首先我們來了解下haproxy是幹嘛的?haproxy是一個法國人名叫Willy Tarreau開發的一個開源軟體;這款軟體主要用於解決客戶端10000以上的同時連線的高效能的TCP和HTTP負載均衡器。其功能是用來提供基於cookie的永續性,基於內容的交換,過載保護的高階流量管制,自動故障切換,以正規表示式為基礎的控制執行時間,基於web的報表,高階日誌記錄以幫助排除故障的應用或網路及其他功能;簡單說它就是基於tcp或http協議的負載均衡器;對於負載均衡器這個概率相信大家瞭解nginx的都知道吧,其實haproxy類似nginx的upstream功能;它可以基於tcp做四層負載,也可用基於http做七層負載,這一點和nginx一樣(nginx是1.9.0後才支援四層代理);有關nginx的負載均衡功能的使用說明,有興趣的朋友可以參考下本人的部落格https://www.cnblogs.com/qiuhom-1874/p/12458159.html和https://www.cnblogs.com/qiuhom-1874/p/12468946.html;
有關haproxy的介紹這裡就不過多闡述,有興趣的朋友可以去參考官方網站的介紹http://www.haproxy.org;
前面聊nginx的時候我們有聊到過nginx的一個重要的功能反向代理,這裡再簡單回顧下,所謂代理就是“一手託兩邊”,什麼意思呢?就是代理伺服器它面向客戶端一側它扮演伺服器角色,面向伺服器一側它扮演客戶端角色;而反向代理就是代理服務端響應客戶端的請求;我們把這種用於代理伺服器響應客戶端角色叫反向代理;haproxy就是一反向代理實現的軟體,在基於反代的模式下,可以對後端伺服器做四層或七層的負載均衡;通常情況下haproxy工作在一個流量入口的節點上,用於接收並把客戶端的請求分發給不同應用的後端伺服器;
簡單闡述了haproxy的功能後,我們來看看haproxy的程式組成部分和配置檔案;
在redhat系列的Linux上安裝haproxy可以yum安裝,只不過這種安裝方式安裝的版本比較舊,如果要使用比較新的版本的haproxy可以選擇編輯安裝;我們這裡先用yum安裝先看看haproxy怎麼用吧
[root@docker_node1 ~]# yum info haproxy Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.cn99.com * updates: mirrors.aliyun.com Installed Packages Name : haproxy Arch : x86_64 Version : 1.5.18 Release : 9.el7 Size : 2.6 M Repo : installed From repo : base Summary : TCP/HTTP proxy and load balancer for high availability environments URL : http://www.haproxy.org/ License : GPLv2+ Description : HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high : availability environments. Indeed, it can: : - route HTTP requests depending on statically assigned cookies : - spread load among several servers while assuring server persistence : through the use of HTTP cookies : - switch to backup servers in the event a main server fails : - accept connections to special ports dedicated to service monitoring : - stop accepting connections without breaking existing ones : - add, modify, and delete HTTP headers in both directions : - block requests matching particular patterns : - report detailed status to authenticated users from a URI : intercepted by the application [root@docker_node1 ~]#
提示:haproxy在base參考的版本是1.5.18;從上面的資訊可以看到haproxy的介紹和功能,有興趣的朋友自行翻譯下;yum安裝這裡就不多說了,接下來我們來看看haproxy的程式組成;
[root@docker_node1 ~]# rpm -ql haproxy /etc/haproxy /etc/haproxy/haproxy.cfg /etc/logrotate.d/haproxy /etc/sysconfig/haproxy /usr/bin/halog /usr/bin/iprange /usr/lib/systemd/system/haproxy.service /usr/sbin/haproxy /usr/sbin/haproxy-systemd-wrapper /usr/share/doc/haproxy-1.5.18 ……省略部分內容…… /usr/share/haproxy /usr/share/haproxy/400.http /usr/share/haproxy/403.http /usr/share/haproxy/408.http /usr/share/haproxy/500.http /usr/share/haproxy/502.http /usr/share/haproxy/503.http /usr/share/haproxy/504.http /usr/share/haproxy/README /usr/share/man/man1/halog.1.gz /usr/share/man/man1/haproxy.1.gz /var/lib/haproxy [root@docker_node1 ~]#
