一、

haproxy是一款高可用性。负载均衡基于4层和七层应用的代理软件。 支持虚拟机。适用于负载大的web站点。

主从模式 主的挂了自动切换从 主的起来切换为主

全程关闭防火墙

1）安装Haproxy（Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup两台机器都要操作） 注意：安装之前，先执行

yum install gcc gcc-c++ make openssl-devel kernel-devel

设置内网地址(设置之前添加网卡 方能配置生效)

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1

TYPE=Ethernet

PROXY_METHOD=none

BROWSER_ONLY=no

BOOTPROTO=none

DEFROUTE=yes

NAME=eth1

UUID=ce0ca17e-6109-4089-912b-bb25033c786a

DEVICE=eth1

ONBOOT=yes

IPADDR=192.168.2.1

添加静态路由使其连通

yum install -y net-tools

route add -net 192.168.2.0 netmask 255.255.255.0 dev eth1

route -n 查看

ping 检测

另一台机器同样如上操作

haproxy_master和hapoxy_backup设置vip

ip addr add 192.168.1.241/24 dev eth0

两个机器分别下载

yum install -y wget

wget https://src.fedoraproject.org/repo/pkgs/haproxy/haproxy-1.6.1.tar.gz/7343def2af8556ebc8972a9748176094/haproxy-1.6.1.tar.gz

下载haproxy

附: 地址https://src.fedoraproject.org/repo/pkgs/haproxy/

编译安装

tar fx haproxy-1.6.0.tar.gz

root@localhost ~]# cd haproxy-1.6.0

[root@localhost haproxy-1.6.0]#

make TARGET=linux26 CPU=x86_64 PREFIX=/usr/local/haprpxy USE_OPENSSL=1 ADDLIB=-lz

make install PREFIX=/usr/local/haproxy

mkdir -p /usr/local/haproxy/conf

mkdir -p /etc/haproxy

cp examples/option-http_proxy.cfg /usr/local/haproxy/conf/haproxy.cfg

ln -s /usr/local/haproxy/conf/haproxy.cfg /etc/haproxy/haproxy.cfgcp r examples/errorfiles/ /usr/local/haproxy/errorfiles/

cp -r examples/errorfiles/ /usr/local/haproxy/errorfiles/

ln -s /usr/local/haproxy/errorfiles /etc/haproxy/errorfiles

cd /usr/local/haproxy/conf/

vim haproxy.cfg

配置文件

global

log 127.0.0.1 local0

chroot /var/lib/haproxy

pidfile /var/run/haproxy.pid

maxconn 400000

user nobody

group nobody

nbproc 1

daemon

tune.ssl.default-dh-param 2048

#---------------------------------------------------------------------

defaults

mode http

log global

option dontlognull

option redispatch

retries 3

timeout http-request 10s

timeout queue 1m

timeout connect 10s

timeout client 1m

timeout server 1m

timeout http-keep-alive 60s

timeout check 10s

maxconn 100000

option httpclose

option forwardfor

#----------------------------------------------------------------------------------

listen web_ha

bind 0.0.0.0:9999

mode http

transparent

stats refresh 30s

stats uri /haproxy-stats

stats hide-version

stats realm Haproxy\statistics

stats auth admin:haproxy

#-------------------------------------------------------------------------------------------

