当前位置:网站首页>Reverse proxy haproxy

Reverse proxy haproxy

2022-06-22 23:26:00 Know the origin and know the destination

Introduce

HAProxy High concurrency 、 High performance TCP and HTTP Load Balancer , Support based on cookie The durability of , Automatic failover .

Compilation and installation

One click installation through script

View version 

[[email protected] ~]#haproxy -v
HAProxy version 2.4.10-bedf277 2021/12/23 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2026.
Known bugs: http://www.haproxy.org/bugs/bugs-2.4.10.html
Running on: Linux 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64

see haproxy state 

[[email protected] ~]#systemctl status haproxy.service 
● haproxy.service - HAProxy Load Balancer
   Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2022-06-19 11:33:02 CST; 3min 59s ago
  Process: 2909 ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q (code=exited, status=0/SUCCESS)
 Main PID: 2913 (haproxy)
    Tasks: 17
   Memory: 31.7M
   CGroup: /system.slice/haproxy.service
           ├─2913 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
           └─2915 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid

Jun 19 11:33:02 centos7 systemd[1]: Starting HAProxy Load Balancer...
Jun 19 11:33:02 centos7 systemd[1]: Started HAProxy Load Balancer.
Jun 19 11:33:02 centos7 haproxy[2913]: [NOTICE]   (2913) : New worker #1 (2915) forked

see haproxy Status page
Insert picture description here

Local and remote logs

haproxy To configure 

[[email protected] ~]#grep log /etc/haproxy/haproxy.cfg 
log 127.0.0.1 local2 info
log 10.0.0.7 local2 info

rsyslog To configure 

[[email protected] ~]#grep -E '^module.*|^inpu.* |^local2.*' /etc/rsyslog.conf 
module(load="imudp")
input(type="imudp" port="514")
local2.*                                                /var/log/haproxy.log

verification Use browser access haproxy Status page observation log 

[[email protected] ~]#tail -f /var/log/haproxy.log 
Jun 19 11:56:17 localhost haproxy[2838]: Connect from 10.0.0.1:50679 to 10.0.0.7:9999 (stats/HTTP)
Jun 19 11:56:37 localhost haproxy[2838]: Connect from 10.0.0.1:50679 to 10.0.0.7:9999 (stats/HTTP)
Jun 19 11:56:43 localhost haproxy[2838]: Connect from 10.0.0.1:50679 to 10.0.0.7:9999 (stats/HTTP)
Jun 19 11:56:45 localhost haproxy[2838]: Connect from 10.0.0.1:50679 to 10.0.0.7:9999 (stats/HTTP)

HAProxy Scheduling algorithm

Static algorithm

static-rr

[[email protected] conf.d]#cat /etc/haproxy/conf.d/static_rr.cfg 
listen WEB_PORT_80
	bind 10.0.0.7:80
	mode http
	log global
	balance static-rr
	server web1 10.0.0.17:80 weight 1 check inter 3000 fall 2 rise 5
	server web2 10.0.0.27:80 weight 2 check inter 3000 fall 2 rise 5

test 

[[email protected] ~]#curl 10.0.0.7:80
10.0.0.17
[[email protected] ~]#curl 10.0.0.7:80
10.0.0.27
[[email protected] ~]#curl 10.0.0.7:80
10.0.0.27

first

The number of connections to the first server reached 2 When the machine , The new request will be assigned to the next 

[[email protected] conf.d]#cat first.cfg 
listen WEB_PORT_80
	bind 10.0.0.7:80
	mode http
	log global
	balance first
	server web1 10.0.0.17:80 maxconn 2 weight 1 check inter 3000 fall 2 rise 5
	server web2 10.0.0.27:80 weight 1 check inter 3000 fall 2 rise 5

test 

[[email protected] ~]#while :; do curl http://10.0.0.7/index.html;sleep 0.1;done
10.0.0.27
10.0.0.17
10.0.0.17
10.0.0.27

