Haproxy具有以下功能:
Haproxy主要支持以下算法:
目前的最新稳定版是1.9,后面使用的均是此版本
导入仓库源并下载 sudo add-apt-repository ppa:vbernat/haproxy-1.9 sudo apt-get update sudo apt install haproxy haproxy -v
分为两大部分
$ cat /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local0 #日志输出配置,所有日志都记录在本机,通过local0输出
log 127.0.0.1 local1 notice #定义haproxy的日志级别,[error warnning notice info debug]
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon #以后台形式运行
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode tcp #有三种[tcp http health],其中health只会返回ok
option tcplog #日志类别
option dontlognull #不记录健康检查日志信息
retries 2 #两次连接失败认为是服务器不可用
timeout connect 5000 #连接超时
timeout client 50000 #客户端超时时间
timeout server 50000 #服务端超时时间
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend ftp-server
bind *:21
default_backend ftp-server-pool
frontend ftp-server-244
bind *:20001-20500
default_backend ftp-port-range-244
frontend ftp-server-245
bind *:20501-30000
default_backend ftp-port-range-245
frontend ftp-server-246
bind *:30001-30500
default_backend ftp-port-range-246
backend ftp-server-pool
balance roundrobin
server ftp-port-range-244 10.1.1.244 check port 21 inter 10s rise 1 fall 2
server ftp-port-range-245 10.1.1.245 check port 21 inter 10s rise 1 fall 2
server ftp-port-range-246 10.1.1.246 check port 21 inter 10s rise 1 fall 2
#check inter 10s 是检测心跳频率
#rise 2 是两次正确认为服务器可用
#fall 2 两次失败认为服务器不可用
backend ftp-port-range-244
server ftp-port-range-244 10.1.1.244 check port 21 inter 10s rise 1 fall 2
backend ftp-port-range-245
server ftp-port-range-245 10.1.1.245 check port 21 inter 10s rise 1 fall 2
backend ftp-port-range-246
server ftp-port-range-246 10.1.1.246 check port 21 inter 10s rise 1 fall 2
启动之前先检查配置文件是否正确
$ haproxy -f /etc/haproxy/haproxy.cfg -c
Configuration file is valid
启动
$ sudo systemctl restart haproxy
参考之前的博客: