51-高性能负载均衡应用Haproxy-安装及配置案例
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了51-高性能负载均衡应用Haproxy-安装及配置案例相关的知识,希望对你有一定的参考价值。
负载均衡类型
四层:
- LVS:Linux Virtual Server
- nginx:1.9版之后
- HAProxy:High Availability Proxy
七层:
- HAProxy
- Nginx
应用场景
HAProxy
介绍:
- HAProxy是法国开发者威利塔罗(Willy Tarreau) 在2000年使用C语言开发的一个开源软件,是一款具备高并发(一万以上)、高性能的TCP和HTTP负载均衡器,支持基于cookie的持久性,自动故障切换,支持正则表达式及web状态统计
#社区版:
社区版网站:http://www.haproxy.org/
github:https://github.com/haproxy
支持功能:
TCP 和 HTTP反向代理
支持http反向代理
支持动态程序的反向代理
支持基于数据库的反向代理
SSL/TSL服务器
可以针对HTTP请求添加cookie,进行路由后端服务器
可平衡负载至后端服务器,并支持持久连接
支持所有主服务器故障切换至备用服务器
支持专用端口实现监控服务
支持停止接受新连接请求,而不影响现有连接
可以在双向添加,修改或删除HTTP报文首部
响应报文压缩
支持基于pattern实现连接请求的访问控制
通过特定的URI为授权用户提供详细的状态信息
不具备的功能:
正向代理--squid,nginx
缓存代理--varnish
web服务--nginx、tengine、apache、php、tomcat
UDP--目前不支持UDP协议
单机性能--相比LVS性能较差
HAProxy 安装
- 解决 lua 环境
有的环境比较老旧,编译安装haproxy依赖lua,准备一下
案例:
#安装基础命令及编译依赖环境
[root@ubuntu2204 ~]#apt install gcc make libssl-dev libpcre3 libpcre3-dev zlib1g-dev libreadline-dev libsystemd-dev
[root@ubuntu2204 src]#wget http://www.lua.org/ftp/lua-5.4.4.tar.gz
[root@ubuntu2204 src]#ll
总用量 364
drwxr-xr-x 2 root root 4096 1月 16 11:50 ./
drwxr-xr-x 10 root root 4096 8月 9 19:53 ../
-rw-r--r-- 1 root root 360876 1月 16 11:50 lua-5.4.4.tar.gz
[root@ubuntu2204 src]#tar xvf lua-5.4.4.tar.gz
lua-5.4.4/
lua-5.4.4/Makefile
lua-5.4.4/doc/
lua-5.4.4/doc/luac.1
lua-5.4.4/doc/manual.html
lua-5.4.4/doc/manual.css
lua-5.4.4/doc/contents.html
lua-5.4.4/doc/lua.css
lua-5.4.4/doc/osi-certified-72x60.png
lua-5.4.4/doc/logo.gif
lua-5.4.4/doc/lua.1
lua-5.4.4/doc/index.css
lua-5.4.4/doc/readme.html
lua-5.4.4/src/
lua-5.4.4/src/ldblib.c
lua-5.4.4/src/lmathlib.c
lua-5.4.4/src/loslib.c
lua-5.4.4/src/lvm.c
lua-5.4.4/src/ldo.h
lua-5.4.4/src/lua.h
lua-5.4.4/src/lgc.h
lua-5.4.4/src/ltm.h
lua-5.4.4/src/loadlib.c
lua-5.4.4/src/lmem.c
lua-5.4.4/src/lstate.h
lua-5.4.4/src/Makefile
lua-5.4.4/src/lzio.h
lua-5.4.4/src/luaconf.h
lua-5.4.4/src/lopcodes.c
lua-5.4.4/src/lua.c
lua-5.4.4/src/lundump.h
lua-5.4.4/src/ljumptab.h
lua-5.4.4/src/lbaselib.c
lua-5.4.4/src/ltable.c
lua-5.4.4/src/ldump.c
lua-5.4.4/src/liolib.c
lua-5.4.4/src/llimits.h
lua-5.4.4/src/lfunc.h
lua-5.4.4/src/lualib.h
lua-5.4.4/src/lzio.c
lua-5.4.4/src/lopnames.h
lua-5.4.4/src/lctype.c
lua-5.4.4/src/lmem.h
lua-5.4.4/src/llex.h
lua-5.4.4/src/ltable.h
lua-5.4.4/src/lstring.c
lua-5.4.4/src/ldebug.h
lua-5.4.4/src/lprefix.h
lua-5.4.4/src/llex.c
lua-5.4.4/src/linit.c
lua-5.4.4/src/lobject.h
lua-5.4.4/src/lapi.h
lua-5.4.4/src/ldebug.c
lua-5.4.4/src/ldo.c
lua-5.4.4/src/lvm.h
lua-5.4.4/src/lauxlib.c
lua-5.4.4/src/luac.c
lua-5.4.4/src/lctype.h
lua-5.4.4/src/lstring.h
lua-5.4.4/src/lcorolib.c
lua-5.4.4/src/lutf8lib.c
lua-5.4.4/src/lgc.c
lua-5.4.4/src/lstate.c
lua-5.4.4/src/lundump.c
lua-5.4.4/src/ltablib.c
lua-5.4.4/src/lauxlib.h
lua-5.4.4/src/ltm.c
lua-5.4.4/src/lparser.c
lua-5.4.4/src/lcode.h
lua-5.4.4/src/lobject.c
lua-5.4.4/src/lcode.c
lua-5.4.4/src/lopcodes.h
lua-5.4.4/src/lfunc.c
lua-5.4.4/src/lapi.c
lua-5.4.4/src/lparser.h
lua-5.4.4/src/lua.hpp
lua-5.4.4/src/lstrlib.c
lua-5.4.4/README
[root@ubuntu2204 src]#cd lua-5.4.4
[root@ubuntu2204 lua-5.4.4]#make linux test
make[1]: 进入目录“/usr/local/src/lua-5.4.4/src”
make all SYSCFLAGS="-DLUA_USE_LINUX" SYSLIBS="-Wl,-E -ldl"
make[2]: 进入目录“/usr/local/src/lua-5.4.4/src”
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lapi.o lapi.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c lcode.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lctype.o lctype.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o ldebug.o ldebug.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o ldo.o ldo.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o ldump.o ldump.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lfunc.o lfunc.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lgc.o lgc.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c llex.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lmem.o lmem.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lobject.o lobject.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lopcodes.o lopcodes.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c lparser.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lstate.o lstate.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lstring.o lstring.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o ltable.o ltable.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o ltm.o ltm.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lundump.o lundump.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lvm.o lvm.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lzio.o lzio.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lauxlib.o lauxlib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lbaselib.o lbaselib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lcorolib.o lcorolib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o ldblib.o ldblib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o liolib.o liolib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lmathlib.o lmathlib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o loadlib.o loadlib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o loslib.o loslib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lstrlib.o lstrlib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o ltablib.o ltablib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lutf8lib.o lutf8lib.c
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o linit.o linit.c
ar rcu liblua.a lapi.o lcode.o lctype.o ldebug.o ldo.o ldump.o lfunc.o lgc.o llex.o lmem.o lobject.o lopcodes.o lparser.o lstate.o lstring.o ltable.o ltm.o lundump.o lvm.o lzio.o lauxlib.o lbaselib.o lcorolib.o ldblib.o liolib.o lmathlib.o loadlib.o loslib.o lstrlib.o ltablib.o lutf8lib.o linit.o
ar: `u 修饰符被忽略,因为 `D 为默认(参见 `U)
ranlib liblua.a
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o lua.o lua.c
gcc -std=gnu99 -o lua lua.o liblua.a -lm -Wl,-E -ldl
gcc -std=gnu99 -O2 -Wall -Wextra -DLUA_COMPAT_5_3 -DLUA_USE_LINUX -c -o luac.o luac.c
gcc -std=gnu99 -o luac luac.o liblua.a -lm -Wl,-E -ldl
make[2]: 离开目录“/usr/local/src/lua-5.4.4/src”
make[1]: 离开目录“/usr/local/src/lua-5.4.4/src”
make[1]: 进入目录“/usr/local/src/lua-5.4.4/src”
./lua -v
Lua 5.4.4 Copyright (C) 1994-2022 Lua.org, PUC-Rio
make[1]: 离开目录“/usr/local/src/lua-5.4.4/src”
