RedHat 7 Configuring Haproxy for Web Load Balancing

This article provides a brief introduction to Web load balancing using Haproxy, including weight-based polling, configuring HTTPS for Haproxy, configuring HTTP redirection to HTTPS, and configuring Haproxy using stand-alone logs.

First, the test environment

HAProxy:

Host Name: Rh7-haproxy

IP address: 192.168.10. -

Operating system: Red Hat Enterprise Linux Server Release 7.2 (MAIPO) Minimized installation

Firewall with SELinux: off

Installed services: HAProxy-1.5.14

WEB01:

Host Name: rh7-web-01

IP address: 192.168.10. +

Operating system: Red Hat Enterprise Linux Server Release 7.2 (MAIPO) Minimized installation

Firewall with SELinux: off

Installed services: APACHE-HTTPD 2.4

WEB02:

Host Name: rh7-web-02

IP address: 192.168.10. A

Operating system: Red Hat Enterprise Linux Server Release 7.2 (MAIPO) Minimized installation

Firewall with SELinux: off

Installed services: APACHE-HTTPD 2.4

The original source of this article: Jiangjianrong Technical Blog http://jiangjianlong.blog.51cto.com/3735273/1887279

Second, Web page access testing

1, using the browser to access the two Web IP address, can successfully access to different pages, so that we are able to visually observe the effect of load balancing. Because Apache installation configuration is not the focus of this article, specifically can refer to my previous blog "RedHat 7 installation configuration Apache 2.4" (http://jiangjianlong.blog.51cto.com/3735273/1858650)

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/8C/22/wKioL1hjY7GQIT2oAAB9sPo9Z-Q977.png "title=" 01.PNG "alt=" Wkiol1hjy7gqit2oaab9spo9z-q977.png "/>

2, on the Rh7-haproxy also visit two Web, confirm also can access normal

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/8C/26/wKiom1hjY5my1D1pAABulDydIV4123.png "style=" float: none; "title=" 02.PNG "alt=" Wkiom1hjy5my1d1paabuldydiv4123.png "/>

Three, installation configuration Haproxy

1, [[Email protected]~]yum-y install Haproxy

2, [[Email Protected]~]systemctl start haproxy

3, [[Email protected]~]systemctl enable Haproxy

4, [[Email Protected]~]mv/etc/haproxy/haproxy.cfg/etc/haproxy/haproxy.cfg.bak

5, [[Email protected]~]vi/etc/haproxy/haproxy.cfg

Add the following and then restart the Haproxy service

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/8C/22/wKioL1hjZI-TnbmOAAFiHSs_B5w667.png "title=" Httpcfg-01.png "alt=" Wkiol1hjzi-tnbmoaafihss_b5w667.png "/>

6, using the browser to access the IP address of the Haproxy, multiple refreshes, the successful implementation of polling access WEB01 and WEB02

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/8C/26/wKiom1hjZMOzES0YAAA0FRdLgmQ728.png "style=" float: none; "title=" 03.PNG "alt=" Wkiom1hjzmozes0yaaa0frdlgmq728.png "/>

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/8C/26/wKiom1hjZMTzYzLQAAA2NC2WYNo532.png "style=" float: none; "title=" 04.PNG "alt=" Wkiom1hjzmtzyzlqaaa2nc2wyno532.png "/>

7, Login Haproxy backstage

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/8C/22/wKioL1hjZMSyRdUlAAB4xS9bihc152.png "style=" width : 730px;height:465px; "title=" 05.PNG "width=" 730 "height=" 465 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1hjzmsyrdulaab4xs9bihc152.png "/>

8, you can see the relevant statistics to access WEB01 and WEB02

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/8C/26/wKiom1hjZzHgtbgXAAHcY_QxeQU748.png "title=" 06-1. PNG "width=" 730 "height=" 410 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:410px; "alt=" Wkiom1hjzzhgtbgxaahcy_qxequ748.png "/>

9, modify the Haproxy configuration file, the weight of the web01 to 3,WEB02 is still 1, so that the ratio of access to the two web should be 3:1, changed to restart the next Haproxy service

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/8C/30/wKiom1hkorqiG64bAAGSVaS8aEs493.png "title=" 16-1. PNG "alt=" Wkiom1hkorqig64baagsvas8aes493.png "/>10, again access Haproxy IP address via browser, multiple refreshes for access testing

11, re-login Haproxy background View statistics, you can see access to WEB01 and web02 ratio of 3:1

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/8C/2C/wKioL1hko3rye2kVAAHH_SsL3qc068.png "title=" 17-1. PNG "width=" 730 "height=" 384 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:730px;height:384px; "alt=" Wkiol1hko3rye2kvaahh_ssl3qc068.png "/>

Iv. Configuring Haproxy Access using HTTPS encryption

1, using the client to haproxy use HTTPS, haproxy to the Web side using HTTP, only need to configure the certificate on the Haproxy, here we configure a self-signed certificate to test

