zoukankan      html  css  js  c++  java

  • HAProxy基础配置-修改haproxy运行时的用户身份

             HAProxy基础配置-修改haproxy运行时的用户身份

                                       作者:尹正杰

    版权声明:原创作品,谢绝转载!否则将追究法律责任。

    一.使用系统默认的nobody用户管理haproxy

    1>.编辑haprxoy的配置文件

    [root@node102.yinzhengjie.org.cn ~]# cat /etc/haproxy/haproxy.cfg 
global
maxconn 100000
chroot /yinzhengjie/softwares/haproxy
#stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 99
gid 99
daemon
nbproc 2
cpu-map 1 0
cpu-map 2 1
pidfile /yinzhengjie/softwares/haproxy/run/haproxy.pid
log 127.0.0.1 local3 info

defaults
option http-keep-alive
option  forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client  300000ms
timeout server  300000ms

listen stats
 mode http
 bind 0.0.0.0:9999
 stats enable
 log global
 stats uri     /haproxy-status
 stats auth    haadmin:q1w2e3r4ys

listen  web_port
 bind 0.0.0.0:80
 mode http
 log global
 server web1  127.0.0.1:8080  check inter 3000 fall 2 rise 5

#frontend web
# bind 172.30.1.102:80
# use_backend myweb

#backend myweb
# server web01 172.30.1.106:80

#上面注释的frontend和backend部分是可以通过listen指令代替
listen web
 bind 172.30.1.102:80
 server web01 172.30.1.106:80
[root@node102.yinzhengjie.org.cn ~]#

    2>.查看haprxoy运行时的用户身份

    [root@node102.yinzhengjie.org.cn ~]# id 99
uid=99(nobody) gid=99(nobody) groups=99(nobody)
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# getent passwd nobody 
nobody:x:99:99:Nobody:/:/sbin/nologin
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# ps -ef | grep haproxy
root     20977     1  0 18:24 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
nobody   20981 20977  0 18:24 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
nobody   20982 20977  0 18:24 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
root     21144  3488  0 18:59 pts/0    00:00:00 grep --color=auto haproxy
[root@node102.yinzhengjie.org.cn ~]#

    二.自定义用户管理haproxy服务

    1>.创建haproxy用户

    [root@node102.yinzhengjie.org.cn ~]# useradd haproxy -r -s /sbin/nologin         #创建haproxy用户时使用"-r"参数禁止创建家目录,使用"-s"指定该用户我无法登录操作系统。
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# getent passwd  haproxy
haproxy:x:998:996::/home/haproxy:/sbin/nologin
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# id haproxy
uid=998(haproxy) gid=996(haproxy) groups=996(haproxy)
[root@node102.yinzhengjie.org.cn ~]#

    2>.编辑haprxoy的配置文件

    [root@node102.yinzhengjie.org.cn ~]# id haproxy
uid=998(haproxy) gid=996(haproxy) groups=996(haproxy)
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# vim /etc/haproxy/haproxy.cfg 
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# cat /etc/haproxy/haproxy.cfg 
global
maxconn 100000
chroot /yinzhengjie/softwares/haproxy
#stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 998
gid 996
daemon
nbproc 2
cpu-map 1 0
cpu-map 2 1
pidfile /yinzhengjie/softwares/haproxy/run/haproxy.pid
log 127.0.0.1 local3 info

defaults
option http-keep-alive
option  forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client  300000ms
timeout server  300000ms

listen stats
 mode http
 bind 0.0.0.0:9999
 stats enable
 log global
 stats uri     /haproxy-status
 stats auth    haadmin:q1w2e3r4ys

listen  web_port
 bind 0.0.0.0:80
 mode http
 log global
 server web1  127.0.0.1:8080  check inter 3000 fall 2 rise 5

#frontend web
# bind 172.30.1.102:80
# use_backend myweb

#backend myweb
# server web01 172.30.1.106:80

#上面注释的frontend和backend部分是可以通过listen指令代替
listen web
 bind 172.30.1.102:80
 server web01 172.30.1.106:80
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]#

    3>. 重启haproxy服务使配置生效

    [root@node102.yinzhengjie.org.cn ~]# netstat -untalp | grep haproxy
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      20981/haproxy       
tcp        0      0 172.30.1.102:80         0.0.0.0:*               LISTEN      20981/haproxy       
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      20981/haproxy       
udp        0      0 0.0.0.0:55925           0.0.0.0:*                           20977/haproxy       
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# systemctl restart haproxy
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# netstat -untalp | grep haproxy
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      21278/haproxy       
tcp        0      0 172.30.1.102:80         0.0.0.0:*               LISTEN      21278/haproxy       
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      21278/haproxy       
udp        0      0 0.0.0.0:34022           0.0.0.0:*                           21274/haproxy       
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]#

    4>.查看haprxoy运行时的用户身份

    [root@node102.yinzhengjie.org.cn ~]# id haproxy
uid=998(haproxy) gid=996(haproxy) groups=996(haproxy)
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# ps -ef | grep haproxy
root     21274     1  0 19:16 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
haproxy  21278 21274  0 19:16 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
haproxy  21279 21274  0 19:16 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
root     21297  3488  0 19:17 pts/0    00:00:00 grep --color=auto haproxy
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]#

    5>.修改haproxy配置文件

    [root@node102.yinzhengjie.org.cn ~]# vim /etc/haproxy/haproxy.cfg 
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# getent passwd  haproxy
haproxy:x:998:996::/home/haproxy:/sbin/nologin
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# cat /etc/haproxy/haproxy.cfg 
global
maxconn 100000
chroot /yinzhengjie/softwares/haproxy
#stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
#uid 998
#gid 996
#也可以使用user和group指令来代替上面的uid和gid的配置
user haproxy
group haproxy
daemon
nbproc 2
cpu-map 1 0
cpu-map 2 1
pidfile /yinzhengjie/softwares/haproxy/run/haproxy.pid
log 127.0.0.1 local3 info

defaults
option http-keep-alive
option  forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client  300000ms
timeout server  300000ms

listen stats
 mode http
 bind 0.0.0.0:9999
 stats enable
 log global
 stats uri     /haproxy-status
 stats auth    haadmin:q1w2e3r4ys

listen  web_port
 bind 0.0.0.0:80
 mode http
 log global
 server web1  127.0.0.1:8080  check inter 3000 fall 2 rise 5

#frontend web
# bind 172.30.1.102:80
# use_backend myweb

#backend myweb
# server web01 172.30.1.106:80

#上面注释的frontend和backend部分是可以通过listen指令代替
listen web
 bind 172.30.1.102:80
 server web01 172.30.1.106:80
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# systemctl restart haproxy
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# ps -ef | grep haproxy
root     21318     1  0 19:19 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
haproxy  21321 21318  0 19:19 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
haproxy  21322 21318  0 19:19 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
root     21324  3488  0 19:19 pts/0    00:00:00 grep --color=auto haproxy
[root@node102.yinzhengjie.org.cn ~]#
  • 相关阅读:
    剑指offer——最小的K个数和数组中第K大的元素
    Leetcode刷题指南链接整理
    160. Intersection of Two Linked Lists
    100. Same Tree
    92. Reverse Linked List II
    94. Binary Tree Inorder Traversal
    79. Word Search
    78,90,Subsets,46,47,Permutations,39,40 DFS 大合集
    0x16 Tire之最大的异或对
    0x16 Tire
  • 原文地址:https://www.cnblogs.com/yinzhengjie/p/12117113.html
Copyright © 2011-2022 走看看