HAProxy load balancing,

HAProxy load balancing,

1. HAProxy introduction:

HAProxy is a free, efficient, and reliable high-availability and load balancing solution. This software is ideal for processing layer-7 data requests from high-load sites, HAProxy's working mode enables it to be easily and securely integrated into our existing site architecture. Using Similar proxy software, it can also shield internal Real WEB servers, prevents internal servers from external attacks. In the HAProxy architecture, end users access the HAProxy proxy server to obtain site pages, after receiving the client request, the proxy server forwards the data request to the real backend server according to its own rules; to allow the same client to maintain a session when accessing the server (the same client can be forwarded to the same backend real server for the second visit), HAProxy has three solutions: Client IP address, cookie and Session. In the first method, HAProxy performs Hash computing and saves the Client IP address to ensure that when the same IP address accesses the proxy server, it can be forwarded to a fixed Real Server; in the second method, HAProxy performs Session persistence based on the Cookie information sent from the Real Server to the client. In the third method, HAProxy stores the Session and server ID of the Real Server, enable session persistence;

The HAProxy package can be downloaded from its official website. The software is installed in the source code below. When you use the make command to generate a makefile file, TARGET = linux2628 indicates that the kernel version used by the Linux operating system is 2.6.28 or later;

# Yum install gcc

# Tar-xvf haproxy-1.4.24.tar.gz

# Cd/usr/local/src/haproxy-1.4.24

# Make TARGET = linux2628

# Make install

2. parsing the configuration file:

There is no default configuration file after HAProxy is installed. You need to manually create it. In this example,/etc/haproxy is created. cfg configuration file. when starting the HAProxy service, you must use the-f option to specify the path of the configuration file. The HAProxy configuration file must contain the global setting and proxy segments. global indicates the global segments, defaults, listen, frontend, and backend are proxy segments. frontend is used to match the domain name or URI of the client request. backend defines the backend server cluster. listen is the set of frontend and backend, sometimes only listen can be used to replace frontend and backend. The following shows an HTTP Proxy case for listening to port 80. The proxy server forwards data requests to a single backend server 127.0.0.1: 8000;

The syntax format and description of the HAProxy main configuration file:

Global:

Chroot <jail dir>: Switch the working directory to <jail dir> and execute chroot. This configuration enhances the security of HAProxy, but you need to use a super account to start the HAProxy program;

Daemon: Configure HAProxy to work in subsequent process mode;

Uid <number>: configure the account ID of the process. We recommend that you set it to a dedicated HAProxy account;

Gid <number>: configure the group ID of the process. We recommend that you set it to a dedicated HAProxy group;

Log <address> <facility>: configure the global syslog server. You can set two log servers;

Nbproc <number>: specifies the number of background processes;

Pidfile <pidfile>: writes the process ID to the <pidfile> file;

Ulimit-n <number>: sets the maximum number of file descriptors for each process;

Maxconn <number>: sets the maximum number of concurrent threads supported by each process;

Tune. bufsize <number>: Set the buffer size. The default value is 16384. The unit is byte (B );

Proxy Settings:

Mode: HAProxy working mode. Options include tcp, http, and health;

Timeout check <timeout>: sets the check timeout;

Contimeout <timeout>: sets the connection timeout;

Balance roundrobin: Default Load Balancing mode, round robin;

Bind <address >:< port>: defines one or more listening addresses or ports;

Stats auth admin: Set the user name and password on the monitoring page;

Stats refresh <number>: interval for refreshing the statistics page;

Option httplog: Use http logs;

Cookie <name>: enables cookie-based persistence;

Option forwardfor: allows the insertion of X-Forwarded-For data headers to backend real servers. This allows backend servers to obtain the real IP addresses of clients;

Option abortonclose: when the server load is high, the server automatically closes connection requests that have been processed for a long time in the queue;

Option allbackups: if all the backend servers are down and all the backup servers are activated, only the first backup server is started by default;

Option dontlognull: NULL connection logs are not recorded. It is mainly used to not record health check logs;

Option redispatch: In HTTP mode, if the server that uses cookies goes down, the client can still connect to it. This option forcibly forwards requests to other healthy hosts when the backend server goes down;

Monitor-uri <uri>: Check whether the <uri> file exists. Check the host health status in sequence;

Monitor-fail if site_dead: when the server goes down, error code 503 is returned. You need to define the ACL;

Option httpchk <uri>: Use HTTP to check the server health status;

Retries <value>: Number of retries after the server connection fails;

Timeout client <n>: set the maximum client timeout to n, the default unit is milliseconds (MS );

Timeout server <n>: set the maximum timeout time on the server to n, the default unit is milliseconds (MS );

Timeout connect <n>: sets the maximum connection timeout to n, the default unit is milliseconds (MS );

Default_backend: If the use_backend rule is not found in the configuration file, set the default backend server group, which is defined by backend;

Use_backend: when conditions are met, specify the backend server group and set the ACL;

Acl <name> <criterion>: defines the access control list. This ACL is called by name in the configuration file. Common restrictions include dst (Destination Address), dst_port (destination port ), src (source address), hdr (connection header information), path_reg (access path matching regular), url (Unified Resource Locator );

An example of ACL access control list is as follows:

3. HAProxy application case:

This example uses the production environment as the prototype, simplifies the network topology, and uses HAProxy to implement the High-Performance proxy server architecture, this example uses listen to define a monitoring port; use frontend to define a front-end port 80; Use backend to define the server groups named inside_servers and external_servers respectively; Use default_backend to define the default server group as external_servers, if the Intranet (192.168.0.0/24) accesses the WEB service, the inside_servers server group provides the WEB page;

The external_servers server group contains two servers: web1.example.com and web2.example.com. The inside_servers server group contains web2.example.com;

= "Web1

Client -------> Internet ---------> HAProxy ---------> router ----- =

= "Web2

1> experiment environment;

Haproxy.example.com: eth0: 172.31.16.163

Eth1: 192.168.10.10

Web1.example.com: eth0: 192.168.10.20

Web2.example.com: eth0: 192.168.10.30

Client.example.com: eth0: 172.31.16.229

2> Specific Configuration:

The two WEB servers use the same configuration. The following uses WEB1 as an example. To demonstrate that HAProxy can access backend servers in a round-robin manner, we set the pages of the two servers to different content to show the differences:

# Service network restart

# Yum-y install httpd

# Echo "192.168.10.20">/var/www/html/index.html

# Service iptables stop

# Service network restart

# Yum-y install httpd

# Echo "192.168.10.30">/var/www/html/index.html

# Service iptables stop

The HAProxy proxy server is set as follows:

# Service network restart

# Service iptables stop

For kernel optimization, insert the following two lines into the file:

# Yum install gcc

# Tar-xvf haproxy-1.4.24.tar.gz

# Cd/usr/local/src/haproxy-1.4.24

# Make TARGET = linux2628

# Make install

# Mkdir/var/haproxy # directory required by chroot

Create a configuration file:

Global
Maxconn4096
Log 127.0.0.1 local3 info
Chroot/var/haproxy
Uid 99
Gid 99
Daemon
Nbproc 1
Pidfile/var/run/haproxy. pid
Ulimit-n 65535
Stats socket/var/tmp/stats
Ults
Log global
Mode http
Maxconn 20480
Option httplog
Option httpclose
Option dontlognull
Option forwardfor
Option redispatch
Option abortonclose
Stats refresh 30
Retries 3
Balance roundrobin
Cookie SRV
Timeout check 2000 ms
Timeout connect 5000 ms
Timeout server 50000 ms
Timeout client 50000 ms
Listen admin_status # define HAProxy to the monitoring page
Bind 0.0.0.0: 6553
Mode http
Log 127.0.0.1 local3 info
Stats enable
Stats refresh 5S # monitoring statistics page automatic refresh time for 5 s
Stats realm Haproxy \ Statistics # logon monitoring Statistics page prompt
Stats uri/admin? Stats # monitoring page URL path
Stats auth admin1: AdMiN123 # view the account and password on the HAProxy monitoring page
Stats hide-version # hide HAProxy version information

Frontend web_service # define end-user access to the Front-End Server
Bind 0.0.0.0: 80
Mode http
Log global
Option httplog
Option httpclose
Option forwardfor
Acl inside_src src 192.168.10.0/24 # define ACL
# Use_backend calls the ACL definition. If the source address is 192.168.10.0/24, the proxy server will forward the request # To the inside_servers server group
Use_backend inside_servers if inside_src
Default_backendexternal_servers
Backend external_servers
Mode http
Balance roundrobin # Round-Robin of real servers
Inspect the Real Server to the index.html file to determine the server health status
Option httpchk GET/index.html
# Define the real backend server and insert the web1 information into the cookie information. check indicates that health check is allowed on the server # check. The interval between health check and health check is 2000 ms, if the health check succeeds for two consecutive times, the server is deemed to have been effectively enabled. After three consecutive health checks fail, the server is deemed to have been down and the weight of the server is 1.
Server web1 192.168.10.20: 80 cookie web1 check inter 2000 rise 2 fall 3 weight 1 server web2 192.168.10.30: 80 cookie web2 check inter 2000 rise 2 fall 3 weight 1 backend inside_servers
Mode http
Balance roundrobin
Option httpchk GET/index.html
Server web1 192.168.10.30: 80 cookie web2 check inter 1500 rise 3 fall 3 weight 1

3> modify the HAProxy server log configuration file and insert the following content:

# Vim/etc/rsyslog. conf

$ ModLoad imudp

$ UDPServerRun 514

Local3 .*

# Service rsyslog restart # restart the system log service

# Haproxy-f/etc/haproxy. cfg # specify the configuration file to start the HAProxy Service

# Echo "/usr/local/sbin/haproxy-f/etc/haproxy. cf">/etc/rc. local

4. Client Verification:

First, configure the correct network environment for the client host to ensure that the client can be directly connected to the HAProxy proxy server, and use a browser to access http: // 172.31.16.163: 6553/admin? Stats:

Configure the client host IP address to 172.31.16.229 and access http: // 172.31.16.163 through a browser. Refresh the page information returned by web1.example.com and web2.example.com respectively, if the IP address of the client host is configured as the IP address in the network of 192.168.10.0/24, http: // 192.168.10.10 will be accessed, and the page returned by the server will always be the page information of the web2.example.com host;