[root@ubuntu2204 lua-5.4.4]#./src/lua -v
Lua 5.4.4 Copyright (C) 1994-2022 Lua.org, PUC-Rio
- 编译安装HAProxy
[root@ubuntu2204 src]#wget http://www.haproxy.org/download/2.7/src/haproxy-2.7.1.tar.gz
[root@ubuntu2204 src]#tar xf haproxy-2.7.1.tar.gz
[root@ubuntu2204 src]#ls
haproxy-2.7.1 haproxy-2.7.1.tar.gz lua-5.4.4 lua-5.4.4.tar.gz
[root@ubuntu2204 src]#cd haproxy-2.7.1
#目录下有个INSTALL手册,可以参考
[root@ubuntu2204 haproxy-2.7.1]#ls
addons BRANCHES CONTRIBUTING doc include LICENSE Makefile reg-tests src tests VERSION
admin CHANGELOG dev examples INSTALL MAINTAINERS README scripts SUBVERS VERDATE
[root@ubuntu2204 haproxy-2.7.1]#cat INSTALL
Installation instructions for HAProxy
=====================================
HAProxy 2.7 is a stable version, which means that it will get fixes for bugs as
they are discovered till around Q1 2024 and should not receive new features.
This version is mostly suited at experienced users who are willing to quickly
follow updates. New users are encouraged to use long term supported versions
such as the ones provided by their software vendor or Linux distribution, as
such versions require far less common updates.
If for any reason youd prefer to use a different version than the one packaged
for your system, you want to be certain to have all the fixes or to get some
commercial support, other choices are available at http://www.haproxy.com/.
Areas covered in this document
==============================
1) Quick build & install
2) Basic principles
3) Build environment
4) Dependencies
5) Advanced build options
6) How to install HAProxy
1) Quick build & install
========================
If youve already built HAProxy and are just looking for a quick reminder, here
are a few build examples :
- recent Linux system with all options, make and install :
$ make clean
$ make -j $(nproc) TARGET=linux-glibc \\
USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1 USE_SYSTEMD=1
$ sudo make install
- FreeBSD and OpenBSD, build with all options :
$ gmake -j 4 TARGET=freebsd USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1
- embedded Linux, build using a cross-compiler :
$ make -j $(nproc) TARGET=linux-glibc USE_OPENSSL=1 USE_PCRE=1 \\
CC=/opt/cross/gcc730-arm/bin/gcc ADDLIB=-latomic
- Build with static PCRE on Solaris / UltraSPARC :
$ make TARGET=solaris CPU=ultrasparc USE_STATIC_PCRE=1
For more advanced build options or if a command above reports an error, please
read the following sections.
....
#参考INSTALL文件进行编译安装
[root@ubuntu2204 haproxy-2.7.1]#make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_LUA=1 LUA_INC=/usr/local/src/lua-5.4.4/src/ LUA_LIB=/usr/local/src/lua-5.4.4/src/
CC src/ev_poll.o
CC src/ev_epoll.o
CC src/cpuset.o
CC src/ssl_sock.o
CC src/ssl_ckch.o
CC src/ssl_sample.o
CC src/ssl_crtlist.o
CC src/cfgparse-ssl.o
CC src/ssl_utils.o
CC src/jwt.o
CC src/hlua.o
CC src/hlua_fcn.o
CC src/namespace.o
CC src/mux_h2.o
CC src/mux_fcgi.o
CC src/mux_h1.o
CC src/tcpcheck.o
CC src/stream.o
CC src/stats.o
CC src/http_ana.o
CC src/server.o
CC src/stick_table.o
CC src/sample.o
CC src/flt_spoe.o
CC src/tools.o
CC src/log.o
CC src/cfgparse.o
CC src/peers.o
CC src/backend.o
CC src/resolvers.o
