Haproxy Installation and Configuration

A brief introduction to Haproxy

Haproxy Introduction Haproxy provides high availability, load balancing, and proxies based on TCP and HTTP applications, supporting virtual hosts, which is a free, fast and reliable solution. Haproxy is especially useful for Web sites that are heavily loaded, and often require session-hold or seven-tier processing. Haproxy runs on today's hardware and can support tens of thousands of concurrent connections. and its operating mode makes it easy and safe to integrate into your current architecture, while protecting your Web server from being exposed to the web. Haproxy implements an event-driven, single-process model that supports very large numbers of concurrent connections. A multi-process or multithreaded model is rarely capable of handling thousands of concurrent connections because of memory limitations, System scheduler restrictions, and ubiquitous lock limits. The event-driven model does not have these problems because it implements all of these tasks on the client side (User-space) with better resource and time management. The disadvantage of this model is that, on multicore systems, these programs often have poor extensibility. That's why they have to be optimized so that each CPU time slice (Cycle) does more work. ———— Baidu Encyclopedia Big O: Evaluation of data Structure complexity O (1): O (logn): Red black tree O (n) o (n^2) O (2^n) haproxy: Elastic binary Tree data structure: Remote Desktop Protoc Ol Windows:3389haproxy is a free, fast, and reliable solution for providing high availability, load balancing, and proxy services for TCP and HTTP-based applications, especially for high-load Web sites that require a durable connection or a 7-tier processing mechanism.  Haproxy currently has two versions: 1.4--offers good elasticity: It is derived from version 1.2 and offers additional new features, most of which are long awaited. Client Side long Connection (client-side keep-alive) TCP Acceleration (TCP speedups) response Pool (response buffering) RDP protocol based on source stickiness (source-based stickiness) better Statistical data interface (a much better stats interfaces) more detailed health state detection mechanisms (more verbose health checks) traffic-based wellness assessment mechanism (traffic-based healthcare) supports HT TP Authentication Server Management Command line interface (server Management from the CLI) based on ACLThe acl-based persistence Log Parser 1.3--content Exchange and Super Load: derived from version 1.2 and provides additional new features. Content switching: Select server pools based on any request criteria, ACL: Write content Exchange rules, load Balancing algorithm (load-balancing algorithms): More algorithm support, content detection Inspection): Block non-authorization protocol, transparent proxy (transparent proxy): Allow client IP to connect directly to server on Linux system, kernel TCP stitching (kernel TCP splicing) : No copy method forwards data between the client and the server to achieve a number of G-level data rates; layered design (layered): socket, TCP, HTTP processing to provide better robustness, faster processing mechanism and convenient evolution capability; fast, Fair Scheduler ( Fast and Fair Scheduler): Assign priority to certain tasks to achieve good QoS, session rate limit (limiting): For managed environments, supported platforms and Os:x86, x86_64, Alpha, SPARC,  The Linux 2.4 on the MIPS and PARISC platforms, ixp425 on x86, x86_64, ARM (PPC64) and Linux2.6 platforms, UltraSPARC 8/9 on Sloaris 2 and 3; Solaris on the Opteron and UltraSPARC platforms, FreeBSD 4.1-8 on the x86 platform, i386 AMD64 on MACPPC, SPARC64, VAX, Alpha, OpenBSD and 3.1-current platforms; To get the highest performance, you need to run Haproxy 1.2.5 on Linux 2.6 or Linux 2.4 that hit the Epoll patch. Haproxy 1.1L uses the default polling system as select (), which has a sharp decrease in the number of files processed by up to thousands of. Versions 1.2 and 1.3 default to Poll (), which can also have performance problems on some operating systems, but it performs fairly well on Solaris. HAProxy 1.3 uses Epoll on Linux 2.6 and Linux 2.4 with Epoll patches, using Kqueue on FreeBSD, both of which can be used on any loadFor constant performance. On newer versions of Linux 2.6 (>=2.6.27.19), Haproxy is also able to use splice () system calls to forward any data between interfaces without replication, which can even achieve 10Gbps performance.  Based on the above fact, in order to obtain the best performance load balancer on x86 or x86_64 platforms, we recommend that the following scenarios be considered sequentially. Linux 2.6.32 and later versions run Haproxy 1.4, run Haproxy 1.4 on Linux 2.4 with Epoll patches, run Haproxy 1.4 on FreeBSD, run Haproxy 1.4 on Solaris 10, Performance H  Aproxy uses several common technologies on the OS to maximize performance.  The single-process, event-driven model significantly reduces the overhead of context switching and memory consumption.  The O (1) Event Checker allows it to enable instant detection of any connected event in a high concurrent connection. In any available case, the single-buffering mechanism can perform read and write operations without copying any data, which saves a lot of CPU clock cycles and memory bandwidth, with the help of splice () on the Linux 2.6 (>= 2.6.27.19) System calls, Haproxy can achieve zero replication forwarding (zero-copy forwarding), in Linux 3.5 and above the OS can also achieve zero replication start (zero-starting), memory allocator in a fixed-size memory pool can achieve immediate memory allocation,  This can significantly reduce the time it takes to create a session; Tree storage: Focus on using the elastic binary tree developed by the author many years ago, it realizes the low overhead of O (log (N)) to maintain the timer command, keep running queue command and manage polling and the least connection queue; Optimized HTTP Header analysis: Optimized header analysis avoids rereading any memory areas during HTTP header parsing, carefully reducing expensive system calls, and most of the work is done in user space, such as time reading, buffer aggregation, and file descriptor activation and disabling. All of these nuances are optimized to achieve a fairly low CPU load on a medium-sized load, even in very high load scenarios, where 5% of user space occupancy and 95% of system space occupancy are common. This means that the Haproxy process consumes 20 times times less than the system space consumption. Therefore, it is very important to tune the OS for performance tuning. Even if user space is increased by a factor of up to 10%, the CPU usage is also explained why 7-tier processing has a limited performance impact. As a result, ha on high-end systemsProxy's 7-layer performance can easily exceed hardware load balancing devices. In a production environment, it is also time-critical to use haproxy as an expensive high-end hardware load-balancing device failure failure in a 7-tier process. Hardware load balancing devices process requests at the "message" level, which is difficult to support cross-message requests (request across multiple packets), and they do not buffer any data and therefore have a longer response time. Correspondingly, the software load balancer device uses TCP buffering to establish extremely long requests and has a large response time. The performance of a load balancer can be evaluated from three factors: Session Rate session concurrency capability data rate

