Nginx-haproxy to achieve 7-layer load Balancing

LB load Balancing clusters are divided into two categories: LVS (four floors) and Nginx or haproxy (seven layers). LVS is ip-based, and Nginx and Haproxy are based on applications.

The client accesses the Web site by accessing the Distributor's IP. The distributor forwards the request to the corresponding machine on the back-end, depending on the type of request. load Balancing cluster with static and dynamic separation using Nginx

Topology map:

The Distributor's IP is 192.168.226.81. Several other types of servers on the back end that handle actual access are two units each. The default processing server for each machine is installed here. Where the Distributor is installed Nginx, the other machine can be Apache can also be nginx. Here's how the actual configuration is to be explained. Distributor Configuration
Modify the Nginx configuration file nginx.conf. Locate the location configuration segment in the server section of the configuration file and add in the location configuration segment:

# matches the request to the HTML and forwards it to the Htmlservers
if ($request _uri ~* \.html$) {
    proxy_pass http://htmlservers;
}
# matches the request to PHP and forwards it to the Phpservers
if ($request _uri ~* \.php$) {
    proxy_pass http://phpservers;
}
# not the above two requests, forward to Picservers
Proxy_pass http://picservers;

Then add at the end of the HTTP segment:

Upstream  htmlservers {
    #定义负载均衡服务器组名称
    server 192.168.226.50:80;
    Server 192.168.226.51:80;
}
Upstream  phpservers{
    server 192.168.226.81:80;
    Server 192.168.226.83:80;
}
Upstream  picservers {
    server 192.168.226.90:80;
    Server 192.168.226.91:80;
}

If you want to increase the weight of polling for each server, add the weight weight value after each forwarding IP. That

Upstream  htmlservers {
    #定义负载均衡服务器组名称
    server 192.168.226.50:80 weight=1;
    Server 192.168.226.51:80 weight=2;
}
Upstream  phpservers{
    server 192.168.226.81:80 weight=1;
    Server 192.168.226.83:80 weight=2;
}
Upstream  picservers {
    server 192.168.226.90:80 weight=1;
    Server 192.168.226.91:80 weight=2;
}

Finally, the Nginx configuration file to parse the part of PHP comments out, otherwise you will visit the PHP file, the Distributor will directly parse the PHP, rather than forward to the back-end of the PHP server.

#        Location ~ \.php$ {
#            root           html;
#            Fastcgi_pass   127.0.0.1:9000;
#            Fastcgi_index  index.php;
#            #fastcgi_param  script_filename  /scripts$fastcgi_script_name;
#            Fastcgi_param  script_filename  /usr/local/nginx/html$fastcgi_script_name;
#            include        fastcgi_params;
#        }

PS:
* Htmlservers, Phpservers, picservers are the names of their own lives, as long as meet a requirement: Add to two places the corresponding name can be consistent. That is, the server name that is added to the proxy_pass corresponds to the server name after it is added to the upstream.


2. Restart Nginx

[Root@cos-7 nginx]#/usr/local/nginx/sbin/nginx-t
nginx:the configuration file/usr/local/nginx/conf/ nginx.conf syntax are OK
nginx:configuration file/usr/local/nginx/conf/nginx.conf test is successful
[ Root@cos-7 nginx]#/usr/local/nginx/sbin/nginx-s Reload

OK, configuration complete. To test, you can add content-aware files to the appropriate server, and then access the Distributor's IP.

