HAProxy的高级配置选项-基于cookie实现的session保持实战案例
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
一.cookie功能概述
cookie <value>:
为当前server指定cookie值,实现基于cookie的会话黏性
cookie语法格式: cookie <name> [ rewrite | insert | prefix ] [ indirect ] [ nocache ] [ postonly ] [ preserve ] [ httponly ] [ secure ] [ domain <domain> ]* [ maxidle <idle> ] [ maxlife <life> ] 常用的参数如下所示:
<name>:
cookie名称,咱们自定义即可,用于实现持久连接 rewrite:
重写 insert:
插入 prefix:
前缀 nocache:
当client和hapoxy之间有缓存时,不缓存cookie
二.安装Apache httpd服务器
1>.试验架构说明
node102.yinzhengjie.org.cn:
Haproxy服务器
node105.yinzhengjie.org.cn:
测试服务器,模拟客户端
node106.yinzhengjie.org.cn:
Apache httpd服务器
node107.yinzhengjie.org.cn:
Apache httpd服务器
2>.虚拟机配置
[[email protected] ~]# uname -r
3.10.0-957.el7.x86_64
[[email protected] ~]#
[[email protected] ~]# uname -m
x86_64
[[email protected] ~]#
[[email protected] ~]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
[[email protected] ~]#
[[email protected] ~]# free -h
total used free shared buff/cache available
Mem: 1.8G 81M 1.6G 8.5M 122M 1.6G
Swap: 2.0G 0B 2.0G
[[email protected] ~]#
[[email protected] ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.30.1.101 node101.yinzhengjie.org.cn node101.yinzhengjie.com
172.30.1.102 node102.yinzhengjie.org.cn
172.30.1.103 node103.yinzhengjie.org.cn
172.30.1.104 node104.yinzhengjie.org.cn
172.30.1.105 node105.yinzhengjie.org.cn
172.30.1.106 node106.yinzhengjie.org.cn
172.30.1.107 node107.yinzhengjie.org.cn
172.30.1.108 node108.yinzhengjie.org.cn
[[email protected] ~]#
3>.安装httpd服务
[[email protected] ~]# yum -y install httpd
Loaded plugins: fastestmirror
Determining fastest mirrors
* base: mirror.bit.edu.cn
* extras: mirror.bit.edu.cn
* updates: mirror.bit.edu.cn
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/4): base/7/x86_64/group_gz | 165 kB 00:00:00
(2/4): extras/7/x86_64/primary_db | 153 kB 00:00:00
(3/4): base/7/x86_64/primary_db | 6.0 MB 00:00:01
(4/4): updates/7/x86_64/primary_db | 5.9 MB 00:00:02
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-90.el7.centos will be installed
--> Processing Dependency: httpd-tools = 2.4.6-90.el7.centos for package: httpd-2.4.6-90.el7.centos.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-90.el7.centos.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-90.el7.centos.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-5.el7 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package httpd-tools.x86_64 0:2.4.6-90.el7.centos will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================
Package Arch Version Repository Size
===========================================================================================================
Installing:
httpd x86_64 2.4.6-90.el7.centos base 2.7 M
Installing for dependencies:
apr x86_64 1.4.8-5.el7 base 103 k
apr-util x86_64 1.5.2-6.el7 base 92 k
httpd-tools x86_64 2.4.6-90.el7.centos base 91 k
Transaction Summary
===========================================================================================================
Install 1 Package (+3 Dependent packages)
Total download size: 3.0 M
Installed size: 9.9 M
Downloading packages:
(1/4): apr-1.4.8-5.el7.x86_64.rpm | 103 kB 00:00:00
(2/4): apr-util-1.5.2-6.el7.x86_64.rpm | 92 kB 00:00:00
(3/4): httpd-tools-2.4.6-90.el7.centos.x86_64.rpm | 91 kB 00:00:00
(4/4): httpd-2.4.6-90.el7.centos.x86_64.rpm | 2.7 MB 00:00:00
-----------------------------------------------------------------------------------------------------------
Total 3.7 MB/s | 3.0 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : apr-1.4.8-5.el7.x86_64 1/4
Installing : apr-util-1.5.2-6.el7.x86_64 2/4
Installing : httpd-tools-2.4.6-90.el7.centos.x86_64 3/4
Installing : httpd-2.4.6-90.el7.centos.x86_64 4/4
Verifying : apr-1.4.8-5.el7.x86_64 1/4
Verifying : httpd-tools-2.4.6-90.el7.centos.x86_64 2/4
Verifying : apr-util-1.5.2-6.el7.x86_64 3/4
Verifying : httpd-2.4.6-90.el7.centos.x86_64 4/4
Installed:
httpd.x86_64 0:2.4.6-90.el7.centos
Dependency Installed:
apr.x86_64 0:1.4.8-5.el7 apr-util.x86_64 0:1.5.2-6.el7 httpd-tools.x86_64 0:2.4.6-90.el7.centos
Complete!
