一���、HAProxy簡(jiǎn)介
10余年專注成都網(wǎng)站制作���,成都企業(yè)網(wǎng)站定制,個(gè)人網(wǎng)站制作服務(wù)��,為大家分享網(wǎng)站制作知識(shí)����、方案,網(wǎng)站設(shè)計(jì)流程�、步驟,成功服務(wù)上千家企業(yè)。為您提供網(wǎng)站建設(shè),網(wǎng)站制作,網(wǎng)頁(yè)設(shè)計(jì)及定制高端網(wǎng)站建設(shè)服務(wù),專注于成都企業(yè)網(wǎng)站定制,高端網(wǎng)頁(yè)制作,對(duì)生料攪拌車等多個(gè)方面��,擁有豐富的網(wǎng)站維護(hù)經(jīng)驗(yàn)�。
? ?代理的作用:web緩存(加速)�����、反向代理、內(nèi)容路由(根據(jù)流量及內(nèi)容類型等將請(qǐng)求轉(zhuǎn)發(fā)至特定服務(wù)器)����、轉(zhuǎn)碼器(將后端服務(wù)器的內(nèi)容壓縮后傳輸給client端)。
緩存的作用:減少冗余內(nèi)容傳輸�;節(jié)省帶寬、緩解網(wǎng)絡(luò)瓶頸�����;降低了對(duì)原始服務(wù)器的請(qǐng)求壓力����,降低了傳輸延遲。
??? HAProxy是一種免費(fèi)的�����、非?���?焖偾铱煽康慕鉀Q方案,它提供了高可用性���、負(fù)載平衡和對(duì)TCP和基于http的應(yīng)用程序的代理����。它特別適用于非常高的流量網(wǎng)站,并為世界上訪問(wèn)量最大的網(wǎng)站提供了強(qiáng)大的力量�����。多年來(lái)��,它已經(jīng)成為事實(shí)上的標(biāo)準(zhǔn)的opensource負(fù)載平衡器����,現(xiàn)在隨大多數(shù)主流Linux發(fā)行版本一起發(fā)布,
? ? 并且經(jīng)常在云平臺(tái)上默認(rèn)部署����。
?? ?HAProxy:只是http協(xié)議的反向代理,不提供緩存功能����。????
二、HAProxy測(cè)試環(huán)境搭建
1�����、簡(jiǎn)單架構(gòu)圖
2、測(cè)試環(huán)境(說(shuō)明):
HAProxy:192.168.16.10
web1:? ?192.168.16.11
web2:? ?192.168.16.12
操作系統(tǒng):CentOS Linux release 7.3.1611 (Core)
iptables關(guān)閉和selinux為disabled
3�、HAProxy服務(wù)器安裝haproxy
通過(guò)yum安裝Haproxy:
[root@sheng1?haproxy]#?yum?-y?install?haproxy
查看Haproxy版本
[root@sheng1?haproxy]#?haproxy?-v
HA-Proxy?version?1.5.18?2016/05/10
Copyright?2000-2016?Willy?Tarreau?
