Master the principle of Haproxy and build

Haproxy

Fourth floor:

  • LVS: Linux Virtual Server

  • Nginx: after version 1.9

  • HAProxy: High Availability Proxy

Seventh floor:

  • HAProxy

  • Nginx

Hardware:

1. Introduction to haproxy

HAProxy is an open source software developed by French developer Willy tarrau in C language in 2000. It is a TCP and HTTP load balancer with high concurrency (more than 10000) and high performance. It supports cookie based persistence, automatic failover, regular expressions and web state statistics. At present, the latest TLS version is 2.2.

HAProxy is a free, fast and reliable solution that can provide high availability, load balancing and proxy based on TcP and HTTP applications. Hpproxy is very suitable for large concurrent (and more than 1w) web sites, which usually need session persistence or seven layer processing. The running mode of HAProxy makes it easy and safe to integrate into the current architecture, and can protect the web server from being exposed to the network.

Support function

  • TCP and HTTP reverse proxy

  • SSL/TSL server

  • You can add cookie s for HTTP requests to route back-end servers

  • It can balance the load to the back-end server and support persistent connections

  • Support failover of all primary servers to standby servers

  • Support dedicated port to realize monitoring service

  • It supports stopping accepting new connection requests without affecting existing connections

  • HTTP message headers can be added, modified or deleted in both directions

  • Response message compression

  • Support the access control of connection request based on pattern

  • Provide detailed status information for authorized users through a specific URI

2. The main features of haproxy are:

  1. The reliability and stability are very good, which can be comparable to the hardware level F5 load balancing equipment;

  2. Up to 40000-50000 concurrent connections can be maintained at the same time, the maximum number of requests processed per unit time is 20000, and the maximum processing capacity can reach 10Git/s;

  3. It supports up to 8 load balancing algorithms and session maintenance;

  4. Support virtual machine host function, so as to realize web load balancing more flexibly;

  5. Support unique functions such as connection rejection and fully transparent proxy;

  6. Strong ACL support for access control;

  7. Its unique elastic ambiguous tree data structure makes the complexity of the data structure rise to 0 (1), that is, the search speed of the data will not decrease with the increase of the data bar day· Support the keepalive function of the client, reduce the waste of resources caused by multiple handshakes between the client and haproxy, and allow multiple requests to be completed in one tcp connection;

  8. Support TCP acceleration and zero replication, similar to mmap mechanism;

  9. Support response buffering;

  10. Support RDP protocol;

  11. Based on the stickiness of the source, similar to the ip hash function of nginx, requests from the same client are always scheduled to the same upstream server within a certain period of time· Better statistical data interface, and its web interface displays the statistical information of data received, sent, rejected and error of each server in the back-end cluster;

  12. Detailed health status detection. The web interface has the health detection status of the upstream server, and provides some management functions;

  13. Flow based health assessment mechanism;

  14. http based authentication;

  15. Command line based management interface;

  16. Log analyzer, which can analyze logs.

3. There are many haproxy load balancing strategies. There are 8 common ones:

(1) roundrobin, which means simple polling

(2) Static RR, which means according to the weight

(3)leastconn, which means that the least connected person handles it first

(4) source indicates the source IP according to the request

(5) uri, indicating that cdn needs to be used according to the requested URI;

(6) url param indicates that the URl parameter 'balance url param' requires an URL parameter name according to the request

(7) hdr(name), which means that each HTTP request is locked according to the HTTP request header;

(8) RDP cookie(name) means that each TCP request is locked and hashed according to the cookie(name).

