HAPORXY实验环境

HAProxy 实验介绍

HAProxy 实验是基于高性能 TCP/HTTP 反向代理与负载均衡工具 HAProxy，搭建高可用、可扩展服务架构的实操项目，核心是掌握负载均衡、会话保持、健康检查、ACL 访问控制、状态监控等核心功能，常用于 Web 服务、API 网关、数据库代理等场景。

一、实验核心目标

1. 掌握 HAProxy 的安装、基础配置与服务管理。
2. 实现7 层（HTTP）/4 层（TCP）负载均衡，验证轮询、加权轮询、源 IP 哈希等调度算法。
3. 配置后端服务器健康检查，实现故障自动剔除与恢复。
4. 实现基于 Cookie / 源 IP 的会话保持，适配有状态应用（如登录、购物车）。
5. 启用HAProxy 状态监控页，可视化集群运行状态。
6. 掌握ACL 规则，实现基于域名、路径、IP 的请求路由与访问控制。

二、实验环境准备（典型 3 节点架构）

表格

角色	主机名	IP 地址	安装软件	端口
HAProxy 负载均衡器	haproxy	192.168.1.10	haproxy	80（业务）、4321（状态页）
后端 Web 服务器 1	web1	192.168.1.20	httpd/nginx	80
后端 Web 服务器 2	web2	192.168.1.30	httpd/nginx	80

说明：所有节点关闭防火墙（systemctl stop firewalld）、禁用 SELinux（setenforce 0），确保网络互通。

三、实验环境

1.haproxy主机

[root@haproxy ~]# vmset.sh eth0 172.25.254.100 haproxy
连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/7）
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:0c:6f:ee brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    altname ens160
    inet 172.25.254.100/24 brd 172.25.254.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe0c:6fee/64 scope link tentative noprefixroute
       valid_lft forever preferred_lft forever
haproxy
[root@haproxy ~]# vmset.sh eth1 192.168.0.100 haproxy norouter
连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/8）
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:0c:6f:f8 brd ff:ff:ff:ff:ff:ff
    altname enp19s0
    altname ens224
    inet 192.168.0.100/24 brd 192.168.0.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::4ca7:8cde:1244:8df/64 scope link tentative noprefixroute
       valid_lft forever preferred_lft forever
haproxy


#配置内核路由功能
[root@haproxy ~]# echo net.ipv4.ip_forward=1 > /etc/sysctl.conf
[root@haproxy ~]# sysctl -p
net.ipv4.ip_forward = 1

2.webserver1

[root@webserver1 ~]# vmset.sh eth0 192.168.0.10 webserver1 noroute
连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/4）
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:8c:96:72 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    altname ens160
    inet 192.168.0.10/24 brd 192.168.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe8c:9672/64 scope link tentative noprefixroute
       valid_lft forever preferred_lft forever
webserver1

[root@webserver1 ~]# dnf install httpd -y
root@webserver1 ~]# echo webserver1 - 192.168.0.10 > /var/www/html/index.html
[root@webserver1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.

2.webserver2

[root@webserver2 ~]# vmset.sh eth0 192.168.0.20 webserver2 noroute
连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/4）
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:8c:96:72 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    altname ens160
    inet 192.168.0.20/24 brd 192.168.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe8c:9672/64 scope link tentative noprefixroute
       valid_lft forever preferred_lft forever
webserver2
[root@webserver2 ~]# dnf install httpd -y 
[root@webserver2 ~]#  echo webserver2 - 192.168.0.20 > /var/www/html/index.html
[root@webserver2 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.

4.验证环境

#在haproxy中访问
[root@haproxy ~]# curl  192.168.0.10
webserver1 - 192.168.0.10
[root@haproxy ~]# curl  192.168.0.20
webserver2 - 192.168.0.20

四、Haproxy算法实验

1.static-rr

[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
    bind        *:80
    balance     static-rr
    server haha 192.168.0.10:80 check inter 3s fall 3 rise 5 weight 2
    server hehe 192.168.0.20:80 check inter 3s fall 3 rise 5 weight 1


[root@haproxy ~]# systemctl restart haproxy.service

#测试
[Administrator.DESKTOP-VJ307M3] ➤ for i in {1..10}; do curl 172.25.254.100; done
webserver1 - 192.168.0.10
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10


#检测是否支持热更新
[root@haproxy ~]# echo "get  weight webcluster/haha" | socat  stdio /var/lib/haproxy/stats
2 (initial 2)

[root@haproxy ~]# echo "set  weight  webcluster/haha 1  " | socat stdio /var/lib/haproxy/stats       Backend is using a static LB algorithm and only accepts weights '0%' and '100%'

2.first

[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
    bind        *:80
    balance     first
    server haha 192.168.0.10:80 maxconn 1 check inter 3s fall 3 rise 5 weight 2
    server hehe 192.168.0.20:80 check inter 3s fall 3 rise 5 weight 1


[root@haproxy ~]# systemctl restart haproxy.service


#测试：在一个shell中执行持续访问
[Administrator.DESKTOP-VJ307M3] ➤ while true; do curl 172.25.254.100; done
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
.... .....

#在其他设立了中建立持续访问并观察
Administrator.DESKTOP-VJ307M3] ➤  while true; do curl 172.25.254.100; done
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10						#此处出现10信息
webserver2 - 192.168.0.20

五、HAProxy状态页

[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen stats
    mode        http
    bind 0.0.0.0:4321
    stats       enable
    log         global
#   stats       refresh
    stats uri   /status
    stats auth  lee:lee
[root@haproxy ~]# systemctl restart haproxy.service

[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen stats
    mode        http
    bind 0.0.0.0:4321
    stats       enable
    log         global
    stats       refresh   1
    stats uri   /status
    stats auth  lee:lee
[root@haproxy ~]# systemctl restart haproxy.service