【云原生】听说大家跟着学haproxy，都成大佬了（实验篇）

PS：想了解haproxy理论知识，请移步haproxy理论篇

一、实验环境

主机名	角色	IP地址
haproxy		172.25.254.100
web1	RS1	172.25.254.10
web2	RS2	172.25.254.20
client	客户机	172.25.254.254

二、haproxy的基本部署

1、安装nginx服务（web1、web2）

#安装nginx服务
dnf install -y nginx#开机自启
systemctl enable --now nginx

2、网页文件（web1、web2）

#在web1中
echo web1 > /usr/share/nginx/html/index.html#在web2中
echo web2 > /usr/share/nginx/html/index.html

3、安装haproxy服务（haproxy）

#下载haproxy
dnf install -y haproxy#开机自启
systemctl enable --now haproxy

三、haproxy的全局配置

1、编辑配置文件（haproxy）

第一种：

vim /etc/haproxy/haproxy.cfgfrontend webclusterbind *:80mode httpuse_backend webcluster-hostbackend webcluster-hostbalance roundrobinserver web1 172.25.254.10:80server web2 172.25.254.20:80

第二种：（就是将第一种整合起来）

vim /etc/haproxy/haproxy.cfglisten webclusterbind *:80mode httpbalance roundrobinserver web1 172.25.254.10:80server web2 172.25.254.20:80

2、重启服务（haproxy）

systemctl restart haproxy

3、测试（client）

curl 172.25.254.100

四、haproxy代理参数

1、关闭 RS1 和 RS2 的 nginx ，网页页面跳转 haproxy 的页面

1.1 apache服务（haproxy）

#安装
dnf install -y httpd#修改端口号
vim /etc/httpd/conf/httpd.conf
listen 8080#开机自启
systemctl enable --now httpd#网页内容
echo fail > /var/www/html/index.html

1.2 配置文件（haproxy）

#编辑配置文件
vim /etc/haproxy/haproxy.cfglisten webclusterbind *:80mode httpbalance roundrobin#inter:健康状态次数 fall：失效次数 rise：有效次数 weight：权重        server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1server web_sorry 172.25.254.100:8080 backup#重启服务
systemctl restart haproxy

1.3 停止nginx（web1、web2）

systemctl stop nginx

1.4 测试（client）

curl 172.25.254.100

结果：显示haproxy的页面 fail

2、关闭 RS1

2.1 配置文件（haproxy）

#编辑配置文件
vim /etc/haproxy/haproxy.cfglisten webclusterbind *:80mode httpbalance roundrobin#inter:健康状态次数 fall：失效次数 rise：有效次数 weight：权重        server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1 disabledserver web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1server web_sorry 172.25.254.100:8080 backup#重启服务
systemctl restart haproxy

2.2 测试

curl 172.25.254.100

结果：只显示web2的页面

3、网页重定向（百度为例）

3.1 配置文件（haproxy）

#编辑配置文件
vim /etc/haproxy/haproxy.cfglisten webclusterbind *:80mode httpbalance roundrobinredirect prefix http://www.baidu.com#重启服务
systemctl restart haproxy

3.2 测试

curl 172.25.254.100

结果：看到百度页面

五、haproxy热处理

1、单线程

1.1 配置文件（haproxy）

#编辑配置文件
vim /etc/haproxy/haproxy.cfg#加上admin变为超级用户
stats socket /var/lib/haproxy/stats mode 600 level adminlisten webclusterbind *:80mode httpbalance roundrobin#inter:健康状态次数 fall：失效次数 rise：有效次数 weight：权重        server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1server web_sorry 172.25.254.100:8080 backup#重启服务
systemctl restart haproxy

1.2 安装socat工具（haproxy）

dnf install socat -y

1.3 热处理（haproxy）

echo get weight server webcluster/web1 | socat stdio /var/lib/haproxy/statsecho "set weight server webcluster/web1 2" | socat stdio /var/lib/haproxy/statsecho "set weight server webcluster/web1 1" | socat stdio /var/lib/haproxy/statsecho 'get server stats' | socat stdio /var/lib/haproxy/statsecho 'show server stats' | socat stdio /var/lib/haproxy/statsecho "disenable server webcluster/web1" | socat stdio /var/lib/haproxy/statsecho "enable server webcluster/web1" | socat stdio /var/lib/haproxy/stats

2、多线程

2.1 配置文件（haproxy）

#编辑配置文件
vim /etc/haproxy/haproxy.cfgstats socket /var/lib/haproxy/haproxy.sock1 mode 600 level admin process 1
stats socket /var/lib/haproxy/haproxy.sock2 mode 600 level admin process 2nbproc 2
cpu-map 10
cpu-map 2 1

2.2 查看

ll /var/lib/haproxy

六、haproxy的算法

1、静态算法

1.1 static-rr

listen webclusterbind *:80mode httpbalance static-rrserver web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1

1.2 first

listen webclusterbind *:80mode httpbalance firstserver web1 172.25.254.10:80 maxconn 3 check inter 3s fal1 3 rise 5server web2 172.25.254.20:80 check inter 3s fal1 3 rise 5

2、动态算法

2.1 roundrobin

listen webclusterbind *:80mode httpbalance roundrobinserver web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1

2.2 leastconn

listen webclusterbind *:80mode httpbalance leastconnserver web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1

3、其他算法

3.1 source

listen webclusterbind *:80mode httpbalance sourceserver web1 172.25.254.10:80 weight 1 check inter 3s fal1 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5

