gcc gcc-c++ make -y

3）、解压lua

[root@localhost ~]# tar xf lua-5.4.3.tar.gz -C /usr/local/src/
[root@localhost ~]# cd /usr/local/src/lua-5.4.3/

4)、编译安装lua

[root@localhost lua-5.4.3]# make linux test
[root@localhost lua-5.4.3]# cp src/lua /usr/bin/lua
[root@localhost lua-5.4.3]# lua -v
Lua 5.4.3  Copyright (C) 1994-2021 Lua.org, PUC-Rio

5）、解压haproxy

[root@localhost ~]# tar xf haproxy-2.4.8.tar.gz -C /usr/local/src/
[root@localhost ~]# cd /usr/local/src/haproxy-2.4.8/

6）、安装依赖

[root@localhost haproxy-2.4.8]# yum -y install gcc openssl-devel pcre-devel systemd-devel

7）、编译安装

[root@localhost haproxy-2.4.8]# make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_LUA=1 LUA_INC=/usr/local/src/lua-5.4.3/src/ LUA_LIB=/usr/local/src/lua-5.4.3/src/

[root@localhost haproxy-2.4.8]# make install PREFIX=/usr/local/src/haproxy

查看目录结构

[root@localhost haproxy-2.4.8]# tree /usr/local/haproxy/
/usr/local/haproxy/
├── doc
│?? └── haproxy
│??     ├── 51Degrees-device-detection.txt
│??     ├── architecture.txt
│??     ├── close-options.txt
│??     ├── configuration.txt
│??     ├── cookie-options.txt
│??     ├── DeviceAtlas-device-detection.txt
│??     ├── intro.txt
│??     ├── linux-syn-cookies.txt
│??     ├── lua.txt
│??     ├── management.txt
│??     ├── netscaler-client-ip-insertion-protocol.txt
│??     ├── network-namespaces.txt
│??     ├── peers.txt
│??     ├── peers-v2.0.txt
│??     ├── proxy-protocol.txt
│??     ├── regression-testing.txt
│??     ├── seamless_reload.txt
│??     ├── SOCKS4.protocol.txt
│??     ├── SPOE.txt
│??     └── WURFL-device-detection.txt
├── sbin
│?? └── haproxy
└── share
    └── man
        └── man1
            └── haproxy.1

?8）、设置软链接

[root@localhost haproxy-2.4.8]# ln -sv /usr/local/haproxy/sbin/haproxy /usr/sbin/haproxy

?验证版本

[root@localhost haproxy-2.4.8]# haproxy -v
HAProxy version 2.4.8-d1f8d41 2021/11/03 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2026.
Known bugs: http://www.haproxy.org/bugs/bugs-2.4.8.html
Running on: Linux 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64

?配置服务脚本

?1）、编写服务脚本

[root@localhost ~]# vim /usr/lib/systemd/system/haproxy.service
[root@localhost ~]# more /usr/lib/systemd/system/haproxy.service
[Unit] 
Description=HAProxy Load Balancer 
After=syslog.target network.target 

[Service] 
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q 
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /usr/local/haproxy/haproxy.pid 
ExecReload=/bin/kill -USR2 $MAINPID 

[Install] 
WantedBy=multi-user.target

?2）、创建配置文件

[root@localhost ~]# more /etc/haproxy/haproxy.cfg 
global
        maxconn         10000
        stats socket    /var/run/haproxy.stat mode 600 level admin
        log             127.0.0.1 local0
        #uid             200
        #gid             200
        user            haproxy
        group           haproxy
        chroot          /usr/local/haproxy
        daemon

defaults
	mode http
	option httplog
	log global
	timeout client 1m
	timeout server 1m
	timeout connect 10s
	timeout http-keep-alive 2m
	timeout queue 15s
	timeout tunnel 4h  # for websocket

listen stats  
        mode http  
        bind :9999  
        stats enable  
        log global
        stats uri /haproxy-status 
        stats auth haadmin:123456  //账号密码


listen app1
   # this is the address and port we'll listen to, the ones to aim the
   # load generators at
   bind :80

   # create a certificate and uncomment this for SSL
   # bind :8443 ssl crt my-cert.pem alpn h2,http/1.1

   # Put the server's IP address and port below
   server web1 192.168.159.136:80
   server web2 192.168.159.138:80

3）、创建用户

[root@localhost ~]# useradd -r -s /sbin/nologin -d /usr/local/haproxy/ haproxy

4）、配置两台web服务，配置静态页面

[root@rs1 ~]# more /var/www/html/index.html 
web1 test ip:192.168.159.136

[root@rs2 ~]# more /var/www/html/index.html 
web2 test2  ip:192.168.159.138

新开一台虚拟机测试：

[root@localhost ~]# for ((i=1;i<=6;i++)) 
> do
> curl 192.168.159.133
> done
web2 test2  ip:192.168.159.138
web1 test ip:192.168.159.136
web2 test2  ip:192.168.159.138
web1 test ip:192.168.159.136
web2 test2  ip:192.168.159.138
web1 test ip:192.168.159.136

