HAproxy
專注于為中小企業(yè)提供成都網(wǎng)站設(shè)計(jì)、成都網(wǎng)站建設(shè)服務(wù),電腦端+手機(jī)端+微信端的三站合一,更高效的管理,為中小企業(yè)富陽免費(fèi)做網(wǎng)站提供優(yōu)質(zhì)的服務(wù)�����。我們立足成都�,凝聚了一批互聯(lián)網(wǎng)行業(yè)人才,有力地推動了上1000家企業(yè)的穩(wěn)健成長�,幫助中小企業(yè)通過網(wǎng)站建設(shè)實(shí)現(xiàn)規(guī)模擴(kuò)充和轉(zhuǎn)變。
LB Cluster (負(fù)載均衡 集群)
四層
lvs���、nginx(stream模塊)����、haproxy
七層
http:nginx(http、ngx_http_upstream)���、haproxy(mode http)��,httpd����,ats�����、perlbal,pound
官方文檔:http://cbonte.github.io/haproxy-dconv/
使用yum安裝 haproxy 光盤收錄的版本即可
以HAProxy 1.5為例
主程序:/usr/sbin/haproxy
主配置文件:/etc/haproxy/haproxy.cfg
配置端分為2段·
global:全局配置段
進(jìn)程及安全配置相關(guān)的參數(shù)
性能調(diào)整相關(guān)參數(shù)
Debug參數(shù)
proxies:代理配置段
default:frontend��,listen�,backend提供默認(rèn)配置:
其中
frontend:前端,相當(dāng)于nginx���,server{ }
backend:后端��,相當(dāng)于nginx���,upstream { }
listen: 同時(shí)用于前端和后端
實(shí)現(xiàn)1.1使用haproxy配制簡單的負(fù)載均衡集群
這里使用三臺主機(jī)
172.18.10.10�����,使用yum安裝httpd���,并配置基本網(wǎng)頁內(nèi)容,啟動httpd服務(wù)
[root@localhost ~]# yum install -y httpd
[root@localhost ~]# vim /var/www/html/index.html
Server1 172.18.10.10
root@localhost ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 100 127.0.0.1:25
172.18.10.11��,使用yum安裝httpd����,并配置基本網(wǎng)頁內(nèi)容,啟動httpd服務(wù)
[root@localhost ~]# yum install -y httpd
[root@localhost ~]# vim /var/www/html/index.html
Server1 172.18.10.11
root@localhost ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 100 127.0.0.1:25
172.18.200.100,使用yum安裝haproxy��,編輯haproxy.cfg文件
[root@localhost haproxy]# vim haproxy.cfg
將frontend斷和backend段做如下修改
frontend web
bind *:80
default_backend websrvs
backend websrvs
balance roundrobin
server srv1 172.18.10.10:80 check
server srv2 172.18.10.11:80 check
啟動haproxy服務(wù)
[root@localhost haproxy]# service haproxy start
使用curl命令訪問測試
[root@localhost ~]# for i in {1..10};do curl http://172.18.200.100;done
Server1 172.18.10.10
Server2 172.18.10.11
Server1 172.18.10.10
Server2 172.18.10.11
Server1 172.18.10.10
Server2 172.18.10.11
Server1 172.18.10.10
Server2 172.18.10.11
Server1 172.18.10.10
Server2 172.18.10.11
結(jié)論��,實(shí)現(xiàn)haproxy簡單的LB Cluster�。調(diào)度規(guī)則默認(rèn)為rr(輪詢)調(diào)度
實(shí)驗(yàn)1.2在原來基礎(chǔ)上添加MySQL服務(wù)�,并實(shí)現(xiàn)負(fù)載均衡調(diào)度
首先在兩臺后端backend服務(wù)器上安裝mysql,并啟動服務(wù)���,配置mysql相關(guān)參數(shù)��,測試mysql鏈接是否正常
[root@BYQ ~]#service mysqld start
Starting mysqld: [ OK ]
mysql> select user();
+----------------+
| user() |
+----------------+
| root@localhost |
+----------------+
1 row in set (0.00 sec)
mysql> grant all on mydb.* to 'test'@'%' identified by 'testpass';
Query OK, 0 rows affected (0.00 sec)
在客戶端主機(jī)上測試mysql的的鏈接是否正常
[root@localhost ~]# mysql -utest -ptestpass -h272.18.10.10
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.1.73 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
[root@localhost ~]# mysql -utest -ptestpass -h272.18.10.11
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.1.73 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
兩臺后端主機(jī)mysql連接均正常
接下來在haproxy服務(wù)器端進(jìn)行配置
[root@localhost ~]# cd /etc/haproxy/
[root@localhost haproxy]# ls
