Haproxy
-
- 一、haproxy基本配置信息
- 二、haproxy热处理
- 三、haproxy算法
- 四、haproxy的高级功能及配置
- 五、自定义haproxy错误界面
- [六、haproxy 四层负载](#六、haproxy 四层负载)
- [七、haproxy https实现](#七、haproxy https实现)
一、haproxy基本配置信息
1、haproxy的基本部署
#环境准备
shell
haproxy: 172.25.254.100
webserver1:172.25.254.10
webserver2: 172.25.254.20
#webserver1、webserver2
dnf install nginx -y
[root@webserver1 ~]# echo webserver1 - 172.25.254.10 > /usr/share/nginx/html/index.html
[root@webserver2 ~]# echo webserver2 - 172.25.254.20 > /usr/share/nginx/html/index.html
systemctl enable --now nginx
#访问
curl 172.25.254.10
curl 172.25.254.20
#haproxy
[root@haproxy ~]# dnf install haproxy -y
#haproxy
[root@haproxy ~]# rpm -qc haproxy
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
#下图:两种写法都可以
frontend webcluster
bind *:80
mode http
use_backend webcluster-host
backend webcluster-host
balance rountrobin
server web1 172.25.254.10:80
server web2 172.25.254.20:80
或者
#修改缩进
[root@haproxy ~]# vim ~/.vimrc
set ts=4 ai sw=4
[root@haproxy ~]# systemctl restart haproxy.service
#如果报错
[root@haproxy ~]# > /var/log/messages
[root@haproxy ~]# cat /var/log/messages
# 测试:
[root@haproxy ~]# curl 172.25.254.100
webserver1 - 172.25.254.10
[root@haproxy ~]# curl 172.25.254.100
webserver2 - 172.25.254.20
#当我们停止时nginx时,就不能访问
[root@webserver1 ~]# systemctl stop nginx
[root@haproxy ~]# curl 172.25.254.100
webserver1 - 172.25.254.202、haproxy全局配
shell
#多进程
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
nbproc 2
cpu-map 1 0
cpu-map 2 1
[root@haproxy ~]# systemctl restart haproxy.service
#查看多进程信息
[root@haproxy ~]# pstree -p | grep haproxy
|-haproxy(31828)-+-haproxy(31831)
| `-haproxy(31832)
# 启用多线程
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
nbthread 2
#定义日志
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
log 127.0.0.1 local2
[root@haproxy ~]# systemctl restart haproxy.service
[root@haproxy ~]# vim /etc/rsyslog.conf
module(load="lmudp") #udp的这个打开
input(type="imudp" port="514")
local2.* /var/log/haproxy.log
#查看多线程信息
[root@haproxy ~]# pstree -p | grep haproxy
|-haproxy(31841)---haproxy(31843)---{haproxy}(31844)3、haproxy代理参数
shell
#关掉webserver1\2的,可以访问100的
[root@webserver1 ~]# systemctl stop nginx.service
[root@webserver2 ~]# systemctl stop nginx.service
[root@haproxy ~]# dnf install httpd -y
[root@haproxy ~]# vim /etc/httpd/conf/httpd.conf
#backup --sorryserver 的端口
Listen 8080
[root@haproxy ~]# systemctl enable --now httpd
[root@haproxy ~]# echo sorry > /var/www/html/index.html
[root@haproxy ~]# curl 172.25.254.100
sorry
#如果是开启的话,需在文件里注释掉
[root@webserver1 ~]# systemctl start nginx.service
[root@webserver2 ~]# systemctl start nginx.service
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind *:80
mode http
balance roundrobin
#server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 2
#server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 2
server web_sorry 172.25.254.100:8080 backup
[root@haproxy ~]# systemctl restart haproxy.service
[root@haproxy ~]# for i in {1..10}; do curl 172.25.254.100; done
webserver1 - 172.25.254.10
webserver1 - 172.25.254.20
webserver1 - 172.25.254.10
webserver1 - 172.25.254.20
#下线指定realserver
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind *:80
mode http
balance roundrobin
server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 2 disabled
server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 2
server web_sorry 172.25.254.100:8080 backup
[root@haproxy ~]# systemctl restart haproxy.service
[root@haproxy ~]# for i in {1..10}; do curl 172.25.254.100; done
