Shulou(Shulou.com)06/02 Report--

Building haproxy High availability Cluster by CentOS7.4-

Catalogue

Part one: experimental environment

The second part is to build and configure web server.

The third part installs and configures haproxy server

Part IV testing and verification

Part V detailed explanation of haproxy configuration

Part one: experimental environment

A harpoxy scheduling server

IP address: 192.168.80.10

Software required: haproxy-1.7.10.tar two Web servers (based on nginx)

IP address: 192.168.80.20 (web01)

IP address: 192.168.80.30 (web02)

Software required: nginx-1.13.9.tar.gz

/ / three server systems: linux-CentOS7.4

/ / Software:

One Win7 client (for verification testing)

IP address: 192.168.80.2

The second part is to build and configure web server.

Step 1: configure web01

[root@web01 ~] # yum install-y\ / / install related plug-ins and compile installation tools

Pcre-devel\

Zlib-devel\

Make\

Gcc\

Gcc-c++

[root@web01 ~] # useradd-M-s / sbin/logogin nginx / / create nginx program user

[root@web01 ~] # tar xzvf nginx-1.13.9.tar.gz

[root@web01 ~] # cd nginx-1.13.9

[root@web01 nginx-1.13.9] #. / configure\ / / define configuration

-- prefix=/usr/local/nginx\

-- user=nginx\

-- group=nginx

[root@web01 nginx-1.13.9] # make & & make install / / compilation and installation

[root@web01 nginx-1.13.9] # ln-s / usr/local/nginx/sbin/nginx / usr/local/sbin/ put the nginx executable program into the system environment

[root@web01 nginx-1.13.9] # echo "SERVER AA" > / usr/local/nginx/html/index.html

/ / modify the default home page display (for later testing)

[root@web01 nginx-1.13.9] # nginx / / start the nginx service

[root@web01 nginx-1.13.9] # netstat-anpt | grep nginx

Win7 accesses http://192.168.80.10

Step 2: configure web02 (same as web01)

[root@web02 ~] # yum install-y\

Pcre-devel\

Zlib-devel\

Gcc\

Gcc-c++\

Make

[root@web02] # useradd-M-s / sbin/nologin nginx

[root@web02 ~] # tar xzvf nginx-1.13.9.tar.gz

[root@web02 ~] # cd nginx-1.13.9

[root@web02 nginx-1.13.9] #. / configure\

-- prefix=/usr/local/nginx\

-- user=nginx\

-- group=nginx

[root@web02 nginx-1.13.9] # make & & make install

[root@web02 nginx-1.13.9] # ln-s / usr/local/nginx/sbin/nginx / usr/local/sbin/

[root@web02 nginx-1.13.9] # echo "SERVER BB" > / usr/local/nginx/html/index.html

[root@web02 nginx-1.13.9] # nginx

[root@web02 nginx-1.13.9] # netstat-anpt | grep nginx

Win7 accesses http://192.168.80.20

The third part installs and configures haproxy server

[root@haproxy ~] # yum install-y\ / / install plug-ins and compilation tools

Pcre-devel\

Bzip2-devel\

Gcc\

Gcc-c++\

Make

[root@haproxy ~] # tar xzvf haproxy-1.7.10.tar.gz

[root@haproxy ~] # cd haproxy-1.7.10

[root@haproxy haproxy-1.7.10] # make TARGET=linux26 / / identifies a 64-bit system

[root@haproxy haproxy-1.7.10] # make install

[root@haproxy haproxy-1.7.10] # mkdir / etc/haproxy

[root@haproxy haproxy-1.7.10] # groupadd haproxy

[root@haproxy haproxy-1.7.10] # useradd-s / sbin/nologin-M-g haproxy haproxy / / add haproxy to run haproxy account and set and owner and group

[root@haproxy haproxy-1.7.10] # vi / etc/haproxy/haproxy.cfg / / create and edit haproxy configuration file

-Global configuration-

Global

Log 127.0.0.1 local2

# chroot / usr/local/haproxy-1.7.10

Pidfile / var/run/haproxy.pid

Maxconn 4000 / / maximum connections

User haproxy

Group haproxy

Daemon / / create a process to run in deamon mode. This parameter requires that the running mode be set to daemon

#-

Common defaults that all the 'listen' and' backend' sections willuse if not designated in their block

#-

Defaults

Mode http / / default mode. Tcp is four layers, http is seven layers. Health only returns OK. If mixed mode, mode does not need to be set.

