负载均衡入门:HAProxy 双 Web 节点集群配置与验证

市安2026-01-28 8:15

HAProxy安装

为了更好的快速掌握 HAProxy 的安装和使用,我们以一个案例来进行讲解。首先根据以下要求进行虚拟机的克隆。

编号 主机 IP 软件 系统
1 lb01 192.168.72.100 haproxy redhat 9.7
2 web1 192.168.72.10 nginx redhat 9.7
3 web2 192.168.72.20 nginx redhat 9.7

1.1 搭建Web1

1、克隆一台虚拟机,初始化虚拟机(ip ,主机名,关闭防火墙,selinux)

root@node1 \~\]# hostnamectl set-hostname web1\&\&bash \[root@web1 \~\]# systemctl disable firewalld.service Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service". Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service". \[root@web1 \~\]# setenforce 0 \[root@web1 \~\]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/config

下载nginx

root@web1 \~\]# dnf install nginx -y Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register. BaseOS 2.7 MB/s \| 2.7 kB 00:00 AppStream 3.1 MB/s \| 3.2 kB 00:00 Package nginx-2:1.20.1-22.el9.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete!

修改欢迎页

root@web1 \~\]# echo "$(hostname) $(hostname -I)" \> /usr/share/nginx/html/index.html \[root@web1 \~\]# echo "health" \> /usr/share/nginx/html/test.html

启动nginx并测试

root@web1 \~\]# systemctl start nginx \[root@web1 \~\]# curl localhost web1 192.168.72.10 \[root@web1 \~\]# curl 192.168.72.10 web1 192.168.72.10 \[root@web1 \~\]#

1.2 搭建Web2

1、克隆一台虚拟机,初始化虚拟机(ip ,主机名,关闭防火墙,selinux)

root@node1 \~\]# hostnamectl set-hostname web2\&\&bash \[root@web2 \~\]# systemctl disable firewalld.service Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service". Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service". \[root@web2 \~\]# setenforce 0 \[root@web2 \~\]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/config

下载nginx

root@web2 \~\]# dnf install nginx -y Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register. BaseOS 2.7 MB/s \| 2.7 kB 00:00 AppStream 3.1 MB/s \| 3.2 kB 00:00 Package nginx-2:1.20.1-22.el9.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! \[root@web2 \~\]#

root@web2\~\]# echo "$(hostname) $(hostname -I)" \> /usr/share/nginx/html/index.html \[root@web2 \~\]# echo "health" \> /usr/share/nginx/html/test.html

启动nginx并测试

root@web2 \~\]# systemctl start nginx \[root@web2\~\]# curl localhost web1 192.168.72.20 \[root@web2\~\]# curl 192.168.72.20 web1 192.168.72.20 \[root@web2 \~\]#

1.3 搭建HAProxy

1、克隆一台虚拟机,初始化虚拟机(ip ,主机名,关闭防火墙,selinux)

root@node1 \~\]# hostnamectl set-hostname lb1\&\&bash \[root@lb1 \~\]# systemctl disable firewalld.service Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service". Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service". \[root@lb1 \~\]# setenforce 0 \[root@lb1 \~\]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/config

root@lb1 \~\]# dnf install haproxy -y Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register. BaseOS 2.7 MB/s \| 2.7 kB 00:00 AppStream 3.1 MB/s \| 3.2 kB 00:00 Dependencies resolved. ============================================================================================================================ Package Architecture Version Repository Size ============================================================================================================================ Installing: haproxy x86_64 2.4.22-4.el9 AppStream 2.2 M Transaction Summary ============================================================================================================================ Install 1 Package Total size: 2.2 M Installed size: 6.6 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: haproxy-2.4.22-4.el9.x86_64 1/1 Installing : haproxy-2.4.22-4.el9.x86_64 1/1 Running scriptlet: haproxy-2.4.22-4.el9.x86_64 1/1 Verifying : haproxy-2.4.22-4.el9.x86_64 1/1 Installed products updated. Installed: haproxy-2.4.22-4.el9.x86_64 Complete!

