Deploy Haproxy 1.7.2, centos7.2haproxy

Deploy Haproxy 1.7.2, centos7.2haproxy

Original article published on cu:

Reference:

This article involves the installation of haproxy and simple configuration.

I. Environment preparation 1. Operating System

CentOS-7-x86_64-Everything-1511

2. Haproxy version

As of, the haproxy stable version is 1.7.2: http://www.haproxy.org/download/1.7/src/haproxy-1.7.2.tar.gz

3. Topology

Ii. Install Haproxy 1. Download

[root@elk-node2 ~]# cd /usr/local/src/[root@elk-node2 src]# wget http://www.haproxy.org/download/1.7/src/haproxy-1.7.2.tar.gz

2. Compile and install

# "TARGET" indicates the kernel version of the corresponding OS to be compiled. You can use "uname-r" to query the kernel version, README file can query ing [root @ elk-node2 src] # tar-zxvf haproxy-1.7.2.tar.gz [root @ elk-node2 src] # cd haproxy-1.7.2 [root @ elk-node2 haproxy-1.7.2] # make TARGET = linux2628 PREFIX =/ usr/local/haproxy [root @ elk-node2 haproxy-1.7.2] # make install PREFIX =/usr/local/haproxy

3. Configure Haproxy 1. Configure the user

[root@elk-node2 ~]# groupadd haproxy[root@elk-node2 ~]# useradd -g haproxy haproxy -s /sbin/nologin

