HAProxy——配置与实例

目录

• HAProxy配置httpd
  • 环境配置
  • 配置步骤
• HAProxy配置httpds
  • 环境配置
  • 配置步骤

HAProxy配置httpd

环境配置

主机	IP
调度器	192.168.197.141
RS1	192.168.197.142
RS2	192.168.197.143

配置步骤

• 调度器上安装编译环境及依赖包

[root@localhost ~]# yum -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel

......
Complete!

• 创建HAProxy系统用户

[root@localhost ~]# useradd -r -M -s /sbin/nologin haproxy

• 安装编译HAProxy

[root@localhost src]# wget https://github.com/haproxy/haproxy/archive/v2.3.0.tar.gz
......

v2.3.0.tar.gz.1               [     <=>                              ]   2.78M  8.68KB/s    in 12m 7s  

2020-11-12 14:52:56 (3.91 KB/s) - ‘v2.3.0.tar.gz’ saved [2910892]

# 解压
[root@localhost src]# tar -xf v2.3.0.tar.gz
[root@localhost src]# cd haproxy-2.3.0/
[root@localhost haproxy-2.3.0]# ls
BRANCHES   contrib       doc       include  LICENSE      Makefile  reg-tests  scripts  SUBVERS  VERDATE
CHANGELOG  CONTRIBUTING  examples  INSTALL  MAINTAINERS  README    ROADMAP    src      tests    VERSION

# 编译
[root@localhost haproxy-2.3.0]# make clean
[root@localhost haproxy-2.3.0]# make TARGET=linux-glibc USE_OPENSSL=1 USE_ZLIB=1 USE_PCRE=1 USE_SYSTEMD=1
......

make install --PREFIX=/usr/local/haproxy
......

# 将haproxy置于PATH中
[root@localhost local]# cd /usr/local/haproxy/
[root@localhost sbin]# cp haproxy /usr/sbin

• 配置内核参数

[root@localhost ~]# vim /etc/sysctl.conf 
......
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1

# 重读配置文件
[root@localhost ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1

• 配置文件编写

mkdir /etc/haproxy
[root@localhost ~]# cat > /etc/haproxy/haproxy.cfg <<EOF
> #--------------全局配置----------------
> global
>     log 127.0.0.1 local0  info
>     #log loghost local0 info
>     maxconn 20480
> #chroot /usr/local/haproxy
>     pidfile /var/run/haproxy.pid
>     #maxconn 4000
>     user haproxy
>     group haproxy
>     daemon
> #---------------------------------------------------------------------
> #common defaults that all the 'listen' and 'backend' sections will
> #use if not designated in their block
> #---------------------------------------------------------------------
> defaults
>     mode http
>     log global
>     option dontlognull
>     option httpclose
>     option httplog
>     #option forwardfor
>     option redispatch
>     balance roundrobin
>     timeout connect 10s
>     timeout client 10s
>     timeout server 10s
>     timeout check 10s
>     maxconn 60000
>     retries 3
> #--------------统计页面配置------------------
> listen admin_stats
>     bind 0.0.0.0:8189
>     stats enable
>     mode http
>     log global
>     stats uri /haproxy_stats
>     stats realm Haproxy Statistics
>     stats auth admin:admin
>     #stats hide-version
>     stats admin if TRUE
>     stats refresh 30s
> #---------------web设置-----------------------
> listen webcluster
>     bind 0.0.0.0:80
>     mode http
>     #option httpchk GET /index.html
>     log global
>     maxconn 3000
>     balance roundrobin
>     cookie SESSION_COOKIE insert indirect nocache
>     server 192.168.197.142 192.168.197.142:80 check inter 2000 fall 5
      server 192.168.197.143 192.168.197.143:80 check inter 2000 fall 5

>     #server web01 192.168.80.102:80 cookie web01 check inter 2000 fall 5
> EOF

• HAProxy.service编写

cat > /usr/lib/systemd/system/haproxy.service <<EOF
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg   -c -q
ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg  -p /var/run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID

[Install]
WantedBy=multi-user.target
EOF

# 重新加载deamon
systemctl daemon-reload

• 启动日志服务，并启动HAProxy服务

# Save boot messages also to boot.log
local0.*                                                /var/log/haproxy.log
local7.*                                                /var/log/boot.log