CC src/cli.o
CC src/connection.o
CC src/proxy.o
CC src/http_htx.o
CC src/cfgparse-listen.o
CC src/pattern.o
CC src/check.o
CC src/haproxy.o
CC src/cache.o
CC src/stconn.o
CC src/http_act.o
CC src/http_fetch.o
CC src/http_client.o
CC src/listener.o
CC src/dns.o
CC src/vars.o
CC src/debug.o
CC src/tcp_rules.o
CC src/sink.o
CC src/h1_htx.o
CC src/task.o
CC src/mjson.o
CC src/h2.o
CC src/filters.o
CC src/server_state.o
CC src/payload.o
CC src/fcgi-app.o
CC src/map.o
CC src/htx.o
CC src/h1.o
CC src/pool.o
CC src/cfgparse-global.o
CC src/trace.o
CC src/tcp_sample.o
CC src/flt_http_comp.o
CC src/mux_pt.o
CC src/flt_trace.o
CC src/mqtt.o
CC src/acl.o
CC src/sock.o
CC src/mworker.o
CC src/tcp_act.o
CC src/ring.o
CC src/session.o
CC src/proto_tcp.o
CC src/fd.o
CC src/channel.o
CC src/activity.o
CC src/queue.o
CC src/lb_fas.o
CC src/http_rules.o
CC src/extcheck.o
CC src/flt_bwlim.o
CC src/thread.o
CC src/http.o
CC src/lb_chash.o
CC src/applet.o
CC src/compression.o
CC src/raw_sock.o
CC src/ncbuf.o
CC src/frontend.o
CC src/errors.o
CC src/uri_normalizer.o
CC src/http_conv.o
CC src/lb_fwrr.o
CC src/sha1.o
CC src/proto_sockpair.o
CC src/mailers.o
CC src/lb_fwlc.o
CC src/ebmbtree.o
CC src/cfgcond.o
CC src/action.o
CC src/xprt_handshake.o
CC src/protocol.o
CC src/proto_uxst.o
CC src/proto_udp.o
CC src/lb_map.o
CC src/fix.o
CC src/ev_select.o
CC src/arg.o
CC src/sock_inet.o
CC src/mworker-prog.o
CC src/hpack-dec.o
CC src/cfgparse-tcp.o
CC src/sock_unix.o
CC src/shctx.o
CC src/proto_uxdg.o
CC src/fcgi.o
CC src/eb64tree.o
CC src/clock.o
CC src/chunk.o
CC src/cfgdiag.o
CC src/signal.o
CC src/regex.o
CC src/lru.o
CC src/eb32tree.o
CC src/eb32sctree.o
CC src/cfgparse-unix.o
CC src/hpack-tbl.o
CC src/ebsttree.o
CC src/ebimtree.o
CC src/base64.o
CC src/auth.o
CC src/uri_auth.o
CC src/time.o
CC src/ebistree.o
CC src/dynbuf.o
CC src/wdt.o
CC src/pipe.o
CC src/init.o
CC src/http_acl.o
CC src/hpack-huff.o
CC src/hpack-enc.o
CC src/dict.o
CC src/freq_ctr.o
CC src/ebtree.o
CC src/hash.o
CC src/dgram.o
CC src/version.o
LD haproxy
CC dev/flags/flags.o
LD dev/flags/flags
[root@ubuntu2204 haproxy-2.7.1]#make install PREFIX=/apps/haproxy
[root@ubuntu2204 haproxy-2.7.1]#ln -s /apps/haproxy/sbin/haproxy /usr/sbin/
[root@ubuntu2204 haproxy-2.7.1]#tree /apps/haproxy/
/apps/haproxy/
├── doc
│ └── haproxy
│ ├── 51Degrees-device-detection.txt
│ ├── architecture.txt
│ ├── close-options.txt
│ ├── configuration.txt
│ ├── cookie-options.txt
│ ├── DeviceAtlas-device-detection.txt
│ ├── intro.txt
│ ├── linux-syn-cookies.txt
│ ├── lua.txt
│ ├── management.txt
│ ├── netscaler-client-ip-insertion-protocol.txt
│ ├── network-namespaces.txt
│ ├── peers.txt
│ ├── peers-v2.0.txt
│ ├── proxy-protocol.txt
│ ├── regression-testing.txt
│ ├── seamless_reload.txt
│ ├── SOCKS4.protocol.txt
│ ├── SPOE.txt
│ └── WURFL-device-detection.txt
├── sbin
│ └── haproxy
└── share
└── man
└── man1
└── haproxy.1
6 directories, 22 files
#验证HAProxy版本
[root@ubuntu2204 haproxy-2.7.1]#which haproxy
/usr/sbin/haproxy
[root@ubuntu2204 haproxy-2.7.1]#haproxy -v
HAProxy version 2.7.1-3e4af0e 2022/12/19 - https://haproxy.org/
Status: stable branch - will stop receiving fixes around Q1 2024.
