HAProxy的高级配置选项-ACL篇之匹配访问路径案例-阿里云开发者社区

作者：尹正杰
版权声明：原创作品，谢绝转载！否则将追究法律责任。

一.试验环境概述

1>.操作平台介绍

[root@node101.yinzhengjie.org.cn ~]# uname -r
3.10.0-957.el7.x86_64
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# uname -m
x86_64
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core) 
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# free -h
              total        used        free      shared  buff/cache   available
Mem:           7.6G        126M        7.4G        8.6M        129M        7.3G
Swap:          7.9G          0B        7.9G
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

172.30.1.101 node101.yinzhengjie.org.cn node101.yinzhengjie.com
172.30.1.102 node102.yinzhengjie.org.cn
172.30.1.103 node103.yinzhengjie.org.cn
172.30.1.104 node104.yinzhengjie.org.cn
172.30.1.105 node105.yinzhengjie.org.cn
172.30.1.106 node106.yinzhengjie.org.cn
172.30.1.107 node107.yinzhengjie.org.cn
172.30.1.108 node108.yinzhengjie.org.cn
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]#

2>.试验架构说明

　　node102.yinzhengjie.org.cn:
　　　　haproxy服务器

　　node103.yinzhengjie.org.cn:
　　　　Apache httpd模拟静态数据，如存放的图片，html,css,javascript等。  
　　node104.yinzhengjie.org.cn:
　　　　"Nginx + php环境"模拟动态数据,php程序等。

二.部署Nginx服务器处理动态页面

1>.安装epel源

[root@node104.yinzhengjie.org.cn ~]# yum -y install epel-release

2>.安装nginx和php

[root@node104.yinzhengjie.org.cn ~]# yum -y install nginx php-fpm

3>.修改nginx的配置文件，添加一个匹配php文件的localtion

[root@node104.yinzhengjie.org.cn ~]# vim /etc/nginx/nginx.conf
[root@node104.yinzhengjie.org.cn ~]# 
[root@node104.yinzhengjie.org.cn ~]# egrep -v "^ *#|^$" /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*.conf;
    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;
        include /etc/nginx/default.d/*.conf;
        location / {
        }
        location ~ \.php$ {
            root           html;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
        error_page 404 /404.html;
            location = /40x.html {
        }
        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}
[root@node104.yinzhengjie.org.cn ~]# 
[root@node104.yinzhengjie.org.cn ~]# nginx -t　　　　　　　　　　　　　　#检查nginx的配置文件是否正确
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node104.yinzhengjie.org.cn ~]#

4>.启动nginx和php服务

[root@node104.yinzhengjie.org.cn ~]# ss -ntl
State       Recv-Q Send-Q     Local Address:Port                    Peer Address:Port              
LISTEN      0      128                    *:22                                 *:*                  
LISTEN      0      128                   :::22                                :::*                  
[root@node104.yinzhengjie.org.cn ~]# 
[root@node104.yinzhengjie.org.cn ~]# systemctl start nginx php-fpm
[root@node104.yinzhengjie.org.cn ~]# 
[root@node104.yinzhengjie.org.cn ~]# ss -ntl
State       Recv-Q Send-Q     Local Address:Port                    Peer Address:Port              
LISTEN      0      128            127.0.0.1:9000                               *:*                  
LISTEN      0      128                    *:80                                 *:*                  
LISTEN      0      128                    *:22                                 *:*                  
LISTEN      0      128                   :::80                                :::*                  
LISTEN      0      128                   :::22                                :::*                  
[root@node104.yinzhengjie.org.cn ~]# 
[root@node104.yinzhengjie.org.cn ~]#

5>.创建php的测试页面,并通过浏览器访问"http://node104.yinzhengjie.org.cn/index.php"

[root@node104.yinzhengjie.org.cn ~]# vim /usr/share/nginx/html/index.php
[root@node104.yinzhengjie.org.cn ~]# 
[root@node104.yinzhengjie.org.cn ~]# cat /usr/share/nginx/html/index.php
<?php
    phpinfo();
?>
[root@node104.yinzhengjie.org.cn ~]# 
[root@node104.yinzhengjie.org.cn ~]#