Two. Haproxy installation configuration

Haproxy configuration is divided into two major parts, 4 virtual nodes
[Global]: Parameters related to process management and security-related and performance-tuning for the world configuration segment, process level.
[Proxy]
-Defaults: Configure default parameters, which can be used in the Frontend,backend,listen segment
-Frontend: The front-end virtual node that accepts the request, defines some parameters related to the client request, and can call the backend node cluster using Use_backend
-Backend: Configuration of the backend service cluster, defining some parameters related to the host that actually provides the service to the backend
-Listen:frontend and backend, cannot call backend node cluster using Use_backend

1. Download and compile the installation
Shell>wget-c Http://www.haproxy.org/download/1.6/src/haproxy-1.6.9.tar.gz-P/usr/local/src/
Shell>cd/usr/local/src
Shell>tar XFV haproxy-1.6.9.tar.gz
　　
Shell>mkdir/usr/local/haproxy
SHELL>CD haproxy-1.6.9
Shell>vim README
#执行make的时候参数介绍: Target,arch,prefix
TARGET: Kernel version control

-Linux22 for Linux 2.2
-linux24 for Linux 2.4 and above (default)
-linux24e for Linux 2.4 with support for a working epoll (> 0.21)
-Linux26 for Linux 2.6 and above
-linux2628 for Linux 2.6.28, 3.x, and above (enables splice and tproxy)
　　　　

ARCH:CPU Architecture

I386,i486,i586,i686,x86_64

 shell>make target=linux26 arch=x86_x64 Prefix=/usr/local/haproxy # needs to be modified to its own operating system environment 
 Shell>make instal L Prefix=/usr/local/haproxy 
 
 2. Provide a configuration file 
 Default source installation Haproxy does not provide a configuration file, but in its extracted directory examples will provide the relevant Haproxy instance configuration, However, some versions of the source Haproxy instance configuration is not very comprehensive, the most stupid 
 method is to use Yum to install the RPM package format haproxy, and then copy its configuration file as a reference, and then uninstall it.　　Here is a simple framework of the Haproxy configuration template instance, detailed configuration please refer to the official website 
 http://cbonte.github.io/haproxy-dconv/1.6/configuration.html 
 
　　Shell>cp-ra/usr/local/src/haproxy-1.6.9/examples/usr/local/haproxy # # Copy the examples directory under the extracted directory to the installation directory, you may use the 
 shell>mkdir/usr/local/haproxy/conf 
 
 Haproxy configuration file and simple parameter description: 
 

