前面聊nginx的時候我們有聊到過nginx的一個重要的功能反向代理,這裡再簡單回顧下,所謂代理就是“一手托兩邊”,什麼意思呢?就是代理伺服器它面向客戶端一側它扮演伺服器角色,面向伺服器一側它扮演客戶端角色;而反向代理就是代理服務端響應客戶端的請求;我們把這種用於代理伺服器響應客戶端角色叫反向代理... ...
首先我們來瞭解下haproxy是幹嘛的?haproxy是一個法國人名叫Willy Tarreau開發的一個開源軟體;這款軟體主要用於解決客戶端10000以上的同時連接的高性能的TCP和HTTP負載均衡器。其功能是用來提供基於cookie的持久性,基於內容的交換,過載保護的高級流量管制,自動故障切換,以正則表達式為基礎的控制運行時間,基於web的報表,高級日誌記錄以幫助排除故障的應用或網路及其他功能;簡單說它就是基於tcp或http協議的負載均衡器;對於負載均衡器這個概率相信大家瞭解nginx的都知道吧,其實haproxy類似nginx的upstream功能;它可以基於tcp做四層負載,也可用基於http做七層負載,這一點和nginx一樣(nginx是1.9.0後才支持四層代理);有關nginx的負載均衡功能的使用說明,有興趣的朋友可以參考下本人的博客https://www.cnblogs.com/qiuhom-1874/p/12458159.html和https://www.cnblogs.com/qiuhom-1874/p/12468946.html;
有關haproxy的介紹這裡就不過多闡述,有興趣的朋友可以去參考官方網站的介紹http://www.haproxy.org;
前面聊nginx的時候我們有聊到過nginx的一個重要的功能反向代理,這裡再簡單回顧下,所謂代理就是“一手托兩邊”,什麼意思呢?就是代理伺服器它面向客戶端一側它扮演伺服器角色,面向伺服器一側它扮演客戶端角色;而反向代理就是代理服務端響應客戶端的請求;我們把這種用於代理伺服器響應客戶端角色叫反向代理;haproxy就是一反向代理實現的軟體,在基於反代的模式下,可以對後端伺服器做四層或七層的負載均衡;通常情況下haproxy工作在一個流量入口的節點上,用於接收並把客戶端的請求分發給不同應用的後端伺服器;
簡單闡述了haproxy的功能後,我們來看看haproxy的程式組成部分和配置文件;
在redhat系列的Linux上安裝haproxy可以yum安裝,只不過這種安裝方式安裝的版本比較舊,如果要使用比較新的版本的haproxy可以選擇編輯安裝;我們這裡先用yum安裝先看看haproxy怎麼用吧
[root@docker_node1 ~]# yum info haproxy Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.cn99.com * updates: mirrors.aliyun.com Installed Packages Name : haproxy Arch : x86_64 Version : 1.5.18 Release : 9.el7 Size : 2.6 M Repo : installed From repo : base Summary : TCP/HTTP proxy and load balancer for high availability environments URL : http://www.haproxy.org/ License : GPLv2+ Description : HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high : availability environments. Indeed, it can: : - route HTTP requests depending on statically assigned cookies : - spread load among several servers while assuring server persistence : through the use of HTTP cookies : - switch to backup servers in the event a main server fails : - accept connections to special ports dedicated to service monitoring : - stop accepting connections without breaking existing ones : - add, modify, and delete HTTP headers in both directions : - block requests matching particular patterns : - report detailed status to authenticated users from a URI : intercepted by the application [root@docker_node1 ~]#
提示:haproxy在base參考的版本是1.5.18;從上面的信息可以看到haproxy的介紹和功能,有興趣的朋友自行翻譯下;yum安裝這裡就不多說了,接下來我們來看看haproxy的程式組成;
