部署 HAProxy 服务

1 准备工作

1.1 环境信息

  • HAProxy 服务器信息如下:
  1. 192.168.100.100

1.2 安装依赖

  1. yum -y install epel-release

2 安装配置 HAProxy

2.1 安装 HAProxy

  1. yum install -y haproxy

2.2 配置 HAProxy

  1. # 打开 HAProxy 的配置文件
  2. vi /etc/haproxy/haproxy.cfg
  1. global
  2.     # to have these messages end up in /var/log/haproxy.log you will
  3.     # need to:
  4.     #
  5.     # 1) configure syslog to accept network log events.  This is done
  6.     #    by adding the '-r' option to the SYSLOGD_OPTIONS in
  7.     #    /etc/sysconfig/syslog
  8.     #
  9.     # 2) configure local2 events to go to the /var/log/haproxy.log
  10.     #   file. A line like the following can be added to
  11.     #   /etc/sysconfig/syslog
  12.     #
  13.     #    local2.*                       /var/log/haproxy.log
  14.     #
  15.     log         127.0.0.1 local2
  17.     chroot      /var/lib/haproxy
  18.     pidfile     /var/run/haproxy.pid
  19.     maxconn     4000
  20.     user        haproxy
  21.     group       haproxy
  22.     daemon
  24.     # turn on stats unix socket
  25.     stats socket /var/lib/haproxy/stats
  27. #---------------------------------------------------------------------
  28. # common defaults that all the 'listen' and 'backend' sections will
  29. # use if not designated in their block
  30. #---------------------------------------------------------------------
  31. defaults
  32.     log                     global
  33.     option                  dontlognull
  34.     option                  redispatch
  35.     retries                 3
  36.     timeout http-request    10s
  37.     timeout queue           1m
  38.     timeout connect         10s
  39.     timeout client          1m
  40.     timeout server          1m
  41.     timeout http-keep-alive 10s
  42.     timeout check           10s
  43.     maxconn                 3000
  45. listen stats
  46.     bind *:8080
  47.     mode http
  48.     stats enable
  49.     stats uri /haproxy                      # 监控页面, 请自行修改. 访问地址为 http://192.168.100.100:8080/haproxy
  50.     stats refresh 5s
  51.     stats realm haproxy-status
  52.     stats auth admin:KXOeyNgDeTdpeu9q       # 账户密码, 请自行修改. 访问 http://192.168.100.100:8080/haproxy 会要求输入
  54. #---------------------------------------------------------------------
  55. # check  检活参数说明
  56. # inter  间隔时间, 单位: 毫秒
  57. # rise   连续成功的次数, 单位: 次
  58. # fall   连续失败的次数, 单位: 次
  59. # 例: inter 2s rise 2 fall 3
  60. # 表示 2 秒检查一次状态, 连续成功 2 次服务正常, 连续失败 3 次服务异常
  61. #
  62. # server 服务参数说明
  63. # server 192.168.100.21 192.168.100.21:80 weight 1 cookie web01
  64. # 第一个 192.168.100.21 做为页面展示的标识, 可以修改为其他任意字符串
  65. # 第二个 192.168.100.21:80 是实际的后端服务端口
  66. # weight 为权重, 多节点时安装权重进行负载均衡
  67. # cookie 用户侧的 cookie 会包含此标识, 便于区分当前访问的后端节点
  68. # 例: server db01 192.168.100.21:3306 weight 1 cookie db_01
  69. #---------------------------------------------------------------------
  71. listen jms-web
  72.     bind *:80                               # 监听 80 端口
  73.     mode http
  75.     # redirect scheme https if !{ ssl_fc }  # 重定向到 https
  76.     # bind *:443 ssl crt /opt/ssl.pem       # https 设置
  78.     option httpchk GET /api/health/         # Core 检活接口
  80.     stick-table type ip size 200k expire 30m
  81.     stick on src
  83.     balance leastconn
  84.     server 192.168.100.21 192.168.100.21:80 weight 1 cookie web01 check inter 2s rise 2 fall 3  # JumpServer 服务器
