反向代理之Haproxy负载均衡系列
0.环境:haproxy需要的模拟环境,NFS,mysql高可用的环境即可,其实就是heartbeat.
环境准备:
主机名IP地址角色系统
web-node1 eth0:10.0.0.65 web-node1节点 CentOS7.2 web-node2 eth0:10.0.0.66 web-node2节点 CentOS7.2
环境设置:
web-node1: [root@web-node1 src]# uname -r 3.10.0-229.el7.x86_64 [root@web-node1 src]# uname -m x86_64 [root@web-node1 src]# cat /etc/hostname web-node1 [root@web-node1 src]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.0.65 web-node1 10.0.0.66 web-node2 web-node2: [root@web-node2 src]# uname -r 3.10.0-229.el7.x86_64 [root@web-node2 src]# uname -m x86_64 [root@web-node2 src]# cat /etc/hostname web-node2 [root@web-node2 src]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.0.65 web-node1 10.0.0.66 web-node2
1.节点部署apache作为RS
node1操作
web-node1: [root@web-node1 haproxy]# yum install -y httpd sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf systemctl start httpd echo "web-node1" > /var/www/html/index.html [root@web-node1 haproxy]# curl http://10.0.0.65:8080/ web-node1
node2
web-node2: [root@web-node2 haproxy]# yum install -y httpd [root@web-node2 u02]# sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf [root@web-node2 u02]# service httpd start [root@web-node2 u02]# echo "web-node2" > /var/www/html/index.html [root@web-node2 u02]# curl http://10.0.0.66:8080/ web-node2
因为两台服务器,没有多余ip了,所以临时创建一个ip
ifconfig eth0:0 10.0.0.67 netmask 255.255.255.128 broadcast 10.0.0.127
2.安装haproxy:
目前haproxy最高版本是1.7.8,本次实验使用1.7.5
下载地址:http://www.haproxy.org/download/1.7/
web-node1:
[root@web-node1 haproxy-1.7.5]# cd /usr/local/src
[root@web-node1 ]# wget http://www.haproxy.org/download/1.7/src/haproxy-1.7.5.tar.gz
[root@web-node1 haproxy-1.7.5]# tar -zxf haproxy-1.7.5.tar.gz
[root@web-node1 haproxy-1.7.5]# cd haproxy-1.7.5
[root@web-node1 haproxy-1.7.5]# make TARGET=linux2628 PREFIX=/usr/local/haproxy-1.7.5
[root@web-node1 haproxy-1.7.5]# make install PREFIX=/usr/local/haproxy-1.7.5
[root@web-node1 haproxy-1.7.5]# cp /usr/local/sbin/haproxy /usr/sbin/
[root@web-node1 local]# ln -s /usr/local/haproxy-1.7.5 /usr/local/haproxy
[root@web-node1 haproxy-1.7.5]# haproxy -v
HA-Proxy version 1.7.5 2017/04/03
Copyright 2000-2017 Willy Tarreau <willy@haproxy.org>
#参数说明
TARGET=linux26 #内核版本,使用uname -r查看内核,如:2.6.18-371.el5,此时该参数就为linux26;kernel 大于2.6.28的用:TARGET=linux2628
ARCH=x86_64 #系统位数
PREFIX=/usr/local/haprpxy #/usr/local/haprpxy为haprpxy安装路径
编辑Haproxy启动脚本:
[root@web-node1 haproxy-1.7.5]# cp /usr/local/src/haproxy-1.7.5/examples/haproxy.init /etc/init.d/haproxy
[root@web-node1 haproxy-1.7.5]# chmod +x /etc/init.d/haproxy
创建haproxy相关目录
[root@web-node1 haproxy-1.7.5]# useradd -r haproxy ##创建系统用户
[root@web-node1 haproxy-1.7.5]# mkdir /etc/haproxy
[root@web-node1 haproxy-1.7.5]# mkdir /var/lib/haproxy
[root@web-node1 haproxy-1.7.5]# mkdir /var/run/haproxy
修改配置文件:
[root@web-node1 haproxy]# ulimit -n
65535 ##
[root@web-node1 haproxy]# cat haproxy.cfg
global
log 127.0.0.1 local3 debug
chroot /var/lib/haproxy
user haproxy