webserver1 - 172.25.254.20
webserver1 - 172.25.254.20
#网页重定向
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind *:80
mode http
balance roundrobin
redirect prefix http://www.baidu.com/
#server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 2
#server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 2
#server web_sorry 172.25.254.100:8080 backup
[root@haproxy ~]# systemctl restart haproxy.service 二、haproxy热处理
shell
[root@haproxy ~]# dnf install socat -y
[root@haproxy ~]# echo "set weight webcluster/web1 1" | socat stdio /var/lib/haproxy/stats
[root@haproxy ~]# for i in {1..10}; do curl 172.25.254.100; done
webserver1 - 172.25.254.10
webserver2 - 172.25.254.20
webserver2 - 172.25.254.20
webserver1 - 172.25.254.10
[root@haproxy ~]# echo "set weight webcluster/web1 2" | socat stdio /var/lib/haproxy/stats
[root@haproxy ~]# for i in {1..10}; do curl 172.25.254.100; done
webserver2 - 172.25.254.20
webserver1 - 172.25.254.10
webserver2 - 172.25.254.20
webserver1 - 172.25.254.10
[root@haproxy ~]# echo "disable server webcluster/web1 " | socat stdio /var/lib/haproxy/stats
[root@haproxy ~]# for i in {1..10}; do curl 172.25.254.100; done
webserver2 - 172.25.254.20
webserver2 - 172.25.254.20
webserver2 - 172.25.254.20
[root@haproxy ~]# echo "enable server webcluster/web1 " | socat stdio /var/lib/haproxy/stats
[root@haproxy ~]# for i in {1..10}; do curl 172.25.254.100; done
webserver2 - 172.25.254.20
webserver1 - 172.25.254.10
webserver2 - 172.25.254.20
webserver1 - 172.25.254.10
#haproxy多进程如何热处理
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
global
stats socket /var/lib/haproxy/stats1 mode 600 level admin process 1
stats socket /var/lib/haproxy/stats2 mode 600 level admin process 2
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
nbproc 2
cpu-map 1 0
cpu-map 2 1
[root@haproxy ~]# systemctl restart haproxy.service
[root@haproxy ~]# ls /var/lib/haproxy/*
/var/lib/haproxy/stats /var/lib/haproxy/stats1 /var/lib/haproxy/stats2三、haproxy算法
1.静态算法
static-rr
不能通过socat修改权重
shell
# 不要多进程
stats socket /var/lib/haproxy/stats mode 600 level admin
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind *:80
mode http
#balance roundrobin
balance static-rr
server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 2
server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
[root@haproxy ~]# systemctl restart haproxy.service
# 测试
[root@haproxy ~]# for i in {1..10}; do curl 172.25.254.100; done
webserver1 - 172.25.254.10
webserver1 - 172.25.254.10
webserver2 - 172.25.254.20
webserver1 - 172.25.254.10
webserver1 - 172.25.254.10
webserver2 - 172.25.254.20
webserver1 - 172.25.254.10
webserver1 - 172.25.254.10
webserver2 - 172.25.254.20
webserver1 - 172.25.254.102、first
其只会当第一台服务器的连接数达到上限,新请求才会分配给下一台服务
其会忽略服务器的权重设置
不支持用socat进行动态修改权重,可以设置0和1,可以设置其它值但无效
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind *:80
mode http
#balance roundrobin
#balance static-rr
balance first
server web1 172.25.254.10:80 maxconn 1 check inter 2 fall 3 rise 5 weight 2
server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
[root@haproxy ~]# systemctl restart haproxy.service
# 测试: 多台主机执行死循环,可看到
[root@webserver1 ~]# while true ; do curl 172.25.254.100; sleep 0.1 ; done
[root@webserver2 ~]# while true ; do curl 172.25.254.100; sleep 0.1 ; done2.动态算法
1.roundrobin
给权重高负载小的
基于权重的轮询动态调度算法,
支持权重的运行时调整,不同于lvs中的rr轮训模式,
HAProxy中的roundrobin支持慢启动(新加的服务器会逐渐增加转发数
shell
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind *:80
