HAProxy

• 使用C語言編寫的開放源代碼軟件，提供高可用性、負(fù)載均衡，以及基于TCP(4層)和HTTP(7層)的應(yīng)用程序代理；

• 借助HAProxy可以快速并可靠的提供基于TCP和HTTP應(yīng)用的代理解決方案，并支持虛擬主機；

• HAProxy實現(xiàn)了一種時間驅(qū)動，單一進程模型，此模型支持非常大的鏈接數(shù)；

• HAProxy支持拒絕連接：維護連接開銷低，可以限制***蠕蟲(attack bots),該功能拯救了很多被DDos***的小型站點；

• HAProxy支持全透明代理（具備防火墻的典型特點）：可以用客戶端IP地址或者任何其他地址來連接后端服務(wù)器. 這個特性僅在Linux 2.4/2.6內(nèi)核打了cttproxy補丁后才可以使用. 這個特性也使得為某特殊服務(wù)器處理部分流量同時又不修改服務(wù)器的地址成為可能。

HAProxy的主要功能

• 1 - route HTTP requests depending on statically assigned cookies

• 2 - spread load among several servers while assuring server persistence

• 3 - through the use of HTTP cookies

• 4 - switch to backup servers in the event a main server fails

• 5 - accept connections to special ports dedicated to service monitoring

• 6 - stop accepting connections without breaking existing ones

• 7 - add, modify, and delete HTTP headers in both directions

• 8 - block requests matching particular patterns

• 9 - report detailed status to authenticated users from a URI intercepted by the application

---

程序環(huán)境

主程序：/usr/sbin/haproxy?
配置文件： /etc/haproxy/haproxy.cfg?
Unit file: /usr/lib/systemd/system/haproxy.service

配置段

• global：全局配置段\

進程及安全配置相關(guān)的參數(shù)
性能調(diào)整相關(guān)參數(shù)
Debug參數(shù)

• proxies：代理配置段

defaults：為frontend, listen, backend提供默認(rèn)配置；
frontend：前端，相當(dāng)于nginx, server {}
backend：后端，相當(dāng)于nginx, upstream {}
listen：同時擁前端和后端

簡單的配置示例：frontend?webbind?*:80default_backend?????websrvsbackend?websrvsbalance?roundrobinserver?srv1?172.16.100.6:80?checkserver?srv2?172.16.100.7:80?check

global配置詳解

• 全局配置段

• 1 Process management and security

*?1.1?ca-base *?1.2?chroot *?1.3?crt-base *?1.4?deamon：守護進程； *?1.5?gid?用戶組ID，需設(shè)置； *?1.6?uid?用戶ID，需設(shè)置； *?1.7?group *?1.8?log：<address>?[len?<length>]?<facility>?[max?level]?[min?level] *?1.8.0?至多可以使用兩次log功能 *?1.8.1?length:收集日志服務(wù)器的地址； *?1.8.2?address：最長為1024個字節(jié); *?1.8.3?facility:共24種:kern,user,mail,deamon,auth,syslog,lpr,news,uucp,cron,ftp,ntp..... *?1.8.4?level:emerg、alert、crit、error、warning、notice、info、dubeg; *?1.9?log-send-hostname *?1.10?nbproc：小于等于CPU核心數(shù)即可，官方建議采用默認(rèn)值； *?1.11?ulimit-n：設(shè)定當(dāng)前用戶可以打開多少文件數(shù)，可以自動設(shè)定，官方建議無需設(shè)定該值； *?1.12?user *?1.13?stats *?1.14?ssl-server-verify *?1.15?node *?1.16?description *?1.17?unix-bind

設(shè)置log，需開啟本機的rsyslog服務(wù)，可編輯/etc/rsyslog.conf進行定義,配置以下兩行

$InputTCPServerRun?514local2.*????????????????????????????????????????????????/var/log/haproxy.log

• Performance tuning

• 系統(tǒng)調(diào)整

-?max-spread-checks-?maxconn:最大并發(fā)鏈接數(shù)，一般需要調(diào)整；-?maxconnrate：每個進程每秒鐘可以生成的最大鏈接數(shù)；即每秒鐘可以接受最多的鏈接；-?maxcomprate-?maxcompcpuusage：最大CPU使用量-?maxpipes-?maxse***ate：最大會話速率，一旦達(dá)到最大速率不在接受新的請求；-?maxsslconn：每個進程的最大ssl連接數(shù)；-?maxsslrate：ssl連接速率；-?noepoll-?nokqueue-?nopoll-?nosplice-?nogetaddrinfo-?spread-checks：<0..50?in?percent>?狀態(tài)檢查分散開-?tune.bufsize-?tune.chksize-?tune.comp.maxlevel-?tune.http.cookielen-?tune.http.maxhdr-?tune.idletimer-?tune.maxaccept-?tune.maxpollevents-?tune.maxrewrite-?tune.pipesize-?tune.rcvbuf.client-?tune.rcvbuf.server-?tune.sndbuf.client-?tune.sndbuf.server-?tune.ssl.cachesize-?tune.ssl.lifetime-?tune.ssl.force-private-cache-?tune.ssl.maxrecord-?tune.ssl.default-dh-param-?tune.zlib.memlevel-?tune.zlib.windowsize