  85.     server 192.168.100.22 192.168.100.22:80 weight 1 cookie web02 check inter 2s rise 2 fall 3
  86.     server 192.168.100.23 192.168.100.23:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
  87.     server 192.168.100.24 192.168.100.24:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
  89. listen jms-ssh
  90.     bind *:2222
  91.     mode tcp
  93.     option tcp-check
  95.     fullconn 500
  96.     balance source
  97.     server 192.168.100.21 192.168.100.21:2222 weight 1 check inter 2s rise 2 fall 3 send-proxy
  98.     server 192.168.100.22 192.168.100.22:2222 weight 1 check inter 2s rise 2 fall 3 send-proxy
  99.     server 192.168.100.23 192.168.100.23:2222 weight 1 check inter 2s rise 2 fall 3 send-proxy
  100.     server 192.168.100.24 192.168.100.24:2222 weight 1 check inter 2s rise 2 fall 3 send-proxy
  102. listen jms-koko
  103.     mode http
  105.     option httpclose
  106.     option forwardfor
  107.     option httpchk GET /koko/health/ HTTP/1.1\r\nHost:\ 192.168.100.100  # KoKo 检活接口, host 填写 HAProxy 的 ip 地址
  109.     cookie SERVERID insert indirect
  110.     hash-type consistent
  111.     fullconn 500
  112.     balance leastconn
  113.     server 192.168.100.21 192.168.100.21:80 weight 1 cookie web01 check inter 2s rise 2 fall 3
  114.     server 192.168.100.22 192.168.100.22:80 weight 1 cookie web02 check inter 2s rise 2 fall 3
  115.     server 192.168.100.23 192.168.100.23:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
  116.     server 192.168.100.24 192.168.100.24:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
  118. listen jms-lion
  119.     mode http
  121.     option httpclose
  122.     option forwardfor
  123.     option httpchk GET /lion/health/ HTTP/1.1\r\nHost:\ 192.168.100.100  # Lion 检活接口, host 填写 HAProxy 的 ip 地址
  125.     cookie SERVERID insert indirect
  126.     hash-type consistent
  127.     fullconn 500
  128.     balance leastconn
  129.     server 192.168.100.21 192.168.100.21:80 weight 1 cookie web01 check inter 2s rise 2 fall 3
  130.     server 192.168.100.22 192.168.100.22:80 weight 1 cookie web02 check inter 2s rise 2 fall 3
  131.     server 192.168.100.23 192.168.100.23:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
  132.     server 192.168.100.24 192.168.100.24:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
  134. listen jms-magnus
  135.     bind *:30000
  136.     mode tcp
  138.     option tcp-check
  140.     fullconn 500
  141.     balance source
  142.     server 192.168.100.21 192.168.100.21:30000 weight 1 check inter 2s rise 2 fall 3 send-proxy
  143.     server 192.168.100.22 192.168.100.22:30000 weight 1 check inter 2s rise 2 fall 3 send-proxy
  144.     server 192.168.100.23 192.168.100.23:30000 weight 1 check inter 2s rise 2 fall 3 send-proxy
  145.     server 192.168.100.24 192.168.100.24:30000 weight 1 check inter 2s rise 2 fall 3 send-proxy

2.3 配置 SELinux

  1. setsebool -P haproxy_connect_any 1

2.4 启动 HAProxy

  1. systemctl enable haproxy
  2. systemctl start haproxy

3 配置防火墙

  1. firewall-cmd --permanent --zone=public --add-port=80/tcp
  2. firewall-cmd --permanent --zone=public --add-port=443/tcp
  3. firewall-cmd --permanent --zone=public --add-port=2222/tcp
  4. firewall-cmd --permanent --zone=public --add-port=33060/tcp
  5. firewall-cmd --permanent --zone=public --add-port=33061/tcp
  6. firewall-cmd --reload