HAProxy是一款提供高可用性、负载均衡以及基于TCP(第四层)和HTTP(第七层)应用的开源代理软件,支持虚拟主机,可隐藏web服务器。
创新互联公司专注于昔阳网站建设服务及定制,我们拥有丰富的企业做网站经验。 热诚为您提供昔阳营销型网站建设,昔阳网站制作、昔阳网页设计、昔阳网站官网定制、小程序制作服务,打造昔阳网络公司原创品牌,更为您提供昔阳网站排名全网营销落地服务。平台Centos 6.5 x86_64
yum update -y
yum install -y haproxy
cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bk
cat > /etc/haproxy/haproxy.cfg<<-EOF
global
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 32768
user haproxy
group haproxy
daemon
ulimit-n 100000
stats socket /var/lib/haproxy/stats
defaults
mode tcp
option dontlognull
retries 3
timeout queue 30s
timeout connect 10s
timeout client 1m
timeout server 1m
frontend ss-in
bind *:408
default_backend ss-out
backend ss-out
server server1 5.7.9.10:408 maxconn 32768
EOF
启动
haproxy -f /etc/haproxy/haproxy.cfg
网络优化
ulimit -n 65535
cat >> /etc/sysctl.conf<<-EOF
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 80000
net.core.somaxconn = 32768
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 20
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.core.netdev_max_backlog = 32768
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_mem = 41943040 73400320 94371840
net.ipv4.tcp_max_orphans = 3276800
fs.file-max = 1300000
kernel.printk_ratelimit = 30
kernel.printk_ratelimit_burst = 200
EOF
关闭
killall haproxy
debian7 x86_64 上的安装
echo "deb http://ftp.us.debian.org/debian/ wheezy-backports main" >> /etc/apt/sources.list
apt-get update
apt-get install haproxy
vi /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local3 err
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 32768
user haproxy
group haproxy
daemon
ulimit-n 100000
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
option abortonclose
retries 3
timeout http-request 10s
timeout queue 30s
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 32768
frontend http-in
bind *:80
default_backend servers
backend servers
option httpclose
server server1 1.2.3.4:80
frontend mirror_stats
bind *:8808
maxconn 10
log 127.0.0.1 local0
option httplog
stats enable
stats uri /status
stats auth admin:123456
stats hide-version
stats admin if TRUE
stats refresh 30s
启动haproxy -f /etc/haproxy/haproxy.cfg
关闭killall haproxy
查看ps aux | grep haproxy
打开浏览器http://1.2.3.4:8808/status
输入admin:123456即可看到
各参数详解http://blog.csdn.net/dylan_csdn/article/details/51261421
haproxy做https代理
haproxy 本身只提供代理,后端web服务器提供https
只需在/etc/haproxy/haproxy.cfg添加
frontend https_frontend
bind *:443
mode tcp
default_backend web_server
backend web_server
mode tcp
balance roundrobin
stick-table type ip size 200k expire 30m
stick on src
server s1 1.2.3.4:443