HAproxy-1.6.X 安装部署

1. 源码包下载及安装

root@iZ23tsilmb7Z:/usr/local/src# apt-get -y install make gcc
root@iZ23tsilmb7Z:/usr/local/src# wget http://fossies.org/linux/misc/haproxy-1.6.6.tar.gz
--2016-07-03 20:28:35--  http://fossies.org/linux/misc/haproxy-1.6.6.tar.gz
Resolving fossies.org (fossies.org)... 138.201.17.217
Connecting to fossies.org (fossies.org)|138.201.17.217|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1565046 (1.5M) [application/x-gzip]
Saving to: ‘haproxy-1.6.6.tar.gz’
 
100%[==============================================================>] 1,565,046    210KB/s   in 8.1s   
 
2016-07-03 20:28:44 (190 KB/s) - ‘haproxy-1.6.6.tar.gz’ saved [1565046/1565046]
 
root@iZ23tsilmb7Z:/usr/local/src# tar -zxvf haproxy-1.6.6.tar.gz
root@iZ23tsilmb7Z:/usr/local/src# cd haproxy-1.6.6
root@iZ23tsilmb7Z:/usr/local/src/haproxy-1.6.6# make TARGET=linux2628 PREFIX=/usr/local/haproxy
root@iZ23tsilmb7Z:/usr/local/src/haproxy-1.6.6# make install PREFIX=/usr/local/haproxy
 
//参数说明
TARGET=linux26
#使用uname -r查看内核，如：2.6.18-371.el5，此时该参数就为linux26
#kernel 大于2.6.28的用：TARGET=linux2628
PREFIX=/usr/local/haprpxy   #/usr/local/haprpxy为haprpxy安装路径

2.配置启动脚本

cp /usr/local/src/haproxy-1.6.3/examples/haproxy.init /etc/init.d/haproxy
chmod +x /etc/init.d/haproxy
useradd -r haproxy -s /sbin/nologin

如果是ubuntu系统需要/etc/init.d/functions为/lib/lsb/init-functins

注释/etc/sysconfig/network [ ${NETWORKING} = "no" ] && exit 0

同时去除start 里面damon

3.配置环境变量

echo 'PATH="/usr/local/haproxy/sbin:$PATH"' >> /etc/profile
source /etc/profile

4.haproxy配置文件

mkdir /etc/haproxy
mkdir /var/lib/haproxy
cd /etc/haproxy/
vim haproxy.cfg

5.启动脚本更改

vim /etc/init.d/haproxy
 35 BIN=/usr/sbin/$BASENAME   # 替换BIN=/usr/local/haproxy/sbin/$BASENAME

6.配置haproxy日志

[root@localhost haproxy-1.6.3]# vim /etc/rsyslog.conf     #17,18是关于tcp行注释取消，#最后增加一行
 16 # Provides TCP syslog reception
 17 $ModLoad imtcp
 18 $InputTCPServerRun 514
  
local3.* /var/log/haproxy.log
[root@localhost haproxy-1.6.3]# /etc/init.d/rsyslog restart

7.haproxy.cfg配置文件

# 全局配置,日志，运行安装路径，
global
        log 127.0.0.1 local3 info  # 日志存储到127.0.0.1，端口是514，
 
        chroot /var/lib/haproxy
        pidfile /var/run/haproxy.pid        #配置haproxy的sock文件，权限是600，等级是admin权限，超时2分钟
        stats socket /var/lib/haproxy/haproxy.sock mode 660 level admin
        stats timeout 2m
        user haproxy
        group haproxy
        daemon
 
# 默认配置
defaults
        log global
        mode http
        #option httplog         # 访问日志关闭
        option dontlognull      # 不记录空链接，如监控链接
        timeout connect 5000
        timeout client 50000
        timeout server 50000
        timeout check 10000
        maxconn 3000
 
# 状态监控页面
listen haproxy_status
        # 绑定地址，每5s自动刷新，隐藏版本，状态访问页面，认证账号，密码,条件满足进入管理界面
        bind 172.16.1.14:8888
        stats enable
        stats refresh 100s
        stats hide-version
        stats uri /haproxy-status
        stats realm "HAProxy/ static"
        stats auth admin:admin123
        stats admin if TRUE
        # 允许的网段，允许，拒绝
        #acl allow src 192.168.12.0/24
        #tcp-request content accept if allow
        #tcp-request content reject
 
# 1.匹配到www.pinhui001.com域名，跳转到www_backend
frontend ph_web
        bind 172.16.1.14:80
        acl www hdr_end(host) pinhui001.com        #ACL规则定义的方式有hdr_reg(host)、hdr_dom(host)、hdr_beg(host)、url_sub、url_dir、path_beg、path_end等，-i表示不匹配大小写
        acl www hdr_end(host) www.pinhui001.com
        use_backend www_backend if www
 
# 2.匹配到目录static,images及jpg,png结尾的跳转到
frontend ph_static
        bind 172.16.1.14:1802
        acl url_static path_beg -i /static /images /stylesheets
        #acl url_static path_end -i .jpg .gif .png .css .js
        acl static_reg url_reg /*.(css|jpg|js|jpeg|gif)$
        use_backend static_backend if url_static
 
# test
frontend test_web
        bind 172.16.1.14:8899
        acl test hdr_beg(host) -i test.pinhui001.cc
        use_backend test_backend if test
 
backend test_backend
        mode http
        balance roundrobin
        option forwardfor header X-REAL-IP
        option httpchk GET /iisstart.htm HTTP/1.1
Host:172.16.1.25:80
        server web-node1 172.16.1.25:80 check inter 2000 rise 3 fall 3 weight 1
 
# 1.
backend www_backend
        # 随机,2秒检测，2次成功认为服务可用，3次失败认为服务不可用，权重为1
        # option httpchk GET /index.html
        balance roundrobin
        option forwardfor header X-REAL-IP
        server web-node1 172.16.1.25:18201 check inter 2000 rise 3 fall 3 weight 1
        server web-node3 192.168.2.16:80 check inter 2000 rise 3 fall 3 weight 1
 
# 2.
backend static_backend
        balance roundrobin
        option forwardfor header X-REAL-IP
        # cookie中插入srv字串防止登录信息丢失
        cookie srv insert nocache
        server static01 172.16.1.110:80 check inter 2000 rise 2 fall 3 weight 1
        server static02 172.16.1.111:80 check inter 2000 rise 2 fall 3 weight 1

8.动态管理haproxy

# 配置文件全局加入2行
vim /etc/haproxy/haproxy.cfg
global
   stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
   stats timeout 2m
 
# 安装socker
yum list | grep socat
yum install -y socat
 
# 查看支持的命令
[root@ha-node01 haproxy]# echo "help" | socat stdio /var/lib/haproxy/haproxy.sock
[root@ha-node01 haproxy]# echo "show info" | socat stdio /var/lib/haproxy/haproxy.sock  # 查看状态信息
 
# 关闭某台主机，开启
cho "disable server test_backend/web-node1" | socat stdio /var/lib/haproxy/haproxy.sock
echo "enable server test_backend/web-node1" | socat stdio /var/lib/haproxy/haproxy.sock

9.haproxy性能调优

[root@ha-node01 haproxy]# cat /proc/sys/net/ipv4/ip_local_port_range  # 端口范围调大 
32768   61000   
[root@ha-node01 haproxy]# cat /proc/sys/net/ipv4/tcp_tw_reuse         # 设置1
1              
[root@ha-node01 haproxy]# cat /proc/sys/net/ipv4/tcp_fin_timeout      # 时间调短
30          