2. Configuration File 1) Detailed description of the configuration file

# There are no configuration files in the default installation directory. There are only three directories, "doc", "sbin", and "share". You can create directories and configuration files manually; # haproxy configuration file is mainly the following five parts: global configuration, ults default configuration, monitoring page configuration, frontend configuration, backend configuration [root @ elk-node2 ~] # Mkdir-p/usr/local/haproxy/etc [root @ elk-node2 ~] # Cd/usr/local/haproxy/etc/[root @ elk-node2 etc] # vim haproxy. cfg # global configuration, used to set the global parameters, which belong to the process-level configuration, usually related to the operating system configuration. global # defines global logs, which are configured locally and output through local0. The default value is info, you can configure two log 127.0.0.1 local0 warning # define the log level [error warning info debug] # log 127.0.0.1 local1 info # Run path chroot/usr/local/haproxy # PID file storage path pidfile/var /run/haproxy. pid # set the maximum number of concurrent connections per haproxy process, which is equivalent to the command line option "-n"; the result of "ulimit-n" Automatic calculation is set by referring to this parameter. maxconn 4096 # Run the haproxy user, or use the keyword uid user haproxy # Run the haproxy user group, or use the keyword gid group haproxy # Run haproxy daemon in the background # set the number of started haproxy processes, it can only be used for haproxy in daemon mode; # Only one process is started by default. In view of debugging difficulties and other reasons, the multi-process mode is generally used only in scenarios where a single process can only open a few file descriptors. nbproc 1 # set the maximum number of file descriptors that each process can open. By default, the maximum number of file descriptors is automatically calculated. Therefore, this option is not recommended. # ulimit-n 819200 # debugging level. Generally, debugging is only performed when a single process is enabled and the production environment is disabled. # debug # No information is displayed after haproxy is started, this is the same as the "-q" parameter added when the command line starts haproxy # quiet # defines the location where statistics are stored. stats socket/usr/local/haproxy/stats # default ults # default mode [tcp: layer 4; http: Layer 7; health: Only Return OK] mode http # inherit the global log definition output log global # log category, httplog # option httplog # If the backend server needs to record the real ip address of the client, add the "X-Forwarded-For" field to the HTTP request; # However, when haproxy's health check mechanism accesses the backend server, access logs should not be recorded. You can use the snapshot t to exclude 127.0.0.0, that is, haproxy itself. # option forwardfor protocol T 127.0.0.0/8 option forwardfor # enable the server-side disable function in http. After each request is complete, the http channel is automatically closed to support persistent connections so that sessions can be reused, so that every log record is recorded. option httpclose # If an empty connection is generated, logs of this empty connection will not be recorded. option dontlognull # When the session with the backend server fails (Server failure or other reasons), the session is re-distributed to other healthy servers; when the faulty server recovers, the session is directed to the recovered server; # You can also use the "retries" keyword to set the number of attempts to connect when a session fails. option redispatch retries 3 # When the haproxy load is high, the link for processing the queue for a long time is automatically terminated. option abortonclose # default http request timeout http-request 10 s # default queue timeout. When the backend server is under high load, requests sent from haproxy are put into a queue. timeout queue 1 m # timeout time for connecting haproxy to the backend server. timeout connect 5S # after the client is connected to haproxy, data transmission is complete, there is no data transmission, that is, the timeout time of the inactive connection. timeout client 1 m # timeout value for the idle connection between haproxy and the backend server. timeout server 1 m # default timeout time for new http request connection establishment. resources can be released as soon as possible to save resources. timeout http-keep-alive 10 s # Heartbeat detection timeout check 10 s # maxconn 2000 # Set the default Load Balancing mode # balance source # balnace leastconn # configuration on the statistics page, combination of frontend and backend. The Monitoring Group name can be customized as needed. listen admin_status # configure monitoring running mode http # configure the access port bind 0.0.0.0 on the statistics page: 1080 # default maximum number of connections on the statistics page maxconn 10 # http log format option httplog # enable stats enable # hide haproxy version information on the statistics page stats hide-version # monitoring Page Automatic refresh time stats refresh 30 s # Visit url stats uri/stats on the statistics page # The Password box on the statistics page prompts the text stats realm MCM \ Haproxy # user and password on the monitoring page: admin. You can set multiple user names: stats auth admin: admin # manually start/disable backend servers, you can use the web management node stats admin if TRUE # To set the haproxy error page errorfile 400/usr/local/haproxy/errorfiles/400. http errorfile 403/usr/local/haproxy/errorfiles/403. http errorfile 408/usr/local/haproxy/errorfiles/408. http errorfile 500/usr/local/haproxy/errorfiles/500. http errorfile 502/usr/local/haproxy/errorfiles/502. http errorfile 503/usr/local/haproxy/errorfiles/503. http errorfile 504/usr/local/haproxy/errorfiles/504. http # monitor the monitoring status of the haproxy backend server listen site_status bind 0.0.0.0: 1081 # listener port mode http # http layer-7 mode log 127.0.0.1 local2 err # [err warning info debug] monitor-uri/site_status # website health check URL, it is used to check whether the website managed by HAProxy can be used. The system returns 200 normally, and the system returns 503 acl site_dead nbsrv (php_server) abnormally) lt 1 # define the policy for website down. If the number of valid machines in the specified backend mounted to Server Load balancer is smaller than 1, true acl site_dead nbsrv (html_server) is returned) lt 1 acl site_dead nbsrv (backend_default) lt 1 monitor fail if site_dead # if the policy is met, 503 is returned. The online document says 500, the actual test is 503 monitor-net 192.168.4.171/32 # logs from 192.168.4.152 are not recorded and forwarded by monitor-net 192.168.4.172/32 # frontend, customize frontend HAproxy_Cluster # define the frontend listening port. We recommend that you use the bind *: 80 format. Otherwise, if the cluster is highly available, the vip address cannot be accessed when switched to other machines. bind 0.0.0.0: 80 # The rule name is followed by the acl. when php ends, matching triggers the php_web rule can be written in either of the following ways. acl php_web url_reg /*. when the urlend of the request ends with .css).jpg?.png=.hangzhou.js=.gif, php matches and triggers the static_web rule. # acl static_web path_end. gif. png. jpg. css. js. jpeg # acl static_web url_reg /*. (css | jpg | png | jpeg | js | gif) $ #-I is case-insensitive. When the requested host starts with www.test.com, The dns_name rule is matched and triggered. acl html_web hdr_beg (host)-I www.haproxytest.com # acl html_web hdr_beg (host) 10.11.4.152 # When the Client IP address is x. x. x. x, match and trigger the src_ip rule. # acl src_ip src x. x. x. x # If the acl Rule php_web is matched, the request is forwarded to the php_server group for processing. If the acl Rule html_web is matched, the request is forwarded to the html_server group for processing. use_backend php_server if php_web use_backend html_server if html_web # if none of the above rules match, transfer the request to the default_backend group for processing. default_backend backend_default # backend configuration, configure the php_server group and the html_server group backend php_server # define the load balancing mode as the roundrobin mode, that is, the weight-based round robin scheduling algorithm, recommended when server performance distribution is relatively uniform. # There are also several Load Balancing Methods: # -- static-rr: rotation scheduling based on weights, but it is a static method. Adjusting the weights of backend units during running will not use new weights; # -- source: matches the backend server group with the hash operation based on the request source IP address; # -- leastconn: Not Suitable for environments with short sessions, such as http-based applications; # -- uri: hash the entire URI; # -- uri_param: Forward parameters in the URI; # -- hdr (<name>): Forward Parameters Based on the http header, if this header is not found, the roundrobin is used. balance roundrobin mode http # allows you to insert serverid to a cookie. After serverid, you can define the cookie SERVERID heartbeats detection method to detect the backend server index.html file. Other methods include option httpchk GET/index.html # backend server definition, maxconn 1024 indicates the maximum number of connections to the server, cookie 1 indicates that serverid is 1, and weight indicates weight (default value: 1, maximum value: indicates that Server Load balancer is not involved ), # check inter 1500 is the heartbeat detection frequency. rise 2 correctly considers the server to be available twice, and fall 3 determines that the server is unavailable when it fails three times. server php1 192.168.4.171: 80 maxconn 1024 cookie 1 weight 3 check inter 1500 rise 2 fall 3 backend html_server balance source mode http server html1 192.168.4.172: 80 maxconn 1024 cookie 1 weight 3 check inter 1500 rise 2 fall 3 backend backend_default balance source mode http server default1 192.168.4.171: 80 maxconn 1024 cookie 1 weight 3 check inter 1500 rise 2 fall 3

