haproxy是一款功能强大、灵活好用反向代理软件,提供了高可用、负载均衡、后端服务器代理的功能,它在7层负载均衡方面的功能很强大(支持
COOKIE track, header
rewrite等等),支持双机热备,支持虚拟主机,拥有非常不错的服务器健康检查功能,当其代理的后端服务器出现故障,
HAProxy会自动将该服务器摘除,故障恢复后再自动将该服务器加入;同时还提供直观的监控页面,可以清晰实时的监控服务集群的运行状况。
在四层(tcp)实现负载均衡的软件:
lvs------>重量级
nginx------>轻量级,带缓存功能,正则表达式较灵活
haproxy------>模拟四层转发,较灵活
在七层(http)实现反向代理的软件:
haproxy------>天生技能,全面支持七层代理,会话保持,标记,路径转移;
nginx------>只在http协议和mail协议上功能比较好,性能与haproxy差不多;
apache------>功能较差
haproxy的配置文件分为四个部分:
全局配置:
global: 全局配置段
代理配置:
default: 默认配置----->所有在backend、frontend、linsten中相同内容可以在此定义;
frontend:前段配置----->定义前端套接字,接受客户端请求;
backend: 后端配置----->定义后端分配规则,与后端服务器交互;
listen: 绑定配置----->直接将指定的客户端与后端特定服务器绑定到一起;
实验环境:rhel6.5 selinux and iptables disabled
172.25.85.2 server2.example.com
172.25.85.3 server3.example.com
172.25.85.7 server7.example.com
172.25.85.8 server8.example.com
1.haproxy的安装和配置:
在server3和server2上安装:
yum install haproxy -y
/etc/init.d/haproxy start
在server2上:
vim /etc/haproxy/haproxy.cfg
需要注释掉一部分:
stats uri /status
stats auth admin:westos
frontend westos *:80
default_backend web
backend web
balance roundrobin
server web1 172.25.31.10:80 check weight 1
server web2 172.25.31.11:80 check weight 1
server backup 127.0.0.1:8080 backup
server backup 127.0.0.1:8080 backup
/etc/init.d/haproxy reload
检测:
打开server7和server8上的httpd:
在浏览器中打开172.25.85.2
交替出现 server7.linux.org server8.westos.org
在浏览器中打开172.25.85.2/status
检测2:
关闭server7和server8上的httpd
在server2上:
echo server2.zhangweijing > index.html
vim /etc/httpd/conf/httpd.conf
listen 8080
/etc/init.d/httpd start
在浏览器中打开172.25.85.2:
2. server2:
tail -f /var/log/messages
vim /etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
local2.* /var/log/haproxy.log
/etc/init.d/rsyslog reload
tail -f /var/log/messages
tail -f /var/log/haproxy.log
3. server2:
vim /etc/haproxy/haproxy.cfg
增加 stats auth admin:westos
/etc/init.d/haproxy reload
在浏览器中打开172.25.85.2/status
4.1 server2:
vim /etc/haproxy/haproxy.cfg
增加
frontend westos *:80
acl bad src 172.25.85.250
block if bad
errorloc 403 http://172.25.85.2:8080
default_backend web
backend web
balance roundrobin
server web1 172.25.85.7:80 check
server web2 172.25.85.8:80 check
server backup 127.0.0.1:8080 backup
/etc/init.d/haproxy reload
在浏览器中打开http://172.25.85.2:8080/
4.2 server2:
vim /etc/haproxy/haproxy.cfg
frontend westos *:80
acl bad src 172.25.85.250
#block if bad
#errorloc 403 http://172.25.85.2:8080
redirect location http://172.25.85.3:80 if bad
default_backend web
backend web
balance roundrobin
server web1 172.25.85.7:80 check
server web2 172.25.85.8:80 check
server backup 127.0.0.1:8080 backup
/etc/init.d/haproxy reload
在浏览器中打开http://172.25.85.3
4.3 server2:
vim /etc/haproxy/haproxy.cfg
frontend westos *:80
acl bad src 172.25.85.250
#block if bad
#errorloc 403 http://172.25.85.2:8080
#redirect location http://172.25.85.3:80 if bad
# http-request deny if denyfile bad
default_backend web
backend web
balance roundrobin
server web1 172.25.85.7:80 check
server web2 172.25.85.8:80 check
server backup 127.0.0.1:8080 backup
/etc/init.d/haproxy reload
在server7:
cd /var/www/html/
mkdir admin
cd admin/
echo server7.server7 > index.html
在server8:
cd /var/www/html/
mkdir admin
cd admin/
echo server8.server8 > index.html
在浏览器中打开http://172.25.85.2/admin/
交替出现 server7.server7 server8.server8
4.4 server2:
vim /etc/haproxy/haproxy.cfg
frontend westos *:80
acl bad src 172.25.85.250
acl denyfile path /admin/
#block if bad
#errorloc 403 http://172.25.85.2:8080
#redirect location http://172.25.85.3:80 if bad
http-request deny if denyfile bad
default_backend web
backend web
balance roundrobin
server web1 172.25.85.7:80 check
server web2 172.25.85.8:80 check
server backup 127.0.0.1:8080 backup
/etc/init.d/haproxy reload
在浏览器中打开http://172.25.85.2/admin/
5.server2:
vim /etc/haproxy/haproxy.cfg
frontend westos *:80
acl bad src 172.25.85.250
acl denyfile path /admin/
#block if bad
#errorloc 403 http://172.25.85.2:8080
#redirect location http://172.25.85.3:80 if bad
#http-request deny if denyfile bad
acl url_static path_beg -i /static /images /Javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend images if url_static
default_backend upload
backend images
balance roundrobin
server web1 172.25.85.7:80 check
server backup 127.0.0.1:8080 backup
backend upload
server web2 172.25.85.8:80 check
/etc/init.d/haproxy reload
server7:
cd /var/www/html/
mkdir images ##给这个目录下方一个小图片redhat.jpg
在浏览器中打开:http://172.25.85.2/images/redhat.jpg
6.server2:
vim /etc/haproxy/haproxy.cfg
frontend westos *:80
acl bad src 172.25.85.250
acl denyfile path /admin/
#block if bad
#errorloc 403 http://172.25.85.2:8080
#redirect location http://172.25.85.3:80 if bad
#http-request deny if denyfile bad
acl url_static path_beg -i /static /images /Javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
acl read method GET
acl read method HEAD
acl write method PUT
acl write method POST
# use_backend images if url_static
# use_backend images if read
use_backend upload if write
default_backend images
backend images
balance roundrobin
server web1 172.25.85.8:80 check
backend upload
server web1 172.25.85.7:80 check
/etc/init.d/haproxy reload
在server8:
cd /var/www/html ##将upload文件放在这个目录下
chown 777 upload
cd /var/www/html /upload
mkdir upload
在浏览器中打开172.25.85.2/upload就可以上传文件了。
企业之haproxy