HAproxy功能配置
author:JevonWei
版权声明:原创作品
- haproxy配置文档 https://cbonte.github.io/haproxy-dconv/
环境
前端HAProxy 172.16.253.108
后端web1 172.16.253.105
后端web2 172.16.252.1
client 172.16.253.177
安装HAProxy
HAProxy
[root@HAProxy ~]# yum install haproxy -y
[root@HAProxy ~]# rpm -ql haproxy
[root@HAProxy ~]# iptables -F
[root@HAProxy ~]# setenforce 0
[root@HAProxy ~]# systemctl enable haproxy
[root@HAProxy ~]# cp /etc/haproxy/haproxy.cfg{,.bak}
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
web1
[root@web1 ~]# yum -y install httpd
[root@web1 ~]# vim /var/www/html/index.html
<h1> Backend Server 1 </h1>
[root@web1 ~]# cd /var/www/html/
[root@web1 html]# for i in {1..10}; do echo "Test Page $i @BES 1" > test$i.html;done
[root@web1 html]# ls
index.php test1.html test3.html test5.html test7.html test9.html
index.html test10.html test2.html test4.html test6.html test8.html
[root@web1 ~]# systemctl start httpd
[root@web1 ~]# setenforce 0
[root@web1 ~]# iptables -F
web 2
[root@web2 ~]# yum -y install httpd
[root@web2 ~]# vim /var/www/html/index.html
<h1> Backend Server 2 </h1>
[root@web2 ~]# cd /var/www/html/
[root@web2 html]# for i in {1..10}; do echo "Test Page $i @BES 1" > test$i.html;done
[root@web2 html]# ls
index.html test1.html test3.html test5.html test7.html test9.html
test10.html test2.html test4.html test6.html test8.html
[root@web2 ~]# service httpd start
[root@web2 ~]# setenforce 0
[root@web2 ~]# iptables -F
启用HAProxy的日志功能
HAProxy
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
log 127.0.0.1 local2 \\日志的设备管道为local2,需在rsyslog配置文件中定义local2的日志设备
[root@HAProxy ~]# vim /etc/rsyslog.conf
$ModLoad imudp \\启用UDP协议接收日志
$UDPServerRun 514 \\UDP端口为514
local2.* /var/log/haproxy.log \\定义local2日志设备的文件为/var/log/haproxy.log
[root@HAProxy ~]# systemctl restart rsyslog.service
- 重新配置frontend和backend字段
配置HAProxy
roundrobin算法
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb \\定义HAProxy前段主机为myweb
bind *:80 \\监听主机上所有IP的80端口
default_backend websrvs \\默认后端主机为websrvs
backend websrvs \\定义后端主机组
balance roundrobin \\调度算法为动态轮询
server srv1 172.16.253.105:80 check maxconn 3 \\172.16.253.105:80端口为后端主机srv1,check为检查服务器健康状态,maxconn 3最大并发连接数为3
server srv2 172.16.252.1:80 check \\定义172.16.252.1为websrv后端主机组中的srv2主机
uri算法
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb \\定义HAProxy前段主机为myweb
bind *:80 \\监听主机上所有IP的80端口
default_backend websrvs \\默认后端主机为websrvs
backend websrvs \\定义后端主机组
balance uri \\调度算法为uri
server srv1 172.16.253.105:80 check maxconn 3 \\172.16.253.105:80端口为后端主机srv1,check为检查服务器健康状态,maxconn 3最大并发连接数为3
server srv2 172.16.252.1:80 check \\定义172.16.252.1为websrv后端主机组中的srv2主机
hash-type consistent \\hash算法一致性
hdr算法(同一个浏览器访问相同的后端服务器)
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb
frontend myweb
bind *:80
default_backend websrvs
backend websrvs
balance hdr(User-Agent)
server srv1 172.16.253.105:80 check
server srv2 172.16.252.1:80 check
hash-type consistent
[root@HAProxy ~]# systemctl start haproxy
[root@HAProxy ~]# systemctl enable haproxy
[root@HAProxy ~]# ss -tnl \\80端口以打开
client
访问HAProxy代理服务端
roundrobin算法
[root@client ~]# for i in {1..10};do curl http://172.16.253.108;done
<h1> Backend Server 1 </h1>
<h1> Backend Server 2 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 2 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 2 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 2 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 2 </h1>