三.部署Apache httpd服务器处理静态页面

1>.安装apache httpd服务器

[root@node103.yinzhengjie.org.cn ~]# yum -y install httpd

2>.创建测试数据

[root@node103.yinzhengjie.org.cn ~]# rz　　　　　　　　　　　　　　　　　　　　#随便上传一张测试图片即可

[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# ll
total 120
-rw-r--r-- 1 root root 122026 Dec 16 19:58 02.迪丽热巴.jfif
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# file 02.迪丽热巴.jfif 
02.迪丽热巴.jfif: JPEG image data, JFIF standard 1.01
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# mkdir -pv  /var/www/html/images
mkdir: created directory ‘/var/www/html/images’
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# mv 02.迪丽热巴.jfif /var/www/html/images/01.jpeg
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# ll -R /var/www/html/
/var/www/html/:
total 0
drwxr-xr-x 2 root root 21 Jan  5 20:15 images

/var/www/html/images:
total 120
-rw-r--r-- 1 root root 122026 Dec 16 19:58 01.jpeg
[root@node103.yinzhengjie.org.cn ~]#

3>.启动httpd服务并使用浏览器访问上一步创建的图片(http://node103.yinzhengjie.org.cn/images/01.jpeg)

[root@node103.yinzhengjie.org.cn ~]# ss -ntl
State       Recv-Q Send-Q     Local Address:Port                    Peer Address:Port              
LISTEN      0      128                    *:22                                 *:*                  
LISTEN      0      128                   :::22                                :::*                  
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# systemctl start httpd
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# ss -ntl
State       Recv-Q Send-Q     Local Address:Port                    Peer Address:Port              
LISTEN      0      128                    *:80                                 *:*                  
LISTEN      0      128                    *:22                                 *:*                  
LISTEN      0      128                   :::22                                :::*                  
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]#

四.配置haproxy基于访问路径匹配案例

1>.编辑haproxy的配置文件

[root@node102.yinzhengjie.org.cn ~]# cat /etc/haproxy/haproxy.cfg
global
    maxconn 100000
    chroot /yinzhengjie/softwares/haproxy
    stats socket /yinzhengjie/softwares/haproxy/haproxy.sock mode 600 level admin
    user haproxy
    group haproxy
    daemon
    nbproc 2
    cpu-map 1 0
    cpu-map 2 1
    nbthread 2
    pidfile /yinzhengjie/softwares/haproxy/haproxy.pid
    log 127.0.0.1 local5 info

defaults
    option http-keep-alive
    option  forwardfor
    option redispatch
    option abortonclose
    maxconn 100000
    mode http
    timeout connect 300000ms
    timeout client  300000ms
    timeout server  300000ms
    errorloc 503 http://node107.yinzhengjie.org.cn/monitor/503.html
listen status_page
    bind 172.30.1.102:8888
    stats enable
    stats uri /haproxy-status
    stats auth    admin:yinzhengjie
    stats realm "Welcome to the haproxy load balancer status page of YinZhengjie"
    stats hide-version
    stats admin if TRUE
    stats refresh 5s

frontend WEB_PORT_80
    bind 172.30.1.102:80
    mode http
    #定义ACL匹配所有以".php"结尾的文件的php程序
    acl php_server path_end -i .php
    #将php的请求交给nginx服务器去处理.
    use_backend nginx_php if php_server
    #定义ACL匹配所有访问路径
    acl static_path path_beg -i /static /images /javascript
    #将图片的请求交给httpd服务器去处理.
    use_backend apache_httpd if static_path
    default_backend backup_web

backend nginx_php
    server web04 172.30.1.104:80  check inter 3000 fall 3 rise 5

backend apache_httpd
    server web03 172.30.1.103:80  check inter 3000 fall 3 rise 5

backend backup_web
    server web03 172.30.1.108:80  check inter 3000 fall 3 rise 5 
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# systemctl restart haproxy　　　　　　　　　　　　　　#别忘记重启haproxy使得配置文件生效哟~
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]#

2>.查看haproxy的监听端口和进程信息

[root@node102.yinzhengjie.org.cn ~]# ss -ntl
State       Recv-Q Send-Q                           Local Address:Port                                          Peer Address:Port              
LISTEN      0      128                               172.30.1.102:80                                                       *:*                  
LISTEN      0      128                                          *:22                                                       *:*                  
LISTEN      0      128                               172.30.1.102:8888                                                     *:*                  
LISTEN      0      128                                         :::22                                                      :::*                  
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# ps -ef | grep haproxy | grep -v grep
root     20587     1  0 20:09 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
haproxy  20589 20587  0 20:09 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
haproxy  20590 20587  0 20:09 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]#

3>.查看haproxy的状态页(http://node102.yinzhengjie.org.cn:8888/haproxy-status)