1. 源码包下载及安装
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
root@iZ23tsilmb7Z:/usr/local/src# apt-get -y install make gcc
--2016-07-03 20:28:35-- http://fossies.org/linux/misc/haproxy-1.6.6.tar.gz
Resolving fossies.org (fossies.org)... 138.201.17.217Connecting to fossies.org (fossies.org)|138.201.17.217|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 1565046 (1.5M) [application/x-gzip]
Saving to: ‘haproxy-1.6.6.tar.gz’
100%[==============================================================>] 1,565,046 210KB/s in 8.1s
2016-07-03 20:28:44 (190 KB/s) - ‘haproxy-1.6.6.tar.gz’ saved [1565046/1565046]
root@iZ23tsilmb7Z:/usr/local/src# tar -zxvf haproxy-1.6.6.tar.gz
root@iZ23tsilmb7Z:/usr/local/src# cd haproxy-1.6.6
root@iZ23tsilmb7Z:/usr/local/src/haproxy-1.6.6# make TARGET=linux2628 PREFIX=/usr/local/haproxy
root@iZ23tsilmb7Z:/usr/local/src/haproxy-1.6.6# make install PREFIX=/usr/local/haproxy
//参数说明
TARGET=linux26#使用uname -r查看内核,如:2.6.18-371.el5,此时该参数就为linux26#kernel 大于2.6.28的用:TARGET=linux2628PREFIX=/usr/local/haprpxy #/usr/local/haprpxy为haprpxy安装路径
|
2.配置启动脚本
|
1
2
3
|
cp /usr/local/src/haproxy-1.6.3/examples/haproxy.init /etc/init.d/haproxy
chmod +x /etc/init.d/haproxy
useradd -r haproxy -s /sbin/nologin
|
如果是ubuntu系统需要/etc/init.d/functions为/lib/lsb/init-functins
注释/etc/sysconfig/network [ ${NETWORKING} = "no" ] && exit 0
同时去除start 里面damon
3.配置环境变量
|
1
2
|
echo 'PATH="/usr/local/haproxy/sbin:$PATH"' >> /etc/profile
source /etc/profile
|
4.haproxy配置文件
|
1
2
3
4
|
mkdir /etc/haproxy
mkdir /var/lib/haproxy
cd /etc/haproxy/
vim haproxy.cfg |
5.启动脚本更改
|
1
2
|
vim /etc/init.d/haproxy
35 BIN=/usr/sbin/$BASENAME # 替换BIN=/usr/local/haproxy/sbin/$BASENAME
|
6.配置haproxy日志
|
1
2
3
4
5
6
7
|
[root@localhost haproxy-1.6.3]# vim /etc/rsyslog.conf #17,18是关于tcp行注释取消,#最后增加一行
16 # Provides TCP syslog reception
17 $ModLoad imtcp
18 $InputTCPServerRun 514
local3.* /var/log/haproxy.log
[root@localhost haproxy-1.6.3]# /etc/init.d/rsyslog restart
|
7.haproxy.cfg配置文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
# 全局配置,日志,运行安装路径,global log 127.0.0.1 local3 info # 日志存储到127.0.0.1,端口是514,
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid #配置haproxy的sock文件,权限是600,等级是admin权限,超时2分钟
stats socket /var/lib/haproxy/haproxy.sock mode 660 level admin
stats timeout 2m
user haproxy
group haproxy
daemon
# 默认配置defaults log global
mode http
#option httplog # 访问日志关闭
option dontlognull # 不记录空链接,如监控链接
timeout connect 5000
timeout client 50000
timeout server 50000
timeout check 10000
maxconn 3000
# 状态监控页面listen haproxy_status # 绑定地址,每5s自动刷新,隐藏版本,状态访问页面,认证账号,密码,条件满足进入管理界面
bind 172.16.1.14:8888
stats enable
stats refresh 100s
stats hide-version
stats uri /haproxy-status
stats realm "HAProxy/ static"
stats auth admin:admin123
stats admin if TRUE
# 允许的网段,允许,拒绝
#acl allow src 192.168.12.0/24
#tcp-request content accept if allow
#tcp-request content reject
# 1.匹配到www.pinhui001.com域名,跳转到www_backendfrontend ph_web bind 172.16.1.14:80
acl www hdr_end(host) pinhui001.com #ACL规则定义的方式有hdr_reg(host)、hdr_dom(host)、hdr_beg(host)、url_sub、url_dir、path_beg、path_end等,-i表示不匹配大小写
acl www hdr_end(host) www.pinhui001.com
use_backend www_backend if www
# 2.匹配到目录static,images及jpg,png结尾的跳转到frontend ph_static bind 172.16.1.14:1802
acl url_static path_beg -i /static /images /stylesheets
#acl url_static path_end -i .jpg .gif .png .css .js
acl static_reg url_reg /*.(css|jpg|js|jpeg|gif)$
use_backend static_backend if url_static
# testfrontend test_web bind 172.16.1.14:8899
acl test hdr_beg(host) -i test.pinhui001.cc
use_backend test_backend if test
backend test_backend mode http
balance roundrobin
option forwardfor header X-REAL-IP
option httpchk GET /iisstart.htm HTTP/1.1\r\nHost:172.16.1.25:80
server web-node1 172.16.1.25:80 check inter 2000 rise 3 fall 3 weight 1
# 1.backend www_backend # 随机,2秒检测,2次成功认为服务可用,3次失败认为服务不可用,权重为1
# option httpchk GET /index.html
balance roundrobin
option forwardfor header X-REAL-IP
server web-node1 172.16.1.25:18201 check inter 2000 rise 3 fall 3 weight 1
server web-node3 192.168.2.16:80 check inter 2000 rise 3 fall 3 weight 1
# 2.backend static_backend balance roundrobin
option forwardfor header X-REAL-IP
# cookie中插入srv字串防止登录信息丢失
cookie srv insert nocache
server static01 172.16.1.110:80 check inter 2000 rise 2 fall 3 weight 1
server static02 172.16.1.111:80 check inter 2000 rise 2 fall 3 weight 1
|
8.动态管理haproxy
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
# 配置文件全局加入2行vim /etc/haproxy/haproxy.cfg
global stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
stats timeout 2m
# 安装sockeryum list | grep socat
yum install -y socat
# 查看支持的命令[root@ha-node01 haproxy]# echo "help" | socat stdio /var/lib/haproxy/haproxy.sock
[root@ha-node01 haproxy]# echo "show info" | socat stdio /var/lib/haproxy/haproxy.sock # 查看状态信息
# 关闭某台主机,开启cho "disable server test_backend/web-node1" | socat stdio /var/lib/haproxy/haproxy.sock
echo "enable server test_backend/web-node1" | socat stdio /var/lib/haproxy/haproxy.sock
|
9.haproxy性能调优
|
1
2
3
4
5
6
|
[root@ha-node01 haproxy]# cat /proc/sys/net/ipv4/ip_local_port_range # 端口范围调大
32768 61000 [root@ha-node01 haproxy]# cat /proc/sys/net/ipv4/tcp_tw_reuse # 设置1
1 [root@ha-node01 haproxy]# cat /proc/sys/net/ipv4/tcp_fin_timeout # 时间调短
30 |