openresty用haproxy2.0实现负载均衡
安装openresty
编译安装
yum install pcre-devel openssl-devel gcc curl wget
wget https://openresty.org/download/openresty-1.15.8.3.tar.gz
tar -xzvf openresty-1.15.8.3.tar.gz
cd openresty-1.15.8.3
./configure
gmake
gmake install
yum 安装
yum install -y wget
wget -O /etc/yum.repos.d/openresty.repo https://openresty.org/package/centos/openresty.repo
yum install -y openresty openresty-resty
#默认安装编译参数检查
[root@localhost openresty-1.15.8.3]# openresty -V
nginx version: openresty/1.15.8.3
built by gcc 8.3.1 20190311 (Red Hat 8.3.1-3) (GCC)
built with OpenSSL 1.1.0l 10 Sep 2019
TLS SNI support enabled
configure arguments: --prefix=/usr/local/openresty/nginx --with-cc-opt='-O2 -DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/zlib/include -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl/include' --add-module=../ngx_devel_kit-0.3.1rc1 --add-module=../echo-nginx-module-0.61 --add-module=../xss-nginx-module-0.06 --add-module=../ngx_coolkit-0.2 --add-module=../set-misc-nginx-module-0.32 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.08 --add-module=../srcache-nginx-module-0.31 --add-module=../ngx_lua-0.10.15 --add-module=../ngx_lua_upstream-0.07 --add-module=../headers-more-nginx-module-0.33 --add-module=../array-var-nginx-module-0.05 --add-module=../memc-nginx-module-0.19 --add-module=../redis2-nginx-module-0.15 --add-module=../redis-nginx-module-0.3.7 --add-module=../ngx_stream_lua-0.0.7 --with-ld-opt='-Wl,-rpath,/usr/local/openresty/luajit/lib -L/usr/local/openresty/zlib/lib -L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl/lib -Wl,-rpath,/usr/local/openresty/zlib/lib:/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl/lib' --with-cc='ccache gcc -fdiagnostics-color=always' --with-pcre-jit --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_v2_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module --with-http_realip_module --with-http_addition_module --with-http_auth_request_module --with-http_secure_link_module --with-http_random_index_module --with-http_gzip_static_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-threads --with-compat --with-stream --with-stream_ssl_preread_module --with-http_ssl_module
#安装php
yum install php-fpm php-mysql php-xml php -y
systemctl enable php-fpm.service --now
#虚拟站点配置文件
[root@localhost conf]# cat /usr/local/openresty/nginx/test/index.php
echo hellowld
<h1>yayayayayale</h1>
[root@localhost conf]# cat /usr/local/openresty/nginx/conf.d/php.conf
server {
#监听端口
listen 801;
#网站根目录
root /usr/local/openresty/nginx/test;
#虚拟主机名称
server_name 192.168.168.21;
#网站主页排序
index index.php index.html index.htm default.php default.htm default.html;
#网站访问、错误日志
access_log /usr/local/openresty/nginx/test/test.access.log;
error_log /usr/local/openresty/nginx/logs/test/test.error.log;
#流量限制(网站最大并发数500|单IP访问最大并发数50|每个请求流量上限1024KB)
#limit_conn perserver 500;
#limit_conn perip 50;
#limit_rate 1024k;
#配置错误页面
#error_page 404 /404.html;
#error_page 500 502 503 504 /50x.html;
#禁止访问文件和目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md) {
return 404;
}
#配置资源防盗链