[root@docker_node1 ~]# rpm -ql haproxy /etc/haproxy /etc/haproxy/haproxy.cfg /etc/logrotate.d/haproxy /etc/sysconfig/haproxy /usr/bin/halog /usr/bin/iprange /usr/lib/systemd/system/haproxy.service /usr/sbin/haproxy /usr/sbin/haproxy-systemd-wrapper /usr/share/doc/haproxy-1.5.18 ……省略部分內容…… /usr/share/haproxy /usr/share/haproxy/400.http /usr/share/haproxy/403.http /usr/share/haproxy/408.http /usr/share/haproxy/500.http /usr/share/haproxy/502.http /usr/share/haproxy/503.http /usr/share/haproxy/504.http /usr/share/haproxy/README /usr/share/man/man1/halog.1.gz /usr/share/man/man1/haproxy.1.gz /var/lib/haproxy [root@docker_node1 ~]#
提示:haproxy的主程式文件是/usr/sbin/haproxy,配置文件是/etc/haproxy/haproxy.cfg,Unit file:/usr/lib/systemd/system/haproxy.service;接下來我們來看看配置文件;
[root@docker_node1 ~]# cat /etc/haproxy/haproxy.cfg #--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 #--------------------------------------------------------------------- #main frontend which proxys to the backends #--------------------------------------------------------------------- frontend main *:5000 acl url_static path_beg -i /static /images /javascript /stylesheets acl url_static path_end -i .jpg .gif .png .css .js use_backend static if url_static default_backend app #--------------------------------------------------------------------- # static backend for serving up images, stylesheets and such #--------------------------------------------------------------------- backend static balance roundrobin server static 127.0.0.1:4331 check #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend app balance roundrobin server app1 127.0.0.1:5001 check server app2 127.0.0.1:5002 check server app3 127.0.0.1:5003 check server app4 127.0.0.1:5004 check [root@docker_node1 ~]#
提示:以上是haproxy yum安裝的配置文件,其中配置文件大致分全局配置段和代理配置段,全局配置段主要配置進程及安全配置相關的參數以及性能調整相關參數;代理配置段主要有defaults配置段,該配置段主要配置frontend,backend,listen配置段預設配置,如果在後面的frontend、backend、listen中配置段有defaults配置段參數,後者生效,沒有配置則繼承defaults配置段的參數配置;frontend配置段主要配置前端面向客戶端提供訪問的介面,比如監聽在那個地址的那個埠呀,相當於nginx中的server的概念;backend配置段用於定義後端伺服器主機的,相當於nginx里的upstream配置段概念;而listen是同時配置前端監聽埠信息和後端被代理伺服器;
瞭解了上面配置文件的大概配置,我們接下來配置下,讓haproxy代理三台web服務響應客戶端請求;
首先說下實驗環境,宿主機haproxy的地址是192.168.0.22:80代理172.17.0.2、3、4這三台主機(為了節省虛擬機資源,我們這裡分別用docker容器來模擬三台web伺服器)
後端伺服器環境搭建
1、安裝docker-ce
[root@docker_node1 ~]# yum install -y docker-ce
提示:安裝之前需要去配置好docker的yum源參考,推薦去阿裡雲yum倉庫
2、拉取鏡像
[root@docker_node1 ~]# docker pull httpd:2.4.37-alpine Error response from daemon: Get https://registry-1.docker.io/v2/library/httpd/manifests/2.4.37-alpine: net/http: TLS handshake timeout [root@docker_node1 ~]#
提示:這是沒有配置docker加速,所以導致超時;
3、配置docker加速器
提示:登錄自己的賬號去阿裡雲控制台里找容器鏡像服務-->鏡像加速,右邊有個操作文檔,根據自己的系統選擇相應的配置,然後複製下來到你自己的Linux上執行即可;配置好加速器後,在拉取鏡像就比較快了;
4、運行三個不同名稱的容器
提示:可以看到三個不同名稱的實例運行起來了,為了區分各容器我們故意把主頁的內容更改為不同的名稱以示區分;
提示:把三個容器的主頁更改後,需要在docker宿主機上測試是否能夠訪問
