; haproxy负载均衡两个后端httpd和mysql | Linux运维部落

haproxy负载均衡两个后端httpd和mysql

前端主机:

1
172.16.71.1

,后端主机:

1
172.16.71.4

1
172.16.71.5

前端主机安装haproxy


1
yum install haproxy<br /><br />vim /etc/haproxy/haproxy.cfg<br /><br />global<br /><br /> &nbsp; &nbsp;log &nbsp; &nbsp; &nbsp; &nbsp; 127.0.0.1 local2<br /><br /> &nbsp; &nbsp;chroot &nbsp; &nbsp; &nbsp;/var/lib/haproxy<br /> &nbsp; &nbsp;pidfile &nbsp; &nbsp; /var/run/haproxy.pid<br /> &nbsp; &nbsp;maxconn &nbsp; &nbsp; 4000<br /> &nbsp; &nbsp;#errorfile 503 /etc/haproxy/errorpages/503.html<br /> &nbsp; &nbsp;user &nbsp; &nbsp; &nbsp; &nbsp;haproxy<br /> &nbsp; &nbsp;group &nbsp; &nbsp; &nbsp; haproxy<br /> &nbsp; &nbsp;daemon<br /><br /> &nbsp; &nbsp;# turn on stats unix socket<br /> &nbsp; &nbsp;stats socket /var/lib/haproxy/stats<br /><br />defaults<br /> &nbsp; &nbsp;mode &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;tcp &nbsp; &nbsp; &nbsp; &nbsp; # 默认为http,若要负载均衡MySQL,要换成tcp<br /> &nbsp; &nbsp;log &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; global<br /> &nbsp; &nbsp;option &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;httplog<br /> &nbsp; &nbsp;option &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;dontlognull<br /> &nbsp; &nbsp;option http-server-close<br /> &nbsp; &nbsp;option forwardfor &nbsp; &nbsp; &nbsp; except 127.0.0.0/8 header X-Client<br /> &nbsp; &nbsp;option &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;redispatch<br /> &nbsp; &nbsp;retries &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 3<br /> &nbsp; &nbsp;timeout http-request &nbsp; &nbsp;10s<br /> &nbsp; &nbsp;timeout queue &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1m<br /> &nbsp; &nbsp;timeout connect &nbsp; &nbsp; &nbsp; &nbsp; 10s<br /> &nbsp; &nbsp;timeout client &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;1m<br /> &nbsp; &nbsp;timeout server &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;1m<br /> &nbsp; &nbsp;timeout http-keep-alive 10s<br /> &nbsp; &nbsp;timeout check &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 10s<br /> &nbsp; &nbsp;maxconn &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 30000<br />frontend main *:80 &nbsp; #可以直接写成*:80,也可以写成下面一行这样,bind *:80<br /> &nbsp; &nbsp;#bind *:80<br /> &nbsp; &nbsp;maxconn 6000<br /> &nbsp; &nbsp;acl invalid_src src 172.16.251.57 # 定义acl非法源地址<br /> &nbsp; &nbsp;acl adminapp path_beg -i /admin # 定义acl起始路径,-i表示不区分大小写<br /> &nbsp; &nbsp;acl static path_end -i .jpg .gif .png .jpeg .css .js .html &nbsp;# 定义acl结尾路径,-i表示不区分大小写<br /> &nbsp; &nbsp;acl static path_beg /images /imgs /stylesheets /javascripts &nbsp;# 定义acl起始路径,-i表示不区分大小写<br /> &nbsp; &nbsp;block if invalid_src adminapp # 如果符合acl invalid_src条件则禁止访问。<br /> &nbsp; &nbsp;use_backend staticsrvs if static # 如果符合acl static条件,则使用后端主机staticsrvs<br /> &nbsp; &nbsp;default_backend dynamicsrvs # 默认使用后端主机dynamicsrvs<br /><br /># 上面的功能主要是动静分离<br /><br />listen stats *:9022<br /> &nbsp; &nbsp;stats enable # 开启stats功能<br /> &nbsp; &nbsp;stats uri /admin?hastats # 定义stats uri<br /> &nbsp; &nbsp;stats realm Haproxy\ admin\ area # stats提示 <br /> &nbsp; &nbsp;stats auth admin:magedu # 定义stats认证账户<br /> &nbsp; &nbsp;stats hide-version # 隐藏版本信息<br /> &nbsp; &nbsp;stats admin if TRUE # 始终启用stats admin<br /><br />backend dynamicsrvs<br /># &nbsp; balance roundrobin<br /> &nbsp; &nbsp;balance roundrobin &nbsp;# 采用轮询方式负载均衡<br /> &nbsp; &nbsp;hash-type consistent # hash方式采用一致性hash算法<br /># &nbsp; option httpchk GET / HTTP/1.1\r\nHost:\ <br /># &nbsp; http-check expect status 200<br /> &nbsp; &nbsp;server web1 172.16.71.4:80 check weight 2 inter 3000 rise 1 fall 2 cookie web1 # 定义后端server 名称 地址+端口,检查,权重,检查间隔(ms),如果检查成功几次则启用,如果检查失败几次则停用,添加的cookie内容。<br />backend staticsrvs <br /> &nbsp; &nbsp;cookie SRV insert indirect nocache <br /> &nbsp; &nbsp;server web2 172.16.71.5:80 check cookie web2 maxconn 2000 &nbsp;# 定义server 名称 地址+端口,检查,cookie添加内容,最大并发连接数。<br /><br />frontend mysql<br /> &nbsp; &nbsp;bind *:3306<br /> &nbsp; &nbsp;log global<br /># &nbsp; acl invalid_src src 172.16.71.4 <br /># &nbsp; tcp-request connection reject if invalid_src<br /> &nbsp; &nbsp;mode tcp<br /> &nbsp; &nbsp;default_backend mysrvs<br /><br />backend mysrvs<br /> &nbsp; &nbsp;balance leastconn<br /> &nbsp; &nbsp;server mysql1 172.16.71.4:3306 check<br /> &nbsp; &nbsp;server mysql2 172.16.71.5:3306 check<br /># 后端MySQL服务器内要有相同的账号密码权限等内容。<br />

添加支持https


1
vim /etc/haproxy/haproxy.cfg<br /><br />frontend sslconn<br /> &nbsp; &nbsp;bind *:443 ssl crt /etc/haproxy/certs/haproxy.pem<br /> &nbsp; &nbsp;default_backend dynamicsrvs<br /><br />

1
# 生成证书<br />cd /etc/pki/CA/<br />(umask 077;openssl genrsa -out private/cakey.pem 2048 )<br />openssl req -new -x509 -key private/cakey.pem -out cacert.pem<br />touch index.txt<br />echo 00 &gt; serial<br /><br />cd /etc/haproxy/<br />mkdir certs<br />(umask 077;openssl genrsa -out haproxy.key 2048)<br />openssl req -new -key haproxy.key -out haproxy.csr <br />openssl ca -in haproxy.csr -out haproxy.crt<br />cat haproxy.crt haproxy.key &gt;haproxy.pem<br /><br />mv haproxy.pem c<br />

原创文章,作者:wangshuai,如若转载,请注明出处:/68249

发表评论

电子邮件地址不会被公开。 必填项已用*标注

联系我们

400-080-6560

在线咨询:点击这里给我发消息

邮件:1660809109@qq.com

工作时间:周一至周五,9:30-18:30,节假日同时也值班

友情链接:guoqibee.com  万达娱乐招商QQ  万达娱乐  万达娱乐招商QQ  万达开户  万达直属QQ  万达娱乐主管  万达招商QQ  万达招商  万达娱乐主管