• HAproxy-1.6.X 安装部署


    1. 源码包下载及安装

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    root@iZ23tsilmb7Z:/usr/local/src# apt-get -y install make gcc
    root@iZ23tsilmb7Z:/usr/local/src# wget http://fossies.org/linux/misc/haproxy-1.6.6.tar.gz
    --2016-07-03 20:28:35--  http://fossies.org/linux/misc/haproxy-1.6.6.tar.gz
    Resolving fossies.org (fossies.org)... 138.201.17.217
    Connecting to fossies.org (fossies.org)|138.201.17.217|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 1565046 (1.5M) [application/x-gzip]
    Saving to: ‘haproxy-1.6.6.tar.gz’
     
    100%[==============================================================>] 1,565,046    210KB/s   in 8.1s   
     
    2016-07-03 20:28:44 (190 KB/s) - ‘haproxy-1.6.6.tar.gz’ saved [1565046/1565046]
     
    root@iZ23tsilmb7Z:/usr/local/src# tar -zxvf haproxy-1.6.6.tar.gz
    root@iZ23tsilmb7Z:/usr/local/src# cd haproxy-1.6.6
    root@iZ23tsilmb7Z:/usr/local/src/haproxy-1.6.6# make TARGET=linux2628 PREFIX=/usr/local/haproxy
    root@iZ23tsilmb7Z:/usr/local/src/haproxy-1.6.6# make install PREFIX=/usr/local/haproxy
     
    //参数说明
    TARGET=linux26
    #使用uname -r查看内核,如:2.6.18-371.el5,此时该参数就为linux26
    #kernel 大于2.6.28的用:TARGET=linux2628
    PREFIX=/usr/local/haprpxy   #/usr/local/haprpxy为haprpxy安装路径

     2.配置启动脚本

    1
    2
     3
    cp /usr/local/src/haproxy-1.6.3/examples/haproxy.init /etc/init.d/haproxy
    chmod +x /etc/init.d/haproxy
    useradd -r haproxy -s /sbin/nologin

    如果是ubuntu系统需要/etc/init.d/functions为/lib/lsb/init-functins

    注释/etc/sysconfig/network   [ ${NETWORKING} = "no" ] && exit 0

    同时去除start 里面damon

     3.配置环境变量

    1
    2
    echo 'PATH="/usr/local/haproxy/sbin:$PATH"' >> /etc/profile
    source /etc/profile

     4.haproxy配置文件

    1
    2
    3
    4
    mkdir /etc/haproxy
    mkdir /var/lib/haproxy
    cd /etc/haproxy/
    vim haproxy.cfg

     5.启动脚本更改

    1
    2
    vim /etc/init.d/haproxy
     35 BIN=/usr/sbin/$BASENAME   # 替换BIN=/usr/local/haproxy/sbin/$BASENAME

     6.配置haproxy日志

    1
    2
    3
    4
    5
    6
    7
    [root@localhost haproxy-1.6.3]# vim /etc/rsyslog.conf     #17,18是关于tcp行注释取消,#最后增加一行
     16 # Provides TCP syslog reception
     17 $ModLoad imtcp
     18 $InputTCPServerRun 514
      
    local3.* /var/log/haproxy.log
    [root@localhost haproxy-1.6.3]# /etc/init.d/rsyslog restart

    7.haproxy.cfg配置文件

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    # 全局配置,日志,运行安装路径,
    global
            log 127.0.0.1 local3 info  # 日志存储到127.0.0.1,端口是514,
     
            chroot /var/lib/haproxy
            pidfile /var/run/haproxy.pid        #配置haproxy的sock文件,权限是600,等级是admin权限,超时2分钟
            stats socket /var/lib/haproxy/haproxy.sock mode 660 level admin
            stats timeout 2m
            user haproxy
            group haproxy
            daemon
     
    # 默认配置
    defaults
            log global
            mode http
            #option httplog         # 访问日志关闭
            option dontlognull      # 不记录空链接,如监控链接
            timeout connect 5000
            timeout client 50000
            timeout server 50000
            timeout check 10000
            maxconn 3000
     