提示:haproxy的主程式檔案是/usr/sbin/haproxy,配置檔案是/etc/haproxy/haproxy.cfg,Unit file:/usr/lib/systemd/system/haproxy.service;接下來我們來看看配置檔案;
[root@docker_node1 ~]# cat /etc/haproxy/haproxy.cfg #--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 #--------------------------------------------------------------------- #main frontend which proxys to the backends #--------------------------------------------------------------------- frontend main *:5000 acl url_static path_beg -i /static /images /javascript /stylesheets acl url_static path_end -i .jpg .gif .png .css .js use_backend static if url_static default_backend app #--------------------------------------------------------------------- # static backend for serving up images, stylesheets and such #--------------------------------------------------------------------- backend static balance roundrobin server static 127.0.0.1:4331 check #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend app balance roundrobin server app1 127.0.0.1:5001 check server app2 127.0.0.1:5002 check server app3 127.0.0.1:5003 check server app4 127.0.0.1:5004 check [root@docker_node1 ~]#
提示:以上是haproxy yum安裝的配置檔案,其中配置檔案大致分全域性配置段和代理配置段,全域性配置段主要配置程式及安全配置相關的引數以及效能調整相關引數;代理配置段主要有defaults配置段,該配置段主要配置frontend,backend,listen配置段預設配置,如果在後面的frontend、backend、listen中配置段有defaults配置段引數,後者生效,沒有配置則繼承defaults配置段的引數配置;frontend配置段主要配置前端面向客戶端提供訪問的介面,比如監聽在那個地址的那個埠呀,相當於nginx中的server的概念;backend配置段用於定義後端伺服器主機的,相當於nginx裡的upstream配置段概念;而listen是同時配置前端監聽埠資訊和後端被代理伺服器;
瞭解了上面配置檔案的大概配置,我們接下來配置下,讓haproxy代理三臺web服務響應客戶端請求;
首先說下實驗環境,宿主機haproxy的地址是192.168.0.22:80代理172.17.0.2、3、4這三臺主機(為了節省虛擬機器資源,我們這裡分別用docker容器來模擬三臺web伺服器)
後端伺服器環境搭建
1、安裝docker-ce
[root@docker_node1 ~]# yum install -y docker-ce
提示:安裝之前需要去配置好docker的yum源參考,推薦去阿里雲yum倉庫
2、拉取映象
[root@docker_node1 ~]# docker pull httpd:2.4.37-alpine Error response from daemon: Get https://registry-1.docker.io/v2/library/httpd/manifests/2.4.37-alpine: net/http: TLS handshake timeout [root@docker_node1 ~]#
提示:這是沒有配置docker加速,所以導致超時;
3、配置docker加速器
提示:登入自己的賬號去阿里雲控制檯裡找容器映象服務-->映象加速,右邊有個操作文件,根據自己的系統選擇相應的配置,然後複製下來到你自己的Linux上執行即可;配置好加速器後,在拉取映象就比較快了;
4、執行三個不同名稱的容器
提示:可以看到三個不同名稱的例項執行起來了,為了區分各容器我們故意把主頁的內容更改為不同的名稱以示區分;
提示:把三個容器的主頁更改後,需要在docker宿主機上測試是否能夠訪問
提示:容器執行的服務已經能夠正常訪問,到此後端server就準備就緒,接下來就是配置haproxy來反代這三個容器就可以了;
配置haproxy反代後端伺服器
提示:以上紅框中的名字必須相同,什麼意思呢?就是前端呼叫哪個後端伺服器組,後端伺服器組必須得存在,否則haproxy起不來;這裡說一下以上配置,以上配置表示前端myweb這個服務監聽在該主機的所有地址的80埠,並把客戶端的請求反代至webservers這個後端伺服器組上進行響應;後端伺服器webservers,定義了三個server分別是172.17.0.2、3、4;如果前端監聽埠和後端伺服器監聽埠相同的情況下,後端伺服器上可以不用謝埠的;
提示:啟動haproxy後,為了驗證配置檔案是否有問題,需要檢視下對應監聽的埠是否起來了,如果配置檔案有問題,啟動haproxy是不會有任何提示的,我們只有檢視埠來判斷haproxy是否配置正確和成功啟動;從上面的的資訊看,我們配置的haproxy沒有問題,對應80埠都啟動起來了;
測試:用瀏覽器對192.168.0.22:80進行訪問,看看是否能夠響應後端伺服器的主頁?
提示:可以看到haproxy能夠正常的把客戶端的請求以輪詢的方式向後端伺服器反代;
以上就是haproxy最簡單的使用方式,作為反代伺服器代理服務端響應客戶端的請求;接下來我們來說說編譯安裝haproxy
1、首先我們要把自己的編譯環境搭建好
[root@haproxy_node1 ~]# yum groupinstall "development tools" -y
提示:通常編譯環境所需要的包,在development tools這個包組中都有,所以通常我們原始碼編譯安裝都是把這個包組裝上,然後編譯,如果中途有報錯提示我們沒有哪個包,我們在安裝相應的包就可以了
2、下載haproxy原始碼包
提示:我這個是從官網上下載後,然後上傳上來的,官網是國外的一個網站,想要訪問它,我們需要翻牆出去才可以;
3、解壓原始碼包,並進入到原始碼目錄檢視編譯手冊
[root@haproxy_node1 src]# tar xf haproxy-1.8.20.tar.gz oot@haproxy_node1 src]# cd haproxy-1.8.20 [root@haproxy_node1 haproxy-1.8.20]# ls CHANGELOG CONTRIBUTING ebtree include MAINTAINERS README ROADMAP src tests VERSION contrib doc examples LICENSE Makefile reg-tests scripts SUBVERS VERDATE [root@haproxy_node1 haproxy-1.8.20]#
提示:README就是編譯手冊,裡面告訴我們怎麼去編譯安裝haproxy,需要指定的那些引數等等說明;我們需要關心的是我們系統上什麼架構,核心版本資訊;編譯的時候我們需要用ARCH來指定系統架構,用TARGET來指定核心版本,Linux2.6以上的核心版本需要指定TARGET=linux2628;其他版本資訊可以對照README裡的說明資訊對照來指定對應的引數;除此以外我們還需要指定是否支援openssl、zip壓縮、以及是否使用systemd的方式來管理服務等等資訊,根據自己的需要定製編譯引數;
4、指定編譯引數,編譯haproxy
[root@haproxy_node1 haproxy-1.8.20]# make ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 gcc -Iinclude -Iebtree -Wall -m64 -march=x86-64 -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -DCONFIG_HAP_LINUX_SPLICE -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 -DNETFILTER -DUSE_THREAD -DUSE_OPENSSL -DUSE_SYSCALL_FUTEX -DUSE_SYSTEMD -DUSE_PCRE -I/usr/local/include -DCONFIG_HAPROXY_VERSION=\"1.8.20\" -DCONFIG_HAPROXY_DATE=\"2019/04/25\" -c -o src/ev_poll.o src/ev_poll.c In file included from include/types/global.h:32:0, from src/ev_poll.c:26: include/types/listener.h:29:25: fatal error: openssl/ssl.h: No such file or directory #include <openssl/ssl.h> ^ compilation terminated. make: *** [src/ev_poll.o] Error 1 [root@haproxy_node1 haproxy-1.8.20]#
提示:以上報錯說沒有openssl這個標頭檔案,我們需要安裝openssl-devel這個包即可
[root@haproxy_node1 haproxy-1.8.20]# yum install -y openssl-devel Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.huaweicloud.com * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package openssl-devel.x86_64 1:1.0.2k-19.el7 will be installed --> Processing Dependency: openssl-libs(x86-64) = 1:1.0.2k-19.el7 for package: 1:openssl-devel-1.0.2k-19.el7.x86_64 --> Processing Dependency: zlib-devel(x86-64) for package: 1:openssl-devel-1.0.2k-19.el7.x86_64 --> Processing Dependency: krb5-devel(x86-64) for package: 1:openssl-devel-1.0.2k-19.el7.x86_64 ……省略部分資訊…… Installed: openssl-devel.x86_64 1:1.0.2k-19.el7 Dependency Installed: keyutils-libs-devel.x86_64 0:1.5.8-3.el7 