Log global / / use globally defined logs

Option dontlognull / / does not record the log information of health check

Option httpclose / / actively close the http channel after each request

Option httplog / / log category http log format; if mixed mode, you need to add tcpclog here

# option forwardfor / / if the backend server needs to obtain the parameters that the client real ip needs to configure, you can obtain the client ip from Http Header

After the corresponding server of option redispatch / / serverId hangs up, force the direction to another healthy server

Timeout connect 10s / / timeout connection 10s

Timeout client 10s / / client timeout connection 10s

Timeout server 10s / / Server connection timeout

Maxconn 60000 / / maximum connections

Retries 3 / / the service is considered unavailable if the connection fails 3 times

-Statistics page configuration-

Listen admin_stats

Bind 0.0.0.0 8089 / / listening port

Stats enable / / enable listening port

Mode http

Log global

Stats uri / stats / / Statistics page url

Prompt text on the password box of stats realm Haproxy\ Statistics / / Statistics Page

User name and password settings of stats auth admin:admin / / statistics page

# stats hide-version / / hide the version information of HAProxy on the statistics page

Stats admin if TRUE / / can be managed only when it has passed the authentication

Stats refresh 30s / / automatic page refresh time 30s

-web settings

Listen webcluster

Bind 0.0.0.0:80

Mode http

Option httpchk GET / index.html

Log global

Maxconn 3000

Balance roundrobin

Server web01 192.168.80.10:80 check inter 2000 fall 3

Server web02 192.168.80.20:80 check inter 2000 fall 3

Save exit

[root@haproxy haproxy-1.7.10] # cp examples/haproxy.init / etc/init.d/haproxy

[root@haproxy haproxy-1.7.10] # chmod 755 / etc/init.d/haproxy

[root@haproxy haproxy-1.7.10] # chkconfig-- add haproxy

[root@haproxy haproxy-1.7.10] # ln-s / usr/local/sbin/haproxy / usr/sbin/haproxy

[root@haproxy haproxy-1.7.10] # service haproxy start

[root@haproxy haproxy-1.7.10] # netstat-anpt | grep haproxy

[root@haproxy haproxy-1.7.10] # systemctl stop firewalld

[root@haproxy haproxy-1.7.10] # setenforce 0

Part IV Verification testing

Win7 access Scheduler address http://192.168.80.30

Wait a while and visit again.

/ / verify successfully

Part V detailed explanation of haproxy configuration

Global configuration, used to define global parameters, belongs to process-level configuration, usually related to operating system configuration.

Global

# define global logs, which are configured locally and output via local0. The default is info level, and two entries can be configured.

Log 127.0.0.1 local0 warning

# define log level [error warning info debug]

# log 127.0.0.1 local1 info

# run path

Chroot / usr/local/haproxy

# path for storing PID files

Pidfile / var/run/haproxy.pid

# set the maximum number of concurrent connections per haproxy process, which is equivalent to the command line option "- n"; the result of automatic calculation of "ulimit-n" refers to this parameter setting.

Maxconn 4096

# run the haproxy user, or use the keyword uid

User haproxy

# run the haproxy user group, or use the keyword gid

Group haproxy

# running haproxy in the background

Daemon

# set the number of haproxy processes started, which can only be used for haproxy in daemon mode

# only one process is started by default. Due to various reasons such as difficulties in debugging, multi-process mode is generally used only in scenarios where a single process can only open a few file descriptors.

Nbproc 1

# set the maximum number of file descriptors that can be opened per process, which is calculated automatically by default, so it is not recommended to modify this option.

# ulimit-n 819200

Debug level, generally debug only when a single process is started, and the production environment is disabled.

# debug

# haproxy does not display any relevant information after startup, which is the same as adding the parameter "- Q" when starting haproxy on the command line

# quiet

# define where statistics are saved

Stats socket / usr/local/haproxy/stats

# default configuration

Defaults

# default mode [tcp: layer 4; http:7 layer; health: return only OK]

Mode http

# inherit global log definition output

Log global

# Log category, httplog

# option httplog

# if the backend server needs to record the real ip of the client, you need to add the "X-Forwarded-For" field to the HTTP request

However, when haproxy's own health detection mechanism accesses the back-end server, the access log should not be recorded. Except can be used to exclude 127.0.0.0, that is, haproxy itself.

# option forwardfor except 127.0.0.0/8

Option forwardfor

# enable the server-side shutdown function in the http protocol, and actively close the http channel after each request, so as to support long connections, so that the session can be reused, so that every log record will be recorded.

Option httpclose

If an empty connection is generated, the log of the empty connection will not be recorded.

Option dontlognull

# redistribute the session to another healthy server when the session with the back-end server fails (server failure or other reasons); when the failed server recovers, the session is directed to the restored server

# you can also use the "retries" keyword to set the number of connection attempts when determining a session failure

Option redispatch

Retries 3

When the haproxy load is high, automatically end the links that have been processed for a long time in the current queue.

Option abortonclose

# default http request timeout

Timeout http-request 10s

The default queue timeout is #. When the load is high, the back-end server will put the request from haproxy into a queue.

Timeout queue 1m

# the connection timeout between haproxy and backend server.

Timeout connect 5s

# after the client connects with haproxy, the data transmission is completed, and there is no more data transmission, that is, the timeout for inactive connections.

Timeout client 1m

# timeout of inactive connection between haproxy and backend server.

Timeout server 1m

By default, the timeout for establishing a new http request connection can be released as soon as possible and save resources when the time is short.