haproxy.cfg haproxy.cfg.bak
[root@localhost haproxy]# cp haproxy.cfg{,.web}
[root@localhost haproxy]# ls
haproxy.cfg haproxy.cfg.bak haproxy.cfg.web
[root@localhost haproxy]# vim haproxy.cfg
frontend web
mode tcp
bind *:3306
default_backend websrvs
backend websrvs
balance leastconn
server mysql1 172.18.10.10:3306 check
server mysql2 172.18.10.11:3306 check
簡單配置完畢
實(shí)驗(yàn)1.3配置haproxy rslog
[root@localhost ~]# vim /etc/rsyslog.conf
# Save boot messages also to boot.log
local7.* /var/log/boot.log
local2.* /var/log/haproxy.log
# Provides UDP syslog reception ##表示載入U(xiǎn)DP模式��,并監(jiān)聽在514端口
$ModLoad imudp
$UDPServerRun 514
保存退出并重啟動rsyslog服務(wù)�,查看日志監(jiān)聽端口是否啟動
[root@localhost ~]# service rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
[root@localhost ~]# ss -unl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:514 *:*
UNCONN 0 0 *:57263 *:*
UNCONN 0 0 :::514 :::*
實(shí)驗(yàn)1.4配置source算法實(shí)現(xiàn)hash-type綁定
編輯haproxy.cfg,更改添加如下配置
backend websrvs
balance source
server srv1 172.18.10.10:80 check
server srv2 172.18.10.11:80 check
hash-type map-based
重啟服務(wù)
[root@localhost haproxy]# service haproxy restart
Stopping haproxy: [ OK ]
Starting haproxy: [ OK ]
在客戶端測試
[root@localhost ~]# for i in {1..10};do curl http://172.18.200.100;done
Backend Server 2 172.18.10.11
Backend Server 2 172.18.10.11
Backend Server 2 172.18.10.11
Backend Server 2 172.18.10.11
Backend Server 2 172.18.10.11
Backend Server 2 172.18.10.11
Backend Server 2 172.18.10.11
Backend Server 2 172.18.10.11
Backend Server 2 172.18.10.11
Backend Server 2 172.18.10.11
實(shí)驗(yàn)1.5配置uri算法提高命中。綁定一致性hash consistent
編輯haproxy.cfg文件
backend websrvs
balance uri
server srv1 172.18.10.10:80 check
server srv2 172.18.10.11:80 check
hash-type consistent
保存退出重啟服務(wù)�,結(jié)論不管哪臺服務(wù)器,只要uri相同��,便訪問同一個(gè)后端主機(jī)���,若uri不同也另當(dāng)別論
例如隨機(jī)在兩臺后端主機(jī)生成20個(gè)頁面文件
[root@localhost ~]# for i in {1..20};do echo "Test Page $i (BE 1)" > /var/www/html/test$i.html;done
[root@localhost ~]# for i in {1..20};do echo "Test Page $i (BE 2)" > /var/www/html/test$i.html;done
在客戶端請求�,則發(fā)現(xiàn)test1在BE1�����,而test2在BE2
[root@localhost ~]# for i in {1..10};do curl http://172.18.200.100/test1.html;done
Test Page 1 (BE 1)
Test Page 1 (BE 1)
Test Page 1 (BE 1)
Test Page 1 (BE 1)
Test Page 1 (BE 1)
Test Page 1 (BE 1)
Test Page 1 (BE 1)
Test Page 1 (BE 1)
Test Page 1 (BE 1)
Test Page 1 (BE 1)
[root@localhost ~]# for i in {1..10};do curl http://172.18.200.100/test2.html;done
Test Page 2 (BE 1)
Test Page 2 (BE 1)
Test Page 2 (BE 1)
Test Page 2 (BE 1)
Test Page 2 (BE 1)
Test Page 2 (BE 1)
Test Page 2 (BE 1)
Test Page 2 (BE 1)
Test Page 2 (BE 1)
Test Page 2 (BE 1)
因此得出結(jié)論和綁定的客戶端沒關(guān)系�,只和綁定的uri有關(guān)系,因此能夠極大的提高緩存命中率
實(shí)驗(yàn)1.6采用roundrobin調(diào)度規(guī)則���,且增加權(quán)重 進(jìn)行測試
編輯haproxy.cfg
backend websrvs
balance roundrobin
server srv1 172.18.10.10:80 check weigth 2
server srv2 172.18.10.11:80 check weigth 1
hash-type consistent
保存并退出
重啟服務(wù)
[root@localhost haproxy]# service haproxy restart
Stopping haproxy: [ OK ]
Starting haproxy: [ OK ]
在客戶端訪問同一個(gè)URL
[root@localhost ~]# for i in {1..10};do curl http://172.18.200.100/test5.html;done
Test Page 5 (BE 2)
Test Page 5 (BE 1)
Test Page 5 (BE 1)
Test Page 5 (BE 2)
Test Page 5 (BE 1)
Test Page 5 (BE 1)
Test Page 5 (BE 2)
Test Page 5 (BE 1)
Test Page 5 (BE 1)
Test Page 5 (BE 2)
將其中一個(gè)服務(wù)器下線����,等3秒 實(shí)現(xiàn)fall (默認(rèn)三秒)
[root@localhost ~]# for i in {1..10};do curl http://172.18.200.100/test5.html;done
Test Page 5 (BE 1)
Test Page 5 (BE 1)
Test Page 5 (BE 1)
Test Page 5 (BE 1)
Test Page 5 (BE 1)
Test Page 5 (BE 1)
Test Page 5 (BE 1)
Test Page 5 (BE 1)
Test Page 5 (BE 1)
Test Page 5 (BE 1)
再將下線的服務(wù)器上線,等2秒�����,實(shí)現(xiàn)rise (默認(rèn)兩秒)恢復(fù)輪詢
[root@localhost ~]# for i in {1..10};do curl http://172.18.200.100/test5.html;done
Test Page 5 (BE 1)
Test Page 5 (BE 1)
Test Page 5 (BE 2)
Test Page 5 (BE 1)
Test Page 5 (BE 1)
Test Page 5 (BE 2)
Test Page 5 (BE 1)
Test Page 5 (BE 1)
Test Page 5 (BE 2)
Test Page 5 (BE 1)
結(jié)論:實(shí)現(xiàn)健康狀態(tài)檢查
也可以自己設(shè)置 check inter(時(shí)間間隔) rise 次數(shù) fall 次數(shù) 和 maxconn(最大并發(fā)連接數(shù))�����、 以及backlog(后援隊(duì)列不指定值的話����,就用maxconn的值代替),如下所示
backend websrvs
balance roundrobin
server srv1 172.18.10.10:80 check inter 1000 rise 1 fall 2 maxconn 2000 weight 2
server srv2 172.18.10.11:80 check weight 1
hash-type consistent
實(shí)驗(yàn)1.7�����,將第一個(gè)后端主機(jī)標(biāo)記為backup或者disabled�,在第二個(gè)后端主機(jī)上使用redir重定向到百度的url上去
backend websrvs
balance roundrobin
server srv1 172.18.10.10:80 check inter 1000 rise 1 fall 2 maxconn 2000 weight 2 disabled
server srv2 172.18.10.11:80 check weight 1 redir http://www.baidu.com/
hash-type consistent
訪問172.18.200.100.頁面跳轉(zhuǎn)至百度主頁
實(shí)驗(yàn)1.8 開啟haproxy stats 頁面,并且調(diào)試各參數(shù)
開啟stats頁面���,在backend 配置段添加 stats enable
backend websrvs
balance roundrobin
server srv1 172.18.10.10:80 check inter 1000 rise 1 fall 2 maxconn 2000 weight 2 backup
server srv2 172.18.10.11:80 check weight 1 redir http://www.baidu.com/
hash-type consistent
stats enable
重啟服務(wù)
這樣便開啟了stats頁面
其中stats頁面是有默認(rèn)值的�,默認(rèn)值如下
- stats uri : /haproxy?stats
- stats realm : "HAProxy Statistics"
- stats auth : no authentication
- stats scope : no restriction
在瀏覽器輸入http://172.18.200.100/haproxy?stats����,則登錄狀態(tài)頁面顯示
修改stats uri的默認(rèn)值
frontend web
bind *:80
default_backend websrvs
stats enable
stats uri /haadim?admin
backend websrvs
balance roundrobin
server srv1 172.18.10.10:80 check inter 1000 rise 1 fall 2 maxconn 2000 weight 2
server srv2 172.18.10.11:80 check weight 1
hash-type consistent
保存退出重啟服務(wù)
在瀏覽器輸入http://172.18.200.100/haadmin?admin,才能再次顯示狀態(tài)頁面
實(shí)驗(yàn)1.9 為stats頁面添加用戶名密碼訪問認(rèn)證
frontend web
bind *:80
default_backend websrvs
stats enable
stats uri /haadmin?admin
stats realm "Stats\ Web" ##(提示標(biāo)題)
stats auth admin1:admin1
stats auth admin2:admin2
stats auth admin3:admin3
保存退出并重啟服務(wù)
在瀏覽器輸入http://172.18.200.100/haadmin?admin��,需要輸入用戶名和密碼才能使用
而且可以啟用登錄用戶管理
frontend web
bind *:80
default_backend websrvs
stats enable
stats uri /haadmin?admin
stats realm "Stats\ Web"
stats auth admin1:admin1