group haproxy
nbproc 1
maxconn 65535
daemon
defaults
log global
mode http
option httplog
option dontlognull
option abortonclose
timeout connect 5000
timeout client 50000
timeout server 50000
#balance roundrobin
listen status
bind 0.0.0.0:1080
mode http
option httplog
maxconn 10
stats refresh 30s
stats uri /haproxy?stats
stats realm XingCloud\ Haproxy
stats auth admin:admin
stats auth Frank:Frank
stats hide-version
#errorfile 403 /home/haproxy/haproxy/errorfiles/403.http
#errorfile 500 /home/haproxy/haproxy/errorfiles/500.http
#errorfile 502 /home/haproxy/haproxy/errorfiles/502.http
#errorfile 503 /home/haproxy/haproxy/errorfiles/503.http
#errorfile 504 /home/haproxy/haproxy/errorfiles/504.http
frontend haproxy_cool360_org_frontend
mode http
bind 10.0.0.67:80
stats uri /haproxy?stats
acl proxy_cool360_org_bak hdr_end(host) -i blog.cool360.org
default_backend proxy_cool360_org_backend
use_backend webserver if proxy_cool360_org_bak
backend proxy_cool360_org_backend
#source cookie SERVERID
option forwardfor header X-REAL-IP
option httpchk GET /index.html
balance roundrobin #使用rr负载均衡方式,balance source 保存session值,支持static-rr,leastconn,first,uri等参数
server web-node1 10.0.0.65:8080 check inter 2000 rise 3 fall 3 weight 2
server web-node2 10.0.0.66:8080 check inter 2000 rise 3 fall 3 weight 1
backend webserver
#source cookie SERVERID
option forwardfor header X-REAL-IP
#option httpchk GET /index.html
#option httpchk HEAD /index.html HTTP/1.0 ###健康检查, 检测文件,如果分发到到index.html访问不到就不再分发给它
balance roundrobin #使用rr负载均衡方式,balance source 保存session值,支持static-rr,leastconn,first,uri等参数
server web-node1 10.0.0.65:8080 check port 8080 inter 2000 rise 3 fall 3 weight 2
server web-node2 10.0.0.66:8080 check port 8080 inter 2000 rise 3 fall 3 weight 1
# check 默认检查ip后面的端口
listen tcp
bind *:58422
mode tcp
option tcplog
balance source
server s1 10.0.0.65:22 weight 1
server s1 10.0.0.66:22 weight 1
重启haproxy:
[root@web-node1 haproxy]# /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c ##检查语法
[root@web-node1 haproxy]# /etc/init.d/haproxy restart
测试下效果:
for n in `echo {1..100}` ; do curl http://10.0.0.67; sleep 2; done
[root@web-node1 haproxy]# for n in `echo {1..100}` ; do curl http://10.0.0.65; sleep 2; done
web-node1
web-node1
web-node2
web-node1
web-node1
web-node2
web-node1
效果达到。
3.配置Haproxy日志:
[root@web-node1 haproxy-1.7.5]# sed -i 's@\#\$UDPServerRun 514@\$UDPServerRun 514@g' /etc/rsyslog.conf [root@web-node1 haproxy-1.7.5]# echo "local3.* /var/log/haproxy.log" >> /etc/rsyslog.conf [root@web-node1 haproxy-1.7.5]# sed -i 's@\#\$ModLoad imudp@\$ModLoad imudp@g' /etc/rsyslog.conf [root@web-node1 haproxy-1.7.5]# systemctl restart rsyslog.service [root@web-node1 haproxy-1.7.5]# netstat -anltup |grep 514 udp 0 0 0.0.0.0:514 0.0.0.0:* 11459/rsyslogd udp6 0 0 :::514 :::* 11459/rsyslogd 查看haproxy日志: tail -f /var/log/haproxy.log
Haproxy状态管理页面
4.访问:http://10.0.0.65:1080/haproxy?stats
这货来去如风,什么鬼都没留下!!!
嗨、骚年、快来消灭0回复。