HAProxy是一个开源的、高性能的、基于TCP(第四层)和HTTP(第七层)应用的负载均衡软件,借助HAProxy可以快速、可靠地提供基于TCP和HTTP应用地负载均衡解决方案。HAProxy作为一个专业地负载均衡软件。
1、可靠性和稳定性非常好,可以与硬件级的F5负载均衡设备相媲美。
2、最高可以同时维护40000~50000个·并发连接,单位时间内处理的最带请求数为:20000个,最大数据处理能力可达10Gbps,作为软件级别的负载均衡来说,HAProxy的性能强大可见一斑。
3、支持多于8中的负载均衡算法,同时也支持session保持。
4、支持虚拟主机功能,这样实现Web负载均衡更加灵活。
5、从HAProxy1.3版本后开始支持连接拒绝、全透明代理等功能,这些功能是其他负载均衡器所不具备的。
6、HAProxy拥有一个功能强大的服务器状态监控页面,通过此页面可以实时了解系统的运行状况。
7、HAProxy拥有功能强大的ACL支持,能给使用带来很大方便。
HAProxy是借助于操作系统的技术特性来实现性能最大化的,因此,在使用HAProxy时,对操作系统进行性能调优时是非常重要的。在业务方面HAProxy非常适用于并发量特别大且需要持久连接或四层和七层处理机制的Web系统,例如门户网站或者电商网站等。另外。HAproxy也可用于MySQL数据库(读操作)的负载均衡
TCP 和 HTTP反向代理
支持动态程序的反向代理
支持基于数据库的反向代理
SSL/TSL服务器
可以针对HTTP请求添加cookie,进行路由后端服务器
可平衡负载至后端服务器,并支持持久连接
支持所有主服务器故障切换至备用服务器
支持专用端口实现监控服务
支持停止接受新连接请求,而不影响现有连接
可以在双向添加,修改或删除HTTP报文首部
响应报文压缩
支持基于pattern实现连接请求的访问控制
通过特定的URI为授权用户提供详细的状态信
HAProxy 支持基于 lua 实现功能扩展, lua 是一种小巧的脚本语言,于 1993 年由巴西里约热内卢天主教大 学(Pontifical Catholic University of Rio de Janeiro )里的一个研究小组开发,其设计目的是为了嵌入 应用程序中,从而为应用程序提供灵活的扩展和定制功能。
当前系统版本
[root@shen ~]# lua -v
Lua 5.1.4 Copyright (C) 1994-2008 Lua.org, PUC-Rio
安装基础命令以及编译依赖环境
[root@shen ~]# yum install wget gcc readline-devel -y
[root@shen ~]# wget http://www.lua.org/ftp/lua-5.3.5.tar.gz
[root@shen ~]# tar xf lua-5.3.5.tar.gz -C /usr/local/src/
[root@shen src]# cd /usr/local/src/lua-5.3.5/
[root@shen lua-5.3.5]# make linux test
查看编译安装的版本
[root@shen lua-5.3.5]# src/lua -v
Lua 5.3.5 Copyright (C) 1994-2018 Lua.org, PUC-Rio
#HAProxy 1.8及1.9版本编译参数:
make ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/usr/local/haproxy
#HAProxy 2.0以上版本编译参数:本文使用的是社区版2.6.13
[root@shen ~]# yum -y install gcc openssl-devel pcre-devel systemd-devel
[root@shen ~]# tar xf haproxy-2.6.13.tar.gz -C /usr/local/src/
[root@shen ~]# cd /usr/local/src/haproxy-2.6.13/
[root@shen haproxy-2.6.13]# cat README
[root@shen haproxy-2.6.13]# ll Makefile
-rw-rw-r--. 1 root root 49679 May 2 20:20 Makefile
参考INSTALL文件进行编译安装
[root@shen haproxy-2.6.13]# cat INSTALL
[root@shen haproxy-2.6.13]# make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_LUA=1 LUA_INC=/usr/local/src/lua-5.3.5/src/ LUA_LIB=/usr/local/src/lua-5.3.5/src/
[root@shen haproxy-2.6.13]# make install PREFIX=/apps/haproxy
[root@shen haproxy-2.6.13]# ln -s /apps/haproxy/sbin/haproxy /usr/sbin/
查看生成文件
[root@shen haproxy-2.6.13]# tree /apps/haproxy/
/apps/haproxy/
├── doc
│ └── haproxy
│ ├── 51Degrees-device-detection.txt
│ ├── architecture.txt
│ ├── close-options.txt
│ ├── configuration.txt
│ ├── cookie-options.txt
│ ├── DeviceAtlas-device-detection.txt
│ ├── intro.txt
│ ├── linux-syn-cookies.txt
│ ├── lua.txt
│ ├── management.txt
│ ├── netscaler-client-ip-insertion-protocol.txt
│ ├── network-namespaces.txt
│ ├── peers.txt
│ ├── peers-v2.0.txt
│ ├── proxy-protocol.txt
│ ├── regression-testing.txt
│ ├── seamless_reload.txt
│ ├── SOCKS4.protocol.txt
│ ├── SPOE.txt