4���、web1和web2安裝httpd
web服務(wù)器1:192.168.16.11
Web服務(wù)器2:192.168.16.11
yum -y install httpd
echo "1111111" > /var/www/html/index.html
systemctl start httpd
echo "2222222" > /var/www/html/index.html
systemctl start httpd
然后systemctl start httpd.service
查看和配置haproxy配置文件
cat?/etc/haproxy/haproxy.cfg?|?egrep?-v?'(#|^$)'
5�、配置HAProxy
vim /etc/haproxy/haproxy.cfg
[root@sheng1 haproxy]# pwd
/etc/haproxy
修改haproxy.cfg的配置如下:
global???????????????????#全局配置
????log????127.0.0.1?local2????#日志輸出配置
????chroot??/var/lib/haproxy?????#haproxy工作目錄
????pidfile??/var/run/haproxy.pid???#haproxy的pid目錄
????maxconn??4000???????????#最大連接數(shù)(默認(rèn)配置)
????user????haproxy?????????#運(yùn)行haproxy用戶
????group???haproxy?????????#haproxy所屬組
????daemon???????????????#后臺(tái)啟動(dòng)
????stats?socket?/var/lib/haproxy/stats??#這個(gè)不知道�,后續(xù)補(bǔ)充
defaults??????????????????????????????????#默認(rèn)配置
????mode???http????????????#默認(rèn)模式mod{tcp|http|health}
????log???global??????????#日志系統(tǒng)與global段相同
????option??httplog??????????#日志類別采用httplog
????option??dontlognull??????????#不記錄健康檢查日志
????option??http-server-close?????#每次請(qǐng)求完畢后主動(dòng)關(guān)閉http通道
????option??forwardfor??except?127.0.0.0/8??#后端服務(wù)器需要獲得客戶端真實(shí)ip需要配置的參數(shù)
????option??redispatch???????????#當(dāng)請(qǐng)求的服務(wù)器掛掉之后強(qiáng)行切換到健康的服務(wù)器
????retries?3??????????????#3次連接服務(wù)器失敗后確定服務(wù)器不可用
????timeout?http-request?10s????#默認(rèn)http請(qǐng)求超時(shí)時(shí)間(可優(yōu)化)
????timeout?queue?????1m????#默認(rèn)隊(duì)列超時(shí)時(shí)間(可優(yōu)化)
????timeout?connect????10s????#默認(rèn)連接超時(shí)時(shí)間(可優(yōu)化)
????timeout?client????1m????#默認(rèn)客戶端超時(shí)時(shí)間(可優(yōu)化)
????timeout?server????1m????#默認(rèn)服務(wù)器超時(shí)時(shí)間(可優(yōu)化)
????timeout?http-keep-alive?10s??#默認(rèn)持久連接超時(shí)時(shí)間(可優(yōu)化)
????timeout?check??????10s??#默認(rèn)心跳檢測(cè)超時(shí)時(shí)間(可優(yōu)化)
????maxconn?????????3000??#最大連接數(shù),不要超過(guò)全局配置最大連接數(shù)
listen?stats_auth????????????#監(jiān)控頁(yè)面及監(jiān)聽(tīng)端口混合配置�����,做的有點(diǎn)差����,僅做參考
????bind?192.168.16.10:8000??????#綁定監(jiān)控頁(yè)面監(jiān)聽(tīng)端口
????stats?uri?/status???????#haproxy監(jiān)控頁(yè)面
????stats?auth?admin:westos????#配置監(jiān)控頁(yè)面賬號(hào)密碼登錄
????stats?refresh?5s????????#監(jiān)控頁(yè)面自動(dòng)刷新時(shí)間
????stats?hide-version???????#隱藏監(jiān)控頁(yè)面haproxy版本號(hào),保障安全
????listen?www.jzz.nginx?*:8088??#監(jiān)聽(tīng)的實(shí)例名稱�、地址和端口,可配置多個(gè)
????server?web1?192.168.16.11:80?cookie?app1inst1?check?inter?2000?rise?2?fall?5????????
????#后端web服務(wù)器ip及其他配置
????listen?www.jzztest.org?*:8089?#監(jiān)聽(tīng)的實(shí)例名稱�、地址和端口,可配置多個(gè)
????server?web2?192.168.16.12:80?cookie?app1inst2?check?inter?2000?rise?2?fall?5????????
????#后端web服務(wù)器ip及其他配置
????#??注意參數(shù)解釋:inter?2000?心跳檢測(cè)時(shí)間�����;rise?2?三次連接成功�,表示服務(wù)器正常�����;
????#??fall?5?三次連接失敗����,表示服務(wù)器異常���;?weight?1?權(quán)重設(shè)置
????listen?localhost.localdomain?*:80
????balance?roundrobin??????
