Haproxy Installation Configuration Detailed

Source: Internet
Author: User
Tags auth session id haproxy

Brief Introduction

Haproxy provides high availability, load balancing, and proxies based on TCP and HTTP applications to support virtual hosts, a free, fast, and reliable solution.

Haproxy is especially useful for Web sites that are heavily loaded, which typically require session maintenance or seven-tier processing.

Haproxy is running on the current hardware and can support tens of thousands of concurrent connections altogether. and its operating mode makes it easy and secure to integrate into your current architecture while protecting your Web server from being exposed to the network.

Haproxy implements an event-driven, single process model that supports a very large number of concurrent connections. Multi-process or multithreaded models are rarely able to handle thousands of concurrent connections because of memory limitations, System scheduler restrictions, and ubiquitous lock restrictions. Event-driven models because of the user space (User-space) that has better resources and time management to implement all this

Some tasks, so there is no such problem. The disadvantage of this model is that these programs are often poorly extensible on multicore systems.   That's why they have to be optimized to make each CPU time slice (Cycle) do more work. installation

#下载
wget http://fossies.org/linux/misc/haproxy-1.6.9.tar.gz
#解压
tar-zxvf haproxy-1.6.9.tar.gz
CD haproxy-1.6.9
#安装 make
target=linux2628 arch=x86_64 prefix=/usr/local/haproxy make
install prefix=/usr/ Local/haproxy

#参数说明
target=linux26 #内核版本, use uname-r to view the kernel, such as: 2.6.18-371.el5, this argument is Linux26;kernel More than 2.6.28: target=linux2628
arch=x86_64 #系统位数
prefix=/usr/local/haprpxy #/usr/local/haprpxy for HAPRPXY installation path

Configure (Create Yourself)

"/usr/local/haproxy/haproxy.cfg"