查看haproxy的状态页

账号密码为配置文件中的

账号：haadmin

密码：123456

2. 配置haproxy日志。

1）、 修改配置文件

[root@localhost ~]# vim /etc/haproxy/haproxy.cfg
global
        log             127.0.0.1 local2 info
listen app1
   log global

?2）、rsyslog配置

[root@localhost ~]# vim /etc/rsyslog.conf 

#打开这两行注释
$ModLoad imudp 
$UDPServerRun 514

#追加
# Save haproxy messages also to haproxy.log 
local2.* /var/log/haproxy.log

4）、重启服务

[root@localhost ~]# systemctl restart haproxy.service rsyslog

5）、查看日志

[root@localhost ~]# tail -f /var/log/haproxy.log
Jan 12 20:55:27 localhost haproxy[1500]: 192.168.159.1:60108 [12/Jan/2022:20:55:27.655] stats stats/<STATS> 0/-1/-1/-1/0 401 263 - - LR-- 2/2/0/0/3 0/0 "GET /haproxy-status HTTP/1.1"
Jan 12 20:55:28 localhost haproxy[1500]: 192.168.159.1:60109 [12/Jan/2022:20:55:27.632] stats stats/<NOSRV> -1/-1/-1/-1/574 400 0 - - CR-- 2/2/0/0/0 0/0 "<BADREQ>"
Jan 12 20:56:25 localhost haproxy[1500]: 192.168.159.1:60130 [12/Jan/2022:20:56:25.386] stats stats/<STATS> 0/0/0/0/0 200 20172 - - LR-- 2/2/0/0/0 0/0 "GET /haproxy-status HTTP/1.1"
Jan 12 20:56:28 localhost haproxy[1500]: 192.168.159.1:60131 [12/Jan/2022:20:56:25.383] stats stats/<NOSRV> -1/-1/-1/-1/2847 400 0 - - CR-- 2/2/0/0/0 0/0 "<BADREQ>"

3. 配置haproxy实现web服务器负载均衡。

[root@localhost ~]# vim /etc/haproxy/haproxy.cfg

frontend mysql 
   bind :3306 
   mode tcp #必须指定tcp模式 
   default_backend mysqlsrvs 
backend mysqlsrvs  
   mode tcp #必须指定tcp模式  
   balance leastconn  
   server mysql1 192.168.159.136:3306
   server mysql2 192.168.159.138:3306

[root@localhost ~]# systemctl restart haproxy

2）、?准备两台虚拟机安装和配置mariadb

[root@rs1 ~]# yum install mariadb-server -y
[root@rs2 ~]# yum install mariadb-server -y

?3）、两台虚拟机给MySQL创建用户并授权

mysql> create user 'tom'@'%' identified by '123456';
mysql> grant all  on *.* to tom@'%';

4）、修改server id?

[root@rs1 ~]# vim /etc/my.cnf

[mysqld]
server_id = 136

[root@rs2 ~]# vim /etc/my.cnf

[mysqld]
server_id = 138

5、重启mariadb

[root@rs1 ~]# systemctl start mariadb
[root@rs2 ~]# systemctl start mariadb

4. 通过haproxy的acl规则实现智能负载均衡（动静分离）。

基于文件后名缀实现动静分离

1）、设置acl

[root@localhost ~]# vim /etc/haproxy/conf.d/test.cfg
[root@localhost ~]# cat /etc/haproxy/conf.d/test.cfg
frontend openlab_http_port   
bind 10.0.0.7:80  
mode http 
balance roundrobin  
log global  
option httplog
###################### acl setting ###############################   
acl acl_static path_end -i .jpg .jpeg .png .gif .css .js 
###################### acl setting ############################### 
  acl acl_static path_end -i .jpg .jpeg .png .gif .css .js
  acl dynamic path_end -i .php
###################### acl hosts ################################# 
  use_backend static_pools  if acl_static
  use_backend dynamic_pools if dynamic 
###################### backend hosts ############################# 
backend static_pools
  mode http
  server web1 192.168.159.136:80 check
backend dynamic_pools
  mode http
  server web2 192.168.159.138:80 check

?准备两台虚拟机

一台实现静态，一台实现动态

2）、下载服务

[root@rs1 ~]# yum install httpd -y
[root@rs2 ~]# yum install php -y

3）、动态端配置php

[root@rs2 ~]# vim /var/www/html/test.php
[root@rs2 ~]# cat /var/www/html/test.php
<?php
 phpinfo()
?>

[root@rs2 ~]# systemctl restart httpd

4）、静态端配置

准备主页和文件

[root@rs1 ~]# cd /var/www/html/
[root@rs1 html]# ls
bjx.jpg  index.html

5)、重启haproxy

[root@localhost ~]# systemctl restart haproxy

测试

静态

动态?

?

?