uri算法,consistent hash类型
[root@client ~]# for i in {1..10};do curl 172.16.253.108/test1.html;done
Test Page 1 @BES 1
Test Page 1 @BES 1
Test Page 1 @BES 1
Test Page 1 @BES 1
Test Page 1 @BES 1
Test Page 1 @BES 1
Test Page 1 @BES 1
Test Page 1 @BES 1
Test Page 1 @BES 1
Test Page 1 @BES 1
[root@client ~]# for i in {1..10};do curl 172.16.253.108/test3.html;done
Test Page 2 @BES 1
Test Page 2 @BES 1
Test Page 2 @BES 1
Test Page 2 @BES 1
Test Page 1 @BES 1
启动压缩功能
HAProxy
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb
bind *:80
default_backend websrvs
compression algo gzip \\启动压缩功能,压缩类型为gzip
compression type text/html text/plainhtml, application/xml\\压缩文件的类型为文本文件,plainhtml纯文本文件
backend websrvs
balance roundrobin
server srv1 172.16.253.105:80 check
server srv2 172.16.252.1:80 check
定义check检查的时间间隔
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb
bind *:80
default_backend websrvs
backend websrvs
balance roundrobin
# option httpchk \\启用七层代理向主页发送请求
option httpchk GET /test1.html HTTP/1.0 \\启用七层代理,当使用GET命令,使用HTTP1.0协议向test1.txt页面发送请求时检查页面健康状态
server srv1 172.16.253.105:80 check inter 3000ms rise 1 fall 2 \\inter定义为每3s检查一次,rise为检查成功一次即为成功,fall为检查失败两次即为故障
server srv2 172.16.252.1:80 check backup \\backup为备用服务端,当其他主机故障时启用
[root@HAProxy ~]# systemctl restart haproxy
web1
后端主机的httpd访问日志中可以看到每隔2秒都有一次主页检查记录日志
[root@web2 ~]# tail -f /var/log/httpd/access_log
实现网页重定向
HAProxy
访问172.16.253.105后端主机srv1的网页将自动跳转到指定的网页,eg redir http://www.baidu.com 跳转到www.baidu.com
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb
bind *:80
default_backend websrvs
backend websrvs
balance roundrobin
server srv1 172.16.253.105:80 check inter 3000ms rise 1 fall 2 redir http://www.baidu.com \\将访问172.16.253.105主页面重定向访问www.baidu.com
server srv2 172.16.252.1:80 check backup
weight权重选项
HAProxy
root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb
bind *:80
default_backend websrvs
backend websrvs
balance roundrobin
server srv1 172.16.253.105:80 check weight 2 \\权重为2
server srv2 172.16.252.1:80 check weight 1 \\权重为1
client
[root@client ~]# for i in {1..10};do curl 172.16.253.108;done
<h1> Backend Server 1 </h1>
<h1> Backend Server 2 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 2 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 2 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 1 </h1>
stats 状态页面
HAProxy
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb
stats enable
bind *:80
default_backend websrvs
backend websrvs
balance roundrobin
server srv1 172.16.253.105:80 check weight 2
server srv2 172.16.252.1:80 check weight 1
[root@HAProxy ~]# systemctl restart haproxy.service
浏览器访问http://172.16.253.108/haproxy?stats
自定义stats状态页面的uri路径
HAProxy[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb
stats enable
stats uri /myproxy?admin
bind *:80
default_backend websrvsbackend websrvs
balance roundrobin
server srv1 172.16.253.105:80 check weight 2
server srv2 172.16.252.1:80 check weight 1
[root@HAProxy ~]# systemctl restart haproxy
浏览器访问http://172.16.253.108/myproxy?adminstats页面的用户访问控制
HAProxy
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb
stats enable \\启用stats
stats uri /myproxy?admin \\自定义stats页面uri的路径为/myproxy?admin
stats realm "HAProxy Stats Page" \\认证提示
stats auth admin:admin \\stats页面用户访问控制,用户admin,密码admin
bind *:80
default_backend websrvs
