Haproxy一个高性能的负载均衡服务软件,它可基于四层和七层之间进行调度,而且对各个节点具有健康状态检测的功能,当后端服务器故障时,会自动标记为不可用状态,当服务器上线时还会自动将后端主机上线。比起lvs其配置简单,且引入了frontend,backend,listen等功能,frontend可添加acl规则,可根据HTTP请求头做规则匹配,然后把请求定向到相关的backend。
二、配置相关参数详解
haproxy主要分为global、defaults、front、backend、listen几段,配置文件详细说明如下:
#---------------------------------------------------------------------
# Global settings #全局配置段
#---------------------------------------------------------------------
global #全局配置段
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log #如需保存日志文件需修改/etc/rsyslog.cfg添加此项至配置问文件中重启rsyslog
#
log 127.0.0.1 local2 #日志将通过rsyslog进行记录
chroot /var/lib/haproxy #运行的安装路径
pidfile /var/run/haproxy.pid #运行时的pid进程文件
maxconn 4000 #最大连接数
user haproxy #运行以haproxy用户
group haproxy #运行以haproxy用户
daemon #以守护进程的方式运行haproxy
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http #工作模式
log global #记录日志级别为全局
option httplog #详细的http日志
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8 #传递客服端IP
option redispatch
retries 3 #失败后重试次数
timeout http-request 10s #http请求超时时长
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s #心跳信息检测超时时长
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
listen stats
mode http
bind *:1080
stats enable
stats hide-version
stats uri /admin
stats realm Haproxy\ Statistics
stats auth admin:admin
stats admin if TRUE
frontend main
bind *:80
#定义acl规则
acl url_static path_beg -i /static /images /javascript /stylesheets #请求报文中以此类开头的都定义为uri_static
acl url_static path_end -i .jpg .gif .png .css .js .html .ico #不区分大小写一此类.*结尾的都定义为url_static
acl url_dynamic path_end -i .php .jsp .asp #不区分大小写以此类开头的定义为动态资源组
use_backend static if url_static #调用后端服务器并检测规则
use_backend bynamic if url_dynamic #调用后端服务器并检查规则
default_backend static #使用默认规则
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static #后端调度
balance roundrobin #调度算法,除此外还有static-rr,leaseconn,first,source,uri等
server static 192.168.10.125:80 inter 1500 rise 2 fall 3 check
rspadd X-Via:static #启用响应报文首部标志,以便观察是静态服务器反馈的
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend dynamic
balance source
server s2 172.16.10.12:80 check inter 1500 rise 2 fall 3
#check inter 1500是检测心跳频率
#rise2 2次正确认为服务器可用
#fall3 3次失败认为服务器不可用
#---------------------------------------------------------------------
# round robin balancing listen option
#---------------------------------------------------------------------
listen statistics
mode http #http 7 层模式
bind *:9988 #监听地址
stats enable #启用状态监控
stats auth admin:admin #验证的用户与密码
stats uri /admin?stats #访问路径
stats hide-version #隐藏状态页面版本号
stats admin if TRUE #如果验证通过了就允许登录
stats refresh 3s #每3秒刷新一次
acl allow src 192.168.18.0/24 #允许的访问的IP地址
tcp-request content accept if allow #允许的地址段就允许访问
tcp-request content reject #拒绝非法连接
三、haproxy+varnish实现动静分离小案例
实验架构拓扑图:
