HAProxy的高级配置选项-haproxy的四层负载及访问控制案例

本文涉及的产品
Redis 开源版,标准版 2GB
推荐场景:
搭建游戏排行榜
RDS MySQL Serverless 基础系列,0.5-2RCU 50GB
云数据库 Tair(兼容Redis),内存型 2GB
简介: 这篇文章介绍了HAProxy的高级配置选项,特别是如何进行四层负载均衡和基于策略的访问控制。通过实战案例,展示了如何配置HAProxy以实现对特定IP地址的访问控制,以及如何通过四层负载均衡将流量分配到后端的MySQL和Redis服务。

作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。

一.安装MariaDB并授权

1>.安装MariaDB数据库

[root@node107.yizhengjie.org.cn ~]# yum -y install mariadb-server
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.huaweicloud.com
Resolving Dependencies
--> Running transaction check
---> Package mariadb-server.x86_64 1:5.5.64-1.el7 will be installed
--> Processing Dependency: mariadb-libs(x86-64) = 1:5.5.64-1.el7 for package: 1:mariadb-server-5.5.64-1.el7.x86_64
--> Processing Dependency: mariadb(x86-64) = 1:5.5.64-1.el7 for package: 1:mariadb-server-5.5.64-1.el7.x86_64
--> Processing Dependency: perl-DBI for package: 1:mariadb-server-5.5.64-1.el7.x86_64
--> Processing Dependency: perl-DBD-MySQL for package: 1:mariadb-server-5.5.64-1.el7.x86_64
--> Processing Dependency: perl(DBI) for package: 1:mariadb-server-5.5.64-1.el7.x86_64
--> Running transaction check
---> Package mariadb.x86_64 1:5.5.64-1.el7 will be installed
---> Package mariadb-libs.x86_64 1:5.5.60-1.el7_5 will be updated
---> Package mariadb-libs.x86_64 1:5.5.64-1.el7 will be an update
---> Package perl-DBD-MySQL.x86_64 0:4.023-6.el7 will be installed
---> Package perl-DBI.x86_64 0:1.627-4.el7 will be installed
--> Processing Dependency: perl(RPC::PlServer) >= 0.2001 for package: perl-DBI-1.627-4.el7.x86_64
--> Processing Dependency: perl(RPC::PlClient) >= 0.2000 for package: perl-DBI-1.627-4.el7.x86_64
--> Running transaction check
---> Package perl-PlRPC.noarch 0:0.2020-14.el7 will be installed
--> Processing Dependency: perl(Net::Daemon) >= 0.13 for package: perl-PlRPC-0.2020-14.el7.noarch
--> Processing Dependency: perl(Net::Daemon::Test) for package: perl-PlRPC-0.2020-14.el7.noarch
--> Processing Dependency: perl(Net::Daemon::Log) for package: perl-PlRPC-0.2020-14.el7.noarch
--> Running transaction check
---> Package perl-Net-Daemon.noarch 0:0.48-5.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================
 Package                          Arch                    Version                           Repository             Size
========================================================================================================================
Installing:
 mariadb-server                   x86_64                  1:5.5.64-1.el7                    base                   11 M
Installing for dependencies:
 mariadb                          x86_64                  1:5.5.64-1.el7                    base                  8.7 M
 perl-DBD-MySQL                   x86_64                  4.023-6.el7                       base                  140 k
 perl-DBI                         x86_64                  1.627-4.el7                       base                  802 k
 perl-Net-Daemon                  noarch                  0.48-5.el7                        base                   51 k
 perl-PlRPC                       noarch                  0.2020-14.el7                     base                   36 k
Updating for dependencies:
 mariadb-libs                     x86_64                  1:5.5.64-1.el7                    base                  759 k

Transaction Summary
========================================================================================================================
Install  1 Package  (+5 Dependent packages)
Upgrade             ( 1 Dependent package)

