HAproxy 负载均衡(对后端具备健康检测)
HAproxy 负载均衡(对后端具备健康检测)
因为haproxy的包里有.spec文件,所以我们可以用rpm命令来自己构建ha的rpm包:
53 yum install rpm-build -y 57 rpmbuild -tb /usr/src/haproxy-1.7.3.tar.gz 58 yum install pcre-devel -y 59 rpmbuild -tb /usr/src/haproxy-1.7.3.tar.gz 60 yum install gcc -y 61 rpmbuild -tb /usr/src/haproxy-1.7.3.tar.gz 62 cd rpmbuild/RPMS/ [root@server1 x86_64]# lshaproxy-1.7.3-1.x86_64.rpm
[root@server1 x86_64]# rpm -qpl haproxy-1.7.3-1.x86_64.rpm /etc/haproxy /etc/rc.d/init.d/haproxy /usr/sbin/haproxy /usr/share/doc/haproxy-1.7.3/usr/share/doc/haproxy-1.7.3/CHANGELOG /usr/share/doc/haproxy-1.7.3/README /usr/share/doc/haproxy-1.7.3/architecture.txt /usr/share/doc/haproxy-1.7.3/configuration.txt /usr/share/doc/haproxy-1.7.3/intro.txt /usr/share/doc/haproxy-1.7.3/management.txt /usr/share/doc/haproxy-1.7.3/proxy-protocol.txt /usr/share/man/man1/haproxy.1.gz
[root@server1 x86_64]# rpm -ivh haproxy-1.7.3-1.x86_64.rpm Preparing... ########################################### [100%] 1:haproxy ########################################### [100%][root@server1 x86_64]# rpm -ivh haproxy-1.7.3-1.x86_64.rpm Preparing... ########################################### [100%] 1:haproxy ########################################### [100%]
因为ha默认无配置文件,所以要解压ha包,获取实例文件的配置文件:
76 tar zxvf /usr/src/haproxy-1.7.3.tar.gz -C /mnt/ 77 cd /mnt/ 78 ls 79 cd haproxy-1.7.3/ 80 ls 81 cd examples/ 82 ls 83 vim content-sw-sample.cfg 84 cp content-sw-sample.cfg /etc/haproxy/ 85 cd /etc/haproxy/ 86 ls 87 mv content-sw-sample.cfg haproxy.cfg 88 ls 89 history
添加用户:
93 id haproxy 94 groupadd haproxy 95 groupadd -g 200 haproxy 96 groupdel haproxy 97 groupadd -g 200 haproxy 98 useradd -u 200 -g 200 haproxy 99 id haproxy
1 负载均衡 对后端rs具有健康检测:
20 frontend public 21 bind *:80 name clear 23 default_backend static 24 25 # The static backend backend for 'Host: img', /img and /css. 26 backend static 27 balance roundrobin 28 server web1 172.25.79.2:80 check inter 1000 29 server web2 172.25.79.3:80 check inter 1000 30
开启,查看端口:
106 /etc/init.d/haproxy start
107 vim haproxy.cfg
108 netstat -antlp
root@server1 haproxy]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1620/haproxy
测试:
[root@niub images]# curl 172.25.79.1 www.westos.com server3 [root@niub images]# curl 172.25.79.1 www.westos.com server2 [root@niub images]# curl 172.25.79.1 www.westos.com server3 [root@niub images]# curl 172.25.79.1
当把2挂掉之后,查看:
[root@niub images]# curl 172.25.79.1 www.westos.com server3 [root@niub images]# curl 172.25.79.1 www.westos.com server3 [root@niub images]# curl 172.25.79.1 www.westos.com server3 说明ha对rs具有健康监测的作用。对用户来说是透明的
2 定义访问控制列表acl配置
(1)基于IP的访问控制
use_backend [{if | unless} ]
当if/unless一个基于ACL的条件匹配时切换指定backend
(2)七层请求的访问控制
http-request { allow | deny |add-header |set-header } [ { if | unless } ]
(3)四层请求访问控制
tcp-request connection {accept|reject} [{if | unless} ]
listen ssh bind :22022 balance leastconn acl invalid_src src 172.16.200.2 tcp-request connection reject if invalid_src mode tcp server sshsrv1 172.16.100.6:22 check server sshsrv2 172.16.100.7:22 check backup
设置黑名单:
3 对错误页面重定向到其他页面:
4 直接重定向网页:
5 基于ACL的动静分离示例
frontend web *:80 acl url_static path_beg -i /static /images /javascript /stylesheets acl url_static path_end -i .jpg .gif .png .css .js .html .txt .htm use_backend staticsrvs if url_static default_backend appsrvs backend staticsrvs balance roundrobin server stcsrv1 172.16.100.6:80 check backend appsrvs balance roundrobin server app1 172.16.100.7:80 check server app1 172.16.100.7:8080 check listen stats bind :9091 stats enable stats auth admin:admin stats admin if TRUE #一个ACL定义了两个条件,如果用户的请求满足PATH中带有/static /images /javascript /stylesheets 这些字符的, 或者path是以.jpg .gif .png .css .js .html .txt .htm 这些字符结尾的就匹配ACL定义 #满足ACL定义的请求为静态请求,被调度到后端的staticsrvs机组上 #不满组以上两个条件的请求默认调度都后端包含两台服务器轮询的appsrvs机组上
目录 返回
首页