• Debugging

-?debug:調(diào)試模式-?quiet：靜默模式

---

Proxies配置詳解

• 代理配置段

• Proxy configuration can be located in a set of sections :

• defaults <name>

• frontend <name>

• backend <name>

• listen <name>

A?"defaults"?section?sets?default?parameters?for?all?other?sections?following its?declaration.?Those?default?parameters?are?reset?by?the?next?"defaults"section.?See?below?for?the?list?of?parameters?which?can?be?set?in?a?"defaults"section.?The?name?is?optional?but?its?use?is?encouraged?for?better?readability.A?"frontend"?section?describes?a?set?of?listening?sockets?accepting?clientconnections.A?"backend"?section?describes?a?set?of?servers?to?which?the?proxy?will?connectto?forward?incoming?connections.A?"listen"?section?defines?a?complete?proxy?with?its?frontend?and?backend parts?combined?in?one?section.?It?is?generally?useful?for?TCP-only?traffic.All?proxy?names?must?be?formed?from?upper?and?lower?case?letters,?digits,'-'?(dash),?'_'?(underscore)?,?'.'?(dot)?and?':'?(colon).?ACL?names?arecase-sensitive,?which?means?that?"www"?and?"WWW"?are?two?different?proxies.

• bind

綁定ip及端口
bind [<address>]:<port_range> [, ...] [param*]
bind /<path> [, ...] [param*]
Define one or several listening addresses and/or ports in a frontend.

sections?: defaults frontend listen backend??no??????????yes?????????yes?????no例：listen?http_proxy????bind?:80,:443bind?10.0.0.1:10080,10.0.0.1:10443bind?/var/run/ssl-frontend.sock?user?root?mode?600?accept-proxylisten?http_https_proxy????bind?:80bind?:443?ssl?crt?/etc/haproxy/site.pemlisten?http_https_proxy_explicit????bind?ipv6@:80bind?ipv4@public_ssl:443?ssl?crt?/etc/haproxy/site.pem????bind?unix@ssl-frontend.sock?user?root?mode?600?accept-proxylisten?external_bind_app1????bind?fd@${FD_APP1}

• balance

• 定義調(diào)度類型

balance <algorithm> [ <arguments> ]
balance url_param <param> [check_post]
Define the load balancing algorithm to be used in a backend.

May?be?used?in?sections?: defaults frontend listen backendyes?????????????no????????yes??????yes

1 roundrobin:輪詢；
2 static-rr:根據(jù)權(quán)重輪流使用，但是靜態(tài)的，對服務(wù)器數(shù)量無限制,不支持平滑切換；
3 leastconn:連接數(shù)量最少的服務(wù)器優(yōu)先，當(dāng)連接數(shù)相同時使用roundrobin,不適用http;
4 frist:將第一臺連接滿，開始連接第二臺，第二臺連接滿連接第三臺；
5 source:基于源IP的綁定，相當(dāng)于Nginx的hash_ip,相當(dāng)于LVS的Source ip hashing;
6 URI:對URI進行hash，將同一個URI發(fā)送至同一個服務(wù)器，適用于緩存服務(wù)器,hash方式取決于hash_type；
7 url_param:根據(jù)指定參數(shù)進行調(diào)度，對參數(shù)進行hash，將統(tǒng)一用戶的信息都發(fā)送至同一臺服務(wù)器，hash方式取決于hash_type；
8 hdr(name):在每個HTTP請求中查找HTTP頭<name>,然后根據(jù)hash HTTP頭的name來進行調(diào)度，hash方式取決于hash_type；
9 rdp-cookie(name):查詢每個進來的TCP請求并hash,該機制用于退化的持久連接，hash方式取決于hash_type；

• hash-type：哈希算法

• hash-type <method> <function> <modifier>

• Specify a method to use for mapping hashes to servers

May?be?used?in?sections?: defaults frontend listen backendyes??????????no?????????yes?????yes? <method>map-based：除權(quán)取余法，哈希數(shù)據(jù)結(jié)構(gòu)是靜態(tài)的數(shù)組；consistent：一致性哈希，哈希數(shù)據(jù)結(jié)構(gòu)是一個樹； <function>?is?the?hash?function?to?be?used?:?哈希函數(shù)sdbmdjb2wt6 <modifier>avalanche

• default_backend

• default_backend <backend>\

Specify the backend to use when no "use_backend" rule has been matched.

May?be?used?in?sections?: defaults frontend listen backend??yes?????????yes?????????yes?????no例 use_backend?????dynamic??if??url_dyn use_backend?????static???if??url_css?url_img?extension_img default_backend?dynamic

• server

• server <name> <address>[:[port]] [param*]

Declare a server in a backend 定義后端主機及其各種選項

May?be?used?in?sections?: defaults frontend listen backend????no??????????no??????????yes?????yes

轉(zhuǎn)載于:https://blog.51cto.com/guoruilin198/1905687

總結(jié)

以上是生活随笔為你收集整理的haproxy详解的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。