當(dāng)前位置：首頁(yè) > 编程资源 > 编程问答 >内容正文

编程问答

haproxy详解

發(fā)布時(shí)間：2025/3/15 编程问答 63 豆豆

生活随笔收集整理的這篇文章主要介紹了 haproxy详解小編覺(jué)得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.

HAProxy

使用C語(yǔ)言編寫的開放源代碼軟件，提供高可用性、負(fù)載均衡，以及基于TCP(4層)和HTTP(7層)的應(yīng)用程序代理；
借助HAProxy可以快速并可靠的提供基于TCP和HTTP應(yīng)用的代理解決方案，并支持虛擬主機(jī)；
HAProxy實(shí)現(xiàn)了一種時(shí)間驅(qū)動(dòng)，單一進(jìn)程模型，此模型支持非常大的鏈接數(shù)；
HAProxy支持拒絕連接：維護(hù)連接開銷低，可以限制***蠕蟲(attack bots),該功能拯救了很多被DDos***的小型站點(diǎn)；
HAProxy支持全透明代理（具備防火墻的典型特點(diǎn)）：可以用客戶端IP地址或者任何其他地址來(lái)連接后端服務(wù)器. 這個(gè)特性僅在Linux 2.4/2.6內(nèi)核打了cttproxy補(bǔ)丁后才可以使用. 這個(gè)特性也使得為某特殊服務(wù)器處理部分流量同時(shí)又不修改服務(wù)器的地址成為可能。

HAProxy的主要功能

1 - route HTTP requests depending on statically assigned cookies
2 - spread load among several servers while assuring server persistence
3 - through the use of HTTP cookies
4 - switch to backup servers in the event a main server fails
5 - accept connections to special ports dedicated to service monitoring
6 - stop accepting connections without breaking existing ones
7 - add, modify, and delete HTTP headers in both directions
8 - block requests matching particular patterns
9 - report detailed status to authenticated users from a URI intercepted by the application

程序環(huán)境

主程序：/usr/sbin/haproxy?
配置文件： /etc/haproxy/haproxy.cfg?
Unit file: /usr/lib/systemd/system/haproxy.service

配置段

global：全局配置段\

進(jìn)程及安全配置相關(guān)的參數(shù)
性能調(diào)整相關(guān)參數(shù)
Debug參數(shù)

proxies：代理配置段

defaults：為frontend, listen, backend提供默認(rèn)配置；
frontend：前端，相當(dāng)于nginx, server {}
backend：后端，相當(dāng)于nginx, upstream {}
listen：同時(shí)擁前端和后端

簡(jiǎn)單的配置示例：frontend?webbind?*:80default_backend?????websrvsbackend?websrvsbalance?roundrobinserver?srv1?172.16.100.6:80?checkserver?srv2?172.16.100.7:80?check

global配置詳解

全局配置段
1 Process management and security

*?1.1?ca-base *?1.2?chroot *?1.3?crt-base *?1.4?deamon：守護(hù)進(jìn)程； *?1.5?gid?用戶組ID，需設(shè)置； *?1.6?uid?用戶ID，需設(shè)置； *?1.7?group *?1.8?log：<address>?[len?<length>]?<facility>?[max?level]?[min?level] *?1.8.0?至多可以使用兩次log功能 *?1.8.1?length:收集日志服務(wù)器的地址； *?1.8.2?address：最長(zhǎng)為1024個(gè)字節(jié); *?1.8.3?facility:共24種:kern,user,mail,deamon,auth,syslog,lpr,news,uucp,cron,ftp,ntp..... *?1.8.4?level:emerg、alert、crit、error、warning、notice、info、dubeg; *?1.9?log-send-hostname *?1.10?nbproc：小于等于CPU核心數(shù)即可，官方建議采用默認(rèn)值； *?1.11?ulimit-n：設(shè)定當(dāng)前用戶可以打開多少文件數(shù)，可以自動(dòng)設(shè)定，官方建議無(wú)需設(shè)定該值； *?1.12?user *?1.13?stats *?1.14?ssl-server-verify *?1.15?node *?1.16?description *?1.17?unix-bind

設(shè)置log，需開啟本機(jī)的rsyslog服務(wù)，可編輯/etc/rsyslog.conf進(jìn)行定義,配置以下兩行

$InputTCPServerRun?514local2.*????????????????????????????????????????????????/var/log/haproxy.log

Performance tuning
系統(tǒng)調(diào)整

-?max-spread-checks-?maxconn:最大并發(fā)鏈接數(shù)，一般需要調(diào)整；-?maxconnrate：每個(gè)進(jìn)程每秒鐘可以生成的最大鏈接數(shù)；即每秒鐘可以接受最多的鏈接；-?maxcomprate-?maxcompcpuusage：最大CPU使用量-?maxpipes-?maxse***ate：最大會(huì)話速率，一旦達(dá)到最大速率不在接受新的請(qǐng)求；-?maxsslconn：每個(gè)進(jìn)程的最大ssl連接數(shù)；-?maxsslrate：ssl連接速率；-?noepoll-?nokqueue-?nopoll-?nosplice-?nogetaddrinfo-?spread-checks：<0..50?in?percent>?狀態(tài)檢查分散開-?tune.bufsize-?tune.chksize-?tune.comp.maxlevel-?tune.http.cookielen-?tune.http.maxhdr-?tune.idletimer-?tune.maxaccept-?tune.maxpollevents-?tune.maxrewrite-?tune.pipesize-?tune.rcvbuf.client-?tune.rcvbuf.server-?tune.sndbuf.client-?tune.sndbuf.server-?tune.ssl.cachesize-?tune.ssl.lifetime-?tune.ssl.force-private-cache-?tune.ssl.maxrecord-?tune.ssl.default-dh-param-?tune.zlib.memlevel-?tune.zlib.windowsize

