一、Haproxy的简介
Haproxy的官网站点:http://haproxy.com/
HAProxy提供高可用性、负载均衡以及基于TCP和HTTP应用的代 理,支持虚拟主机,它是免费、快速并且可靠的一种解决方案。HAProxy特别适用于那些负载特大的web站点,这些站点通常又需要会话保持或七层处理。HAProxy运行在当前的硬件上,完全可以支持数以万计的并发连接。并且它的运行模式使得它可以很简单安全的整合进您当前的架构中, 同时可以保护你的web服务器不被暴露到网络上。
HAProxy实现了一种事件驱动, 单一进程模型,此模型支持非常大的并发连接数。多进程或多线程模型受内存限制 、系统调度器限制以及无处不在的锁限制,很少能处理数千并发连接。事件驱动模型因为在有更好的资源和时间管理的用户端(User-Space) 实现所有这些任务,所以没有这些问题。此模型的弊端是,在多核系统上,这些程序通常扩展性较差。这就是为什么他们必须进行优化以 使每个CPU时间片(Cycle)做更多的工作。
摘自[百度百科]
二、Haproxy的工作模式
大致的意思就是:可以分为两部分,
第一部分是互联网,包括互联网上众多的路由设备、Firewall等;
第二部分是本地的网络架构,包括Firewall,proxy、Web server,Database等
Haproxy的注释Local balanceer in proxy mode -- 工作在代理模下是一个负载均衡的功能
通过Haproxy代理后端的Web server群集,如果需要与数据库交互,有Web server与Database建立连接。
三、Haproxy的安装和配置说明
CentOS 6.4系统中yum源提供的Haproxy的版本为1.5.2,在这里我们直接用yum安装
1、安装haproxy
# yum -y install haproxy # rpm -ql haproxy #可以查看yum安装Haproxy生成了哪些文件 /etc/haproxy /etc/haproxy/haproxy.cfg #haproxy的配置文件 /etc/logrotate.d/haproxy /etc/rc.d/init.d/haproxy #haproxy的服务脚本文件 /usr/bin/halog /usr/bin/iprange /usr/sbin/haproxy /usr/share/doc/haproxy-1.5.2 /usr/share/doc/haproxy-1.5.2/acl-content-sw.cfg /usr/share/doc/haproxy-1.5.2/acl.fig /usr/share/doc/haproxy-1.5.2/haproxy.cfg /usr/share/doc/haproxy-1.5.2/internals /usr/share/haproxy /usr/share/haproxy/400.http #400错误的状态码页面 /usr/share/haproxy/403.http #403错误的状态码页面 /usr/share/haproxy/408.http #408错误的状态码页面 /usr/share/haproxy/500.http #500错误的状态码页面 /usr/share/haproxy/502.http #502错误的状态码页面 /usr/share/haproxy/503.http #503错误的状态码页面 /usr/share/haproxy/504.http #504错误的状态码页面 /usr/share/man/man1/halog.1.gz #可以直接使用man halog查看命令的使用语法 /usr/share/man/man1/haproxy.1.gz #可以直接使用man haproxy查看命令的使用语法 /var/lib/haproxy .....
2、haproxy的配置文件说明
# cd /etc/haproxy/ # cp haproxy.cfg haproxy.cfg.bak # vim haproxy.cfg ********************************************************************** #--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global #全局配置文件 # to have these messages end up in /var/log/haproxy.log you will # need to: #配置日志 # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog #修改syslog配置文件 # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog #定义日志设备 # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 #日志配置,所有的日志都记录本地,通过local2输出 chroot /var/lib/haproxy #改变haproxy的工作目录 pidfile /var/run/haproxy.pid #指定pid文件的路径 maxconn 4000 #最大连接数的设定 user haproxy #指定运行服务的用户 group haproxy #指定运行服务的用户组 daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http #默认使用协议,可以为{http|tcp|health} http:是七层协议 tcp:是四层 health:只返回OK log global #全局日志记录 option httplog #详细记录http日志 option dontlognull #不记录空日志 option http-server-close #启用http-server-close option forwardfor except 127.0.0.0/8 #来自这些信息的都不forwardfor option redispatch #重新分发,ServerID对应的服务器宕机后,强制定向到其他运行正常的服务器 retries 3 #3次连接失败则认为服务不可用 timeout http-request 10s #默认http请求超时时间 timeout queue 1m #默认队列超时时间 timeout connect 10s #默认连接超时时间 timeout client 1m #默认客户端超时时间 timeout server 1m #默认服务器超时时间 timeout http-keep-alive 10s #默认持久连接超时时间 timeout check 10s #默认检查时间间隔 maxconn 3000 #最大连接数 #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- frontend main *:5000 #定义ACL规则以如".html"结尾的文件;-i:忽略大小写 acl url_static path_beg -i /static /images /javascript /stylesheets acl url_static path_end -i .jpg .gif .png .css .js use_backend static if url_static #调用后端服务器并检查ACL规则是否被匹配 default_backend app #客户端访问时默认调用后端服务器地址池 #--------------------------------------------------------------------- # static backend for serving up images, stylesheets and such #--------------------------------------------------------------------- backend static #定义后端服务器 balance roundrobin #定义算法;基于权重进行轮询 server static 127.0.0.1:4331 check check:启动对后端server的健康状态检测 #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend app balance roundrobin server app1 127.0.0.1:5001 check server app2 127.0.0.1:5002 check server app3 127.0.0.1:5003 check server app4 127.0.0.1:5004 check
3、haproxy的命令详解
# haproxy -h HA-Proxy version 1.5.2 2014/07/12 Copyright 2000-2014 Willy Tarreau <[email protected]> Usage : haproxy [-f <cfgfile>]* [ -vdVD ] [ -n <maxconn> ] [ -N <maxpconn> ] [ -p <pidfile> ] [ -m <max megs> ] [ -C <dir> ] -v displays version ; -vv shows known build options. -d enters debug mode ; -db only disables background mode. -dM[<byte>] poisons memory with <byte> (defaults to 0x50) -V enters verbose mode (disables quiet mode) -D goes daemon ; -C changes to <dir> before loading files. -q quiet mode : don't display messages -c check mode : only check config files and exit -n sets the maximum total # of connections (2000) -m limits the usable amount of memory (in MB) -N sets the default, per-proxy maximum # of connections (2000) -L set local peer name (default to hostname) -p writes pids of all children to this file -de disables epoll() usage even when available -dp disables poll() usage even when available -dS disables splice usage (broken on old kernels) -dV disables SSL verify on servers side -sf/-st [pid ]* finishes/terminates old pids. Must be last arguments.
