HAPROXY实战案例:https反向代理的实现TCP四层反向代理MariaDB及自定义错误页面
Posted njsummer
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了HAPROXY实战案例:https反向代理的实现TCP四层反向代理MariaDB及自定义错误页面相关的知识,希望对你有一定的参考价值。
内容说明:HAPROXY下https实现;HAPROXY四层代理MariaDB;自定义错误页面
1. 架构及说明
1 2台web服务器 :
主机名:WebServer-IP17
CentOS 7.9
IP:192.168.250.17
主机名:WebServer-IP27
CentOS 7.9
IP:192.168.250.27
2 2台 MariaDB 数据库服务器 :
主机名:MariaDB-IP37
CentOS 7.9
IP:192.168.250.37
主机名:MariaDB-IP47
CentOS 7.9
IP:192.168.250.47
3 1台 haproxy-ip07 服务器 :
主机名: haproxy-ip07
CentOS 7.9
IP:192.168.250.7/24
HAProxy version 2.4.15
socat version 1.7.4.3
4 2台client主机 :
主机名:Client-IP172-8
CentOS 8.4
IP:172.16.0.8/24 NAT成192.168.250.254 访问192.168.250.X网段
主机名:Client-IP192-68
CentOS 8.4
IP:192.168.250.68/24
WEB服务器环境准备
[root@webserver-ip17 <sub>]#yum -y install httpd;hostname > /var/www/html/indexTmp.html;hostname -I >> /var/www/html/indexTmp.html;cat /var/www/html/indexTmp.html | xargs > /var/www/html/index.html;rm -rf /var/www/html/indexTmp.html;systemctl enable --now httpd
[root@webserver-ip27 </sub>]#yum -y install httpd;hostname > /var/www/html/indexTmp.html;hostname -I >> /var/www/html/indexTmp.html;cat /var/www/html/indexTmp.html | xargs > /var/www/html/index.html;rm -rf /var/www/html/indexTmp.html;systemctl enable --now httpd
MariaDB数据库服务器准备
[root@mariadb-ip37 <sub>]# yum -y install mariadb-server
[root@mariadb-ip37 </sub>]# mysql -e grant all on *.* to test@"%.%.%.%" identified by "shone8888"
[root@mariadb-ip37 <sub>]# systemctl enable --now mariadb.service
[root@mariadb-ip47 <sub>]# yum -y install mariadb-server
[root@mariadb-ip47 </sub>]# mysql -e grant all on *.* to test@"%.%.%.%" identified by "shone8888"
[root@mariadb-ip47 <sub>]# systemctl enable --now mariadb.service
2. 实现TCP四层负载均衡代理MariaDB数据库
在四层负载设备中,把client发送的报文目标地址(原来是负载均衡设备的IP地址),根据均衡设备设置的选择web服务器的规则选择对应的web服务器IP地址,这样client就可以直接跟此服务器建立TCP连接并发送数据,而四层负载自身不参与建立连接,而和LVS不同,haproxy效率低些,因为haproxy需要分别和前端客户端及后端服务器建立连接。
[root@haproxy-ip07 <sub>]# cat /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /apps/haproxy
#stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
stats socket /var/lib/haproxy/haproxy.sock1 mode 600 level admin process 1
stats socket /var/lib/haproxy/haproxy.sock2 mode 600 level admin process 2
#uid 99
#gid 99
user haproxy
group haproxy
daemon
nbproc 2
cpu-map 1 0
cpu-map 2 1
#cpu-map 3 2
#cpu-map 4 3
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local2 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
######################## listen Single file ##############################
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:shone8888
######################## http + front + backend #############################
frontend WEB_PORT_80
bind 192.168.250.7:80
mode http
use_backend web_port_http_nodes
log global
backend web_port_http_nodes
mode http
#balance static-rr
option forwardfor
server web1 192.168.250.17:80 check inter 3000 fall 2 rise 5 weight 1
server web2 192.168.250.27:80 check inter 3000 fall 2 rise 5 weight 1
######################## listen SQL Singlefile ##############################
listen SQL_PORT_3306
bind 192.168.250.7:3306
mode tcp
log global
#balance static-rr
option forwardfor
server sql37 192.168.250.37:3306 check inter 3000 fall 2 rise 5 weight 2
server sql47 192.168.250.47:3306 check inter 3000 fall 2 rise 5 weight 1
[root@haproxy-ip07 </sub>]# systemctl restart haproxy.service
[root@haproxy-ip07 <sub>]# ss -tln
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 20480 192.168.250.7:3306 *:*
LISTEN 0 20480 *:9999 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 20480 192.168.250.7:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
[root@haproxy-ip07 </sub>]#
# 终端上都服务器的访问
[root@CentOS84-IP172-08 ]#while :;do mysql -utest -pshone8888 -h192.168.250.7 -e select @@hostname;sleep 1;done
+--------------+
| @@hostname |
+--------------+
| mariadb-ip37 |
+--------------+
+--------------+
| @@hostname |
+--------------+
| mariadb-ip37 |
+--------------+
+--------------+
| @@hostname |
+--------------+
| mariadb-ip47 |
+--------------+
+--------------+
| @@hostname |
+--------------+
| mariadb-ip37 |
+--------------+
+--------------+
| @@hostname |
+--------------+
| mariadb-ip37 |
+--------------+
+--------------+
| @@hostname |
+--------------+
| mariadb-ip37 |
+--------------+
+--------------+
| @@hostname |
+--------------+
| mariadb-ip37 |
+--------------+
+--------------+
| @@hostname |
+--------------+
| mariadb-ip47 |
+--------------+
+----------以上是关于HAPROXY实战案例:https反向代理的实现TCP四层反向代理MariaDB及自定义错误页面的主要内容,如果未能解决你的问题,请参考以下文章