Centos7编译安装haproxy2.4.16
Centos7编译安装haproxy2.4.16
环境准备
由于CentOS7之前版本自带的lua版本比较低并不符合HAProxy要求的lua最低版本(5.3)的要求,因此需要编译安装较新版本的lua环境,然后才能编译安装HAProxy,过程如下:
#当前系统版本
[root@centos7 ~]#lua -v
Lua 5.1.4 Copyright (C) 1994-2008 Lua.org, PUC-Rio
#安装基础命令及编译依赖环境
[root@centos7 ~]#yum install gcc readline-devel -y
[root@centos7 ~]#tar xf lua-5.4.4.tar.gz -C /usr/local/src/
[root@centos7 ~]#cd /usr/local/src/lua-5.4.4/
[root@centos7 lua-5.4.4]#make linux test
#查看编译安装的版本
[root@centos7 lua-5.4.4]#src/lua -v
Lua 5.4.4 Copyright (C) 1994-2022 Lua.org, PUC-Rio
1编译安装HAProxy
#HAProxy 2.0以上版本编译参数:
[root@centos7 ~]#yum -y install gcc openssl-devel pcre-devel systemd-devel
[root@centos7 lua-5.4.4]# cd ~
[root@centos7 ~]#tar xf haproxy-2.4.16.tar.gz -C /usr/local/src
[root@centos7 ~]#cd /usr/local/src/haproxy-2.4.16/
#查看安装方法
[root@centos7 haproxy-2.4.16]#less INSTALL
[root@centos7 haproxy-2.4.16]#less Makefile
#参考INSTALL文件进行编译安装
[root@centos7 haproxy-2.4.16]#make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_LUA=1 LUA_INC=/usr/local/src/lua-5.4.4/src/ LUA_LIB=/usr/local/src/lua-5.4.4/src/
[root@centos7 haproxy-2.4.16]#make install PREFIX=/apps/haproxy
[root@centos7 haproxy-2.4.16]#ln -s /apps/haproxy/sbin/haproxy /usr/sbin/
#查看生成的文件
[root@centos7 haproxy-2.4.16]#tree /apps/haproxy/
/apps/haproxy/
├── doc
│ └── haproxy
│ ├── 51Degrees-device-detection.txt
│ ├── architecture.txt
│ ├── close-options.txt
│ ├── configuration.txt
│ ├── cookie-options.txt
│ ├── DeviceAtlas-device-detection.txt
│ ├── intro.txt
│ ├── linux-syn-cookies.txt
│ ├── lua.txt
│ ├── management.txt
│ ├── netscaler-client-ip-insertion-protocol.txt
│ ├── network-namespaces.txt
│ ├── peers.txt
│ ├── peers-v2.0.txt
│ ├── proxy-protocol.txt
│ ├── regression-testing.txt
│ ├── seamless_reload.txt
│ ├── SOCKS4.protocol.txt
│ ├── SPOE.txt
│ └── WURFL-device-detection.txt
├── sbin
│ └── haproxy
└── share
└── man
└── man1
└── haproxy.1
6 directories, 22 files1.1验证HAProxy版本
#验证HAProxy版本:
[root@centos7 haproxy-2.4.16]#which haproxy
/usr/sbin/haproxy
[root@centos7 haproxy-2.4.16]#haproxy -v
HAProxy version 2.4.16-9d532c4 2022/04/29 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2026.
Known bugs: http://www.haproxy.org/bugs/bugs-2.4.16.html
Running on: Linux 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x86_64
#大写-V选项显示版本和帮助用法
[root@centos7 haproxy-2.4.16]# haproxy -v
HAProxy version 2.4.16-9d532c4 2022/04/29 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2026.
Known bugs: http://www.haproxy.org/bugs/bugs-2.4.16.html
Running on: Linux 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x86_64
[root@centos7 haproxy-2.4.16]# haproxy -V
HAProxy version 2.4.16-9d532c4 2022/04/29 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2026.
Known bugs: http://www.haproxy.org/bugs/bugs-2.4.16.html
Running on: Linux 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x86_64
Usage : haproxy [-f <cfgfile|cfgdir>]* [ -vdVD ] [ -n <maxconn> ] [ -N <maxpconn> ]
[ -p <pidfile> ] [ -m <max megs> ] [ -C <dir> ] [-- <cfgfile>*]
-v displays version ; -vv shows known build options.