????#負(fù)載均衡算法(有roundrobin���、static-rr、leastconn��、source����、url、url_param���、hdr���、rdp_cookie)
frontend??main?*:5000???????????#frontend前端配置,為haproxy安裝時(shí)就有�����,能力有限,不再解釋
????acl?url_static???????path_beg???????-i?/static?/images?/javascript?/stylesheets
????acl?url_static???????path_end???????-i?.jpg?.gif?.png?.css?.js
????use_backend?static??????????if?url_static
????default_backend?????????????app
backend?static?????????????#backend前端配置�����,為haproxy安裝時(shí)就有����,能力有限�����,不再解釋
????balance?????roundrobin
????server??????static?127.0.0.1:4331?check
backend?app???????????????#backend前端配置���,為haproxy安裝時(shí)就有����,能力有限�,不再解釋
????balance?????roundrobin
????server??app1?127.0.0.1:5001?check
????server??app2?127.0.0.1:5002?check
????server??app3?127.0.0.1:5003?check
????server??app4?127.0.0.1:5004?checkrsyslog 系統(tǒng)日志轉(zhuǎn)發(fā)
編輯配置文件/etc/rsyslog.conf
加入如下內(nèi)容:
$ModLoad?imudp
$UDPServerRun?514
local2.*????/var/log/haproxy.log
vim /etc/sysconfig/rsyslog
SYSLOGD_OPTIONS="-r -m 0"???????????#接收遠(yuǎn)程服務(wù)器日志
重啟rsyslog進(jìn)程
systemctl restart rsyslog
6. 啟動(dòng)haproxy服務(wù)
systemctl?start?haproxy
三、測(cè)試環(huán)境是否健康
通過(guò)瀏覽器訪問(wèn)HAProxy
http://192.168.16.10:8000/status
訪問(wèn)haproxy監(jiān)控頁(yè)面端口下的/status,為了安全起見(jiàn)�����,第一次登陸需要賬號(hào)密碼,賬號(hào)密碼就是配置文件里設(shè)置的
進(jìn)入監(jiān)控頁(yè)面����,在這里可以看到我們的配置
訪問(wèn)haproxy服務(wù)器ip的8088端口,可以發(fā)現(xiàn)跳轉(zhuǎn)到了Web服務(wù)器1
訪問(wèn)haproxy服務(wù)器ip的8089端口�,可以發(fā)現(xiàn)跳轉(zhuǎn)到了Web服務(wù)器2
也可以設(shè)置域名訪問(wèn)到不同web服務(wù)器,但要在本地host綁定域名ip對(duì)應(yīng)關(guān)系�����。
haproxy服務(wù)器配置成功
三�����、haproxy+keepalived簡(jiǎn)單配置
前提:
1.兩臺(tái)haproxy服務(wù)器����,配置基本一樣,可參考上面haproxy的配置��,后端web服務(wù)器一樣
2.兩臺(tái)haproxy服務(wù)器器上都已安裝完成keepalived�,安裝教程參考我的lvs+keepalived配置中的keepalived的安裝。
環(huán)境:
haproxy服務(wù)器1:192.168.16.9
haproxy服務(wù)器2:192.168.16.10
haproxy代理web服務(wù)器1:192.168.16.11(hostname:www.jzz.nginx?默認(rèn)頁(yè)面:1111111)
haproxy代理Web服務(wù)器2:192.168.16.12(hostname:www.jzztest.org?默認(rèn)頁(yè)面:2222222)
keepalived主服務(wù)器:192.168.174.9
keepalived從服務(wù)器:192.168.174.10
VIP:192.168.16.8
操作系統(tǒng):centos7.3???iptables關(guān)閉和selinux為disabled
兩臺(tái)keepalived主機(jī)的設(shè)置
? ? ? 1����、配置HAProxy:新加進(jìn)來(lái)的192.168.16.9也要和之前的haproxy做同樣的配置�����。
? 2�、?haproxy服務(wù)器兩臺(tái)機(jī)均安裝keepalived
#安裝依賴文件與keepalive
# yum install -y openssl openssl-devel keepalived
keepalived主服務(wù)器配置文件
[root@sheng0?~]#?cat?/etc/keepalived/keepalived.conf
!?Configuration?File?for?keepalived
global_defs?{
????router_id?LVS_R1
}
vrrp_strict?chk_http_port?{
?????????script?"/opt/script/check_haproxy.sh"
?????????interval?2
?????????weight???2
}
vrrp_instance?VI_1?{
????state?MASTER
??interface?ens33
??virtual_router_id?88
??priority?100
??advert_int?1
??authentication?{
?????auth_type?PASS
?????auth_pass?1111
??}
??virtual_ipaddress?{
?????192.168.16.8
??}
??track_script?{
?????check_haproxy
??}
}
keepalived從服務(wù)器配置文件
