首页 > CentOS, Haproxy, Linux > Haproxy 配置

Haproxy 配置

1.安装

yum -y install haproxy

2.配置详解

配置文件 /etc/haproxy/haproxy.cfg,内容如下

#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    #修改haproxy的工作目录
    chroot      /var/lib/haproxy
    #进程资源文件路径
    pidfile     /var/run/haproxy.pid
    #最大连接数
    maxconn     4000
    user        haproxy
    group       haproxy
    #后台运行
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    #工作模式mode { tcp|http|health },默认http
    mode                    http   
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend  main *:5000
    acl url_static       path_beg       -i /static /images /javascript /stylesheets
    acl url_static       path_end       -i .jpg .gif .png .css .js

    use_backend static          if url_static
    default_backend             app

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
    balance     roundrobin
    server      static 127.0.0.1:4331 check

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
    balance     roundrobin
    server  app1 127.0.0.1:5001 check
    server  app2 127.0.0.1:5002 check
    server  app3 127.0.0.1:5003 check
    server  app4 127.0.0.1:5004 check

 

3.负载均衡方式 balance

  • roundrobin  轮询方式,可通过参数weight 设置权重,后端服务器最大为4095,可以在线调整权重
  • static-rr   轮询方式,可通过参数weight 设置权重,后端服务器数量无限制,无法在线调整权重
  • leastconn   最少连接者优先处理,适用于长session(LDAP,SQL),不建议http协议
  • source      ip hash算法(map-based(recommended),consistent)保证同一个ip请求永远只会被同一台服务器处理
  • uri      根据请求的uri
  • url_param  根据请求的参数
  • hdr(name)  根据请求头
  • rdp-cookie(name)  根据cookie

样例代码

balance roundrobin
balance url_param userid
balance url_param session_id check_post 64
balance hdr(User-Agent)
balance hdr(host)
balance hdr(Host) use_domain_only

参考 http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#4.2-balance

http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#hash-type

4.添加监控

listen stats :8888
    mode http
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats uri /
    stats auth Username:Password

打开http://yourip:8888/ 输入用户名和密码即可

1A325B01-7DEF-4544-862C-A64050DB6484

 

5.虚拟主机配置

frontend http-in
    bind *:80
    acl is_gitsea_com hdr_end(host) -i gitsea.com
    use_backend gitsea_com if is_gitsea_com
    default_backend gitsea_com

backend gitsea_com
    balance roundrobin
    server Server1 127.0.0.1:8080 
    server Server2 127.0.0.1:8081

6.静态资源处理

建议后端用Nginx 做静态资源服务器

frontend  http-in
    bind *:80
    acl url_static       path_beg       -i /static /images /javascript /stylesheets
    acl url_static       path_end       -i .jpg .gif .png .css .js

    use_backend static          if url_static
    default_backend             app

backend static
    balance     roundrobin
    # set an expires header to now+1 hour in every response
    http-response set-header Expires %[date(3600),http_date]
    server      static 127.0.0.1:4331 check

7.https配置

#整合ssl证书
cat gitsea.com.crt gitsea.com.key > gitsea.com.pem

编辑haproxy.cfg
frontend localhost
    bind *:80
    bind *:443 ssl crt /etc/ssl/gitsea.com.pem
    #如果只允许https访问,可以增加如下设置
    redirect scheme https if !{ ssl_fc }
    mode http
    default_backend nodes

backend nodes
    mode http
    balance roundrobin
    #请求ip 赋值到http header  "X-Forwarded-For"  中
    option forwardfor except 127.0.0.1
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Port %[dst_port]
    server web01 127.0.0.1:9000 check
    server web02 127.0.0.1:9001 check
    server web03 127.0.0.1:9002 check

8.多域名https设置

defaults
  log 127.0.0.1 local0
  option tcplog

frontend ft_test
  mode http
  bind 0.0.0.0:443 ssl crt /certs/haproxy1.pem crt /certs/haproxy2.pem 
  use_backend bk_cert1 if { ssl_fc_sni my.example.com } # content switching based on SNI
  use_backend bk_cert2 if { ssl_fc_sni my.example.org } # content switching based on SNI

backend bk_cert1
  mode http
  server srv1 <ip-address2>:80

backend bk_cert2
  mode http
  server srv2 <ip-address3>:80

9.开启压缩

backend bk_web
 mode http
 compression algo gzip
 compression type text/html text/plain text/css
 server localhost 127.0.0.1:80

refer to: http://cbonte.github.io/haproxy-dconv/configuration-1.6.html

  1. 本文目前尚无任何评论.
  1. 本文目前尚无任何 trackbacks 和 pingbacks.
*