Dynamic algorithm

Scheduling based on the load state of the back-end server , And haproxy It can be dynamically adjusted without restart during operation

roundrobin

Weight based polling 

[[email protected] ~]#cat /etc/haproxy/conf.d/round.cfg 
listen WEB_PORT_80
    bind 10.0.0.7:80
    mode http
    log global
    balance roundrobin
    server web1 10.0.0.17:80 weight 1 check inter 3000 fall 2 rise 5
    server web2 10.0.0.27:80 weight 2 check inter 3000 fall 2 rise 5

test 

[[email protected] ~]#for i in {1..6};do curl http://10.0.0.7/index.html;sleep 0.1;done
10.0.0.17
10.0.0.27
10.0.0.17
10.0.0.17
10.0.0.17
10.0.0.27

Adjust the weight value 

[[email protected] ~]#echo "get weight WEB_PORT_80/web1"|socat stdio /var/lib/haproxy/haproxy.sock 
1 (initial 1)

[[email protected] ~]#echo "set weight WEB_PORT_80/web1 3 "|socat stdio /var/lib/haproxy/haproxy.sock 

[[email protected] ~]#echo "get weight WEB_PORT_80/web1"|socat stdio /var/lib/haproxy/haproxy.sock 
3 (initial 1)

test 

[[email protected] ~]#for i in {1..10};do curl http://10.0.0.7/index.html;sleep 0.1;done
10.0.0.17
10.0.0.17
10.0.0.27
10.0.0.17
10.0.0.17
10.0.0.17
10.0.0.27
10.0.0.17
10.0.0.17
10.0.0.27

leastconn

Weighted least connected dynamic scheduling , Support weight runtime adjustment and slow start . Suitable for the scene : A long connection 

[[email protected] conf.d]#cat leastcon.cfg 
listen WEB_PORT_80
	bind 10.0.0.7:80
	mode http
	log global
	balance leastconn
	server web1 10.0.0.17:80 weight 1 check inter 3000 fall 2 rise 5
	server web2 10.0.0.27:80 weight 1 check inter 3000 fall 2 rise 5

random

Random load balancing

Other algorithms

It can be used as static Algorithm , It can also be adjusted to a dynamic algorithm according to parameters

source hash Source address hash

map-base Take the mold

Uniformity hash

uri Take the mold hash: According to the user's request uri Partial hash, then hash Results the total weight is modeled

uri Uniformity hash

url_param: Yes url in params in key Corresponding value hash.

hdr Yes http The head of the header Specify the information in hash

rdp-cookie

haproxy Use windows Of rdp agreement , adopt cookie Keep talking

The proxy side is configured to allow remote access ;IP The address is 10.0.0.60/24; Set user login password ,windows Remote disable empty password login
Insert picture description here
HAProxy To configure 

[[email protected] conf.d]#cat /etc/haproxy/conf.d/rdp.cfg 
listen RDP
	bind 10.0.0.7:3389
	balance rdp-cookie
	mode tcp
	server rdp1 10.0.0.60:3389 check fall 3 rise 5 inter 2000 weight 1

Turn on route forwarding 

[[email protected] conf.d]#sysctl -w net.ipv4.ip_forward=1 
net.ipv4.ip_forward = 1
[[email protected] conf.d]#sysctl -a | grep net.ipv4.ip_forward
net.ipv4.ip_forward = 1

Configure firewall rules 

[[email protected] conf.d]#iptables -t nat -A PREROUTING -d 192.168.0.7 -p tcp --dport 3389 -j DNAT --to-destination 10.0.0.60:3389
[[email protected] conf.d]#iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.0.7          tcp dpt:3389 to:10.0.0.60:3389

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 22 packets, 1320 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 22 packets, 1320 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (0 references)
 pkts bytes target     prot opt in     out     source               destination

test
Insert picture description here
After successful login , View the remote computer port
Insert picture description here

ACL

Access control list (Access Control Lists) Access control technology based on packet filtering .
The data packets transmitted through the server are matched and filtered according to the set conditions .

