haproxy acl 规则
2012-06-04 09:49:46
标签:linux 负载均衡 acl haproxy lb
原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://dngood.blog.51cto.com/446195/886547
haproxy acl 规则
1 按请求的主机头(名)负载
cat haproxy.cfg
global
log 127.0.0.1 local1
maxconn 65000 #最大连接数
chroot /usr/local/haproxy #安装目录
uid 99 #用户haproxy
gid 99 #组haproxy
daemon #守护进程运行
nbproc 1 #进程数量
pidfile /usr/local/haproxy/logs/haproxy.pid #haproxy pid
defaults
log global
mode http #7层 http;4层tcp
option httplog #http 日志格式
option httpclose #主动关闭http通道
option redispatch #serverId对应的服务器挂掉后,强制定向到其他健康的服务器
option forwardfor
option dontlognull
maxconn 50000 #最大连接数
contimeout 5000 #连接超时(毫秒)
clitimeout 50000 #客户端超时(毫秒)
srvtimeout 50000 #服务器超时(毫秒)
#errorfile 502 /usr/local/haproxy/html/maintain.html
#errorfile 503 /usr/local/haproxy/html/maintain.html
#errorfile 504 /usr/local/haproxy/html/maintain.html
frontend test.com #定义前端服务器(haproxy)
bind *:80 #监听地址
acl web-client path_beg -i /vsphere-client
acl bbs hdr_reg(host) -i ^(bbs.test.com|shequ.test.com|forum)
acl monitor hdr_beg(host) -i monitor.test.com #定义ACL名称,对应的请求的主机头是monitor.test.com
acl www hdr_beg(host) -i
use_backend cache.test.com if static
use_backend monitor.test.com if bbs or monitor
use_backend if www
use_backend vsphere-client if web-client
default_backend #指定默认的后端服务器
backend monitor.test.com #定义后端服务器群(web server/apache/nginx/iis..)
mode http
option forwardfor #后端服务器(apache/nginx/iis/*),从Http Header中获得客户端IP
balance leastconn #负载均衡的方式,最小连接
cookie SERVERID #插入serverid到cookie中,serverid后面可以定义
option httpchk HEAD /check.html #用来做健康检查html文档
#option httpchk HEAD /index.php HTTP/1.1\r\nHost:monitor.test.com #HTTP && Host
server server1 10.0.100.70:80 cookie server1 check inter 2000 rise 3 fall 3 weight 3
#服务器定义:
#cookie server1表示serverid为server1;
#check inter 2000 是检测心跳频率(check 默认 );
#rise 3 表示 3次正确认为服务器可用;
#fall 3 表示 3次失败认为服务器不可用;
#weight 表示权重。
backend
mode http
option forwardfor
balance roundrobin #负载均衡的方式,轮询方式
cookie SERVERID
option httpchk HEAD /check.html
server server1 10.0.100.71:80 cookie server1 check inter 2000 rise 3 fall 3 weight 3
backend vsphere-client
mode http
option forwardfor header ORIG_CLIENT_IP
balance roundrobin
server server1 10.0.100.81:80 redir check inter 2000 rise 3 fall 3 weight 3
backend cache.test.com
option forwardfor
#balance uri len 15 #url hash
balance roundrobin
server server1 10.0.100.73:80 check inter 2000 rise 3 fall 3 weight 3
server server2 10.0.100.75:80 check inter 2000 rise 3 fall 3 weight 3
listen admin_stat #status
bind 0.0.0.0:8080 #监听端口
mode http #http的7层模式
stats refresh 30s #统计页面自动刷新时间
stats uri /haproxy_stats_url #统计页面URL
stats realm Haproxy\ Statistics #统计页面密码框上提示文本
stats auth admin:admin #统计页面用户名和密码设置
stats hide-version #隐藏统计页面上HAProxy的版本信息
stats admin if TRUE #手工启用/禁用,后端服务器
2 其它acl 规则
###########acl 开始了############
acl bbs hdr_reg(host) -i ^(bbs.test.com|forum.test.com) #使用正则匹配
acl bbs_path path_beg -i /bbs #url 目录
acl youxi path_beg -i /youxi
acl static path_end -i .html .css .js #url 结尾文件
acl php path_end -i .php
acl jsp path_end -i .jsp .do
use_backend bbs_pool if bbs or bbs_path #注意 "or"
use_backend youxi_pool if youxi
use_backend static_pool if static
use_backend php_pool if php
use_backend jsp_pool if jsp
default_backend
###########acl 结束了############
#acl 参数
acl(关键字) 定义acl(名称) 方法 -i (忽略大小写) [匹配的路径或文件]
hdr_beg(host)
hdr_reg(host)
path_beg
path_end
3 use_backend 参数
or 用于匹配多个acl 名称
default_backend 没有满足条件的时候使用默认的后端服务器
参考1
http://chiahu.com/blog/?p=532
参考2
(404 了囧)
http://jk409.blog.51cto.com/406667/764782 (感谢google)
#20120610
haproxy 重定向url (301)
acl web-client path_beg -i /vsphere-client
use_backend vsphere-client if web-client
backend vsphere-client
mode http
option forwardfor header ORIG_CLIENT_IP
balance roundrobin
option httpchk HEAD /check.html
server server1 10.0.100.81:80 redir check inter 2000 rise 3 fall 3 weight 3
测试192.168.57.82 为 haproxy ,192.168.57.81 为 https server
curl -ILv
* About to connect() to 192.168.57.82 port 80 (#0)
* Trying 192.168.57.82... connected
* Connected to 192.168.57.82 (192.168.57.82) port 80 (#0)
> HEAD /vsphere-client HTTP/1.1
> User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3
> Host: 192.168.57.82
> Accept: */*
>
< HTTP/1.1 302 Found
HTTP/1.1 302 Found
< Cache-Control: no-cache
Cache-Control: no-cache
< Content-length: 0
Content-length: 0
< Location: /vsphere-client
Location: /vsphere-client
< Connection: close
Connection: close
<
* Closing connection #0
* Issue another request to this URL: '/vsphere-client'
* About to connect() to 192.168.57.81 port 443 (#0)
* Trying 192.168.57.81... connected
* Connected to 192.168.57.81 (192.168.57.81) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0
结束
更多欢迎到此讨论:
37275208
本文出自 “dongnan” 博客,请务必保留此出处http://dngood.blog.51cto.com/446195/886547
阅读(2149) | 评论(0) | 转发(0) |