编译安装HAProxy
① 要求最低lua版本为5.3的环境
yum install -y lua;lua -v #要求HAProxy最低lua版本为5.3
yum -y install gcc make openssl-devel pcre-devel systemd-devel
② 下载源码并编译安装
wget https://www.haproxy.org/download/2.4/src/haproxy-2.4.9.tar.gz
tar xvf haproxy-2.4.9.tar.gz -C /usr/local/src
cd /usr/local/src/haproxy-2.4.9
make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 #USE_LUA=1 LUA_INC=/usr/local/src/lua-5.3.5/src/ LUA_LIB=/usr/local/src/lua-5.3.5/src/
make install PREFIX=/apps/haproxy
ln -s /apps/haproxy/sbin/haproxy /usr/sbin/
③ 准备service启动文件
vim /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
LimitNOFILE=100000
[Install]
WantedBy=multi-user.target
④ 创建配置文件
vim /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /apps/haproxy
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
#uid 99
#gid 99
user haproxy
group haproxy
daemon
#nbproc 4
#cpu-map 1 0
#cpu-map 2 1
#cpu-map 3 2
#cpu-map 4 3
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local2 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:123456
listen web_port
bind 10.0.0.28:80
mode http
log global
server web1 10.0.0.7:80 check inter 3000 fall 2 rise 5
server web2 10.0.0.17:80 check inter 3000 fall 2 rise 5
redirect prefix http://www.baidu.com/ #重定向
server backup 127.0.0.1:80 backup
⑤ 启动
mkdir /var/lib/haproxy #准备socket文件目录
useradd -r -s /sbin/nologin -d /var/lib/haproxy haproxy #设置用户和目录权限
systemctl enable --now haproxy
web访问:http://10.0.0.28:9999/haproxy-status
日志配置
失败嘞!
HAProxy配置,在global配置项定义
log 127.0.0.1 local{1-7} info #基于syslog记录日志到指定设备
log 10.0.0.8 local2 info
listen web_port
bind 127.0.0.1:80
mode http
log global #开启当前web_port的日志功能,默认不记录日志
server web1 127.0.0.1:8080 check inter 3000 fall 2 rise 5
systemctl restart haproxy
Rsyslog配置
vim /etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
......
local3.* /var/log/haproxy.log
systemctl restart rsyslog
配置 frontend+backend
frontend WEB_PORT_80
bind 10.0.0.28:80
mode http
use_backend web_prot_http_nodes
backend web_prot_http_nodes
mode http
option forwardfor
server 10.0.0.7 10.0.0.7:80 check inter 3000 fall 3 rise 5
server 10.0.0.17 10.0.0.17:80 check inter 3000 fall 3 rise 5
redirect prefix http://www.baidu.com/ #重定向
使用子配置
子配置文件的文件后缀必须为.cfg
mkdir /etc/haproxy/conf.d/
vim /lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service] #修改下面两行
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf.d/ -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf.d/ -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
创建子配置文件,注意:必须为cfg后缀非.开头的配置文件
vim /etc/haproxy/conf.d/test.cfg
systemctl daemon-reload
systemctl restart haproxy
调度算法——socat
echo "help"|socat stdio /var/lib/haproxy/haproxy.sock
echo "get weight web_port/web1"|socat stdio /var/lib/haproxy/haproxy.sock
echo "set weight web_port/web1 0"|socat stdio /var/lib/haproxy/haproxy.sock (改权重为0,实现优雅下线)
静态(static-rr, first)
balance static-rr
balance first
动态(roundrobin, leastconn, random)
balance roundrobin
balance leastconn
balance random
其他(source,uri,url_param,hdr,rdp-cookie)
source (map-based, consistent)
balance source
hash-type map-based
#不支持动态调整权重值,只能动态上线和下线
balance source
hash-type consistent
#一致性哈希,当服务器的总权重发生变化时,对调度结果影响是局部的,不会引起大的变动;该hash算法是动态的
uri
balance uri
hash-type consistent
url_param
balance url_param userid
hash-type consistent
hdr
balance hdr(User-Agent)
hash-type consistent
rdp-cookie(基于windows)
balance rdp-cookie
hash-type consistent
基于iptables实现RDP协议转发,必须开启ip转发功能: net.ipv4.ip_forward = 1
#客户端和Windows在不同网段需要下面命令,注意后端服务器需要将iptables主机配置为网关
iptables -t nat -A PREROUTING -d 172.16.0.100 -p tcp --dport 3389 -j DNAT --to-destination 10.0.0.200:3389
#客户端和Windows在同一网段需要再执行下面命令
iptables -t nat -A PREROUTING -d 10.0.0.8 -p tcp --dport 3389 -j DNAT --to-destination 10.0.0.200:3389
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j SNAT --to-source 10.0.0.8
报错
报错1:HAProxy后启动报错“cannot bind UNIX socket [/var/run/haproxy/admin.sock]”
解决:
mkdir /var/run/haproxy/
touch /var/run/haproxy/admin.sock