目录
- 0x01 操作系统版本及内核版本
- 0x01 下载lua及haproxy源码包
- 0x02 解压缩源码包
- 0x03 编译安装 lua
- 0x03 编译安装 haproxy
- 0x01 添加HAProxy用户和用户组
- 0x02 配置错误页面
- 0x03 配置HAProxy的systemd守护进程服务启动文件
- 0x05 配置 HAProxy的systemd守护进程服务环境变量文件
- 0x06 创建 HAProxy配置文件目录,并添加模板配置
- 0x07 配置HAProxy日志
- 0x08 配置HAProxy日志轮转
- 0x09 配置定时任务
- 0x10 配置文件用户和用户组
- 0x11 启动HAProxy
- 0x12 Web监控界面访问
1. 环境说明
0x01 操作系统版本及内核版本
[root@haproxy ~]# cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
[root@haproxy ~]# uname -a
Linux haproxy 3.10.0-957.10.1.el7.x86_64 #1 SMP Mon Mar 18 15:06:45 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
2. 安装依赖包
# yum install gcc openssl-devel readline-devel systemd-devel make pcre-devel
3. 源码编译安装lua及haproxy
0x01 下载lua及haproxy源码包
提示:haproxy包的下载需要梯子
# curl https://www.lua.org/ftp/lua-5.3.5.tar.gz > lua-5.3.5.tar.gz
# curl http://www.haproxy.org/download/1.9/src/haproxy-1.9.7.tar.gz > haproxy-1.9.7.tar.gz
0x02 解压缩源码包
# tar xf lua-5.3.5.tar.gz
# tar xf haproxy-1.9.7.tar.gz
0x03 编译安装 lua
# cd lua-5.3.5
# make INSTALL_TOP=/usr/local/lua-5.3.5 linux install
0x03 编译安装 haproxy
# cd haproxy-1.9.7
# make USE_NS=1 \
USE_TFO=1 \
USE_OPENSSL=1 \
USE_ZLIB=1 \
USE_LUA=1 \
USE_PCRE=1 \
USE_SYSTEMD=1 \
USE_LIBCRYPT=1 \
USE_THREAD=1 \
TARGET=linux2628 \
LUA_INC=/usr/local/lua-5.3.5/include \
LUA_LIB=/usr/local/lua-5.3.5/lib
# make PREFIX=/usr/local/haproxy-1.9.7 install
4. 配置HAProxy
0x01 添加HAProxy用户和用户组
# groupadd -g 188 haproxy
# useradd -g 188 -u 188 -d /var/lib/haproxy -s /sbin/nologin -c haproxy haproxy
0x02 配置错误页面
注意:拷贝解压后的HAProxy中的源码包中的errorfiles目录下的文件至HAProxy安装后的目录下
# cp -r ~/haproxy-1.9.7/examples/errorfiles/ /usr/local/haproxy-1.9.7/
0x03 配置HAProxy的systemd守护进程服务启动文件
# sudo tee /etc/systemd/system/haproxy-1.9.7.service <<EOF
[Unit]
Description=HAProxy 1.9.7
After=syslog.target network.target
[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/haproxy-1.9.7
ExecStart=/usr/local/haproxy-1.9.7/sbin/haproxy -f \$CONFIG_FILE -p \$PID_FILE \$CLI_OPTIONS
ExecReload=/bin/kill -USR2 \$MAINPID
ExecStop=/bin/kill -USR1 \$MAINPID
[Install]
WantedBy=multi-user.target
EOF
注意:以下配置文件中使用tee命令将内容写入到 /etc/systemd/system/haproxy-1.9.7.service 配置文件中,上述文件内容中的 \ 符号为转义符,若要直接粘贴内容到/etc/systemd/system/haproxy-1.9.7.service文件中,需要去掉转义符号,请使用如下配置
[Unit]
Description=HAProxy 1.9.7
After=syslog.target network.target
[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/haproxy-1.9.7
ExecStart=/usr/local/haproxy-1.9.7/sbin/haproxy -f $CONFIG_FILE -p $PID_FILE $CLI_OPTIONS
ExecReload=/bin/kill -USR2 $MAINPID
ExecStop=/bin/kill -USR1 $MAINPID
[Install]
WantedBy=multi-user.target
EOF
0x05 配置 HAProxy的systemd守护进程服务环境变量文件
sudo tee /etc/sysconfig/haproxy-1.9.7 <<EOF
# Command line options to pass to HAProxy at startup
# The default is:
#CLI_OPTIONS="-Ws"
CLI_OPTIONS="-Ws"
# Specify an alternate configuration file. The default is:
#CONFIG_FILE=/etc/haproxy/haproxy-1.9.7.cfg
CONFIG_FILE=/etc/haproxy/haproxy-1.9.7.cfg