backend websrvs
balance roundrobin
server srv1 172.16.253.105:80 check weight 2
server srv2 172.16.252.1:80 check weight 1
[root@HAProxy ~]# systemctl restart haproxy
浏览器输入http://172.16.253.108/myproxy?admin访问
- 启用stats的管理功能
HAProxy
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb *:80
stats enable \\启用stats
stats uri /myproxy?admin \\自定义stats页面uri的路径为/myproxy?admin
stats realm "HAProxy Stats Page" \\认证提示
stats auth admin:admin \\stats页面用户访问控制,用户admin,密码admin
stats admin if TRUE \\总是允许访问stats的用户管理stats页面
default_backend websrvs
backend websrvs
balance roundrobin
server srv1 172.16.253.105:80 check weight 2
server srv2 172.16.252.1:80 check weight 1
[root@HAProxy ~]# systemctl restart haproxy
浏览器访问http://172.16.253.108/myproxy?admin
- 单独定义stats的管理页面
HAProxy
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb
bind *:80
default_backend websrvs
backend websrvs
balance roundrobin
server srv1 172.16.253.105:80 check weight 2
server srv2 172.16.252.1:80 check weight 1
listen stats
bind *:9000 \\定义stats页面的监听端口为9000
stats enable \\开启stats状态界面
stats uri /myproxy?admin \\自定义stats的uri路径
stats realm "HAProxy Stats Page" \\stats页面的提示信息
stats auth admin:admin \\ststs状态界面的admin用户认证
stats admin if TRUE \\允许所有登录stats的用户管理stats界面
[root@HAProxy ~]# systemctl restart haproxy
浏览器访问http://172.16.253.108/myproxy?admin
| 字段 | 含义 |
|---|---|
| Queue | 队列 |
| Session rate | 会话速率 |
| Sessions | 所有会话 |
| Bytes | 传输字节 |
| Denled | 拒绝的 |
| Error | 错误的 |
| Warnings | 警告 |
| Server | 后端服务器 |
| server 字段 | 含义 |
|---|---|
| Status | Server的状态 |
| LastCHK | 显示httd的是四层检查还是七层检查 |
| Wght | 权重 |
| Act | 活动主机数量 |
| Bck | 备用主机数量 |
| Chk | 失败检测次数 |
| Dwn | 离线主机数量 |
| Dwntme | 主机离线时间 |
定义haproxy的工作模式为tcp,实现layer4层代理
HAProxy
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
listen sshsrvs
mode tcp
bind *:2222
balance leastconn
server sshsrv1 172.16.253.105:22 check
server sshsrv2 172.16.252.1:22 check
[root@HAProxy ~]# systemctl restart haproxy.service
client
[root@client ~]# ssh root@172.16.253.108 -p 2222
设置cookie
HAProxy
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb *:80
default_backend websrvs
backend websrvs
cookie WEBSRV insert indirect nocache \\WEBSRV为自定义的cookie键名
balance roundrobin
server srv1 172.16.253.105:80 check weight 2 cookie srv1 \\srv1为自定义的srv1服务器的cookie信息
server srv2 172.16.252.1:80 check weight 1 cookie srv2 \\srv2为自定义的srv2服务器的cookie信息
client
[root@client ~]# curl -I 172.16.253.108
HTTP/1.1 200 OK
Date: Fri, 26 May 2017 03:30:41 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 25 May 2017 11:26:46 GMT
ETag: "40801-1c-550577f03843e"
Accept-Ranges: bytes
Content-Length: 28
Content-Type: text/html; charset=UTF-8
Set-Cookie: WEBSRV=srv2; path=/ \\Cookie信息为WEBSRV=srv2
Cache-control: private
[root@client ~]# curl -I 172.16.253.108/test3.html
HTTP/1.1 200 OK
Date: Tue, 29 Aug 2017 04:41:00 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Mon, 28 Aug 2017 14:02:09 GMT
ETag: "13-557d0bda20453"
Accept-Ranges: bytes
Content-Length: 19
Content-Type: text/html; charset=UTF-8
Set-Cookie: WEBSRV=srv1; path=/ \\Cookie信息为WEBSRV=srv1
Cache-control: private
forwardfor请求报文首部信息
HAProxy
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
defaults
option forwardfor except 127.0.0.0/8 if-none
除了本机127.0.0.0/8发出去的请求报文不予添加X-Forwarded-For信息,其他报文都要判断是否含有X-Forwarded-For信息,若没有,则添加X-Forwarded-For信息
web1
