HAProxy学习总结

一、实验环境搭建

1.1 HAProxy主机网络配置

配置第一块网卡（外网）：

vmset.sh ens160 192.168.58.3 haproxy

配置第二块网卡（内网，不设置默认路由）：

vmset.sh ens224 192.168.0.100 haproxy noroute

启用内核IP转发功能：

echo net.ipv4.ip_forward=1 > /etc/sysctl.conf

sysctl -p

[root@haproxy ~]# vmset.sh ens160 192.168.58.3 haproxy
[root@haproxy ~]# vmset.sh ens224 192.168.0.100 haproxy noroute

#配置内核路由功能
[root@haproxy ~]# echo net.ipv4.ip_forward=1 > /etc/sysctl.conf
[root@haproxy ~]# sysctl -p

1.2 WebServer1配置

配置网卡：

vmset.sh ens160 192.168.0.10 webserver1 noroute

安装并配置Apache：

dnf install httpd -y

echo webserver1 - 192.168.0.10 > /var/www/html/index.html

systemctl enable --now httpd

[root@webserver1 ~]# vmset.sh ens160 192.168.0.10 webserver1 noroute
[root@webserver1 ~]# dnf install httpd -y
root@webserver1 ~]# echo webserver1 - 192.168.0.10 > /var/www/html/index.html
[root@webserver1 ~]# systemctl enable --now httpd

1.3 WebServer2配置

配置网卡：

vmset.sh ens160 192.168.0.20 webserver2 noroute

安装并配置Apache：

dnf install httpd -y

echo webserver2 - 192.168.0.20 > /var/www/html/index.html

systemctl enable --now httpd

[root@webserver2 ~]# vmset.sh ens160 192.168.0.20 webserver2 noroute
[root@webserver2 ~]# dnf install httpd -y 
[root@webserver2 ~]#  echo webserver2 - 192.168.0.20 > /var/www/html/index.html
[root@webserver2 ~]# systemctl enable --now httpd

1.4 环境验证

在HAProxy主机上测试访问后端服务器：

curl 192.168.0.10

curl 192.168.0.20

#在haproxy中访问
[root@haproxy ~]# curl  192.168.0.10
webserver1 - 192.168.0.10
[root@haproxy ~]# curl  192.168.0.20
webserver2 - 192.168.0.20

二、HAProxy安装与基础配置

2.1 安装HAProxy

dnf install haproxy.x86_64 -y

systemctl enable --now haproxy

#在调度器（双网卡主机中）
[root@haproxy ~]# dnf install haproxy.x86_64 -y
[root@haproxy ~]# systemctl enable --now haproxy
Created symlink /etc/systemd/system/multi-user.target.wants/haproxy.service → /usr/lib/systemd/system/haproxy.service.

2.2 前后端分离配置模式

设置vim缩进：

vim ~/.vimrc

set ts=4 ai

编辑HAProxy配置文件：

vim /etc/haproxy/haproxy.cfg

frontend webcluster

bind *:80

mode http

use_backend webserver-80

backend webserver-80

server web1 192.168.0.10:80 check inter 3s fall 3 rise 5

server web2 192.168.0.20:80 check inter 3s fall 3 rise 5

重启服务：

systemctl restart haproxy.service

测试负载均衡效果：

curl 192.168.58.3

curl 192.168.58.3

2.3 Listen方式配置

vim /etc/haproxy/haproxy.cfg

listen webcluster

bind *:80

mode http

server haha 192.168.0.10:80 check inter 3s fall 3 rise 5

server hehe 192.168.0.20:80 check inter 3s fall 3 rise 5

重启服务：

systemctl restart haproxy.service

#设定vim中tab键的空格个数
[root@haproxy ~]# vim ~/.vimrc

#前后端分开设定
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
[root@haproxy ~]# systemctl restart haproxy.service

#测试：
[root@haproxy ~]# curl  192.168.58.3
webserver2 - 192.168.0.20
[root@haproxy ~]# curl  192.168.58.3
webserver1 - 192.168.0.10

#用listen方式书写负载均衡
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
[root@haproxy ~]# systemctl restart haproxy.service

#测试
[root@haproxy ~]# curl  192.168.58.3
[root@haproxy ~]# curl  192.168.58.3

三、日志配置实验

3.1 在日志服务器上配置rsyslog

编辑rsyslog配置文件：

vim /etc/rsyslog.conf

取消注释以下两行：

module(load="imudp")

input(type="imudp" port="514")

重启rsyslog服务：

systemctl restart rsyslog.service

验证端口是否开启：

netstat -antlupe | grep rsyslog

#在192.168.0.10 开启接受日志的端口
[root@webserver1 ~]# vim /etc/rsyslog.conf
[root@webserver1 ~]# systemctl restart rsyslog.service

#测试接受日志端口是否开启
[root@webserver1 ~]# netstat -antlupe | grep rsyslog
#在haproxy主机中设定日志发送信息
[root@haproxy haproxy]# vim haproxy.cfg
[root@haproxy haproxy]# systemctl restart haproxy.service

#验证
─
[2026-01-23 15:13.54]  ~
[Administrator.DESKTOP-VJ307M3] ➤ curl 192.168.58.3
[2026-01-23 15:19.05]  ~
[Administrator.DESKTOP-VJ307M3] ➤ curl 192.168.58.3

[root@webserver1 ~]# cat /var/log/messages

3.2 在HAProxy上配置日志发送

vim /etc/haproxy/haproxy.cfg

添加：

log 192.168.0.10 local2

重启HAProxy：

systemctl restart haproxy.service

3.3 验证日志接收

在客户端访问：

curl 192.168.58.3

在日志服务器查看：

cat /var/log/messages

日志格式示例：

192.168.0.100 haproxy[31310]: 192.168.58.1:9514 [23/Jan/2026:15:19:06.320] webcluster webcluster/haha 0/0/0/1/1 200 273 - - ---- 1/1/0/0/0 0/0 "GET / HTTP/1.1"

四、HAProxy多进程配置

4.1 查看默认进程状态

pstree -p | grep haproxy

默认显示：

|-haproxy(31439)---haproxy(31441)-+-{haproxy}(31442)

4.2 启用多进程

vim /etc/haproxy/haproxy.cfg

添加：

nbproc 2

重启服务：

systemctl restart haproxy.service

验证：

pstree -p | grep haproxy

显示结果：

|-haproxy(31549)-+-haproxy(31551)

| `-haproxy(31552)

4.3 多进程CPU绑定

vim /etc/haproxy/haproxy.cfg

nbproc 2

cpu-map 1 0

cpu-map 2 1

4.4 为不同进程配置独立socket

停止服务并删除旧socket：

systemctl stop haproxy.service

rm -fr /var/lib/haproxy/stats

配置多个socket：

stats socket /var/lib/haproxy/haproxy1 mode 600 level admin process 1

stats socket /var/lib/haproxy/haporxy2 mode 660 level admin process 2

重启服务：

systemctl restart haproxy.service

查看socket文件：

ll /var/lib/haproxy/

#默认haproxy是单进程
[root@haproxy ~]# pstree -p | grep haproxy
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
[root@haproxy ~]# systemctl restart haproxy.service

#验证
[root@haproxy ~]# pstree -p | grep haproxy

#多进程cpu绑定
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
[root@haproxy ~]# systemctl restart haproxy.service

#为不同进程准备不同套接字
[root@haproxy ~]# systemctl stop haproxy.service
[root@haproxy ~]# rm -fr /var/lib/haproxy/stats
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
[root@haproxy ~]# systemctl restart haproxy.service

#效果
[root@haproxy ~]# ll /var/lib/haproxy/

五、HAProxy多线程配置

5.1 查看当前线程状态

pstree -p | grep haproxy

cat /proc/31744/status | grep Threads

默认显示：Threads: 1

5.2 启用多线程

vim /etc/haproxy/haproxy.cfg

注释掉多进程配置，添加多线程：

#nbproc 2

#cpu-map 1 0

#cpu-map 2 1

nbthread 2

stats socket /var/lib/haproxy/stats

重启服务：

systemctl restart haproxy.service

5.3 验证多线程

pstree -p | grep haproxy

cat /proc/31860/status | grep Threads

显示结果：Threads: 2

#查看当前haproxy的进程信息
[root@haproxy ~]# pstree -p | grep haproxy
 #查看haproxy子进程的线程信息
[root@haproxy ~]# cat /proc/31744/status  | grep Threads

#启用多线程
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
[root@haproxy ~]# systemctl restart haproxy.service

#效果
[root@haproxy ~]# pstree -p | grep haproxy
[root@haproxy ~]# cat /proc/31860/status  | grep Threads

六、Socat热更新工具使用

6.1 安装socat

dnf install socat -y

[root@haproxy ~]# dnf install socat -y
[root@haproxy ~]# socat  -h

6.2 查看服务器状态

echo "show servers state" | socat stdio /var/lib/haproxy/stats

输出示例：

1

be_id be_name srv_id srv_name srv_addr srv_op_state srv_admin_state srv_uweight srv_iweight srv_time_since_last_change srv_check_status srv_check_result srv_check_health srv_check_state srv_agent_state bk_f_forced_id srv_f_forced_id srv_fqdn srv_port srvrecord srv_use_ssl srv_check_port srv_check_addr srv_agent_addr srv_agent_port

2 webcluster 1 haha 192.168.0.10 2 0 1 1 275 6 3 7 6 0 0 0 - 80 - 0 0 - - 0

2 webcluster 2 hehe 192.168.0.20 2 0 1 1 275 6 3 7 6 0 0 0 - 80 - 0 0 - - 0

[root@haproxy ~]# echo "show servers state"  | socat stdio /var/lib/haproxy/stats
1

[root@haproxy ~]# echo "get  weight webcluster/haha" | socat  stdio /var/lib/haproxy/stats
1 (initial 1)

[root@haproxy ~]# echo "get  weight webcluster/hehe" | socat  stdio /var/lib/haproxy/stats
1 (initial 1)

6.3 查看权重

echo "get weight webcluster/haha" | socat stdio /var/lib/haproxy/stats

echo "get weight webcluster/hehe" | socat stdio /var/lib/haproxy/stats

6.4 配置socket权限

vim /etc/haproxy/haproxy.cfg

stats socket /var/lib/haproxy/stats mode 600 level admin

清理并重启：

rm -rf /var/lib/haproxy/*

systemctl restart haproxy.service

6.5 动态修改权重

修改前查看：

echo "get weight webcluster/hehe" | socat stdio /var/lib/haproxy/stats

修改权重：

echo "set weight webcluster/hehe 4" | socat stdio /var/lib/haproxy/stats

修改后查看：

echo "get weight webcluster/hehe" | socat stdio /var/lib/haproxy/stats

测试效果：

for i in {1..10}; do curl 192.168.58.3; done

#直接更改报错
[root@haproxy ~]# echo "set  weight  webcluster/haha 2 " | socat stdio /var/lib/haproxy/stats
Permission denied

#对socket进行授权
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
stats socket /var/lib/haproxy/stats mode 600 level admin

[root@haproxy ~]# rm -rf /var/lib/haproxy/*
[root@haproxy ~]# systemctl restart haproxy.service
[root@haproxy ~]# ll /var/lib/haproxy/

#执行权重更改
[root@haproxy ~]# echo "get  weight webcluster/hehe" | socat  stdio /var/lib/haproxy/stats
1 (initial 1)

[root@haproxy ~]# echo "set  weight  webcluster/hehe 4 " | socat stdio /var/lib/haproxy/stats

[root@haproxy ~]# echo "get  weight webcluster/hehe" | socat  stdio /var/lib/haproxy/stats
4 (initial 1)

#测试
[Administrator.DESKTOP-VJ307M3] ➤ for i in {1..10}; do curl 192.168.58.3; done

七、静态算法实验

7.1 static-rr算法

[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
[root@haproxy ~]# systemctl restart haproxy.service

#测试
[Administrator.DESKTOP-VJ307M3] ➤ for i in {1..10}; do curl 192.168.58.3; done

#检测是否支持热更新
[root@haproxy ~]# echo "get  weight webcluster/haha" | socat  stdio /var/lib/haproxy/stats
2 (initial 2)

