1.HAProxy Introduction
Haproxy is an open-source, high-performance, load-balancing software based on TCP (four-tier), HTTP (seven-tier) applications. That haproxy as a professional load balancer software, it has the following advantages:
Very good reliability and stability, comparable to hardware-level F5 load balancing devices
. Up to 40000-50000 concurrent connections can be maintained at the same time, the maximum number of requests within the unit is 20,000, the maximum data processing capacity can be up to 10Gbps
Supports more than 8 load-balancing algorithms while supporting session-keeping
. Support for Virtual host features
Support for deny connections, fully transparent proxies from 1.3, these features are not available for other load balancers
. Haproxy has a powerful server Status monitoring page that enables real-time visibility of system conditions
. Haproxy has powerful ACL support, which brings great convenience to use.
Haproxy is based on the technical features of the operating system to maximize performance, so it is important to tune the performance of the operating system when using Haproxy
2. Installation
Go to haproxy website Download address http://www.haproxy.org/
Official website Current stable version 1.7.8 version download address
Http://www.haproxy.org/download/1.7/src/haproxy-1.7.8.tar.gz
Tar zxvf haproxy-1.7.8.tar.gz
cd haproxy-1.7.8 make
target=linux26 prefix=/usr/local/haproxy
make Install Prefix=/usr/local/haproxy
mkdir/usr/local/haproxy/conf
CP examples/option-http_proxy.cfg/usr/ Local/haproxy/haproxy.cfg
3. For everyone to understand the entire configuration file, I will post the contents of my profile, there will be comments to help you understand
# # Demo Config for Proxy mode # global Maxconn 20000 #设定HAProxy进程可接受的最大并发数 ulimit-n 41000 #linux命令行选
Item, equivalent to the above parameter log 127.0.0.1 local0 #全局的日志中配置, local0 is the log device info (err,warnig,minfo,debug) for the log level, using Rsyslog The UID of the GID #用户和组, can replace Chroot/var/empty nbproc with Uid,gid 1 #H
Aproxy the number of processes that can be created at startup, with the daemon parameter, by default starting only one process, which should be less than the number of CPU cores. Daemon #进程后台运行, (recommended mode) Defaults mode HTTP #实例的默认运行模式 retries 3 #连接后端服务器的失败重试次数 timeout Connect 10s #连接服务器的最长等待时间 , the default unit is milliseconds, you can use other time units Timeout client 20s #连接客户端发送数据时最长等待时间, the default is milliseconds, you can use other time units timeout server 30s #服务器回应给客户端数据发送的最长等待时间, The unit is milliseconds, you can use other time units timeout Check 5s #对后端服务器的检查超时时间, the default unit is milliseconds, you can use other time units listen admin_stats bind *:9188 #设置监控页面的访问地址, the Address table 9188 Port mode HTTP log global #使用全局日志 stats refresh 30s #监控页面自动刷新时间 stats uri/haproxy-status #uri的访问后 Prefix Stats Realm welcome login\ Haproxy #文本提示信息 Stats auth admin:admin~!@ #统计页面的用户名and address, one stats hide-version per line #隐藏统计页面的HAProxy的版本信息 Stats admin if TRUE #可手工启动或禁用后端真实服务器, valid only after 1.4.9 Version Frontend test-p Roxy bind *:80 #定义监听地址 mode HTTP log global option Httplog #启 Logging option Forwardfor #获取客户端真实ip.
Viewing the option Httpclose #HAProxy在完成一次请教请求连接后 with the log "X-forwarded-for" will actively turn off the connection, which is very helpful for performance option Dontlognull
Option Nolinger option http_proxy Maxconn 8000 Timeout client 30s # layer3:valid users # ACL allow_host src 192.168.200.150/32 ACL allow_host src 192.168.10.0/24 #acl control, run 192.168.10. 0/24 Access request #acl使用方法如下 #acl custom ACL name ACL method-I [Matching path or file] # ACL allow_host src 0.0.0.0/24 http-request deny if!allow_ Host #拒绝连接请求除allow_host外 # layer7:prevent private network relaying # ACL FORBIDDEN_DST url_ip 192.168.0.0/24 # ACL for BIDDEN_DST url_ip 172.16.0.0/12 ACL forbidden_dst url_ip 192.168.20.0/24 http-request deny if Forbidden_dsT default_backend test-proxy-srv backend test-proxy-srv mode http Timeout Connect 5s Timeout server 5s Retries 2 option redispatch #应用于cookie保持的环境 option abortonclose #自动结束长时间连接 option Nolinger optio n http_proxy # option Httpchk get/index.php balance roundrobin cookie ServerID server Web1 192.168.10.101: 8080 Cookie Server1 weight 6 check Inter rise 2 Fall 3 #后端服务器真实地址 server web2 192.168.10.101:8888 Cookie Server2 we Ight 6 check Inter rise 2 Fall 3 # layer7:only GET method is valid ACL Valid_method method GET ACL valid _method method POST Http-request deny if!valid_method # Layer7:protect bad reply http-response deny if {Res.hdr (con
Tent-type) Audio/mp3}
4. Start
Haproxy startup under Sbin in the installation directory
Haproxy-f/usr/local/haproxy.cfg
5. Common errors encountered during startup
In multi-process mode, stats is limited to process assigned to the current request.
Listen needs to run within a single process, you need to specify a default process, and if you want to work around this problem, set the global parameter Nbproc to 1
Proxy ' admin_stats ': Stats admin won't work correctly in multi-process mode.
[./haproxy.main ()] FD limit (16384) too low for maxconn=20000/maxsock=40014. Please raise ' ulimit-n ' to 40014 or more to avoid any trouble.
Please set the parameter Ulimit-n value equal to twice times of Maxconn
6. The simple load balancer configuration for this haproxy is set up and the ACL can be used to control the 7 level of request control.