location ~ .*\.(jpg|jpeg|gif|png|js|css)$ {
expires 30d;
access_log /dev/null;
valid_referers none blocked 192.168.168.21;
if ($invalid_referer) {
return 404;
}
}
#配置图片资源缓存时间
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
expires 30d;
error_log off;
access_log /dev/null;
}
#设置样式资源缓存时间
location ~ .*\.(js|css)?$ {
expires 12h;
error_log off;
access_log /dev/null;
}
#解析PHP
location ~* \.php$ {
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
#主配置文件
[root@localhost conf]# cat /usr/local/openresty/nginx/conf/nginx.conf
#user nobody;
worker_processes 1;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
#加载虚拟主机配置文件
include /usr/local/openresty/nginx/conf.d/*.conf;
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
log_format json '{"@timestamp":"$time_iso8601",'
'"@version":"1",'
'"client":"$remote_addr",'
'"url":"$uri",'
'"status":"$status",'
'"domain":"$host",'
'"host":"$server_addr",'
'"size":"$body_bytes_sent",'
'"responsentime":"$request_time",'
'"referer":"$http_referer",'
'"useragent":"$http_user_agent",'
'"upstreampstatus":"$upstream_status",'
'"upstreamaddr":"$upstream_addr",'
'"upstreamresponsetime":"$upstream_response_time"'
'}';
access_log logs/access_json.log json;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index1.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
安装haproxy
1.1需要先安装lua5.3版本,否则后面后报错
curl -R -O http://www.lua.org/ftp/lua-5.3.5.tar.gz
yum install readline-devel gcc -y
tar zxvf lua-5.3.5.tar.gz
cd lua-5.3.5
make linux
make INSTALL_TOP=/usr/local/lua install
yum install systemd-devel wget openssl openssl-devel -y
1.2部署haproxy。
cdwget https://www.haproxy.org/download/2.0/src/haproxy-2.0.1.tar.gztar zxvf haproxy-2.0.1.tar.gz
cd haproxy-2.0.1
make -j $(nproc) TARGET=linux-glibc USE_OPENSSL=1 USE_ZLIB=1 USE_LUA=1 LUA_LIB=/usr/local/lua/lib/ LUA_INC=/usr/local/lua/include/ USE_PCRE=1 USE_SYSTEMD=1
make install PREFIX=/usr/local/haproxycd
1.3创建运行用户(应该也可忽略,只是使用该用户运行,加强安全而已。我一般是直接使用root用户运行)
useradd haproxy -s /sbin/nologin
1.4创建配置文件haproxy.cfg。在安装目录/usr/local/hadproxy下新建haproxy.cfg
global #全局设置
daemon #以后台进程运行
maxconn 256 #每个进程的最大连接数
nbproc 1 #进程数,该值可以设置小于或等于cpu核心数
balance roundrobin #默认的负载均衡的方式,轮询方式
#balance source #默认的负载均衡的方式,类似nginx的ip_hash
#balance leastconn #默认的负载均衡的方式,最小连接
defaults #默认设置
mode http #设置http(七层模式),也可设置为tcp(四层模式),另外还有一个Health健康监测模式。对mysql进行负载均衡的话,这里记得修改为tcp
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen admin_stats #配置haproxy管理页面
bind *:9999 #访问端口为9999
mode http
option httplog
stats refresh 30s #自动刷新时间
stats uri /stats #项目名为status,ip+端口+项目名即可访问
stats auth admin:admin #配置管理用户账号密码
stats admin if TRUE
stats hide-version
frontend http-in #配置前端访问端口
bind *:1080 #通过该端口进行负载均衡
default_backend servers #指定后端服务器
backend servers
server server1 172.16.1.230:80 check inter 2000 rise 3 fall 3 weight 1 maxconn 32
#建议加上check,否则后台服务器A宕机了,负载均衡还会把请求发送到该宕机服务器上,inter 2000指check检测时间为2000毫秒,rise 3检测3次均正常则表示后天服务器正常,fall 3检测3次失败,则会把该后天服务器标志宕机,不再玩该后台服务器发送请求,weight 1指权重,取消weight改为backup,则是所有后台服务器宕机后才会启用该backup后台服务器
server server2 172.16.1.227:80 check inter 2000 rise 3 fall 3 weight 1 maxconn 32
#参考yum 安装的配置文件