Total download size: 22 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/7): mariadb-libs-5.5.64-1.el7.x86_64.rpm                                                      | 759 kB  00:00:00     
(2/7): mariadb-5.5.64-1.el7.x86_64.rpm                                                                                                               | 8.7 MB  00:00:04     
(3/7): perl-DBD-MySQL-4.023-6.el7.x86_64.rpm                                                                                                         | 140 kB  00:00:00     
(4/7): perl-DBI-1.627-4.el7.x86_64.rpm                                                                                                               | 802 kB  00:00:00     
(5/7): perl-Net-Daemon-0.48-5.el7.noarch.rpm                                                                                                         |  51 kB  00:00:00     
(6/7): perl-PlRPC-0.2020-14.el7.noarch.rpm                                                                                                           |  36 kB  00:00:00     
(7/7): mariadb-server-5.5.64-1.el7.x86_64.rpm                                                                                                        |  11 MB  00:00:04     
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                       4.5 MB/s |  22 MB  00:00:04     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : 1:mariadb-libs-5.5.64-1.el7.x86_64                                                                                                                       1/8 
  Installing : 1:mariadb-5.5.64-1.el7.x86_64                                                                                                                            2/8 
  Installing : perl-Net-Daemon-0.48-5.el7.noarch                                                                                                                        3/8 
  Installing : perl-PlRPC-0.2020-14.el7.noarch                                                                                                                          4/8 
  Installing : perl-DBI-1.627-4.el7.x86_64                                                                                                                              5/8 
  Installing : perl-DBD-MySQL-4.023-6.el7.x86_64                                                                                                                        6/8 
  Installing : 1:mariadb-server-5.5.64-1.el7.x86_64                                                                                                                     7/8 
  Cleanup    : 1:mariadb-libs-5.5.60-1.el7_5.x86_64                                                                                                                     8/8 
  Verifying  : 1:mariadb-libs-5.5.64-1.el7.x86_64                                                                                                                       1/8 
  Verifying  : perl-Net-Daemon-0.48-5.el7.noarch                                                                                                                        2/8 
  Verifying  : 1:mariadb-5.5.64-1.el7.x86_64                                                                                                                            3/8 
  Verifying  : perl-DBD-MySQL-4.023-6.el7.x86_64                                                                                                                        4/8 
  Verifying  : 1:mariadb-server-5.5.64-1.el7.x86_64                                                                                                                     5/8 
  Verifying  : perl-DBI-1.627-4.el7.x86_64                                                                                                                              6/8 
  Verifying  : perl-PlRPC-0.2020-14.el7.noarch                                                                                                                          7/8 
  Verifying  : 1:mariadb-libs-5.5.60-1.el7_5.x86_64                                                                                                                     8/8 

Installed:
  mariadb-server.x86_64 1:5.5.64-1.el7                                                                                                                                      

Dependency Installed:
  mariadb.x86_64 1:5.5.64-1.el7  perl-DBD-MySQL.x86_64 0:4.023-6.el7  perl-DBI.x86_64 0:1.627-4.el7  perl-Net-Daemon.noarch 0:0.48-5.el7  perl-PlRPC.noarch 0:0.2020-14.el7 

Dependency Updated:
  mariadb-libs.x86_64 1:5.5.64-1.el7                                                                                                                                        

Complete!
[root@node107.yizhengjie.org.cn ~]#

[root@node107.yizhengjie.org.cn ~]# yum -y install mariadb-server

2>.启动数据库

[root@node107.yizhengjie.org.cn ~]# ss -ntl
State      Recv-Q Send-Q                                         Local Address:Port                                                        Peer Address:Port              
LISTEN     0      128                                                        *:80                                                                     *:*                  
LISTEN     0      128                                                        *:22                                                                     *:*                  
LISTEN     0      128                                                       :::22                                                                    :::*                  
[root@node107.yizhengjie.org.cn ~]# 
[root@node107.yizhengjie.org.cn ~]# systemctl start mariadb
[root@node107.yizhengjie.org.cn ~]# 
[root@node107.yizhengjie.org.cn ~]# 
[root@node107.yizhengjie.org.cn ~]# ss -ntl
State      Recv-Q Send-Q                                         Local Address:Port                                                        Peer Address:Port              
LISTEN     0      50                                                         *:3306                                                                   *:*                  
LISTEN     0      128                                                        *:80                                                                     *:*                  
LISTEN     0      128                                                        *:22                                                                     *:*                  
LISTEN     0      128                                                       :::22                                                                    :::*                  
[root@node107.yizhengjie.org.cn ~]#

3>.对数据库进行安全初始化操作

[root@node107.yizhengjie.org.cn ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
[root@node107.yizhengjie.org.cn ~]#

4>.授权Nginx服务器可以连接MySQL数据库

[root@node107.yizhengjie.org.cn ~]# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 5.5.64-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'jason'@'172.30.1.102' IDENTIFIED BY 'yinzhengjie' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> 
MariaDB [(none)]> SELECT user,host,password FROM mysql.user;
+-------+--------------+-------------------------------------------+
| user  | host         | password                                  |
+-------+--------------+-------------------------------------------+
| root  | localhost    | *BD0B1F48FDC55BD27555FC2F22FF29A68A25A1D7 |
| root  | 127.0.0.1    | *BD0B1F48FDC55BD27555FC2F22FF29A68A25A1D7 |
| root  | ::1          | *BD0B1F48FDC55BD27555FC2F22FF29A68A25A1D7 |
| jason | 172.30.1.102 | *BD0B1F48FDC55BD27555FC2F22FF29A68A25A1D7 |
+-------+--------------+-------------------------------------------+
4 rows in set (0.00 sec)

