1 HAProxy概述
ha-proxy是一款高性能的负载均衡软件。支持 4 层和 7 层代理(当 mode 配置 为 tcp 表示 4 层,配置为 http 表示 7 层)。
ha-proxy 作为目前流行的负载均衡软件,具有如下优点:
- 支持tcp / http 两种协议层的负载均衡,使得其负载均衡功能非常丰富。
- 支持8种左右的负载均衡算法,尤其是在http模式时,有许多非常实在的负载均衡算法,适用各种需求。
- 性能非常优秀,基于单进程处理模式(和Nginx类似)让其性能卓越。
- 拥有一个功能出色的监控页面,实时了解系统的当前状况。
- 功能强大的ACL支持,给用户极大的方便。
haproxy支持的算法:
- roundrobin:基于权重进行轮询,在服务器的处理时间保持均匀分布时,这是最平衡,最公平的算法.此算法是动态的,这表示其权重可以在运行时进行调整.
- static-rr:基于权重进行轮询,与roundrobin类似,但是为静态方法,在运行时调整其服务器权重不会生效.不过,其在后端服务器连接数上没有限制
- leastconn:新的连接请求被派发至具有最少连接数目的后端服务器.
2 安装配置 HAProxy
2.1 安装 HAProxy
下载软件:
https://www.haproxy.org/download/2.8/src/haproxy-2.8.0.tar.gz
安装依赖包:
yum -y install gcc glibc-devel make ncurses-devel openssl-devel xmlto perl wget gtk2-devel binutils-devel systemd-devel
编译:
make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/usr/local/haproxy
这里也可以制定其他参数:
1.USE_LUA=1 LUA_INC=/usr/local/src/lua-5.3.5/src LUA_LIB=/usr/local/src/lua-5.3.5/src # 使用lua脚本,需安装lua
2.ARCH=x86_64 #CPU架构,arch命令查看
3.TARGET=linux-glibc #通用linux内核
4.USE_PCRE=1 #PCRE支持正则表达式,用于用户请求的uri
5.USE_OPENSSL=1 #https,证书
6.USE_ZLIB=1 #开启压缩
7.USE_SYSTEMD=1 #使用systemd启动haproxy主进程
8.USE_CPU_AFFINITY=1 #CPU亲和性,让haproxy指定的进程工作在指定的CPU核心上
9.USE_LUA=1 LUA_INC=/usr/local/src/lua-5.3.5/src LUA_LIB=/usr/local/src/lua-5.3.5/src #开启lua,及lua和lua库所在路径
10.PREFIX=/usr/local/haproxy #指定安装路径
安装:
make install PREFIX=/usr/local/haproxy
2.2 配置环境变量
# vim /etc/profile
export PATH=/usr/local/haproxy/sbin:$PATH
# source /etc/profile
2.3 修改配置文件
创建配置文件:/etc/haproxy/haproxy.cfg。
添加如下内容:
[dave@www.cndba.cn etc]$cat /etc/haproxy/haproxy.cfg
global
daemon
maxconn 4000
pidfile /usr/local/haproxy/haproxy.pid
defaults
timeout connect 10s
timeout client 1m
timeout server 1m
listen app
bind 0.0.0.0:22883
mode tcp #工作模式 http ,tcp 是 4 层,http是 7 层
balance roundrobin
server db1 192.168.1.21:2883 check inter 2000 rise 2 fall 5 weight 1
server db2 192.168.1.22:2883 check inter 2000 rise 2 fall 5 weight 1
server db3 192.168.1.23:2883 check inter 2000 rise 2 fall 5 weight 1
listen haproxy_statistics
bind 0.0.0.0:9000
mode http
stats enable
stats uri /haproxy_statistics
stats realm HAProxy/ Statistics
stats auth admin:Password
2.4 配置启动服务
添加启动服务
[dave@www.cndba.cn etc]$cat /usr/lib/systemd/system/haproxy.service
# vim /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy
After=network.target
[Service]
User=root
Type=forking
ExecStart=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg
ExecStop=/usr/bin/kill `/usr/bin/cat /usr/local/haproxy/haproxy.pid`
[Install]
WantedBy=multi-user.target
[dave@www.cndba.cn etc]$
启动和停止:
# systemctl enable haproxy.service
# systemctl start haproxy.service
[dave@www.cndba.cn ~]$systemctl start haproxy.service
[dave@www.cndba.cn ~]$ps -ef|grep haproxy
root 82376 1 1 15:24 ? 00:00:00 /usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg
root 82473 74758 0 15:24 pts/0 00:00:00 grep --color=auto haproxy
[dave@www.cndba.cn ~]$systemctl stop haproxy.service
[dave@www.cndba.cn ~]$ps -ef|grep haproxy
root 82672 74758 0 15:24 pts/0 00:00:00 grep --color=auto haproxy
[dave@www.cndba.cn ~]$
2.5 相关命令
1. 检查配置文件语法
[dave@www.cndba.cn ~]$haproxy -c -f /etc/haproxy/haproxy.cfg
Configuration file is valid
[dave@www.cndba.cn ~]$
2. 启动调试功能,将显示所有连接和处理信息在屏幕
[dave@www.cndba.cn ~]$haproxy -d -f /etc/haproxy/haproxy.cfg
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result FAILED
Total: 3 (2 usable), will use epoll.
