首页    技术博客    PHP教程    数据库技术    前端开发   HTML5    Nginx    php论坛
新用户注册 | 会员登录
加入会员,解锁专属内容
取消
热门标签 | HotTags
当前位置:  开发笔记 > 编程语言 > 正文

HAproxy详解(1)

作者:晓辉19890424俱乐部 | 来源:互联网 | 2023-06-30 05:15
实验环境:node3varnish服务器:ens192192.168.170.10ens224192.168.10.254node1backendser

 

实验环境:
node3  varnish服务器: ens192 192.168.170.10  
                                         ens224 192.168.10.254
node1  backend server 1:192.168.10.10          
node2  backend server 2:192.168.10.11
 

 

示例1: 

[root@node1 ~]# vi /etc/rsyslog.conf
$ModLoad imudp 监听udp协议
$UDPServerRun 514 监听514端口local2.* /var/log/haproxy.log[root@node1 ~]# systemctl restart rsyslog.service
[root@node1 ~]# ss -tunlp | grep 514 日志功能生效安装haproxy并启动
[root@node1 ~]# yum -y install haproxy
[root@node1 ~]# systemctl start haproxy
[root@node1 ~]# rpm -ql haproxy[root@node1 ~]# vi /etc/haproxy/haproxy.cfgfrontend webbind *:80default_backend websrvsbackend websrvsbalance roundrobinserver srv1 172.16.100.6:80 checkserver srv2 172.16.100.7:80 check :.,$s@[^{^#]@#$@g 从光标指定的当前行到最后一行没有#的行,在行首添加#
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlpnode2 backend server 2[root@node2 ~]# yum -y install httpd
[root@node2 ~]# vi /etc/www/html/index.html

Backend Server 2

yum -y install ab
ab -c 10 -n 1000000 http://172.16.0.67node3 backend serve:3[root@node3 ~]# yum -y install httpd
[root@node3 ~]# vi /etc/www/html/index.html

Backend Server3

客户端:
for i in {1..10}; do curl http://ip/; done

示例2: 

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend webbind *:8default_backend websrvsbackend websrvsbalance uriserver srv1 172.16.100.6:80 check maxconn 3server srv2 172.16.100.7:80 checkhash-type consistent
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp[root@node2 ~]# cd /var/www/html
[root@node2 ~]# for i in {1..10}; do echo "Test Page $i @BES 1"> test$i.html; done[root@node3 ~]# cd /var/www/html
[root@node3 ~]# for i in {1..10}; do echo "Test Page $i @BES 2"> test$i.html; done测试:
for i in {1..10}; do curl http://172.16.0.67/test1.html; done

示例3:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend webbind *:8default_backend websrvsbackend websrvsbalance hdr(User-Agent)server srv1 172.16.100.6:80 check maxconn 3server srv2 172.16.100.7:80 checkhash-type consistent
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp

 示例4:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend webbind *:8compression algo gzipcompression type text/html text/plain application/xml application/Javascriptdefault_backend websrvsbackend websrvsbalance roundrobinserver srv1 172.16.100.6:80 check maxconn 3server srv2 172.16.100.7:80 check backup[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp[root@node2~]# cp /var/log/httpd/access_log /var/www/html/log.txt[root@node3 ~]# cp /var/log/httpd/access_log /var/www/html/log.txt客户端浏览器:http://172.16.0.67 or http://172.16.0.67/log.txt 是否压缩

示例5: 

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend webbind *:8compression algo gzipcompression type text/html text/plain application/xml application/Javascriptdefault_backend websrvsbackend websrvsbalance roundrobinoption httpchk GET /test1.html HTTP/1.0server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 server srv2 172.16.100.7:80 check backup
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlpnode2
[root@node2 ~]# tail /var/log/httpd/access_log 有健康状态检查log信息

示例6:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend webbind *:8compression algo gzipcompression type text/html text/plain application/xml application/Javascriptdefault_backend websrvsbackend websrvsbalance roundrobin#option httpchk GET /test1.html HTTP/1.0server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 redir http://www.baidu.com/server srv2 172.16.100.7:80 check backup
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp浏览器访问:http://172.16.0.67 发现重定向到百度