MariaDB [(none)]> 
MariaDB [(none)]> SHOW GRANTS FOR jason@'172.30.1.102';
+--------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for jason@172.30.1.102                                                                                                              |
+--------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'jason'@'172.30.1.102' IDENTIFIED BY PASSWORD '*BD0B1F48FDC55BD27555FC2F22FF29A68A25A1D7' WITH GRANT OPTION |
+--------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

MariaDB [(none)]> 
MariaDB [(none)]> QUIT
Bye
[root@node107.yizhengjie.org.cn ~]# 
[root@node107.yizhengjie.org.cn ~]#

5>.haproxy节点测试连接数据库**

[root@node102.yinzhengjie.org.cn ~]# yum -y install mysql
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink                                                                                                      | 8.3 kB  00:00:00     
 * base: mirrors.aliyun.com
 * epel: mirrors.tuna.tsinghua.edu.cn
 * extras: mirror.bit.edu.cn
 * updates: mirrors.aliyun.com
base                                                                                                                      | 3.6 kB  00:00:00     
epel                                                                                                                      | 5.3 kB  00:00:00     
extras                                                                                                                    | 2.9 kB  00:00:00     
updates                                                                                                                   | 2.9 kB  00:00:00     
(1/2): epel/x86_64/updateinfo                                                                                             | 1.0 MB  00:00:07     
(2/2): epel/x86_64/primary_db                                                                                             | 6.9 MB  00:00:16     
Resolving Dependencies
--> Running transaction check
---> Package mariadb.x86_64 1:5.5.64-1.el7 will be installed
--> Processing Dependency: mariadb-libs(x86-64) = 1:5.5.64-1.el7 for package: 1:mariadb-5.5.64-1.el7.x86_64
--> Running transaction check
---> Package mariadb-libs.x86_64 1:5.5.60-1.el7_5 will be updated
---> Package mariadb-libs.x86_64 1:5.5.64-1.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved

=================================================================================================================================================
 Package                              Arch                           Version                                  Repository                    Size
=================================================================================================================================================
Installing:
 mariadb                              x86_64                         1:5.5.64-1.el7                           base                         8.7 M
Updating for dependencies:
 mariadb-libs                         x86_64                         1:5.5.64-1.el7                           base                         759 k

Transaction Summary
=================================================================================================================================================
Install  1 Package
Upgrade             ( 1 Dependent package)

Total download size: 9.5 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/2): mariadb-libs-5.5.64-1.el7.x86_64.rpm                                                                               | 759 kB  00:00:06     
(2/2): mariadb-5.5.64-1.el7.x86_64.rpm                                                                                    | 8.7 MB  00:00:16     
-------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                            594 kB/s | 9.5 MB  00:00:16     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : 1:mariadb-libs-5.5.64-1.el7.x86_64                                                                                            1/3 
  Installing : 1:mariadb-5.5.64-1.el7.x86_64                                                                                                 2/3 
  Cleanup    : 1:mariadb-libs-5.5.60-1.el7_5.x86_64                                                                                          3/3 
  Verifying  : 1:mariadb-libs-5.5.64-1.el7.x86_64                                                                                            1/3 
  Verifying  : 1:mariadb-5.5.64-1.el7.x86_64                                                                                                 2/3 
  Verifying  : 1:mariadb-libs-5.5.60-1.el7_5.x86_64                                                                                          3/3 

Installed:
  mariadb.x86_64 1:5.5.64-1.el7                                                                                                                  

Dependency Updated:
  mariadb-libs.x86_64 1:5.5.64-1.el7                                                                                                             

Complete!
[root@node102.yinzhengjie.org.cn ~]#

[root@node102.yinzhengjie.org.cn ~]# yum -y install mysql          #安装MariaDB的命令行连接工具mysql

[root@node102.yinzhengjie.org.cn ~]# mysql -h node107.yinzhengjie.org.cn -u jason -pyinzhengjie        #测试连接,可以成功登录~
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 5.5.64-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)

MariaDB [(none)]> QUIT
Bye
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]#

二.安装Redis并授权

1>.安装epel源

[root@node106.yinzhengjie.org.cn ~]# yum -y install epel-release
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.bit.edu.cn
 * extras: mirror.bit.edu.cn
 * updates: mirror.bit.edu.cn
base                                                                                                            | 3.6 kB  00:00:00     
extras                                                                                                          | 2.9 kB  00:00:00     
updates                                                                                                         | 2.9 kB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-11 will be installed
--> Finished Dependency Resolution
Dependencies Resolved

=======================================================================================================================================
 Package                              Arch                           Version                      Repository                      Size
=======================================================================================================================================
Installing:
 epel-release                         noarch                         7-11                         extras                          15 k

Transaction Summary
=======================================================================================================================================
Install  1 Package