提示:容器運行的服務已經能夠正常訪問,到此後端server就準備就緒,接下來就是配置haproxy來反代這三個容器就可以了;
配置haproxy反代後端伺服器
提示:以上紅框中的名字必須相同,什麼意思呢?就是前端調用哪個後端伺服器組,後端伺服器組必須得存在,否則haproxy起不來;這裡說一下以上配置,以上配置表示前端myweb這個服務監聽在該主機的所有地址的80埠,並把客戶端的請求反代至webservers這個後端伺服器組上進行響應;後端伺服器webservers,定義了三個server分別是172.17.0.2、3、4;如果前端監聽埠和後端伺服器監聽埠相同的情況下,後端伺服器上可以不用謝埠的;
提示:啟動haproxy後,為了驗證配置文件是否有問題,需要查看下對應監聽的埠是否起來了,如果配置文件有問題,啟動haproxy是不會有任何提示的,我們只有查看埠來判斷haproxy是否配置正確和成功啟動;從上面的的信息看,我們配置的haproxy沒有問題,對應80埠都啟動起來了;
測試:用瀏覽器對192.168.0.22:80進行訪問,看看是否能夠響應後端伺服器的主頁?
提示:可以看到haproxy能夠正常的把客戶端的請求以輪詢的方式向後端伺服器反代;
以上就是haproxy最簡單的使用方式,作為反代伺服器代理服務端響應客戶端的請求;接下來我們來說說編譯安裝haproxy
1、首先我們要把自己的編譯環境搭建好
[root@haproxy_node1 ~]# yum groupinstall "development tools" -y
提示:通常編譯環境所需要的包,在development tools這個包組中都有,所以通常我們源碼編譯安裝都是把這個包組裝上,然後編譯,如果中途有報錯提示我們沒有哪個包,我們在安裝相應的包就可以了
2、下載haproxy源碼包
提示:我這個是從官網上下載後,然後上傳上來的,官網是國外的一個網站,想要訪問它,我們需要翻牆出去才可以;
3、解壓源碼包,併進入到源碼目錄查看編譯手冊
[root@haproxy_node1 src]# tar xf haproxy-1.8.20.tar.gz oot@haproxy_node1 src]# cd haproxy-1.8.20 [root@haproxy_node1 haproxy-1.8.20]# ls CHANGELOG CONTRIBUTING ebtree include MAINTAINERS README ROADMAP src tests VERSION contrib doc examples LICENSE Makefile reg-tests scripts SUBVERS VERDATE [root@haproxy_node1 haproxy-1.8.20]#
提示:README就是編譯手冊,裡面告訴我們怎麼去編譯安裝haproxy,需要指定的那些參數等等說明;我們需要關心的是我們系統上什麼架構,內核版本信息;編譯的時候我們需要用ARCH來指定系統架構,用TARGET來指定內核版本,Linux2.6以上的內核版本需要指定TARGET=linux2628;其他版本信息可以對照README里的說明信息對照來指定對應的參數;除此以外我們還需要指定是否支持openssl、zip壓縮、以及是否使用systemd的方式來管理服務等等信息,根據自己的需要定製編譯參數;
4、指定編譯參數,編譯haproxy
[root@haproxy_node1 haproxy-1.8.20]# make ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 gcc -Iinclude -Iebtree -Wall -m64 -march=x86-64 -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -DCONFIG_HAP_LINUX_SPLICE -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 -DNETFILTER -DUSE_THREAD -DUSE_OPENSSL -DUSE_SYSCALL_FUTEX -DUSE_SYSTEMD -DUSE_PCRE -I/usr/local/include -DCONFIG_HAPROXY_VERSION=\"1.8.20\" -DCONFIG_HAPROXY_DATE=\"2019/04/25\" -c -o src/ev_poll.o src/ev_poll.c In file included from include/types/global.h:32:0, from src/ev_poll.c:26: include/types/listener.h:29:25: fatal error: openssl/ssl.h: No such file or directory #include <openssl/ssl.h> ^ compilation terminated. make: *** [src/ev_poll.o] Error 1 [root@haproxy_node1 haproxy-1.8.20]#
提示:以上報錯說沒有openssl這個頭文件,我們需要安裝openssl-devel這個包即可
