Shulou(Shulou.com)06/03 Report--

A brief introduction to HAProxy

The role of proxy: web cache (acceleration), reverse proxy, content routing (forwarding requests to specific servers based on traffic and content type, etc.), transcoder (compressing the content of the back-end server and transmitting it to the client side).

The role of cache: reduce redundant content transmission; save bandwidth, alleviate network bottleneck; reduce the request pressure on the original server, reduce the transmission delay.

HAProxy is a free, very fast, and reliable solution that provides high availability, load balancing, and proxies for TCP and http-based applications. It is especially suitable for very high traffic sites and provides a powerful force for the most visited websites in the world. Over the years, it has become a de facto standard opensource load balancer and is now released with most major Linux distributions

And it is often deployed by default on cloud platforms.

HAProxy: it is only a reverse proxy of http protocol and does not provide caching.

Second, the construction of HAProxy test environment

1. Simple architecture diagram

2. Test environment (description):

HAProxy:192.168.16.10

Web1: 192.168.16.11

Web2: 192.168.16.12

Operating system: CentOS Linux release 7.3.1611 (Core)

Iptables is closed and selinux is disabled

3. Install haproxy on HAProxy server

Install Haproxy through yum:

[root@sheng1 haproxy] # yum-y install haproxy

View Haproxy version

[root@sheng1 haproxy] # haproxy-vHA-Proxy version 1.5.18 2016/05/10Copyright 2000-2016 Willy Tarreau

4. Web1 and web2 install httpd

Web Server 1:192.168.16.11Web Server 2VR 192.168.16.11

Yum-y install httpd

Echo "1111111" > / var/www/html/index.html

Systemctl start httpd

Echo "2222222" > / var/www/html/index.html

Systemctl start httpd

And then systemctl start httpd.service

View and configure the haproxy configuration file cat / etc/haproxy/haproxy.cfg | egrep-v'(# | ^ $)'

5. Configure HAProxy

Vim / etc/haproxy/haproxy.cfg

[root@sheng1 haproxy] # pwd

/ etc/haproxy

Modify the configuration of haproxy.cfg as follows:

Global # Global configuration log 127.0.0.1 local2 # Log output configuration chroot / var/lib/haproxy # haproxy working directory pidfile / var/run/haproxy.pid # haproxy pid directory maxconn 4000 # most Dalian connections (default configuration) user haproxy # run haproxy user group haproxy # haproxy Group daemon # background start stats socket / var/lib/haproxy/stats # I don't know Subsequent supplementary defaults # default configuration mode http # default mode mod {tcp | http | health} log global # Log system is the same as global segment option httplog # Log category is httplog option dontlognull # No health check log option http-server-close # after each request is completed Actively shutting down the http channel option forwardfor except 127.0.0.0 retries 8 # the backend server needs to obtain the parameters that the client real ip needs to configure option redispatch # when the requested server hangs up and forcibly switches to the healthy server 3 # 3 after failed to connect to the server, determine that the server is unavailable timeout http-request 10s # default server Request timeout (tunable) timeout queue 1m # default queue timeout (tunable) timeout connect 10s # default connection timeout (optimizable) timeout client 1m # default client timeout (optimizable) timeout server 1m # default server timeout (optimizable) timeout http-keep-alive 10s # default persistent connection timeout Time (optimizable) timeout check 10s # default heartbeat detection timeout (optimizable) maxconn 3000 # maximum number of connections Do not exceed the maximum number of connections in the global configuration listen stats_auth # mixed configuration of monitoring page and listening port, which is a bit poor. Only refer to bind 192.168.16.10 status 8000 # bind monitoring page listening port stats uri / status # haproxy monitoring page stats auth admin:westos # configure monitoring page account password login stats refresh 5s # monitoring page automatic refresh time stats hide-version # hide monitoring page haproxy version number Secure listen www.jzz.nginx *: 8088 # listening instance name, address and port, which can be configured with multiple server web1 192.168.16.11 cookie app1inst1 check inter 80 cookie app1inst1 check inter 2000 rise 2 fall 5 # backend web server ip and other instance names, addresses and ports monitored by listen www.jzztest.org *: 8089 # Can configure multiple server web2 192.168.16.12 server web2 80 cookie app1inst2 check inter 2000 rise 2 fall 5 # backend web server ip and other configurations # Note parameters interpretation: inter 2000 heartbeat detection time Three connections to rise 2 indicate that the server is normal, while # fall 5 indicates that the server is abnormal if the connection fails three times. Weight 1 weight setting listen localhost.localdomain *: 80 balance roundrobin # load balancing algorithm (with roundrobin, static-rr, leastconn, source, url, url_param, hdr, rdp_cookie) frontend main *: 5000 # frontend frontend configuration, available for haproxy installation with limited capacity Acl url_static path_beg-I / static / images / javascript / stylesheets acl url_static path_end-I .jpg .gif .png .css .js use_backend static if url_static default_backend appbackend static # backend front-end configuration is no longer explained. It is available when haproxy is installed, and the capacity is limited. No longer explain balance roundrobin server static 127.0.0.1 balance roundrobin server app1 4331 checkbackend app # backend front-end configuration, it is available when haproxy is installed, and the capacity is limited. No longer explain balance roundrobin server app1 127.0.0.1 balance roundrobin server app1 5001 check server app2 127.0.1 balance roundrobin server static 5002 check server app3 127.0.0.1 balance roundrobin server app1 5003 check server app4 127.0.0.1 balance roundrobin server static 5004 check