Total download size: 15 k
Installed size: 24 k
Downloading packages:
epel-release-7-11.noarch.rpm                                                                                    |  15 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : epel-release-7-11.noarch                                                                                            1/1 
  Verifying  : epel-release-7-11.noarch                                                                                            1/1 

Installed:
  epel-release.noarch 0:7-11                                                                                                           

Complete!
[root@node106.yinzhengjie.org.cn ~]#

[root@node106.yinzhengjie.org.cn ~]# yum -y install epel-release

2>.利用epel源安装Redis服务

[root@node106.yinzhengjie.org.cn ~]# yum info redis
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink                                                                                            | 8.3 kB  00:00:00     
 * base: mirror.bit.edu.cn
 * epel: mirrors.tuna.tsinghua.edu.cn
 * extras: mirror.bit.edu.cn
 * updates: mirror.bit.edu.cn
epel                                                                                                            | 5.3 kB  00:00:00     
(1/3): epel/x86_64/group_gz                                                                                     |  90 kB  00:00:00     
(2/3): epel/x86_64/updateinfo                                                                                   | 1.0 MB  00:00:02     
(3/3): epel/x86_64/primary_db                                                                                   | 6.9 MB  00:00:06     
Available Packages
Name        : redis
Arch        : x86_64
Version     : 3.2.12
Release     : 2.el7
Size        : 544 k
Repo        : epel/x86_64
Summary     : A persistent key-value database
URL         : http://redis.io
License     : BSD
Description : Redis is an advanced key-value store. It is often referred to as a data
            : structure server since keys can contain strings, hashes, lists, sets and
            : sorted sets.
            : 
            : You can run atomic operations on these types, like appending to a string;
            : incrementing the value in a hash; pushing to a list; computing set
            : intersection, union and difference; or getting the member with highest
            : ranking in a sorted set.
            : 
            : In order to achieve its outstanding performance, Redis works with an
            : in-memory dataset. Depending on your use case, you can persist it either
            : by dumping the dataset to disk every once in a while, or by appending
            : each command to a log.
            : 
            : Redis also supports trivial-to-setup master-slave replication, with very
            : fast non-blocking first synchronization, auto-reconnection on net split
            : and so forth.
            : 
            : Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
            : limited time-to-live, and configuration settings to make Redis behave like
            : a cache.
            : 
            : You can use Redis from most programming languages also.

[root@node106.yinzhengjie.org.cn ~]#

[root@node106.yinzhengjie.org.cn ~]# yum info redis

[root@node106.yinzhengjie.org.cn ~]# yum -y install redis
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.bit.edu.cn
 * epel: mirrors.tuna.tsinghua.edu.cn
 * extras: mirror.bit.edu.cn
 * updates: mirror.bit.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package redis.x86_64 0:3.2.12-2.el7 will be installed
--> Processing Dependency: libjemalloc.so.1()(64bit) for package: redis-3.2.12-2.el7.x86_64
--> Running transaction check
---> Package jemalloc.x86_64 0:3.6.0-1.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================
 Package                         Arch                          Version                               Repository                   Size
=======================================================================================================================================
Installing:
 redis                           x86_64                        3.2.12-2.el7                          epel                        544 k
Installing for dependencies:
 jemalloc                        x86_64                        3.6.0-1.el7                           epel                        105 k

Transaction Summary
=======================================================================================================================================
Install  1 Package (+1 Dependent package)

Total download size: 648 k
Installed size: 1.7 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/epel/packages/redis-3.2.12-2.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEYTA 
Public key for redis-3.2.12-2.el7.x86_64.rpm is not installed
(1/2): redis-3.2.12-2.el7.x86_64.rpm                                                                            | 544 kB  00:00:00     
(2/2): jemalloc-3.6.0-1.el7.x86_64.rpm                                                                          | 105 kB  00:00:06     
---------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                  102 kB/s | 648 kB  00:00:06     
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Importing GPG key 0x352C64E5:
 Userid     : "Fedora EPEL (7) <epel@fedoraproject.org>"
 Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
 Package    : epel-release-7-11.noarch (@extras)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : jemalloc-3.6.0-1.el7.x86_64                                                                                         1/2 
  Installing : redis-3.2.12-2.el7.x86_64                                                                                           2/2 
  Verifying  : redis-3.2.12-2.el7.x86_64                                                                                           1/2 
  Verifying  : jemalloc-3.6.0-1.el7.x86_64                                                                                         2/2 