########## #全局配置 ######### Global log 127.0.0.1 local0 #[log output configuration, all logs are recorded on the native, via local0 output] log 127.0.0.1 local1 #定义ha The Proxy log level [error warringinfo debug] Daemon #以后台形式运行harpoxy nbproc 1 #设置进程数量 maxconn 4096 #默认最大连接数, consider the ulimit-n limit #u Ser haproxy #运行haproxy的用户 #group haproxy #运行haproxy的用户所在的组 #pidfile/var/run/haproxy.pid #haproxy process pid file #ulimit-N The number of 819200 #ulimit #chroot/usr/share/haproxy #chroot运行路径 #debug #haproxy debug level, and it is recommended that you debug #quiet ####### only when you open a single process #默认配置  ############ Defaults Log Global mode HTTP #默认的模式mode {tcp|http|health},tcp is 4 layers, HTTP is 7 levels, health will only return OK option Httplog #日志类别, using the Httplog option Dontlognull #不记录健康检查日志信息 retries 2 #两次连接失败就认为是服务器不可用, you can also set #option forwardfor later #如果后端服务器需要 To obtain the client real IP needs configuration parameters, you can obtain the client IP option httpclose from the HTTP header #每次请求完毕后主动关闭http通道, Haproxy does not support keep-alive, can only simulate the implementation of this mode
  Option Redispatch #当serverId对应的服务器挂掉后, force directed to other healthy servers, will not support option Abortonclose #当服务器负载很高的时候, automatically end the current queue processing longer links Maxconn 4096 #默认的最大连接数 Timeout connect 5000MS #连接超时 Timeout Client 30000ms #客户端超时 Timeout server 30000ms #服务器超时 #timeout check #心跳检测超时 #timeout htt p-keep-alive10s #默认持久连接超时时间 #timeout http-request 10s #默认http请求超时时间 #timeout queue 1m #默认队列超时时间 balance Roundrobin # Set the default load Balancing mode, polling mode #balance source #设置默认负载均衡方式, similar to Nginx ip_hash #balnace leastconn #设置默认负载均衡方式, minimum number of connections ####### #统计页面配置 ##### ### Listen stats bind 0.0.0.0:1080 #设置Frontend和Backend的组合体, name of the monitor group, customize the name as needed mode HTTP #http的7层模式 option Httplog #采用ht TP log Format #log 127.0.0.1 local0 err #错误日志记录 maxconn #默认的最大连接数 stats refresh 30s #统计页面自动刷新时间 stats uri/stats #统计页面 URL Stats Realm xingcloud\ haproxy #统计页面密码框上提示文本 stats auth admin:admin #设置监控页面的用户和密码: admin, you can set up multiple user names stats auth Fra Nk:frank #设置监控页面的用户和密码: Frank stats hide-version #隐藏统计页面上HAProxy的版本信息 stats admin if TRUE #设置手工启动/disabled, back-end server (haproxy-1.4. 9 later version) ####### #设置haproxy error page ##### #errorfile 403/home/haproxy/haproxy/errorfiles/403.http #errorfile 500/home/ Haproxy/haproxy/errorfiles/500.hTTP #errorfile 502/home/haproxy/haproxy/errorfiles/502.http #errorfile 503/home/haproxy/haproxy/errorfiles/503. HTTP #errorfile 504/home/haproxy/haproxy/errorfiles/504.http ####### #frontend前端配置 ############## frontend main bind *:
  #这里建议使用bind *:80 Way, otherwise do cluster high availability when there is a problem, VIP switch to other machines can not access.
  ACL Web HDR (host)-I www.abc.com #acl后面是规则名称,-I to ignore the case, followed by the domain name to be accessed, if access to www.abc.com this domain name, triggering the Web rules.
  ACL img (host)-I img.abc.com #如果访问img. abc.com This domain name triggers the IMG rule.
  Use_backend webserver If Web #如果上面定义的web规则被触发, that is, accessing www.abc.com, distributes the request to webserver this scope.
  The Use_backend imgserver if IMG #如果上面定义的img规则被触发, that is, accessing img.abc.com, distributes the request to imgserver this scope. Default_backend dynamic #不满足则响应backend的默认页面 ####### #backend后端配置 ############## backend webserver #webserver作用域 mode htt P Balance roundrobin #balance roundrobin load Polling, balance source Save session value, support static-rr,leastconn,first,uri parameter option HTTP chk/index.html http/1.0 #健康检查, detection file, if distributed to the background index.html no longer be distributed to it server Web1 10.16.0.9:8085 Cookie 1 weight 5 check inter Rise 2 Fall 3 server web2 10.16.0.10:8085 Cookie 2 weight 3 check Inter Rise 2 Fall 3 #cookie 1 represents serveri  D is 1,check Inter 1500 is detecting heartbeat frequency #rise 2 is 2 times correctly think the server is available, Fall 3 is 3 times failure is considered server unavailable, weight represents weight backend Imgserver mode HTTP option httpchk/index.php Balance roundrobin Server img01 192.168.137.101:80 check Inter \ Fall 3 server img02 192.168 137.102:80 check Inter Fall 3 backend dynamic Balance Roundrobin server test1 192.168.1.23:80 Check Maxconn 2 Server test2 192.168.1.24:80 Check maxconn listen tcptest bind 0.0.0.0:5222 mode TCP option Tcplog #采用tcp日志格式 Balance Source #log 127.0.0.1 local0 Debug Server S1 192.168.100.204:7222 weight 1 server s2 192.16 8.100.208:7222 weight 1

load Balancing algorithm First, Roundrobin, represents a simple polling, each server according to the weight of rotation, in the server processing time evenly distributed in the case of this is the most fluent and fair algorithm. The algorithm is dynamic, and the server weights for instance startup slow are adjusted in operation.


Second, STATIC-RR, expressed according to the weight, recommend concern; Each server is rotated according to weight, similar to Roundrobin, but it is static, meaning Run-time modification permissions are invalid. In addition, it has no restrictions on the number of servers.


Third, Leastconn, the least connected to the first treatment, recommend attention; Leastconn is recommended for long session services, such as LDAP, SQL, TSE, and not for short session protocols. such as HTTP. The algorithm is dynamic, and the server weights for instance startup slow are adjusted in operation.


