目录
1、HAProxy介绍
HAProxy%E7%BC%96%E8%AF%91%E5%AE%89%E8%A3%85-toc" name="tableOfContents" style="margin-left:0px">2、HAProxy编译安装
Centos 基础环境
Ubuntu 基础环境
HAProxy-toc" name="tableOfContents" style="margin-left:40px">编译安装HAProxy
HAProxy%E7%89%88%E6%9C%AC-toc" name="tableOfContents" style="margin-left:40px">验证HAProxy版本
HAProxy%E5%90%AF%E5%8A%A8%E8%84%9A%E6%9C%AC-toc" name="tableOfContents" style="margin-left:40px">HAProxy启动脚本
配置文件
启动haproxy
验证haproxy状态
查看haproxy的状态页面
HAProxy%E4%BB%8B%E7%BB%8D" name="1%E3%80%81HAProxy%E4%BB%8B%E7%BB%8D">1、HAProxy介绍
HAProxy是法国开发者 威利塔罗(Willy Tarreau) 在2000年使用C语言开发的一个开源软件,是一款具备高并发(一万以上)、高性能的TCP和HTTP负载均衡器,支持基于cookie的持久性,自动故障切换,支持正则表达式及web状态统计,目前最新TLS版本为2.0
历史版本:
历史版本更新功能:1.4 1.5 1.6 1.7 1.8 1.9 2.0 2.1 2.2-dev
1.8:多线程,HTTP/2缓存……
1.7:服务器动态配置,多类型证书……
1.6:DNS解析支持,HTTP连接多路复用……
1.5:开始支持SSL,IPV6,会话保持……从2013年HAProxy 分为社区版和企业版,企业版将提供更多的特性和功能以及全天24小时的技术支持等服务。
企业版
企业版网站:[https://www.haproxy.com/]
社区版
社区版网站:[http://www.haproxy.org/]
github:[https://github.com/haproxy]
版本对比
| 功能 | 社区版 | 企业版 |
| 高级HTTP / TCP负载平衡和持久性 | 支持 | 支持 |
| 高级健康检查 | 支持 | 支持 |
| 应用程序加速 | 支持 | 支持 |
| 高级安全特性 | 支持 | 支持 |
| 高级管理 | 支持 | 支持 |
| HAProxy Dev Branch新功能 | 支持 | |
| 24*7 支持服务 | 支持 | |
| 实时仪表盘 | 支持 | |
| VRRP和Route Health Injection HA工具 | 支持 | |
| ACL,映射和TLS票证密钥同步 | 支持 | |
| 基于应用程序的高级DDoS和Bot保护(自动保护) | 支持 | |
| Bot(机器人)监测 | 支持 | |
| Web应用防火墙 | 支持 | |
| HTTP协议验证 | 支持 | |
| 实时集群追踪 | 支持 |
HAProxy功能
支持功能:
TCP 和 HTTP反向代理
SSL/TSL服务器
可以针对HTTP请求添加cookie,进行路由后端服务器
可平衡负载至后端服务器,并支持持久连接
支持所有主服务器故障切换至备用服务器
支持专用端口实现监控服务
支持停止接受新连接请求,而不影响现有连接
可以在双向添加,修改或删除HTTP报文首部
响应报文压缩
支持基于pattern实现连接请求的访问控制
通过特定的URI为授权用户提供详细的状态信息
支持http反向代理
支持动态程序的反向代理
支持基于数据库的反向代理不具备的功能:
正向代理--squid,nginx
缓存代理--varnish
web服务--nginx、tengine、apache、php、tomcat
UDP--目前不支持UDP协议
单机性能--相比LVS性能较差HAProxy%E7%BC%96%E8%AF%91%E5%AE%89%E8%A3%85" name="2%E3%80%81HAProxy%E7%BC%96%E8%AF%91%E5%AE%89%E8%A3%85">2、HAProxy编译安装
编译安装HAProxy 2.0 LTS版本,更多源码包下载地址:http://www.haproxy.org/download/
解决lua环境
HAProxy 支持基于lua实现功能扩展,lua是一种小巧的脚本语言,于1993年由巴西里约热内卢天主教大学(Pontifical Catholic University of Rio de Janeiro)里的一个研究小组开发,其设计目的是为了嵌入应用程序中,从而为应用程序提供灵活的扩展和定制功能。
Lua 官网:http://www.lua.org
Lua 应用场景
- 游戏开发
- 独立应用脚本
- Web 应用脚本
- 扩展和数据库插件,如MySQL Proxy
- 安全系统,如入侵检测系统
Centos 基础环境
参考链接:[http://www.lua.org/start.html]
由于CentOS7 之前版本自带的lua版本比较低并不符合HAProxy要求的lua最低版本(5.3)的要求,因此需要编译安装较新版本的lua环境,然后才能编译安装HAProxy,过程如下:
#当前系统版本
[root@node1 ~]# lua -v
Lua 5.1.4 Copyright (C) 1994-2008 Lua.org, PUC-Rio#安装基础命令及编译依赖环境
[root@node1 ~]# yum install gcc readline-devel
[root@node1 ~]# wget http://www.lua.org/ftp/lua-5.3.5.tar.gz
[root@node1 ~]# tar xf lua-5.3.5.tar.gz -C /usr/local/src