Installed:
  redis.x86_64 0:3.2.12-2.el7                                                                                                          

Dependency Installed:
  jemalloc.x86_64 0:3.6.0-1.el7                                                                                                        

Complete!
[root@node106.yinzhengjie.org.cn ~]#

[root@node106.yinzhengjie.org.cn ~]# yum -y install redis

[root@node106.yinzhengjie.org.cn ~]# rpm -ql redis
/etc/logrotate.d/redis
/etc/redis-sentinel.conf
/etc/redis.conf
/etc/systemd/system/redis-sentinel.service.d
/etc/systemd/system/redis-sentinel.service.d/limit.conf
/etc/systemd/system/redis.service.d
/etc/systemd/system/redis.service.d/limit.conf
/usr/bin/redis-benchmark
/usr/bin/redis-check-aof
/usr/bin/redis-check-rdb
/usr/bin/redis-cli
/usr/bin/redis-sentinel
/usr/bin/redis-server
/usr/lib/systemd/system/redis-sentinel.service
/usr/lib/systemd/system/redis.service
/usr/libexec/redis-shutdown
/usr/share/doc/redis-3.2.12
/usr/share/doc/redis-3.2.12/00-RELEASENOTES
/usr/share/doc/redis-3.2.12/BUGS
/usr/share/doc/redis-3.2.12/CONTRIBUTING
/usr/share/doc/redis-3.2.12/MANIFESTO
/usr/share/doc/redis-3.2.12/README.md
/usr/share/licenses/redis-3.2.12
/usr/share/licenses/redis-3.2.12/COPYING
/usr/share/man/man1/redis-benchmark.1.gz
/usr/share/man/man1/redis-check-aof.1.gz
/usr/share/man/man1/redis-check-rdb.1.gz
/usr/share/man/man1/redis-cli.1.gz
/usr/share/man/man1/redis-sentinel.1.gz
/usr/share/man/man1/redis-server.1.gz
/usr/share/man/man5/redis-sentinel.conf.5.gz
/usr/share/man/man5/redis.conf.5.gz
/var/lib/redis
/var/log/redis
/var/run/redis
[root@node106.yinzhengjie.org.cn ~]#

[root@node106.yinzhengjie.org.cn ~]# rpm -ql redis

3>.启动Redis

[root@node106.yinzhengjie.org.cn ~]# grep bind /etc/redis.conf | grep -v ^#
bind 127.0.0.1
[root@node106.yinzhengjie.org.cn ~]# 
[root@node106.yinzhengjie.org.cn ~]# vim /etc/redis.conf 
[root@node106.yinzhengjie.org.cn ~]# 
[root@node106.yinzhengjie.org.cn ~]# grep bind /etc/redis.conf | grep -v ^#
bind 172.30.1.106
[root@node106.yinzhengjie.org.cn ~]# 
[root@node106.yinzhengjie.org.cn ~]# ss -ntl
State       Recv-Q Send-Q                      Local Address:Port                                     Peer Address:Port              
LISTEN      0      128                                     *:80                                                  *:*                  
LISTEN      0      128                                     *:22                                                  *:*                  
LISTEN      0      128                                    :::22                                                 :::*                  
[root@node106.yinzhengjie.org.cn ~]# 
[root@node106.yinzhengjie.org.cn ~]# systemctl start redis
[root@node106.yinzhengjie.org.cn ~]# 
[root@node106.yinzhengjie.org.cn ~]# ss -ntl
State       Recv-Q Send-Q                      Local Address:Port                                     Peer Address:Port              
LISTEN      0      128                          172.30.1.106:6379                                                *:*                  
LISTEN      0      128                                     *:80                                                  *:*                  
LISTEN      0      128                                     *:22                                                  *:*                  
LISTEN      0      128                                    :::22                                                 :::*                  
[root@node106.yinzhengjie.org.cn ~]# 
[root@node106.yinzhengjie.org.cn ~]#

三.基于haproxy实现四层负载案例实战

1>.编辑haproxy的配置文件

[root@node102.yinzhengjie.org.cn ~]# cat /etc/haproxy/haproxy.cfg
global
    maxconn 100000
    chroot /yinzhengjie/softwares/haproxy
    stats socket /yinzhengjie/softwares/haproxy/haproxy.sock mode 600 level admin
    user haproxy
    group haproxy
    daemon
    nbproc 2
    cpu-map 1 0
    cpu-map 2 1
    nbthread 2
    pidfile /yinzhengjie/softwares/haproxy/haproxy.pid
    log 127.0.0.1 local5 info

defaults
    option http-keep-alive
    option  forwardfor
    option redispatch
    option abortonclose
    maxconn 100000
    mode http
    timeout connect 300000ms
    timeout client  300000ms
    timeout server  300000ms
    errorloc 503 http://node107.yinzhengjie.org.cn/monitor/503.html
listen status_page
    bind 172.30.1.102:8888
    stats enable
    stats uri /haproxy-status
    stats auth    admin:yinzhengjie
    stats realm "Welcome to the haproxy load balancer status page of YinZhengjie"
    stats hide-version
    stats admin if TRUE
    stats refresh 5s

listen redis-port
    bind 172.30.1.102:6379
    mode tcp
    balance leastconn
    server redis01 172.30.1.106:6379 check
    server redis02 172.30.1.107:6379 check backup

listen mysql-port
    bind 172.30.1.102:3306
    mode tcp
    balance leastconn
    server mysql01 172.30.1.106:3306 check backup
    server mysql02 172.30.1.107:3306 check
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# systemctl restart haproxy
[root@node102.yinzhengjie.org.cn ~]#