Debugging

-?debug:調(diào)試模式-?quiet：靜默模式

Proxies配置詳解

代理配置段
Proxy configuration can be located in a set of sections :

defaults <name>
frontend <name>
backend <name>
listen <name>

A?"defaults"?section?sets?default?parameters?for?all?other?sections?following its?declaration.?Those?default?parameters?are?reset?by?the?next?"defaults"section.?See?below?for?the?list?of?parameters?which?can?be?set?in?a?"defaults"section.?The?name?is?optional?but?its?use?is?encouraged?for?better?readability.A?"frontend"?section?describes?a?set?of?listening?sockets?accepting?clientconnections.A?"backend"?section?describes?a?set?of?servers?to?which?the?proxy?will?connectto?forward?incoming?connections.A?"listen"?section?defines?a?complete?proxy?with?its?frontend?and?backend parts?combined?in?one?section.?It?is?generally?useful?for?TCP-only?traffic.All?proxy?names?must?be?formed?from?upper?and?lower?case?letters,?digits,'-'?(dash),?'_'?(underscore)?,?'.'?(dot)?and?':'?(colon).?ACL?names?arecase-sensitive,?which?means?that?"www"?and?"WWW"?are?two?different?proxies.

bind

綁定ip及端口
bind [<address>]:<port_range> [, ...] [param*]
bind /<path> [, ...] [param*]
Define one or several listening addresses and/or ports in a frontend.

sections?: defaults frontend listen backend??no??????????yes?????????yes?????no例：listen?http_proxy????bind?:80,:443bind?10.0.0.1:10080,10.0.0.1:10443bind?/var/run/ssl-frontend.sock?user?root?mode?600?accept-proxylisten?http_https_proxy????bind?:80bind?:443?ssl?crt?/etc/haproxy/site.pemlisten?http_https_proxy_explicit????bind?ipv6@:80bind?ipv4@public_ssl:443?ssl?crt?/etc/haproxy/site.pem????bind?unix@ssl-frontend.sock?user?root?mode?600?accept-proxylisten?external_bind_app1????bind?fd@${FD_APP1}

balance
定義調(diào)度類型

balance <algorithm> [ <arguments> ]
balance url_param <param> [check_post]
Define the load balancing algorithm to be used in a backend.

May?be?used?in?sections?: defaults frontend listen backendyes?????????????no????????yes??????yes

1 roundrobin:輪詢；
2 static-rr:根據(jù)權(quán)重輪流使用，但是靜態(tài)的，對(duì)服務(wù)器數(shù)量無(wú)限制,不支持平滑切換；
3 leastconn:連接數(shù)量最少的服務(wù)器優(yōu)先，當(dāng)連接數(shù)相同時(shí)使用roundrobin,不適用http;
4 frist:將第一臺(tái)連接滿，開始連接第二臺(tái)，第二臺(tái)連接滿連接第三臺(tái)；
5 source:基于源IP的綁定，相當(dāng)于Nginx的hash_ip,相當(dāng)于LVS的Source ip hashing;
6 URI:對(duì)URI進(jìn)行hash，將同一個(gè)URI發(fā)送至同一個(gè)服務(wù)器，適用于緩存服務(wù)器,hash方式取決于hash_type；
7 url_param:根據(jù)指定參數(shù)進(jìn)行調(diào)度，對(duì)參數(shù)進(jìn)行hash，將統(tǒng)一用戶的信息都發(fā)送至同一臺(tái)服務(wù)器，hash方式取決于hash_type；
8 hdr(name):在每個(gè)HTTP請(qǐng)求中查找HTTP頭<name>,然后根據(jù)hash HTTP頭的name來(lái)進(jìn)行調(diào)度，hash方式取決于hash_type；
9 rdp-cookie(name):查詢每個(gè)進(jìn)來(lái)的TCP請(qǐng)求并hash,該機(jī)制用于退化的持久連接，hash方式取決于hash_type；

hash-type：哈希算法
hash-type <method> <function> <modifier>
Specify a method to use for mapping hashes to servers

May?be?used?in?sections?: defaults frontend listen backendyes??????????no?????????yes?????yes? <method>map-based：除權(quán)取余法，哈希數(shù)據(jù)結(jié)構(gòu)是靜態(tài)的數(shù)組；consistent：一致性哈希，哈希數(shù)據(jù)結(jié)構(gòu)是一個(gè)樹； <function>?is?the?hash?function?to?be?used?:?哈希函數(shù)sdbmdjb2wt6 <modifier>avalanche

default_backend
default_backend <backend>\

Specify the backend to use when no "use_backend" rule has been matched.

May?be?used?in?sections?: defaults frontend listen backend??yes?????????yes?????????yes?????no例 use_backend?????dynamic??if??url_dyn use_backend?????static???if??url_css?url_img?extension_img default_backend?dynamic

server
server <name> <address>[:[port]] [param*]

Declare a server in a backend 定義后端主機(jī)及其各種選項(xiàng)

May?be?used?in?sections?: defaults frontend listen backend????no??????????no??????????yes?????yes

轉(zhuǎn)載于:https://blog.51cto.com/guoruilin198/1905687

總結(jié)

以上是生活随笔為你收集整理的haproxy详解的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。