在上篇安装的nginx的机器环境上将nginx停掉
/usr/local/nginx/sbin/nginx -s stop
在linux-node2上编译安装haproxy作为反向代理服务器 [[email protected]-node1 ~]# cd /usr/local/src [[email protected] src]# wget http://www.haproxy.org/download/1.6/src/haproxy-1.6.2.tar.gz [[email protected] src]# tar zxf haproxy-1.6.2.tar.gz [[email protected] src]# cd haproxy-1.6.2 [[email protected] src]# make TARGET=linux2628 PREFIX=/usr/local/haproxy-1.6.2 [[email protected] src]# make install [[email protected] ~]# cp /usr/local/sbin/haproxy /usr/sbin/ [[email protected] ~]# haproxy -v HA-Proxy version 1.6.2 2015/12/25 Copyright 2000-2015 Willy Tarreau <[email protected]>
编辑Haproxy启动脚本
cd /usr/src/haproxy-1.6.2/ cp examples/haproxy.init /etc/init.d/haproxy chmod 755 /etc/init.d/haproxy
针对配置文件的路径创建以下文件
useradd -r haproxy mkdir /etc/haproxy mkdir /var/lib/haproxy mkdir /var/run/haproxy
编辑haproxy配置文件,配置log,并启动
cd /etc/haproxy/ cat haproxy.cfg global #全局配置,在所有配置段中都生效 log 127.0.0.1 local3 info #记录日志,,info是日志级别 chroot /var/lib/haproxy user haproxy group haproxy daemon defaults #默认配置,可以被前端和后端继承 log global #使用global的log设置 mode http #使用http模式,也可以使用tcp模式 option httplog #启动http请求的log option dontlognull #在日志中不记录空连接(空连接:健康检查的链接) timeout connect 5000 #长连接超时时间 timeout client 50000 #客户端连接超时 timeout server 50000 #RS连接超时 frontend www_check-blog_com #前端配置 + 一个配置段的名字(最好不要乱写,和项目直接相关最佳) mode http #使用http模式,也可以使用tcp模式 bind *:80 #监听80端口 stats uri /haproxy?stats #状态页面dashboard default_backend www_check-blog_com_backend #对应的backend名称 backend www_check-blog_com_backend #对应的frontend的default_backend #source cookie SERVERID #算法,source相当于ip hash option httpchk GET /index.html #检测url balance roundrobin #使用rr负载均衡方式 server linux-node1 192.168.230.129:8080 check inter 2000 rise 3 fall 3 weight 5 server linux-node2 192.168.230.128:8080 check inter 2000 rise 3 fall 3 weight 1 #RS健康检测时间间隔2秒,重试三次,失败三次不可用,权重1
[[email protected] haproxy]# vim /etc/rsyslog.conf ? 15 $ModLoad imudp #打开注释 ? 16 $UDPServerRun 514 #打开注释 ? 74 local3.* /var/log/haproxy.log #local3的路径
[[email protected] haproxy]# /etc/init.d/rsyslog restart Shutting down system logger: [ OK ] Starting system logger: [ OK ] [[email protected]-node2 haproxy]# /etc/init.d/haproxy start Starting haproxy: [ OK ]
浏览器访问
更改配置文件的检查url,对url检查页面进行测试
[[email protected] haproxy]# sed -i ‘s/index\.html/chuck-blog.html/g‘ haproxy.cfg [[email protected] haproxy]# /etc/init.d/haproxy restart Shutting down haproxy: [ OK ] Starting haproxy: [ OK ]
下面是检测url和uri的几种方式
option httpchk option httpchk <uri> option httpchk <method> <uri> option httpchk <method> <uri> <version>
将页面改回来
[[email protected] haproxy]# sed -i ‘s/chuck-blog.html/index\.html/g‘ haproxy.cfg [[email protected] haproxy]# /etc/init.d/haproxy restart Shutting down haproxy: [ OK ] Starting haproxy: [ OK ]
更改配置文件获取客户端的真实ip
在banckend配置段加入一个option
option forwardfor header X-REAL-IP #X-REAL-IP是自定义的一个名称
通过acl设置虚拟主机
一个前端可以对应多个后端,而实际生产环境建议一个frontend对应一个backend,并重载(生产不建议restart,restart会断开现有链接)
global log 127.0.0.1 local3 info chroot /var/lib/haproxy user haproxy group haproxy daemon defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 frontend www_check-blog_com mode http bind *:80 stats uri /haproxy?stats default_backend www_check-blog_com_backend #默认的backend acl is_other_check-blog_com hdr_end(host) other.heck-blog.com #is_other_check-blog_com:给此acl起一个名字;hdr_end(host):固定格式,用来识别host,如果没有匹配到acl,即访问default的bankcend use_backend other_check-blog_com_backend if is_other_check-blog_com #use_backend:关键词,使用哪个banckend;other_check-blog_com_backend:指定哪个backend的名称;if is_other_check-blog_com:用来判断acl,if 后面的名称是acl名称 #如果acl中有这个is_other_check-blog_com名称,那就使用这个other_check-blog_com_backend backend www_check-blog_com_backend #source cookie SERVERID option forwardfor header X-REAL-IP option httpchk GET /index.html balance roundrobin server linux-node1 192.168.230.128:8080 check inter 2000 rise 3 fall 3 weight 1 backend other_check-blog_com_backend #source cookie SERVERID option forwardfor header X-REAL-IP option httpchk GET /index.html balance roundrobin server linux-node2 192.168.230.129:8080 check inter 2000 rise 3 fall 3 weight 1
[[email protected] haproxy]# /etc/init.d/haproxy restart Shutting down haproxy: [ OK ] Starting haproxy: [ OK ]
本地hosts解析
192.168.230.128 www.check-blog.com other.check-blog.com
在fortend添加acl,根据静态文件,设置不同的backend(类似于location),注释的两行和前两行意义相同,分别是通过url正则匹配和url的后缀匹配
