HAProxy配置httpd
环境配置
主机 |
IP |
调度器 |
192.168.197.141 |
RS1 |
192.168.197.142 |
RS2 |
192.168.197.143 |
配置步骤
[root@localhost ~]# yum -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel
......
Complete!
[root@localhost ~]# useradd -r -M -s /sbin/nologin haproxy
[root@localhost src]# wget https://github.com/haproxy/haproxy/archive/v2.3.0.tar.gz
......
v2.3.0.tar.gz.1 [ <=> ] 2.78M 8.68KB/s in 12m 7s
2020-11-12 14:52:56 (3.91 KB/s) - ‘v2.3.0.tar.gz’ saved [2910892]
# 解压
[root@localhost src]# tar -xf v2.3.0.tar.gz
[root@localhost src]# cd haproxy-2.3.0/
[root@localhost haproxy-2.3.0]# ls
BRANCHES contrib doc include LICENSE Makefile reg-tests scripts SUBVERS VERDATE
CHANGELOG CONTRIBUTING examples INSTALL MAINTAINERS README ROADMAP src tests VERSION
# 编译
[root@localhost haproxy-2.3.0]# make clean
[root@localhost haproxy-2.3.0]# make TARGET=linux-glibc USE_OPENSSL=1 USE_ZLIB=1 USE_PCRE=1 USE_SYSTEMD=1
......
make install --PREFIX=/usr/local/haproxy
......
# 将haproxy置于PATH中
[root@localhost local]# cd /usr/local/haproxy/
[root@localhost sbin]# cp haproxy /usr/sbin
[root@localhost ~]# vim /etc/sysctl.conf
......
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
# 重读配置文件
[root@localhost ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
mkdir /etc/haproxy
[root@localhost ~]# cat > /etc/haproxy/haproxy.cfg <<EOF
> #--------------全局配置----------------
> global
> log 127.0.0.1 local0 info
> #log loghost local0 info
> maxconn 20480
> #chroot /usr/local/haproxy
> pidfile /var/run/haproxy.pid
> #maxconn 4000
> user haproxy
> group haproxy
> daemon
> #---------------------------------------------------------------------
> #common defaults that all the 'listen' and 'backend' sections will
> #use if not designated in their block
> #---------------------------------------------------------------------
> defaults
> mode http
> log global
> option dontlognull
> option httpclose
> option httplog
> #option forwardfor
> option redispatch
> balance roundrobin
> timeout connect 10s
> timeout client 10s
> timeout server 10s
> timeout check 10s
> maxconn 60000
> retries 3
> #--------------统计页面配置------------------
> listen admin_stats
> bind 0.0.0.0:8189
> stats enable
> mode http
> log global
> stats uri /haproxy_stats
> stats realm Haproxy Statistics
> stats auth admin:admin
> #stats hide-version
> stats admin if TRUE
> stats refresh 30s
> #---------------web设置-----------------------
> listen webcluster
> bind 0.0.0.0:80
> mode http
> #option httpchk GET /index.html
> log global
> maxconn 3000
> balance roundrobin
> cookie SESSION_COOKIE insert indirect nocache
> server 192.168.197.142 192.168.197.142:80 check inter 2000 fall 5
server 192.168.197.143 192.168.197.143:80 check inter 2000 fall 5
> #server web01 192.168.80.102:80 cookie web01 check inter 2000 fall 5
> EOF
cat > /usr/lib/systemd/system/haproxy.service <<EOF
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
EOF
# 重新加载deamon
systemctl daemon-reload
# Save boot messages also to boot.log
local0.* /var/log/haproxy.log
local7.* /var/log/boot.log
# 开启haproxy
[root@localhost ~]# systemctl start haproxy
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:8189 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost ~]# curl 192.168.197.141:80
你好世界
[root@localhost ~]# curl 192.168.197.141:80
HELLO WORLD
[root@localhost ~]# curl 192.168.197.141:80
你好世界
[root@localhost ~]# curl 192.168.197.141:80
HELLO WORLD
HAProxy配置httpds
环境配置
主机 |
IP |
调度器 |
192.168.197.141 |
RS1 |
192.168.197.142 |
RS2 |
192.168.197.143 |
配置步骤
[root@localhost ~]# ls
anaconda-ks.cfg www.example.com.crt www.example.com.key
certificate.sh www.example.com.csr
[root@localhost ~]# yum install -y mod_ssl
[root@localhost ~]# mv www.example.com.crt /etc/httpd/ssl/
[root@localhost ~]# mv www.example.com.key /etc/httpd/ssl/
# 修改ssl配置文件
[root@localhost ssl]# vim /etc/httpd/conf.d/ssl.conf
......
# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html" ## 取消备注
ServerName www.example.com:443
# 指定crt与key的路径
SSLCertificateFile /etc/httpd/ssl/www.example.com.crt
......
SSLCertificateKeyFile /etc/httpd/ssl/www.example.com.key
# 重启httpd服务
[root@localhost ssl]# systemctl restart httpd
[root@localhost ssl]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
[root@localhost ~]# vim /etc/haproxy/haproxy.cfg
#---------------web设置-----------------------
listen httpdcluster
bind 0.0.0.0:80
mode http
#option httpchk GET /index.html
log global
maxconn 3000
balance roundrobin
cookie SESSION_COOKIE insert indirect nocache
server 192.168.197.142 192.168.197.142:80 check inter 2000 fall 5
server 192.168.197.143 192.168.197.143:80 check inter 2000 fall 5
#server web01 192.168.80.102:80 cookie web01 check inter 2000 fall 5
## 添加443端口监听
#---------------web设置-----------------------
listen httpdscluster
bind 0.0.0.0:443
mode tcp
#option httpchk GET /index.html
log global
maxconn 3000
balance roundrobin
cookie SESSION_COOKIE insert indirect nocache
server 192.168.197.142 192.168.197.142:443 check inter 2000 fall 5
server 192.168.197.143 192.168.197.143:443 check inter 2000 fall 5
[root@localhost ~]# systemctl restart haproxy
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:443 0.0.0.0:*
LISTEN 0 128 0.0.0.0:8189 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
## 验证
[root@localhost ~]# curl -k https://192.168.197.141
你好世界
[root@localhost ~]# curl -k https://192.168.197.141
HELLO WORLD
[root@localhost ~]# curl -k https://192.168.197.141
你好世界
[root@localhost ~]# curl -k https://192.168.197.141
HELLO WORLD