root@lb1 \~\]# haproxy -v HAProxy version 2.4.22-f8e3218 2023/02/14 - https://haproxy.org/ Status: long-term supported branch - will stop receiving fixes around Q2 2026. Known bugs: http://www.haproxy.org/bugs/bugs-2.4.22.html Running on: Linux 5.14.0-570.12.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Apr 4 10:41:31 EDT 2025 x86_64

查看配置文件路径

root@lb1 \~\]# rpm -qc haproxy /etc/haproxy/haproxy.cfg # 核心配置文件路径 /etc/logrotate.d/haproxy /etc/sysconfig/haproxy # 启动选项所在文件

修改配置文件

root@lb1 \~\]# cp /etc/haproxy/haproxy.cfg{,.bak} \[root@lb1 \~\]# vim /etc/haproxy/haproxy.cfg \[root@lb1 \~\]# cat /etc/haproxy/haproxy.cfg #--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # https://www.haproxy.org/download/1.8/doc/configuration.txt # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon stats socket /var/lib/haproxy/stats ssl-default-bind-ciphers PROFILE=SYSTEM ssl-default-server-ciphers PROFILE=SYSTEM defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 frontend main bind \*:80 default_backend webcluster backend webcluster balance roundrobin option httpchk GET /test.html server web1 192.168.72.10:80 check inter 2000 rise 2 fall 2 weight 2 server web2 192.168.72.20:80 check inter 2000 rise 2 fall 2 weight 2 listen admin_status bind \*:9129 stats refresh 30s stats uri /admin stats auth admin:admin123 stats hide-version stats admin if TRUE

启动haproxy

root@lb1 \~\]# systemctl start haproxy \[root@lb1 \~\]# systemctl stop firewalld 打开浏览器访问 [http://192.168.72.100:9129/admin](http://192.168.72.100:9129/admin "http://192.168.72.100:9129/admin") 输出后,会弹出输入用户名和密码的窗口,我们输入在配置文件中配置的用户名(admin)和密码(admin123)后就可以登录成功。登录成功后就可以看到如下的界面了。 ![](https://i-blog.csdnimg.cn/direct/5295679ef189433cb52e5a0195bd9c7b.png)

相关推荐
小草cys5 小时前
在 openEuler 上安装 DDE 图形桌面环境(适用于华为鲲鹏服务器/PC)
运维·服务器
wenzhangli712 小时前
OoderAgent SDK(0.6.6) UDP通讯与协议测试深度解析
网络·网络协议·udp
天才奇男子12 小时前
HAProxy高级功能全解析
linux·运维·服务器·微服务·云原生
安科士andxe12 小时前
60km 远距离通信新选择:AndXe SFP-155M 单模单纤光模块深度测评
网络·信息与通信
小李独爱秋12 小时前
“bootmgr is compressed”错误:根源、笔记本与台式机差异化解决方案深度指南
运维·stm32·单片机·嵌入式硬件·文件系统·电脑故障
学嵌入式的小杨同学12 小时前
【Linux 封神之路】信号编程全解析:从信号基础到 MP3 播放器实战(含核心 API 与避坑指南)
java·linux·c语言·开发语言·vscode·vim·ux
Dxy123931021613 小时前
413 Request Entity Too Large 原因与解决方案
nginx
酥暮沐13 小时前
iscsi部署网络存储
linux·网络·存储·iscsi
darkb1rd13 小时前
四、PHP文件包含漏洞深度解析
网络·安全·php
❀͜͡傀儡师13 小时前
centos 7部署dns服务器
linux·服务器·centos·dns
热门推荐
01GitHub 镜像站点02Claude Code + GLM4.7 避坑指南:解决 Unable to connect to Anthropic services03使用 1panel面板 部署 php网站04Vue-skills的中文文档05OpenClaw Chrome扩展使用教程 - 浏览器中继控制06让 Trae IDE 智能体 “读懂”文档 Excel+PDF+DOCX :mcp-documents-reader 工具使用指南07从零搭建一个 PHP 登录注册系统(含完整源码)08UV安装并设置国内源09Linux下V2Ray安装配置指南10一文了解国产算子编程语言 TileLang,TileLang 对国产开源生态的影响与启示