(一)简述
HAProxy是一个使用C语言编写的自由及开放源代码软件[1],其提供高可用性、负载均衡,以及基于TCP和HTTP的应用程序代理。
HAProxy特别适用于那些负载特大的web站点,这些站点通常又需要会话保持或七层处理。HAProxy运行在当前的硬件上,完全可以支持数以万计的并发连接。并且它的运行模式使得它可以很简单安全的整合进您当前的架构中, 同时可以保护你的web服务器不被暴露到网络上。
HAProxy实现了一种事件驱动, 单一进程模型,此模型支持非常大的并发连接数。多进程或多线程模型受内存限制 、系统调度器限制以及无处不在的锁限制,很少能处理数千并发连接。事件驱动模型因为在有更好的资源和时间管理的用户空间(User-Space) 实现所有这些任务,所以没有这些问题。此模型的弊端是,在多核系统上,这些程序通常扩展性较差。这就是为什么他们必须进行优化以 使每个CPU时间片(Cycle)做更多的工作。包括 GitHub、Bitbucket[3]、Stack Overflow[4]、Reddit、Tumblr、Twitter[5][6]和 Tuenti[7]在内的知名网站,及亚马逊网络服务系统都使用了HAProxy。---百度百科
(二)环境配置
OS:CentOS Linux release 7.2.1511 (Core)
HAProxy:haproxy-1.7.8(最新稳定版)
(三)具体的安装步骤如下(本文全部以编译安装为例):
(1)创建haproxy运行的用户和组
1
2
|
[root@localhost ~]
# groupadd -r haproxy
[root@localhost ~]
# useradd -g haproxy -M -s /sbin/nologin haproxy
|
(1)去haproxy官网下载所需要的源码包(http://www.haproxy.org/)
1
2
3
4
5
6
7
8
9
|
[root@localhost
install
]
# wget http://www.haproxy.org/download/1.7/src/haproxy-1.7.8.tar.
gz
--2017-07-19 10:20:00-- http:
//www
.haproxy.org
/download/1
.7
/src/haproxy-1
.7.8.
tar
.gz
Resolving www.haproxy.org (www.haproxy.org)... 51.15.8.218
Connecting to www.haproxy.org (www.haproxy.org)|51.15.8.218|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1746321 (1.7M) [application
/x-tar
]
Saving to: ‘haproxy-1.7.8.
tar
.gz.1’
46% [=====================> ] 815,069 45.1KB
/s
eta 62s
|
(2)编译安装haproxy
1
2
3
4
5
6
7
8
9
10
11
12
|
[root@localhost
install
]
# tar xf haproxy-1.7.8.tar.gz
[root@localhost
install
]
# cd haproxy-1.7.8
[root@localhost haproxy-1.7.8]
# uname -r
3.10.0-327.el7.x86_64
[root@localhost haproxy-1.7.8]
# make TARGET=linux2628 ARCH=x86_64 PRXFIX=/usr/local/haproxy
[root@localhost haproxy-1.7.8]
# make install PREFIX=/usr/local/haproxy
install
-d
"/usr/local/haproxy/sbin"
install
haproxy
"/usr/local/haproxy/sbin"
install
-d
"/usr/local/haproxy/share/man"
/man1
install
-m 644 doc
/haproxy
.1
"/usr/local/haproxy/share/man"
/man1
install
-d
"/usr/local/haproxy/doc/haproxy"
for
x
in
configuration management architecture cookie-options lua WURFL-device-detection proxy-protocol linux-syn-cookies network-namespaces DeviceAtlas-device-detection 51Degrees-device-detection netscaler-client-ip-insertion-protocol close-options SPOE intro;
do
|
备注说明:TARGET=linux3100 是根据uname -r 命令来查看该服务器的内核版本号,
如:2.6.18-371.el5,此时该参数就为linux26,如果kernel 大于2.6.28的用:TARGET=linux2628 。现在本机查询的是3.10.0-327.el7.x86_64 所有TARGET=linux3100 ,ARCH=x86_64 #系统位数
TARGET则根据当前操作系统内核版本指定
- linux22 for Linux 2.2
- linux24 for Linux 2.4 and above (default)
- linux24e for Linux 2.4 with support for a working epoll (> 0.21)
- linux26 for Linux 2.6 and above
- linux2628 for Linux 2.6.28, 3.x, and above (enables splice and tproxy)
本文的操作系统内核版本为3.10.0,TARGET指定为 linux2628。
(3)设置haproxy相关的配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@localhost haproxy]
# mkdir /usr/local/haproxy/conf #创建配置目录
[root@localhost haproxy]
# mkdir /etc/haproxy/ #创建启动脚本配置目录
[root@localhost haproxy]
# touch /usr/local/haproxy/conf/haproxy.cfg #创建主配置文件
[root@localhost haproxy]
# ln -s /usr/local/haproxy/conf/haproxy.cfg /etc/haproxy/haproxy.cfg ### 添加配置文件的软连接
[root@localhost haproxy]
# ln -s /usr/local/haproxy/sbin/haproxy /usr/sbin ##添加服务的软连接
[root@localhost haproxy]