Known bugs: http://www.haproxy.org/bugs/bugs-2.7.1.html
Running on: Linux 5.15.0-52-generic #58-Ubuntu SMP Thu Oct 13 08:03:55 UTC 2022 x86_64
- 准备 HAProxy service 文件
[root@ubuntu2204 haproxy-2.7.1]#vim /usr/lib/systemd/system/haproxy.service
[root@ubuntu2204 haproxy-2.7.1]#cat /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
LimitNOFILE=100000
[Install]
WantedBy=multi-user.target
[root@ubuntu2204 haproxy-2.7.1]#systemctl daemon-reload
[root@ubuntu2204 haproxy-2.7.1]#systemctl status haproxy
○ haproxy.service - HAProxy Load Balancer
Loaded: loaded (/lib/systemd/system/haproxy.service; disabled; vendor preset: enabled)
Active: inactive (dead)
- 准备配置文件
#查看配置文件范例
[root@ubuntu2204 haproxy-2.7.1]#tree examples/
examples/
├── basic-config-edge.cfg
├── content-sw-sample.cfg
├── errorfiles
│ ├── 400.http
│ ├── 403.http
│ ├── 408.http
│ ├── 500.http
│ ├── 502.http
│ ├── 503.http
│ ├── 504.http
│ └── README
├── haproxy.init
├── option-http_proxy.cfg
├── quick-test.cfg
├── socks4.cfg
├── transparent_proxy.cfg
└── wurfl-example.cfg
1 directory, 16 files
#创建自定义的配置文件
[root@ubuntu2204 haproxy-2.7.1]#cd
[root@ubuntu2204 ~]#mkdir /etc/haproxy
[root@ubuntu2204 ~]#vim /etc/haproxy/haproxy.cfg
[root@ubuntu2204 ~]#cat /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /apps/haproxy
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 99
gid 99
user haproxy
group haproxy
daemon
#nbproc 4
#cpu-map 1 0
#cpu-map 2 1
#cpu-map 3 2
#cpu-map 4 3
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local2 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:123456
listen web_port
bind 10.0.0.7:80
mode http
log global
server web1 127.0.0.1:8080 check inter 3000 fall 2 rise 5
#检查配置文件语法
[root@ubuntu2204 ~]#haproxy -c -f /etc/haproxy/haproxy.cfg
[NOTICE] (30016) : haproxy version is 2.7.1-3e4af0e
[NOTICE] (30016) : path to executable is /usr/sbin/haproxy
[ALERT] (30016) : config : parsing [/etc/haproxy/haproxy.cfg:7] : user/uid already specified. Continuing.
[ALERT] (30016) : config : parsing [/etc/haproxy/haproxy.cfg:8] : gid/group was already specified. Continuing.
Configuration file is valid
- 启动 haproxy
#准备socket文件目录
[root@ubuntu2204 ~]#mkdir /var/lib/haproxy
#设置用户和目录权限
[root@ubuntu2204 ~]#useradd -r -s /sbin/nologin -d /var/lib/haproxy haproxy
[root@ubuntu2204 ~]#systemctl enable --now haproxy
Created symlink /etc/systemd/system/multi-user.target.wants/haproxy.service → /lib/systemd/system/haproxy.service.
#验证 haproxy 状态
[root@ubuntu2204 ~]#systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
Loaded: loaded (/lib/systemd/system/haproxy.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2023-01-16 14:18:36 CST; 49s ago
Process: 2941 ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q (code=exited, status=0/SUCCESS)
Main PID: 2943 (haproxy)
Tasks: 3 (limit: 2196)
Memory: 23.3M
CPU: 235ms
CGroup: /system.slice/haproxy.service
├─2943 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
└─2946 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
1月 16 14:18:36 ubuntu2204.wang.org systemd[1]: Starting HAProxy Load Balancer...