2>.查看haproxy的端口和进程信息

[root@node102.yinzhengjie.org.cn ~]# ss -ntl
State       Recv-Q Send-Q                           Local Address:Port                                          Peer Address:Port              
LISTEN      0      128                               172.30.1.102:3306                                                     *:*                  
LISTEN      0      128                               172.30.1.102:6379                                                     *:*                  
LISTEN      0      128                                          *:22                                                       *:*                  
LISTEN      0      128                               172.30.1.102:8888                                                     *:*                  
LISTEN      0      128                                         :::22                                                      :::*                  
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# ps -ef | grep haproxy | grep -v grep
root     21396     1  0 22:31 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
haproxy  21397 21396  0 22:31 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
haproxy  21398 21396  0 22:31 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]#

3>.查看haproxy的状态页

4>.客户端安装连接工具

[root@node105.yinzhengjie.org.cn ~]# yum -y install epel-release
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.bit.edu.cn
 * extras: mirrors.huaweicloud.com
 * updates: mirror.bit.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-11 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

============================================================================================================================================================================
 Package                                       Arch                                    Version                                Repository                               Size
============================================================================================================================================================================
Installing:
 epel-release                                  noarch                                  7-11                                   extras                                   15 k

Transaction Summary
============================================================================================================================================================================
Install  1 Package

Total download size: 15 k
Installed size: 24 k
Downloading packages:
epel-release-7-11.noarch.rpm                                                                                                                         |  15 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : epel-release-7-11.noarch                                                                                                                                 1/1 
  Verifying  : epel-release-7-11.noarch                                                                                                                                 1/1 

Installed:
  epel-release.noarch 0:7-11                                                                                                                                                

Complete!
[root@node105.yinzhengjie.org.cn ~]#

[root@node105.yinzhengjie.org.cn ~]# yum -y install epel-release

[root@node105.yinzhengjie.org.cn ~]# yum -y install mariadb-5.5.64-1.el7.x86_64  redis-3.2.12-2.el7.x86_64
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.bit.edu.cn
 * extras: mirrors.huaweicloud.com
 * updates: mirror.bit.edu.cn
No package redis-3.2.12-2.el7.x86_64 available.
Resolving Dependencies
--> Running transaction check
---> Package mariadb.x86_64 1:5.5.64-1.el7 will be installed
--> Processing Dependency: mariadb-libs(x86-64) = 1:5.5.64-1.el7 for package: 1:mariadb-5.5.64-1.el7.x86_64
--> Running transaction check
---> Package mariadb-libs.x86_64 1:5.5.60-1.el7_5 will be updated
---> Package mariadb-libs.x86_64 1:5.5.64-1.el7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================
 Package                        Arch                     Version                           Repository              Size
========================================================================================================================
Installing:
 mariadb                        x86_64                   1:5.5.64-1.el7                    base                   8.7 M
Updating for dependencies:
 mariadb-libs                   x86_64                   1:5.5.64-1.el7                    base                   759 k

Transaction Summary
========================================================================================================================
Install  1 Package
Upgrade             ( 1 Dependent package)

Total download size: 9.5 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/2): mariadb-libs-5.5.64-1.el7.x86_64.rpm                                                      | 759 kB  00:00:00     
(2/2): mariadb-5.5.64-1.el7.x86_64.rpm                                                           | 8.7 MB  00:00:01     
------------------------------------------------------------------------------------------------------------------------
Total                                                                                   8.7 MB/s | 9.5 MB  00:00:01     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : 1:mariadb-libs-5.5.64-1.el7.x86_64                                                                   1/3 
  Installing : 1:mariadb-5.5.64-1.el7.x86_64                                                                        2/3 
  Cleanup    : 1:mariadb-libs-5.5.60-1.el7_5.x86_64                                                                 3/3 
  Verifying  : 1:mariadb-libs-5.5.64-1.el7.x86_64                                                                                                                       1/3 
  Verifying  : 1:mariadb-5.5.64-1.el7.x86_64                                                                                                                            2/3 
  Verifying  : 1:mariadb-libs-5.5.60-1.el7_5.x86_64                                                                                                                     3/3 

Installed:
  mariadb.x86_64 1:5.5.64-1.el7                                                                                                                                             

Dependency Updated:
  mariadb-libs.x86_64 1:5.5.64-1.el7                                                                                                                                        

Complete!
[root@node105.yinzhengjie.org.cn ~]#

[root@node105.yinzhengjie.org.cn ~]# yum -y install mariadb-5.5.64-1.el7.x86_64 redis-3.2.12-2.el7.x86_64