# mkdir /usr/local/haproxy/log ##创建日志目录
[root@localhost haproxy]
# touch /usr/local/haproxylog/haproxy.log ###创建日志文件
[root@localhost haproxy]
# ln -s /usr/local/haproxy/log/haproxy.log /var/log/haproxy.log ##添加软连接
[root@localhost examples]
# cp -r /tmp/install/haproxy-1.7.8/examples/errorfiles/ /usr/loc
al
/haproxy/
##拷贝错误页面
[root@localhost examples]
#ln -s /usr/local/haproxy/errorfiles /etc/haproxy/errorfiles ##给错误页面添加软连接
|
(4)把haproxy做成服务并添加自启动。
1
2
3
4
5
6
7
8
9
10
11
12
|
[root@localhost haproxy]
# cp /tmp/install/haproxy-1.7.8/examples/haproxy.init /etc/init.d/haproxy ##从安装包里拷贝服务启动脚本
[root@localhost haproxy]
# chmod +x /etc/init.d/haproxy
[root@localhost haproxy]
# chkconfig --add haproxy
[root@localhost haproxy]
# chkconfig haproxy on
[root@localhost haproxy]
# chkconfig --list|grep haproxy
Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.
If you want to list systemd services use
'systemctl list-unit-files'
.
To see services enabled on particular target use
'systemctl list-dependencies [target]'
.
haproxy 0:off 1:off 2:on 3:on 4:on 5:on 6:off
|
(5)配置haproxy.cfg参数
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
[root@localhost haproxy]# vim /usr/
local
/haproxy/conf/haproxy.cfg
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log
127.0
.
0.1
local
2
###[err warning info debug]
chroot /usr/
local
/haproxy
pidfile /var/run/haproxy.pid ###haproxy的pid存放路径,启动进程的用户必须有权限访问此文件
maxconn
4000
###最大连接数,默认
4000
user haproxy
group haproxy
daemon ###创建
1
个进程进入deamon模式运行。此参数要求将运行模式设置为
"daemon"
#---------------------------------------------------------------------
# common defaults that
all
the
'listen'
and
'backend'
sections will
# use if not designated in their
block
#---------------------------------------------------------------------
defaults
mode http ###默认的模式mode { tcp|http|health },tcp是
4
层,http是
7
层,health只会返回OK
log global ###采用全局定义的日志
option dontlognull ###不记录健康检查的日志信息
option httpclose ###每次请求完毕后主动关闭http通道
option httplog ###日志类别http日志格式
option forwardfor ###如果后端服务器需要获得客户端真实ip需要配置的参数,可以从Http Header中获得客户端ip
option redispatch ###serverId对应的服务器挂掉后,强制定向到其他健康的服务器
timeout connect
10000
#defa
ult
10
second timeout if a backend is not found
timeout client
300000
###客户端连接超时
timeout server
300000
###服务器连接超时
maxconn
60000
###最大连接数
retries
3
###
3
次连接失败就认为服务不可用,也可以通过后面设置
####################################################################
listen stats
bind
0.0
.
0.0:
1080
#监听端口
stats refresh
30
s #统计页面自动刷新时间
stats uri /stats #统计页面
url
stats realm Haproxy Manager #统计页面密码框上提示文本
stats auth admin:admin #统计页面用户名和密码设置
#stats hide-version #隐藏统计页面上HAProxy的版本信息
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind
0.0
.
0.0:
80
acl url_static path_beg -i /
static
/images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend
static
if url_static ###满足策略要求,则响应策略定义的backend页面
default_backend dynamic ###不满足则响应backend的默认页面
#---------------------------------------------------------------------
#
static
backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend
static
balance roundrobin ###负载均衡模式轮询
server
static
127.0
.
0.1:
80
check ###后端服务器定义
backend dynamic
balance roundrobin
server websrv
1
192.168
.
180.9:
80
check maxconn
2000
server websrv
2
192.168
.