[[email protected] ~]#
[[email protected] ~]# yum -y install httpd
Loaded plugins: fastestmirror
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.tuna.tsinghua.edu.cn
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/4): base/7/x86_64/group_gz | 165 kB 00:00:00
(2/4): extras/7/x86_64/primary_db | 153 kB 00:00:00
(3/4): updates/7/x86_64/primary_db | 5.9 MB 00:00:01
base/7/x86_64/primary_db FAILED ================================== ] 224 B/s | 7.3 MB 06:26:13 ETA
http://mirrors.nju.edu.cn/centos/7.7.1908/os/x86_64/repodata/04efe80d41ea3d94d36294f7107709d1c8f70db11e152d6ef562da344748581a-primary.sqlite.bz2: [Errno 12] Timeout on http
://mirrors.nju.edu.cn/centos/7.7.1908/os/x86_64/repodata/04efe80d41ea3d94d36294f7107709d1c8f70db11e152d6ef562da344748581a-primary.sqlite.bz2: (28, 'Operation too slow. Less than 1000 bytes/sec transferred the last 30 seconds')Trying other mirror.
(4/4): base/7/x86_64/primary_db | 6.0 MB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-90.el7.centos will be installed
--> Processing Dependency: httpd-tools = 2.4.6-90.el7.centos for package: httpd-2.4.6-90.el7.centos.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-90.el7.centos.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-90.el7.centos.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-5.el7 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package httpd-tools.x86_64 0:2.4.6-90.el7.centos will be installed
--> Finished Dependency Resolution
Dependencies Resolved
============================================================================================================================================================================
Package Arch Version Repository Size
============================================================================================================================================================================
Installing:
httpd x86_64 2.4.6-90.el7.centos base 2.7 M
Installing for dependencies:
apr x86_64 1.4.8-5.el7 base 103 k
apr-util x86_64 1.5.2-6.el7 base 92 k
httpd-tools x86_64 2.4.6-90.el7.centos base 91 k
Transaction Summary
============================================================================================================================================================================
Install 1 Package (+3 Dependent packages)
Total download size: 3.0 M
Installed size: 9.9 M
Downloading packages:
(1/4): apr-1.4.8-5.el7.x86_64.rpm | 103 kB 00:00:00
(2/4): apr-util-1.5.2-6.el7.x86_64.rpm | 92 kB 00:00:00
(3/4): httpd-tools-2.4.6-90.el7.centos.x86_64.rpm | 91 kB 00:00:00
(4/4): httpd-2.4.6-90.el7.centos.x86_64.rpm | 2.7 MB 00:00:01
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 1.8 MB/s | 3.0 MB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : apr-1.4.8-5.el7.x86_64 1/4
Installing : apr-util-1.5.2-6.el7.x86_64 2/4
Installing : httpd-tools-2.4.6-90.el7.centos.x86_64 3/4
Installing : httpd-2.4.6-90.el7.centos.x86_64 4/4
Verifying : apr-1.4.8-5.el7.x86_64 1/4
Verifying : httpd-tools-2.4.6-90.el7.centos.x86_64 2/4
Verifying : apr-util-1.5.2-6.el7.x86_64 3/4
Verifying : httpd-2.4.6-90.el7.centos.x86_64 4/4
Installed:
httpd.x86_64 0:2.4.6-90.el7.centos
Dependency Installed:
apr.x86_64 0:1.4.8-5.el7 apr-util.x86_64 0:1.5.2-6.el7 httpd-tools.x86_64 0:2.4.6-90.el7.centos
Complete!