mode http
balance roundrobin
#balance static-rr
#balance first
server web1 172.25.254.10:80 maxconn 1 check inter 2 fall 3 rise 5 weight 2
server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
[root@haproxy ~]# systemctl restart haproxy.service
#测试
[root@haproxy ~]# for i in {1..10}; do curl 172.25.254.100; done
webserver2 - 172.25.254.20
webserver1 - 172.25.254.10
webserver2 - 172.25.254.20
webserver1 - 172.25.254.10
webserver1 - 172.25.254.10
webserver1 - 172.25.254.10
webserver1 - 172.25.254.10
webserver2 - 172.25.254.20
webserver1 - 172.25.254.10
webserver2 - 172.25.254.202.leastconn
谁链接最少给谁
shell
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind *:80
mode http
#balance static-rr
#balance first
#balance roundrobin
balance leastconn
server web1 172.25.254.10:80 maxconn 1 check inter 2 fall 3 rise 5 weight 2
server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
[root@haproxy ~]# systemctl restart haproxy.service
#测试
[root@haproxy ~]# for i in {1..10}; do curl 172.25.254.100; done
webserver1 - 172.25.254.10
webserver2 - 172.25.254.20
webserver1 - 172.25.254.10
webserver2 - 172.25.254.20
webserver1 - 172.25.254.10
webserver2 - 172.25.254.20
webserver1 - 172.25.254.10
webserver2 - 172.25.254.20
webserver1 - 172.25.254.10
webserver2 - 172.25.254.203.其他算法
其他算法有hash-type contsistent是动态,没有是静态
shell
source
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind *:80
mode http
#balance static-rr
#balance first
#balance roundrobin
#balance leastconn
balance source
server web1 172.25.254.10:80 maxconn 1 check inter 2 fall 3 rise 5 weight 2
server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
[root@haproxy ~]# systemctl restart haproxy.service
#测试
[root@haproxy ~]# for i in {1..10}; do curl 172.25.254.100; done
webserver2 - 172.25.254.20
webserver2 - 172.25.254.20
webserver2 - 172.25.254.20
webserver2 - 172.25.254.20
webserver2 - 172.25.254.20
webserver2 - 172.25.254.20
webserver2 - 172.25.254.20
webserver2 - 172.25.254.20
webserver2 - 172.25.254.20
webserver2 - 172.25.254.20
shell
uri
#webserver1上
[root@webserver1 ~]# echo 172.25.254.10 - index1.html > /usr/share/nginx/html/index1.html
[root@webserver1 ~]# echo 172.25.254.10 - index2.html > /usr/share/nginx/html/index2.html
[root@webserver1 ~]# echo 172.25.254.10 - index3.html > /usr/share/nginx/html/index3.html
#webserver2
[root@webserver2 ~]# echo 172.25.254.20 - index1.html > /usr/share/nginx/html/index1.html
[root@webserver2 ~]# echo 172.25.254.20 - index2.html > /usr/share/nginx/html/index2.html
[root@webserver2 ~]# echo 172.25.254.20 - index3.html > /usr/share/nginx/html/index3.html
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind *:80
mode http
#balance roundrobin
#balance leastconn
#balance static-rr
#balance first
#balance source
balance uri
hash-type consistent
server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 2
server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
[root@haproxy ~]# systemctl restart haproxy.service
#测试
[root@haproxy ~]# curl 172.25.254.100/index1.html
172.25.254.10 - index1.html
[root@haproxy ~]# curl 172.25.254.100/index2.html
172.25.254.20 - index2.html
[root@haproxy ~]# curl 172.25.254.100/index3.html
172.25.254.10 - index3.html
shell
url_param
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind *:80
mode http
#balance roundrobin
#balance leastconn
#balance static-rr
#balance first
#balance source
#balance uri
balance url_param name,userid
hash-type consistent