########################[Global configuration]######################### #global # Log output configuration, all logs are recorded on this machine, output via LOCAL3 log 127.0.0.1 Loca L3 # Sets the maximum number of concurrent connections accepted per Haproxy process, which requires reference to Ulimit-n maxconn 4096 # ulimit file descriptor #ulimit-n 819200 #chroot/US  R/share/haproxy # run Haproxy user Haproxy # Run Haproxy user groups group Haproxy # after station form run Haproxy Daemon # Set the number of processes Nbproc 1 # Set the PID file path of the haproxy process Pidfile/usr/local/haproxy/var/haproxy.pid # Haproxy debug level, we recommend only to open a single process     Debug #debug #quiet ####################[default configuration]############################### #defaults # Log using Global configuration log Global        # Haproxy Working mode {TCP|HTTP|HEALTH},TCP4 layer, HTTP7 layer, health only returns OK mode HTTP # log category, using Httplog option Httplog        # do not log the request packet volume data is empty request to the log, such as health check, reduce write disk IO option Dontlognull # three times the connection failed to think the server is unreachable, can also be set by the following retries 3 # Allow the "x-forwarded-for" header to be inserted in the request header destined for the server, the client IP option forwardfor except 127.0.0.0/8 # for the backend host to record the real request, and actively shut down the HTTP pass after each request is completed Tao, Haproxy does not support keep-alive, onlyOption Httpclose # can be implemented by simulation when the server ID corresponds to the servers that are hung up, force the redirect to other healthy back-end servers that will not support option Redispatch # when the server is under high load        To automatically end the current queue processing longer than the connection option Abortonclose # Default maximum number of connections Maxconn 4096 # Connection timed out timeout connect 5000ms        # Client Request Timeout Timeout Client 30000ms # service-side response time-out timeout server 30000ms # heartbeat time Timeout Timeout Check 2000 # Persistent Connection Timeout time Timeout http-keep-alive 10s # HTTP request time-out timeout Http-request 10s # default queue timeout time timeout    Queue 1m # Set default load Balancing algorithm {Roundrobin|source|leastconn ...} Balance roundrobin###########################[Statistics page]########################### #listen admin_stats # SET STATISTICS page listener sockets,  Listen virtual node for frontend and backend proprietary channel bind 0.0.0.0:10800 # SET STATISTICS page working modes mode HTTP # Enable Status page feature stats enable #        Use the HTTP log format option Httplog # to open the error log and log #log 127.0.0.1 Local Err # Sets the maximum number of connections for the Access statistics page Maxconn 10 # Set the automatic refresh time of the statistics page stats Refresh 30s # Visit the URL of the statistics page stats Uri/staTS # Login Statistics page prompt information stats realm dongping\ Haproxy # SET STATISTICS page user authentication, can set multiple user names stats auth admin:admin # hidden Haproxy version information on the statistics page stats hide-version # Settings Haproxy Admin page can perform some privileged actions, such as offline backend host stats admin if true######### #################[Set haproxy error page]######################### #errorfile 403/usr/local/haproxy/errorfiles/403. Httperrorfile 500/usr/local/haproxy/errorfiles/500.httperrorfile 502/usr/local/haproxy/errorfiles/502. Httperrorfile 503/usr/local/haproxy/errorfiles/503.httperrorfile 504/usr/local/haproxy/errorfiles/504.http ###### ###################[frontend front-end configuration]############################# #frontend Http-proxy # defines sockets used by bind *:80 # Crawl please The message header field is Host,referer value to haproxy log capture request header Host Len Capture request header Referer Len Captur E request header User-agent Len Capture request header x-forward-for Len 60 # defines an ACL rule that matches the/{static|images|ja Static resource ACL url_static path at the beginning of Vascript|stylesheets}_beg-i/static/images/javascript/stylesheets # defines an ACL rule that matches the \. The static resource ACL at the end of {jpg|jpeg|gif|png|css|js} url_static path_end-i. jpg. jpeg. gif. png. css. JS # If you are url_static this ACL rule Static_servers distributed by the backend cluster use_backend static_servers If Url_static # defines the back-end host to which the request does not match all rules when forwarded to the Default_backend dy Namic_servers##########################[backend back-end configuration]############################################    Define a set of dynamic resource hosts backend dynamic_servers # definition Haproxy mode HTTP # define load Balancing algorithm balance Roundrobin # Health Check Option httpchk/check.jsp http/1.0 # using cookie stickiness-based load balancing algorithm cookie ServerID insert indirect NoCache # After defining the connection Some policies of the end host # server name Ip:port/represents a backend host, name must give # cookie name/Set Insert cookie Information # Check Inter 2000/Use check The keyword indicates the detection of the backend host, Inter 2000 means that the detection interval is 2s # weight/Represents the weight # rise/Indicates the correct detection of two times, the server is considered to be available (service from failure to normal) # Fall/Indicates three failures detected, the server is considered unavailable (Server from normal to failed) # Backup/represent alternate host server webapp_01 192.168.3.84:8080 cookie SRV1 weight 2 Check INter Rise 2 Fall 3 server webapp_02 192.168.3.84:8081 cookie srv2 weight 2 check Inter rise 2 Fall 3 # define One Sorryserver, when all back-end hosts are unreachable, request dispatch to this host server Webapp_3 192.168.3.83:8080 backup check Inter 2 Rise 3 # define a set of static resources Host backend static_servers mode HTTP option httpchk/check.html balance roundrobin server static_01 192.168.3.84 : Check Inter Fall 3 server static_02 192.168.3.84:81 Check Inter fall 3#######################[tcp configuration]##### ################################### #listen mysql bind 0.0.0.0:3306 balance leastconn mode TCP log Global O Ption tcplog maxconn 4096 #log 127.0.0.1 local0 Debug Server dbsrv_01 192.168.3.84:3306 weight 1 Check Port 3306 Inter rise 1 Fall 2 maxconn server dbsrv_02 192.168.3.84:3307 weight 1 Check port 3307 inter $ rise 1 fall     2 Maxconn 300