[root@node2 haproxy]# cat /etc/haproxy/haproxy.cfg |grep -v "^#"
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend main *:5000
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
backend static
balance roundrobin
server static 127.0.0.1:4331 check
backend app
balance roundrobin
server app1 127.0.0.1:5001 check
server app2 127.0.0.1:5002 check
server app3 127.0.0.1:5003 check
server app4 127.0.0.1:5004 check
1.5使用指定配置文件运行haproxy。建议都haproxy和hadproxy.cfg都使用绝对路径
#/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg
1.6验证安装的haproxy版本
[root@localhost ~]# /usr/local/haproxy/sbin/haproxy -v
HA-Proxy version 2.0.1 2019/06/26 - https://haproxy.org/
1.7配置开机自启
#修改haproxy cfg
[root@localhost haproxy]# cat /usr/local/haproxy/haproxy.cfg
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /usr/local/haproxy
pidfile /usr/local/haproxy/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /usr/local/haproxy/socket
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend main
bind 0.0.0.0:8000
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
backend static
balance roundrobin
server static 127.0.0.1:4331 check
backend app
balance roundrobin
server app1 127.0.0.1:80 check
server app2 127.0.0.1:801 check
#server app3 127.0.0.1:5003 check
#server app4 127.0.0.1:5004 check
[root@localhost haproxy]#
[root@localhost haproxy]# cat /usr/lib/systemd/system/haproxy.service
[Unit]
Description=haporxy load bulancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg -c -q
ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /usr/local/haproxy/haproxy.cfg -p /usr/local/haproxy/haproxy.pid
ExecReload=/bin/kill -USER2 $MAINPID
[Install]
WantedBy=multi-user.target
systemctl enable haproxy --now
1.8测试效果
其中228的80端口上我启用了httpd,页面内容为this is 228.另外一台230上的80端口也是httpd,页面为默认内容。使用谷歌浏览器访问172.16.1.227,每次刷新的内容都和上一次不一样
curl 127.0.0.1:8000
[root@localhost haproxy]# curl 192.168.1.119:8000
<!DOCTYPE html>
<html>
<head>
<title>Welcome to OpenResty!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to OpenResty!</h1>
<p>If you see this page, the OpenResty web platform is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="https://openresty.org/">openresty.org</a>.<br/>
Commercial support is available at
<a href="https://openresty.com/">openresty.com</a>.</p>
<p><em>Thank you for flying OpenResty.</em></p>
</body>
</html>
[root@localhost haproxy]# curl 192.168.1.119:8000
echo hellowld
<h1>yayayayayale</h1>
openresty用haproxy2.0实现负载均衡的更多相关文章
- spring boot 2.0 ribbon 负载均衡配置
1.pom.xml <dependency> <groupId>org.springframework.cloud</groupId> <artifactId ...
- 使用Docker快速创建.Net Core2.0 Nginx负载均衡节点
本文版权归博客园和作者吴双本人共同所有 转载和爬虫请注明原文地址 www.cnblogs.com/tdws 一.Self-Host Kestrel 1. 在vs2017中新建dotnet core2. ...
- nginx1.14.0版本负载均衡配置
upstream配置: upstream upstream1 { server 192.168.10.130:8080; server 192.168.10.140:8080; #server 192 ...
- 【架构师之路】Nginx负载均衡与反向代理—《亿级流量网站架构核心技术》
本篇摘自<亿级流量网站架构核心技术>第二章 Nginx负载均衡与反向代理 部分内容. 当我们的应用单实例不能支撑用户请求时,此时就需要扩容,从一台服务器扩容到两台.几十台.几百台.然而,用 ...
- 搞懂分布式技术9:Nginx负载均衡原理与实践
搞懂分布式技术9:Nginx负载均衡原理与实践 本篇摘自<亿级流量网站架构核心技术>第二章 Nginx负载均衡与反向代理 部分内容. 当我们的应用单实例不能支撑用户请求时,此时就需要扩容, ...