-d enters debug mode ; -db only disables background mode.
-dM[<byte>] poisons memory with <byte> (defaults to 0x50)
-V enters verbose mode (disables quiet mode)
-D goes daemon ; -C changes to <dir> before loading files.
-W master-worker mode.
-Ws master-worker mode with systemd notify support.
-q quiet mode : don't display messages
-c check mode : only check config files and exit
-n sets the maximum total # of connections (uses ulimit -n)
-m limits the usable amount of memory (in MB)
-N sets the default, per-proxy maximum # of connections (0)
-L set local peer name (default to hostname)
-p writes pids of all children to this file
-de disables epoll() usage even when available
-dp disables poll() usage even when available
-dS disables splice usage (broken on old kernels)
-dG disables getaddrinfo() usage
-dR disables SO_REUSEPORT usage
-dL dumps loaded object files after config checks
-dr ignores server address resolution failures
-dV disables SSL verify on servers side
-dW fails if any warning is emitted
-dD diagnostic mode : warn about suspicious configuration statements
-sf/-st [pid ]* finishes/terminates old pids.
-x <unix_socket> get listening sockets from a unix socket
-S <bind>[,<bind options>...] new master CLI1.2准备HAProxy启动文件
#创建service文件
[root@centos7 haproxy-2.4.15]#vim /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
LimitNOFILE=100000
[Install]
WantedBy=multi-user.target
[root@centos7 haproxy-2.4.16]#systemctl daemon-reload1.3配置文件
#创建自定义的配置文件
[root@centos7 haproxy-2.4.16]#mkdir /etc/haproxy
[root@centos7 haproxy-2.4.16]#vim /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /apps/haproxy
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
#uid 99
#gid 99
user haproxy
group haproxy
daemon
#nbproc 4
#cpu-map 1 0
#cpu-map 2 1
#cpu-map 3 2
#cpu-map 4 3
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local2 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:123456
listen web_port
bind 10.0.0.7:80
mode http
log global
server web1 127.0.0.1:8080 check inter 3000 fall 2 rise 51.4启动 haproxy
#准备socket文件目录
[root@centos7 haproxy-2.4.16]#mkdir /var/lib/haproxy
#设置用户和目录权限
[root@centos7 haproxy-2.4.16]#useradd -r -s /sbin/nologin -d /var/lib/haproxy haproxy
[root@centos7 haproxy-2.4.16]#systemctl enable --now haproxy1.5验证 haproxy 状态
[root@centos7 haproxy-2.4.16]#systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
Active: active (running) since 六 2022-04-30 19:07:40 CST; 9s ago
Process: 2481 ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q (code=exited, status=0/SUCCESS)
Main PID: 2484 (haproxy)
CGroup: /system.slice/haproxy.service
├─2484 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy...
└─2488 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy...
4月 30 19:07:40 centos7.magedu.com systemd[1]: Starting HAProxy Load Balancer...
4月 30 19:07:40 centos7.magedu.com systemd[1]: Started HAProxy Load Balancer.
4月 30 19:07:40 centos7.magedu.com haproxy[2484]: [NOTICE] (2484) : New worker #1 (2488) forked
4月 30 19:07:40 centos7.magedu.com haproxy[2484]: [WARNING] (2488) : Server web_port/web1 i...e.
4月 30 19:07:40 centos7.magedu.com haproxy[2484]: [NOTICE] (2488) : haproxy version is 2.4...c4
4月 30 19:07:40 centos7.magedu.com haproxy[2484]: [NOTICE] (2488) : path to executable is ...xy
4月 30 19:07:40 centos7.magedu.com haproxy[2484]: [ALERT] (2488) : proxy 'web_port' has n...e!
Hint: Some lines were ellipsized, use -l to show in full.
