HAProxy搭建HTTP负载集群
环境:
| 环境 | IP地址 | 需要安装的应用 | 系统版本 |
|---|---|---|---|
| yc2 | 192.168.23.141 | RedHat 8 | |
| LB | 192.168.23.142 | haproxy | RedHat 8 |
| RS1 | 192.168.23.143 | httpd | RedHat 8 |
| RS2 | 192.168.23.144 | httpd | RedHat 8 |
准备工作:
//关闭防火墙与selinux0
LB
[root@LB ~]# systemctl disable --now firewalld
[root@LB ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
[root@LB ~]# setenforce 0
RS1:
[root@RS1 ~]# systemctl disable --now firewalld
[root@RS1 ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
[root@RS1 ~]# setenforce 0
RS2:
[root@RS2 ~]# systemctl disable --now firewalld
[root@RS2 ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
[root@RS2 ~]# setenforce 0
//在RS上安装httpd,配置html文件
RS1
[root@RS1 ~]# yum -y install httpd
[root@RS1 ~]# systemctl enable --now httpd
[root@RS1 ~]# echo haproxy-RS1 > /var/www/html/index.html
RS2
[root@RS2 ~]# yum -y install httpd
[root@RS2 ~]# systemctl enable --now httpd
[root@RS2 ~]# echo haproxy-RS2 > /var/www/html/index.html
开始实验
1. 安装haproxy
LB
//安装依赖包
[root@LB ~]# yum -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel
//创建用户
[root@LB ~]# useradd -r -M -s /sbin/nologin haproxy
//下载haproxy
[root@LB ~]# wget https://www.haproxy.org/download/2.3/src/haproxy-2.3.10.tar.gz
[root@LB ~]# ls
anaconda-ks.cfg haproxy-2.3.10.tar.gz
//编译安装haproxy
[root@LB ~]# tar xf haproxy-2.3.10.tar.gz
[root@LB ~]# cd haproxy-2.3.10/
[root@DR haproxy-2.3.10]# make -j $(grep 'processor' /proc/cpuinfo |wc -l)
TARGET=linux-glibc
USE_OPENSSL=1
USE_ZLIB=1
USE_PCRE=1
USE_SYSTEMD=1
[root@DR haproxy-2.3.10]# make install PREFIX=/usr/local/haproxy
[root@DR haproxy-2.3.10]# cp haproxy /usr/sbin/
2. 配置各个负载的内核参数
//开启ip转发功能
LB
[root@LB ~]# echo 'net.ipv4.ip_nonlocal_bind = 1' >> /etc/sysctl.conf
[root@LB ~]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
[root@LB ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
3.修改配置文件
[root@LB ~]# mkdir /etc/haproxy
[root@LB ~]# vim /etc/haproxy/haproxy.cfg
global
daemon
maxconn 256
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http-in
bind *:80
default_backend servers
backend servers
server web01 192.168.23.143:80
server web02 192.168.23.144:80
[root@LB ~]# haproxy -f /etc/haproxy/haproxy.cfg -c
Configuration file is valid
4. 启动服务
//启动
[root@LB ~]# haproxy -f /etc/haproxy/haproxy.cfg
[root@LB ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
//启动守护进程
[root@LB ~]# vim /usr/lib/systemd/system/haproxy.service
//写入配置文件
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
[root@LB ~]# systemctl daemon-reload
[root@LB ~]# systemctl enable --now haproxy
Created symlink /etc/systemd/system/multi-user.target.wants/haproxy.service → /usr/lib/systemd/system/haproxy.service.
