PS:想了解haproxy理论知识,请移步haproxy理论篇
一、实验环境
主机名 | 角色 | IP地址 |
---|---|---|
haproxy | 172.25.254.100 | |
web1 | RS1 | 172.25.254.10 |
web2 | RS2 | 172.25.254.20 |
client | 客户机 | 172.25.254.254 |
二、haproxy的基本部署
1、安装nginx服务(web1、web2)
#安装nginx服务
dnf install -y nginx#开机自启
systemctl enable --now nginx
2、网页文件(web1、web2)
#在web1中
echo web1 > /usr/share/nginx/html/index.html#在web2中
echo web2 > /usr/share/nginx/html/index.html
3、安装haproxy服务(haproxy)
#下载haproxy
dnf install -y haproxy#开机自启
systemctl enable --now haproxy
三、haproxy的全局配置
1、编辑配置文件(haproxy)
第一种:
vim /etc/haproxy/haproxy.cfgfrontend webclusterbind *:80mode httpuse_backend webcluster-hostbackend webcluster-hostbalance roundrobinserver web1 172.25.254.10:80server web2 172.25.254.20:80
第二种:(就是将第一种整合起来)
vim /etc/haproxy/haproxy.cfglisten webclusterbind *:80mode httpbalance roundrobinserver web1 172.25.254.10:80server web2 172.25.254.20:80
2、重启服务 (haproxy)
systemctl restart haproxy
3、测试(client)
curl 172.25.254.100
四、haproxy代理参数
1、关闭 RS1 和 RS2 的 nginx ,网页页面跳转 haproxy 的页面
1.1 apache服务(haproxy)
#安装
dnf install -y httpd#修改端口号
vim /etc/httpd/conf/httpd.conf
listen 8080#开机自启
systemctl enable --now httpd#网页内容
echo fail > /var/www/html/index.html
1.2 配置文件(haproxy)
#编辑配置文件
vim /etc/haproxy/haproxy.cfglisten webclusterbind *:80mode httpbalance roundrobin#inter:健康状态次数 fall:失效次数 rise:有效次数 weight:权重 server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1server web_sorry 172.25.254.100:8080 backup#重启服务
systemctl restart haproxy
1.3 停止nginx(web1、web2)
systemctl stop nginx
1.4 测试(client)
curl 172.25.254.100
结果:显示haproxy的页面 fail
2、关闭 RS1
2.1 配置文件(haproxy)
#编辑配置文件
vim /etc/haproxy/haproxy.cfglisten webclusterbind *:80mode httpbalance roundrobin#inter:健康状态次数 fall:失效次数 rise:有效次数 weight:权重 server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1 disabledserver web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1server web_sorry 172.25.254.100:8080 backup#重启服务
systemctl restart haproxy
2.2 测试
curl 172.25.254.100
结果 :只显示web2的页面
3、网页重定向(百度为例)
3.1 配置文件(haproxy)
#编辑配置文件
vim /etc/haproxy/haproxy.cfglisten webclusterbind *:80mode httpbalance roundrobinredirect prefix http://www.baidu.com#重启服务
systemctl restart haproxy
3.2 测试
curl 172.25.254.100
结果:看到百度页面
五、haproxy热处理
1、单线程
1.1 配置文件(haproxy)
#编辑配置文件
vim /etc/haproxy/haproxy.cfg#加上admin变为超级用户
stats socket /var/lib/haproxy/stats mode 600 level adminlisten webclusterbind *:80mode httpbalance roundrobin#inter:健康状态次数 fall:失效次数 rise:有效次数 weight:权重 server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1server web_sorry 172.25.254.100:8080 backup#重启服务
systemctl restart haproxy
1.2 安装socat工具(haproxy)
dnf install socat -y
1.3 热处理(haproxy)
echo get weight server webcluster/web1 | socat stdio /var/lib/haproxy/statsecho "set weight server webcluster/web1 2" | socat stdio /var/lib/haproxy/statsecho "set weight server webcluster/web1 1" | socat stdio /var/lib/haproxy/statsecho 'get server stats' | socat stdio /var/lib/haproxy/statsecho 'show server stats' | socat stdio /var/lib/haproxy/statsecho "disenable server webcluster/web1" | socat stdio /var/lib/haproxy/statsecho "enable server webcluster/web1" | socat stdio /var/lib/haproxy/stats
2、多线程
2.1 配置文件(haproxy)
#编辑配置文件
vim /etc/haproxy/haproxy.cfgstats socket /var/lib/haproxy/haproxy.sock1 mode 600 level admin process 1
stats socket /var/lib/haproxy/haproxy.sock2 mode 600 level admin process 2nbproc 2
cpu-map 10
cpu-map 2 1
2.2 查看
ll /var/lib/haproxy
六、haproxy的算法
1、静态算法
1.1 static-rr
listen webclusterbind *:80mode httpbalance static-rrserver web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
1.2 first
listen webclusterbind *:80mode httpbalance firstserver web1 172.25.254.10:80 maxconn 3 check inter 3s fal1 3 rise 5server web2 172.25.254.20:80 check inter 3s fal1 3 rise 5
2、动态算法
2.1 roundrobin
listen webclusterbind *:80mode httpbalance roundrobinserver web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
2.2 leastconn
listen webclusterbind *:80mode httpbalance leastconnserver web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
3、其他算法
3.1 source
listen webclusterbind *:80mode httpbalance sourceserver web1 172.25.254.10:80 weight 1 check inter 3s fal1 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
3.1.1 map-base取模法
listen webclusterbind *:80mode httpbalance sourceserver web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