My nginx version here is 1.12.2. Attached here is the complete nginx configuration file after my configuration is complete

User Nginx Nginx;

Worker_processes 1;
#error_log Logs/error.log;
#error_log Logs/error.log Notice;

#error_log Logs/error.log Info;


#pid Logs/nginx.pid;


Events {worker_connections 1024;}
    HTTP {include mime.types;

    Default_type Application/octet-stream; #log_format Main ' $remote _addr-$remote _user [$time _local] "$request" ' # ' $status $body _bytes_sen

    T "$http _referer" "$http _user_agent" "$http _x_forwarded_for";

    #access_log Logs/access.log Main;
    Sendfile on;

    #tcp_nopush on;
    #keepalive_timeout 0;

    Keepalive_timeout 65;

    #gzip on;
        server {Listen 80;

        server_name localhost;

        #charset Koi8-r;

        #access_log Logs/host.access.log Main;
            Location/{root HTML;

            Index index.html index.htm index.php; # Add forwarding configuration if ($request _uri ~* \.html$) {Proxy_pass Http://htmlserver;
            } if ($request _uri ~* \.php$) {Proxy_pass http://phpserver;
        } Proxy_pass Http://picserver;

        } #error_page 404/404.html;
        # REDIRECT Server error pages to the static page/50x.html # Error_page 502 503 504/50x.html;
        Location =/50x.html {root html;    # Proxy The PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ {#
        Proxy_pass http://127.0.0.1;            # Pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ {#
root HTML;
# Fastcgi_pass 127.0.0.1:9000;
# Fastcgi_index index.php;
# #fastcgi_param Script_filename/scripts$fastcgi_script_name;
# Fastcgi_param Script_filename/usr/local/nginx/html$fastcgi_script_name;     #       Include Fastcgi_params;
        #} # Deny access to. htaccess files, if Apache ' s document Root # concurs with Nginx ' s one
        # #location ~/\.ht {# deny all; #}} # Another virtual host using mix of ip-, name-, and port-based configuration # #server {# l
    Isten 8000;
    # Listen somename:8080;

    # server_name somename alias Another.alias;
    # location/{# root HTML;
    # index index.html index.htm;
    #} # HTTPS Server # #server {# listen 443 SSL;

    # server_name localhost;
    # ssl_certificate Cert.pem;

    # Ssl_certificate_key Cert.key;
    # Ssl_session_cache shared:ssl:1m;

    # ssl_session_timeout 5m; # ssl_ciphers high:!anull:!
    MD5;

    # ssl_prefer_server_ciphers on;
    # location/{# root HTML; # index index.html index.htm;
    #} # Add a forwarding server, where weight polling is used to upstream Htmlserver {#定义负载均衡服务器组名称 server 192.168.226.
         50:80 weight=1;
    Server 192.168.226.51:80 weight=2;
         } upstream phpserver{server 192.168.226.81:80 weight=1;
    Server 192.168.226.83:80 weight=2;
         } upstream picserver{server 192.168.226.90:80 weight=1;
    Server 192.168.226.91:80 weight=2; }
}

using Haproxy to achieve load balancing

Haproxy provides high availability, load balancing, and proxies based on TCP and HTTP applications to support virtual hosts, a free, fast, and reliable solution. According to official data, its maximum limit supports 10G concurrency.
Haproxy is especially useful for Web sites that are heavily loaded, which typically require session maintenance or seven-tier processing. Haproxy is running on the current hardware and can support tens of thousands of concurrent connections altogether. and its operating mode makes it easy and secure to integrate into your current architecture while protecting your Web server from being exposed to the network.
It supports network switching from layer 4 to 7, covering all TCP protocols. That is, Haproxy even supports the balanced load of MySQL.

The same point: in the function, the haproxy through the reverse proxy way realizes the Web balanced load. The same as Nginx,apacheproxy,lighttpd,cheroke.
different points: Haproxy is not a Web server. All of the above mentioned products with reverse agent balance load are WEB servers. Simply put, they can process the parsing page. And Haproxy is only one application agent for balanced load. It itself does not provide Web services. But its configuration is simple, has the very good server health Check function also has the special system condition monitoring page, when its proxy backend server fails, Haproxy will automatically remove the server, and then automatically join the server after the recovery.