2) error file

# The statistics monitoring page in the configuration file defines the error file, copy the file in the installation package to the installation directory using [root @ elk-node2 ~] # Cp-r/usr/local/src/haproxy-1.7.2/examples/errorfiles // usr/local/haproxy/

3) create a log file

[root@elk-node2 ~]# mkdir -p /usr/local/haproxy/log[root@elk-node2 ~]# touch /usr/local/haproxy/log/haproxy.log[root@elk-node2 ~]# ln -s /usr/local/haproxy/log/haproxy.log /var/log/[root@elk-node2 ~]# chown haproxy:haproxy /var/log/haproxy.log

Rsyslog main configuration file

# Modify the "SYSLOGD_OPTIONS" parameter.-c 2 adopts the compatibility mode. The default value is-c 5.-r enables remote logs.-m 0 marks the timestamp, in minutes, 0 indicates disabling this feature [root @ elk-node2 ~] # Vim/etc/sysconfig/rsyslogSYSLOGD_OPTIONS = "-c 2-r-m 0"

Rsyslog File

# Haproxy does not have logs by default, and uses rsyslog to collect logs; # The "& ~" at the end of the file, Without this configuration, logs are synchronously written to the messages file [root @ elk-node2 ~] in addition to writing to the specified file # Cd/etc/rsyslog. d/[root @ elk-node2 rsyslog. d] # touch haproxy. conf [root @ elk-node2 rsyslog. d] # chown haproxy: haproxy. conf [root @ elk-node2 rsyslog. d] # vim haproxy. conf # Provides UDP syslog resume tion $ ModLoad imudp $ UDPServerRun 514 # haproxy. log # local0. */usr/local/haproxy/log/haproxy. log # local1. */usr/local/haproxy/log/haproxy. loglocal2. */usr/local/haproxy/log/haproxy. log &~ [Root @ elk-node2 rsyslog. d] # systemctl restart rsyslog. service # disable selinux, this article does not close selinux causes troubleshooting using a relatively long time [root @ elk-node2 rsyslog. d] # setenforce 0

4) configuration file permissions and soft links

[root@elk-node2 ~]# chown -R haproxy:haproxy /usr/local/haproxy/[root@elk-node2 ~]# mkdir -p /etc/haproxy[root@elk-node2 ~]# ln -s /usr/local/haproxy/etc/haproxy.cfg /etc/haproxy/[root@elk-node2 ~]# chown -R haproxy:haproxy /etc/haproxy

3. Configure startup

[root@elk-node2 ~]# cp /usr/local/src/haproxy-1.7.2/examples/haproxy.init /etc/rc.d/init.d/haproxy[root@elk-node2 ~]# chown haproxy:haproxy /etc/rc.d/init.d/haproxy[root@elk-node2 ~]# chmod +x /etc/rc.d/init.d/haproxy[root@elk-node2 ~]# chkconfig --add haproxy[root@elk-node2 ~]# chkconfig --level 35 haproxy on

4. Configure the global Startup File

# Using Soft link mode [root @ elk-node2 ~] # Ln-s/usr/local/haproxy/sbin/haproxy/usr/sbin/[root @ elk-node2 ~] # Chown haproxy: haproxy/usr/sbin/haproxy

5. configure the firewall

# Open the above port, are defined in the configuration file, the Log port is defined in the rsyslog. d/haproxy. conf file [root @ elk-node2 ~] # Vim/etc/sysconfig/iptables-a input-p tcp-m state -- state NEW-m tcp -- dport 80-j ACCEPT-A INPUT-p tcp-m state -- state NEW- m tcp -- dport 1080-j ACCEPT-A INPUT-p tcp-m state -- state NEW-m tcp -- dport 1081-j ACCEPT-A INPUT-p udp-m state -- state NEW-m tcp -- dport 514-j ACCEPT [root @ elk-node2 ~] # Service iptables restart

6. Start and verify

[root@elk-node2 ~]# service haproxy start

1) port verification

[root@elk-node2 ~]# netstat –tunlp

2) monitoring page

The display information and account/password on the monitoring page are defined in the configuration file.

3) access the page

The php_server group defined in the trigger configuration file is as follows:

Trigger the html_server group defined in the configuration file (modify the hosts file locally) as follows:

The backend_default group defined in the trigger configuration file is as follows: