编译安装HAProxy

① 要求最低lua版本为5.3的环境

  1. yum install -y lua;lua -v #要求HAProxy最低lua版本为5.3
  2. yum -y install gcc make openssl-devel pcre-devel systemd-devel

② 下载源码并编译安装

  1. wget https://www.haproxy.org/download/2.4/src/haproxy-2.4.9.tar.gz
  2. tar xvf haproxy-2.4.9.tar.gz -C /usr/local/src
  3. cd /usr/local/src/haproxy-2.4.9
  4. make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 #USE_LUA=1 LUA_INC=/usr/local/src/lua-5.3.5/src/ LUA_LIB=/usr/local/src/lua-5.3.5/src/
  5. make install PREFIX=/apps/haproxy
  6. ln -s /apps/haproxy/sbin/haproxy /usr/sbin/

③ 准备service启动文件

  1. vim /usr/lib/systemd/system/haproxy.service
  2. [Unit]
  3. Description=HAProxy Load Balancer
  4. After=syslog.target network.target
  5. [Service]
  6. ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
  7. ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
  8. ExecReload=/bin/kill -USR2 $MAINPID
  9. LimitNOFILE=100000
  10. [Install]
  11. WantedBy=multi-user.target

④ 创建配置文件

  1. vim /etc/haproxy/haproxy.cfg
  2. global
  3. maxconn 100000
  4. chroot /apps/haproxy
  5. stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
  6. #uid 99
  7. #gid 99
  8. user haproxy
  9. group haproxy
  10. daemon
  11. #nbproc 4
  12. #cpu-map 1 0
  13. #cpu-map 2 1
  14. #cpu-map 3 2
  15. #cpu-map 4 3
  16. pidfile /var/lib/haproxy/haproxy.pid
  17. log 127.0.0.1 local2 info
  18. defaults
  19. option http-keep-alive
  20. option forwardfor
  21. maxconn 100000
  22. mode http
  23. timeout connect 300000ms
  24. timeout client 300000ms
  25. timeout server 300000ms
  26. listen stats
  27. mode http
  28. bind 0.0.0.0:9999
  29. stats enable
  30. log global
  31. stats uri /haproxy-status
  32. stats auth haadmin:123456
  33. listen web_port
  34. bind 10.0.0.28:80
  35. mode http
  36. log global
  37. server web1 10.0.0.7:80 check inter 3000 fall 2 rise 5
  38. server web2 10.0.0.17:80 check inter 3000 fall 2 rise 5
  39. redirect prefix http://www.baidu.com/ #重定向
  40. server backup 127.0.0.1:80 backup

⑤ 启动

  1. mkdir /var/lib/haproxy #准备socket文件目录
  2. useradd -r -s /sbin/nologin -d /var/lib/haproxy haproxy #设置用户和目录权限
  3. systemctl enable --now haproxy
  4. web访问:http://10.0.0.28:9999/haproxy-status

日志配置

失败嘞!

  1. HAProxy配置,在global配置项定义
  2. log 127.0.0.1 local{1-7} info #基于syslog记录日志到指定设备
  3. log 10.0.0.8 local2 info
  4. listen web_port
  5. bind 127.0.0.1:80
  6. mode http
  7. log global #开启当前web_port的日志功能,默认不记录日志
  8. server web1 127.0.0.1:8080 check inter 3000 fall 2 rise 5
  9. systemctl restart haproxy
  1. Rsyslog配置
  2. vim /etc/rsyslog.conf
  3. $ModLoad imudp
  4. $UDPServerRun 514
  5. ......
  6. local3.* /var/log/haproxy.log
  7. systemctl restart rsyslog

配置 frontend+backend

  1. frontend WEB_PORT_80
  2. bind 10.0.0.28:80
  3. mode http
  4. use_backend web_prot_http_nodes
  5. backend web_prot_http_nodes
  6. mode http
  7. option forwardfor
  8. server 10.0.0.7 10.0.0.7:80 check inter 3000 fall 3 rise 5
  9. server 10.0.0.17 10.0.0.17:80 check inter 3000 fall 3 rise 5
  10. redirect prefix http://www.baidu.com/ #重定向

使用子配置

子配置文件的文件后缀必须为.cfg

  1. mkdir /etc/haproxy/conf.d/
  2. vim /lib/systemd/system/haproxy.service
  3. [Unit]
  4. Description=HAProxy Load Balancer
  5. After=syslog.target network.target
  6. [Service] #修改下面两行
  7. ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf.d/ -c -q
  8. ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf.d/ -p /var/lib/haproxy/haproxy.pid
  9. ExecReload=/bin/kill -USR2 $MAINPID
  10. [Install]
  11. WantedBy=multi-user.target
  12. 创建子配置文件,注意:必须为cfg后缀非.开头的配置文件
  13. vim /etc/haproxy/conf.d/test.cfg
  14. systemctl daemon-reload
  15. systemctl restart haproxy

调度算法——socat

  1. echo "help"|socat stdio /var/lib/haproxy/haproxy.sock
  2. echo "get weight web_port/web1"|socat stdio /var/lib/haproxy/haproxy.sock
  3. echo "set weight web_port/web1 0"|socat stdio /var/lib/haproxy/haproxy.sock (改权重为0,实现优雅下线)

静态(static-rr, first)

balance static-rr
balance first

动态(roundrobin, leastconn, random)

balance roundrobin
balance leastconn
balance random

其他(source,uri,url_param,hdr,rdp-cookie)

source (map-based, consistent)

 balance source
 hash-type map-based 
 #不支持动态调整权重值,只能动态上线和下线

 balance source
 hash-type consistent
 #一致性哈希,当服务器的总权重发生变化时,对调度结果影响是局部的,不会引起大的变动;该hash算法是动态的

uri

 balance uri
 hash-type consistent

url_param

balance url_param userid
hash-type consistent

hdr

 balance hdr(User-Agent)
 hash-type consistent

rdp-cookie(基于windows)

 balance rdp-cookie
 hash-type consistent
基于iptables实现RDP协议转发,必须开启ip转发功能: net.ipv4.ip_forward = 1

#客户端和Windows在不同网段需要下面命令,注意后端服务器需要将iptables主机配置为网关
iptables -t nat -A PREROUTING -d 172.16.0.100 -p tcp --dport 3389 -j DNAT --to-destination 10.0.0.200:3389

#客户端和Windows在同一网段需要再执行下面命令
iptables -t nat -A PREROUTING -d 10.0.0.8 -p tcp --dport 3389 -j DNAT --to-destination 10.0.0.200:3389
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j SNAT --to-source 10.0.0.8

报错

报错1:HAProxy后启动报错“cannot bind UNIX socket [/var/run/haproxy/admin.sock]”
解决:
mkdir  /var/run/haproxy/
touch /var/run/haproxy/admin.sock