# File used to track process IDs. The default is:
#PID_FILE=/var/run/haproxy-1.9.7.pid
PID_FILE=/var/run/haproxy-1.9.7.pid
EOF
重新加载systemd配置文件
# systemctl daemon-reload
0x06 创建 HAProxy配置文件目录,并添加模板配置
# mkdir /etc/haproxy
# touch /etc/haproxy/haproxy-1.9.7.cfg
将如下配置添加到配置文件中:
global
daemon
maxconn 256
user haproxy
group haproxy
chroot /var/lib/haproxy
log 127.0.0.1 local0 info
log 127.0.0.1 local1 warning
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
errorfile 400 /usr/local/haproxy/errorfiles/400.http
errorfile 403 /usr/local/haproxy/errorfiles/403.http
errorfile 408 /usr/local/haproxy/errorfiles/408.http
errorfile 500 /usr/local/haproxy/errorfiles/500.http
errorfile 502 /usr/local/haproxy/errorfiles/502.http
errorfile 503 /usr/local/haproxy/errorfiles/503.http
errorfile 504 /usr/local/haproxy/errorfiles/504.http
log global
frontend http
bind *:8000
default_backend servers
backend servers
server server 127.0.0.1:80
listen status
bind *:1080
stats refresh 30s
stats uri /status
stats realm HAProxy\ Stats
stats auth admin:admin
0x07 配置HAProxy日志
创建日志目录
# mkdir /var/log/haproxy
为 rsyslog 添加 haproxy 日志的配置
# tee /etc/rsyslog.d/haproxy.conf <<EOF
$ModLoad imudp
$UDPServerRun 514
$FileCreateMode 0644 #日志文件的权限
$FileOwner haproxy #日志文件的owner
local0.* /var/log/haproxy/haproxy.log #local0接口对应的日志输出文件
local1.* /var/log/haproxy/haproxy_warn.log #local1接口对应的日志输出文件
EOF
修改 rsyslog 的启动参数(/etc/sysconfig/rsyslog)
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
SYSLOGD_OPTIONS="-c 2 -r -m 0"
重启 rsyslog
# systemctlrestart rsyslog
0x08 配置HAProxy日志轮转
# tee /etc/logrotate.d/haproxy <<EOF
/var/log/haproxy/*.log {
daily #按天切分
rotate 7 #保留7份
create 0644 haproxy haproxy #创建新文件的权限、用户、用户组
compress #压缩旧日志
delaycompress #延迟一天压缩
missingok #忽略文件不存在的错误
dateext #旧日志加上日志后缀
sharedscripts #切分后的重启脚本只运行一次
postrotate #切分后运行脚本重载rsyslog,让rsyslog向新的日志文件中输出日志
/bin/kill -HUP $(/bin/cat /var/run/syslogd.pid 2>/dev/null) &>/dev/null
endscript
}
EOF
0x09 配置定时任务
# 0 0 * * * /usr/sbin/logrotate /etc/logrotate.d/haproxy
0x10 配置文件用户和用户组
# chown -R haproxy:haproxy /usr/local/haproxy-1.9.7
# chown -R haproxy:haproxy /usr/local/haproxy
# chown -R haproxy:haproxy /var/log/haproxy
# chown -R haproxy:haproxy /var/lib/haproxy
# chown haproxy:haproxy /etc/rsyslog.d/haproxy.conf
# chown haproxy:haproxy /etc/systemd/system/haproxy-1.9.7.service
# chown haproxy:haproxy /etc/logrotate.d/haproxy
# chown haproxy:haproxy /etc/sysconfig/haproxy-1.9.7
0x11 启动HAProxy
# systemctl start haproxy-1.9.7
# systemctl enable haproxy-1.9.7
查看端口
# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6461/sshd
tcp 0 0 0.0.0.0:1080 0.0.0.0:* LISTEN 5184/haproxy
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 6830/master
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 5184/haproxy
tcp6 0 0 :::22 :::* LISTEN 6461/sshd
tcp6 0 0 ::1:25 :::* LISTEN 6830/master
0x12 Web监控界面访问
ip:1080/status