5>.连接haproxy的3306端口

[root@node105.yinzhengjie.org.cn ~]# mysql -h node102.yinzhengjie.org.cn -u jason -pyinzhengjie
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 13
Server version: 5.5.64-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> 
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)

MariaDB [(none)]> QUIT
Bye
[root@node105.yinzhengjie.org.cn ~]# 
[root@node105.yinzhengjie.org.cn ~]#

6>.连接haproxy的6379端口

[root@node105.yinzhengjie.org.cn ~]# redis-cli -h node102.yinzhengjie.org.cn
node102.yinzhengjie.org.cn:6379> 
node102.yinzhengjie.org.cn:6379> set name jason
OK
node102.yinzhengjie.org.cn:6379> get name
"jason"
node102.yinzhengjie.org.cn:6379> 
node102.yinzhengjie.org.cn:6379> quit
[root@node105.yinzhengjie.org.cn ~]# 
[root@node105.yinzhengjie.org.cn ~]#

四.基于haproxy实现四层访问控制

1>.编辑haprox的配置文件

[root@node102.yinzhengjie.org.cn ~]# cat /etc/haproxy/haproxy.cfg
global
    maxconn 100000
    chroot /yinzhengjie/softwares/haproxy
    stats socket /yinzhengjie/softwares/haproxy/haproxy.sock mode 600 level admin
    user haproxy
    group haproxy
    daemon
    nbproc 2
    cpu-map 1 0
    cpu-map 2 1
    nbthread 2
    pidfile /yinzhengjie/softwares/haproxy/haproxy.pid
    log 127.0.0.1 local5 info

defaults
    option http-keep-alive
    option  forwardfor
    option redispatch
    option abortonclose
    maxconn 100000
    mode http
    timeout connect 300000ms
    timeout client  300000ms
    timeout server  300000ms
    errorloc 503 http://node107.yinzhengjie.org.cn/monitor/503.html
listen status_page
    bind 172.30.1.102:8888
    stats enable
    stats uri /haproxy-status
    stats auth    admin:yinzhengjie
    stats realm "Welcome to the haproxy load balancer status page of YinZhengjie"
    stats hide-version
    stats admin if TRUE
    stats refresh 5s

listen redis-port
    bind 172.30.1.102:6379
    mode tcp
    #定义拒绝的IP地址列表
  acl deny_list src 172.30.1.105 192.168.1.0/24
    #调用上面定义的规则
    tcp-request connection reject if deny_list
    balance leastconn
    server redis01 172.30.1.106:6379 check
    server redis02 172.30.1.107:6379 check backup

listen mysql-port
    bind 172.30.1.102:3306
    mode tcp
 acl invalid_src src 172.30.1.105 
    tcp-request connection reject if invalid_src
    balance leastconn
    server mysql01 172.30.1.106:3306 check backup
    server mysql02 172.30.1.107:3306 check
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# systemctl restart haproxy          #别忘记重启服务使得配置文件生效哟~
[root@node102.yinzhengjie.org.cn ~]#

2>.查看haproxy的端口和进程信息**

[root@node102.yinzhengjie.org.cn ~]# ss -ntl
State       Recv-Q Send-Q                           Local Address:Port                                          Peer Address:Port              
LISTEN      0      128                               172.30.1.102:3306                                                     *:*                  
LISTEN      0      128                               172.30.1.102:6379                                                     *:*                  
LISTEN      0      128                                          *:22                                                       *:*                  
LISTEN      0      128                               172.30.1.102:8888                                                     *:*                  
LISTEN      0      128                                         :::22                                                      :::*                  
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# ps -ef | grep haproxy | grep -v grep
root     21540     1  0 22:48 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
haproxy  21542 21540  0 22:48 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
haproxy  21543 21540  0 22:48 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]#