180.4:
80
check maxconn
2000
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
errorfile
403
/etc/haproxy/errorfiles/
403
.http
errorfile
500
/etc/haproxy/errorfiles/
500
.http
errorfile
502
/etc/haproxy/errorfiles/
502
.http
errorfile
503
/etc/haproxy/errorfiles/
503
.http
|
(6)通过/etc/init.d/haproxy start|stop|restart|status等命令控制haproxy服务
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
[root@localhost conf]
# /etc/init.d/haproxy start
Starting haproxy (via systemctl): [ OK ]
[root@localhost conf]
# ps -ef|grep haproxy
haproxy 4693 1 0 14:29 ? 00:00:00
/usr/local/haproxy/sbin/haproxy
-D -f
/etc/haproxy/haproxy
.cfg -p
/var/run/haproxy
.pid
root 4696 2767 0 14:29 pts
/0
00:00:00
grep
--color=auto haproxy
[root@localhost conf]
# netstat -lntp|grep haproxy
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4693
/haproxy
tcp 0 0 0.0.0.0:1080 0.0.0.0:* LISTEN 4693
/haproxy
[root@localhost conf]
# /etc/init.d/haproxy restart
Restarting haproxy (via systemctl): [ OK ]
[root@localhost conf]
# /etc/init.d/haproxy status
/etc/init
.d
/haproxy
: line 26: [: =: unary operator expected
● haproxy.service - SYSV: HA-Proxy is a TCP
/HTTP
reverse proxy
which
is particularly suited
for
high availability environments.
Loaded: loaded (
/etc/rc
.d
/init
.d
/haproxy
)
Active: active (running) since Wed 2017-07-19 14:29:36 CST; 5s ago
Docs:
man
:systemd-sysv-generator(8)
Process: 4712 ExecStop=
/etc/rc
.d
/init
.d
/haproxy
stop (code=exited, status=0
/SUCCESS
)
Process: 4718 ExecStart=
/etc/rc
.d
/init
.d
/haproxy
start (code=exited, status=0
/SUCCESS
)
Main PID: 4723 (haproxy)
CGroup:
/system
.slice
/haproxy
.service
└─4723
/usr/local/haproxy/sbin/haproxy
-D -f
/etc/haproxy/haproxy
.cfg -p
/var/run/haproxy
.pid
Jul 19 14:29:36 localhost.localdomain systemd[1]: Starting SYSV: HA-Proxy is a TCP
/HTTP
reverse proxy
which
is particularly...ts....
Jul 19 14:29:36 localhost.localdomain haproxy[4718]:
/etc/rc
.d
/init
.d
/haproxy
: line 26: [: =: unary operator expected
Jul 19 14:29:36 localhost.localdomain haproxy[4718]: Starting haproxy: [ OK ]
Jul 19 14:29:36 localhost.localdomain systemd[1]: Started SYSV: HA-Proxy is a TCP
/HTTP
reverse proxy
which
is particularly ...ents..
Hint: Some lines were ellipsized, use -l to show
in
full.
|
(7)设置haproxy日志。编辑/etc/rsyslog.conf 取消注释:
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
添加
local2.* /var/log/haproxy.log
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
[root@localhost rsyslog.d]
# vim /etc/rsyslog.conf
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock
# provides support for local system logging (e.g. via logger command)
$ModLoad imjournal
# provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
*.info;mail.none;authpriv.none;
cron
.none;local2.none
/var/log/messages
# The authpriv file has restricted access.
authpriv.*
/var/log/secure
# Log all the mail messages in one place.
mail.* -
/var/log/maillog
# Log cron stuff
cron
.*
/var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit
/var/log/spooler
# Save boot messages also to boot.log
local7.*
/var/log/boot
.log
local2.*
/var/log/haproxy
.log
|
########备注:重要以上修改haproxy日志会同时写入到/var/log/haproxy.log和/var/log/message两个文件里,由于haproxy日志量很多所以只让其写入到/var/log/haproxy.log文件需要修改/etc/rsyslog.conf 文件这个配置
*.info;mail.none;authpriv.none;cron.none;local3.none /var/log/messages
这样只会写入到/var/log/haproxy.log
修改/etc/sysconfig/rsyslog。#修改”SYSLOGD_OPTIONS”参数,-c 2 使用兼容模式,默认是 -c 5;-r 开启远程日志;-m 0 标记时间戳,单位是分钟,0表示禁用该功能。
1
2
3
4
5
6
7
8
9
|
[root@localhost etc]
# vim /etc/sysconfig/rsyslog
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
#SYSLOGD_OPTIONS=""
SYSLOGD_OPTIONS=
"-c 2 -r -m 0"
#SYSLOGD_OPTIONS="-c 2 -r -m 0"
&~
|
重新启动rsyslog服务
[root@localhost etc]# systemctl restart rsyslog.service
[root@localhost ~]# tail -f /var/log/haproxy.log
Jul 19 16:29:07 localhost haproxy[5341]: 192.168.181.231:56192 [19/Jul/2017:16:29:07.430] stats stats/<STATS> 0/0/0/0/0 200 23388 - - LR-- 0/0/0/0/0 0/0 "GET /stats HTTP/1.1"
(8)打开浏览器打开haproxy监控页面,192.168.180.23:1080/stats,如下;
至此安装完成。
本文转自 lqbyz 51CTO博客,原文链接:http://blog.51cto.com/liqingbiao/1949001