[root@haproxy ~]# echo "set  weight  webcluster/haha 1  " | socat stdio /var/lib/haproxy/stats       Backend is using a static LB algorithm and only accepts weights '0%' and '100%'

7.2 first算法

[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
    bind        *:80
    balance     first
    server haha 192.168.0.10:80 maxconn 1 check inter 3s fall 3 rise 5 weight 2
    server hehe 192.168.0.20:80 check inter 3s fall 3 rise 5 weight 1


[root@haproxy ~]# systemctl restart haproxy.service


#测试：在一个shell中执行持续访问
[Administrator.DESKTOP-VJ307M3] ➤ while true; do curl 192.168.58.3; done

#在其他设立了中建立持续访问并观察
Administrator.DESKTOP-VJ307M3] ➤  while true; do curl 192.168.58.3; done
#此处出现10信息

八、动态算法实验

8.1 roundrobin算法

[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
[root@haproxy ~]# systemctl restart haproxy.service

#测试
[Administrator.DESKTOP-VJ307M3] ➤ for i in {1..10}; do curl 192.168.58.3; done


#动态权重更新

[root@haproxy ~]# echo "get  weight webcluster/haha" | socat  stdio /var/lib/haproxy/stats
2 (initial 2)
[root@haproxy ~]# echo "set  weight  webcluster/haha 1  " | socat stdio /var/lib/haproxy/stats       
[root@haproxy ~]# echo "get  weight webcluster/haha" | socat  stdio /var/lib/haproxy/stats
1 (initial 2)

#效果
[Administrator.DESKTOP-VJ307M3] ➤ for i in {1..10}; do curl 192.168.58.3; done

8.2 leastconn算法

[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
    bind        *:80
    balance     leastconn
    server haha 192.168.0.10:80 check inter 3s fall 3 rise 5 weight 2
    server hehe 192.168.0.20:80 check inter 3s fall 3 rise 5 weight 1
    
[root@haproxy ~]# systemctl restart haproxy.service

[Administrator.DESKTOP-VJ307M3] ➤ for i in {1..10}; do curl 192.168.58.3; done
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10