- 《nginx 三》实现nginx的动态负载均衡——实战
Http动态负载均衡 什么是动态负载均衡 传统的负载均衡,如果Upstream参数发生变化,每次都需要重新加载nginx.conf文件, 因此扩展性不是很高,所以我们可以采用动态负载均衡,实现Upst ...
- Nginx(四) nginx+consul+upasync 在ubnutu18带桌面系统 实现动态负载均衡
1.1 什么是动态负载均衡 传统的负载均衡,如果Upstream参数发生变化,每次都需要重新加载nginx.conf文件,因此扩展性不是很高,所以我们可以采用动态负载均衡,实现Upstream可配置化 ...
- 【Nginx】基于Consul+Upsync+Nginx实现动态负载均衡
一.Http动态负载均衡 什么是动态负载均衡 动态负载均衡实现方案 常用服务器注册与发现框架 二.Consul快速入门 Consul环境搭建 三.nginx-upsync-module nginx-u ...
- Nginx负载均衡与反向代理—《亿级流量网站架构核心技术》
当我们的应用单实例不能支撑用户请求时,此时就需要扩容,从一台服务器扩容到两台.几十台.几百台.然而,用户访问时是通过如http://www.XX.com的方式访问,在请求时,浏览器首先会查询DNS服务 ...
随机推荐
- 性能测试之服务器监控和Prometheus推荐
服务器的监控,也是采用Prometheus和Grafana.可以监控服务器系统负载.CPU使用率.网络流量.磁盘使用率.磁盘读写速度.IO耗时.网络信息. 效果图 安装使用 安装启动node_expo ...
- 深入理解JS:执行上下文中的this(一)
目录 执行上下文与执行上下文栈 this 全局环境 函数环境 总结 参考 1.执行上下文与执行上下文栈 (1)什么是执行上下文? 在 JavaScript 代码运行时,解释执行全局代码.调用函数或使用 ...
- 【C++】常量
注意:以下内容摘自文献[1],修改了部分内容. 1.常量:常量的值是不能改变的,一般从其字面形式即可判别是否为常量. 2.常量包括数值型常量(即常数)和字符型常量. 3.常量无unsigned型.但一 ...
- 设计Person类 代码参考
#include <iostream> using namespace std; class Trapezium { private: int x1,y1,x2,y2,x3,y3,x4,y ...
- win10系统下计算器界面变成英文的解决方法
标题: win10系统下计算器界面变成英文的解决方法 作者: 梦幻之心星 347369787@QQ.com 标签: [win10, 计算器, 英文] 目录: 软件 日期: 2019-04-20 目录 ...
- Springboot之actuator未授权访问
copy 子杰的哈,懒的写了 0x01 未授权访问可以理解为需要授权才可以访问的页面由于错误的配置等其他原因,导致其他用户可以直接访问,从而引发各种敏感信息泄露. 0x02 Spring Boot ...
- sqlmap tamper脚本备忘录与tamper脚本编写
查看sqlmap全部脚本 $ python sqlmap.py --list-tampers 使用方法 --tamper=TAMPER 2019.9更新后翻译 * apostrophemask.py- ...
- ES6-解析赋值
1.注意事项 A.左右两边结构必须一样 B.右边必须是个东西 C.声明和赋值不能分开(必须在一句话里完成) 2.代码如下 <!DOCTYPE html> <html lang=&qu ...
- jQuery-DOM增删查改
1.绑定事件 $().事件名(function(){功能}) 事件名:鼠标事件 键盘事件 表单事件 事件委托:$().on('事件名',#####'target',function(){功能}) 额外 ...
- eclipse中的Invalid text string (xxx).
这个是说明在eclipse中引用HTML的时候,语法出现了不规范的错误 可以到https://www.w3school.com.cn/index.html里面找找对应对象的问题 我之前就是option ...