示例7:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend webbind *:8compression algo gzipcompression type text/html text/plain application/xml application/Javascriptdefault_backend websrvsbackend websrvsbalance roundrobin#option httpchk GET /test1.html HTTP/1.0server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 weight2server srv2 172.16.100.7:80 check weight 1
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp客户端:命令行输入 2:1
for i in {1..10}; do curl http://172.16.0.67/test1.html; done

示例8:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend webbind *:80compression algo gzipcompression type text/html text/plain application/xml application/Javascriptdefault_backend websrvsbackend websrvsbalance roundrobinstate enable #option httpchk GET /test1.html HTTP/1.0server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 weight2server srv2 172.16.100.7:80 check weight 1
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp浏览器输入:http://172.16.0.67/haproxy?/stats

示例9:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend webbind *:80state enable state realm "HAProxy State Page" state uri /myproxy?adminstats auth admin:adminstats admin if TRUEcompression algo gzipcompression type text/html text/plain application/xml application/Javascriptdefault_backend websrvsbackend websrvsbalance roundrobin#option httpchk GET /test1.html HTTP/1.0server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 weight2server srv2 172.16.100.7:80 check weight 1
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp

示例10:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80compression algo gzipcompression type text/html text/plain application/xml application/Javascriptdefault_backend websrvsbackend websrvsbalance roundrobinoption httpchk 做七层检查,如果不加是四层检测server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 weight2server srv2 172.16.100.7:80 check weight 1
listen statsbind :9099stats enablestate uri /myproxy?adminstats realm HAPorxy\ Stats\ Pagestats auth admin:adminstats admin if TRUE
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp浏览器输入:http://172.16.0.67:9099/myproxy?admin 正常

示例11:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80compression algo gzipcompression type text/html text/plain application/xml application/Javascriptdefault_backend websrvsbackend websrvsbalance roundrobinoption httpchk 做七层检查,如果不加是四层检测server srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 weight2server srv2 172.16.100.7:80 check weight 1
listen statsbind :9099stats enablestate uri /myproxy?adminstats realm HAPorxy\ Stats\ Pagestats auth admin:adminstats admin if TRUElisten sshsrvsbind *:22022balance leastconnmode tcpserver sshsrv1 172.16.100.6:22 checkserver sshsrv2 172.16.100.7:22 check
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp客户端:ssh root@172.16.0.67 -p 22022 连接
ssh root@172.16.0.67 -p 22022 再连接

示例12:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80compression algo gzipcompression type text/html text/plain application/xml application/Javascriptdefault_backend websrvsbackend websrvsbalance roundrobinCOOKIE WEBSRV insert nocache indirectserver srv1 172.16.100.6:80 weight 2 check rise 1 fall 2 maxconn 3000 COOKIE srv1server srv2 172.16.100.7:80 weight 1 check rise 1 fall 2 maxconn 3000 COOKIE srv2option httpchkserver srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 weight2server srv2 172.16.100.7:80 check weight 1
listen statsbind :9099stats enablestate uri /myproxy?adminstats realm HAPorxy\ Stats\ Pagestats auth admin:adminstats admin if TRUE
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80浏览器:http://172.160.67/test3.html http://172.160.67/test7.html 请求报文srv=srv1

示例13:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
defaultoption forwarddor except 127.0.0.0/8 if-none
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80[root@node2 ~]# vi /etc/httpd/httpd.confLogFormat "%{X-Forwarded-For}i
[root@node1 ~]# systemctl restart httpd浏览器:http://172.160.67/test3.html 可看到响应的是backend server

示例14:

[root@node1 ~]# mkdir /etc/proxy/errorfiles
vi /etc/proxy/errorfiles/403.html
forbiden[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80compression algo gzipcompression type text/html text/plain application/xml application/Javascripterrorfile 403 /etc/haproxy/errorfiles/403.htmlerrorloc 403 http://172.16.0.67:10080/errorloc/403.html default_backend websrvsbackend websrvsbalance roundrobinCOOKIE WEBSRV insert nocache indirectserver srv1 172.16.100.6:80 weight 2 check rise 1 fall 2 maxconn 3000 COOKIE srv1server srv2 172.16.100.7:80 weight 1 check rise 1 fall 2 maxconn 3000 COOKIE srv2option httpchkserver srv1 172.16.100.6:80 check inter 3000ms rise 1 fall 2 weight2server srv2 172.16.100.7:80 check weight 1listen statsbind :9099stats enablestate uri /myproxy?adminstats realm HAPorxy\ Stats\ Pagestats auth admin:adminstats admin if TRUE
[root@node1 ~]# yum -y install nginx
[root@node1 ~]# vi /etc/nginx/conf.d/errorfile.conf
server {listen 10080;server_name error.magedu.com;root /data/nginx/html;
}
[root@node1 ~]# mkdir -pv /etc/nginx/html/errorloc
[root@node1 ~]# vi /etc/nginx/html/errorloc/403.html
403 from nginx
[root@node1 ~]# systemctl restart nginx
[root@node1 ~]# vi /etc/nginx/nginx.conf
server {listen 8089 default_server;
}
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80浏览器:http://172.160.67/test3.html http://172.160.67/test7.html 请求报文srv=srv1