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/8C/22/wKioL1hjZMbSpW03AAIh2oV7Tlo001.png "style=" width : 730px;height:448px; "title=" 07.PNG "width=" 730 "height=" 448 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1hjzmbspw03aaih2ov7tlo001.png "/>

2. Check the configured certificate Jiangjianlong.pem

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/8C/26/wKiom1hjZMiTt4wYAAO3H-_Vv_Q107.png "style=" float: none; "title=" 08.PNG "alt=" Wkiom1hjzmitt4wyaao3h-_vv_q107.png "/>

3, modify the Haproxy configuration file, add the following parameters to restart the Haproxy service

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/8C/22/wKioL1hjZM-hxDCOAAGVHbfsLho625.png "title=" Httpscfg-01.png "style=" Float:none; "alt=" Wkiol1hjzm-hxdcoaagvhbfslho625.png "/>

4. Use the HTTPS protocol to access the IP address of the Haproxy, which indicates that there is a problem with the certificate because the self-signed certificate is not trusted by the browser, but the certificate configured above is already in effect, click Continue to browse this website

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/8C/22/wKioL1hjZMvC1x8qAACyAaI6wnc031.png "style=" float: none; "title=" 09.PNG "alt=" Wkiol1hjzmvc1x8qaacyaai6wnc031.png "/>

5, successfully access to the WEB01 page, refresh can also access to the WEB02, indicating that HTTPS encrypted access under the load balance is no problem

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/8C/22/wKioL1hjZMzxoQhMAAA70pipI_0221.png "style=" width : 770px;height:196px; "title=" 10.PNG "alt=" wkiol1hjzmzxoqhmaaa70pipi_0221.png "width=" 770 "height=" 196 "border=" 0 " Hspace= "0" vspace= "0"/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/8C/26/wKiom1hjZMzTxlUYAAA8X6cXllA765.png "style=" width : 760px;height:197px; "title=" 11.PNG "alt=" Wkiom1hjzmztxluyaaa8x6cxlla765.png "width=" 760 "height=" 197 "border=" 0 " Hspace= "0" vspace= "0"/>

6, through the hosts resolved to configure a domain name to the IP address of Haproxy, but also to access the normal

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/8C/22/wKioL1hjZM3xWjFZAAA8oj4Oj-g215.png "style=" width : 760px;height:183px; "title=" 12.PNG "alt=" Wkiol1hjzm3xwjfzaaa8oj4oj-g215.png "width=" 760 "height=" 183 "border=" 0 " Hspace= "0" vspace= "0"/>

7. Review the certificate information, consistent with the certificate information we created

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/8C/26/wKiom1hjZM2g_mJEAABSkHpo0NI309.png "style=" float: none; "title=" 13.PNG "alt=" Wkiom1hjzm2g_mjeaabskhpo0ni309.png "/>

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/8C/26/wKiom1hjZM7yVTDoAABtEJWmnbo666.png "style=" float: none; "title=" 14.PNG "alt=" Wkiom1hjzm7yvtdoaabtejwmnbo666.png "/>

8, configure HTTP redirection, automatically redirect HTTP to https, modify the Haproxy configuration file, add the following parameters, and restart the service

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/8C/2C/wKioL1hkpmqxojBkAABKa8RefkM777.png "title=" 23-1. PNG "alt=" Wkiol1hkpmqxojbkaabka8refkm777.png "/>

9, the use of browser testing, the successful implementation of HTTP automatic redirection for HTTPS access, but due to the inability to render this dynamic effect, it is not truncated.

V. Configuring HAPROXY to use stand-alone log files

The original source of this article: Jiangjianrong Technical Blog http://jiangjianlong.blog.51cto.com/3735273/1887279

1, Haproxy log is written to the system log by default, we can separate it out, easy to troubleshoot management. Edit/etc/rsyslog.conf, press to modify

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/8C/30/wKiom1hkqQ7z-AC7AADq-Fz59Wk157.png "style=" width : 730px;height:298px; "title=" 18-1.png "alt=" Wkiom1hkqq7z-ac7aadq-fz59wk157.png "width=" 730 "height=" 298 "border=" 0 " Hspace= "0" vspace= "0"/>

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/8C/2C/wKioL1hkqdyQlWOpAADACicoeVg756.png "title=" 19-1. PNG "alt=" Wkiol1hkqdyqlwopaadacicoevg756.png "/>

2, restart the Rsyslog service, and then through the browser to access the Web to generate the log, and then view the/var/log/haproxy.log, found that the log has been configured as we have shown above, recorded to/var/log/haproxy.log.

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/8C/2C/wKioL1hkqQ-ToP9_AAIVkv0gQgI773.png "style=" width : 730px;height:300px; "title=" 20.PNG "alt=" Wkiol1hkqq-top9_aaivkv0gqgi773.png "width=" 730 "height=" "border=" 0 " Hspace= "0" vspace= "0"/>

This article is from the "Jiangjianrong Technology blog" blog, make sure to keep this source http://jiangjianlong.blog.51cto.com/3735273/1887279

RedHat 7 Configuring Haproxy for Web Load Balancing