4. Differences among LVS, Nginx and HAproxy:

  1. IVS realizes soft load balancing based on Linux operating system, while HAProxy and Nginx realize soft load balancing based on third-party applications;

  2. LVS is a 4-layer IP load balancing technology, which can not realize forwarding based on directory and URL. Both HAProxy and Nginx can implement layer 4 and layer 7 technologies. HAProxy can provide a comprehensive load balancing solution for TCP and HTTP applications;

  3. Because LVs works in the fourth layer of TCP model, its state monitoring function is single, while HAProxy has richer and more powerful functions in state monitoring, and can support port, URI and other state detection methods;

  4. HAProxy is powerful, but its overall performance is lower than IVS load balancing in layer 4 mode.

  5. Ngrinx is mainly used for web servers or cache servers. Although the upstream module of Nginx also supports the cluster function, it does not have strong health check function for cluster nodes, and its performance is not as good as that of Haproxy.

5. Operation steps

Environmental Science:

1. Haproxy Server: 192.168.241.133
2. Nginx Server 1:192.168.241.129
3. Nginx Server 2:192.168.241.136

Configure Nginx server 1: 192.168.59.129

1. #Turn off firewall
systemctl stop firewalld
setenforce 0
 
2. #Install dependency package
yum -y install pcre-devel zlib-devel gcc gcc-c++ make
 
3. #Create new users and groups for easy management
useradd -M -s /sbin/nologin nginx
 
4. #Switch to the opt directory and transfer the downloaded compressed package to extract it
cd /opt
tar -zxf nginx-1.12.0.tar.gz

 

 

5. #Switch to the decompressed directory and compile
cd nginx-1.12.0
 
./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module
 
6. #install
make && make install -j4
 
7. #Make a soft connection and let the system recognize the operation commands of nginx
ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
 
8. #Add nginx command to service
cd /lib/systemd/system
vim nginx.service
#!/bin.bash
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/bin/kill -s HUP $MAINPID
ExecStop=/usr/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target

 

9. #Create site directory
echo "this is 102 web" > /usr/local/nginx/html/index.html 
cat /usr/local/nginx/html/index.html

 

10. #Reload the unit. Start the service
systemctl daemon-reload 
systemctl start nginx
 
11. #Check whether it can start successfully
ss -ntap|grep nginx
http://192.168.241.129/

 

 

Deployment server 2 (192.168.241.133)

1. #Turn off firewall
systemctl stop firewalld
setenforce 0
 
2. #Install dependency package
yum -y install pcre-devel zlib-devel gcc gcc-c++ make
 
3. #Create new users and groups for easy management
useradd -M -s /sbin/nologin nginx
 
4. #Switch to the opt directory and transfer the downloaded compressed package to extract it
cd /opt
tar -zxf nginx-1.12.0.tar.gz

 

 

5. #Switch to the decompressed directory and compile
cd nginx-1.12.0
 
./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module
 
6. #install
make && make install -j4
 
7. #Make a soft connection and let the system recognize the operation commands of nginx
ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
 
8. #Add nginx command to service
cd /lib/systemd/system
vim nginx.service
#!/bin.bash
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/bin/kill -s HUP $MAINPID
ExecStop=/usr/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target

 

 

9. #Create site directory
echo "this is wx666 web" > /usr/local/nginx/html/index.html 
cat /usr/local/nginx/html/index.html

11. #Check whether it can start successfully
ss -ntap|grep nginx
http://192.168.241.133/

 

 

Deploy haproxy server (192.168.241.136)

1. #Close the firewall and transfer the software package required to install Haproxy to the / opt directory
systemctl stop firewalld
setenforce 0
 
 
2. #Install dependent software
yum install -y pcre-devel bzip2-devel gcc gcc-c++ make
 
3. #Unzip the installation package and switch to it
cd /opt
tar zxf haproxy-1.4.24.tar.gz 
cd haproxy-1.4.24/

  

4. #Compile and install Haproxy
make TARGET=linux2628 ARCH=x86_64
make install
####################Parameter description###################
TARGET=linux26 #Kernel version,
#Use uname -r to view the kernel, such as 2.6.18-371.el5. At this time, the parameter is TARGET=linux26; TARGET=linux2628 for kernel greater than 2.6.28
ARCH=x86_64 #System bits, 64 bit system
 