krb5-devel.x86_64 0:1.15.1-37.el7_7.2 libcom_err-devel.x86_64 0:1.42.9-16.el7 libkadm5.x86_64 0:1.15.1-37.el7_7.2 libselinux-devel.x86_64 0:2.5-14.1.el7 libsepol-devel.x86_64 0:2.5-10.el7 libverto-devel.x86_64 0:0.2.5-4.el7 pcre-devel.x86_64 0:8.32-17.el7 zlib-devel.x86_64 0:1.2.7-18.el7 Dependency Updated: e2fsprogs.x86_64 0:1.42.9-16.el7 e2fsprogs-libs.x86_64 0:1.42.9-16.el7 krb5-libs.x86_64 0:1.15.1-37.el7_7.2 libcom_err.x86_64 0:1.42.9-16.el7 libselinux.x86_64 0:2.5-14.1.el7 libselinux-python.x86_64 0:2.5-14.1.el7 libselinux-utils.x86_64 0:2.5-14.1.el7 libsepol.x86_64 0:2.5-10.el7 libss.x86_64 0:1.42.9-16.el7 openssl.x86_64 1:1.0.2k-19.el7 openssl-libs.x86_64 1:1.0.2k-19.el7 zlib.x86_64 0:1.2.7-18.el7 Complete! [root@haproxy_node1 haproxy-1.8.20]#
提示:通常編譯的時候報錯,我們要注意看它提示我們什麼,通常都是缺少某些包引起的,對應我們安裝devel版包都能夠解決;安裝了openssl-devel這個包後,再次編譯,上面的報錯就不會有了;
APROXY_DATE=\"2019/04/25\" \ -DBUILD_TARGET='"linux2628"' \ -DBUILD_ARCH='"x86_64"' \ -DBUILD_CPU='"generic"' \ -DBUILD_CC='"gcc"' \ -DBUILD_CFLAGS='"-m64 -march=x86-64 -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label"' \ -DBUILD_OPTIONS='"USE_ZLIB=1 USE_CPU_AFFINITY=1 USE_OPENSSL=1 USE_SYSTEMD=1 USE_PCRE=1"' \ -c -o src/haproxy.o src/haproxy.c src/haproxy.c:66:31: fatal error: systemd/sd-daemon.h: No such file or directory #include <systemd/sd-daemon.h> ^ compilation terminated. make: *** [src/haproxy.o] Error 1 [root@haproxy_node1 haproxy-1.8.20]#
提示:以上報錯提示我們缺少systemd/sd-daemon.h,我們安裝systemd-devel即可解決
[root@haproxy_node1 ~]# yum install -y systemd-devel Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.huaweicloud.com * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package systemd-devel.x86_64 0:219-67.el7_7.4 will be installed --> Processing Dependency: systemd-libs = 219-67.el7_7.4 for package: systemd-devel-219-67.el7_7.4.x86_64 --> Processing Dependency: systemd = 219-67.el7_7.4 for package: systemd-devel-219-67.el7_7.4.x86_64 --> Running transaction check ---> Package systemd.x86_64 0:219-42.el7 will be updated --> Processing Dependency: systemd = 219-42.el7 for package: systemd-sysv-219-42.el7.x86_64 ---> Package systemd.x86_64 0:219-67.el7_7.4 will be an update --> Processing Dependency: libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit) for package: systemd-219-67.el7_7.4.x86_64 --> Processing Dependency: liblz4.so.1()(64bit) for package: systemd-219-67.el7_7.4.x86_64 --> Processing Dependency: libcryptsetup.so.12()(64bit) for package: systemd-219-67.el7_7.4.x86_64 ---> Package