示例15:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80compression algo gzipcompression type text/html text/plain application/xml application/Javascripterrorfile 403 /etc/haproxy/errorfiles/403.htmlerrorloc 403 http://172.16.0.67:10080/errorloc/403.html reqadd -X Proxy-By:\ HAProxyrsqadd -X Proxy-By:\ HAProxy-1.5default_backend websrvs
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80[root@node2 ~]# vi /etc/httpd/httpd.confLogFormat "%{X Proxy-By}i
[root@node2 ~]# tail /var/log/message

示例16:

示例14:添加请求首部
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80compression algo gzipcompression type text/html text/plain application/xml application/Javascripterrorfile 403 /etc/haproxy/errorfiles/403.htmlerrorloc 403 http://172.16.0.67:10080/errorloc/403.html reqadd -X Proxy-By:\ HAProxyrspadd -X Proxy-By:\ HAProxy-1.5rspdel -X Proxy-By:.*default_backend websrvs
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80浏览器输入:http://172.16.0.67/test1.html 响应首部带haproxy

示例17:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
listen statsbind :9099acl allowstats src 172.16.0.67block if ! allowstatserrorloc 403 http://172.16.0.67:10080/errorloc/403.htmlstats enablestate uri /myproxy?adminstats realm HAPorxy\ Stats\ Pagestats auth admin:adminstats admin if TRUE
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80浏览器输入:http://172.16.0.67:9099/myproxy?admin 正常
相反去掉!重启服务 http://172.16.0.67:10080/errorloc/403.html 自定义错误页

示例18:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
listen statsbind :9099http-request allow if allowstatsacl allowstats src 172.16.0.67stats enablestate uri /myproxy?adminstats realm HAPorxy\ Stats\ Pagestats auth admin:adminstats admin if TRUE
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80
客户端访问:
[root@node2 ~]# curl --basic --user admin:admin http://172.16.0.67:9099/myproxy?admin 正常访问

示例19:

[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
listen statsbind :9099acl all src 0.0.0.0/0.0.0.0acl allowstats src 172.16.0.67http-request allow if allowstatshttp-request deny if allstats enablestate uri /myproxy?adminstats realm HAPorxy\ Stats\ Pagestats auth admin:adminstats admin if TRUE
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp | grep 80
客户端访问:
[root@node2 ~]# curl --basic --user admin:admin http://172.16.0.67:9099/myproxy?admin 无法正常访问

示例20:

node2
[root@node2 ~]# yum -y install php
[root@node2 ~]# mkdir /data/web/vhost{1,2} -pv
[root@node2 ~]# vi /data/web/vhost1/info.php

Application Server 1


?php>phpinfo();
?>
[root@node2 ~]# cp /data/web/vhost{1,2}/info.php
[root@node2 ~]# vi /data/web/vhost2/info.php

Application Server 2


?php>phpinfo();
?>
[root@node2 ~]#vi /etc/httpd/conf.d/vhost1.conf
ServerName www1.magedu.comDocumentRoot "/data/web/vhost1"Options FollowSymLinksAllowOverride NoneRequire all granted

[root@node2 ~]#cp /etc/httpd/conf.d/vhost1.conf /etc/httpd/conf.d/vhost2.conf
[root@node2 ~]#vi /etc/httpd/conf.d/vhost2.conf
listen :8080
ServerName www1.magedu.comDocumentRoot "/data/web/vhost1"Options FollowSymLinksAllowOverride NoneRequire all granted