stats auth admin2:admin2
stats auth admin3:admin3
stats admin if TRUE
表示如果驗(yàn)證成功�,就可以一直設(shè)置相應(yīng)的參數(shù)
保存,并且退出
重啟haproxy服務(wù)
刷新剛才的頁面��,則會現(xiàn)在后端的模塊下面顯示可操作的會話框
Choose the action to perform on the checked servers : Apply
在Apply的下拉框中會有許多選項(xiàng)�����,可以控制后端的服務(wù)器狀態(tài)
也可以直接專門定義一個(gè)端口���,讓stats監(jiān)聽在一個(gè)端口上�����,以后只能通過該端口訪問stats頁面
frontend web
bind *:80
default_backend websrvs
listen stats :10086
stats enable
stats uri /haadmin?admin
stats realm "Stats\ Web"
stats auth admin1:admin1
stats auth admin2:admin2
stats auth admin3:admin3
stats admin if TRUE
在瀏覽器輸入http://172.18.200.100:10086/haadmin?admin 通過用戶驗(yàn)證�,訪問
還可以隱藏haproxy版本信息
stats hide-version
還可以自動刷新��,以及顯示具體信息
stats refresh
stats show-desc
stats show-legends
stats show-node
實(shí)驗(yàn)2.0,顯示前端最大連接數(shù)maxconn
frontend web
bind *:80
maxconn 4000
default_backend websrvs
實(shí)驗(yàn)2.1����,代理ssh服務(wù) 實(shí)現(xiàn)mode tcp模式的驗(yàn)證
backend app
balance roundrobin
server app1 127.0.0.1:5001 check
server app2 127.0.0.1:5002 check
server app3 127.0.0.1:5003 check
server app4 127.0.0.1:5004 check
listen sshsrvs :10088
mode tcp
maxconn 20
balance leastconn
server sshsrv1 172.18.10.10:22 check
server sshsrv2 172.18.10.11:22 check
在客戶端使用[root@localhost ~]# ssh -p 10088 root@172.18.200.100
刷新頁面
發(fā)現(xiàn)在頁面中sshsrvs欄中,sshsrv1頁面有連接處理顯示�,說明代理成功
實(shí)驗(yàn)2.2����,代理mysql�����,實(shí)現(xiàn)mode tcp模式的驗(yàn)證
listen sshsrvs :3306
mode tcp
maxconn 20
balance leastconn
server sshsrv1 172.18.10.10:3306 check
server sshsrv2 172.18.10.11:3306 check
查看端口是否監(jiān)聽
[root@localhost haproxy]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:10086 *:*
LISTEN 0 20 *:3306 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 100 127.0.0.1:25
在客戶端測試連接mysql
[root@localhost ~]# mysql -utest -ptestpass -h272.18.200.100
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.1.73 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
結(jié)論:代理成功 ,實(shí)現(xiàn)mode tcp模式的驗(yàn)證
實(shí)驗(yàn)2.3 實(shí)現(xiàn)基于ookie的粘性處理�����,即基于cookie的session sticky的實(shí)現(xiàn):
backend websrvs
balance roundrobin
cookie WEBSRV insert nocache indirect
server srv1 172.18.10.10:80 check cookie web1
server srv2 172.18.10.11:80 check cookie web2
hash-type consistent
使用瀏覽器訪問http://172.18.200.100/��,開啟F12�,查看瀏覽器記錄的Request Headers,如下
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,p_w_picpath/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, sdch
Accept-Language:zh-CN,zh;q=0.8
Authorization:Basic YWRtaW4zOmFkbWluMw==
Cache-Control:max-age=0
Connection:keep-alive
Cookie:WEBSRV=web1
Host:172.18.200.100
If-Modified-Since:Wed, 03 May 2017 06:23:57 GMT
If-None-Match:"1e0599-27-54e98b3828057"
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36
可以看出Cookie:WEBSRV=web1��,已經(jīng)基于cookie黏性綁定web1服務(wù)器�,因此再次不敢訪問多少次都是web1
實(shí)驗(yàn)2.4 實(shí)現(xiàn)option forward發(fā)往后端主機(jī)的請求報(bào)文中添加“X-Forwarded-For”首部
首先進(jìn)入后端服務(wù)器,修改httpd關(guān)于日志段的配置
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
從啟httpd服務(wù)���,再次在客戶端訪問