server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 2
server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
[root@haproxy ~]# systemctl restart haproxy.service
#测试
[root@haproxy ~]# curl 172.25.254.100/index1.html?name=test
172.25.254.10 - index1.html
[root@haproxy ~]# curl 172.25.254.100/index1.html?name=haha
172.25.254.20 - index1.html
[root@haproxy ~]# curl 172.25.254.100/index1.html?name=xixi
172.25.254.10 - index1.html
[root@haproxy ~]# curl 172.25.254.100/index1.html?name=test
172.25.254.10 - index1.html
[root@haproxy ~]# curl 172.25.254.100/index1.html?name=haha
172.25.254.20 - index1.html
hdr
不同浏览器访问不同
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind *:80
mode http
#balance roundrobin
#balance leastconn
#balance static-rr
#balance first
#balance source
#balance uri
#balance url_param name,userid
balance hdr(User-Agent)
hash-type consistent
server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 2
server web2 172.25.254.20:80 check inter 2 fall 3 rise 5 weight 1
[root@haproxy ~]# systemctl restart haproxy.service
#测试 -vA 伪装浏览器
[root@haproxy ~]# curl -vA "firefox" 172.25.254.100/index.html四、haproxy的高级功能及配置
1、haproxy的状态页
shell
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen stats
mode http
bind *:9999
stats enable
stats refresh 3
stats uri /status #自定义stats page uri
stats auth lee:lee #认证,可出现多次
访问浏览器:172.25.254.100:9999/status2、基于cookie的会话保持
在一个浏览器访问后,会记住选择,之后刷新一直是该后端主机,另一个浏览器访问则是另一个后端主机
shell
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
balance roundrobin
cookie WEBCOOKIE insert nocache indirect
server web1 172.25.254.10:80 cookie lee1 check inter 2 fall 3 rise 5 weight 2
server web2 172.25.254.20:80 cookie lee2 check inter 2 fall 3 rise 5 weight 1
[root@haproxy ~]# systemctl restart haproxy.service
[root@haproxy ~]# curl -b WEBCOOKIE=lee1 172.25.254.100
webserver1 - 172.25.254.10
[root@haproxy ~]# curl -b WEBCOOKIE=lee2 172.25.254.100
webserver2 - 172.25.254.20
3、IP透传
七层代理
七层代理 mode--->http
shell
#webserver1
[root@webserver1 ~]# systemctl disable nginx
[root@webserver1 ~]# systemctl stop nginx
[root@webserver1 ~]# dnf install httpd -y
[root@webserver1 ~]# echo webserver1 - 172.25.254.10 > /var/www/html/index.html
[root@webserver1 ~]# vim /etc/httpd/conf/httpd.conf
如下图标注
%{X-Forwarded-For}i
[root@webserver1 ~]# systemctl enable --now httpd
#测试
[root@webserver1 ~]# tail -n 3 /etc/httpd/logs/access_log
[root@webserver2 ~]# tail -3 /var/log/nginx/access.log
有IP地址
# 如果把option forwardfor except 127.0.0.0/8 注释掉则没有IP地址四层代理
四层代理mode--->tcp
看不到IP地址
shell
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
mode tcp
server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 2
server web2 172.25.254.20:80 send-proxy check inter 2 fall 3 rise 5 weight 1
[root@haproxy ~]# systemctl restart haproxy.service
#webserver2
[root@webserver2 ~]#
vim /etc/nginx/nginx.conf
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request"'
' "$proxy_protocol_addr"'
server {
listen 80 proxy_protocol;
[root@webserver2 ~]# systemctl restart nginx
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
server web1 172.25.254.10:80 check inter 2 fall 3 rise 5 weight 2
server web2 172.25.254.20:80 send-proxy check inter 2 fall 3 rise 5 weight 1
[root@haproxy ~]# systemctl restart haproxy.service
# 测试
[root@webserver2 ~]# tail -n 3 /var/log/nginx/access.log
[root@webserver1 ~]# tail -n 3 /etc/httpd/logs/access_log
再次访问后,查看日志可以看到地址4、ACL常用参数
匹配域名
shell
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
frontend webcluster