[root@web1 ~]# vim /etc/httpd/conf/httpd.conf \\修改日志记录格式如下
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
[root@web1 ~]# systemctl restart rsyslog
errorfile错误本地文件路径
HAProxy
[root@HAProxy ~]# mkdir /etc/haproxy/errorfile
[root@HAProxy ~]# vim /etc/haproxy/errorfile/403.html
Forbidden,No way;
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb *:80
default_backend websrvs
backend websrvs
errorfile 403 /etc/haproxy/errorfile/403.html
balance roundrobin
server srv1 172.16.253.105:80 check weight 2 cookie srv1
server srv2 172.16.252.1:80 check weight 1 cookie srv2
errorloc错误网页url重定向到本地的web
HAProxy服务端安装nginx服务
[root@HAProxy ~]# yum -y install nginx
[root@HAProxy ~]# vim /etc/nginx/conf.d/errserver.conf
server {
listen 10080;
server_name error.danran.com;
root /data/nginx/errorhtml;
}
[[root@HAProxy ~]# mkdir -pv /data/nginx/errorhtml
[root@HAProxy ~]# vim /data/nginx/errorhtml/403.html
403 from nginx
[root@HAProxy ~]# vim /etc/nginx/nginx.conf
server {
listen 8089 default_server;
} \\默认80端口与HAYproxy冲突,故修改nginx的默认端口
[root@HAProxy ~]# systemctl start nginx
配置error错误网页重定向到本地web服务
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb *:80
default_backend websrvs
backend websrvs
errorloc 403 http://172.16.253.108:10080/403.html
balance roundrobin
server srv1 172.16.253.105:80 check weight 2 cookie srv1
server srv2 172.16.252.1:80 check weight 1 cookie srv2
[root@HAProxy ~]# systemctl restart haproxy
reqadd添加请求报文首部信息
HAYproxy
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb *:80
default_backend websrvs
backend websrvs
reqadd X-Proxy-By:\ HAProxy
balance roundrobin
server srv1 172.16.253.105:80 check weight 2
server srv2 172.16.252.1:80 check weight 1
[root@HAProxy ~]# systemctl restart haproxy
web1
[root@web1 ~]# vim /etc/httpd/conf/httpd.conf
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{X-Proxy-By}i" combined
[root@web1 ~]# systemctl restart rsyslog
通过访问HAYproxy代理服务器查看web1的访问日志信息
rspadd添加响应报文首部信息
HAYproxy
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb *:80
default_backend websrvs
backend websrvs
rsqadd X-Proxy-By:\ HAProxy-1.5
balance roundrobin
server srv1 172.16.253.105:80 check weight 2
server srv2 172.16.252.1:80 check weight 1
[root@HAProxy ~]# systemctl restart haproxy
rspidel删除响应报文的指定信息
HAYproxy
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb *:80
default_backend websrvs
backend websrvs
rspidel ^Server:.* \\删除响应报文中Server开头的信息
balance roundrobin
server srv1 172.16.253.105:80 check weight 2
server srv2 172.16.252.1:80 check weight 1
[root@HAProxy ~]# systemctl restart haproxy
基于ACL做访问控制(四层代理)
网络拓扑
环境
前端HAProxy 172.16.253.108
后端web1 172.16.253.105
后端web2 172.16.252.1
client 172.16.253.177
安装HAProxy
HAProxy
[root@HAProxy ~]# yum install haproxy -y
[root@HAProxy ~]# rpm -ql haproxy
[root@HAProxy ~]# iptables -F
[root@HAProxy ~]# setenforce 0
[root@HAProxy ~]# systemctl enable haproxy
[root@HAProxy ~]# cp /etc/haproxy/haproxy.cfg{,.bak}
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
web1
[root@web1 ~]# yum -y install httpd
[root@web1 ~]# vim /var/www/html/index.html
<h1> Backend Server 1 </h1>
[root@web1 ~]# systemctl start httpd
[root@web1 ~]# setenforce 0
[root@web1 ~]# iptables -F
web 2
[root@web2 ~]# yum -y install httpd
[root@web2 ~]# vim /var/www/html/index.html
<h1> Backend Server 2 </h1>
[root@web2 ~]# service httpd start
[root@web2 ~]# setenforce 0
[root@web2 ~]# iptables -F