[root@node2 ~]# systemctl restart httpd
[root@node2 ~]# ss tunlp测试:http://172.16.0.68:80/info.php
http://172.16.0.68:8080/info.php
node3
[root@node3 ~]# mkdir /data/web/vhost{1,2} -pv
[root@node3 ~]# cd /data/web/vhost1/
[root@node3 ~]#
[root@node3 ~]# vi /data/web/vhost1/test.txt
Image Server 1
[root@node3 ~]# vi /data/web/vhost2/test.txt
Image Server 2[root@node2 ~]# scp /etc/httpd/conf.d/vhost* 172.16.0.69:/etc/httpd/conf.d/
测试:
http://172.16.0.69:80/test.txt
http://172.16.0.69:8080/test.txtnode1 配置
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80compression algo gzipcompression type text/html text/plain application/xml application/Javascripterrorfile 403 /etc/haproxy/errorfiles/403.htmlerrorloc 403 http://172.16.0.67:10080/errorloc/403.html reqadd -X Proxy-By:\ HAProxyrspadd -X Proxy-By:\ HAProxy-1.5rspidel -X ^Server:.*acl static path_end .jpg .jpeg .gif .txt .html .css .Javascript .jsacl static path_beg /imgs /images /css /Javascriptsuse _backend staticsrvs if staticdefault_backend dynsrvsbackend dynsrvsCOOKIE SRV insert indirect nocachebalance roundrobinoption httpchkserver dynsrv1 172.16.100.6:80 check COOKIE dynsrv1server dynsrv2 172.16.100.7:8080 check COOKIE dynsrv2backend staticsrvsbalance roundrobinserver staticsrv1 172.16.100.6:80 checkserver staticsrv2 172.16.100.7:8080 checklisten statsbind :9099stats enablestate uri /myproxy?adminstats realm HAPorxy\ Stats\ Pagestats auth admin:adminstats admin if TRUE
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp浏览器输入:http://172.16.0.67/info.php 正常
http://172.16.0.67/test.txt 正常
http://172.16.0.67/ski.jgp 正常

示例21:

示例21:拒绝curl访问
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80compression algo gzipcompression type text/html text/plain application/xml application/Javascripterrorfile 403 /etc/haproxy/errorfiles/403.htmlerrorloc 403 http://172.16.0.67:10080/errorloc/403.html reqadd -X Proxy-By:\ HAProxyrspadd -X Proxy-By:\ HAProxy-1.5rspidel -X ^Server:.*acl static path_end .jpg .jpeg .gif .txt .html .css .Javascript .jsacl static path_beg /imgs /images /css /Javascriptsacl bad_browsers hdr_reg(User-Agent) .*curl.*block if bad_browsersuse _backend staticsrvs if staticdefault_backend dynsrvs
[root@node1 ~]# systemctl restart haproxy
[root@node1 ~]# ss -tunlp浏览器输入http://172.16.0.67/test.txt 正常
curl http://172.16.0.67/test.txt 无显示

示例22:

示例23:
[root@node1 ~]# vi /etc/haproxy/haproxy.cfg
frontend web *:80compression algo gzipcompression type text/html text/plain application/xml application/Javascripterrorfile 403 /etc/haproxy/errorfiles/403.htmlerrorloc 403 http://172.16.0.67:10080/errorloc/403.html reqadd -X Proxy-By:\ HAProxyrspadd -X Proxy-By:\ HAProxy-1.5rspidel -X ^Server:.*acl static path_end .jpg .jpeg .gif .txt .html .css .Javascript .jsacl static path_beg /imgs /images /css /Javascriptsacl valid_referers hdr_reg(Referer) \.magedu\.comblock unless valid_referersuse _backend staticsrvs if staticdefault_backend dynsrvs客户端使用curl命令
curl -e "http://www.magedu.com/admin.php" http://172.16.0.67/test.txt

正在完善中请见谅!


推荐阅读
author-avatar
晓辉19890424俱乐部
这个家伙很懒,什么也没留下!
Tags | 热门标签
RankList | 热门文章
PHP1.CN | 中国最专业的PHP中文社区 | DevBox开发工具箱 | json解析格式化 |PHP资讯 | PHP教程 | 数据库技术 | 服务器技术 | 前端开发技术 | PHP框架 | 开发工具 | 在线工具
Copyright © 1998 - 2020 PHP1.CN. All Rights Reserved | 京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有