HAProxy的高級配置選項-ACL篇之匹配訪問路徑案例

　　　　　　　　　　HAProxy的高級配置選項-ACL篇之匹配訪問路徑案例

　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　作者：尹正傑

版權聲明：原創作品，謝絕轉載！否則將追究法律責任。

 

 

 

 

一.試驗環境概述

1>.操作平台介紹

[root@node101.yinzhengjie.org.cn ~]# uname -r
3.10.0-957.el7.x86_64 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# uname -m x86_64 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# free -h total used free shared buff/cache available Mem: 7.6G 126M 7.4G 8.6M 129M 7.3G Swap: 7.9G 0B 7.9G [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.30.1.101 node101.yinzhengjie.org.cn node101.yinzhengjie.com 172.30.1.102 node102.yinzhengjie.org.cn 172.30.1.103 node103.yinzhengjie.org.cn 172.30.1.104 node104.yinzhengjie.org.cn 172.30.1.105 node105.yinzhengjie.org.cn 172.30.1.106 node106.yinzhengjie.org.cn 172.30.1.107 node107.yinzhengjie.org.cn 172.30.1.108 node108.yinzhengjie.org.cn [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# 

2>.試驗架構說明

　　node102.yinzhengjie.org.cn:
　　　　haproxy服務器

　　node103.yinzhengjie.org.cn:
　　　　Apache httpd模擬靜態數據，如存放的圖片，html,css,javascript等。

　　node104.yinzhengjie.org.cn:
　　　　"Nginx + php環境"模擬動態數據,php程序等。

 

二.部署Nginx服務器處理動態頁面

1>.安裝epel源

2>.安裝nginx和php

3>.修改nginx的配置文件，添加一個匹配php文件的localtion

[root@node104.yinzhengjie.org.cn ~]# vim /etc/nginx/nginx.conf
[root@node104.yinzhengjie.org.cn ~]# 
[root@node104.yinzhengjie.org.cn ~]# egrep -v "^ *#|^$" /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*.conf;
    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;
        include /etc/nginx/default.d/*.conf;
        location / {
        }
        location ~ \.php$ {
            root           html;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
        error_page 404 /404.html;
            location = /40x.html {
        }
        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}
[root@node104.yinzhengjie.org.cn ~]# 
[root@node104.yinzhengjie.org.cn ~]# nginx -t　　　　　　　　　　　　　　#檢查nginx的配置文件是否正確
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node104.yinzhengjie.org.cn ~]#

4>.啟動nginx和php服務

[root@node104.yinzhengjie.org.cn ~]# ss -ntl
State       Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 128 :::22 :::* [root@node104.yinzhengjie.org.cn ~]# [root@node104.yinzhengjie.org.cn ~]# systemctl start nginx php-fpm [root@node104.yinzhengjie.org.cn ~]# [root@node104.yinzhengjie.org.cn ~]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 127.0.0.1:9000 *:* LISTEN 0 128 *:80 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 :::80 :::* LISTEN 0 128 :::22 :::* [root@node104.yinzhengjie.org.cn ~]# [root@node104.yinzhengjie.org.cn ~]# 

5>.創建php的測試頁面,並通過瀏覽器訪問"http://node104.yinzhengjie.org.cn/index.php"

[root@node104.yinzhengjie.org.cn ~]# vim /usr/share/nginx/html/index.php
[root@node104.yinzhengjie.org.cn ~]# [root@node104.yinzhengjie.org.cn ~]# cat /usr/share/nginx/html/index.php <?php phpinfo(); ?> [root@node104.yinzhengjie.org.cn ~]# [root@node104.yinzhengjie.org.cn ~]# 

 

三.部署Apache httpd服務器處理靜態頁面

1>.安裝apache httpd服務器

2>.創建測試數據

[root@node103.yinzhengjie.org.cn ~]# rz　　　　　　　　　　　　　　　　　　　　#隨便上傳一張測試圖片即可

[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# ll
total 120
-rw-r--r-- 1 root root 122026 Dec 16 19:58 02.迪麗熱巴.jfif
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# file 02.迪麗熱巴.jfif 
02.迪麗熱巴.jfif: JPEG image data, JFIF standard 1.01
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# mkdir -pv  /var/www/html/images
mkdir: created directory ‘/var/www/html/images’
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# mv 02.迪麗熱巴.jfif /var/www/html/images/01.jpeg
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# ll -R /var/www/html/
/var/www/html/:
total 0
drwxr-xr-x 2 root root 21 Jan  5 20:15 images