[root@haproxy_node1 haproxy-1.8.20]# yum install -y openssl-devel Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.huaweicloud.com * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package openssl-devel.x86_64 1:1.0.2k-19.el7 will be installed --> Processing Dependency: openssl-libs(x86-64) = 1:1.0.2k-19.el7 for package: 1:openssl-devel-1.0.2k-19.el7.x86_64 --> Processing Dependency: zlib-devel(x86-64) for package: 1:openssl-devel-1.0.2k-19.el7.x86_64 --> Processing Dependency: krb5-devel(x86-64) for package: 1:openssl-devel-1.0.2k-19.el7.x86_64 ……省略部分信息…… Installed: openssl-devel.x86_64 1:1.0.2k-19.el7 Dependency Installed: keyutils-libs-devel.x86_64 0:1.5.8-3.el7 krb5-devel.x86_64 0:1.15.1-37.el7_7.2 libcom_err-devel.x86_64 0:1.42.9-16.el7 libkadm5.x86_64 0:1.15.1-37.el7_7.2 libselinux-devel.x86_64 0:2.5-14.1.el7 libsepol-devel.x86_64 0:2.5-10.el7 libverto-devel.x86_64 0:0.2.5-4.el7 pcre-devel.x86_64 0:8.32-17.el7 zlib-devel.x86_64 0:1.2.7-18.el7 Dependency Updated: e2fsprogs.x86_64 0:1.42.9-16.el7 e2fsprogs-libs.x86_64 0:1.42.9-16.el7 krb5-libs.x86_64 0:1.15.1-37.el7_7.2 libcom_err.x86_64 0:1.42.9-16.el7 libselinux.x86_64 0:2.5-14.1.el7 libselinux-python.x86_64 0:2.5-14.1.el7 libselinux-utils.x86_64 0:2.5-14.1.el7 libsepol.x86_64 0:2.5-10.el7 libss.x86_64 0:1.42.9-16.el7 openssl.x86_64 1:1.0.2k-19.el7 openssl-libs.x86_64 1:1.0.2k-19.el7 zlib.x86_64 0:1.2.7-18.el7 Complete! [root@haproxy_node1 haproxy-1.8.20]#
提示:通常編譯的時候報錯,我們要註意看它提示我們什麼,通常都是缺少某些包引起的,對應我們安裝devel版包都能夠解決;安裝了openssl-devel這個包後,再次編譯,上面的報錯就不會有了;
APROXY_DATE=\"2019/04/25\" \ -DBUILD_TARGET='"linux2628"' \ -DBUILD_ARCH='"x86_64"' \ -DBUILD_CPU='"generic"' \ -DBUILD_CC='"gcc"' \ -DBUILD_CFLAGS='"-m64 -march=x86-64 -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label"' \ -DBUILD_OPTIONS='"USE_ZLIB=1 USE_CPU_AFFINITY=1 USE_OPENSSL=1 USE_SYSTEMD=1 USE_PCRE=1"' \ -c -o src/haproxy.o src/haproxy.c src/haproxy.c:66:31: fatal error: systemd/sd-daemon.h: No such file or directory #include <systemd/sd-daemon.h> ^ compilation terminated. make: *** [src/haproxy.o] Error 1 [root@haproxy_node1 haproxy-1.8.20]#
提示:以上報錯提示我們缺少systemd/sd-daemon.h,我們安裝systemd-devel即可解決
[root@haproxy_node1 ~]# yum install -y systemd-devel Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.huaweicloud.com * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package systemd-devel.x86_64 0:219-67.el7_7.4 will be installed --> Processing Dependency: systemd-libs = 219-67.el7_7.4 for package: systemd-devel-219-67.el7_7.4.x86_64 --> Processing Dependency: systemd = 219-67.el7_7.4 for package: systemd-devel-219-67.el7_7.4.x86_64 --> Running transaction check ---> Package systemd.x86_64 0:219-42.el7 will be updated --> Processing Dependency: systemd = 219-42.el7 for package: systemd-sysv-219-42.el7.x86_64 ---> Package systemd.x86_64 0:219-67.el7_7.4 will be an update --> Processing Dependency: libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit) for package: systemd-219-67.el7_7.4.x86_64 --> Processing Dependency: liblz4.so.1()(64bit) for package: systemd-219-67.el7_7.4.x86_64 --> Processing Dependency: libcryptsetup.so.12()(64bit) for package: systemd-219-67.el7_7.4.x86_64 ---> Package systemd-libs.x86_64 0:219-42.el7 will be updated ---> Package systemd-libs.x86_64 0:219-67.el7_7.4 will be an update --> Running transaction check ---> Package cryptsetup-libs.x86_64 0:1.7.4-3.el7 will be updated ---> Package cryptsetup-libs.x86_64 0:2.0.3-5.el7 will be an update ---> Package lz4.x86_64 0:1.7.5-3.el7 will be installed ---> Package systemd-sysv.x86_64 0:219-42.el7 will be updated ---> Package systemd-sysv.x86_64 0:219-67.el7_7.4 will be an update --> Finished Dependency Resolution Dependencies Resolved ==================================================================================================================== Package Arch Version Repository Size ==================================================================================================================== Installing: systemd-devel x86_64 219-67.el7_7.4 updates 208 k Installing for dependencies: lz4 x86_64 1.7.5-3.el7 base 99 k Updating for dependencies: cryptsetup-libs x86_64 2.0.3-5.el7 base 338 k systemd x86_64 219-67.el7_7.4 updates 5.1 M systemd-libs x86_64 219-67.el7_7.4 updates 411 k systemd-sysv x86_64 219-67.el7_7.4 updates 89 k Transaction Summary ==================================================================================================================== Install 1 Package (+1 Dependent package) Upgrade ( 4 Dependent packages) Total download size: 6.2 M Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. (1/6): systemd-libs-219-67.el7_7.4.x86_64.rpm | 411 kB 00:00:00 (2/6): systemd-devel-219-67.el7_7.4.x86_64.rpm | 208 kB 00:00:00 (3/6): cryptsetup-libs-2.0.3-5.el7.x86_64.rpm | 338 kB 00:00:00 (4/6): lz4-1.7.5-3.el7.x86_64.rpm | 99 kB 00:00:00 (5/6): systemd-sysv-219-67.el7_7.4.x86_64.rpm | 89 kB 00:00:00 (6/6): systemd-219-67.el7_7.4.x86_64.rpm | 5.1 MB 00:00:01 -------------------------------------------------------------------------------------------------------------------- Total 5.4 MB/s | 6.2 MB 00:00:01 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : lz4-1.7.5-3.el7.x86_64 1/10 Updating : systemd-libs-219-67.el7_7.4.x86_64 2/10 Updating : cryptsetup-libs-2.0.3-5.el7.x86_64 3/10 Updating : systemd-219-67.el7_7.4.x86_64 4/10 Installing : systemd-devel-219-67.el7_7.4.x86_64 5/10 Updating : systemd-sysv-219-67.el7_7.4.x86_64 6/10 Cleanup : systemd-sysv-219-42.el7.x86_64 7/10 Cleanup : systemd-219-42.el7.x86_64 8/10 Cleanup : cryptsetup-libs-1.7.4-3.el7.x86_64 9/10 Cleanup : systemd-libs-219-42.el7.x86_64 10/10 Verifying : systemd-libs-219-67.el7_7.4.x86_64 1/10 Verifying : systemd-devel-219-67.el7_7.4.x86_64 2/10 Verifying : cryptsetup-libs-2.0.3-5.el7.x86_64 3/10 Verifying : systemd-219-67.el7_7.4.x86_64 4/10 Verifying : lz4-1.7.5-3.el7.x86_64 5/10 Verifying : systemd-sysv-219-67.el7_7.4.x86_64 6/10 Verifying : systemd-libs-219-42.el7.x86_64 7/10 Verifying : systemd-sysv-219-42.el7.x86_64 8/10 Verifying : systemd-219-42.el7.x86_64 9/10 Verifying : cryptsetup-libs-1.7.4-3.el7.x86_64 10/10 Installed: systemd-devel.x86_64 0:219-67.el7_7.4 Dependency Installed: lz4.x86_64 0:1.7.5-3.el7 Dependency Updated: cryptsetup-libs.x86_64 0:2.0.3-5.el7 systemd.x86_64 0:219-67.el7_7.4 systemd-libs.x86_64 0:219-67.el7_7.4 systemd-sysv.x86_64 0:219-67.el7_7.4 Complete! [root@haproxy_node1 ~]#
再次編譯
-Wno-unused-label -DCONFIG_HAP_LINUX_SPLICE -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 -DNETFILTER -DUSE_THREAD -DUSE_OPENSSL -DUSE_SYSCALL_FUTEX -DUSE_SYSTEMD -DUSE_PCRE -I/usr/include -DCONFIG_HAPROXY_VERSION=\"1.8.20\" -DCONFIG_HAPROXY_DATE=\"2019/04/25\" -c -o src/hash.o src/hash.c gcc -m64 -march=x86-64 -g -o haproxy src/ev_poll.o src/ev_epoll.o src/ssl_sock.o ebtree/ebtree.o ebtree/eb32sctree.o ebtree/eb32tree.o ebtree/eb64tree.o ebtree/ebmbtree.o ebtree/ebsttree.o ebtree/ebimtree.o ebtree/ebistree.o src/proto_http.o src/cfgparse.o src/server.o src/stream.o src/flt_spoe.o src/stick_table.o src/stats.o src/mux_h2.o src/checks.o src/haproxy.o src/log.o src/dns.o src/peers.o src/standard.o src/sample.o src/cli.o src/stream_interface.o src/proto_tcp.o src/backend.o src/proxy.o src/tcp_rules.o src/listener.o src/flt_http_comp.o src/pattern.o src/cache.o src/filters.o src/vars.o src/acl.o src/payload.o src/connection.o src/raw_sock.o src/proto_uxst.o src/flt_trace.o src/session.o src/ev_select.o src/channel.o src/task.o src/queue.o src/applet.o src/map.o src/frontend.o src/freq_ctr.o src/lb_fwlc.o src/mux_pt.o src/auth.o src/fd.o src/hpack-dec.o src/memory.o src/lb_fwrr.o src/lb_chash.o src/lb_fas.o src/hathreads.o src/chunk.o src/lb_map.o src/xxhash.o src/regex.o src/shctx.o src/buffer.o src/action.o src/h1.o src/compression.o src/pipe.o src/namespace.o src/sha1.o src/hpack-tbl.o src/hpack-enc.o src/uri_auth.o src/time.o src/proto_udp.o src/arg.o src/signal.o src/protocol.o src/lru.o src/hdr_idx.o src/hpack-huff.o src/mailers.o src/h2.o src/base64.o src/hash.o -lcrypt -lz -ldl -lpthread -lssl -lcrypto -ldl -lsystemd -L/usr/lib -lpcreposix -lpcre [root@haproxy_node1 haproxy-1.8.20]#