[root@centos7 haproxy-2.4.16]#pstree -p |grep haproxy
|-haproxy(2484)---haproxy(2488)-+-{haproxy}(2489)
| |-{haproxy}(2490)
| `-{haproxy}(2491)1.6查看haproxy的状态页面
#浏览器访问:http://10.0.0.7:9999/haproxy-status 用户名:haadmin 密码:1234561.7haproxy配置文件haproxy.cfg
haproxy的配置文件haproxy.cfg由两大部分组成,分别是global和proxies部分
global:全局配置段
进程及安全配合相关的参数
性能调整相关参数
DEBUG参数
rpoxies:代理配置段
defaults:为frontend,backend,listen提供默认配置
frontend:前端,相当于nginx中的server {}
backend:后端,相当于nginx中的upstream {}
listen:同时拥有前端和后端配置,配置简单,生产推荐使用
1.8global配置参数说明
chroot #锁定运行目录
deamon #以守护进程运行
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin process 1 #socket文件
user, group, uid, gid #运行haproxy的用户身份
nbproc n #开启的haproxy worker进程数,一般和cpu个数匹配
cpu-map 1 0 #绑定haproxy worker 进程至指定CPU,将第1个work进程绑定至0号CPU
cpu-map 2 1 #绑定haproxy worker 进程至指定CPU,将第2个work进程绑定至1号CPU
maxconn n #每个haproxy进程的最大并发连接数
maxconnrate n #每个进程每秒创建的最大连接数量
spread-checks n #后端server状态check随机提前或延迟百分比时间,建议2-5(20%-50%)之间,默认值0
pidfile #指定pid文件路径
log 127.0.0.1 local2 info #定义全局的syslog服务器;日志服务器需要开启UDP协议,最多可以定义两个
1.9多进程和socket文件
[root@centos7 ~]# vim /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /apps/haproxy
stats socket /var/lib/haproxy/haproxy.sock1 mode 600 level admin process 1
stats socket /var/lib/haproxy/haproxy.sock2 mode 600 level admin process 2
#uid 99
#gid 99
user haproxy
group haproxy
daemon
nbproc 2
[root@centos7 ~]# systemctl restart haproxy
[root@centos7 ~]# pstree -p|grep haproxy
|-haproxy(1253)-+-haproxy(1256)
| `-haproxy(1257)
[root@centos7 ~]# ll /var/lib/haproxy/
总用量 4
-rw-r--r-- 1 root root 5 5月 1 16:57 haproxy.pid
srw------- 1 root root 0 5月 1 16:52 haproxy.sock
srw------- 1 root root 0 5月 1 16:57 haproxy.sock1
srw------- 1 root root 0 5月 1 16:57 haproxy.sock22.0haproxy日志配置
HAproxy本身不记录客户端的访问日志.此外为减少服务器负载,一般生产中HAProxy不记录日志。
2.0.1haproxy配置
#在global配置项定义:
log 127.0.0.1 local2 info
listen web_port
bind 10.0.0.7:80
mode http
log global #开启当前web_port的日志功能,默认不记录日志
server web1 127.0.0.1:8080 check inter 3000 fall 2 rise 5
# systemctl restart haproxy2.0.2rsyslog配置
$ModLoad imudp
$UDPServerRun 514 #放开这两行注释
......
local2.* /var/log/haproxy.logs
......
# systemctl restart rsyslog2.0.3验证haproxy日志
重启syslog服务并访问http://10.0.0.7:9999/haproxy-status 页面,然后验证是否生成日志
[root@centos7 ~]# tail -f /var/log/haproxy.log
May 1 17:03:48 localhost haproxy[1326]: Server web_port/web1 is DOWN, reason: Layer4 connection problem, info: "Connection refused", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
May 1 17:03:48 localhost haproxy[1325]: Server web_port/web1 is DOWN, reason: Layer4 connection problem, info: "Connection refused", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
May 1 17:03:48 localhost haproxy[1325]: proxy web_port has no server available!
May 1 17:03:48 localhost haproxy[1326]: proxy web_port has no server available!
May 1 17:04:31 localhost haproxy[1326]: Connect from 10.0.0.1:9382 to 10.0.0.7:9999 (stats/HTTP)
May 1 17:04:36 localhost haproxy[1326]: Connect from 10.0.0.1:9382 to 10.0.0.7:9999 (stats/HTTP)2.0.4实战案例:启动本地和远程日志
[root@centos7 ~]# vim /etc/haproxy/haproxy.cfg
log 127.0.0.1 local2 info
log 10.0.0.8 local2 info
[root@centos7 ~]# systemctl restart haproxy
#开启本地日志
$ModLoad imudp
$UDPServerRun 514 #放开这两行注释
......
local2.* /var/log/haproxy.log
......
[root@centos7 ~]# systemctl restart rsyslog
#开启远程主机日志
[root@centos8 ~]# vim /etc/rsyslog.conf
module(load="imudp") # needs to be done just once
input(type="imudp" port="514") #放开这两行注释
......
local2.* /var/log/haproxy.log
......