[root@LB ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
5. 客户端访问
[root@yc2 ~]# curl 192.168.23.142
haproxy-RS1
[root@yc2 ~]# curl 192.168.23.142
haproxy-RS2
[root@yc2 ~]# curl 192.168.23.142
haproxy-RS1
[root@yc2 ~]# curl 192.168.23.142
haproxy-RS1
HAProxy搭建HTTPS负载集群
环境:
| 环境 | IP地址 | 需要安装的应用 | 系统版本 |
|---|---|---|---|
| yc2 | 192.168.23.141 | RedHat 8 | |
| LB | 192.168.23.142 | haproxy | RedHat 8 |
| RS1 | 192.168.23.143 | httpd | RedHat 8 |
| RS2 | 192.168.23.144 | httpd | RedHat 8 |
准备工作
前期与HAProxy搭建http负载集群的准备工作相同
准备完成后加上以下操作
//安装mod_ssl
RS1
[root@RS1 ~]# yum -y install mod_ssl
[root@RS1 ~]# systemctl restart httpd
[root@RS1 ~]# ss -antl //443端口启动说明证书服务生成
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
RS2
[root@RS2 ~]# yum -y install mod_ssl
[root@RS2 ~]# systemctl restart httpd
[root@RS2 ~]# ss -antl //443端口启动说明证书服务生成
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
1. 修改配置文件
[root@LB ~]# vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2 info
maxconn 20480
chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
user haproxy
group haproxy
daemon
nbproc 1
nbthread 4
spread-checks 5
defaults
mode http
log global
option dontlognull
option httpclose
option http-keep-alive
option redispatch
balance roundrobin
timeout connect 60s
timeout client 30s
timeout server 30s
timeout check 10s
maxconn 60000
retries 3
listen https
bind 0.0.0.0:443
log global
mode tcp
balance roundrobin
server web01 192.168.23.143:443 check inter 2s fall 3 rise 5
server web02 192.168.23.144:443 check inter 2s fall 3 rise 5
[root@LB ~]# mkdir /var/lib/haproxy
//重启haproxy服务
[root@LB ~]# systemctl restart haproxy
[root@LB ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:443 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
2. 客户端访问
[root@yc2 ~]# curl -k https://192.168.23.142
haproxy-RS1
[root@yc2 ~]# curl -k https://192.168.23.142
haproxy-RS2
[root@yc2 ~]# curl -k https://192.168.23.142
haproxy-RS1
[root@yc2 ~]# curl -k https://192.168.23.142
haproxy-RS2
3. 配置访问haproxy网页界面
//修改配置文件
[root@LB ~]# vim /etc/haproxy/haproxy.cfg
#--------------全局配置----------------
global
log 127.0.0.1 local0 info
#log loghost local0 info
maxconn 20480
#chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid
#maxconn 4000
user haproxy
group haproxy
daemon
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option dontlognull
option httpclose
option httplog
#option forwardfor
option redispatch
balance roundrobin
timeout connect 10s
timeout client 10s
timeout server 10s
timeout check 10s
maxconn 60000
retries 3
#--------------统计页面配置------------------
listen admin_stats
bind 0.0.0.0:8189
stats enable
mode http
log global
stats uri /haproxy_stats
stats realm Haproxy Statistics
stats auth admin:admin
#stats hide-version
stats admin if TRUE
stats refresh 30s
#---------------web设置-----------------------
listen webcluster
bind 0.0.0.0:80
mode http
#option httpchk GET /index.html
log global
maxconn 3000
balance roundrobin
cookie SESSION_COOKIE insert indirect nocache
server web01 192.168.23.143:80 check inter 2000 fall 5
server web02 192.168.230.144:80 check inter 2000 fall 5
#server web01 192.168.80.102:80 cookie web01 check inter 2000 fall 5
//重启服务,发现8189端口启动
[root@LB ~]# systemctl restart haproxy
[root@LB ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:8189 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
4. 启用日志
[root@LB ~]# vim /etc/rsyslog.conf
······
# Save boot messages also to boot.log
(插入一行内容如下)
local0.info /var/log/haproxy.log
local7.* /var/log/boot.log
[root@LB ~]# systemctl restart rsyslog
5. 浏览器访问