Rsyslog Syslog forwarding

Edit configuration file / etc/rsyslog.conf

Add the following:

$ModLoad imudp$UDPServerRun 514 local 2.* / var/log/haproxy.log

Vim / etc/sysconfig/rsyslogSYSLOGD_OPTIONS= "- r-m 0" # receives remote server logs

Restart the rsyslog process

Systemctl restart rsyslog

6. Start the haproxy service

Systemctl start haproxy

Third, test whether the environment is healthy or not

Access HAProxy through a browser

Http://192.168.16.10:8000/status

Access / status under the port of the haproxy monitoring page. For security reasons, the account password is required for the first login. The account password is set in the configuration file.

Go to the monitoring page, where you can see our configuration

When you access port 8088 of haproxy server ip, you can find that you have jumped to Web server 1.

When you access port 8089 of haproxy server ip, you can find that you have jumped to Web server 2.

You can also set the domain name to access different web servers, but bind the domain name ip correspondence in the local host.

Haproxy server is configured successfully

3. Simple configuration of haproxy+keepalived

Premise:

1. The configuration of the two haproxy servers is basically the same. You can refer to the configuration of the haproxy above, and the backend web server is the same.

two。 Keepalived has been installed on both haproxy servers, and the installation tutorial refers to the installation of keepalived in my lvs+keepalived configuration.

Environment:

Haproxy server 1:192.168.16.9haproxy server 2:192.168.16.10haproxy proxy web server 1VR 192.168.16.11 (hostname:www.jzz.nginx default page: 1111111) haproxy proxy Web server 2VR 192.168.16.12 (hostname:www.jzztest.org default page: 2222222) keepalived master server: 192.168.174.9keepalived slave server: 192.168.174.10VIP:192.168.16.8 fuck Make the system: centos7.3 iptables is closed and selinux is disabled

Settings for two keepalived hosts

1. Configure HAProxy: the newly added 192.168.16.9 should be configured in the same way as the previous haproxy.

2. Keepalived is installed on both haproxy servers.

# install dependent files and keepalive

# yum install-y openssl openssl-devel keepalived

Keepalived master server profile

[root@sheng0 ~] # cat / etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs {router_id LVS_R1} vrrp_strict chk_http_port {script "/ opt/script/check_haproxy.sh" interval 2 weight 2} vrrp_instance VI_1 {state MASTER interface ens33 virtual_router_id 88 priority 100 advert_int 1 authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {192.168.16.8} track_script {check_haproxy}}

Keepalived slave server profile

[root@sheng1 /] # cat / etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs {router_id LVS_R2} vrrp_strict chk_http_port {# Haproxy Monitoring script script "/ opt/script/check_haproxy.sh" interval 2 weight 2} vrrp_instance VI_1 {state BACKUP interface ens33 virtual_router_id 88 priority 80 advert_int 1 authentication {auth_type PASS auth_pass 1111} virtual_ipaddress {192.168.16 . 8} track_script {check_haproxy}}

There is still only a small difference between keepalived master and slave configuration files, only priority and router_id are different here. Here, a script is used to test the viability of haproxy. Both master and slave configuration files are the same.

[root@sheng1 script] # cat check_haproxy.sh #! / bin/bashif [$(ps-C haproxy-- no-header | wc-l)-eq 0]; then / etc/init.d/haproxy startfisleep 2if [$(ps-C haproxy-- no-header | wc-l)-eq 0]; then / etc/init.d/haproxy stopfi

*

Appendix:

Haproxy profile:

Global log 127.0.0.1 local2 chroot / var/lib/haproxy pidfile / var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon stats socket / var/lib/haproxy/statsdefaults mode httplog global option httplog option dontlognull option http-server-close option forwardfor except 127 .0.0.0 / 8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000listen stats_auth bind 192.168.16.10:8000 stats uri / status stats auth admin:westos stats refresh 5s Stats hide-version listen www.jzz.nginx *: 8088 server web1 192.168.16.11 fall 80 cookie app1inst1 check inter 2000 rise 2 fall 5 listen www.jzztest.org *: 8089 server web2 192.168.16.12 cookie app1inst1 check inter 2000 rise 2 fall 5 listen localhost.localdomain *: 80 balance roundrobinfrontend main *: 5000 acl url_static path_beg-I / static / images / javascript / stylesheets acl url_static path_end -I .jpg .gif .png .css .js use_backend static if url_static default_backend appbackend static balance roundrobin server static 127.0.0.1 check server app2 4331 checkbackend app balance roundrobin server app1 127.0.1 check server app2 5001 check server app2 127.0.1 check server app3 127.0.1 check server app3 127.0.1 check server app4 127.0.0.1 check server app4 5004 check

Promotion: haproxy+keepalived (main main mode) to achieve simple configuration of high availability environment

Https://blog.51cto.com/sf1314/2384572

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.