部署 HAProxy 服务

1 准备工作

1.1 环境信息

  • HAProxy 服务器信息如下:
  1. 192.168.100.100

1.2 安装依赖

  1. yum -y install epel-release

2 安装配置 HAProxy

2.1 安装 HAProxy

  1. yum install -y haproxy

2.2 配置 HAProxy

  1. # 打开 HAProxy 的配置文件
  2. vi /etc/haproxy/haproxy.cfg
  1. global
  2. # to have these messages end up in /var/log/haproxy.log you will
  3. # need to:
  4. #
  5. # 1) configure syslog to accept network log events. This is done
  6. # by adding the '-r' option to the SYSLOGD_OPTIONS in
  7. # /etc/sysconfig/syslog
  8. #
  9. # 2) configure local2 events to go to the /var/log/haproxy.log
  10. # file. A line like the following can be added to
  11. # /etc/sysconfig/syslog
  12. #
  13. # local2.* /var/log/haproxy.log
  14. #
  15. log 127.0.0.1 local2
  16. chroot /var/lib/haproxy
  17. pidfile /var/run/haproxy.pid
  18. maxconn 4000
  19. user haproxy
  20. group haproxy
  21. daemon
  22. # turn on stats unix socket
  23. stats socket /var/lib/haproxy/stats
  24. #---------------------------------------------------------------------
  25. # common defaults that all the 'listen' and 'backend' sections will
  26. # use if not designated in their block
  27. #---------------------------------------------------------------------
  28. defaults
  29. log global
  30. option dontlognull
  31. option redispatch
  32. retries 3
  33. timeout http-request 10s
  34. timeout queue 1m
  35. timeout connect 10s
  36. timeout client 1m
  37. timeout server 1m
  38. timeout http-keep-alive 10s
  39. timeout check 10s
  40. maxconn 3000
  41. listen stats
  42. bind *:8080
  43. mode http
  44. stats enable
  45. stats uri /haproxy # 监控页面, 请自行修改. 访问地址为 http://192.168.100.100:8080/haproxy
  46. stats refresh 5s
  47. stats realm haproxy-status
  48. stats auth admin:KXOeyNgDeTdpeu9q # 账户密码, 请自行修改. 访问 http://192.168.100.100:8080/haproxy 会要求输入
  49. #---------------------------------------------------------------------
  50. # check 检活参数说明
  51. # inter 间隔时间, 单位: 毫秒
  52. # rise 连续成功的次数, 单位: 次
  53. # fall 连续失败的次数, 单位: 次
  54. # 例: inter 2s rise 2 fall 3
  55. # 表示 2 秒检查一次状态, 连续成功 2 次服务正常, 连续失败 3 次服务异常
  56. #
  57. # server 服务参数说明
  58. # server 192.168.100.21 192.168.100.21:80 weight 1 cookie web01
  59. # 第一个 192.168.100.21 做为页面展示的标识, 可以修改为其他任意字符串
  60. # 第二个 192.168.100.21:80 是实际的后端服务端口
  61. # weight 为权重, 多节点时安装权重进行负载均衡
  62. # cookie 用户侧的 cookie 会包含此标识, 便于区分当前访问的后端节点
  63. # 例: server db01 192.168.100.21:3306 weight 1 cookie db_01
  64. #---------------------------------------------------------------------
  65. listen jms-web
  66. bind *:80 # 监听 80 端口
  67. mode http
  68. # redirect scheme https if !{ ssl_fc } # 重定向到 https
  69. # bind *:443 ssl crt /opt/ssl.pem # https 设置
  70. option httpclose
  71. option forwardfor
  72. option httpchk GET /api/health/ # Core 检活接口
  73. cookie SERVERID insert indirect
  74. hash-type consistent
  75. fullconn 500
  76. balance leastconn
  77. server 192.168.100.21 192.168.100.21:80 weight 1 cookie web01 check inter 2s rise 2 fall 3 # JumpServer 服务器
  78. server 192.168.100.22 192.168.100.22:80 weight 1 cookie web02 check inter 2s rise 2 fall 3
  79. server 192.168.100.23 192.168.100.23:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
  80. server 192.168.100.24 192.168.100.24:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
  81. listen jms-ssh
  82. bind *:2222
  83. mode tcp
  84. option tcp-check
  85. fullconn 500
  86. balance source
  87. server 192.168.100.21 192.168.100.21:2222 weight 1 check inter 2s rise 2 fall 3 send-proxy
  88. server 192.168.100.22 192.168.100.22:2222 weight 1 check inter 2s rise 2 fall 3 send-proxy
  89. server 192.168.100.23 192.168.100.23:2222 weight 1 check inter 2s rise 2 fall 3 send-proxy
  90. server 192.168.100.24 192.168.100.24:2222 weight 1 check inter 2s rise 2 fall 3 send-proxy
  91. listen jms-koko
  92. mode http
  93. option httpclose
  94. option forwardfor
  95. option httpchk GET /koko/health/ HTTP/1.1\r\nHost:\ 192.168.100.100 # KoKo 检活接口, host 填写 HAProxy 的 ip 地址
  96. cookie SERVERID insert indirect
  97. hash-type consistent
  98. fullconn 500
  99. balance leastconn
  100. server 192.168.100.21 192.168.100.21:80 weight 1 cookie web01 check inter 2s rise 2 fall 3
  101. server 192.168.100.22 192.168.100.22:80 weight 1 cookie web02 check inter 2s rise 2 fall 3
  102. server 192.168.100.23 192.168.100.23:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
  103. server 192.168.100.24 192.168.100.24:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
  104. listen jms-lion
  105. mode http
  106. option httpclose
  107. option forwardfor
  108. option httpchk GET /lion/health/ HTTP/1.1\r\nHost:\ 192.168.100.100 # Lion 检活接口, host 填写 HAProxy 的 ip 地址
  109. cookie SERVERID insert indirect
  110. hash-type consistent
  111. fullconn 500
  112. balance leastconn
  113. server 192.168.100.21 192.168.100.21:80 weight 1 cookie web01 check inter 2s rise 2 fall 3
  114. server 192.168.100.22 192.168.100.22:80 weight 1 cookie web02 check inter 2s rise 2 fall 3
  115. server 192.168.100.23 192.168.100.23:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
  116. server 192.168.100.24 192.168.100.24:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
  117. listen jms-magnus
  118. bind *:30000
  119. mode tcp
  120. option tcp-check
  121. fullconn 500
  122. balance source
  123. server 192.168.100.21 192.168.100.21:30000 weight 1 check inter 2s rise 2 fall 3 send-proxy
  124. server 192.168.100.22 192.168.100.22:30000 weight 1 check inter 2s rise 2 fall 3 send-proxy
  125. server 192.168.100.23 192.168.100.23:30000 weight 1 check inter 2s rise 2 fall 3 send-proxy
  126. server 192.168.100.24 192.168.100.24:30000 weight 1 check inter 2s rise 2 fall 3 send-proxy

2.3 配置 SELinux

  1. setsebool -P haproxy_connect_any 1

2.4 启动 HAProxy

  1. systemctl enable haproxy
  2. systemctl start haproxy

3 配置防火墙

  1. firewall-cmd --permanent --zone=public --add-port=80/tcp
  2. firewall-cmd --permanent --zone=public --add-port=443/tcp
  3. firewall-cmd --permanent --zone=public --add-port=2222/tcp
  4. firewall-cmd --permanent --zone=public --add-port=33060/tcp
  5. firewall-cmd --permanent --zone=public --add-port=33061/tcp
  6. firewall-cmd --reload