Available filters :
[BWLIM] bwlim-in
[BWLIM] bwlim-out
[CACHE] cache
[COMP] compression
[FCGI] fcgi-app
[SPOE] spoe
[TRACE] trace
Using epoll() as the polling mechanism.
3. 显示haproxy编译和启动信息
[dave@www.cndba.cn ~]$haproxy -vv
HAProxy version 2.8.0-fdd8154 2023/05/31 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2028.
Known bugs: http://www.haproxy.org/bugs/bugs-2.8.0.html
Running on: Linux 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64
Build options :
TARGET = linux-glibc
CPU = generic
CC = cc
CFLAGS = -m64 -march=x86-64 -O2 -g -Wall -Wextra -Wundef -Wdeclaration-after-statement -Wfatal-errors -Wtype-limits -fwrapv -Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wno-string-plus-int -Wno-atomic-alignment
OPTIONS = USE_OPENSSL=1 USE_ZLIB=1 USE_CPU_AFFINITY=1 USE_SYSTEMD=1 USE_PCRE=1
DEBUG = -DDEBUG_STRICT -DDEBUG_MEMORY_POOLS
Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H -DEVICEATLAS +DL -ENGINE +EPOLL -EVPORTS +GETADDRINFO -KQUEUE -LIBATOMIC +LIBCRYPT +LINUX_SPLICE +LINUX_TPROXY -LUA -MATH -MEMORY_PROFILING +NETFILTER +NS -OBSOLETE_LINKER +OPENSSL -OPENSSL_WOLFSSL -OT +PCRE -PCRE2 -PCRE2_JIT -PCRE_JIT +POLL +PRCTL -PROCCTL -PROMEX -PTHREAD_EMULATION -QUIC +RT +SHM_OPEN -SLZ +SSL -STATIC_PCRE -STATIC_PCRE2 +SYSTEMD +TFO +THREAD +THREAD_DUMP +TPROXY -WURFL +ZLIB
Default settings :
bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with multi-threading support (MAX_TGROUPS=16, MAX_THREADS=256, default=96).
Built with OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with network namespace support.
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Encrypted password support via crypt(3): yes
Built with gcc compiler version 4.8.5 20150623 (Red Hat 4.8.5-44)
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
h2 : mode=HTTP side=FE|BE mux=H2 flags=HTX|HOL_RISK|NO_UPG
fcgi : mode=HTTP side=BE mux=FCGI flags=HTX|HOL_RISK|NO_UPG
<default> : mode=HTTP side=FE|BE mux=H1 flags=HTX
h1 : mode=HTTP side=FE|BE mux=H1 flags=HTX|NO_UPG
<default> : mode=TCP side=FE|BE mux=PASS flags=
none : mode=TCP side=FE|BE mux=PASS flags=NO_UPG
Available services : none
Available filters :
[BWLIM] bwlim-in
[BWLIM] bwlim-out
[CACHE] cache
[COMP] compression
[FCGI] fcgi-app
[SPOE] spoe
[TRACE] trace
[dave@www.cndba.cn ~]$
3. restart:需要使用 st 选项指定pid列表
[dave@www.cndba.cn ~]$haproxy -f /etc/haproxy/haproxy.cfg -st `cat /usr/local/haproxy/haproxy.pid`
4. graceful restart:即reload。需要使用 sf 选项指定pid列表
[dave@www.cndba.cn ~]$haproxy -f /etc/haproxy/haproxy.cfg -sf `cat /usr/local/haproxy/haproxy.pid`
说明:
- restart会直接关掉旧进程并建立新进程,所以会丢弃大量已建立的连接;
- reload会启动新进程,但旧进程会先处理完当前已建立连接然后再关闭。
版权声明:本文为博主原创文章,未经博主允许不得转载。