CentOS7 HAProxy installation and configuration details
- 2020-05-15 03:24:53
- OfStack
An overview of the
Download address: Haproxy http: / / pkgs fedoraproject. org/repo/pkgs haproxy /
Turn off SElinux and configure the firewall
1, vi/etc/selinux/config
#SELINUX=enforcing # Comment out the
#SELINUXTYPE=targeted # Comment out the
SELINUX=disabled # increase
:wq! # Save the exit
setenforce 0 # Enable the configuration to take effect immediately
2. Edit vi /etc/sysconfig/iptables #
-A RH-Firewall-1-INPUT -d 224.0.0.18 -j ACCEPT # Allows multicast address communication
-A RH-Firewall-1-INPUT -p vrrp -j ACCEPT # allow VRRP (virtual router redundancy) communication
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT # allow 80 Port through firewall
:wq! # Save the exit
/etc/init.d/iptables restart # Restart the firewall to enable the configuration
Install HAProxy
1. Create HAProxy running accounts and groups
groupadd haproxy # add haproxy group
useradd -g haproxy haproxy -s /bin/false # create nginx Running account haproxy To join the haproxy Group, not allowed haproxy The user logs in to the system directly
2. Installation:
[root@A local]# yum install -y gcc
[root@A local]# tar zxvf haproxy-1.6.9.tar.gz
[root@A local]# cd haproxy-1.6.9
[root@A local]# make TARGET=linux3100 CPU=x86_64 PREFIX=/usr/local/haprpxy # compile uname -r # View the system kernel version number
[root@A local]# make install PREFIX=/usr/local/haproxy # The installation
# Few details:
#TARGET=linux3100
# use uname -r View the kernel, such as: 2.6.18-371.el5 , at which time the parameter is linux26
#kernel Is greater than 2.6.28 The use of: TARGET=linux2628
#CPU=x86_64 # use uname -r View system information, such as x86_64 x86_64 x86_64 GNU/Linux , at which time the parameter is x86_64
#PREFIX=/usr/local/haprpxy #/usr/local/haprpxy for haprpxy The installation path
3. Set HAProxy
mkdir -p /usr/local/haproxy/conf # Create the profile directory
mkdir -p /etc/haproxy # Create the profile directory
touch /usr/local/haproxy/conf/haproxy.cfg # Create profile
ln -s /usr/local/haproxy/conf/haproxy.cfg /etc/haproxy/haproxy.cfg # Add configuration file soft connection
cp -r /usr/local/src/haproxy-1.6.9/examples/errorfiles /usr/local/haproxy/errorfiles # Copy error page
ln -s /usr/local/haproxy/errorfiles /etc/haproxy/errorfiles # Add soft join
mkdir -p /usr/local/haproxy/log # Create the log file directory
touch /usr/local/haproxy/log/haproxy.log # Create log files
ln -s /usr/local/haproxy/log/haproxy.log /var/log/haproxy.log # Add soft join
cp /usr/local/src/haproxy-1.6.9/examples/haproxy.init /etc/rc.d/init.d/haproxy # Copy the boot boot file
chmod +x /etc/rc.d/init.d/haproxy # Add script execution permissions
chkconfig haproxy on # Set to boot
ln -s /usr/local/haproxy/sbin/haproxy /usr/sbin # Add soft join
4. Configure haproxy.cfg parameter
cp /usr/local/haproxy/conf/haproxy.cfg /usr/local/haproxy/conf/haproxy.cfg-bak # The backup
vi /usr/local/haproxy/conf/haproxy.cfg # Edit, modify
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log 127.0.0.1 local2 ###[err warning info debug]
chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid ###haproxy the pid Store path , The user who started the process must have access to this file
maxconn 4000 ### Maximum number of connections, default 4000
user haproxy
group haproxy
daemon ### create 1 Process entry deamon Run in mode. This parameter requires that the run mode be set to "daemon"
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http ### Default mode mode { tcp|http|health } . tcp is 4 Layer, http is 7 Layer, health Will only return OK
log global ### Take a globally defined log
option dontlognull ### Do not log health check information
option httpclose ### Active shutdown after each request http channel
option httplog ### Log categories http Log format
option forwardfor ### If the back-end server needs to get the client real ip The parameters that need to be configured can be from Http Header Get the client in ip
option redispatch ###serverId The corresponding server is down , Force you to redirect to another healthy server
timeout connect 10000 #default 10 second timeout if a backend is not found
timeout client 300000 ### Client connection timeout
timeout server 300000 ### Server connection timeout
maxconn 60000 ### Maximum number of connections
retries 3 ###3 The service is considered unavailable when the secondary connection fails, which can also be set later
####################################################################
listen stats
bind 0.0.0.0:1080 # Listen on port
stats refresh 30s # Statistics page automatic refresh time
stats uri /stats # Statistics page url
stats realm Haproxy Manager # Prompt text on the statistics page password box
stats auth admin:admin # Statistics page user name and password Settings
#stats hide-version # Hide statistics on the page HAProxy Version information
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind 0.0.0.0:80
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static ### Meets the policy requirements, then responds to the policy definition backend page
default_backend dynamic ### They respond if they are not satisfied backend Default page
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin ### Load balancing mode polling
server static 127.0.0.1:80 check ### Back-end server definition
backend dynamic
balance roundrobin
server websrv1 10.252.97.106:80 check maxconn 2000
server websrv2 10.117.8.20:80 check maxconn 2000
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
#errorloc 503 http://www.osyunwei.com/404.html
errorfile 403 /etc/haproxy/errorfiles/403.http
errorfile 500 /etc/haproxy/errorfiles/500.http
errorfile 502 /etc/haproxy/errorfiles/502.http
errorfile 503 /etc/haproxy/errorfiles/503.http
errorfile 504 /etc/haproxy/errorfiles/504.http
:wq! # Save the exit
service haproxy start # Start the
service haproxy stop # Shut down
service haproxy restart # restart
5. Set HAProxy log
vi /etc/syslog.conf # Edit, add at the bottom
# haproxy.log
local0.* /var/log/haproxy.log
local3.* /var/log/haproxy.log
:wq! # Save the exit
vi /etc/sysconfig/syslog # edit
SYSLOGD_OPTIONS="-r -m 0" # Receive remote server logs
:wq! # Save the exit
service syslog restart # restart syslog
6. The browser opens the monitoring page of haproxy
As follows: http: / / 120.55.95.103:1080 / stats / / description: namely haproxy configuration file listening on port 1080, stats namely haproxy listening in the configuration file name