HAProxy

HAProxy

HAProxy 是一款提供高可用性、负载均衡以及基于TCP（第四层）和HTTP（第七层）应用的代理软件，支持虚拟主机，它是免费、快速并且可靠的一种解决方案。 HAProxy特别适用于那些负载特大的web站点，这些站点通常又需要会话保持或七层处理。HAProxy运行在时下的硬件上，完全可以支持数以万计的 并发连接。并且它的运行模式使得它可以很简单安全的整合进您当前的架构中， 同时可以保护你的web服务器不被暴露到网络上

HAProxy搭建HTTP负载集群

本次环境为：

主机名	IP	安装的服务	用途
localhost	192.168.44.128	haproxy	调度器
node2	192.168.44.129	httpd	RS
node3	192.168.44.130	httpd	RS

//调度器准备工作
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0

//node2准备工作
[root@node2 ~]# systemctl stop firewall
[root@node2 ~]# setenforce 0
[root@node2 ~]# yum -y install httpd
[root@node2 ~]# systemctl enable --now httpd
[root@node2 ~]# echo RS1 > /var/www/html/index.html

//node3准备工作
[root@node3 ~]# systemctl  stop firewalld
[root@node3 ~]# setenforce 0
[root@node3 ~]# yum -y install httpd
[root@node3 ~]# systemctl enable --now httpd
[root@node3 ~]# echo RS2 > /var/www/html/index.html

//调度器配置
[root@localhost ~]# wget https://www.haproxy.org/download/2.3/src/haproxy-2.3.10.tar.gz
[root@localhost ~]# yum -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel

//创建用户
[root@localhost ~]# useradd -r -M -s /sbin/nologin haproxy

//编译安装haproxy
[root@localhost ~]# tar xf haproxy-2.3.10.tar.gz 
[root@localhost ~]# cd haproxy-2.3.10/
[root@localhost haproxy-2.3.10]# make -j $(grep 'processor' /proc/cpuinfo |wc -l)  
TARGET=linux-glibc  
USE_OPENSSL=1  
USE_ZLIB=1  
USE_PCRE=1  
USE_SYSTEMD=1

[root@localhost haproxy-2.3.10]# make install PREFIX=/usr/local/haproxy
[root@localhost haproxy-2.3.10]# cp haproxy /usr/sbin/
[root@localhost ~]# echo 'net.ipv4.ip_nonlocal_bind = 1' >>  /etc/sysctl.conf
[root@localhost ~]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
[root@localhost ~]# sysctl -p

//提供配置文件
[root@localhost ~]# mkdir /etc/haproxy

[root@localhost ~]# vim /etc/haproxy/haproxy.cfg
global
    daemon
    maxconn 256
    
defaults
    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms
    
frontend http-in
    bind *:80
    default_backend servers
    
backend servers
    server web01 192.168.44.129:80
    server web02 192.168.44.130:80
    
[root@localhost ~]# haproxy -f /etc/haproxy/haproxy.cfg -c
Configuration file is valid

//启动服务
[root@localhost ~]# haproxy -f /etc/haproxy/haproxy.cfg
[root@localhost ~]# ss -antl
State     Recv-Q     Send-Q         Local Address:Port         Peer Address:Port    
LISTEN    0          128                  0.0.0.0:80                0.0.0.0:*       
LISTEN    0          128                  0.0.0.0:22                0.0.0.0:*       
LISTEN    0          128                     [::]:22                   [::]:* 

//守护进程启动
[root@localhost ~]# vim /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg   -c -q
ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg  -p /var/run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID

[Install]
WantedBy=multi-user.target

[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl enable --now haproxy
[root@localhost ~]# ss -antl
State     Recv-Q     Send-Q         Local Address:Port         Peer Address:Port    
LISTEN    0          128                  0.0.0.0:22                0.0.0.0:*             
LISTEN    0          128                  0.0.0.0:80                0.0.0.0:*       
LISTEN    0          128                     [::]:22                   [::]:* 

//测试
[root@localhost ~]# curl 192.168.44.129
RS1
[root@localhost ~]# curl 192.168.44.130
RS2

HAProxy搭建HTTPS负载集群

//在RS上安装mod_ssl
[root@node2 ~]# yum -y install mod_ssl
[root@node3 ~]# yum -y install mod_ssl

//这里就不做证书，使用默认的证书，重启服务来查看443端口是否启动
[root@node2 ~]# systemctl restart httpd
[root@node3 ~]# systemctl restart httpd