acl is_static_reg url_reg /*.(css|jpg|png|js|jpeg|gif)$ use_backend other_chuck-blog_com_backend if is_static_reg
第二种
#acl is_static_path path_end .gif .png .css .jpg .jpeg #use_backend other_chuck-blog_com_backend if is_static_path
其他形式的acl,正则或者UA(可以理解为nginx的location),更多形式的acl,请浏览文档
http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#acl
acl is_do_path url_reg /chuck.do use_backend other_chuck-blog_com_backend if is_do_path acl is_UA_path hdr_reg(User-Agent) -i andriod use_backend other_chuck-blog_com_backend if is_UA_path
haproxy的动态维护
在配置文件添加socket
[[email protected] ~]# head -8 /etc/haproxy/haproxy.cfg global log 127.0.0.1 local3 info chroot /var/lib/haproxy user haproxy group haproxy daemon stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin #指定socket文件路径,权限,管理级别 stats timeout 2m #指定超时时间
安装socat [[email protected]-node1 ~]yum install -y socat 使用help查看socat的事情 [[email protected]-node1 ~]# echo "help" |socat stdio /var/lib/haproxy/haproxy.sock Unknown command. Please enter one of the following commands only : clear counters : clear max statistics counters (add ‘all‘ for all counters) clear table : remove an entry from a table help : this message prompt : toggle interactive mode with prompt quit : disconnect show backend : list backends in the current running config show info : report information about the running process #查看所有信息 show pools : report information about the memory pools usage #查看所有poll show stat : report counters for each proxy and server #显示状态 show errors : report last request and response errors for each proxy show sess [id] : report the list of current sessions or dump this session show table [id]: report table usage stats or dump this table‘s contents show servers state [id]: dump volatile server information (for backend <id>) get weight : report a server‘s current weight #获得权重信息 set weight : change a server‘s weight #设置权重 set server : change a server‘s state, weight or address #改变一个server的转态权重或地址 set table [id] : update or create a table entry‘s data set timeout : change a timeout setting set maxconn : change a maxconn sett ing set rate-limit : change a rate limiting value disable : put a server or frontend in maintenance mode #将一个server或者fortend置于维护模式 enable : re-enable a server or frontend which is in maintenance mode #启用一个维护状态的server或者frontend shutdown : kill a session or a frontend (eg:to release listening ports) show acl [id] : report avalaible acls or dump an acl‘s contents get acl : reports the patterns matching a sample for an ACL #获取acl add acl : add acl entry #加一个acl del acl : delete acl entry #删一个acl clear acl <id> : clear the content of this acl show map [id] : report avalaible maps or dump a map‘s contents get map : reports the keys and values matching a sample for a map set map : modify map entry add map : add map entry del map : delete map entry clear map <id> : clear the content of this map set ssl <stmt> : set statement for ssl 查看info信息,内容值可以利用来监控 [[email protected]-node1 haproxy]# echo "show info" |socat stdio /var/lib/haproxy/haproxy.sock Name: HAProxy Version: 1.6.2 Release_date: 2015/11/03 Nbproc: 1 Process_num: 1 Pid: 14841 Uptime: 0d 0h03m44s Uptime_sec: 224 Memmax_MB: 0 Ulimit-n: 4033 Maxsock: 4033 Maxconn: 2000 Hard_maxconn: 2000 CurrConns: 0 CumConns: 2 CumReq: 2 Maxpipes: 0 PipesUsed: 0 PipesFree: 0 ConnRate: 0 ConnRateLimit: 0 MaxConnRate: 0 SessRate: 0 SessRateLimit: 0 MaxSessRate: 0 CompressBpsIn: 0 CompressBpsOut: 0 CompressBpsRateLim: 0 Tasks: 8 Run_queue: 1 Idle_pct: 100 node: linux-node1.example.com description:
关闭linux-node2主机
echo "disable server other_check-blog_com_backend/linux-node2" |socat stdio /var/lib/haproxy/haproxy.sock
可以看到linux-node2进入了维护(maintain)状态
打开linux-node2主机(只对现有的server生效,不能用来新增节点)
echo "enable server other_check-blog_com_backend/linux-node2" |socat stdio /var/lib/haproxy/haproxy.sock
可以看到linux-node2恢复正常
生产环境遇到的问题
haproxy的本地端口可能用尽,解决方案如下4条
1)更改local的端口范围,调整内核参数
[[email protected] ~]# cat /proc/sys/net/ipv4/ip_local_port_range 32768 61000
2)调整timewait的端口复用,设置为1
[[email protected] ~]# cat /proc/sys/net/ipv4/tcp_tw_reuse 0
3)缩短tcp_wait的时间,并不建议修改
[[email protected] ~]# cat /proc/sys/net/ipv4/tcp_fin_timeout 60
4)终极方案:增加为多个ip,自然端口数就够了
haproxy对比nginx
nginx
优点
1.web服务器,应用比较广泛
2.7层负载均衡,location设置复杂的基于HTTP的负载均衡
3.性能强大,网络依赖小
4.安装配置简单
缺点
1.健康检查单一
2.负载均衡算法少
3.不能动态管理
4.没有集群upstream的状态页面
haproxy
优点
1.专门做负载均衡
2.负载均衡算法多
3.性能》=nginx
4.通过和socket通信进行动态管理
5.有比较丰富的dashboard页面
6.强大的7层代理
缺点
1.配置没有nginx简单
2.应用没有nginx广泛