4、配置Haproxy的日志
默认情况下,Haproxy没有启用日志文件,但是我们可以根据haproxy的配置文件做修改。 (1)修改系统日志的配置文件 # vim /etc/sysconfig/rsyslog SYSLOGD_OPTIONS="-c 2 -r" (2)增加日志设备 # vim /etc/rsyslog.conf local2.* /var/log/haproxy.log (3)重启一下日志服务 # /etc/init.d/rsyslog restart 关闭系统日志记录器: [确定] 启动系统日志记录器: [确定] (4)查看日志记录信息 # tail -f /var/log/haproxy.log
四、Haproxy负载均衡web
1、一个配置示例:
Haproxy-Server:192.168.0.105
Apache1-Client:192.168.0.102
Apache2-Client:192.168.0.106
********************************************************************** #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 30000 listen stats mode http bind 0.0.0.0:1080 stats enable stats hide-version stats uri /haproxyadmin?stats stats realm Haproxy\ Statistics stats auth admin:123456 stats admin if TRUE frontend http-in bind *:80 mode http log global option httpclose option logasap option dontlognull capture request header Host len 20 capture request header Referer len 60 default_backend servers frontend healthcheck bind :1099 mode http option httpclose option forwardfor default_backend servers backend servers balance roundrobin server websrv1 192.168.0.102:80 check maxconn 2000 server websrv2 192.168.0.106:80 check maxconn 2000 **********************************************************************
2、启动Haproxy服务
# service haproxy start 正在启动 haproxy: [确定]
3、浏览器访问
单独访问Apache1:192.168.0.102
单独访问Apache2:192.168.0.106
多次刷新访问Haproxy:192.168.0.105
多次刷新Haproxy的website,会切换到后端不同的webserver主机上。
五、Haproxy的状态监控
1、Haproxy的监控页面
listen stats #关联前端和后端定义一个完整的代理 mode http #设置代理协议 bind 0.0.0.0:1080 #绑定相应的端口 stats enable #开启Haproxy统计状态 stats refresh 3s #统计页面自动刷新时间间隔 stats hide-version #隐藏代理服务器版本 stats uri /haproxyadmin?stats #访问的url stats realm Haproxy\ Statistics #统计页面认证时提示内容信息 stats auth admin:123456 #设置登录用户和密码 stats admin if TRUE #如果认证通过,则就可以打开stats
2、访问监控页面
(1)登陆监控页面
admin/123456
(2)查看监控页面
(3)模拟一下故障
# service httpd stop 停止 httpd: [确定]
(4)在次查看监控页面
六、Haproxy的动静分离
注释说明:
在这里说明动静分离的演示流程,后端分别三台负载均衡主机上放上同样的页面,静态页面index.html,动态页面a.php;然后访问haproxy主机的静态页面和动态页面,来判断访问的是那台主机
1、动静分离的主机分配
Haproxy:192.168.0.105 proxy
Apache1:192.168.0.102 static
Apache2:192.168.0.106 static
Nginx01:192.168.0.107 dynamic
2、浏览器分别访问各个主机
Apache1:192.168.0.102 static
Apache1:192.168.0.102 dynamic
Apache1:192.168.0.106 static
Apache1:192.168.0.106 dynamic
Nginx01:192.168.0.107 static
Nginx01:192.168.0.107 dynamic
3、haproxy动静分离的配置
#--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 30000 listen stats mode http bind 0.0.0.0:1080 stats enable stats hide-version stats uri /haproxyadmin?stats stats realm Haproxy\ Statistics stats auth admin:123456 stats admin if TRUE frontend http-in bind *:80 mode http log global option httpclose option logasap option dontlognull capture request header Host len 20 capture request header Referer len 60 acl url_static path_end -i .html .jpg .gif acl url_dynamic path_end -i .php default_backend servers use_backend lnmmp if url_dynamic backend servers balance roundrobin server websrv1 192.168.0.102:80 check rise 2 fall 1 weight 2 maxconn 2000 server websrv2 192.168.0.106:80 check rise 2 fall 1 weight 2 maxconn 2000 backend lnmmp balance source server websrv3 192.168.0.107:80 check rise 2 fall 1 maxconn 2000
4、动静分离访问测试
七、近期网络架构
期望网友能够指点架构的优缺点,后期将会发布此博文