systemd-libs.x86_64 0:219-42.el7 will be updated ---> Package systemd-libs.x86_64 0:219-67.el7_7.4 will be an update --> Running transaction check ---> Package cryptsetup-libs.x86_64 0:1.7.4-3.el7 will be updated ---> Package cryptsetup-libs.x86_64 0:2.0.3-5.el7 will be an update ---> Package lz4.x86_64 0:1.7.5-3.el7 will be installed ---> Package systemd-sysv.x86_64 0:219-42.el7 will be updated ---> Package systemd-sysv.x86_64 0:219-67.el7_7.4 will be an update --> Finished Dependency Resolution Dependencies Resolved ==================================================================================================================== Package Arch Version Repository Size ==================================================================================================================== Installing: systemd-devel x86_64 219-67.el7_7.4 updates 208 k Installing for dependencies: lz4 x86_64 1.7.5-3.el7 base 99 k Updating for dependencies: cryptsetup-libs x86_64 2.0.3-5.el7 base 338 k systemd x86_64 219-67.el7_7.4 updates 5.1 M systemd-libs x86_64 219-67.el7_7.4 updates 411 k systemd-sysv x86_64 219-67.el7_7.4 updates 89 k Transaction Summary ==================================================================================================================== Install 1 Package (+1 Dependent package) Upgrade ( 4 Dependent packages) Total download size: 6.2 M Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. (1/6): systemd-libs-219-67.el7_7.4.x86_64.rpm | 411 kB 00:00:00 (2/6): systemd-devel-219-67.el7_7.4.x86_64.rpm | 208 kB 00:00:00 (3/6): cryptsetup-libs-2.0.3-5.el7.x86_64.rpm | 338 kB 00:00:00 (4/6): lz4-1.7.5-3.el7.x86_64.rpm | 99 kB 00:00:00 (5/6): systemd-sysv-219-67.el7_7.4.x86_64.rpm | 89 kB 00:00:00 (6/6): systemd-219-67.el7_7.4.x86_64.rpm | 5.1 MB 00:00:01 -------------------------------------------------------------------------------------------------------------------- Total 5.4 MB/s | 6.2 MB 00:00:01 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : lz4-1.7.5-3.el7.x86_64 1/10 Updating : systemd-libs-219-67.el7_7.4.x86_64 2/10 Updating : cryptsetup-libs-2.0.3-5.el7.x86_64 3/10 Updating : systemd-219-67.el7_7.4.x86_64 4/10 Installing : systemd-devel-219-67.el7_7.4.x86_64 5/10 Updating : systemd-sysv-219-67.el7_7.4.x86_64 6/10 Cleanup : systemd-sysv-219-42.el7.x86_64 7/10 Cleanup : systemd-219-42.el7.x86_64 8/10 Cleanup : cryptsetup-libs-1.7.4-3.el7.x86_64 9/10 Cleanup : systemd-libs-219-42.el7.x86_64 10/10 Verifying : systemd-libs-219-67.el7_7.4.x86_64 