[root@node1 ~]# cd /usr/local/src/lua-5.3.5
[root@node1 lua-5.3.5]# make linux test#查看编译安装的版本
[root@node1 lua-5.3.5]# src/lua -v
Lua 5.3.5 Copyright (C) 1994-2018 Lua.org, PUC-RioUbuntu 基础环境
#安装基础命令及编译依赖环境
# apt install gcc iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server
nfs-common lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev
openssh-server libreadline-dev libsystemd-dev# cd /usr/local/src
# wget http://www.lua.org/ftp/lua-5.3.5.tar.gz
# tar xvf lua-5.3.5.tar.gz
# cd lua-5.3.5
# make linux test# pwd
/usr/local/src/lua-5.3.5
# ./src/lua -v
Lua 5.3.5 Copyright (C) 1994-2018 Lua.org, PUC-Rio或安装系统自带的lua
# apt install lua5.3=5.3.3-1ubuntu0.18.04.1
# lua5.3 -v
Lua 5.3.3 Copyright (C) 1994-2016 Lua.org, PUC-RioHAProxy" name="%E7%BC%96%E8%AF%91%E5%AE%89%E8%A3%85HAProxy" style="background-color:transparent">编译安装HAProxy
#HAProxy 1.8及1.9版本编译参数:
make ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/usr/local/haproxy#HAProxy 2.0以上版本编译参数:本文使用的是社区版2.2.9
[root@node1 ~]# yum -y install gcc openssl-devel pcre-devel systemd-devel
[root@node1 ~]# tar xf haproxy-2.2.9.tar.gz -C /usr/local/src/
[root@node1 ~]# cd /usr/local/src/haproxy-2.2.9/
[root@node1 haproxy-2.2.9]# cat README
[root@node1 haproxy-2.2.9]# ll Makefile
-rw-rw-r-- 1 root root 41604 2月 7 00:02 Makefile
[root@node1 haproxy-2.2.9]# cat INSTALL#参考INSTALL文件进行编译安装
[root@centos7 haproxy-2.2.9]# make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_LUA=1 LUA_INC=/usr/local/src/lua-5.3.5/src/ LUA_LIB=/usr/local/src/lua-5.3.5/src/
[root@centos7 haproxy-2.2.9]# make install PREFIX=/apps/haproxy
[root@centos7 haproxy-2.2.9]# ln -s /apps/haproxy/sbin/haproxy /usr/sbin/#查看生成的文件
[root@node1 haproxy-2.2.9]# tree /apps/haproxy/
/apps/haproxy/
├── doc
│ └── haproxy
│ ├── 51Degrees-device-detection.txt
│ ├── architecture.txt
│ ├── close-options.txt
│ ├── configuration.txt
│ ├── cookie-options.txt
│ ├── DeviceAtlas-device-detection.txt
│ ├── intro.txt
│ ├── linux-syn-cookies.txt
│ ├── lua.txt
│ ├── management.txt
│ ├── netscaler-client-ip-insertion-protocol.txt
│ ├── network-namespaces.txt
│ ├── peers.txt
│ ├── peers-v2.0.txt
│ ├── proxy-protocol.txt
│ ├── regression-testing.txt
│ ├── seamless_reload.txt
│ ├── SOCKS4.protocol.txt
│ ├── SPOE.txt
│ └── WURFL-device-detection.txt
├── sbin
│ └── haproxy
└── share└── man└── man1└── haproxy.1
6 directories, 22 filesHAProxy%E7%89%88%E6%9C%AC" name="%E9%AA%8C%E8%AF%81HAProxy%E7%89%88%E6%9C%AC">验证HAProxy版本
#验证HAProxy版本:
[root@node1 ~]# which haproxy
/usr/sbin/haproxy
[root@node1 ~]# haproxy -v
HA-Proxy version 2.2.9-a947cc2 2021/02/06 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2025.
