当前位置：首页 > news >正文

浙江瑞通建设集团网站湛江制作公司网站

news 2026/4/8 20:10:43

浙江瑞通建设集团网站,湛江制作公司网站,邱县做网站,信息化网站建设有什么用目录 1、HAProxy介绍 2、HAProxy编译安装 Centos 基础环境 Ubuntu 基础环境编译安装HAProxy 验证HAProxy版本 HAProxy启动脚本配置文件启动haproxy 验证haproxy状态查看haproxy的状态页面 1、HAProxy介绍 HAProxy是法国开发者威利塔罗(Willy Tarreau) 在2000年…目录 1、HAProxy介绍 2、HAProxy编译安装 Centos 基础环境 Ubuntu 基础环境编译安装HAProxy 验证HAProxy版本 HAProxy启动脚本配置文件启动haproxy 验证haproxy状态查看haproxy的状态页面 1、HAProxy介绍 HAProxy是法国开发者威利塔罗(Willy Tarreau) 在2000年使用C语言开发的一个开源软件是一款具备高并发(一万以上)、高性能的TCP和HTTP负载均衡器支持基于cookie的持久性自动故障切换支持正则表达式及web状态统计目前最新TLS版本为2.0 历史版本历史版本更新功能1.4 1.5 1.6 1.7 1.8 1.9 2.0 2.1 2.2-dev 1.8多线程HTTP/2缓存…… 1.7服务器动态配置多类型证书…… 1.6DNS解析支持HTTP连接多路复用…… 1.5开始支持SSLIPV6会话保持…… 从2013年HAProxy 分为社区版和企业版企业版将提供更多的特性和功能以及全天24小时的技术支持等服务。企业版企业版网站[https://www.haproxy.com/] 社区版社区版网站[http://www.haproxy.org/] github[https://github.com/haproxy] 版本对比功能社区版企业版高级HTTP / TCP负载平衡和持久性支持支持高级健康检查支持支持应用程序加速支持支持高级安全特性支持支持高级管理支持支持HAProxy Dev Branch新功能支持24*7 支持服务支持实时仪表盘支持VRRP和Route Health Injection HA工具支持ACL映射和TLS票证密钥同步支持基于应用程序的高级DDoS和Bot保护(自动保护)支持Bot(机器人)监测支持Web应用防火墙支持HTTP协议验证支持实时集群追踪支持 HAProxy功能支持功能 TCP 和 HTTP反向代理 SSL/TSL服务器可以针对HTTP请求添加cookie进行路由后端服务器可平衡负载至后端服务器并支持持久连接支持所有主服务器故障切换至备用服务器支持专用端口实现监控服务支持停止接受新连接请求而不影响现有连接可以在双向添加修改或删除HTTP报文首部响应报文压缩支持基于pattern实现连接请求的访问控制通过特定的URI为授权用户提供详细的状态信息支持http反向代理支持动态程序的反向代理支持基于数据库的反向代理不具备的功能正向代理--squidnginx 缓存代理--varnish web服务--nginx、tengine、apache、php、tomcat UDP--目前不支持UDP协议单机性能--相比LVS性能较差 2、HAProxy编译安装编译安装HAProxy 2.0 LTS版本更多源码包下载地址http://www.haproxy.org/download/ 解决lua环境 HAProxy 支持基于lua实现功能扩展lua是一种小巧的脚本语言于1993年由巴西里约热内卢天主教大学Pontifical Catholic University of Rio de Janeiro里的一个研究小组开发其设计目的是为了嵌入应用程序中从而为应用程序提供灵活的扩展和定制功能。 Lua 官网http://www.lua.org Lua 应用场景游戏开发独立应用脚本Web 应用脚本扩展和数据库插件如MySQL Proxy安全系统如入侵检测系统 Centos 基础环境参考链接[http://www.lua.org/start.html] 由于CentOS7 之前版本自带的lua版本比较低并不符合HAProxy要求的lua最低版本(5.3)的要求因此需要编译安装较新版本的lua环境然后才能编译安装HAProxy过程如下 #当前系统版本 [rootnode1 ~]# lua -v Lua 5.1.4 Copyright (C) 1994-2008 Lua.org, PUC-Rio#安装基础命令及编译依赖环境 [rootnode1 ~]# yum install gcc readline-devel [rootnode1 ~]# wget http://www.lua.org/ftp/lua-5.3.5.tar.gz [rootnode1 ~]# tar xf lua-5.3.5.tar.gz -C /usr/local/src [rootnode1 ~]# cd /usr/local/src/lua-5.3.5 [rootnode1 lua-5.3.5]# make linux test#查看编译安装的版本 [rootnode1 lua-5.3.5]# src/lua -v Lua 5.3.5 Copyright (C) 1994-2018 Lua.org, PUC-Rio Ubuntu 基础环境 #安装基础命令及编译依赖环境 # apt install gcc iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev openssh-server libreadline-dev libsystemd-dev# cd /usr/local/src # wget http://www.lua.org/ftp/lua-5.3.5.tar.gz # tar xvf lua-5.3.5.tar.gz # cd lua-5.3.5 # make linux test# pwd /usr/local/src/lua-5.3.5 # ./src/lua -v Lua 5.3.5 Copyright (C) 1994-2018 Lua.org, PUC-Rio或安装系统自带的lua # apt install lua5.35.3.3-1ubuntu0.18.04.1 # lua5.3 -v Lua 5.3.3 Copyright (C) 1994-2016 Lua.org, PUC-Rio 编译安装HAProxy #HAProxy 1.8及1.9版本编译参数 make ARCHx86_64 TARGETlinux2628 USE_PCRE1 USE_OPENSSL1 USE_ZLIB1 USE_SYSTEMD1 USE_CPU_AFFINITY1 PREFIX/usr/local/haproxy#HAProxy 2.0以上版本编译参数本文使用的是社区版2.2.9 [rootnode1 ~]# yum -y install gcc openssl-devel pcre-devel systemd-devel [rootnode1 ~]# tar xf haproxy-2.2.9.tar.gz -C /usr/local/src/ [rootnode1 ~]# cd /usr/local/src/haproxy-2.2.9/ [rootnode1 haproxy-2.2.9]# cat README [rootnode1 haproxy-2.2.9]# ll Makefile -rw-rw-r-- 1 root root 41604 2月 7 00:02 Makefile [rootnode1 haproxy-2.2.9]# cat INSTALL#参考INSTALL文件进行编译安装 [rootcentos7 haproxy-2.2.9]# make ARCHx86_64 TARGETlinux-glibc USE_PCRE1 USE_OPENSSL1 USE_ZLIB1 USE_SYSTEMD1 USE_LUA1 LUA_INC/usr/local/src/lua-5.3.5/src/ LUA_LIB/usr/local/src/lua-5.3.5/src/ [rootcentos7 haproxy-2.2.9]# make install PREFIX/apps/haproxy [rootcentos7 haproxy-2.2.9]# ln -s /apps/haproxy/sbin/haproxy /usr/sbin/#查看生成的文件 [rootnode1 haproxy-2.2.9]# tree /apps/haproxy/ /apps/haproxy/ ├── doc │ └── haproxy │ ├── 51Degrees-device-detection.txt │ ├── architecture.txt │ ├── close-options.txt │ ├── configuration.txt │ ├── cookie-options.txt │ ├── DeviceAtlas-device-detection.txt │ ├── intro.txt │ ├── linux-syn-cookies.txt │ ├── lua.txt │ ├── management.txt │ ├── netscaler-client-ip-insertion-protocol.txt │ ├── network-namespaces.txt │ ├── peers.txt │ ├── peers-v2.0.txt │ ├── proxy-protocol.txt │ ├── regression-testing.txt │ ├── seamless_reload.txt │ ├── SOCKS4.protocol.txt │ ├── SPOE.txt │ └── WURFL-device-detection.txt ├── sbin │ └── haproxy └── share└── man└── man1└── haproxy.1 6 directories, 22 files 验证HAProxy版本 #验证HAProxy版本 [rootnode1 ~]# which haproxy /usr/sbin/haproxy [rootnode1 ~]# haproxy -v HA-Proxy version 2.2.9-a947cc2 2021/02/06 - https://haproxy.org/ Status: long-term supported branch - will stop receiving fixes around Q2 2025. Known bugs: http://www.haproxy.org/bugs/bugs-2.2.9.html Running on: Linux 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x86_64[rootnode1 ~]# haproxy -V HA-Proxy version 2.2.9-a947cc2 2021/02/06 - https://haproxy.org/ Status: long-term supported branch - will stop receiving fixes around Q2 2025. Known bugs: http://www.haproxy.org/bugs/bugs-2.2.9.html Running on: Linux 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x86_64 Usage : haproxy [-f cfgfile|cfgdir]* [ -vdVD ] [ -n maxconn ] [ -N maxpconn ][ -p pidfile ] [ -m max megs ] [ -C dir ] [-- cfgfile*]-v displays version ; -vv shows known build options.-d enters debug mode ; -db only disables background mode.-dM[byte] poisons memory with byte (defaults to 0x50)-V enters verbose mode (disables quiet mode)-D goes daemon ; -C changes to dir before loading files.-W master-worker mode.-Ws master-worker mode with systemd notify support.-q quiet mode : dont display messages-c check mode : only check config files and exit-n sets the maximum total # of connections (uses ulimit -n)-m limits the usable amount of memory (in MB)-N sets the default, per-proxy maximum # of connections (0)-L set local peer name (default to hostname)-p writes pids of all children to this file-de disables epoll() usage even when available-dp disables poll() usage even when available-dS disables splice usage (broken on old kernels)-dG disables getaddrinfo() usage-dR disables SO_REUSEPORT usage-dr ignores server address resolution failures-dV disables SSL verify on servers side-dW fails if any warning is emitted-sf/-st [pid ]* finishes/terminates old pids.