普通用户安装配置haproxy

介绍


HAProxy提供高可用性、负载均衡以及基于TCP和HTTP应用的代理,支持虚拟主机,它是免费、快速并且可靠的一种解决方案。
HAProxy特别适用于那些负载特大的web站点,这些站点通常又需要会话保持或七层处理。
HAProxy运行在当前的硬件上,完全可以支持数以万计的并发连接。并且它的运行模式使得它可以很简单安全的整合进您当前的架构中, 同时可以保护你的web服务器不被暴露到网络上。

安装


下载包
下载地址:http://download.openpkg.org/components/cache/haproxy/haproxy-2.5.0.tar.gz

[code404@NEWCWS-AS06 data]$ tar -xvf haproxy-2.5.0.tar.gz
[code404@NEWCWS-AS06 haproxy-2.5.0]$ cd haproxy-2.5.0
[code404@NEWCWS-AS06 haproxy-2.5.0]$ uname -r
3.10.0-1062.el7.x86_64

系统版本 3.10.0-1062.el7.x86_64

编译安装


参数说明


  • TARGET=linux26 #内核版本,使用uname -r查看内核,如:2.6.18-371.el5,此时该参数就为linux26;kernel 大于2.6.28的用: TARGET=linux2628
  • ARCH=x86_64 #系统位数
  • PREFIX=/data/haprpxy #/usr/local/haprpxy为haprpxy安装路径
[code404@NEWCWS-AS06 haproxy-2.5.0]$ make TARGET=3100 ARCH=x86_64 PREFIX=/data/haproxy
[code404@NEWCWS-AS06 haproxy-2.5.0]$ make install TARGET=3100 ARCH=x86_64 PREFIX=/data/haproxy
install: creating directory ‘/data/haproxy’
install: creating directory ‘/data/haproxy/sbin’
‘haproxy’ -> ‘/data/haproxy/sbin/haproxy’
install: creating directory ‘/data/haproxy/share’
install: creating directory ‘/data/haproxy/share/man’
install: creating directory ‘/data/haproxy/share/man/man1’
‘doc/haproxy.1’ -> ‘/data/haproxy/share/man/man1/haproxy.1’
install: creating directory ‘/data/haproxy/doc’
install: creating directory ‘/data/haproxy/doc/haproxy’
‘doc/configuration.txt’ -> ‘/data/haproxy/doc/haproxy/configuration.txt’
‘doc/management.txt’ -> ‘/data/haproxy/doc/haproxy/management.txt’
‘doc/seamless_reload.txt’ -> ‘/data/haproxy/doc/haproxy/seamless_reload.txt’
‘doc/architecture.txt’ -> ‘/data/haproxy/doc/haproxy/architecture.txt’
‘doc/peers-v2.0.txt’ -> ‘/data/haproxy/doc/haproxy/peers-v2.0.txt’
‘doc/regression-testing.txt’ -> ‘/data/haproxy/doc/haproxy/regression-testing.txt’
‘doc/cookie-options.txt’ -> ‘/data/haproxy/doc/haproxy/cookie-options.txt’
‘doc/lua.txt’ -> ‘/data/haproxy/doc/haproxy/lua.txt’
‘doc/WURFL-device-detection.txt’ -> ‘/data/haproxy/doc/haproxy/WURFL-device-detection.txt’
‘doc/proxy-protocol.txt’ -> ‘/data/haproxy/doc/haproxy/proxy-protocol.txt’
‘doc/linux-syn-cookies.txt’ -> ‘/data/haproxy/doc/haproxy/linux-syn-cookies.txt’
‘doc/SOCKS4.protocol.txt’ -> ‘/data/haproxy/doc/haproxy/SOCKS4.protocol.txt’
‘doc/network-namespaces.txt’ -> ‘/data/haproxy/doc/haproxy/network-namespaces.txt’
‘doc/DeviceAtlas-device-detection.txt’ -> ‘/data/haproxy/doc/haproxy/DeviceAtlas-device-detection.txt’
‘doc/51Degrees-device-detection.txt’ -> ‘/data/haproxy/doc/haproxy/51Degrees-device-detection.txt’
‘doc/netscaler-client-ip-insertion-protocol.txt’ -> ‘/data/haproxy/doc/haproxy/netscaler-client-ip-insertion-protocol.txt’
‘doc/peers.txt’ -> ‘/data/haproxy/doc/haproxy/peers.txt’
‘doc/close-options.txt’ -> ‘/data/haproxy/doc/haproxy/close-options.txt’
‘doc/SPOE.txt’ -> ‘/data/haproxy/doc/haproxy/SPOE.txt’
‘doc/intro.txt’ -> ‘/data/haproxy/doc/haproxy/intro.txt’