[root@centos8 ~]# systemctl restart rsyslog
#浏览器访问:http://haproxy-server:9999/haproxy-status 观察本机和远程主机生成的日志
[root@centos7 ~]# tail /var/log/haproxy.log
May 1 17:03:48 localhost haproxy[1326]: Server web_port/web1 is DOWN, reason: Layer4 connection problem, info: "Connection refused", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
May 1 17:03:48 localhost haproxy[1325]: Server web_port/web1 is DOWN, reason: Layer4 connection problem, info: "Connection refused", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
May 1 17:03:48 localhost haproxy[1325]: proxy web_port has no server available!
May 1 17:03:48 localhost haproxy[1326]: proxy web_port has no server available!
May 1 17:04:31 localhost haproxy[1326]: Connect from 10.0.0.1:9382 to 10.0.0.7:9999 (stats/HTTP)
May 1 17:04:36 localhost haproxy[1326]: Connect from 10.0.0.1:9382 to 10.0.0.7:9999 (stats/HTTP)
[root@centos8 ~]# tail /var/log/haproxy.log
May 1 17:21:22 10.0.0.7 haproxy[1368]: Connect from 10.0.0.1:9551 to 10.0.0.7:9999 (stats/HTTP)
May 1 17:21:26 10.0.0.7 haproxy[1368]: Connect from 10.0.0.1:9551 to 10.0.0.7:9999 (stats/HTTP)2.1proxies配置
defaults [<name>] #默认配置项,针对以下的frontend、backend和listen生效,可以多个name也可以没有name
frontend <name> #前端servername,类似于Nginx的一个虚拟主机 server和LVS服务集群。
backend <name> #后端服务器组,等于nginx的upstream和LVS中的RS服务器
listen <name> #将frontend和backend合并在一起配置,相对于frontend和backend配置更简洁,生产常用
2.1.1proxies配置-defaults
defaults 配置参数,不需要改动:
option redispatch #当server Id对应的服务器挂掉后,强制定向到其他健康的服务器,重新派发
option abortonclose #当服务器负载很高时,自动结束掉当前队列处理比较久的连接,针对业务情况选择开启
option http-keep-alive #开启与客户端的会话保持
option forwardfor #透传客户端真实IP至后端web服务器
mode http|tcp #设置默认工作类型,使用TCP服务器性能更好,减少压力
timeout http-keep-alive 120s #session 会话保持超时时间,此时间段内会转发到相同的后端服务器
timeout connect 120s #客户端请求从haproxy到后端server最长连接等待时间(TCP连接之前),默认单位ms
timeout server 600s #客户端请求从haproxy到后端服务端的请求处理超时时长(TCP连接之后),默认单位ms,如果超时,会出现502错误,此值建议设置较大些,访止502错误
timeout client 600s #设置haproxy与客户端的最长非活动时间,默认单位ms,建议和timeout server相同
timeout check 5s #对后端服务器的默认检测超时时间
default-server inter 1000 weight 3 #指定后端服务器的默认设置
2.1.2proxies配置-listen简化版配置
使用listen替换 frontend和backend的配置方式,可以简化设置,通常只用于TCP协议的应用
[root@centos7 ~]# vim /etc/haproxy/haproxy.cfg
listen WEB_PORT_80
bind 10.0.0.7:80
mode http
option forwardfor #透传客户端真实IP至后端web服务器
server web1 10.0.0.18:80 check inter 3000 fall 2 rise 5
server web2 10.0.0.28:80 check inter 3000 fall 2 rise 52.1.3proxies配置-fronted
frontend 配置参数:
bind: #指定haproxy的监听地址,可以同时监听多个IP或端口,可同时用于listen字段中
#格式
bind [<address>]:<port_range> [, ...] [param*]
#注意:如果需要绑定在非本机的IP,需要开启内核参数:net.ipv4.ip_nonlocal_bind=1
backlog <backlog> #针对所有server配置,当前端服务器的连接数达到上限后的后援队列长度,注意:不支持backend
范例:
listen http_proxy #监听http的多个IP的多个端口和sock文件
bind :80,:443,:8801-8810
bind 10.0.0.1:10080,10.0.0.1:10443
bind /var/run/ssl-frontend.sock user root mode 600 accept-proxy
listen http_https_proxy #https监听
bind :80
