HAProxy的高级配置选项-ACL篇之匹配访问路径案例
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
一.试验环境概述
1>.操作平台介绍
[root@node101.yinzhengjie.org.cn ~]# uname -r
3.10.0-957.el7.x86_64
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# uname -m
x86_64
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# free -h
total used free shared buff/cache available
Mem: 7.6G 126M 7.4G 8.6M 129M 7.3G
Swap: 7.9G 0B 7.9G
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.30.1.101 node101.yinzhengjie.org.cn node101.yinzhengjie.com
172.30.1.102 node102.yinzhengjie.org.cn
172.30.1.103 node103.yinzhengjie.org.cn
172.30.1.104 node104.yinzhengjie.org.cn
172.30.1.105 node105.yinzhengjie.org.cn
172.30.1.106 node106.yinzhengjie.org.cn
172.30.1.107 node107.yinzhengjie.org.cn
172.30.1.108 node108.yinzhengjie.org.cn
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
2>.试验架构说明
node102.yinzhengjie.org.cn:
haproxy服务器
node103.yinzhengjie.org.cn:
Apache httpd模拟静态数据,如存放的图片,html,css,javascript等。
node104.yinzhengjie.org.cn:
"Nginx + php环境"模拟动态数据,php程序等。
二.部署Nginx服务器处理动态页面
1>.安装epel源
[root@node104.yinzhengjie.org.cn ~]# yum -y install epel-release2>.安装nginx和php
[root@node104.yinzhengjie.org.cn ~]# yum -y install nginx php-fpm3>.修改nginx的配置文件,添加一个匹配php文件的localtion
[root@node104.yinzhengjie.org.cn ~]# vim /etc/nginx/nginx.conf
[root@node104.yinzhengjie.org.cn ~]#
[root@node104.yinzhengjie.org.cn ~]# egrep -v "^ *#|^$" /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
location / {
}
location ~ .php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
[root@node104.yinzhengjie.org.cn ~]#
[root@node104.yinzhengjie.org.cn ~]# nginx -t #检查nginx的配置文件是否正确
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node104.yinzhengjie.org.cn ~]#
4>.启动nginx和php服务
[root@node104.yinzhengjie.org.cn ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 128 :::22 :::*
[root@node104.yinzhengjie.org.cn ~]#
[root@node104.yinzhengjie.org.cn ~]# systemctl start nginx php-fpm
[root@node104.yinzhengjie.org.cn ~]#
[root@node104.yinzhengjie.org.cn ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:9000 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
[root@node104.yinzhengjie.org.cn ~]#
[root@node104.yinzhengjie.org.cn ~]#
5>.创建php的测试页面,并通过浏览器访问"http://node104.yinzhengjie.org.cn/index.php"
[root@node104.yinzhengjie.org.cn ~]# vim /usr/share/nginx/html/index.php
[root@node104.yinzhengjie.org.cn ~]#
[root@node104.yinzhengjie.org.cn ~]# cat /usr/share/nginx/html/index.php
<?php
phpinfo();
?>
[root@node104.yinzhengjie.org.cn ~]#
[root@node104.yinzhengjie.org.cn ~]#
三.部署Apache httpd服务器处理静态页面
1>.安装apache httpd服务器
[root@node103.yinzhengjie.org.cn ~]# yum -y install httpd2>.创建测试数据
[root@node103.yinzhengjie.org.cn ~]# rz #随便上传一张测试图片即可 [root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]# ll total 120 -rw-r--r-- 1 root root 122026 Dec 16 19:58 02.迪丽热巴.jfif [root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]# file 02.迪丽热巴.jfif 02.迪丽热巴.jfif: JPEG image data, JFIF standard 1.01 [root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]# mkdir -pv /var/www/html/images mkdir: created directory ‘/var/www/html/images’ [root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]# mv 02.迪丽热巴.jfif /var/www/html/images/01.jpeg [root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]# ll -R /var/www/html/ /var/www/html/: total 0 drwxr-xr-x 2 root root 21 Jan 5 20:15 images /var/www/html/images: total 120 -rw-r--r-- 1 root root 122026 Dec 16 19:58 01.jpeg [root@node103.yinzhengjie.org.cn ~]#
3>.启动httpd服务并使用浏览器访问上一步创建的图片(http://node103.yinzhengjie.org.cn/images/01.jpeg)
[root@node103.yinzhengjie.org.cn ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 128 :::22 :::*
[root@node103.yinzhengjie.org.cn ~]#
[root@node103.yinzhengjie.org.cn ~]# systemctl start httpd
[root@node103.yinzhengjie.org.cn ~]#
[root@node103.yinzhengjie.org.cn ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 :::22 :::*
[root@node103.yinzhengjie.org.cn ~]#
[root@node103.yinzhengjie.org.cn ~]#
四.配置haproxy基于访问路径匹配案例
1>.编辑haproxy的配置文件
[root@node102.yinzhengjie.org.cn ~]# cat /etc/haproxy/haproxy.cfg global maxconn 100000 chroot /yinzhengjie/softwares/haproxy stats socket /yinzhengjie/softwares/haproxy/haproxy.sock mode 600 level admin user haproxy group haproxy daemon nbproc 2 cpu-map 1 0 cpu-map 2 1 nbthread 2 pidfile /yinzhengjie/softwares/haproxy/haproxy.pid log 127.0.0.1 local5 info defaults option http-keep-alive option forwardfor option redispatch option abortonclose maxconn 100000 mode http timeout connect 300000ms timeout client 300000ms timeout server 300000ms errorloc 503 http://node107.yinzhengjie.org.cn/monitor/503.html listen status_page bind 172.30.1.102:8888 stats enable stats uri /haproxy-status stats auth admin:yinzhengjie stats realm "Welcome to the haproxy load balancer status page of YinZhengjie" stats hide-version stats admin if TRUE stats refresh 5s frontend WEB_PORT_80 bind 172.30.1.102:80 mode http #定义ACL匹配所有以".php"结尾的文件的php程序 acl php_server path_end -i .php #将php的请求交给nginx服务器去处理. use_backend nginx_php if php_server #定义ACL匹配所有访问路径 acl static_path path_beg -i /static /images /javascript #将图片的请求交给httpd服务器去处理. use_backend apache_httpd if static_path default_backend backup_web backend nginx_php server web04 172.30.1.104:80 check inter 3000 fall 3 rise 5 backend apache_httpd server web03 172.30.1.103:80 check inter 3000 fall 3 rise 5 backend backup_web server web03 172.30.1.108:80 check inter 3000 fall 3 rise 5 [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# systemctl restart haproxy #别忘记重启haproxy使得配置文件生效哟~ [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]#
2>.查看haproxy的监听端口和进程信息
[root@node102.yinzhengjie.org.cn ~]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 172.30.1.102:80 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 172.30.1.102:8888 *:* LISTEN 0 128 :::22 :::* [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# ps -ef | grep haproxy | grep -v grep root 20587 1 0 20:09 ? 00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid haproxy 20589 20587 0 20:09 ? 00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid haproxy 20590 20587 0 20:09 ? 00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]#
3>.查看haproxy的状态页(http://node102.yinzhengjie.org.cn:8888/haproxy-status)
五.验证haproxy的配置
1>.浏览器访问haproxy的地址:"http://node102.yinzhengjie.org.cn/index.php",如下图所示
2>.浏览器访问haproxy的地址:"http://node102.yinzhengjie.org.cn/images/01.jpeg",如下图所示