- block阻塞主机访问
172.16.251.196用户访问stats状态界面,并显示错误网页http://172.16.253.108:10080/403.html
HAProxy
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb *:80
default_backend websrvs
backend websrvs
balance roundrobin
server srv1 172.16.253.105:80 check weight 2
server srv2 172.16.252.1:80 check weight 1
listen stats
bind *:9000
acl allowstats src 172.16.251.196
block if allowstats \\阻塞allowstats中的IP访问stats界面
errorloc 403 http://172.16.253.108:10080/403.html
stats enable
stats uri /myproxy?admin
stats realm "HAProxy Stats Page"
stats auth admin:admin
stats admin if TRUE
[root@HAProxy ~]# systemctl restart haproxy
访问测试
172.16.251.196使用浏览器访问测试http://172.16.253.108:10080/403.html
- http-request允许某主机访问stats状态界面
允许172.16.251.196用户访问http://172.16.253.108服务器的HAProxy的状态界面
HAProxy
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb *:80
default_backend websrvs
backend websrvs
balance roundrobin
server srv1 172.16.253.105:80 check weight 2
server srv2 172.16.252.1:80 check weight 1
listen stats
bind *:9000
acl allowstats src 172.16.251.196
# http-request allow if allowstats \\允许allowstats中的IP访问stats状态界面
http-request deny unless allowstats \\除了allowstats之外全部拒绝访问,即仅允许allowstats访问
# http-request deny if allowstats \\拒绝allowstats访问
errorloc 403 http://172.16.253.108:10080/403.html \\错误网页文件
stats enable
stats uri /myproxy?admin
stats realm "HAProxy Stats Page"
stats auth admin:admin
stats admin if TRUE
[root@HAProxy ~]# systemctl restart haproxy
访问测试
图形化浏览器
172.16.251.196使用浏览器访问测试http://172.16.253.108:10080/403.html
字符界面
[root@client ~]# curl --basic --user admin:admin http://172.16.253.108:9000/myproxy?admin
基于ACL做访问控制(七层代理)
动态网页存放在动态服务器组中,静态网页存放在静态服务器组中
拓扑环境
环境
前端HAProxy 172.16.253.108
后端web1 172.16.253.105
后端web2 172.16.253.191
client 172.16.253.177
- web1使用虚拟主机技术搭建两个web server,用来存放动态网页内荣容
- web2使用虚拟主机搭建两个web server用来替代静态网页内容
web1创建虚拟主机
[root@web1 ~]# yum -y install php httpd
[root@web1 ~]# mkdir /data/web/vhost{1,2} -pv
[root@web1 ~]# vim /data/web/vhost1/index.php
<h1> Application Server 1</h1>
<?php
phpinfo();
?>
[root@web1 ~]# vim /data/web/vhost2/index.php
<h1> Application Server 2</h1>
<?php
phpinfo();
?>
虚拟主机1的配置文件
[root@web1 ~]# vim /etc/httpd/conf.d/vhost1.conf \\编辑vhost1虚拟主机的配置文件
<VirtualHost *:80>
ServerName www1.danran.com
DocumentRoot "/data/web/vhost1"
<Directory "/data/web/vhost1">
Options FollowSymLinks \\允许使用连接文件目录
AllowOverride None \\不允许其他配置文件覆盖此文件中的设置
Require all granted
</Directory>
</VirtualHost>
虚拟主机2的配置文件
[root@web1 ~]# vim /etc/httpd/conf.d/vhost2.conf
[root@web1 ~]# vim /etc/httpd/conf.d/vhost2.conf
Listen 8080
<VirtualHost *:8080>
ServerName www2.danran.com
DocumentRoot "/data/web/vhost2"
<Directory "/data/web/vhost2">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
[root@web1 ~]# systemctl restart httpd.service
[root@web1 ~]# ss -ntl
web2创建虚拟主机
[root@web2 ~]# yum -y install httpd
[root@web2 ~]# mkdir -pv /data/web/vhost{1,2}
[root@web2 ~]# find /usr/share/ -iname "*.jpg" -exec cp {} /data/web/vhost1/ \;
[root@web2 ~]# find /usr/share/ -iname "*.jpg" -exec cp {} /data/web/vhost2/ \;
[root@web2 ~]# vim /data/web/vhost1/index.html
<h1> Image Server 1 </h1>
[root@web2 ~]# vim /data/web/vhost2/index.html
<h1> Image Server 2 </h1>
编辑虚拟主机1的配置文件
[root@web2 ~]# vim /etc/httpd/conf.d/vhost1.conf
<VirtualHost *:80>
ServerName www1.danran.com
DocumentRoot "/data/web/vhost1"