bind :443 ssl crt /etc/haproxy/site.pem #公钥和私钥公共文件
listen http_https_proxy_explicit #监听ipv6、ipv4和unix sock文件
bind ipv6@:80
bind ipv4@public_ssl:443 ssl crt /etc/haproxy/site.pem
bind unix@ssl-frontend.sock user root mode 600 accept-proxy
listen external_bind_app1 #监听file descriptor
bind "fd@${FD_APP1}"
生产范例:
frontend magedu_web_port #可以采用后面形式命名:业务-服务-端口号
bind :80,:8080
bind 10.0.0.7:10080,:8801-8810,10.0.0.17:9001-9010
mode http|tcp #指定负载协议类型
use_backend <backend_name> #调用的后端服务器组名称
2.1.4proxies配置-backend
定义一组后端服务器,backend服务器将被frontend进行调用。
注意: backend 的名称必须唯一,并且必须在listen或frontend中事先定义才可以使用,否则服务无法启动
mode http|tcp #指定负载协议类型,和对应的frontend必须一致
option #配置选项
server #定义后端real server,必须指定IP和端口
注意:option后面加 httpchk,smtpchk,mysql-check,pgsql-check,ssl-hello-chk方法,可用于实现更多应用层检测功能。
server 配置
#针对一个server配置
check #对指定real进行监控状态检查,默认不开启
addr <IP> #可指定的健康状态监测IP,可以是专门的数据网段,减少业务网络的流量
port <num> #指定的健康状态监测端口
inter <num> #健康状态检查间隔时间,默认2000 ms
fall <num> #后端服务器从线上转为线下的检查的连续失效次数,默认为3
rise <num> #后端服务器从下线恢复上线的检查的连续有效次数,默认为2
weight <weight> #权重,默认为1
backup #将后端服务器标记为备份状态,只有所有服务器宕机时提供服务,类似sorry server
disabled #将后端服务器标记为不可用状态
redir http://www.baiud.com #临时重定向(302)至其它URL,只适用于http模式
maxconn <maxconn> #当前后端server的最大并发连接数
2.1.5frontend+backend配置实例
范例1:
frontend magedu-test-http
bind :80,:8080
mode tcp
use_backend magedu-test-http-nodes
backend magedu-test-http-nodes
mode tcp
default-server inter 1000 weight 6
server web1 10.0.0.17:80 weight 2 check addr 10.0.0.117 port 8080
server web1 10.0.0.27:80 check
范例2:
#官网业务访问入口
[root@centos7 ~]# vim /etc/haproxy/haproxy.cfg
frontend WEB_PORT_80
bind 10.0.0.7:80
mode http
use_backend web_port_http_nodes
backend web_port_http_nodes
mode http
option forwardfor
server 10.0.0.18 10.0.0.18:80 check inter 3000 fall 3 rise 5
server 10.0.0.28 10.0.0.28:80 check inter 3000 fall 3 rise 5
[root@centos7 ~]# systemctl reload haproxy2.2使用子配置文件保存配置
当业务众多时,将所有配置都放在一个配置文件中,会造成维护困难。可以考虑按业务分类,将配置信息拆分,放在不同的子配置文件中,从而达到方便维护的目的。
注意: 子配置文件的文件后缀必须为.cfg
#创建子配置目录
[root@centos7 ~]# mkdir /etc/haproxy/conf.d/
#创建子配置文件,注意:必须为cfg后缀非.开头的配置文件
[root@centos7 ~]# vim /etc/haproxy/conf.d/test.cfg
frontend WEB_PORT_80
bind 10.0.0.7:80
mode http
use_backend web_port_http_nodes
backend web_port_http_nodes
mode http
option forwardfor
server 10.0.0.18 10.0.0.18:80 check inter 3000 fall 3 rise 5
server 10.0.0.28 10.0.0.28:80 check inter 3000 fall 3 rise 5
#添加子配置目录到unit文件中
[root@centos7 ~]# vim /lib/systemd/system/haproxy.service
[Service]
#修改下面两行
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf.d/ -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf.d/ -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
LimitNOFILE=100000
[Install]
WantedBy=multi-user.target
[root@centos7 ~]# systemctl daemon-reload
[root@centos7 ~]# haproxy -c -f /etc/haproxy/haproxy.cfg #检查配置文件语法
[root@centos7 ~]# systemctl restart haproxy目录 返回
首页