Domain name matching

haproxy To configure 

[[email protected] conf.d]#cat acl.cfg 
frontend WEB_PORT_80
	bind 10.0.0.7:80
	mode http
	log global
	balance leastconn
	option httplog
######### acl setting
	acl pc_domain hdr_dom(host)     -i www.kktb.org
	acl mobile_domain hdr_dom(host) -i mobile.kktb.org
######## acl hosts
	use_backend pc_hosts   if pc_domain
	use_backend mobile_hosts if mobile_domain
	default_backend pc_hosts 

######## backend hosts
backend mobile_hosts
	mode http
	server web1 10.0.0.17:80 check inter 3000 fall 2 rise 5

backend pc_hosts
	mode http
	server web2 10.0.0.27:80 check inter 3000 fall 2 rise 5

test 

[[email protected] ~]#curl www.kktb.org
10.0.0.27
[[email protected] ~]#curl mobile.kktb.org
10.0.0.17
[[email protected] ~]#curl kktb.org
10.0.0.27

Match browser type 

[[email protected] ~]#cat /etc/haproxy/conf.d/browser.cfg 
frontend WEB_PORT_80
	bind 10.0.0.7:80
	mode http
	log global
	balance roundrobin 
	option httplog
######### acl setting
	acl acl_user_agent    hdr_sub(User-Agent)     -i curl wget 
	acl acl_user_agent_ab hdr_sub(User-Agent) -i ApacheBench
######## acl hosts
	redirect prefix http://www.baidu.com if acl_user_agent
	http-request deny                    if acl_user_agent_ab
	default_backend pc_hosts

######## backend hosts
backend mobile_hosts
	mode http
	server web1 10.0.0.17:80 check inter 3000 fall 2 rise 5

backend pc_hosts
	mode http
	server web2 10.0.0.27:80 check inter 3000 fall 2 rise 5

test 

[[email protected] ~]#curl -I 10.0.0.7
HTTP/1.1 302 Found
content-length: 0
location: http://www.baidu.com/
cache-control: no-cache

Use ab Tool access 

[[email protected] ~]#ab -n1 -c 1 http://10.0.0.7/
This is ApacheBench, Version 2.3 <$Revision: 1807734 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 10.0.0.7 (be patient).....done


Server Software:        
Server Hostname:        10.0.0.7
Server Port:            80

Document Path:          /
Document Length:        93 bytes

Concurrency Level:      1
Time taken for tests:   0.002 seconds
Complete requests:      1
Failed requests:        0
Non-2xx responses:      1
Total transferred:      208 bytes
HTML transferred:       93 bytes
Requests per second:    631.71 [#/sec] (mean)
Time per request:       1.583 [ms] (mean)
Time per request:       1.583 [ms] (mean, across all concurrent requests)
Transfer rate:          128.32 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        1    1   0.0      1       1
Processing:     1    1   0.0      1       1
Waiting:        1    1   0.0      1       1
Total:          2    2   0.0      2       2

Check the log 

Jun 20 13:20:53 localhost haproxy[2316]: 10.0.0.80:40790 [20/Jun/2022:13:20:53.892] WEB_PORT_80 WEB_PORT_80/<NOSRV> 0/-1/-1/-1/0 403 192 - - PR-- 1/1/0/0/0 0/0 "GET / HTTP/1.0"
Jun 20 13:20:53 centos7 haproxy[2316]: 10.0.0.80:40790 [20/Jun/2022:13:20:53.892] WEB_PORT_80 WEB_PORT_80/<NOSRV> 0/-1/-1/-1/0 403 192 - - PR-- 1/1/0/0/0 0/0 "GET / HTTP/1.0"

Match the access path to realize dynamic and static separation 

[[email protected] conf.d]#cat dynamic_static_url.cfg 
frontend WEB_PORT_80
	bind 10.0.0.7:80
	mode http
	log global
	balance roundrobin 
	option httplog
######### acl setting
	acl acl_static path_beg -i /static /images /javascript
	acl acl_static path_end -i .jpg .jpeg .png .gif .css .js .html .htm
	acl acl_app path_beg -i /api

######## acl hosts
	use_backend static_hosts if acl_static
	use_backend app_hosts    if acl_app
	default_backend app_hosts

######## backend hosts
backend static_hosts
	mode http
	server web1 10.0.0.17:80 check inter 3000 fall 2 rise 5

backend app_hosts
	mode http
	server web2 10.0.0.27:80 check inter 3000 fall 2 rise 5

Back end 

[[email protected] html]#mkdir {static,images,javascript}
[[email protected] html]#echo "`hostname -I`" >> static/index.html

test 

[[email protected] ~]#curl 10.0.0.7/static/index.html
10.0.0.17
原网站

版权声明
本文为[Know the origin and know the destination]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/173/202206222103119010.html

边栏推荐

猜你喜欢

随机推荐