[root@localhost ~]# for i in {1..10};do curl http://172.18.200.100/index.html;done
Backend Server 1 172.18.10.10
Backend Server 2 172.18.10.11
Backend Server 1 172.18.10.10
Backend Server 2 172.18.10.11
Backend Server 1 172.18.10.10
Backend Server 2 172.18.10.11
Backend Server 1 172.18.10.10
Backend Server 2 172.18.10.11
Backend Server 1 172.18.10.10
Backend Server 2 172.18.10.11
并查看訪問日志����,
[root@localhost ~]# tail /var/log/httpd/access_log
172.18.249.57 - - [10/May/2017:08:08:22 +0800] "GET /index.html HTTP/1.1" 200 39 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh3/1.4.2"
172.18.249.57 - - [10/May/2017:08:08:22 +0800] "GET /index.html HTTP/1.1" 200 39 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh3/1.4.2"
則在日志中會顯示真實(shí)訪問的客戶端地址
實(shí)驗(yàn)2.5 實(shí)現(xiàn)rspadd [{if | unless} ] 向響應(yīng)報(bào)文首部添加一個(gè)指定的首部
frontend web
bind *:80
rsadd X-Via:\ HAProxy
maxconn 4000
default_backend websrvs
從啟haproxy服務(wù)
刷新瀏覽器
在響應(yīng)報(bào)文首部發(fā)現(xiàn)添加的指定首部
Response Headers
Date:Wed, 03 May 2017 16:24:04 GMT
ETag:"1e0599-27-54e98b3828057"
Server:Apache/2.2.15 (CentOS)
Vary:Accept-Encoding
X-Via:HAProxy
實(shí)驗(yàn)2.6 實(shí)現(xiàn)rspidel [{if | unless} ] (ignore case) 不區(qū)分大小寫
frontend web
bind *:80
rspadd X-Via:\ HAProxy
rspidel Server.*
maxconn 4000
default_backend websrvs
Date:Wed, 03 May 2017 16:28:59 GMT
ETag:"1e0599-27-54e98b3828057"
Vary:Accept-Encoding
X-Via:HAProxy
對比之前����,server已經(jīng)被刪除
實(shí)驗(yàn)2.7 log
[root@localhost haproxy]# tail /var/log/haproxy.log
May 10 12:46:47 localhost haproxy[6628]: 172.18.254.240:59220 [10/May/2017:12:46:47.769] web websrvs/srv1 0/0/0/1/1 304 173 - - --VN 1/1/0/1/0 0/0 "GET / HTTP/1.1"
實(shí)驗(yàn)2.8 實(shí)現(xiàn)內(nèi)容 類型壓縮compression
frontend web
bind *:80
rspadd X-Via:\ HAProxy
rspidel Server.*
maxconn 4000
default_backend websrvs
compression type text/html
compression algo gzip
瀏覽器訪問http://172.18.200.100/test12.html
在響應(yīng)報(bào)文首部response headers
Accept-Ranges:bytes
Content-Encoding:gzip
Content-Length:40
Content-Type:text/html; charset=UTF-8
Date:Wed, 03 May 2017 16:46:10 GMT
ETag:"1e059d-14-54e9c272c1b5f"
Last-Modified:Wed, 03 May 2017 10:31:02 GMT
Vary:Accept-Encoding
X-Via:HAProxy
發(fā)現(xiàn)內(nèi)容壓縮����,且格式為gzip
實(shí)驗(yàn)2.9 對后端服務(wù)器http協(xié)議的健康狀態(tài)監(jiān)測
backend websrvs
balance roundrobin
cookie WEBSRV insert nocache indirect
server srv1 172.18.10.10:80 check cookie web1
server srv2 172.18.10.11:80 check cookie web2
option httpchk /test20.html
hash-type consistent
在stats頁面可以查看�,正常通過檢測
實(shí)驗(yàn)3.0 http-check檢測
backend websrvs
balance roundrobin
cookie WEBSRV insert nocache indirect
server srv1 172.18.10.10:80 check cookie web1
server srv2 172.18.10.11:80 check cookie web2
option httpchk /test20.html
http-check expect rstatus ^2
hash-type consistent
在stats頁面可以查看���,正常通過檢測
實(shí)驗(yàn)3.1 實(shí)現(xiàn)基于acl的各種訪問控制
acl只檢查不控制����,控制還需其他條件實(shí)現(xiàn)
acl要先配置���,再調(diào)用
frontend web
acl invalid_src src 172.18.254.240
block if invalid_src
保存退出重啟服務(wù)��,使用瀏覽器訪問http://172.18.200.100/
403 Forbidden
Request forbidden by administrative rules.