bind *:80
mode http
acl test hdr_dom(host) -i www.timinglee.org #判断规则
use_backend webcluster-host if test #是访问webcluster-host
default_backend default-host #不是访问default-host
backend webcluster-host
mode http
server web1 172.25.254.10:80 check inter 2 fall 2 rise 5
backend default-host
mode http
server web2 172.25.254.20:80 check inter 2 fall 2 rise 5
[root@haproxy ~]# systemctl restart haproxy.service
#注意 做这个要把四层代理proxy_protocol这个参数删掉
# 测试
[root@haproxy ~]# curl 172.25.254.100
webserver2 - 172.25.254.20
[root@haproxy ~]# curl www.timinglee.org
webserver1 - 172.25.254.10
以什么什么结尾
frontend webcluster
bind *:80
mode http
acl test hdr_end(host) -i .org
use_backend webcluster-host if test
default_backend default-host
#测试
[root@haproxy ~]# curl 172.25.254.100
webserver2 - 172.25.254.20
[root@haproxy ~]# curl www.timinglee.org
webserver1 - 172.25.254.10
[root@haproxy ~]# curl www.timinglee.com
webserver2 - 172.25.254.20
以什么什么开头
frontend webcluster
bind *:80
mode http
acl test hdr_beg(host) -i bbs
use_backend webcluster-host if test
default_backend default-host
#测试
[root@haproxy ~]# curl www.timinglee.org
webserver2 - 172.25.254.20
[root@haproxy ~]# curl bbs.timinglee.org
webserver1 - 172.25.254.10
base
frontend webcluster
bind *:80
mode http
#acl test hdr_beg(host) -i bbs
acl test base_sub -m sub lee #只要包含lee就是匹配成功
use_backend webcluster-host if test
default_backend default-host
[root@webserver1 ~]# mkdir /var/www/html/lee -p
[root@webserver1 ~]# echo 172.25.254.10 lee > /var/www/html/lee/index.html
[root@webserver1 ~]# curl 172.25.254.10/lee/
172.25.254.10 lee
#测试
[root@haproxy ~]# curl www.timinglee.com
webserver1 - 172.25.254.10
[root@haproxy ~]# curl bbs.timinglee.org
webserver1 - 172.25.254.10
[root@haproxy ~]# curl www.test.com
webserver2 - 172.25.254.20
[root@haproxy ~]# curl www.test.com/lee/
172.25.254.10 lee5、ACL应用实例
基于源IP或子网调度访问
注意一定要有解析!!!!
shell
frontend webcluster
bind *:80
mode http
acl domain hdr_dom(host) -i www.timinglee.org
use_backend webcluster-host if domain
default_backend default-host
#测试
[root@haproxy ~]# curl www.test.com
webserver2 - 172.25.254.20
[root@haproxy ~]# curl www.timinglee.org
webserver1 - 172.25.254.10
基于源地址的访问控制
拒绝指定IP或者IP范围访问
frontend webcluster
bind *:80
mode http
acl ctrl_ip src 172.25.254.1 172.25.254.20
use_backend webcluster-host if ctrl_ip
default_backend default-host
#测试
[root@haproxy ~]# curl 172.25.254.100
webserver2 - 172.25.254.20
[root@webserver2 ~]# curl 172.25.254.100
webserver1 - 172.25.254.10
匹配浏览器类型
匹配客户端浏览器,将不同类型的浏览器调动至不同的服务器组、
范例: 拒绝curl和wget的访问
frontend webcluster
bind *:80
mode http
acl badwebrowers hdr_sub(User-Agent) -i curl wget
#use_backend webcluster-host if webrowers
http-request deny if badwebrowers
default_backend default-host
# 测试
去浏览器访问
基于文件后缀名实现动静分离
[root@webserver1 ~]# dnf install php -y
[root@webserver1 ~]# systemctl restart httpd
[root@webserver1 ~]# vim /var/www/html/index.php
[root@webserver1 ~]# cat /var/www/html/index.php
<?php
phpinfo();
?>
#haproxy
frontend webcluster
bind *:80
mode http
acl static path_end -i .html .jpg .png .css .js
acl php path_end -i .php
use_backend webcluster-host if php
default_backend default-host
# 测试浏览器进行测试
五、自定义haproxy错误界面
基于自定义的错误页面文件
shell
#webserver1\2主机上
system stop httpd/nginx
#haproxy主机上
[root@haproxy ~]# mkdir /etc/haproxy/errorpage -p
[root@haproxy ~]# vim /etc/haproxy/errorpage/503.http
HTTP/1.0 503 Service Unavailable
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8
<html><body><h1>什么动物生气最安静</h1>
大猩猩!!!