-x unix_socket get listening sockets from a unix socket-S bind[,bind options...] new master CLI [rootnode1 ~]# haproxy -vv HA-Proxy version 2.2.9-a947cc2 2021/02/06 - https://haproxy.org/ Status: long-term supported branch - will stop receiving fixes around Q2 2025. Known bugs: http://www.haproxy.org/bugs/bugs-2.2.9.html Running on: Linux 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x86_64 Build options :TARGET linux-glibcCPU genericCC gccCFLAGS -m64 -marchx86-64 -O2 -g -Wall -Wextra -Wdeclaration-after- statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter - Wno-clobbered -Wno-missing-field-initializers -Wtype-limitsOPTIONS USE_PCRE1 USE_OPENSSL1 USE_LUA1 USE_ZLIB1 USE_SYSTEMD1DEBUG Feature list : EPOLL -KQUEUE NETFILTER PCRE -PCRE_JIT -PCRE2 -PCRE2_JIT POLL -PRIVATE_CACHE THREAD -PTHREAD_PSHARED BACKTRACE -STATIC_PCRE -STATIC_PCRE2 TPROXY LINUX_TPROXY LINUX_SPLICE LIBCRYPT CRYPT_H GETADDRINFO OPENSSL LUA FUTEX ACCEPT4 -CLOSEFROM ZLIB -SLZ CPU_AFFINITY TFO NS DL RT - DEVICEATLAS -51DEGREES -WURFL SYSTEMD -OBSOLETE_LINKER PRCTL THREAD_DUMP - EVPORTSDefault settings :bufsize 16384, maxrewrite 1024, maxpollevents 200Built with multi-threading support (MAX_THREADS64, default1). Built with OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017 Running on OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 Built with Lua version : Lua 5.3.5 Built with network namespace support. Built with zlib version : 1.2.7 Running on zlib version : 1.2.7 Compression algorithms supported : identity(identity), deflate(deflate), raw-deflate(deflate), gzip(gzip) Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with PCRE version : 8.32 2012-11-30 Running on PCRE version : 8.32 2012-11-30 PCRE library supports JIT : no (USE_PCRE_JIT not set) Encrypted password support via crypt(3): yes Built with gcc compiler version 4.8.5 20150623 (Red Hat 4.8.5-44)Available polling systems :epoll : pref300, test result OKpoll : pref200, test result OKselect : pref150, test result OK Total: 3 (3 usable), will use epoll.Available multiplexer protocols : (protocols marked as default cannot be specified using proto keyword)fcgi : modeHTTP sideBE muxFCGIdefault : modeHTTP sideFE|BE muxH1h2 : modeHTTP sideFE|BE muxH2default : modeTCP sideFE|BE muxPASS Available services : none Available filters : [SPOE] spoe [COMP] compression [TRACE] trace [CACHE] cache [FCGI] fcgi-app HAProxy启动脚本 [rootnode1 ~]# cat /usr/lib/systemd/system/haproxy.service [Unit] DescriptionHAProxy Load Balancer Aftersyslog.target network.target[Service] ExecStartPre/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q ExecStart/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid ExecReload/bin/kill -USR2 $MAINPID[Install] WantedBymulti-user.target#默认缺少配置文件无法启动 [rootnode1 ~]# systemctl daemon-reload [rootnode1 ~]# systemctl start haproxy Job for haproxy.service failed because the control process exited with error code. See systemctl status haproxy.service and journalctl -xe for details.[rootnode1 ~]# tail /var/log/messages Feb 23 10:10:01 node1 systemd: Started Session 2 of user root. Feb 23 10:17:43 node1 systemd: Starting Cleanup of Temporary Directories... Feb 23 10:17:43 node1 systemd: Started Cleanup of Temporary Directories. Feb 23 10:18:06 node1 systemd: Reloading. Feb 23 10:18:15 node1 systemd: Starting HAProxy Load Balancer... Feb 23 10:18:15 node1 haproxy: [ALERT] 053/101815 (2171) : Cannot open configuration file/directory /etc/haproxy/haproxy.cfg : No such file or directory Feb 23 10:18:15 node1 systemd: haproxy.service: control process exited, codeexited status1 Feb 23 10:18:15 node1 systemd: Failed to start HAProxy Load Balancer. Feb 23 10:18:15 node1 systemd: Unit haproxy.service entered failed state. Feb 23 10:18:15 node1 systemd: haproxy.service failed. 