1月 16 14:18:36 ubuntu2204.wang.org systemd[1]: Started HAProxy Load Balancer.
1月 16 14:18:36 ubuntu2204.wang.org haproxy[2943]: [NOTICE] (2943) : haproxy version is 2.7.1-3e4af0e
1月 16 14:18:36 ubuntu2204.wang.org haproxy[2943]: [NOTICE] (2943) : path to executable is /usr/sbin/haproxy
1月 16 14:18:36 ubuntu2204.wang.org haproxy[2943]: [ALERT] (2943) : config : parsing [/etc/haproxy/haproxy.cfg:8] : pidfile already specified. Continuing.
1月 16 14:18:36 ubuntu2204.wang.org haproxy[2943]: [NOTICE] (2943) : New worker (2946) forked
1月 16 14:18:36 ubuntu2204.wang.org haproxy[2943]: [NOTICE] (2943) : Loading success.
- 查看haproxy的状态页面
浏览器访问: http://haproxy-server:9999/haproxy-status
HAProxy 基础配置
配置文件官方帮助文档:
http://docs.haproxy.org/
*以下案例以下图架构为基础进行说明
HAProxy 的配置文件haproxy.cfg由两大部分组成,分别是global和proxies部分
- global:全局配置段
chroot #锁定运行目录
deamon #以守护进程运行
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin process 1
#socket文件,并可以通过此文件管理
user, group, uid, gid #运行haproxy的用户身份
#nbproc n #开启的haproxy worker 进程数,默认进程数是一个, nbproc从HAProxy2.5开始不再支持
nbthread 1 #和多进程 nbproc配置互斥(版本有关,CentOS8的haproxy1.8无此问题),指定每个haproxy进程开启的线程数,默认为每个进程一个线程
#如果同时启用nbproc和nbthread 会出现以下日志的错误,无法启动服务
Apr 7 14:46:23 haproxy haproxy: [ALERT] 097/144623 (1454) : config : cannotenable multiple processes if multiple threads are configured. Please use either nbproc or nbthread but not both.
#cpu-map 1 0 #绑定haproxy worker 进程至指定CPU,将第1个worker进程绑定至0号CPU
#cpu-map 2 1 #绑定haproxy worker 进程至指定CPU,将第2个worker进程绑定至1号CPU
cpu-map auto:1/1-8 0-7 #haproxy2.4中启用nbthreads,在global配置中添加此选项,可以进行线程和CPU的绑定,nbproc选项2.5版本中将会删除,每个进程中1-8个线程分别绑定0-7号CPU
maxconn n #每个haproxy进程的最大并发连接数
maxsslconn n #每个haproxy进程ssl最大连接数,用于haproxy配置了证书的场景下
maxconnrate n #每个进程每秒创建的最大连接数量
spread-checks n #后端server状态check随机提前或延迟百分比时间,建议2-5(20%-50%)之间,默认值0
pidfile #指定pid文件路径
log 127.0.0.1 local2 info #定义全局的syslog服务器;日志服务器需要开启UDP协议,最多可以定义两个
案例:多线程和CPU绑定
[root@haproxy ~]#cat /etc/haproxy/haproxy.cfg
global
maxconn 100000
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 99
gid 99
daemon
nbthread 4
cpu-map auto:1/1-4 0-3
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth admin:123456
#listen kubernetes-6443
# bind 192.168.10.100:6443
# mode tcp
# log global
# server 192.168.10.101 192.168.10.101:6443 check inter 3000 fall 2 rise 5
# server 192.168.10.102 192.168.10.102:6443 check inter 3000 fall 2 rise 5
# server 192.168.10.103 192.168.10.102:6443 check inter 3000 fall 2 rise 5
#语法检查
[root@haproxy ~]#haproxy -f /etc/haproxy/haproxy.cfg -c
Configuration file is valid
[root@haproxy ~]#apt install -y sysstat
[root@haproxy ~]#systemctl restart haproxy
[root@haproxy ~]#systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
Loaded: loaded (/lib/systemd/system/haproxy.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2023-01-16 18:15:08 CST; 2min 50s ago
Process: 758 ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q (code=exited, status=0/SUCCESS)
Main PID: 794 (haproxy)
Tasks: 5 (limit: 2196)
Memory: 24.4M
CPU: 319ms
CGroup: /system.slice/haproxy.service
├─794 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
└─798 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
1月 16 18:15:05 haproxy systemd[1]: Starting HAProxy Load Balancer...