<Directory "/data/web/vhost1">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
编辑虚拟主机2的配置文件
[root@web2 ~]# vim /etc/httpd/conf.d/vhost2.conf
Listen 8080
<VirtualHost *:8080>
ServerName www2.danran.com
DocumentRoot "/data/web/vhost1"
<Directory "/data/web/vhost1">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
[root@web2 ~]# systemctl start httpd.service
HAProxy
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb *:80
cookie WEBSRV indirect nocache
acl static path_end .jpg .jpeg .png .gif .txt .html \\定义ACL的组static以.jpg .jpeg .png .gif .txt .html结尾的文件
use_backend staticsrvs if static \\当符合条件时使用static主机组
default_backend dynsrvs \\当不符合use_bckend条件时使用默认default_backend主机组
backend dynsrvs \\定义动态主机组
balance roundrobin
server dynsrv1 172.16.253.105:80 check cookie dynsrv1
server dynsrv2 172.16.253.105:8080 check cookie dynsrv2
backend staticsrvs \\定义静态主机组
balance roundrobin
server staticsrv1 172.16.253.191:80 check
server staticsrv2 172.16.253.191:8080 check
[root@HAProxy ~]# systemctl restart haproxy
client
[root@client ~]# curl http://172.16.253.108/index.html
<h1> Image Server 1 </h1>
[root@client ~]# curl http://172.16.253.108/index.html
<h1> image Server 2 </h1>
[root@client ~]# curl http://172.16.253.108/index.php
<h1> Application Server 2</h1>
[root@client ~]# curl http://172.16.253.108/index.php
<h1> Application Server 2</h1>
拒绝curl访问web
HAProxy
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb *:80
cookie WEBSRV indirect nocache
acl static path_end .jpg .jpeg .png .gif .txt .html \\定义ACL的组static以.jpg .jpeg .png .gif .txt .html结尾的文件
use_backend staticsrvs if static \\当符合条件时使用static主机组
default_backend dynsrvs \\当不符合use_bckend条件时使用默认default_backend主机组
acl bad_browsers hdr_reg(User-Agent) .*curl.* \\定义请求报文中包含curl的ACL组为bad_browsers
block if bad_browsers \\阻塞bad_browsers组的访问
backend dynsrvs \\定义动态主机组
balance roundrobin
server dynsrv1 172.16.253.105:80 check cookie dynsrv1
server dynsrv2 172.16.253.105:8080 check cookie dynsrv2
backend staticsrvs \\定义静态主机组
balance roundrobin
server staticsrv1 172.16.253.191:80 check
server staticsrv2 172.16.253.191:8080 check
[root@HAProxy ~]# systemctl restart haproxy
client
[root@client ~]# curl http://172.16.253.108/index.html
<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>
定义仅允许danran.com域内的的主机访问
HAProxy
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend myweb *:80
cookie WEBSRV indirect nocache
acl static path_end .jpg .jpeg .png .gif .txt .html \\定义ACL的组static以.jpg .jpeg .png .gif .txt .html结尾的文件
use_backend staticsrvs if static \\当符合条件时使用static主机组
default_backend dynsrvs \\当不符合use_bckend条件时使用默认default_backend主机组
acl valid_referers hdr_reg(Referer) \.danran\.com
block unless valid_referers \\阻塞除了valid_referers组之外的所有人的访问
backend dynsrvs \\定义动态主机组
balance roundrobin
server dynsrv1 172.16.253.105:80 check cookie dynsrv1
server dynsrv2 172.16.253.105:8080 check cookie dynsrv2
backend staticsrvs \\定义静态主机组
balance roundrobin
server staticsrv1 172.16.253.191:80 check
server staticsrv2 172.16.253.191:8080 check
[root@HAProxy ~]# systemctl restart haproxy
client
模拟www.danran.com主机访问
[root@client ~]# curl -e "http://www.danran.com/index.php" http://172.16.253.108/index.php
<h1> Application Server 2</h1>HAproxy功能配置的更多相关文章
- Haproxy安装配置及日志输出问题
简介: 软件负载均衡一般通过两种方式来实现:基于操作系统的软负载实现和基于第三方应用的软负载实现.LVS就是基于Linux操作系统实现的一种软负载,HAProxy就是开源的并且基于第三应用实现的软负载 ...
