This article provides a brief introduction to Web load balancing using Haproxy, including weight-based polling, configuring HTTPS for Haproxy, configuring HTTP redirection to HTTPS, and configuring Haproxy using stand-alone logs.
First, the test environment
HAProxy:
Host Name: Rh7-haproxy
IP address: 192.168.10. -
Operating system: Red Hat Enterprise Linux Server Release 7.2 (MAIPO) Minimized installation
Firewall with SELinux: off
Installed services: HAProxy-1.5.14
WEB01:
Host Name: rh7-web-01
IP address: 192.168.10. +
Operating system: Red Hat Enterprise Linux Server Release 7.2 (MAIPO) Minimized installation
Firewall with SELinux: off
Installed services: APACHE-HTTPD 2.4
WEB02:
Host Name: rh7-web-02
IP address: 192.168.10. A
Operating system: Red Hat Enterprise Linux Server Release 7.2 (MAIPO) Minimized installation
Firewall with SELinux: off
Installed services: APACHE-HTTPD 2.4
The original source of this article: Jiangjianrong Technical Blog http://jiangjianlong.blog.51cto.com/3735273/1887279
Second, Web page access testing
1, using the browser to access the two Web IP address, can successfully access to different pages, so that we are able to visually observe the effect of load balancing. Because Apache installation configuration is not the focus of this article, specifically can refer to my previous blog "RedHat 7 installation configuration Apache 2.4" (http://jiangjianlong.blog.51cto.com/3735273/1858650)
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/8C/22/wKioL1hjY7GQIT2oAAB9sPo9Z-Q977.png "title=" 01.PNG "alt=" Wkiol1hjy7gqit2oaab9spo9z-q977.png "/>
2, on the Rh7-haproxy also visit two Web, confirm also can access normal
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/8C/26/wKiom1hjY5my1D1pAABulDydIV4123.png "style=" float: none; "title=" 02.PNG "alt=" Wkiom1hjy5my1d1paabuldydiv4123.png "/>
Three, installation configuration Haproxy
1, [[Email protected]~]yum-y install Haproxy
2, [[Email Protected]~]systemctl start haproxy
3, [[Email protected]~]systemctl enable Haproxy
4, [[Email Protected]~]mv/etc/haproxy/haproxy.cfg/etc/haproxy/haproxy.cfg.bak
5, [[Email protected]~]vi/etc/haproxy/haproxy.cfg
Add the following and then restart the Haproxy service
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/8C/22/wKioL1hjZI-TnbmOAAFiHSs_B5w667.png "title=" Httpcfg-01.png "alt=" Wkiol1hjzi-tnbmoaafihss_b5w667.png "/>
6, using the browser to access the IP address of the Haproxy, multiple refreshes, the successful implementation of polling access WEB01 and WEB02
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/8C/26/wKiom1hjZMOzES0YAAA0FRdLgmQ728.png "style=" float: none; "title=" 03.PNG "alt=" Wkiom1hjzmozes0yaaa0frdlgmq728.png "/>
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/8C/26/wKiom1hjZMTzYzLQAAA2NC2WYNo532.png "style=" float: none; "title=" 04.PNG "alt=" Wkiom1hjzmtzyzlqaaa2nc2wyno532.png "/>
7, Login Haproxy backstage
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/8C/22/wKioL1hjZMSyRdUlAAB4xS9bihc152.png "style=" width : 730px;height:465px; "title=" 05.PNG "width=" 730 "height=" 465 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1hjzmsyrdulaab4xs9bihc152.png "/>
8, you can see the relevant statistics to access WEB01 and WEB02
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/8C/26/wKiom1hjZzHgtbgXAAHcY_QxeQU748.png "title=" 06-1. PNG "width=" 730 "height=" 410 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:410px; "alt=" Wkiom1hjzzhgtbgxaahcy_qxequ748.png "/>
9, modify the Haproxy configuration file, the weight of the web01 to 3,WEB02 is still 1, so that the ratio of access to the two web should be 3:1, changed to restart the next Haproxy service
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/8C/30/wKiom1hkorqiG64bAAGSVaS8aEs493.png "title=" 16-1. PNG "alt=" Wkiom1hkorqig64baagsvas8aes493.png "/>10, again access Haproxy IP address via browser, multiple refreshes for access testing
11, re-login Haproxy background View statistics, you can see access to WEB01 and web02 ratio of 3:1
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/8C/2C/wKioL1hko3rye2kVAAHH_SsL3qc068.png "title=" 17-1. PNG "width=" 730 "height=" 384 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:384px; "alt=" Wkiol1hko3rye2kvaahh_ssl3qc068.png "/>
Iv. Configuring Haproxy Access using HTTPS encryption
1, using the client to haproxy use HTTPS, haproxy to the Web side using HTTP, only need to configure the certificate on the Haproxy, here we configure a self-signed certificate to test