Description: Copy the above content and save it to conf according to the specific environment and name it haproxy.cfg

3. Provide the error page, if you do not put the error page in the configuration file defined directory, start Haproxy will be an error

Shell>cd/usr/local/haproxy

Shell>cp-ra Examples/errorfiles.

4. Provide users and groups running the Haproxy process

Shell>userdd-r-s/sbin/nologin Haproxy

　　

Three. Provide haproxy log, the default haproxy does not provide its own log files, through the configuration can be haproxy log through Rsyslog output to the specified file

1. You need to add the log output in the Haproxy configuration file, just add the following command to Vim Conf/haproxy.cfg

　　

2. Modify the Rsyslog-related configuration so that it can accept haproxy-generated logs

# View the Rsyslog master configuration

Figure A

　　

Figure II

　　

Might

　　

From figure one you can see that by two variables you can turn on UDP log acceptance

From figure II you can see that name.none means not logging from name to the specified file

From figure three you can see that the master profile allows you to create a profile in RSYSLOG.D

So you can create Haproxy's own configuration in/etc/rsyslog.d/to facilitate later modification and management.

Shell>vim/etc/rsyslog.d/haproxy.conf

1). Copy the three lines in Figure one (/etc/rsyslog.conf) to/etc/rsyslog.d/haproxy.conf and modify the following

　　

Note: The file path of the log output is important, make sure that the user running the Haproxy process has write access to the file, otherwise the log will not take effect

2). Modify the value of the Syslogd_options parameter

Shell>vim/etc/sysconfig/rsyslog

#SYSLOGD_OPTIONS = "-C 5" # Original Configuration Logoff

#-C 2 uses compatibility mode, default is-C 5

#-R Open Remote log
#-M 0 marks the timestamp. The unit is the minute, which is 0 o'clock, which means disabling the feature
Syslogd_options= "-C 2-r-M 0" # Modified Configuration

3). Modify the Rsyslog Master profile so that it does not log haproxy logs to/var/log/messages, and if you do not modify the Haproxy logs that will record two copies

Shell>vim/etc/rsyslog.conf

　　

Simply append the log source defined in the Haproxy configuration file to the arrow at the Arrowhead Local3.none (specific to local needs according to the Haproxy configuration)

4). Restart the log service to reread the configuration file

Shell>/etc/init.d/rsyslog restart

Four. Start Haproxy

Shell>/usr/local/haproxy/sbin/haproxy-f/usr/local/haproxy/conf/haproxy

Note: If the backend host is not configured, Haproxy will be alerted when booting, but does not affect haproxy use

Description Restart Haproxy command

Shell>/usr/local/haproxy/sbin/haproxy-f/usr/local/haproxy/conf/haproxy-st ' pidof haproxy '

Five. Testing

Shell>curl-i localhost:10800

Shell>netstat-lntup | Grep-i "Haproxy"

　　

Six. Log

Shell>tailf/var/log/haproxy.log

1. Haproxy output log after fetching with capture request header command

Note: The string in {} is the result of capture, using | separate, the header of the request message header without this crawl is left blank

2. No Haproxy output log using capture Request Head command

Comment out capture

Shell>/usr/local/haproxy/sbin/haproxy-f/usr/local/haproxy/conf/haproxy.cfg-c #语法检测

Shell>/usr/local/haproxy/sbin/haproxy-f/usr/local/haproxy/conf/haproxy.cfg-st ' pidof haproxy '

Shell>curl-i localhost:80

　　　

Seven. Monitoring Statistics Management page, Haproxy statistics page can achieve powerful management functions, the most common is the soft offline backend host

Visit http://192.168.3.83:10080/stats

At this point, haproxy simple installation deployment is introduced here first. Follow the specific use please refer to the following blog, small hungry small sleepy drink fragrant floating milk tea ~ ~

Haproxy Installation and Configuration