frontend server_port80

bind *:80

mode http

option httplog

option httpclose

option forwardfor

log global

acl www_itpub hdr_beg(host) -i 239la.com

acl www_chinaunix hdr_beg(host) -i 240la.com

#----------------------------------------------------------------------------

use_backend web-server1 if www_itpub

use_backend web-server2 if www_chinaunix

#log format

capture request header Host len 64

capture request header User-Agent len 128

capture request header X-Forwarded-For len 100

capture request header Referer len 200

capture response header Server len 40

capture response header Server-ID len 40

log-format %ci:%cp\ %si:%sp\ %B\ %U\ %ST\ %r\ %b\ %f\ %bi\ %hrl\ %hsl\

#----------------------------------------------------------------------------

backend web-server1

mode http

balance source

cookie www_itpub insert indirect nocache

server itpub 192.168.2.3:80 weight 1 check inter 2000 rise 2 fall 5

backend web-server2

mode http

balance source

cookie www_chinaunix insert indirect nocache

server chinaunix 192.168.2.4:80 weight 1 check inter 2000 rise 2 fall 5

启动检测命令

/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/haproxy.cfg -c

启动命令

/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/haproxy.cfg

系统参数修改

157 echo 1024 60999 > /proc/sys/net/ipv4/ip_local_port_range

158 echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout

159 echo 4096 > /proc/sys/net/ipv4/tcp_max_syn_backlog

160 echo 262144 > /proc/sys/net/ipv4/tcp_max_tw_buckets

161 echo 262144 > /proc/sys/net/ipv4/tcp_max_orphans

162 echo 300 > /proc/sys/net/ipv4/tcp_keepalive_time

163 echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle

164 echo 0 > /proc/sys/net/ipv4/tcp_timestamps

165 echo 0 > /proc/sys/net/ipv4/tcp_ecn

166 echo 1 > /proc/sys/net/ipv4/tcp_sack

167 echo 0 > /proc/sys/net/ipv4/tcp_dsack

下载keepalived

################################################################

# vvrp_instance define #

################################################################

vrrp_instance VI_BBS {

state BACKUP # 主为master

interface eth1

virtual_router_id 120

priority 80 # 备用优先级比主的低

garp_master_delay 1

authentication {

auth_type PASS

auth_pass KJj23576hYgu23I

}

track_interface {

eth1

}

track_script {

chk_haproxy

}

virtual_ipaddress {

192.168.1.241 # 填写两个共同的VIP地址

wget http://www.keepalived.org/software/keepalived-1.3.5.tar.gz

tar fx keepalived-1.3.5.tar.gz

cd keepalived-1.3.5

./configure --prefix=/usr/local/keepalived

make

make install

mkdir /etc/keepalived/

cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/

cd /etc/keepalived/

vim keepalived.conf

配置文件如下

global_defs {

router_id cnm # 主从一致

}

vrrp_script chk_haproxy {

script "/usr/local/bin/chk_haproxy.sh" # haproxy 服务检测脚本

interval 2

weight 2

}}

}

keepalived 检测 启动 命令

/usr/local/keepalived/sbin/keepalived -D

/usr/local/keepalived/sbin/keepalived

检测服务命令

ps aux | grep keepalived

ps aux | grep haproxy

haproxy 开启日志

Haproxy.cfg修改内容

#加入日志格式，

#log format

      capture request header Host len 64

      capture request header User-Agent len 128

      capture request header X-Forwarded-For len 100

      capture request header Referer len 200

      capture response header Server len 40

      capture response header Server-ID len 40

      log-format %ci:%cp\ %si:%sp\ %B\ %U\ %ST\ %r\ %b\ %f\ %bi\ %hrl\ %hsl\

需要注意加入位置，具体可用haproxy –f haproxy.cfg –c 进行语法检查

修改系统日志配置文件/etc/rsyslog.conf

# Provides UDP syslog reception

$ModLoad imudp

$UDPServerRun 514

#*.info;mail.none;authpriv.none;cron.none                /var/log/messages

mail.none;authpriv.none;cron.none                /var/log/messages

#加入一下行到文件尾部

local3.* /data/logs/haproxy.log

特别注意：需要删除字段”*.info;”，如果不删除，日志会记录两份，很快塞满磁盘空间。

修改文件/etc/sysconfig/rsyslog

SYSLOGD_OPTIONS="-r -m 0 -c 2"

该文件本来就只有一行，注释掉原来的，或者直接进行修改。

确保目录/data/logs存在，然后重启rsyslog及haproxy服务。以指令tail –f /var/log/haproxy.log验证其正确正确性。

haproxy配置文件由两部分组成，全局设定和代理的设定。共分为5段。

global，defaults，frontend，backend，listen。

global 配置段 用于设定全局参数