3>.查看haproxy的状态页

4>.使用"node105.yinzhengjie.org.cn"访问haproxy代理的mysql和redis服务,都被拒绝了,如下图所示。

5>.使用"node107.yinzhengjie.org.cn"访问haproxy代理的mysql和redis服务,是可以正常访问的,如下图所示。**

相关实践学习
消息队列+Serverless+Tablestore:实现高弹性的电商订单系统
基于消息队列以及函数计算,快速部署一个高弹性的商品订单系统,能够应对抢购场景下的高并发情况。
云安全基础课 - 访问控制概述
课程大纲 课程目标和内容介绍视频时长 访问控制概述视频时长 身份标识和认证技术视频时长 授权机制视频时长 访问控制的常见攻击视频时长
目录
相关文章
|
1月前
|
网络虚拟化 数据安全/隐私保护 数据中心
对比了思科和华为网络设备的基本配置、接口配置、VLAN配置、路由配置、访问控制列表配置及其他重要命令
本文对比了思科和华为网络设备的基本配置、接口配置、VLAN配置、路由配置、访问控制列表配置及其他重要命令,帮助网络工程师更好地理解和使用这两个品牌的产品。通过详细对比,展示了两者的相似之处和差异,强调了持续学习的重要性。
56 2
|
2月前
|
网络协议 网络虚拟化 数据安全/隐私保护
访问控制列表(ACL)配置
访问控制列表(ACL)配置
访问控制列表(ACL)配置
|
2月前
|
安全 Java 数据安全/隐私保护
如何配置 Java 安全管理器来避免访问控制异常
配置Java安全管理器以防止访问控制异常,需在启动JVM时通过 `-Djava.security.manager` 参数启用,并设置安全策略文件,定义权限规则,限制代码执行操作,确保应用安全。
177 1
|
3月前
|
Apache 数据安全/隐私保护
HAProxy的高级配置选项-ACL篇之基于源地址访问控制案例
这篇文章介绍了HAProxy的ACL(访问控制列表)功能,特别是如何基于源地址进行访问控制的高级配置选项,并通过实战案例展示了如何配置ACL规则以允许或阻止特定IP地址或IP范围的访问。
64 7
HAProxy的高级配置选项-ACL篇之基于源地址访问控制案例
|
3月前
|
Apache 数据安全/隐私保护
HAProxy的高级配置选项-ACL篇之基于策略的访问控制
这篇文章介绍了HAProxy的高级配置选项,特别是如何使用ACL(访问控制列表)进行基于策略的访问控制,通过实战案例展示了如何配置HAProxy以允许或拒绝来自特定源地址的访问。
85 6
HAProxy的高级配置选项-ACL篇之基于策略的访问控制
ly~
|
3月前
|
消息中间件 搜索推荐 大数据
一般情况下在 RocketMQ 中添加 access key 的步骤: 一、确定配置文件位置 RocketMQ 的配置文件通常位于安装目录下的 conf 文件夹中。你需要找到 broker.conf 或相关的配置文件。 二、编辑配置文件 打开配置文件,查找与 ACL(访问控制列表)相关的配置部分。 在配置文件中添加以下内容:
大数据广泛应用于商业、金融、医疗和政府等多个领域。在商业上,它支持精准营销、客户细分及流失预测,并优化供应链管理;金融领域则利用大数据进行风险评估、市场预测及欺诈检测;医疗行业通过大数据预测疾病、提供个性化治疗;政府运用大数据进行城市规划和公共安全管理;工业领域则借助大数据进行设备维护、故障预测及质量控制。
ly~
190 2
|
4月前
|
安全 Nacos 数据库
【技术安全大揭秘】Nacos暴露公网后被非法访问?!6大安全加固秘籍,手把手教你如何保护数据库免遭恶意篡改,打造坚不可摧的微服务注册与配置中心!从限制公网访问到启用访问控制,全方位解析如何构建安全防护体系,让您从此告别数据安全风险!
【8月更文挑战第15天】Nacos是一款广受好评的微服务注册与配置中心,但其公网暴露可能引发数据库被非法访问甚至篡改的安全隐患。本文剖析此问题并提供解决方案,包括限制公网访问、启用HTTPS、加强数据库安全、配置访问控制及监控等,帮助开发者确保服务安全稳定运行。
447 0
|
4月前
|
应用服务中间件 nginx 数据安全/隐私保护
nginx配置源IP访问控制
nginx配置源IP访问控制
|
7月前
|
网络虚拟化 数据安全/隐私保护 数据中心
【专栏】对比了思科与华为网络设备的基本配置、接口、VLAN、路由、访问控制列表及其它关键命令
【4月更文挑战第28天】本文对比了思科与华为网络设备的基本配置、接口、VLAN、路由、访问控制列表及其它关键命令。尽管两者在很多操作上相似,如设备命名(思科:`hostname`,华为:`sysname`)、查看版本信息(思科:`show version`,华为:`display version`),但在某些方面存在差异,如接口速率设置(两者都使用`speed`和`duplex`,但命令结构略有不同)和VLAN配置(华为的`port hybrid`命令)。
523 0
|
1月前
|
安全 网络安全 数据安全/隐私保护
访问控制列表(ACL)是网络安全中的一种重要机制,用于定义和管理对网络资源的访问权限
访问控制列表(ACL)是网络安全中的一种重要机制,用于定义和管理对网络资源的访问权限。它通过设置一系列规则,控制谁可以访问特定资源、在什么条件下访问以及可以执行哪些操作。ACL 可以应用于路由器、防火墙等设备,分为标准、扩展、基于时间和基于用户等多种类型,广泛用于企业网络和互联网中,以增强安全性和精细管理。
208 7

热门文章

最新文章