3.1.1 map-base取模法

listen webclusterbind *:80mode httpbalance sourceserver web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5

#不支持动态调整权重值
echo "set weight webcluster/web1 2" socat stdio/var/lib/haproxy/haproxy.sock
Backend is using a static LB algorithm and only accepts weights '0%' and '100%'#只能动态上线和下线
echo "set weight webcluster/web1 0" socat stdio /var/lib/haproxy/stats
echo "get weight webcluster/web1" socat stdio /var/lib/haproxy/stats
0(initial 1)

3.1.2 一致性hash

listen webclusterbind *:80mode httpbalance sourcehash-type consistentserver web1 172.25.254.10:80 weight 1 check inter 3s fal1 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5

3.2 uri

3.2.1 uri 取模法配置示例

listen webclusterbind *:80mode httpbalance uriserver web1 172.25.254.10:80 weight 1 check inter 3s fal1 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5

3.2.2 uri -致性hash配置示例

listen webclustebind *:80mode httpbalance urihash-type consistentserver web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5

3.2.3 访问测试

#在web1中
echo web1 11 > /usr/share/nginx/html/index1.html
echo web1 22 > /usr/share/nginx/html/index2.html
echo web1 33 > /usr/share/nginx/html/index3.html#在客户机中
curl 172.25.254.100/index1.html
curl 172.25.254.100/index2.html
curl 172.25.254.100/index3.html

3.3 ur]_param

3.3.1 url_param取模法配置示例

listen webclusterbind *:80mode httpbalance urlparam name,userid #支持对多个ur]_param hashserver web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5

3.3.2 url_param一致性hash配置示例

listen webclusterbind *:80mode httpbalance urlparam name,userid #支持对多个ur]_param hashhash-type consistentserver web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5

3.3.3 访问测试

#在客户机中
curl 172.25.254.100/index1.html?userid=111
curl 172.25.254.100/index2.html?userid=111
curl 172.25.254.100/index3.html?userid=111

3.4 hdr

3.4.1 hdr取模法配置示例

listen webclusterbind *:80mode httpbalance hdr(user-Agent)server web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5

3.4.2 hdr一致性hash配置示例

listen webclusterbind *:80mode httpbalance hdr(user-Agent)hash-type consistentserver web1 172.25.254.10:80 weight 1 check inter 3s fall 3 rise 5server web2 172.25.254.20:80 weight 1 check inter 3s fall 3 rise 5

3.4.3 访问测试

curl -v 172.25.254.100
curl -v "baidu" 172.25.254.100

七、基于cookie的会话保持

1、配置文件（haproxy）

#编辑配置文件
vim /etc/haproxy/haproxy.cfglisten webclusterbind *:80mode httpbalance roundrobincookie WEBCOOKIE insert nocache indirectserver web1 172.25.254.10:80 cookie moon1 check inter 2 fall 3 rise 5 weight 1server web2 172.25.254.20:80 cookie moon2 check inter 2 fall 3 rise 5 weight 1#重启服务
systemctl restart haproxy.service

2、测试

curl -b WEBCOOKIE=moon1 172.25.254.100
curl -b WEBCOOKIE=moon2 172.25.254.100

八、ip透传

#web1
#卸载nginx
rpm -e nginx#下载apache
dnf install -y httpd#开机自启
systemctl enable --now httpd

1、四层

listen webclusterbind *:80mode tcpbalance roundrobinserver web1 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1

2、七层

listen webclusteroption forwardforbind *:80mode tcpbalance roundrobinserver web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 1server web1 172.25.254.10:80 send-proxy check inter 2 fall 3 rise 5 weight 1

九、自定义错误页面

vim /etc/haproxy/haproxy.cfg
errorfie 503 haproxy/errorpages/503page.httpmkdir /haproxy/errorpages/ -pcp usr/share/haproxy/503.http/haproxy/errorpages/503page.httpvim /haproxy/errorpages/503page.http
HTTP/1.0 503 Service Unavailable
Cache-Control:no-cache
Connection:close
Content-Type:text/html;charset=UTF-8
<htm]><body><h1>什么动物生气最安静</h1>大猩猩!!
</body></htm1>

十、四层负载示例

vim /etc/haproxy/haproxy.cfg
frontend mysql_portbind :3306mode tcpuse_backend mysql_rslisten mysql_portbind :3306mode tcpbalance leastconnserver mysql1 172.25.254.10:3306 checkserver mysql2 172.25.254.20:3306 check#RS1和RS2下载数据库
dnf install mariadb-server -y
dnf install mariadb-server -y#RS1
vim /etc/my.cnf
server-id=1
mysql -e "grant all on *.* to lee'%' identified by 'lee';"#RS2
vim /etc/my.cnf
server-id=2mysql -e "grant all on *.* to lee'%' identified by 'lee';"

十一、haproxy的https

#证书制作
mkdir /etc/haproxy/certs/
opensslreg -newkey rsa:2048 -nodes -sha256 -keyout /etc/haproxy/certs/timinglee.org.key -x509 -days 365 out /etc/haproxy/certs/timinglee.org.crtvim /etc/haproxy/haproxy.cfg
frontend webserverbind *:80redirect scheme https if !{ ssl_fc }mode httpuse backend webcluster
frontend webserver-httpsbind *:443 ssl crt /etc/haproxy/timinglee.org.pemmode httpuse backend webcluster
backend webclustermode httpbalance roundrobinserver webl 172.25.254.10:80 check inter 3s fall 3 rise 5server web2 172.25.254.20:80 check inter 3s fall 3 rise 5