Known bugs: http://www.haproxy.org/bugs/bugs-2.2.9.html
Running on: Linux 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019
x86_64[root@node1 ~]# haproxy -V
HA-Proxy version 2.2.9-a947cc2 2021/02/06 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2025.
Known bugs: http://www.haproxy.org/bugs/bugs-2.2.9.html
Running on: Linux 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019
x86_64
Usage : haproxy [-f <cfgfile|cfgdir>]* [ -vdVD ] [ -n <maxconn> ] [ -N
<maxpconn> ][ -p <pidfile> ] [ -m <max megs> ] [ -C <dir> ] [-- <cfgfile>*]-v displays version ; -vv shows known build options.-d enters debug mode ; -db only disables background mode.-dM[<byte>] poisons memory with <byte> (defaults to 0x50)-V enters verbose mode (disables quiet mode)-D goes daemon ; -C changes to <dir> before loading files.-W master-worker mode.-Ws master-worker mode with systemd notify support.-q quiet mode : don't display messages-c check mode : only check config files and exit-n sets the maximum total # of connections (uses ulimit -n)-m limits the usable amount of memory (in MB)-N sets the default, per-proxy maximum # of connections (0)-L set local peer name (default to hostname)-p writes pids of all children to this file-de disables epoll() usage even when available-dp disables poll() usage even when available-dS disables splice usage (broken on old kernels)-dG disables getaddrinfo() usage-dR disables SO_REUSEPORT usage-dr ignores server address resolution failures-dV disables SSL verify on servers side-dW fails if any warning is emitted-sf/-st [pid ]* finishes/terminates old pids.-x <unix_socket> get listening sockets from a unix socket-S <bind>[,<bind options>...] new master CLI
[root@node1 ~]# haproxy -vv
HA-Proxy version 2.2.9-a947cc2 2021/02/06 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2025.
Known bugs: http://www.haproxy.org/bugs/bugs-2.2.9.html
Running on: Linux 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019
x86_64
Build options :TARGET = linux-glibcCPU = genericCC = gccCFLAGS = -m64 -march=x86-64 -O2 -g -Wall -Wextra -Wdeclaration-after-
statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -
Wno-clobbered -Wno-missing-field-initializers -Wtype-limitsOPTIONS = USE_PCRE=1 USE_OPENSSL=1 USE_LUA=1 USE_ZLIB=1 USE_SYSTEMD=1DEBUG =Feature list : +EPOLL -KQUEUE +NETFILTER +PCRE -PCRE_JIT -PCRE2 -PCRE2_JIT +POLL
-PRIVATE_CACHE +THREAD -PTHREAD_PSHARED +BACKTRACE -STATIC_PCRE -STATIC_PCRE2
+TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H +GETADDRINFO +OPENSSL
+LUA +FUTEX +ACCEPT4 -CLOSEFROM +ZLIB -SLZ +CPU_AFFINITY +TFO +NS +DL +RT -
DEVICEATLAS -51DEGREES -WURFL +SYSTEMD -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -
EVPORTSDefault settings :bufsize = 16384, maxrewrite = 1024, maxpollevents = 200Built with multi-threading support (MAX_THREADS=64, default=1).
Built with OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.5
Built with network namespace support.
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"),
raw-deflate("deflate"), gzip("gzip")
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
IP_FREEBIND
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Encrypted password support via crypt(3): yes
Built with gcc compiler version 4.8.5 20150623 (Red Hat 4.8.5-44)Available polling systems :epoll : pref=300, test result OKpoll : pref=200, test result OKselect : pref=150, test result OK
Total: 3 (3 usable), will use epoll.Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)fcgi : mode=HTTP side=BE mux=FCGI<default> : mode=HTTP side=FE|BE mux=H1h2 : mode=HTTP side=FE|BE mux=H2<default> : mode=TCP side=FE|BE mux=PASS
Available services : none
Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace
[CACHE] cache
[FCGI] fcgi-appHAProxy%E5%90%AF%E5%8A%A8%E8%84%9A%E6%9C%AC" name="HAProxy%E5%90%AF%E5%8A%A8%E8%84%9A%E6%9C%AC">HAProxy启动脚本
[root@node1 ~]# cat /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p
/var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID[Install]
WantedBy=multi-user.target#默认缺少配置文件,无法启动
[root@node1 ~]# systemctl daemon-reload
[root@node1 ~]# systemctl start haproxy
Job for haproxy.service failed because the control process exited with error
code. See "systemctl status haproxy.service" and "journalctl -xe" for details.[root@node1 ~]# tail /var/log/messages
Feb 23 10:10:01 node1 systemd: Started Session 2 of user root.
Feb 23 10:17:43 node1 systemd: Starting Cleanup of Temporary Directories...