提示:再次編譯就沒有提示任何錯誤了,說明我們的編譯通過了,接下來我們就可以make install 了
[root@haproxy_node1 haproxy-1.8.20]# make install PREFIX=/usr/local/haproxy install -d "/usr/local/haproxy/sbin" install haproxy "/usr/local/haproxy/sbin" install -d "/usr/local/haproxy/share/man"/man1 install -m 644 doc/haproxy.1 "/usr/local/haproxy/share/man"/man1 install -d "/usr/local/haproxy/doc/haproxy" for x in configuration management architecture peers-v2.0 cookie-options lua WURFL-device-detection proxy-protocol linux-syn-cookies network-namespaces DeviceAtlas-device-detection 51Degrees-device-detection netscaler-client-ip-insertion-protocol peers close-options SPOE intro; do \ install -m 644 doc/$x.txt "/usr/local/haproxy/doc/haproxy" ; \ done [root@haproxy_node1 haproxy-1.8.20]#
提示:安裝的時候我們需要用PREFIX來指定安裝的目錄,其實安裝的過程不外乎就是把編譯好的二進位文件拷本到我們指定的目錄;到此編譯安裝就完成了,接下來據說創建UNIT 文件
提示:該unit file 可以參考haproxy的用法來寫,主要是看haproxy的選項,-f表示指定配置文件,-c表示檢查模式,-q表示靜默模式,之所以我們即便配置文件有錯我們啟動的時候都不報錯的原因就是啟用了靜默模式,我們可以不用指定該參數;-Ws表示master-worker支持單主多子進程;-p表示指定pid文件;根據上面的腳本信息,我們還需要在對應目錄下創建一個配置文件,並根據haproxy的配置文件指定的用戶來創建用戶;
[root@haproxy_node1 haproxy]# cat haproxy.cfg global maxconn 100000 chroot /usr/local/haproxy user haproxy group haproxy daemon # nbproc 4 # cpu-map 1 0 # cpu-map 2 1 # cpu-map 3 2 # cpu-map 4 3 pidfile /run/haproxy.pid log 127.0.0.1 local3 info defaults option http-keep-alive option forwardfor maxconn 100000 mode http timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s listen web_port bind 0.0.0.0:80 mode http log global server web1 192.168.0.22:80 check inter 3000 fall 2 rise 5 [root@haproxy_node1 haproxy]#
提示:以上配置信息,在後續的博客中會著重去說,這裡先不解釋,先把服務跑起來再說;從上面的配置看,我們還需要在系統上創建一個haproxy的用戶;當然如果你不想創建用戶你可以選擇一個你系統上現有用戶即可;建議用haproxy用戶去啟動haproxy;並且把haproxy用戶的shell類型設置成/sbin/nologin
[root@haproxy_node1 haproxy]# useradd -s /sbin/nologin haproxy [root@haproxy_node1 haproxy]# id haproxy uid=1000(haproxy) gid=1000(haproxy) groups=1000(haproxy) [root@haproxy_node1 haproxy]#
接下來我們嘗試用systemctl start haproxy來啟動服務看看對應的80服務是否能夠起來
提示:在啟動前,我們還需要把/usr/local/haproxy/sbin/haproxy 給軟連接至/usr/sbin/下,因為我們在unit file里寫的是這個路徑;除此之外還要執行systemctl daemon-reload 讓systemctl 把haproxy載入到systemd管理;
測試:我們用瀏覽器訪問192.168.0.21:80,看看是否訪問得到我們之前的三台httpd服務?
提示:以上能夠訪問到的原因是,我在上面的配置文件中用listen 指令指定了監聽*:80對應的後端主機上192.168.0.22:80;在最開始的時候我們就用192.168.0.22:80反代後面三台容器;這裡相當於是兩層反代結構,用戶請求發送到192.168.0.21:80,然後192.168.0.21把用戶請求反代之192.168.0.22:80,然後192.168.0.22把請求反代之後端的172.17.0.2、3、4這三台容器上,所以我們在瀏覽器看到的就是後端容器響應的結果;到此haproxy編譯安裝就完成了;後續我會持續更新haproxy的其他配置相關博客,有興趣的朋友可以點點關註,共同學習;