# 开启haproxy
[root@localhost ~]# systemctl start haproxy
[root@localhost ~]# ss -antl
State       Recv-Q       Send-Q                Local Address:Port               Peer Address:Port       
LISTEN      0            128                         0.0.0.0:80                      0.0.0.0:*          
LISTEN      0            128                         0.0.0.0:22                      0.0.0.0:*          
LISTEN      0            128                         0.0.0.0:8189                    0.0.0.0:*          
LISTEN      0            128                            [::]:22                         [::]:* 

• 验证负载均衡

[root@localhost ~]# curl 192.168.197.141:80
你好世界
[root@localhost ~]# curl 192.168.197.141:80
HELLO WORLD
[root@localhost ~]# curl 192.168.197.141:80
你好世界
[root@localhost ~]# curl 192.168.197.141:80
HELLO WORLD

HAProxy配置httpds

环境配置

主机	IP
调度器	192.168.197.141
RS1	192.168.197.142
RS2	192.168.197.143

配置步骤

• RS1上生成证书与密钥

[root@localhost ~]# ls
anaconda-ks.cfg  www.example.com.crt  www.example.com.key
certificate.sh   www.example.com.csr

• RS配置主机密钥

[root@localhost ~]# yum install -y mod_ssl

[root@localhost ~]# mv www.example.com.crt /etc/httpd/ssl/
[root@localhost ~]# mv www.example.com.key /etc/httpd/ssl/

# 修改ssl配置文件
[root@localhost ssl]# vim /etc/httpd/conf.d/ssl.conf
......
# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html"     ## 取消备注
ServerName www.example.com:443

# 指定crt与key的路径
SSLCertificateFile /etc/httpd/ssl/www.example.com.crt
......
SSLCertificateKeyFile /etc/httpd/ssl/www.example.com.key

# 重启httpd服务
[root@localhost ssl]# systemctl restart httpd
[root@localhost ssl]# ss -antl
State       Recv-Q       Send-Q              Local Address:Port             Peer Address:Port      
LISTEN      0            128                       0.0.0.0:22                    0.0.0.0:*         
LISTEN      0            128                             *:80                          *:*         
LISTEN      0            128                          [::]:22                       [::]:*         
LISTEN      0            128                             *:443                         *:*

• 重新配置HAProxy配置文件

[root@localhost ~]# vim /etc/haproxy/haproxy.cfg
#---------------web设置-----------------------
listen httpdcluster
    bind 0.0.0.0:80
    mode http
    #option httpchk GET /index.html
    log global
    maxconn 3000
    balance roundrobin
    cookie SESSION_COOKIE insert indirect nocache
    server 192.168.197.142 192.168.197.142:80 check inter 2000 fall 5
    server 192.168.197.143 192.168.197.143:80 check inter 2000 fall 5
    #server web01 192.168.80.102:80 cookie web01 check inter 2000 fall 5

## 添加443端口监听

#---------------web设置-----------------------
listen httpdscluster
    bind 0.0.0.0:443
    mode tcp
    #option httpchk GET /index.html
    log global
    maxconn 3000
    balance roundrobin
    cookie SESSION_COOKIE insert indirect nocache
    server 192.168.197.142 192.168.197.142:443 check inter 2000 fall 5
    server 192.168.197.143 192.168.197.143:443 check inter 2000 fall 5

• 重启HAProxy服务并验证

[root@localhost ~]# systemctl restart haproxy
[root@localhost ~]# ss -antl
State       Recv-Q       Send-Q                Local Address:Port               Peer Address:Port       
LISTEN      0            128                         0.0.0.0:80                      0.0.0.0:*          
LISTEN      0            128                         0.0.0.0:22                      0.0.0.0:*          
LISTEN      0            128                         0.0.0.0:443                     0.0.0.0:*          
LISTEN      0            128                         0.0.0.0:8189                    0.0.0.0:*          
LISTEN      0            128                            [::]:22                         [::]:* 


## 验证
[root@localhost ~]# curl -k https://192.168.197.141
你好世界
[root@localhost ~]# curl -k https://192.168.197.141
HELLO WORLD
[root@localhost ~]# curl -k https://192.168.197.141
你好世界
[root@localhost ~]# curl -k https://192.168.197.141
HELLO WORLD

• 访问web配置信息页面