5. #Haproxy server configuration
mkdir /etc/haproxy
cp examples/haproxy.cfg /etc/haproxy/
 
cd /etc/haproxy/
vim haproxy.cfg
global
--4~5 that 's ok--Modify, configure logging, local0 It is a log device and is stored in the system log by default
        log /dev/log   local0 info      
        log /dev/log   local0 notice
        #log loghost    local0 info
        maxconn 4096                    #For the maximum number of connections, consider the ulimit -n limit
--8 that 's ok--notes, chroot The running path is the self-set root directory of the service. Generally, this line needs to be commented out
        #chroot /usr/share/haproxy
        uid 99                          #User UID
        gid 99                          #User GID
        daemon                          #Daemon mode
 
defaults        
        log     global                  #Define log is the log definition in the global configuration
        mode    http                    #The mode is http
        option  httplog                 #Log in http log format
        option  dontlognull             #Do not record health check log information
        retries 3                       #Check the number of failures of the node server. If there are three consecutive failures, the node is considered unavailable
        redispatch                      #When the server load is very high, the connection with the current queue for a long time will be automatically ended
        maxconn 2000                    #maximum connection
        contimeout      5000            #Connection timeout
        clitimeout      50000           #Client timeout
        srvtimeout      50000           #Server timeout
 
--Delete all below listen term--,add to
listen  webcluster 0.0.0.0:80           #Define an application called webcuster
        option httpchk GET /index.html  #Check the index.html file of the server
        balance roundrobin              #The load balancing scheduling algorithm uses the polling algorithm roundrobin
        server inst1 192.168.241.129:80 check inter 2000 fall 3     #Define online nodes
        server inst2 192.168.241.133:80 check inter 2000 fall 3
        
        
        
##########################Parameter description########################
balance roundrobin #Load balancing scheduling algorithm
#Polling algorithm: roundrobin; Minimum connection number algorithm: leastconn; Source access scheduling algorithm: source, which is similar to the IP address of nginx_ hash
 
check inter 2000 #Represents a heartbeat rate between the haproxy server and the node
fall3 #Indicates that the node fails if the heartbeat frequency is not detected for three consecutive times
 If the node is configured with“ backup"This means that this node is only a backup node. This node will only be on if the primary node fails. It does not carry“ backup",Indicates the master node, which provides services together with other master nodes.

6. #Add haproxy system service
cp /opt/haproxy-1.5.18/examples/haproxy.init /etc/init.d/haproxy
cd /etc/init.d/
chmod +x haproxy 
chkconfig --add /etc/init.d/haproxy 
ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy
service haproxy start
 
7. #Test on client
 Open with browser on client http://192.168.241.136/test.html, constantly refresh the browser to test the load balancing effect

 

 

6. Log problem

Haproxy itself does not record the access log of the client. In addition, in order to reduce the server load, haproxy generally does not record the log in production

You can also configure HAProxy to use rsyslog service to record logs to the specified log file

#In the global configuration item definition:
log 127.0.0.1 local{1-7} info #Log to the specified device based on syslog. The levels are (err, warning
info,debug)
listen web_port
 bind 127.0.0.1:80
 mode http
 log global #Enable the log function of the current web_port. The default is not to record the day
 Ambition
 server web1  127.0.0.1:8080 check inter 3000 fall 2 rise 5
  
# systemctl restart haproxy

vim /etc/rsyslog.conf 
$ModLoad imudp
$UDPServerRun 514
......
local3.*   /var/log/haproxy.log
......
# systemctl restart rsyslog
[root@localhost ~]#vim /etc/rsyslog.conf
14 # Provides UDP syslog reception
15 $ModLoad imudp
16 $UDPServerRun 514
# systemctl restart rsyslog
service haproxy restart

Tags: Web Server Linux Operation & Maintenance CentOS haproxy

Posted on Fri, 26 Nov 2021 08:00:25 -0500 by mkr