1/10 Verifying : systemd-devel-219-67.el7_7.4.x86_64 2/10 Verifying : cryptsetup-libs-2.0.3-5.el7.x86_64 3/10 Verifying : systemd-219-67.el7_7.4.x86_64 4/10 Verifying : lz4-1.7.5-3.el7.x86_64 5/10 Verifying : systemd-sysv-219-67.el7_7.4.x86_64 6/10 Verifying : systemd-libs-219-42.el7.x86_64 7/10 Verifying : systemd-sysv-219-42.el7.x86_64 8/10 Verifying : systemd-219-42.el7.x86_64 9/10 Verifying : cryptsetup-libs-1.7.4-3.el7.x86_64 10/10 Installed: systemd-devel.x86_64 0:219-67.el7_7.4 Dependency Installed: lz4.x86_64 0:1.7.5-3.el7 Dependency Updated: cryptsetup-libs.x86_64 0:2.0.3-5.el7 systemd.x86_64 0:219-67.el7_7.4 systemd-libs.x86_64 0:219-67.el7_7.4 systemd-sysv.x86_64 0:219-67.el7_7.4 Complete! [root@haproxy_node1 ~]#
再次編譯
-Wno-unused-label -DCONFIG_HAP_LINUX_SPLICE -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 -DNETFILTER -DUSE_THREAD -DUSE_OPENSSL -DUSE_SYSCALL_FUTEX -DUSE_SYSTEMD -DUSE_PCRE -I/usr/include -DCONFIG_HAPROXY_VERSION=\"1.8.20\" -DCONFIG_HAPROXY_DATE=\"2019/04/25\" -c -o src/hash.o src/hash.c gcc -m64 -march=x86-64 -g -o haproxy src/ev_poll.o src/ev_epoll.o src/ssl_sock.o ebtree/ebtree.o ebtree/eb32sctree.o ebtree/eb32tree.o ebtree/eb64tree.o ebtree/ebmbtree.o ebtree/ebsttree.o ebtree/ebimtree.o ebtree/ebistree.o src/proto_http.o src/cfgparse.o src/server.o src/stream.o src/flt_spoe.o src/stick_table.o src/stats.o src/mux_h2.o src/checks.o src/haproxy.o src/log.o src/dns.o src/peers.o src/standard.o src/sample.o src/cli.o src/stream_interface.o src/proto_tcp.o src/backend.o src/proxy.o src/tcp_rules.o src/listener.o src/flt_http_comp.o src/pattern.o src/cache.o src/filters.o src/vars.o src/acl.o src/payload.o src/connection.o src/raw_sock.o src/proto_uxst.o src/flt_trace.o src/session.o src/ev_select.o src/channel.o src/task.o src/queue.o src/applet.o src/map.o src/frontend.o src/freq_ctr.o src/lb_fwlc.o src/mux_pt.o src/auth.o src/fd.o src/hpack-dec.o src/memory.o src/lb_fwrr.o src/lb_chash.o src/lb_fas.o src/hathreads.o src/chunk.o src/lb_map.o src/xxhash.o src/regex.o src/shctx.o src/buffer.o src/action.o src/h1.o src/compression.o src/pipe.o src/namespace.o src/sha1.o src/hpack-tbl.o src/hpack-enc.o src/uri_auth.o src/time.o src/proto_udp.o src/arg.o src/signal.o src/protocol.o src/lru.o src/hdr_idx.o src/hpack-huff.o src/mailers.o src/h2.o src/base64.o src/hash.o -lcrypt -lz -ldl -lpthread -lssl -lcrypto -ldl -lsystemd -L/usr/lib -lpcreposix -lpcre [root@haproxy_node1 haproxy-1.8.20]#