│ └── WURFL-device-detection.txt
├── sbin
│ └── haproxy
└── share
└── man
└── man1
└── haproxy.1
6 directories, 22 files
验证HAProxy版本
[root@shen haproxy-2.6.13]# which haproxy
/usr/sbin/haproxy
[root@shen haproxy-2.6.13]# haproxy -v
HAProxy version 2.6.13-234aa6d 2023/05/02 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2027.
Known bugs: http://www.haproxy.org/bugs/bugs-2.6.13.html
Running on: Linux 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64
[root@shen haproxy-2.6.13]# haproxy -vv
HAProxy version 2.6.13-234aa6d 2023/05/02 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2027.
Known bugs: http://www.haproxy.org/bugs/bugs-2.6.13.html
Running on: Linux 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64
Build options :
TARGET = linux-glibc
CPU = generic
CC = cc
CFLAGS = -m64 -march=x86-64 -O2 -g -Wall -Wextra -Wundef -Wdeclaration-after-statement -Wfatal-errors -Wtype-limits -fwrapv -Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wno-string-plus-int -Wno-atomic-alignment
OPTIONS = USE_PCRE=1 USE_OPENSSL=1 USE_LUA=1 USE_ZLIB=1 USE_SYSTEMD=1
DEBUG = -DDEBUG_STRICT -DDEBUG_MEMORY_POOLS
Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H -DEVICEATLAS +DL -ENGINE +EPOLL -EVPORTS +GETADDRINFO -KQUEUE +LIBCRYPT +LINUX_SPLICE +LINUX_TPROXY +LUA -MEMORY_PROFILING +NETFILTER +NS -OBSOLETE_LINKER +OPENSSL -OT +PCRE -PCRE2 -PCRE2_JIT -PCRE_JIT +POLL +PRCTL -PROCCTL -PROMEX -QUIC +RT -SLZ -STATIC_PCRE -STATIC_PCRE2 +SYSTEMD +TFO +THREAD +THREAD_DUMP +TPROXY -WURFL +ZLIB
Default settings :
bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with multi-threading support (MAX_THREADS=64, default=2).
Built with OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.5
Built with network namespace support.
Support for malloc_trim() is enabled.
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Encrypted password support via crypt(3): yes
Built with gcc compiler version 4.8.5 20150623 (Red Hat 4.8.5-44)
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available multiplexer protocols :
(protocols marked as cannot be specified using 'proto' keyword)
h2 : mode=HTTP side=FE|BE mux=H2 flags=HTX|HOL_RISK|NO_UPG
fcgi : mode=HTTP side=BE mux=FCGI flags=HTX|HOL_RISK|NO_UPG
: mode=HTTP side=FE|BE mux=H1 flags=HTX
h1 : mode=HTTP side=FE|BE mux=H1 flags=HTX|NO_UPG
: mode=TCP side=FE|BE mux=PASS flags=
none : mode=TCP side=FE|BE mux=PASS flags=NO_UPG
Available services : none
Available filters :
[CACHE] cache
[COMP] compression
[FCGI] fcgi-app
[SPOE] spoe
[TRACE] trace
[root@shen ~]# vim /usr/lib/systemd/system/haproxy.service
[root@shen ~]# cat /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
默认缺少配置文件,无法启动
[root@shen ~]# systemctl daemon-reload
[root@shen ~]# systemctl start haproxy
Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xe" for details.