#不支持动态调整权重值
echo "set weight webcluster/web1 2" socat stdio/var/lib/haproxy/haproxy.sock
Backend is using a static LB algorithm and only accepts weights '0%' and '100%'#只能动态上线和下线
echo "set weight webcluster/web1 0" socat stdio /var/lib/haproxy/stats
echo "get weight webcluster/web1" socat stdio /var/lib/haproxy/stats
0(initial 1)
3.1.2 一致性hash
listen webclusterbind *:80mode httpbalance sourcehash-type consistentserver web1 172.25.254.10:80 weight 1 check inter 3s fal1 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
3.2 uri
3.2.1 uri 取模法配置示例
listen webclusterbind *:80mode httpbalance uriserver web1 172.25.254.10:80 weight 1 check inter 3s fal1 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
3.2.2 uri -致性hash配置示例
listen webclustebind *:80mode httpbalance urihash-type consistentserver web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
3.2.3 访问测试
#在web1中
echo web1 11 > /usr/share/nginx/html/index1.html
echo web1 22 > /usr/share/nginx/html/index2.html
echo web1 33 > /usr/share/nginx/html/index3.html#在客户机中
curl 172.25.254.100/index1.html
curl 172.25.254.100/index2.html
curl 172.25.254.100/index3.html
3.3 ur]_param
3.3.1 url_param取模法配置示例
listen webclusterbind *:80mode httpbalance urlparam name,userid #支持对多个ur]_param hashserver web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
3.3.2 url_param一致性hash配置示例
listen webclusterbind *:80mode httpbalance urlparam name,userid #支持对多个ur]_param hashhash-type consistentserver web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
3.3.3 访问测试
#在客户机中
curl 172.25.254.100/index1.html?userid=111
curl 172.25.254.100/index2.html?userid=111
curl 172.25.254.100/index3.html?userid=111
3.4 hdr
3.4.1 hdr取模法配置示例
listen webclusterbind *:80mode httpbalance hdr(user-Agent)server web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
3.4.2 hdr一致性hash配置示例
listen webclusterbind *:80mode httpbalance hdr(user-Agent)hash-type consistentserver web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5
3.4.3 访问测试
curl -v 172.25.254.100
curl -v "baidu" 172.25.254.100
七、基于cookie的会话保持
1、配置文件(haproxy)
#编辑配置文件
vim /etc/haproxy/haproxy.cfglisten webclusterbind *:80mode httpbalance roundrobincookie WEBCOOKIE insert nocache indirectserver web1 172.25.254.10:80 cookie moon1 check inter 2 fall 3 rise 5 weight 1server web2 172.25.254.20:80 cookie moon2 check inter 2 fall 3 rise 5 weight 1#重启服务
systemctl restart haproxy.service
2、测试
curl -b WEBCOOKIE=moon1 172.25.254.100
curl -b WEBCOOKIE=moon2 172.25.254.100
八、ip透传
#web1
#卸载nginx
rpm -e nginx#下载apache
dnf install -y httpd#开机自启
systemctl enable --now httpd
1、四层
listen webclusterbind *:80mode tcpbalance roundrobinserver web1 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
2、七层
listen webclusteroption forwardforbind *:80mode tcpbalance roundrobinserver web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1server web1 172.25.254.10:80 send-proxy check inter 2 fall 3 rise 5 weight 1
九、自定义错误页面
vim /etc/haproxy/haproxy.cfg
errorfie 503 haproxy/errorpages/503page.httpmkdir /haproxy/errorpages/ -pcp usr/share/haproxy/503.http/haproxy/errorpages/503page.httpvim /haproxy/errorpages/503page.http
HTTP/1.0 503 Service Unavailable
Cache-Control:no-cache
Connection:close
Content-Type:text/html;charset=UTF-8
<htm]><body><h1>什么动物生气最安静</h1>大猩猩!!
</body></htm1>
十、四层负载示例
vim /etc/haproxy/haproxy.cfg
frontend mysql_portbind :3306mode tcpuse_backend mysql_rslisten mysql_portbind :3306mode tcpbalance leastconnserver mysql1 172.25.254.10:3306 checkserver mysql2 172.25.254.20:3306 check#RS1和RS2下载数据库
dnf install mariadb-server -y
dnf install mariadb-server -y#RS1
vim /etc/my.cnf
server-id=1
mysql -e "grant all on *.* to lee'%' identified by 'lee';"#RS2
vim /etc/my.cnf
server-id=2mysql -e "grant all on *.* to lee'%' identified by 'lee';"
十一、haproxy的https
#证书制作
mkdir /etc/haproxy/certs/
opensslreg -newkey rsa:2048 -nodes -sha256 -keyout /etc/haproxy/certs/timinglee.org.key -x509 -days 365 out /etc/haproxy/certs/timinglee.org.crtvim /etc/haproxy/haproxy.cfg
frontend webserverbind *:80redirect scheme https if !{ ssl_fc }mode httpuse backend webcluster
frontend webserver-httpsbind *:443 ssl crt /etc/haproxy/timinglee.org.pemmode httpuse backend webcluster
backend webclustermode httpbalance roundrobinserver webl 172.25.254.10:80 check inter 3s fall 3 rise 5server web2 172.25.254.20:80 check inter 3s fall 3 rise 5