Haproxy official website
The version installed here is 1.7.10

Topology map:
View the system version (Haproxy installation is required to enter different make parameters depending on the system kernel version)

[Root@cos-7 soft]# uname-a
Linux cos-7.4-90 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 21:09:27 UTC 2017 x86_64 x86_64 x 86_64 Gnu/linux

Parameter list:



2. Unzip and install (need to view system version before installation)

[Root@cos-7 soft]# tar xf haproxy-1.7.10.tar.gz-c/usr/local/src/
[root@cos-7 soft]#-cd/usr/local/src/ haproxy-1.7.10
[root@cos-7 soft]# make target=linux2628 prefix=/usr/local/haproxy
[root@cos-7 soft]# Install Prefix=/usr/local/haproxy

PS: If you do not want to make, the following input parameters, you can also directly modify the source package makefile files. Change the value of the prefix to your installation path. The value of target is changed to the appropriate kernel version.


3. Generate configuration files for Haproxy haproxy.cfg

[Root@cos-7 ~]# mkdir-p/usr/local/haproxy/etc
[root@cos-7 etc]# cd  /usr/local/haproxy/etc
[root@cos-7 etc]# Vim Haproxy.cfg

Haproxy.cfg file content is

Global log 127.0.0.1 local0 #log 127.0.0.1 local1 notice #log loghost local0 info maxconn 4096 CHROOT/USR/LOCAL/HAPR Oxy uid #所属运行的用户uid gid #所属运行的用户组 Daemon #以 The background form runs Haproxy Nbproc 1 #启动1个haproxy实例. # #工作进程数量 (number of CPUs), the actual work should be set to the same as the number of CPU cores.
This will give you maximum performance.    Pidfile/usr/local/haproxy/run/haproxy.pid #将所有进程写入pid文件 #debug #调试错误时用 #quiet #安静 defaults log global log 127.0.0.1 Local3 #日志文件的输出定向. The resulting log level is LOCAL3. System local1-7, the user defined mode HTTP #工作模式, the Class processed by default HTTP mode, can be configured as TCP for 4-Layer message forwarding option Httplog #日志类别, Chronicle HTTP Log option Httpclose #每次请求完毕后主动关闭http通道, Haproxy does not support keep-alive, can only simulate implementation of this mode option Dontlognull #不记录空连接, resulting log o Ption forwardfor #如果后端服务器需要获得客户端真实ip需要配置的参数, you can obtain client IP option Redispatch from the HTTP header #当serverid对应的服务器挂掉后               , force directed to the other health server Retries 2 #2次连接失败就认为服务器不可用, mainly through the subsequent check check Maxconn 2000#最大连接数 balance roundrobin #负载均衡算法 stats uri/haproxy-stats access address for the #haproxy monitoring page # available through http:/ /localhost:80/haproxy-stats access to timeout connect 5000 #连接超时时间. Unit: Ms Ms Timeout client 50000 #客户端连接超时时间 Timeout server 50000 #服务器端连接超时时间 mode htt P option Httpchk get/index.html #健康检测 # Note When you actually work on a test, you should download a page to test it, so this page should be a small page rather than a first page.

Here is a check every second of the page. Frontend http #前端配置, the HTTP name customizes the bind 0.0.0.0:80 #发起http请求80端口 and is forwarded to the set IP and port default_backend http_back #转发 To the back-end write back-end name backend Http_back #后端配置, name up and down associated server S1 192.168.226.81:80 weight 3 check #后端的主机 IP & weigh Server S2 1 92.168.226.83:80 weight 3 Check #后端的主机 IP & Tradeoff #server node1 192.168.179.131:8081 check Inter 3 rise Fall 3 Weig HT # Inter 2000 Health Check interval 2 sec # rise 3 detect how many times to think is normal # Fall 3 failure How many times to think is not available # weight 30 weight

PS: About load Balancing algorithms
* Source IP based on request
* STATIC-RR According to weight
* Leastconn Least-connected person to handle first
* URI based on the requested URI
* Url_param According to the requested URL parameter
* Rdp-cookie according to Cookie (name) to lock and hash each request
* HDR (name) locks each HTTP request according to the HTTP request header
* Roundrobin Polling mode