修改配置文件


[code404@NEWCWS-AS06 haproxy-2.5.0]$ cd /data/haproxy
[code404@NEWCWS-AS06 haproxy]$ mkdir etc
[code404@NEWCWS-AS06 haproxy]$ vim etc/haproxy.cfg

/data/haproxy/etc/haproxy.cfg 配置

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    log         127.0.0.1 local2

    #chroot      /data/haproxy/chroot
    pidfile     /data/haproxy.pid
    maxconn     4000
    uid	0
    gid 0
    daemon

    # turn on stats unix socket
    stats socket /data/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
#   option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

listen oa_rabbitmq_cluster 
    bind *:5672 
    #配置TCP模式 
    mode tcp 
    option tcplog
    #简单的轮询 
    balance roundrobin 
    #rabbitmq集群节点配置 server 每个节点的hostname ip:5672 
    server OA-MQ1 10.3.152.68:5672 check inter 5000 rise 2 fall 2
    server OA-MQ2 10.3.152.69:5672 check inter 5000 rise 2 fall 2
    server OA-MQ3 10.3.153.69:5672 check inter 5000 rise 2 fall 2

listen stats
    bind *:15672
    mode http
    option httplog 
    stats enable 
    #简单的轮询 
    balance roundrobin
    #rabbitmq集群节点配置 server 每个节点的hostname ip:5672 
    server OA-MQ1 10.3.152.68:15672 check inter 5000 rise 2 fall 2
    server OA-MQ2 10.3.152.69:15672 check inter 5000 rise 2 fall 2
    server OA-MQ3 10.3.153.69:15672 check inter 5000 rise 2 fall 2

启动 haproxy


/data/haproxy/sbin/haproxy -f /data/haproxy/etc/haproxy.cfg

报错了[/data/haproxy/sbin/haproxy.main()] Cannot raise FD limit to 8032, limit is 1024.


[code404@NEWCWS-AS06 haproxy]$ /data/haproxy/sbin/haproxy -f /data/haproxy/etc/haproxy.cfg
[NOTICE]   (22699) : haproxy version is 2.5.0-f2e0833
[NOTICE]   (22699) : path to executable is /data/haproxy/sbin/haproxy
[ALERT]    (22699) : [/data/haproxy/sbin/haproxy.main()] Cannot raise FD limit to 8032, limit is 1024.
[code404@NEWCWS-AS06 haproxy]$

这个报错说明,系统没有优化,下面优化一下

vim /etc/security/limits.conf
*        soft    nofile        65535
*        hard    nofile        65535

优化完成后,要重启一下服务器

reboot

再次启动Haproxy


[code404@NEWCWS-AS06 haproxy]$ /data/haproxy/sbin/haproxy -f /data/haproxy/etc/haproxy.cfg
[code404@NEWCWS-AS06 haproxy]$ netstat -nptl
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:15672           0.0.0.0:*               LISTEN      1887/haproxy        
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:5672            0.0.0.0:*               LISTEN      1887/haproxy        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp6       0      0 ::1:25                  :::*                    LISTEN      -                   
tcp6       0      0 :::22                   :::*                    LISTEN      -       

检查haproxy状态,能访问了


[code404@NEWCWS-AS06 haproxy]$ curl localhost:15672 -I
HTTP/1.1 200 OK
content-length: 2884
content-security-policy: script-src 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'
content-type: text/html
date: Mon, 06 Dec 2021 06:59:07 GMT
etag: "3417244139"
last-modified: Thu, 02 Dec 2021 07:12:23 GMT
server: Cowboy
vary: origin

外面访问,要开防火墙端口


切换到root账号,开放端口

[code404@NEWCWS-AS06 haproxy]$ firewall-cmd --add-port=15672/tcp --add-port=5672/tcp --zone=public --perman 
success
[code404@NEWCWS-AS06 haproxy]$ firewall-cmd --reload
success
[code404@NEWCWS-AS06 haproxy]$

版权声明:本文为作者原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

原创文章,作者:老C,如若转载,请注明出处:https://www.code404.icu/1481.html

发表评论

登录后才能评论