Feb 23 10:17:43 node1 systemd: Started Cleanup of Temporary Directories.
Feb 23 10:18:06 node1 systemd: Reloading.
Feb 23 10:18:15 node1 systemd: Starting HAProxy Load Balancer...
Feb 23 10:18:15 node1 haproxy: [ALERT] 053/101815 (2171) : Cannot open
configuration file/directory /etc/haproxy/haproxy.cfg : No such file or
directory
Feb 23 10:18:15 node1 systemd: haproxy.service: control process exited,
code=exited status=1
Feb 23 10:18:15 node1 systemd: Failed to start HAProxy Load Balancer.
Feb 23 10:18:15 node1 systemd: Unit haproxy.service entered failed state.
Feb 23 10:18:15 node1 systemd: haproxy.service failed.配置文件
#查看配置文件范例
[root@node1 ~]# tree /usr/local/src/haproxy-2.2.9/examples/
/usr/local/src/haproxy-2.2.9/examples/
├── acl-content-sw.cfg
├── content-sw-sample.cfg
├── errorfiles
│ ├── 400.http
│ ├── 403.http
│ ├── 408.http
│ ├── 500.http
│ ├── 502.http
│ ├── 503.http
│ ├── 504.http
│ └── README
├── haproxy.init
├── option-http_proxy.cfg
├── socks4.cfg
├── transparent_proxy.cfg
└── wurfl-example.cfg1 directory, 15 files#创建自定义的配置文件
[root@node1 ~]# mkdir /etc/haproxy
[root@node1 ~]# vim /etc/haproxy/haproxy.cfg
globalmaxconn 100000chroot /apps/haproxystats socket /var/lib/haproxy/haproxy.sock mode 600 level admin#uid 99#gid 99user haproxygroup haproxydaemon#nbproc 4#cpu-map 1 0#cpu-map 2 1#cpu-map 3 2#cpu-map 4 3pidfile /var/lib/haproxy/haproxy.pidlog 127.0.0.1 local2 infodefaultsoption http-keep-aliveoption forwardformaxconn 100000mode httptimeout connect 300000mstimeout client 300000mstimeout server 300000mslisten statsmode httpbind 0.0.0.0:9999stats enablelog globalstats uri /haproxy-statusstats auth haadmin:123456
listen web_portbind 192.168.150.11:80mode httplog globalserver web1 127.0.0.1:8080 check inter 3000 fall 2 rise 5启动haproxy
[root@node1 ~]# mkdir /var/lib/haproxy
[root@node1 ~]# useradd -r -s /sbin/nologin -d /var/lib/haproxy haproxy
[root@node1 ~]# systemctl enable --now haproxy验证haproxy状态
haproxy.cfg文件中定义了chroot、pidfile、user、group等参数,如果系统没有相应的资源会导致haproxy无法启动,具体参考日志文件 /var/log/messages
[root@node1 ~]# systemctl status haproxy
● haproxy.service - HAProxy Load BalancerLoaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor
preset: disabled)Active: active (running) since 二 2021-02-23 10:23:05 CST; 30s ago
Process: 2215 ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
(code=exited, status=0/SUCCESS)
Main PID: 2217 (haproxy)CGroup: /system.slice/haproxy.service├─2217 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p
/var/lib/haproxy/haproxy.pid└─2221 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p
/var/lib/haproxy/haproxy.pid2月 23 10:23:05 node1.kongd.com systemd[1]: Starting HAProxy Load Balancer...
2月 23 10:23:05 node1.kongd.com systemd[1]: Started HAProxy Load Balancer.
2月 23 10:23:05 node1.kongd.com haproxy[2217]: [NOTICE] 053/102305 (2217) : New
worker #1 (2221) forked
2月 23 10:23:05 node1.kongd.com haproxy[2217]: [WARNING] 053/102305 (2221) :
Server web_port/web1 i...ue.
2月 23 10:23:05 node1.kongd.com haproxy[2217]: [NOTICE] 053/102305 (2221) :
haproxy version is 2.2....cc2
2月 23 10:23:05 node1.kongd.com haproxy[2217]: [NOTICE] 053/102305 (2221) : path
to executable is /...oxy
2月 23 10:23:05 node1.kongd.com haproxy[2217]: [ALERT] 053/102305 (2221) : proxy
'web_port' has no ...le!
Hint: Some lines were ellipsized, use -l to show in full.[root@node1 ~]# pstree -p |grep haproxy|-haproxy(2217)---haproxy(2221)查看haproxy的状态页面
浏览器访问: http://haproxy-server:9999/haproxy-status