</body></html>
[root@haproxy ~]# vim /etc/haproxy/haproxy.conf
defaults
errorfile 503 /etc/haproxy/errorpage/503.http
[root@haproxy ~]# systemctl restart haproxy.service
#测试
然后用浏览器去访问172.25.254.100
基于http重定向错误页面
#错误页面重定向
errorloc <code> <url>
#相当于errorloc302 <code> <url>,利用302重定向至指URL
#示例:
errorloc 503 https://www.baidu.com
# 实验
[root@haproxy ~]# vim /etc/haproxy/haproxy.conf
errorloc 503 https://www.baidu.com
[root@haproxy ~]# systemctl restart haproxy.service
#测试
然后用浏览器去访问172.25.254.100
六、haproxy 四层负载
shell
# webserver1\2\3
dnf install mariadb-server -y
#webserver1
vim /etc/my.cnf.d/mariadb-server.cnf
[mysqld]
server-id=1
systemctl start mariadb
mysql
> SELECT @@server_id;
> CREATE USER lee@'%' identified by 'lee'; #创建用户
> GRANT ALL ON *.* TO lee@'%';
netstat -antup | grep 3306
#webserver2
vim /etc/my.cnf.d/mariadb-server.cnf
[mysqld]
server-id=2
systemctl start mariadb
mysql
> SELECT @@server_id;
> CREATE USER lee@'%' identified by 'lee';
> GRANT ALL ON *.* TO lee@'%';
netstat -antup | grep 3306
#haproxy
dnf whatprovides */mysql
dnf install mariadb-server -y
mysql -uroot -h 172.25.254.10 #如果没有在webserver上加远程登录用户,则不能登录
vim /etc/haproxy/haproxy.conf
listen dbserver
bind *:3306
mode tcp
balance static-rr
server db1 172.25.254.10:3306 check inter 2 fall 2 rise 5
server db2 172.25.254.20:3306 check inter 2 fall 2 rise 5
systemctl restart haproxy
netstat -antup | grep 3306
# 测试
[root@haproxy ~]# mysql -ulee -plee -h 172.25.254.100
> SELECT @@server_id;七、haproxy https实现
shell
#haproxy
#证书制作
[root@haproxy ~]# mkdir -p /etc/haproxy/certs
[root@haproxy ~]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /etc/haproxy/certs/timinglee.org.key -x509 -days 356 -out /etc/haproxy/certs/timinglee.org.crt
CD shannxi XIan timinglee webserver www.timinglee.org admin@timinglee.org
[root@haproxy ~]# ls /etc/haproxy/certs/
[root@haproxy ~]# cat /etc/haproxy/certs/timinglee.org.key /etc/haproxy/certs/timinglee.org.crt > /etc/haproxy/certs/timinglee.pem
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
frontend webcluster
bind *:80
mode http
redirect scheme https if !{ ssl_fc } #全网站加密
backend webcluster-host
mode http
server web1 172.25.254.10:80 check inter 2 fall 2 rise 5
backend default-host
mode http
server web2 172.25.254.20:80 check inter 2 fall 2 rise 5
listen web-https
bind *:443 ssl crt /etc/haproxy/certs/timinglee.pem
mode http
balance roundrobin
server web1 172.25.254.10:3306 check inter 2 fall 2 rise 5
server web2 172.25.254.20:3306 check inter 2 fall 2 rise 5
[root@haproxy ~]# systemctl restart haproxy
[root@haproxy ~]# netsata -antup | grep 443
测试:
开启webserver1\2的服务
访问https://172.25.254.100