九、混合算法实验

9.1 source算法

9.1.1 静态source算法

vim /etc/haproxy/haproxy.cfg

listen webcluster

bind *:80

balance source

server haha 192.168.0.10:80 check inter 3s fall 3 rise 5 weight 2

server hehe 192.168.0.20:80 check inter 3s fall 3 rise 5 weight 1

重启服务：

systemctl restart haproxy.service

测试：

for i in {1..10}; do curl 192.168.58.3; done

9.1.2 动态source算法（一致性哈希）

vim /etc/haproxy/haproxy.cfg

listen webcluster

bind *:80

balance source

hash-type consistent

server haha 192.168.0.10:80 check inter 3s fall 3 rise 5 weight 2

server hehe 192.168.0.20:80 check inter 3s fall 3 rise 5 weight 1

重启服务：

systemctl restart haproxy.service

测试：

for i in {1..10}; do curl 192.168.58.3; done

9.2 uri算法

9.2.1 准备测试文件

在WebServer1上：

echo RS1 - 192.168.0.10 > /var/www/html/index1.html

echo RS1 - 192.168.0.10 > /var/www/html/index2.html

在WebServer2上：

echo RS2 - 192.168.0.20 > /var/www/html/index1.html

echo RS2 - 192.168.0.20 > /var/www/html/index2.html

9.2.2 配置uri算法

vim /etc/haproxy/haproxy.cfg

listen webcluster

bind *:80

balance uri

hash-type consistent

server haha 192.168.0.10:80 check inter 3s fall 3 rise 5 weight 2

server hehe 192.168.0.20:80 check inter 3s fall 3 rise 5 weight 1

重启服务：

systemctl restart haproxy.service

9.2.3 测试uri算法

访问index.html：

for i in {1..10}; do curl 192.168.58.3/index.html; done

访问index2.html：

for i in {1..10}; do curl 192.168.58.3/index2.html; done

观察结果：相同URI的请求会被分配到同一台服务器

9.3 url_param算法

9.3.1 配置文件

vim /etc/haproxy/haproxy.cfg

listen webcluster

bind *:80

balance url_param name

hash-type consistent

server haha 192.168.0.10:80 check inter 3s fall 3 rise 5 weight 2

server hehe 192.168.0.20:80 check inter 3s fall 3 rise 5 weight 1

重启服务：

systemctl restart haproxy.service

9.3.2 测试url_param算法

使用相同name参数访问：

curl 192.168.58.3/index.html?name=tom

curl 192.168.58.3/index.html?name=tom

使用不同name参数访问：

curl 192.168.58.3/index.html?name=jerry

观察结果：相同name参数的请求会被分配到同一台服务器

十、Cookie会话保持

10.1 开启cookie会话保持

vim /etc/haproxy/haproxy.cfg

listen webcluster

bind *:80

mode http

balance roundrobin

cookie LEECOOKIE insert nocache

server haha 192.168.0.10:80 check inter 3s fall 3 rise 5 weight 1 cookie haha

server hehe 192.168.0.20:80 check inter 3s fall 3 rise 5 weight 1 cookie hehe

重启服务：

systemctl restart haproxy.service

10.2 测试cookie会话保持

第一次访问：

curl -v 192.168.58.3

查看响应头中的cookie信息：

Set-Cookie: LEECOOKIE=haha; path=/

使用cookie访问：

curl -v -b "LEECOOKIE=haha" 192.168.58.3

curl -v -b "LEECOOKIE=hehe" 192.168.58.3

观察结果：带相同cookie的请求会被路由到同一台后端服务器

#配合基于cookie的会话保持方法
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
[root@haproxy ~]# systemctl restart haproxy.service

十一、IP透传

11.1 七层模式IP透传

默认HAProxy七层模式就会把真实IP转发给后端

#实验环境
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
[root@haproxy ~]# systemctl restart haproxy.service

#测试环境

[Administrator.DESKTOP-VJ307M3] ➤ for i in {1..5}
> do
> curl 192.168.58.3
> done


#在rs主机中默认是未开启透传功能的
[root@webserver2 ~]# cat /etc/httpd/logs/access_log

#开启ip透传的方式
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
#在rs中设定采集透传IP
[root@webserver2 ~]#  vim /etc/httpd/conf/httpd.conf
[root@webserver2 ~]# systemctl restart httpd

#测试效果
[root@webserver2 ~]# cat /etc/httpd/logs/access_log

11.2 四层模式IP透传

#环境设置
#在RS中把apache停止
[root@webserver1 ~]# systemctl disable --now httpd
[root@webserver2 ~]# systemctl disable --now httpd

#部署nginx
[root@webserver1 ~]# dnf install nginx -y
[root@webserver2 ~]# dnf install nginx -y
[root@webserver1 ~]# echo RS1 - 192.168.0.10 > /usr/share/nginx/html/index.html
[root@webserver2 ~]# echo RS2 - 192.168.0.20 > /usr/share/nginx/html/index.html
[root@webserver1 ~]# systemctl enable --now nginx
[root@webserver2 ~]# systemctl enable --now nginx

#测环境
[Administrator.DESKTOP-VJ307M3] ➤ for i in {1..5}; do curl 192.168.58.3; done

#启用nginx的四层访问控制
[root@webserver1 ~]# vim /etc/nginx/nginx.conf
[root@webserver2 ~]# vim /etc/nginx/nginx.conf
[root@webserver1 ~]# systemctl restart nginx.service
[root@webserver2 ~]# systemctl restart nginx.service


#测试
Administrator.DESKTOP-VJ307M3] ➤ for i in {1..5}; do curl 192.168.58.3; done

出现上述报错标识nginx只支持四层访问

#设定haproxy访问4层
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
[root@haproxy ~]# systemctl restart haproxy.service

#测试四层访问
[Administrator.DESKTOP-VJ307M3] ➤ for i in {1..5}; do curl 192.168.58.3; done

#设置4层ip透传
[root@webserver1&2 ~]# vim /etc/nginx/nginx.conf
[root@webserver1&2 ~]# systemctl restart nginx.service

#测试
[Administrator.DESKTOP-VJ307M3] ➤ for i in {1..5}; do curl 192.168.58.3; done
[root@webserver1 ~]# cat /var/log/nginx/access.log