1月 16 18:15:08 haproxy systemd[1]: Started HAProxy Load Balancer.
1月 16 18:15:08 haproxy haproxy[794]: [NOTICE] (794) : haproxy version is 2.7.1-3e4af0e
1月 16 18:15:08 haproxy haproxy[794]: [NOTICE] (794) : path to executable is /usr/sbin/haproxy
1月 16 18:15:08 haproxy haproxy[794]: [ALERT] (794) : config : parsing [/etc/haproxy/haproxy.cfg:10] : pidfile already specified. Continuing.
1月 16 18:15:08 haproxy haproxy[794]: [NOTICE] (794) : New worker (798) forked
1月 16 18:15:08 haproxy haproxy[794]: [NOTICE] (794) : Loading success.
[root@haproxy ~]#pidstat -p 798 -t
Linux 5.15.0-58-generic (haproxy) 2023年01月16日 _x86_64_ (4 CPU)
18时18分08秒 UID TGID TID %usr %system %guest %wait %CPU CPU Command
18时18分08秒 99 798 - 0.00 0.00 0.00 0.00 0.00 0 haproxy
18时18分08秒 99 - 798 0.00 0.00 0.00 0.00 0.00 0 |__haproxy
18时18分08秒 99 - 799 0.00 0.00 0.00 0.00 0.00 1 |__haproxy
18时18分08秒 99 - 800 0.00 0.00 0.00 0.00 0.00 2 |__haproxy
18时18分08秒 99 - 801 0.00 0.00 0.00 0.00 0.00 3 |__haproxy
案例:启动本地和远程日志 - 生产不建议,日志记录尽量在后端服务器上,减轻负载均衡机器的IO压力
#配置日志记录
[root@haproxy ~]#cat /etc/haproxy/haproxy.cfg
global
maxconn 100000
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 99
gid 99
daemon
nbthread 4
cpu-map auto:1/1-4 0-3
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info
log 10.0.0.202 local3 info
....
#开启514端口
[root@haproxy ~]#cat /etc/rsyslog.conf
# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
#module(load="immark") # provides --MARK-- message capability
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
....
$IncludeConfig /etc/rsyslog.d/*.conf
#追加日志文件路径到子配置目录下,127和202都一样
[root@haproxy ~]#cat /etc/rsyslog.d/50-default.conf
...
local3.* /var/log/haproxy.log
#测试访问http://haproxy-server:9999/haproxy-status查看日志生成
#127
[root@haproxy ~]#cat /var/log/haproxy.log
Jan 16 20:10:12 localhost haproxy[918]: Connect from 10.0.0.1:14730 to 10.0.0.200:9999 (stats/HTTP)
Jan 16 20:15:20 localhost haproxy[918]: Connect from 10.0.0.1:14756 to 10.0.0.200:9999 (stats/HTTP)
Jan 16 20:15:20 localhost haproxy[918]: Connect from 10.0.0.1:14762 to 10.0.0.200:9999 (stats/HTTP)
Jan 16 20:15:21 localhost haproxy[918]: Connect from 10.0.0.1:14766 to 10.0.0.200:9999 (stats/HTTP)
Jan 16 20:16:32 localhost haproxy[918]: Connect from 10.0.0.1:14781 to 10.0.0.200:9999 (stats/HTTP)
Jan 16 20:16:32 localhost haproxy[918]: Connect from 10.0.0.1:14782 to 以上是关于51-高性能负载均衡应用Haproxy-安装及配置案例的主要内容,如果未能解决你的问题,请参考以下文章高可用高性能负载均衡软件HAproxy详解指南-第二章(配置文件关键字ACL)
Web群集搭建——Haproxy(理论+搭建实操+配置文件详解及优化方案)