[root@sheng1?/]#?cat?/etc/keepalived/keepalived.conf
!?Configuration?File?for?keepalived
global_defs?{
????router_id?LVS_R2
}
vrrp_strict?chk_http_port?{???????????#?Haproxy監(jiān)控腳本
???????script?"/opt/script/check_haproxy.sh"
???????interval?2
???????weight?2
}
vrrp_instance?VI_1?{
????state?BACKUP
??interface?ens33
??virtual_router_id?88
??priority?80
??advert_int?1
??authentication?{
??????auth_type?PASS
???????auth_pass?1111
??}
??virtual_ipaddress?{
??????192.168.16.8
??}
??track_script?{
??????check_haproxy
??}
}
keepalived主從配置文件依舊只有很小差別��,在這里只有priority和router_id不同���,在這里用到了一個(gè)檢測(cè)haproxy存活性的腳本,主從配置文件都有且相同
[root@sheng1?script]#?cat?check_haproxy.sh?
#!/bin/bash
if?[?$(ps?-C?haproxy?--no-header?|?wc?-l)?-eq?0?];then
??????/etc/init.d/haproxy?start
fi
sleep?2
if?[?$(ps?-C?haproxy?--no-header?|?wc?-l)?-eq?0?];then
??????/etc/init.d/haproxy?stop
fi
*******************************************************************************************************************
附錄:
haproxy配置文件:
global
????log????????127.0.0.1?local2
????chroot??????/var/lib/haproxy
????pidfile?????/var/run/haproxy.pid
????maxconn?????4000
????user???????haproxy
????group???????haproxy
????daemon
????stats?socket?/var/lib/haproxy/stats
defaults
????mode????????????????http
????log????????????????global
????option??????????????httplog
????option??????????????dontlognull
????option?http-server-close
????option?forwardfor???????except?127.0.0.0/8
????option??????????????redispatch
????retries??????????????3
????timeout?http-request??????10s
????timeout?queue??????????1m
????timeout?connect?????????10s
????timeout?client?????????1m
????timeout?server?????????1m
????timeout?http-keep-alive?10s
????timeout?check??????????10s
????maxconn??????????????3000
listen?stats_auth
????bind?192.168.16.10:8000
????stats?uri?/status
????stats?auth?admin:westos
????stats?refresh?5s
????stats?hide-version
????listen?www.jzz.nginx?*:8088
????server?web1?192.168.16.11:80?cookie?app1inst1?check?inter?2000?rise?2?fall?5
????listen?www.jzztest.org?*:8089
????server?web2?192.168.16.12:80?cookie?app1inst2?check?inter?2000?rise?2?fall?5
????listen?localhost.localdomain?*:80
????balance?roundrobin
frontend??main?*:5000
????acl?url_static???????path_beg???????-i?/static?/images?/javascript?/stylesheets
????acl?url_static???????path_end???????-i?.jpg?.gif?.png?.css?.js
????use_backend?static??????????if?url_static
????default_backend?????????????app
backend?static
????balance?????roundrobin
????server??????static?127.0.0.1:4331?check
backend?app
????balance?????roundrobin
????server??app1?127.0.0.1:5001?check
????server??app2?127.0.0.1:5002?check
????server??app3?127.0.0.1:5003?check
????server??app4?127.0.0.1:5004?check
推廣:haproxy+keepalived(主主模式)實(shí)現(xiàn)高可用環(huán)境的簡(jiǎn)單配置
https://blog.51cto.com/sf1314/2384572?
文章名稱:haproxy+keepalived(主從模式)實(shí)現(xiàn)高可用環(huán)境的簡(jiǎn)單配置
文章位置:
http://weahome.cn/article/gghges.html
重慶分公司
重慶分公司