[root@shen ~]# tail /var/log/messages
Aug 31 09:55:24 shen dbus[665]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Aug 31 09:55:24 shen nm-dispatcher: req:1 'dhcp4-change' [ens33]: new request (2 scripts)
Aug 31 09:55:24 shen systemd: Started Network Manager Script Dispatcher Service.
Aug 31 09:55:24 shen nm-dispatcher: req:1 'dhcp4-change' [ens33]: start running ordered scripts...
Aug 31 09:55:37 shen systemd: Reloading.
Aug 31 09:55:46 shen systemd: Starting HAProxy Load Balancer...
Aug 31 09:55:46 shen systemd: haproxy.service: control process exited, code=exited status=1
Aug 31 09:55:46 shen systemd: Failed to start HAProxy Load Balancer.
Aug 31 09:55:46 shen systemd: Unit haproxy.service entered failed state.
Aug 31 09:55:46 shen systemd: haproxy.service failed.
查看配置文件范例
[root@shen ~]# tree /usr/local/src/haproxy-2.6.13/examples/
/usr/local/src/haproxy-2.6.13/examples/
├── basic-config-edge.cfg
├── content-sw-sample.cfg
├── errorfiles
│ ├── 400.http
│ ├── 403.http
│ ├── 408.http
│ ├── 500.http
│ ├── 502.http
│ ├── 503.http
│ ├── 504.http
│ └── README
├── haproxy.init
├── option-http_proxy.cfg
├── quick-test.cfg
├── socks4.cfg
├── transparent_proxy.cfg
└── wurfl-example.cfg
1 directory, 16 file
创建自定义的配置文件
[root@shen ~]# mkdir /etc/haproxy
[root@shen ~]# vim /etc/haproxy/haproxy.cfg
[root@shen ~]# cat /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /apps/haproxy
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
#uid 99
#gid 99
user haproxy
group haproxy
daemon
#nbproc 4
#cpu-map 1 0
#cpu-map 2 1
#cpu-map 3 2
#cpu-map 4 3
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local2 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:123456
listen web_port
bind 192.168.226.150:80
mode http
log global
server web1 127.0.0.1:8080 check inter 3000 fall 2 rise 5
[root@shen ~]# mkdir /var/lib/haproxy
[root@shen ~]# useradd -r -s /sbin/nologin -d /var/lib/haproxy haproxy
[root@shen ~]# systemctl enable --now haproxy
Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.
haproxy.cfg 文件中定义了 chroot 、 pidfile 、 user 、 group 等参数,如果系统没有相应的资源会导致 haproxy无法启动,具体参考日志文件 /var/log/messages
[root@shen ~]# systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2023-08-31 10:02:48 +08; 2min 12s ago
Process: 2577 ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q (code=exited, status=0/SUCCESS)
Main PID: 2580 (haproxy)
CGroup: /system.slice/haproxy.service
├─2580 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
└─2584 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
Aug 31 10:02:48 shen.example.com systemd[1]: Starting HAProxy Load Balancer...
Aug 31 10:02:48 shen.example.com systemd[1]: Started HAProxy Load Balancer.
Aug 31 10:02:48 shen.example.com haproxy[2580]: [NOTICE] (2580) : haproxy version is 2.6.13-234aa6d
Aug 31 10:02:48 shen.example.com haproxy[2580]: [NOTICE] (2580) : path to executable is /usr/sbin/...oxy
Aug 31 10:02:48 shen.example.com haproxy[2580]: [ALERT] (2580) : config : parsing [/etc/haproxy/h...ng.
Aug 31 10:02:48 shen.example.com haproxy[2580]: [NOTICE] (2580) : New worker (2584) forked
Aug 31 10:02:48 shen.example.com haproxy[2580]: [NOTICE] (2580) : Loading success.
Aug 31 10:02:48 shen.example.com haproxy[2580]: [WARNING] (2584) : Server web_port/web1 is DOWN, re...ue.
Aug 31 10:02:48 shen.example.com haproxy[2580]: [ALERT] (2584) : proxy 'web_port' has no server a...le!
Hint: Some lines were ellipsized, use -l to show in full.
浏览器访问: http://192.168.226.150:9999/haproxy-status
如果无法访问,注意防火墙是否关闭