配置文件 #查看配置文件范例 [rootnode1 ~]# tree /usr/local/src/haproxy-2.2.9/examples/ /usr/local/src/haproxy-2.2.9/examples/ ├── acl-content-sw.cfg ├── content-sw-sample.cfg ├── errorfiles │ ├── 400.http │ ├── 403.http │ ├── 408.http │ ├── 500.http │ ├── 502.http │ ├── 503.http │ ├── 504.http │ └── README ├── haproxy.init ├── option-http_proxy.cfg ├── socks4.cfg ├── transparent_proxy.cfg └── wurfl-example.cfg1 directory, 15 files#创建自定义的配置文件 [rootnode1 ~]# mkdir /etc/haproxy [rootnode1 ~]# vim /etc/haproxy/haproxy.cfg globalmaxconn 100000chroot /apps/haproxystats socket /var/lib/haproxy/haproxy.sock mode 600 level admin#uid 99#gid 99user haproxygroup haproxydaemon#nbproc 4#cpu-map 1 0#cpu-map 2 1#cpu-map 3 2#cpu-map 4 3pidfile /var/lib/haproxy/haproxy.pidlog 127.0.0.1 local2 infodefaultsoption http-keep-aliveoption forwardformaxconn 100000mode httptimeout connect 300000mstimeout client 300000mstimeout server 300000mslisten statsmode httpbind 0.0.0.0:9999stats enablelog globalstats uri /haproxy-statusstats auth haadmin:123456 listen web_portbind 192.168.150.11:80mode httplog globalserver web1 127.0.0.1:8080 check inter 3000 fall 2 rise 5 启动haproxy [rootnode1 ~]# mkdir /var/lib/haproxy [rootnode1 ~]# useradd -r -s /sbin/nologin -d /var/lib/haproxy haproxy [rootnode1 ~]# systemctl enable --now haproxy 验证haproxy状态 haproxy.cfg文件中定义了chroot、pidfile、user、group等参数如果系统没有相应的资源会导致haproxy无法启动具体参考日志文件 /var/log/messages [rootnode1 ~]# systemctl status haproxy ● haproxy.service - HAProxy Load BalancerLoaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)Active: active (running) since 二 2021-02-23 10:23:05 CST; 30s ago Process: 2215 ExecStartPre/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q (codeexited, status0/SUCCESS) Main PID: 2217 (haproxy)CGroup: /system.slice/haproxy.service├─2217 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid└─2221 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid2月 23 10:23:05 node1.kongd.com systemd[1]: Starting HAProxy Load Balancer... 2月 23 10:23:05 node1.kongd.com systemd[1]: Started HAProxy Load Balancer. 2月 23 10:23:05 node1.kongd.com haproxy[2217]: [NOTICE] 053/102305 (2217) : New worker #1 (2221) forked 2月 23 10:23:05 node1.kongd.com haproxy[2217]: [WARNING] 053/102305 (2221) : Server web_port/web1 i...ue. 2月 23 10:23:05 node1.kongd.com haproxy[2217]: [NOTICE] 053/102305 (2221) : haproxy version is 2.2....cc2 2月 23 10:23:05 node1.kongd.com haproxy[2217]: [NOTICE] 053/102305 (2221) : path to executable is /...oxy 2月 23 10:23:05 node1.kongd.com haproxy[2217]: [ALERT] 053/102305 (2221) : proxy web_port has no ...le! Hint: Some lines were ellipsized, use -l to show in full.[rootnode1 ~]# pstree -p |grep haproxy|-haproxy(2217)---haproxy(2221) 查看haproxy的状态页面浏览器访问 http://haproxy-server:9999/haproxy-status

查看全文

http://www.w-s-a.com/news/599010/