六.基礎配置階段
1.安裝haproxy
[root@hap ~]# yum install -y haproxy [root@hap ~]# cd /etc/haproxy/ [root@hap haproxy]# cp haproxy.cfg{,.bak} [root@hap haproxy]# ls haproxy.cfg haproxy.cfg.bak
2.開啓haproxy的系統日誌
[root@hap haproxy]# vim/etc/rsyslog.conf $ModLoad imudp $UDPServerRun 514 local2.* /var/log/haproxy.log
重新啓動rsyslog服務:
[root@hap haproxy]# service rsyslog restart Shutting down system logger: [ OK ] Starting system logger: [ OK ]
3.編輯配置文件,添加後端web服務器
[root@hap haproxy]# vim/etc/haproxy/haproxy.cfg global #to have these messages end up in /var/log/haproxy.log you will #need to: # #1) configure syslog to accept network log events. This is done # by adding the '-r' option tothe SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # #2) configure local2 events to go to the /var/log/haproxy.log # file. A line like thefollowing can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon #turn on stats unix socket stats socket /var/lib/haproxy/stats defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 frontend main *:80 default_backend websrvs backend websrvs balance roundrobin server node7 172.16.31.30:80check server node8 172.16.31.31:80check
4.啓動服務:
[root@hap haproxy]# service haproxy start Starting haproxy: [ OK ]
5.訪問測試:
是基於輪詢調度算法的。
七.常用配置解析:
1.cookie會話保持
backend websrvs balance roundrobin cookie SRV insert indirectnocache server node7 172.16.31.30:80cookie node7 check rise 1 fall 2 server node8 172.16.31.31:80cookie node8 check
重啓haproxy服務:
[root@hap haproxy]# service haproxy restart Stopping haproxy: [ OK ] Starting haproxy: [ OK ]
訪問測試:
記錄了cookie,實現了會話保持:
2.啓用反向服務器狀態信息頁面
backend websrvs balance roundrobin server node7 172.16.31.30:80cookie node7 check rise 1 fall 2 server node8 172.16.31.31:80cookie node8 check stats enable
重啓haproxy服務,訪問測試:
狀態頁安全性配置:
backend websrvs balance roundrobin server node7 172.16.31.30:80cookie node7 check rise 1 fall 2 server node8 172.16.31.31:80cookie node8 check stats enable stats uri /haproxyadm?stats stats hide-version stats realm HAProxy\ Status stats auth admin:admin stats admin if TRUE
重啓haproxy服務,訪問測試:
3.讓後端web服務器記錄真實的訪問客戶端IP地址
更改後端web服務器的日誌格式:
[root@node7 ~]# vim/etc/httpd/conf/httpd.conf #LogFormat "%h %l %u %t\"%r\" %>s %b \"%{Referer}i\"\"%{User-Agent}i\"" combined #將如上日誌格式更改爲下面的格式即可 LogFormat "%{X-Forwarded-For}i %l %u%t \"%r\" %>s %b \"%{Referer}i\"\"%{User-Agent}i\"" combined
重新啓動web服務器後進行測試訪問後查看日誌:
[root@node7 ~]# tail/var/log/httpd/access_log #以前訪問的記錄地址都是haproxy服務器的地址 172.16.31.32 - - [11/Jan/2015:10:03:45+0800] "GET / HTTP/1.1" 200 16 "-" "Mozilla/5.0(Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/37.0.2062.124 Safari/537.36" #更改記錄日誌格式後記錄的是真實的客戶端IP地址 172.16.31.254 - - [11/Jan/2015:11:15:50+0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0(Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/37.0.2062.124 Safari/537.36" 172.16.31.254 - - [11/Jan/2015:11:15:56+0800] "GET / HTTP/1.1" 200 16 "-" "Mozilla/5.0(Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/37.0.2062.124 Safari/537.36"
4.通過ACL實現網站訪問的動靜分離
我通過ACL將動態資源的訪問到節點7,而靜態資源的訪問定位到節點8
先在節點7和節點8安裝php,實現php動態資源和httpd服務器的結合:
# yum install -y php
創建phpinfo測試頁:
#cat /var/www/html/index.php <?php phpinfo(); ?>
節點7和節點8都存在動態的php測試頁:
我們配置haproxy實現動靜分離:
[root@hap haproxy]# cat /etc/haproxy/haproxy.cfg global # to have these messages end up in/var/log/haproxy.log you will #need to: # #1) configure syslog to accept network log events. This is done # by adding the '-r' option tothe SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # #2) configure local2 events to go to the /var/log/haproxy.log # file. A line like thefollowing can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon #turn on stats unix socket stats socket /var/lib/haproxy/stats defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 listen stats bind :1080 mode http stats enable stats uri /haproxy?stats stats realm HAProxy\ Status stats auth admin:admin stats admin if TRUE frontend http-in bind *:80 mode http log global option httpclose option logasap option dontlognull capture request header Host len 20 capture request header Referer len 60 acl url_static path_beg -i /static /p_w_picpaths /javascript /stylesheets acl url_static path_end -i .html .jpg .jpeg .gif .png .css .js acl url_dynamic path_end -i .php .jsp use_backend static_servers if url_static use_backend dynamic_servers if url_dynamic default_backend dynamic_servers backend static_servers balance roundrobin server node7 172.16.31.30:80check maxconn 1000 backend dynamic_servers balance roundrobin cookie srv insert nocache server node8 172.16.31.31:80 check maxconn 1000 cookie node8
重新啓動haproxy服務進行訪問測試:
我們訪問靜態的html頁面,代理服務器就定位到節點7上進行訪問;
我們訪問動態頁面,代理服務器就將請求定位到了節點8上,並記錄了session會話狀態;
至此,一些基礎的haproxy實用配置就介紹到這裏。