4. Assignment haproxy boot script to/etc/init.d/directory

[Root@cos-7 ~]# cp/usr/local/src/haproxy-1.7.10/examples/haproxy.init/etc/init.d/haproxy
[root@cos-7 ~]# chmod 755/etc/init.d/haproxy
[root@cos-7 ~]# mkdir-p/usr/local/haproxy/run
[root@cos-7 ~]# cp/usr/local/haproxy/ sbin/haproxy/usr/sbin/
[root@cos-7 ~]# chown Nobody/usr/local/haproxy

Haproxy the boot script is assigned, there are some areas that need to be modified.
* Change the value of basename to Haproxy
* The value of the bin is changed to/usr/sbin/haproxy
* The value of the CFG is changed to/usr/local/haproxy/etc/haproxy.cfg
* The value of pidfile is changed to/usr/local/haproxy/run/haproxy.pid
* The value of lockfile is changed to/usr/local/haproxy/run/haproxy
The contents of the modified file

#!/bin/sh # Chkconfig:-Description:ha-proxy # a tcp/http reverse Proxy which is particularly suited \ #
For the high availability environments. # processname:haproxy # config:/etc/haproxy/haproxy.cfg # pidfile:/var/run/haproxy.pid # Script Author:simon Matter &
lt;simon.matter@invoca.ch> # version:2004060600 # Source function library. if [-f/etc/init.d/functions]; Then. /etc/init.d/functions elif [-f/etc/rc.d/init.d/functions]; Then.
/etc/rc.d/init.d/functions Else Exit 0 Fi # Source networking configuration. .
/etc/sysconfig/network # Check that networking are up. [${networking} = "No"] && exit 0 # This are our service name basename= ' Haproxy ' #if [-l $]; Then # basename= ' Find $0-name $BASENAME-printf%l ' # basename= ' BASENAME $BASENAME ' #fi bin=/usr/sbin/haproxy cfg=/us R/local/haproxy/etc/haproxy.cfg [f $CFG] | | Exit 1 Pidfile=/usr/local/haproxy/run/haproxy.pid lockfile=/usr/local/haproxy/run/haproxy RETVAL=0 StarT () {Quiet_check if [$-ne 0]; then echo "Errors found in configuration file, check it with ' $BASENAME check '.
  "Return 1 fi echo-n" starting $BASENAME: "Daemon $BIN-D-F $CFG-P $PIDFILE retval=$? echo [$RETVAL-eq 0] && touch $LOCKFILE return $RETVAL} stop () {echo-n "shutting down $BASENAME:" K
  Illproc $BASENAME-usr1 retval=$? echo [$RETVAL-eq 0] && rm-f $LOCKFILE [$RETVAL-eq 0] && rm-f $PIDFILE return $RETVAL} rest Art () {Quiet_check if [$-ne 0]; then echo "Errors found in configuration file, check it with ' $BASENAME check
    '." Return 1 fi Stop start} reload () {if! [-S $PIDFILE]; Then return 0 fi quiet_check if [$-ne 0];
    Then echo "Errors found in configuration file, check it with ' $BASENAME check '."
  Return 1 fi $BIN-D-F $CFG-P $PIDFILE-sf $ (cat $PIDFILE)} check () {$BIN-C-q-v-F $CFG} Quiet_check () { $BIN-C-q-f $CFG} rhstATUs () {Status $BASENAME} condrestart () {[E $LOCKFILE] && restart | |:} # How do we were called.
  Case "in Start" start;;
  stop) stop;;
  restart) restart;;
  reload) reload;;
  Condrestart) Condrestart;;
  status) Rhstatus;;
  check) check;; * echo $ "Usage: $BASENAME {Start|stop|restart|reload|condrestart|status|check}" Exit 1 Esac exit $?

5. Configure Log Collection

[Root@cos-7 ~]# vim/etc/rsyslog.conf

Open a comment for # $ModLoad imudp and # $UDPServerRun 5,142 lines. Then add two lines below the local7.* line

local3.*          /var/log/haproxy.log
local0.*          /var/log/haproxy.log