    # 状态监控页面
    listen haproxy_status
            # 绑定地址,每5s自动刷新,隐藏版本,状态访问页面,认证账号,密码,条件满足进入管理界面
            bind 172.16.1.14:8888
            stats enable
            stats refresh 100s
            stats hide-version
            stats uri /haproxy-status
            stats realm "HAProxy/ static"
            stats auth admin:admin123
            stats admin if TRUE
            # 允许的网段,允许,拒绝
            #acl allow src 192.168.12.0/24
            #tcp-request content accept if allow
            #tcp-request content reject
     
    # 1.匹配到www.pinhui001.com域名,跳转到www_backend
    frontend ph_web
            bind 172.16.1.14:80
            acl www hdr_end(host) pinhui001.com        #ACL规则定义的方式有hdr_reg(host)、hdr_dom(host)、hdr_beg(host)、url_sub、url_dir、path_beg、path_end等,-i表示不匹配大小写
            acl www hdr_end(host) www.pinhui001.com
            use_backend www_backend if www
     
    # 2.匹配到目录static,images及jpg,png结尾的跳转到
    frontend ph_static
            bind 172.16.1.14:1802
            acl url_static path_beg -i /static /images /stylesheets
            #acl url_static path_end -i .jpg .gif .png .css .js
            acl static_reg url_reg /*.(css|jpg|js|jpeg|gif)$
            use_backend static_backend if url_static
     
    # test
    frontend test_web
            bind 172.16.1.14:8899
            acl test hdr_beg(host) -i test.pinhui001.cc
            use_backend test_backend if test
     
    backend test_backend
            mode http
            balance roundrobin
            option forwardfor header X-REAL-IP
            option httpchk GET /iisstart.htm HTTP/1.1 Host:172.16.1.25:80
            server web-node1 172.16.1.25:80 check inter 2000 rise 3 fall 3 weight 1
     
    # 1.
    backend www_backend
            # 随机,2秒检测,2次成功认为服务可用,3次失败认为服务不可用,权重为1
            # option httpchk GET /index.html
            balance roundrobin
            option forwardfor header X-REAL-IP
            server web-node1 172.16.1.25:18201 check inter 2000 rise 3 fall 3 weight 1
            server web-node3 192.168.2.16:80 check inter 2000 rise 3 fall 3 weight 1
     
    # 2.
    backend static_backend
            balance roundrobin
            option forwardfor header X-REAL-IP
            # cookie中插入srv字串防止登录信息丢失
            cookie srv insert nocache
            server static01 172.16.1.110:80 check inter 2000 rise 2 fall 3 weight 1
            server static02 172.16.1.111:80 check inter 2000 rise 2 fall 3 weight 1

     8.动态管理haproxy

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    # 配置文件全局加入2行
    vim /etc/haproxy/haproxy.cfg
    global
       stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
       stats timeout 2m
     
    # 安装socker
    yum list | grep socat
    yum install -y socat
     
    # 查看支持的命令
    [root@ha-node01 haproxy]# echo "help" | socat stdio /var/lib/haproxy/haproxy.sock
    [root@ha-node01 haproxy]# echo "show info" | socat stdio /var/lib/haproxy/haproxy.sock  # 查看状态信息
     
    # 关闭某台主机,开启
    cho "disable server test_backend/web-node1" | socat stdio /var/lib/haproxy/haproxy.sock
    echo "enable server test_backend/web-node1" | socat stdio /var/lib/haproxy/haproxy.sock

     9.haproxy性能调优

    1
    2
    3
    4
    5
    6
    [root@ha-node01 haproxy]# cat /proc/sys/net/ipv4/ip_local_port_range  # 端口范围调大
    32768   61000  
    [root@ha-node01 haproxy]# cat /proc/sys/net/ipv4/tcp_tw_reuse         # 设置1
    1             
    [root@ha-node01 haproxy]# cat /proc/sys/net/ipv4/tcp_fin_timeout      # 时间调短
    30         
  • 相关阅读:
    字段username没有默认值查询(设计数据库一定要养成好习惯,不是主键最好设置为可以为空)
    计算机中常见的一些概念理解
    Git常用的操作
    docker里面运行jenkins详解
    什么是持续交付
    持续集成概念理解
    Jenkins pipeline概念理解
    linux无法启动httpd服务问题
    linux关闭防火墙
    模板【Binary Indexed Tree树状数组】
  • 原文地址:https://www.cnblogs.com/breg/p/6020012.html
Copyright © 2020-2023  润新知