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/8C/22/wKioL1hjZMbSpW03AAIh2oV7Tlo001.png "style=" width : 730px;height:448px; "title=" 07.PNG "width=" 730 "height=" 448 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1hjzmbspw03aaih2ov7tlo001.png "/>
2. Check the configured certificate Jiangjianlong.pem
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/8C/26/wKiom1hjZMiTt4wYAAO3H-_Vv_Q107.png "style=" float: none; "title=" 08.PNG "alt=" Wkiom1hjzmitt4wyaao3h-_vv_q107.png "/>
3, modify the Haproxy configuration file, add the following parameters to restart the Haproxy service
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/8C/22/wKioL1hjZM-hxDCOAAGVHbfsLho625.png "title=" Httpscfg-01.png "style=" Float:none; "alt=" Wkiol1hjzm-hxdcoaagvhbfslho625.png "/>
4. Use the HTTPS protocol to access the IP address of the Haproxy, which indicates that there is a problem with the certificate because the self-signed certificate is not trusted by the browser, but the certificate configured above is already in effect, click Continue to browse this website
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/8C/22/wKioL1hjZMvC1x8qAACyAaI6wnc031.png "style=" float: none; "title=" 09.PNG "alt=" Wkiol1hjzmvc1x8qaacyaai6wnc031.png "/>
5, successfully access to the WEB01 page, refresh can also access to the WEB02, indicating that HTTPS encrypted access under the load balance is no problem
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/8C/22/wKioL1hjZMzxoQhMAAA70pipI_0221.png "style=" width : 770px;height:196px; "title=" 10.PNG "alt=" wkiol1hjzmzxoqhmaaa70pipi_0221.png "width=" 770 "height=" 196 "border=" 0 " Hspace= "0" vspace= "0"/>
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/8C/26/wKiom1hjZMzTxlUYAAA8X6cXllA765.png "style=" width : 760px;height:197px; "title=" 11.PNG "alt=" Wkiom1hjzmztxluyaaa8x6cxlla765.png "width=" 760 "height=" 197 "border=" 0 " Hspace= "0" vspace= "0"/>
6, through the hosts resolved to configure a domain name to the IP address of Haproxy, but also to access the normal
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/8C/22/wKioL1hjZM3xWjFZAAA8oj4Oj-g215.png "style=" width : 760px;height:183px; "title=" 12.PNG "alt=" Wkiol1hjzm3xwjfzaaa8oj4oj-g215.png "width=" 760 "height=" 183 "border=" 0 " Hspace= "0" vspace= "0"/>
7. Review the certificate information, consistent with the certificate information we created
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/8C/26/wKiom1hjZM2g_mJEAABSkHpo0NI309.png "style=" float: none; "title=" 13.PNG "alt=" Wkiom1hjzm2g_mjeaabskhpo0ni309.png "/>
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/8C/26/wKiom1hjZM7yVTDoAABtEJWmnbo666.png "style=" float: none; "title=" 14.PNG "alt=" Wkiom1hjzm7yvtdoaabtejwmnbo666.png "/>
8, configure HTTP redirection, automatically redirect HTTP to https, modify the Haproxy configuration file, add the following parameters, and restart the service
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/8C/2C/wKioL1hkpmqxojBkAABKa8RefkM777.png "title=" 23-1. PNG "alt=" Wkiol1hkpmqxojbkaabka8refkm777.png "/>
9, the use of browser testing, the successful implementation of HTTP automatic redirection for HTTPS access, but due to the inability to render this dynamic effect, it is not truncated.
V. Configuring HAPROXY to use stand-alone log files
The original source of this article: Jiangjianrong Technical Blog http://jiangjianlong.blog.51cto.com/3735273/1887279
1, Haproxy log is written to the system log by default, we can separate it out, easy to troubleshoot management. Edit/etc/rsyslog.conf, press to modify
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/8C/30/wKiom1hkqQ7z-AC7AADq-Fz59Wk157.png "style=" width : 730px;height:298px; "title=" 18-1.png "alt=" Wkiom1hkqq7z-ac7aadq-fz59wk157.png "width=" 730 "height=" 298 "border=" 0 " Hspace= "0" vspace= "0"/>
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/8C/2C/wKioL1hkqdyQlWOpAADACicoeVg756.png "title=" 19-1. PNG "alt=" Wkiol1hkqdyqlwopaadacicoevg756.png "/>
2, restart the Rsyslog service, and then through the browser to access the Web to generate the log, and then view the/var/log/haproxy.log, found that the log has been configured as we have shown above, recorded to/var/log/haproxy.log.
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/8C/2C/wKioL1hkqQ-ToP9_AAIVkv0gQgI773.png "style=" width : 730px;height:300px; "title=" 20.PNG "alt=" Wkiol1hkqq-top9_aaivkv0gqgi773.png "width=" 730 "height=" "border=" 0 " Hspace= "0" vspace= "0"/>
This article is from the "Jiangjianrong Technology blog" blog, make sure to keep this source http://jiangjianlong.blog.51cto.com/3735273/1887279
RedHat 7 Configuring Haproxy for Web Load Balancing