[root@localhost ~]# vim /etc/haproxy/haproxy.cfg
global
    log 127.0.0.1 local2  info
    maxconn 20480
    chroot /usr/local/haproxy
    pidfile /var/run/haproxy.pid
    stats socket  /var/lib/haproxy/haproxy.sock mode 600 level admin
    user haproxy
    group haproxy
    daemon
    nbproc 1
    nbthread 4
    spread-checks 5

defaults
    mode http
    log global
    option dontlognull
    option httpclose
    option  http-keep-alive
    option redispatch
    balance roundrobin
    timeout connect 60s
    timeout client 30s
    timeout server 30s
    timeout check 10s
    maxconn 60000
    retries 3

listen https
    bind 0.0.0.0:443
    log global
    mode tcp
    balance  roundrobin 
    server web01 192.168.44.129:443 check inter 2s fall 3 rise 5
    server web02 192.168.44.130:443 check inter 2s fall 3 rise 5

[root@localhost ~]# mkdir /var/lib/haproxy

//重启服务
[root@localhost ~]# systemctl restart haproxy
[root@localhost ~]# ss -antl
State     Recv-Q     Send-Q         Local Address:Port         Peer Address:Port    
LISTEN    0          128                  0.0.0.0:22                0.0.0.0:*       
LISTEN    0          128                  0.0.0.0:443               0.0.0.0:*           
LISTEN    0          128                     [::]:22                   [::]:*  

//测试
[root@localhost ~]# curl -k https://192.168.44.129
RS1
[root@localhost ~]# curl -k https://192.168.44.130
RS2

//修改配置文件
[root@localhost ~]# vim /etc/haproxy/haproxy.cfg
#--------------全局配置----------------
global
    log 127.0.0.1 local0  info
    #log loghost local0 info
    maxconn 20480
#chroot /usr/local/haproxy
    pidfile /var/run/haproxy.pid
    #maxconn 4000
    user haproxy
    group haproxy
    daemon
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode http
    log global
    option dontlognull
    option httpclose
    option httplog
    #option forwardfor
    option redispatch
    balance roundrobin
    timeout connect 10s
    timeout client 10s
    timeout server 10s
    timeout check 10s
    maxconn 60000
    retries 3
#--------------统计页面配置------------------
listen admin_stats
    bind 0.0.0.0:8189
    stats enable
    mode http
    log global
    stats uri /haproxy_stats
    stats realm Haproxy Statistics
    stats auth admin:admin
    #stats hide-version
    stats admin if TRUE
    stats refresh 30s
#---------------web设置-----------------------
listen webcluster
    bind 0.0.0.0:80
    mode http
    #option httpchk GET /index.html
    log global
    maxconn 3000
    balance roundrobin
    cookie SESSION_COOKIE insert indirect nocache
    server web01 192.168.44.129:80 check inter 2000 fall 5
    server web02 192.168.44.130:80 check inter 2000 fall 5
    #server web01 192.168.80.102:80 cookie web01 check inter 2000 fall 5
    
//重启服务
[root@localhost ~]# systemctl restart haproxy
[root@localhost ~]# ss -antl
State     Recv-Q     Send-Q         Local Address:Port         Peer Address:Port    
LISTEN    0          128                  0.0.0.0:80                0.0.0.0:*       
LISTEN    0          128                  0.0.0.0:22                0.0.0.0:*       
LISTEN    0          128                  0.0.0.0:8189              0.0.0.0:*       
LISTEN    0          128                     [::]:22                   [::]:* 

//启用日志
[root@localhost ~]# vim /etc/rsyslog.conf
······
# Save boot messages also to boot.log
(插入一行内容如下)
local0.info                                             /var/log/haproxy.log
local7.*                                                /var/log/boot.log

[root@localhost ~]# systemctl restart rsyslog
[root@localhost ~]# cat /etc/haproxy/haproxy.cfg 
······
#--------------统计页面配置------------------
    stats uri /haproxy_stats           //访问方式
    stats realm Haproxy Statistics  
    stats auth admin:admin           //用户名和密码均为admin

使用网页访问测试

访问 192.168.44.128:8189/haproxy_stats

输入用户名admin和密码admin

当RS服务启动时，手动down掉网页那边的服务，过一会刷新服务会重新起来；当RS服务关掉时，即使手动开启网页那边的服务，过一会儿刷新服务会依然显示没启动。