/var/www/html/images:
total 120
-rw-r--r-- 1 root root 122026 Dec 16 19:58 01.jpeg
[root@node103.yinzhengjie.org.cn ~]# 

3>.啟動httpd服務並使用瀏覽器訪問上一步創建的圖片(http://node103.yinzhengjie.org.cn/images/01.jpeg)

[root@node103.yinzhengjie.org.cn ~]# ss -ntl
State       Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 128 :::22 :::* [root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]# systemctl start httpd [root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:80 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 :::22 :::* [root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]# 

 

四.配置haproxy基於訪問路徑匹配案例

1>.編輯haproxy的配置文件

[root@node102.yinzhengjie.org.cn ~]# cat /etc/haproxy/haproxy.cfg
global
    maxconn 100000
    chroot /yinzhengjie/softwares/haproxy
    stats socket /yinzhengjie/softwares/haproxy/haproxy.sock mode 600 level admin
    user haproxy
    group haproxy
    daemon
    nbproc 2
    cpu-map 1 0
    cpu-map 2 1
    nbthread 2
    pidfile /yinzhengjie/softwares/haproxy/haproxy.pid
    log 127.0.0.1 local5 info

defaults
    option http-keep-alive
    option  forwardfor
    option redispatch
    option abortonclose
    maxconn 100000
    mode http
    timeout connect 300000ms
    timeout client  300000ms
    timeout server  300000ms
    errorloc 503 http://node107.yinzhengjie.org.cn/monitor/503.html

listen status_page
    bind 172.30.1.102:8888
    stats enable
    stats uri /haproxy-status
    stats auth    admin:yinzhengjie
    stats realm "Welcome to the haproxy load balancer status page of YinZhengjie"
    stats hide-version
    stats admin if TRUE
    stats refresh 5s

frontend WEB_PORT_80
    bind 172.30.1.102:80
    mode http
    #定義ACL匹配所有以".php"結尾的文件的php程序
    acl php_server path_end -i .php
    #將php的請求交給nginx服務器去處理.
    use_backend nginx_php if php_server
    #定義ACL匹配所有訪問路徑
    acl static_path path_beg -i /static /images /javascript
    #將圖片的請求交給httpd服務器去處理.
    use_backend apache_httpd if static_path
    default_backend backup_web

backend nginx_php
    server web04 172.30.1.104:80  check inter 3000 fall 3 rise 5

backend apache_httpd
    server web03 172.30.1.103:80  check inter 3000 fall 3 rise 5

backend backup_web
    server web03 172.30.1.108:80  check inter 3000 fall 3 rise 5 
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# systemctl restart haproxy　　　　　　　　　　　　　　#別忘記重啟haproxy使得配置文件生效喲~
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# 

2>.查看haproxy的監聽端口和進程信息

[root@node102.yinzhengjie.org.cn ~]# ss -ntl
State       Recv-Q Send-Q                           Local Address:Port                                          Peer Address:Port              
LISTEN      0      128                               172.30.1.102:80                                                       *:*                  
LISTEN      0      128                                          *:22                                                       *:*                  
LISTEN      0      128                               172.30.1.102:8888                                                     *:*                  
LISTEN      0      128                                         :::22                                                      :::*                  
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# ps -ef | grep haproxy | grep -v grep
root     20587     1  0 20:09 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
haproxy  20589 20587  0 20:09 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
haproxy  20590 20587  0 20:09 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# 

3>.查看haproxy的狀態頁(http://node102.yinzhengjie.org.cn:8888/haproxy-status)

 

五.驗證haproxy的配置

1>.瀏覽器訪問haproxy的地址:"http://node102.yinzhengjie.org.cn/index.php",如下圖所示    

2>.瀏覽器訪問haproxy的地址:"http://node102.yinzhengjie.org.cn/images/01.jpeg",如下圖所示