- HAPROXY 配置项/配置实例
HAPROXY 配置项/实例 常用配置选项: OPTION 选项: option httpclose :HAProxy会针对客户端的第一条请求的返回添加cookie并返回给客户端,客户端发送后续请求时 ...
- HAproxy部署配置
HAproxy部署配置 拓扑图 说明: haproxy服务器IP:172.16.253.200/16 (外网).192.168.29.140/24(内网) 博客服务器组IP:192.168.29.13 ...
- HAProxy详解(二):HAProxy基础配置与应用实例
一.HAProxy基础配置与应用实例: 1.快速安装HAProxy集群软件: HAProxy的官网: https://www.haproxy.org/#down下载HAProxy的源码包. 安装: [ ...
- HAPRoxy(一):HAProxy基本配置、调度算法与tcp、http、heath模式配置示例
一.HAProxy安装 1.HAProxy简单介绍 HAProxy虽然名字前有HA,但它并不是一款高可用软件,而是一款用于实现负载均衡的软件,可实现四层与七层的负载均衡. 2.yum安装HAProxy ...
- haproxy 日志配置
haproxy日志配置 haproxy在默认情况不会记录日志,除了在haproxy.conf中的global段指定日志的输出外,还需要配置系统日志的配置文件.下面以centos6.4为例,haprox ...
- 负载均衡服务之HAProxy基础配置(二)
前文我们聊了下haproxy的global配置段中的常用参数的说明以及使用,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/12763245.html:今天我们来 ...
- Haproxy ssl 配置方式
通过haproxy redirect请求重定向的方法实现HTTP跳转HTTPS 配置实现http跳转到https,采用redirect重定向的做法,只需在frontend端添加: frontend h ...
- HAProxy 参数配置
RabbitMQ集群部署完成,通过HAProxy反向代理来提供统一的对RabbitMQ的访问入口. 1.Haproxy提供高可用性.负载均衡,以及基于TCP和HTTP的应用程序代理.(负载均衡策略有很 ...
随机推荐
- springboot用thymeleaf模板的paginate分页
本文根据一个简单的user表为例,展示 springboot集成mybatis,再到前端分页完整代码(新手自学,不足之处欢迎纠正): 先看java部分 pom.xml 加入 <!--支持 Web ...
- Android学习笔记-Adapter基础讲解
本节引言 从本节开始我们要讲的UI控件都是跟Adapter(适配器)打交道的,了解并学会使用这个Adapter很重要, Adapter是用来帮助填充数据的中间桥梁,简单点说就是:将各种数据以合适的形式 ...
- HDU 6069
Counting Divisors Problem Description In mathematics, the function d(n) denotes the number of diviso ...
- webpack模块解析
前面的话 在web存在多种支持JavaScript模块化的工具(如requirejs和r.js),这些工具各有优势和限制.webpack基于从这些系统获得的经验教训,并将模块的概念应用于项目中的任何文 ...
- [补档][COGS 426]血帆海盗
[COGS 426]血帆海盗 题目 传送门:http://cogs.pro/cogs/problem/problem.php?pid=426 随着资本的扩大,藏宝海湾贸易亲王在卡利姆多和东部王国大陆各 ...
- 深搜(DFS)广搜(BFS)详解
图的深搜与广搜 一.介绍: p { margin-bottom: 0.25cm; direction: ltr; line-height: 120%; text-align: justify; orp ...
- Hadoop入门第二篇-MapReduce学习
mapreduce是一种计算模型,是google的一篇论文向全世界介绍了MapReduce.MapReduce其实可以可以用多种语言编写Map或Reduce程序,因为hadoop是java写的,所以通 ...
- vc操作电脑之常用命令
1.重启计算机: ExitWindowsEx(EWX_REBOOT,0); 2.关机: ExitWindowsEx(EWX_SHUTDOWN,0); 3.注销: ExitWindowsEx(EWX_L ...
- txt文件怎么设置默认打开是用这个EditPlus软件打开
1.如果是正常安装的Editplus,只需要右击“txt文件”,在“打开方式”中选择“打开程序”,再点击“浏览”,找到“Editplus”打开,再将“始终使用选择的程序打开这种文件”前面的“口”选中, ...
- ubuntu 15.10 安装jdk
转http://www.bkjia.com/xtzh/881605.html 第一步,下载Linux版JDK 可以通过访问Oracle官网下载,或者直接通过命令行下载. lxh@ubuntu:~$ w ...