提示:再次編譯就沒有提示任何錯誤了,說明我們的編譯通過了,接下來我們就可以make install 了
[root@haproxy_node1 haproxy-1.8.20]# make install PREFIX=/usr/local/haproxy install -d "/usr/local/haproxy/sbin" install haproxy "/usr/local/haproxy/sbin" install -d "/usr/local/haproxy/share/man"/man1 install -m 644 doc/haproxy.1 "/usr/local/haproxy/share/man"/man1 install -d "/usr/local/haproxy/doc/haproxy" for x in configuration management architecture peers-v2.0 cookie-options lua WURFL-device-detection proxy-protocol linux-syn-cookies network-namespaces DeviceAtlas-device-detection 51Degrees-device-detection netscaler-client-ip-insertion-protocol peers close-options SPOE intro; do \ install -m 644 doc/$x.txt "/usr/local/haproxy/doc/haproxy" ; \ done [root@haproxy_node1 haproxy-1.8.20]#
提示:安裝的時候我們需要用PREFIX來指定安裝的目錄,其實安裝的過程不外乎就是把編譯好的二進位制檔案拷本到我們指定的目錄;到此編譯安裝就完成了,接下來據說建立UNIT 檔案
提示:該unit file 可以參考haproxy的用法來寫,主要是看haproxy的選項,-f表示指定配置檔案,-c表示檢查模式,-q表示靜默模式,之所以我們即便配置檔案有錯我們啟動的時候都不報錯的原因就是啟用了靜默模式,我們可以不用指定該引數;-Ws表示master-worker支援單主多子程式;-p表示指定pid檔案;根據上面的指令碼資訊,我們還需要在對應目錄下建立一個配置檔案,並根據haproxy的配置檔案指定的使用者來建立使用者;
[root@haproxy_node1 haproxy]# cat haproxy.cfg global maxconn 100000 chroot /usr/local/haproxy user haproxy group haproxy daemon # nbproc 4 # cpu-map 1 0 # cpu-map 2 1 # cpu-map 3 2 # cpu-map 4 3 pidfile /run/haproxy.pid log 127.0.0.1 local3 info defaults option http-keep-alive option forwardfor maxconn 100000 mode http timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s listen web_port bind 0.0.0.0:80 mode http log global server web1 192.168.0.22:80 check inter 3000 fall 2 rise 5 [root@haproxy_node1 haproxy]#
提示:以上配置資訊,在後續的部落格中會著重去說,這裡先不解釋,先把服務跑起來再說;從上面的配置看,我們還需要在系統上建立一個haproxy的使用者;當然如果你不想建立使用者你可以選擇一個你係統上現有使用者即可;建議用haproxy使用者去啟動haproxy;並且把haproxy使用者的shell型別設定成/sbin/nologin
[root@haproxy_node1 haproxy]# useradd -s /sbin/nologin haproxy [root@haproxy_node1 haproxy]# id haproxy uid=1000(haproxy) gid=1000(haproxy) groups=1000(haproxy) [root@haproxy_node1 haproxy]#
接下來我們嘗試用systemctl start haproxy來啟動服務看看對應的80服務是否能夠起來
提示:在啟動前,我們還需要把/usr/local/haproxy/sbin/haproxy 給軟連線至/usr/sbin/下,因為我們在unit file裡寫的是這個路徑;除此之外還要執行systemctl daemon-reload 讓systemctl 把haproxy載入到systemd管理;
測試:我們用瀏覽器訪問192.168.0.21:80,看看是否訪問得到我們之前的三臺httpd服務?
提示:以上能夠訪問到的原因是,我在上面的配置檔案中用listen 指令指定了監聽*:80對應的後端主機上192.168.0.22:80;在最開始的時候我們就用192.168.0.22:80反代後面三臺容器;這裡相當於是兩層反代結構,使用者請求傳送到192.168.0.21:80,然後192.168.0.21把使用者請求反代之192.168.0.22:80,然後192.168.0.22把請求反代之後端的172.17.0.2、3、4這三臺容器上,所以我們在瀏覽器看到的就是後端容器響應的結果;到此haproxy編譯安裝就完成了;後續我會持續更新haproxy的其他配置相關部落格,有興趣的朋友可以點點關注,共同學習;