[[email protected] ~]#
4>.准备测试数据
[[email protected] ~]# ll /var/www/html/ total 0 [[email protected] ~]# [[email protected] ~]# echo "<h1>node106.yinzhengjie.org.cnh1>" > /var/www/html/index.html [[email protected] ~]# [[email protected] ~]# mkdir /var/www/html/{app01,app02} [[email protected] ~]# [[email protected] ~]# echo "172.30.1.106 app01" > /var/www/html/app01/index.html [[email protected] ~]# [[email protected] ~]# echo "172.30.1.106 app02" > /var/www/html/app02/index.html [[email protected] ~]# [[email protected] ~]# ll /var/www/html/ -R /var/www/html/: total 4 drwxr-xr-x 2 root root 24 Jan 1 18:04 app01 drwxr-xr-x 2 root root 24 Jan 1 18:05 app02 -rw-r--r-- 1 root root 36 Jan 1 18:03 index.html /var/www/html/app01: total 4 -rw-r--r-- 1 root root 19 Jan 1 18:04 index.html /var/www/html/app02: total 4 -rw-r--r-- 1 root root 19 Jan 1 18:05 index.html [[email protected] ~]#
5>.启动httpd服务
[[email protected] ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 128 :::22 :::*
[[email protected] ~]#
[[email protected] ~]# systemctl start httpd
[[email protected] ~]#
[[email protected] ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 :::22 :::*
[[email protected] ~]#
[[email protected] ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 128 :::22 :::*
[[email protected] ~]#
[[email protected] ~]# systemctl start httpd
[[email protected] ~]#
[[email protected] ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 :::22 :::*
[[email protected] ~]#
[[email protected] ~]#
三.haproxy基于cookie实现的session保持实战案例
1>.编辑haproxy配置文件并重启服务使得配置生效(标红色的参数必须的配置)
[[email protected] ~]# cat /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /yinzhengjie/softwares/haproxy
#如果需要使用动态调度算法需要将socket功能打开
stats socket /yinzhengjie/softwares/haproxy/haproxy.sock mode 600 level admin
user haproxy
group haproxy
daemon
nbproc 2
cpu-map 1 0
cpu-map 2 1
nbthread 2
pidfile /yinzhengjie/softwares/haproxy/haproxy.pid
log 127.0.0.1 local5 info
defaults
option http-keep-alive
option forwardfor
option redispatch
option abortonclose
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:q1w2e3r4ys
listen WEB_PORT_80
bind 172.30.1.102:80
#指定"roundrobin"动态调度算法
balance roundrobin
#定义cookie的名称为"HAPROXY-COOKIE",这个名称咱们可以自定义
cookie HAPROXY-COOKIE insert indirect nocache
#访问任何一个后端web服务器客户端均会得到一个cookie值(这个咱们也可以自定义),这样可以保证同一个客户端访问的后端web服务器是同一个(前提是客户不清楚浏览器的缓存)
server web01 172.30.1.106:80 cookie httpd-106 check inter 3000 fall 3 rise 5
server web02 172.30.1.107:80 cookie httpd-107 check inter 3000 fall 3 rise 5
[[email protected] ~]#
[[email protected] ~]# systemctl restart haproxy
[[email protected] ~]#
2>.使用谷歌浏览器访问"http://node102.yinzhengjie.org.cn/"
3>.使用火狐浏览器访问"http://node102.yinzhengjie.org.cn/"
4>.使用curl命令行方式方式"http://node102.yinzhengjie.org.cn/"
[[email protected] ~]# for _ in `seq 10`;do curl --cookie "HAPROXY-COOKIE=httpd-106" http://node102.yinzhengjie.org.cn/;done #由于cookie是一样的,因此访问10次都访问的是同一台web服务器哟~ <h1>node106.yinzhengjie.org.cnh1> <h1>node106.yinzhengjie.org.cnh1> <h1>node106.yinzhengjie.org.cnh1> <h1>node106.yinzhengjie.org.cnh1> <h1>node106.yinzhengjie.org.cnh1> <h1>node106.yinzhengjie.org.cnh1> <h1>node106.yinzhengjie.org.cnh1> <h1>node106.yinzhengjie.org.cnh1> <h1>node106.yinzhengjie.org.cnh1> <h1>node106.yinzhengjie.org.cnh1> [[email protected] ~]# [[email protected] ~]# for _ in `seq 10`;do curl --cookie "HAPROXY-COOKIE=httpd-107" http://node102.yinzhengjie.org.cn/;done <h2>node107.yinzhengjie.org.cnh1> <h2>node107.yinzhengjie.org.cnh1> <h2>node107.yinzhengjie.org.cnh1> <h2>node107.yinzhengjie.org.cnh1> <h2>node107.yinzhengjie.org.cnh1> <h2>node107.yinzhengjie.org.cnh1> <h2>node107.yinzhengjie.org.cnh1> <h2>node107.yinzhengjie.org.cnh1> <h2>node107.yinzhengjie.org.cnh1> <h2>node107.yinzhengjie.org.cnh1> [[email protected] ~]#