Four, source, said that according to the request of the sources of IP, recommended attention; Hash the request source IP address, dividing the total weight of the available servers by the hash value and assigning according to the results.
The same client IP address always accesses the same server as long as the server is normal. If the result of the hash changes with the number of available servers, the client is directed to a different server;
This algorithm is commonly used for TCP modes that cannot be inserted into cookies. It can also be used to provide the most effective adhesion to clients that refuse to use session cookies on the WAN;
The algorithm is static by default, so the weights of the runtime to modify the server are invalid, but the algorithm will be adjusted according to the "Hash-type" changes.
The URI, which is based on the requested URI, is hashed according to the requested URI left (before the question mark), divided by the total weight of the available servers by the hash value, according to the result.
As long as the server is normal, the same URI address always accesses the same server.
Typically used for proxy caching and anti-virus agents to maximize the cache hit ratio. The algorithm can only be used for HTTP backend;
This algorithm is generally used for caching servers on the back end.
The algorithm is static by default, so the weights of the runtime to modify the server are invalid, but the algorithm will be adjusted according to the "Hash-type" changes.
VI. Url_param, representing the URL parameter ' balance Url_param ' requires an URL based on the request parameter name
Find the URL parameter specified in <param> in the query string of the HTTP GET request, which can basically lock the requirement of using a specially crafted URL to a particular load Balancer node;
This algorithm is generally used to send the same user's information to the same backend server;
The algorithm is static by default, so the weights of the runtime to modify the server are invalid, but the algorithm will be adjusted according to the "Hash-type" changes.
Seven, HDR (name), which indicates that each HTTP request is locked according to the HTTP request header;
Looking up HTTP headers in each HTTP request <name>,http header <name> will be considered at each HTTP request and directed at a specific node;
If the head is missing or the head has no value, replace with Roundrobin;
The algorithm is static by default, so the weights of the runtime to modify the server are invalid, but the algorithm will be adjusted according to the "Hash-type" changes.
Rdp-cookie (name) indicates that each TCP request is locked and hashed according to a cookie (name).
Query and hash RDP cookie<name>; for each incoming TCP request
This mechanism is used for degraded persistence mode, which enables the same user or the same session ID to always be sent to the same server.
If there is no cookie, the roundrobin algorithm is used instead;
The algorithm is static by default, so the weights of the runtime to modify the server are invalid, but the algorithm will be adjusted according to the "Hash-type" changes.


#其实这些算法各有各的用法, we usually use more roundrobin, source and Lestconn.


Haproxy Load Balancing algorithm

ACL rule definition####### #ACL策略定义 #########################
1, #如果请求的域名满足正则表达式返回true-I is ignoring case
ACL Denali_policy Hdr_reg (host)-I ^ (www.inbank.com|image.inbank.com) $


2, #如果请求域名满足www. inbank.com return true-i is ignore case
ACL Tm_policy Hdr_dom (host)-I www.inbank.com


3, #在请求url中包含sip_apiname =, this control policy returns true, otherwise false
ACL invalid_req url_sub-i sip_apiname= #定义一个名为invalid_req的策略


4, #在请求url中存在timetask作为部分地址路径, this control policy returns TRUE, otherwise returns false
ACL timetask_req url_dir-i Timetask


5, #当请求的header中Content-length equals 0 o'clock returns True
ACL missing_cl hdr_cnt (content-length) EQ 0


######## #acl策略匹配相应 ###################
1, #当请求中header中Content-length equals 0 block request return 403
Block If MISSING_CL


2, #block表示阻止请求, returns 403 error, currently indicates that if policy invalid_req is not met or policy timetask_req is met, the request is blocked.
Block If!invalid_req | | Timetask_req


3, #当满足denali_policy的策略时使用denali_server的backend
Use_backend Denali_server If Denali_policy


4, #当满足tm_policy的策略时使用tm_server的backend
Use_backend Tm_server If Tm_policy


5, #reqisetbe关键字定义, according to the definition of keyword selection backend
REQISETBE ^host:\ img Dynamic
REQISETBE ^[^\]*\/(IMG|CSS)/dynamic
REQISETBE ^[^\]*\/admin/stats Stats


6, #以上都不满足的时候使用默认mms_server的backend
Default_backend MMS


Haproxy ACL definition

Start

View Status

Http://192.168.1.22:1080/stats

#说明:
#1080即haproxy配置文件中监听端口
s#tats is the listener name in the Haproxy configuration file

Reproduced from: http://www.cnblogs.com/MacoLee/p/5853413.html

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.