HAproxy-1.6.X 安装部署

1. 源码包下载及安装

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

root@iZ23tsilmb7Z:/usr/local/src# apt-get -y install make gcc root@iZ23tsilmb7Z:/usr/local/src# wget http://fossies.org/linux/misc/haproxy-1.6.6.tar.gz --2016-07-03 20:28:35--  http://fossies.org/linux/misc/haproxy-1.6.6.tar.gz Resolving fossies.org (fossies.org)... 138.201.17.217 Connecting to fossies.org (fossies.org)|138.201.17.217|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1565046 (1.5M) [application/x-gzip] Saving to: ‘haproxy-1.6.6.tar.gz’   100%[==============================================================>] 1,565,046    210KB/s   in 8.1s      2016-07-03 20:28:44 (190 KB/s) - ‘haproxy-1.6.6.tar.gz’ saved [1565046/1565046]   root@iZ23tsilmb7Z:/usr/local/src# tar -zxvf haproxy-1.6.6.tar.gz root@iZ23tsilmb7Z:/usr/local/src# cd haproxy-1.6.6 root@iZ23tsilmb7Z:/usr/local/src/haproxy-1.6.6# make TARGET=linux2628 PREFIX=/usr/local/haproxy root@iZ23tsilmb7Z:/usr/local/src/haproxy-1.6.6# make install PREFIX=/usr/local/haproxy   //参数说明 TARGET=linux26 #使用uname -r查看内核，如：2.6.18-371.el5，此时该参数就为linux26 #kernel 大于2.6.28的用：TARGET=linux2628 PREFIX=/usr/local/haprpxy   #/usr/local/haprpxy为haprpxy安装路径

 2.配置启动脚本

1 2  3

cp /usr/local/src/haproxy-1.6.3/examples/haproxy.init /etc/init.d/haproxy chmod +x /etc/init.d/haproxy useradd -r haproxy -s /sbin/nologin

如果是ubuntu系统需要/etc/init.d/functions为/lib/lsb/init-functins

注释/etc/sysconfig/network   [ ${NETWORKING} = "no" ] && exit 0

同时去除start 里面damon

 3.配置环境变量

1 2	echo 'PATH="/usr/local/haproxy/sbin:$PATH"' >> /etc/profile source /etc/profile

 4.haproxy配置文件

1 2 3 4

mkdir /etc/haproxy mkdir /var/lib/haproxy cd /etc/haproxy/ vim haproxy.cfg

 5.启动脚本更改

1 2	vim /etc/init.d/haproxy  35 BIN=/usr/sbin/$BASENAME   # 替换BIN=/usr/local/haproxy/sbin/$BASENAME

 6.配置haproxy日志

1 2 3 4 5 6 7

[root@localhost haproxy-1.6.3]# vim /etc/rsyslog.conf     #17,18是关于tcp行注释取消，#最后增加一行  16 # Provides TCP syslog reception  17 $ModLoad imtcp  18 $InputTCPServerRun 514    local3.* /var/log/haproxy.log [root@localhost haproxy-1.6.3]# /etc/init.d/rsyslog restart

7.haproxy.cfg配置文件

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85

# 全局配置,日志，运行安装路径， global         log 127.0.0.1 local3 info  # 日志存储到127.0.0.1，端口是514，           chroot /var/lib/haproxy         pidfile /var/run/haproxy.pid        #配置haproxy的sock文件，权限是600，等级是admin权限，超时2分钟         stats socket /var/lib/haproxy/haproxy.sock mode 660 level admin         stats timeout 2m         user haproxy         group haproxy         daemon   # 默认配置 defaults         log global         mode http         #option httplog         # 访问日志关闭         option dontlognull      # 不记录空链接，如监控链接         timeout connect 5000         timeout client 50000         timeout server 50000         timeout check 10000         maxconn 3000   # 状态监控页面 listen haproxy_status         # 绑定地址，每5s自动刷新，隐藏版本，状态访问页面，认证账号，密码,条件满足进入管理界面         bind 172.16.1.14:8888         stats enable         stats refresh 100s         stats hide-version         stats uri /haproxy-status         stats realm "HAProxy/ static"         stats auth admin:admin123         stats admin if TRUE         # 允许的网段，允许，拒绝         #acl allow src 192.168.12.0/24         #tcp-request content accept if allow         #tcp-request content reject   # 1.匹配到www.pinhui001.com域名，跳转到www_backend frontend ph_web         bind 172.16.1.14:80         acl www hdr_end(host) pinhui001.com        #ACL规则定义的方式有hdr_reg(host)、hdr_dom(host)、hdr_beg(host)、url_sub、url_dir、path_beg、path_end等，-i表示不匹配大小写         acl www hdr_end(host) www.pinhui001.com         use_backend www_backend if www   # 2.匹配到目录static,images及jpg,png结尾的跳转到 frontend ph_static         bind 172.16.1.14:1802         acl url_static path_beg -i /static /images /stylesheets         #acl url_static path_end -i .jpg .gif .png .css .js         acl static_reg url_reg /*.(css|jpg|js|jpeg|gif)$         use_backend static_backend if url_static   # test frontend test_web         bind 172.16.1.14:8899         acl test hdr_beg(host) -i test.pinhui001.cc         use_backend test_backend if test   backend test_backend         mode http         balance roundrobin         option forwardfor header X-REAL-IP         option httpchk GET /iisstart.htm HTTP/1.1 Host:172.16.1.25:80         server web-node1 172.16.1.25:80 check inter 2000 rise 3 fall 3 weight 1   # 1. backend www_backend         # 随机,2秒检测，2次成功认为服务可用，3次失败认为服务不可用，权重为1         # option httpchk GET /index.html         balance roundrobin         option forwardfor header X-REAL-IP         server web-node1 172.16.1.25:18201 check inter 2000 rise 3 fall 3 weight 1         server web-node3 192.168.2.16:80 check inter 2000 rise 3 fall 3 weight 1   # 2. backend static_backend         balance roundrobin         option forwardfor header X-REAL-IP         # cookie中插入srv字串防止登录信息丢失         cookie srv insert nocache         server static01 172.16.1.110:80 check inter 2000 rise 2 fall 3 weight 1         server static02 172.16.1.111:80 check inter 2000 rise 2 fall 3 weight 1

 8.动态管理haproxy

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

# 配置文件全局加入2行 vim /etc/haproxy/haproxy.cfg global    stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin    stats timeout 2m   # 安装socker yum list | grep socat yum install -y socat   # 查看支持的命令 [root@ha-node01 haproxy]# echo "help" | socat stdio /var/lib/haproxy/haproxy.sock [root@ha-node01 haproxy]# echo "show info" | socat stdio /var/lib/haproxy/haproxy.sock  # 查看状态信息   # 关闭某台主机，开启 cho "disable server test_backend/web-node1" | socat stdio /var/lib/haproxy/haproxy.sock echo "enable server test_backend/web-node1" | socat stdio /var/lib/haproxy/haproxy.sock

 9.haproxy性能调优

1 2 3 4 5 6

[root@ha-node01 haproxy]# cat /proc/sys/net/ipv4/ip_local_port_range  # 端口范围调大 32768   61000   [root@ha-node01 haproxy]# cat /proc/sys/net/ipv4/tcp_tw_reuse         # 设置1 1              [root@ha-node01 haproxy]# cat /proc/sys/net/ipv4/tcp_fin_timeout      # 时间调短 30