Timeout http-keep-alive 10s

# heartbeat detection timeout

Timeout check 10s

# maximum number of concurrent connections

Maxconn 2000

# set the default load balancing method

# balance source

# balnace leastconn

# Statistics page configuration, a combination of frontend and backend, and the name of the monitoring group can be customized as needed

Listen admin_status

# configure monitoring operation mode

Mode http

# configure the access port of statistics page

Bind 0.0.0.0:1080

# maximum number of connections by default on the statistics page

Maxconn 10

# http log format

Option httplog

# enable Statistics

Stats enable

# hide the haproxy version information on the statistics page

Stats hide-version

# Monitoring page automatic refresh time

Stats refresh 30s

# visit url on the statistics page

Stats uri / stats

# password box prompt text on statistics page

Stats realm mCloud\ Haproxy

# user and password of the monitoring page: admin, multiple user names can be set

Stats auth admin:admin

# start / disable backend servers manually, and manage nodes through web

Stats admin if TRUE

# setting haproxy error page

Errorfile 400 / usr/local/haproxy/errorfiles/400.http

Errorfile 403 / usr/local/haproxy/errorfiles/403.http

Errorfile 408 / usr/local/haproxy/errorfiles/408.http

Errorfile 500 / usr/local/haproxy/errorfiles/500.http

Errorfile 502 / usr/local/haproxy/errorfiles/502.http

Errorfile 503 / usr/local/haproxy/errorfiles/503.http

Errorfile 504 / usr/local/haproxy/errorfiles/504.http

# Monitoring the monitoring status of haproxy backend servers

Listen site_status

Bind 0.0.0.0 1081 # listening port

7-tier mode of mode http # http

Log 127.0.0.1 local2 err # [err warning info debug]

Monitor-uri / site_status # website Health check URL, which is used to check whether the website managed by HAProxy is available. It returns 200normally and 503abnormally.

Acl site_dead nbsrv (php_server) lt 1 # the policy when defining the down of a website returns true when the number of valid machines in the specified backend hanging on the load balancer is less than 1.

Acl site_dead nbsrv (html_server) lt 1

Acl site_dead nbsrv (backend_default) lt 1

Monitor fail if site_dead # returns 503 when the policy is met, the online document says 500, and the actual test is 503

Monitor-net 192.168.4.171amp 32 # Log information from 192.168.4.152 will not be recorded and forwarded

Monitor-net 192.168.4.172/32

# frontend with custom name

Frontend HAproxy_Cluster

# define the front-end listening port, which is recommended in the form of bind: 80. Otherwise, if there is a problem when the cluster is highly available, the vip cannot be accessed when it is switched to other machines.

Bind 0.0.0.0:80

# acl is followed by the rule name. When the url of the request ends with .php, the match triggers the php_web rule.

When the requested url ends with .css, .jpg, .png, .jpeg, .js, .gif, the static_web rule is matched and triggered.

# acl static_web path_end .gif .png .jpg .css .js .jpeg

# acl static_web url_reg /. (css | jpg | png | jpeg | js | gif) $

#-I ignores case and matches and triggers dns_name rules when a host that starts with www.test.com is requested.

Acl html_web hdr_beg (host)-I www.haproxytest.com

# acl html_web hdr_beg (host) 10.11.4.152

When the client's IP is x.x.x.x, match and trigger the src_ip rule.

# acl src_ip src x.x.x.x

# if matching acl rule php_web, transfer the request to php_server group for processing; if matching acl rule html_web, transfer the request to html_server group for processing.

Use_backend php_server if php_web

Use_backend html_server if html_web

# if the above rules do not match, transfer the request to the default_backend group for processing.

Default_backend backend_default

# backend backend configuration, configuring php_server group and html_server group

Backend php_server

# define the load balancing method as roundrobin, that is, the algorithm of polling and scheduling based on weight, which is recommended when the server performance is evenly distributed.

# there are several other load balancing methods as follows:

#-static-rr: rotation scheduling is also based on weight, but it is a static method. Adjusting the weight of the back-end unit at run time will not use the new weight.

#-source: match the backend server group based on the hash operation of the request source IP

#-leastconn: not suitable for environments with short sessions, such as http-based applications

#-uri: perform hash operation on the entire URI

#-uri_param: forward the parameters in URI

#-hdr (): forward according to the http header. If there is no such header, switch to using roundrobin.

Balance roundrobin

Mode http

# allow insertion of serverid into cookie, which can be defined after serverid

Cookie SERVERID

# heartbeat detection is to detect back-end server index.html files, and there are other ways

Option httpchk GET / index.html

# backend server definition. Maxconn 1024 represents the maximum number of connections to the server, cookie 1 indicates that serverid is 1, and weight represents weight (default 1, maximum 265c0 means not participating in load balancer)

# check inter 1500 is to detect the heartbeat rate, rise 2 is 2 times to correctly consider the server available, fall 3 is 3 times to fail to consider the server unavailable.

Server php1 192.168.4.171:80 maxconn 1024 cookie 1 weight 3 check inter 1500 rise 2 fall 3

Backend html_server

Balance source

Mode http

Server html1 192.168.4.172:80 maxconn 1024 cookie 1 weight 3 check inter 1500 rise 2 fall 3

Backend backend_default

Balance source

Mode http

Server default1 192.168.4.171:80 maxconn 1024 cookie 1 weight 3 check inter 1500 rise 2 fall 3

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.