客戶端地址正好為172.18.254.240���,因此訪問被拒絕
而且403頁面可以重定向到我們自己定義的錯(cuò)誤頁面去,操作如下
[root@localhost haproxy]# mkdir /etc/haproxy/errorfiles
[root@localhost haproxy]# vim /etc/haproxy/errorfiles/403.html
OoOo,VIP Source
編輯haproxy配置文件
frontend web
acl invalid_src src 172.18.254.240
block if invalid_src
errorfile 403 /etc/haproxy/errorfiles/403.html
保存退出����,并重啟haproxy服務(wù)
使用瀏覽器訪問http://172.18.200.100/,顯示內(nèi)容如下
OoOo,VIP Source
或者使用errorloc重定向uri到百度
frontend web
acl invalid_src src 172.18.254.240
block if invalid_src
errorloc 403 http://www.baidu.com
使用瀏覽器訪問http://172.18.200.100/�����,顯示內(nèi)容如下
百度主頁。����。。����。。
如果acl是 curl_agent����,則使用如下的服務(wù)器172.18.10.11:8080
frontend web
acl invalid_src src 172.18.254.240
block if invalid_src
errorloc 403 http://www.baidu.com
acl curl_agent hdr_sub(User-Agent) -i curl
use_backend curlbe if curl_agent
bind *:80
rspadd X-Via:\ HAProxy
rspidel Server.*
maxconn 4000
default_backend websrvs
compression type text/html
compression algo gzip
backend curlbe
balance roundrobin
server curlsrv1 172.18.249.57:80 check
并在后端172.18.249.57上開啟80端口
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
[root@localhost ~]# service httpd restart
打開瀏覽器,出輸入http://172.18.200.100:10086/haadmin?admin��,輸入用戶名和密碼驗(yàn)證
發(fā)現(xiàn)curlbe模塊正常運(yùn)行����,并且通過四層檢測
使用curl命令
[root@localhost ~]# curl http://172.18.249.57
Curl server 172.18.249.57
實(shí)驗(yàn)3.2實(shí)現(xiàn)簡單的動靜分離
在172.18.249.57端。使用yum安裝php
在將編輯index.php頁面
Curl server 172.18.249.57
phpinfo();
?>
使用瀏覽側(cè)訪問測試頁面�����,成功顯示php信息
在haproxy端配置haproxy.cfg文件�����。添加如下內(nèi)容
frontend web
# acl invalid_src src 172.18.254.240
# block if invalid_src
errorloc 403 http://www.baidu.com
# acl curl_agent hdr_sub(User-Agent) -i curl
# use_backend curlbe if curl_agent
acl phpapp path_end -i .php ##定義acl條件
use_backend dynsrvs if phpapp ##定義使用的后端服務(wù)標(biāo)識
bind *:80
rspadd X-Via:\ HAProxy
rspidel Server.*
maxconn 4000
default_backend websrvs
compression type text/html
compression algo gzip
#backend curlbe
# balance roundrobin
# server curlsrv1 172.18.249.57:80 check
backend dynsrvs ##定義后端的代理服務(wù)及標(biāo)識
balance source
server dynsrv1 172.18.249.57:80 check
保存并退出,重啟服務(wù)����,
使用瀏覽器分別訪問
http://172.18.200.100/index.php
Curl server 172.18.249.57
PHP Logo
PHP Version 5.3.3
http://172.18.200.100/test1.html
Test Page 1 (BE 1)
實(shí)現(xiàn)簡單的動靜分離
網(wǎng)站標(biāo)題:HAproxy實(shí)現(xiàn)從入門到進(jìn)階
網(wǎng)站地址:
http://weahome.cn/article/jgeehd.html
重慶分公司
重慶分公司
