六.基础配置阶段
1.安装haproxy
[root@hap ~]# yum install -y haproxy
[root@hap ~]# cd /etc/haproxy/
[root@hap haproxy]# cp haproxy.cfg{,.bak}
[root@hap haproxy]# ls
haproxy.cfg haproxy.cfg.bak
2.开启haproxy的系统日志
[root@hap haproxy]# vim/etc/rsyslog.conf $ModLoad imudp $UDPServerRun 514 local2.* /var/log/haproxy.log
重新启动rsyslog服务:
[root@hap haproxy]# service rsyslog restart Shutting down system logger: [ OK ] Starting system logger: [ OK ]
3.编辑配置文件,添加后端web服务器
[root@hap haproxy]# vim/etc/haproxy/haproxy.cfg global #to have these messages end up in /var/log/haproxy.log you will #need to: # #1) configure syslog to accept network log events. This is done # by adding the '-r' option tothe SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # #2) configure local2 events to go to the /var/log/haproxy.log # file. A line like thefollowing can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon #turn on stats unix socket stats socket /var/lib/haproxy/stats defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 frontend main *:80 default_backend websrvs backend websrvs balance roundrobin server node7 172.16.31.30:80check server node8 172.16.31.31:80check
4.启动服务:
[root@hap haproxy]# service haproxy start Starting haproxy: [ OK ]
5.访问测试:
是基于轮询调度算法的。
七.常用配置解析:
1.cookie会话保持
backend websrvs balance roundrobin cookie SRV insert indirectnocache server node7 172.16.31.30:80cookie node7 check rise 1 fall 2 server node8 172.16.31.31:80cookie node8 check
重启haproxy服务:
[root@hap haproxy]# service haproxy restart Stopping haproxy: [ OK ] Starting haproxy: [ OK ]
访问测试:
记录了cookie,实现了会话保持:
2.启用反向服务器状态信息页面
backend websrvs balance roundrobin server node7 172.16.31.30:80cookie node7 check rise 1 fall 2 server node8 172.16.31.31:80cookie node8 check stats enable
重启haproxy服务,访问测试:
状态页安全性配置:
backend websrvs balance roundrobin server node7 172.16.31.30:80cookie node7 check rise 1 fall 2 server node8 172.16.31.31:80cookie node8 check stats enable stats uri /haproxyadm?stats stats hide-version stats realm HAProxy\ Status stats auth admin:admin stats admin if TRUE
重启haproxy服务,访问测试:
3.让后端web服务器记录真实的访问客户端IP地址
更改后端web服务器的日志格式:
[root@node7 ~]# vim/etc/httpd/conf/httpd.conf
#LogFormat "%h %l %u %t\"%r\" %>s %b \"%{Referer}i\"\"%{User-Agent}i\"" combined
#将如上日志格式更改为下面的格式即可
LogFormat "%{X-Forwarded-For}i %l %u%t \"%r\" %>s %b \"%{Referer}i\"\"%{User-Agent}i\"" combined
重新启动web服务器后进行测试访问后查看日志:
[root@node7 ~]# tail/var/log/httpd/access_log #以前访问的记录地址都是haproxy服务器的地址 172.16.31.32 - - [11/Jan/2015:10:03:45+0800] "GET / HTTP/1.1" 200 16 "-" "Mozilla/5.0(Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/37.0.2062.124 Safari/537.36" #更改记录日志格式后记录的是真实的客户端IP地址 172.16.31.254 - - [11/Jan/2015:11:15:50+0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0(Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/37.0.2062.124 Safari/537.36" 172.16.31.254 - - [11/Jan/2015:11:15:56+0800] "GET / HTTP/1.1" 200 16 "-" "Mozilla/5.0(Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/37.0.2062.124 Safari/537.36"
4.通过ACL实现网站访问的动静分离
我通过ACL将动态资源的访问到节点7,而静态资源的访问定位到节点8
先在节点7和节点8安装php,实现php动态资源和httpd服务器的结合:
# yum install -y php
创建phpinfo测试页:
#cat /var/www/html/index.php <?php phpinfo(); ?>
节点7和节点8都存在动态的php测试页:
我们配置haproxy实现动静分离:
[root@hap haproxy]# cat /etc/haproxy/haproxy.cfg global # to have these messages end up in/var/log/haproxy.log you will #need to: # #1) configure syslog to accept network log events. This is done # by adding the '-r' option tothe SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # #2) configure local2 events to go to the /var/log/haproxy.log # file. A line like thefollowing can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon #turn on stats unix socket stats socket /var/lib/haproxy/stats defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 listen stats bind :1080 mode http stats enable stats uri /haproxy?stats stats realm HAProxy\ Status stats auth admin:admin stats admin if TRUE frontend http-in bind *:80 mode http log global option httpclose option logasap option dontlognull capture request header Host len 20 capture request header Referer len 60 acl url_static path_beg -i /static /p_w_picpaths /javascript /stylesheets acl url_static path_end -i .html .jpg .jpeg .gif .png .css .js acl url_dynamic path_end -i .php .jsp use_backend static_servers if url_static use_backend dynamic_servers if url_dynamic default_backend dynamic_servers backend static_servers balance roundrobin server node7 172.16.31.30:80check maxconn 1000 backend dynamic_servers balance roundrobin cookie srv insert nocache server node8 172.16.31.31:80 check maxconn 1000 cookie node8
重新启动haproxy服务进行访问测试:
我们访问静态的html页面,代理服务器就定位到节点7上进行访问;
我们访问动态页面,代理服务器就将请求定位到了节点8上,并记录了session会话状态;
至此,一些基础的haproxy实用配置就介绍到这里。