haproxy做简单web代理

摘要:HAProxy是一款提供高可用性、负载均衡以及基于TCP(第四层)和HTTP(第七层)应用的开源代理软件,支持虚拟主机,可隐藏web服务器。 平台Centos 6.5 x86_64 yum update -y yum install -y haproxy cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bk cat > /etc/

HAProxy是一款提供高可用性、负载均衡以及基于TCP(第四层)和HTTP(第七层)应用的开源代理软件,支持虚拟主机,可隐藏web服务器。

1 (8).jpg

平台Centos 6.5 x86_64

yum update -y

yum install -y haproxy

cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bk

cat > /etc/haproxy/haproxy.cfg<<-EOF
global
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 32768
user haproxy
group haproxy
daemon
ulimit-n 100000
stats socket /var/lib/haproxy/stats

defaults
mode tcp
option dontlognull
retries 3
timeout queue 30s
timeout connect 10s
timeout client 1m
timeout server 1m

frontend ss-in
bind *:408
default_backend ss-out

backend ss-out
server server1 5.7.9.10:408 maxconn 32768
EOF

启动
haproxy -f /etc/haproxy/haproxy.cfg


网络优化

ulimit -n 65535

cat >> /etc/sysctl.conf<<-EOF
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200

net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 80000

net.core.somaxconn = 32768

net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 20

net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216

net.core.netdev_max_backlog = 32768

net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_retries2 = 5

net.ipv4.tcp_mem = 41943040 73400320 94371840
net.ipv4.tcp_max_orphans = 3276800
fs.file-max = 1300000

kernel.printk_ratelimit = 30
kernel.printk_ratelimit_burst = 200
EOF


关闭
killall haproxy


debian7 x86_64 上的安装

echo "deb http://ftp.us.debian.org/debian/ wheezy-backports main" >> /etc/apt/sources.list

apt-get update

apt-get install haproxy

vi /etc/haproxy/haproxy.cfg

global
log 127.0.0.1 local3 err
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 32768
user haproxy
group haproxy
daemon
ulimit-n 100000
stats socket /var/lib/haproxy/stats

defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
option abortonclose
retries 3
timeout http-request 10s
timeout queue 30s
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 32768

frontend http-in
bind *:80
default_backend servers

backend servers
option httpclose
server server1 1.2.3.4:80

frontend mirror_stats
bind *:8808
maxconn 10
log 127.0.0.1 local0
option httplog
stats enable
stats uri /status
stats auth admin:123456
stats hide-version
stats admin if TRUE
stats refresh 30s


启动haproxy -f /etc/haproxy/haproxy.cfg
关闭killall haproxy
查看ps aux | grep haproxy

打开浏览器http://1.2.3.4:8808/status
输入admin:123456即可看到



各参数详解http://blog.csdn.net/dylan_csdn/article/details/51261421

haproxy做https代理


haproxy 本身只提供代理,后端web服务器提供https

只需在/etc/haproxy/haproxy.cfg添加

frontend https_frontend
bind *:443
mode tcp
default_backend web_server

backend web_server
mode tcp
balance roundrobin
stick-table type ip size 200k expire 30m
stick on src
server s1 1.2.3.4:443