负载均衡入门:HAProxy 双 Web 节点集群配置与验证
HAProxy安装
为了更好的快速掌握 HAProxy 的安装和使用,我们以一个案例来进行讲解。首先根据以下要求进行虚拟机的克隆。
| 编号 | 主机 | IP | 软件 | 系统 |
|---|---|---|---|---|
| 1 | lb01 | 192.168.72.100 | haproxy | redhat 9.7 |
| 2 | web1 | 192.168.72.10 | nginx | redhat 9.7 |
| 3 | web2 | 192.168.72.20 | nginx | redhat 9.7 |
1.1 搭建Web1
1、克隆一台虚拟机,初始化虚拟机(ip ,主机名,关闭防火墙,selinux)
[root@node1 ~]# hostnamectl set-hostname web1&&bash
[root@web1 ~]# systemctl disable firewalld.service
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
[root@web1 ~]# setenforce 0
[root@web1 ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/config
下载nginx
[root@web1 ~]# dnf install nginx -y
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.
BaseOS 2.7 MB/s | 2.7 kB 00:00
AppStream 3.1 MB/s | 3.2 kB 00:00
Package nginx-2:1.20.1-22.el9.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
修改欢迎页
[root@web1 ~]# echo "$(hostname) $(hostname -I)" > /usr/share/nginx/html/index.html
[root@web1 ~]# echo "health" > /usr/share/nginx/html/test.html
启动nginx并测试
[root@web1 ~]# systemctl start nginx
[root@web1 ~]# curl localhost
web1 192.168.72.10
[root@web1 ~]# curl 192.168.72.10
web1 192.168.72.10
[root@web1 ~]#
1.2 搭建Web2
1、克隆一台虚拟机,初始化虚拟机(ip ,主机名,关闭防火墙,selinux)
[root@node1 ~]# hostnamectl set-hostname web2&&bash
[root@web2 ~]# systemctl disable firewalld.service
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
[root@web2 ~]# setenforce 0
[root@web2 ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/config
下载nginx
[root@web2 ~]# dnf install nginx -y
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.
BaseOS 2.7 MB/s | 2.7 kB 00:00
AppStream 3.1 MB/s | 3.2 kB 00:00
Package nginx-2:1.20.1-22.el9.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@web2 ~]#
修改欢迎页,创建健康检测页面
[root@web2~]# echo "$(hostname) $(hostname -I)" > /usr/share/nginx/html/index.html
[root@web2 ~]# echo "health" > /usr/share/nginx/html/test.html
启动nginx并测试
[root@web2 ~]# systemctl start nginx
[root@web2~]# curl localhost
web1 192.168.72.20
[root@web2~]# curl 192.168.72.20
web1 192.168.72.20
[root@web2 ~]#
1.3 搭建HAProxy
1、克隆一台虚拟机,初始化虚拟机(ip ,主机名,关闭防火墙,selinux)
[root@node1 ~]# hostnamectl set-hostname lb1&&bash
[root@lb1 ~]# systemctl disable firewalld.service
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
[root@lb1 ~]# setenforce 0
[root@lb1 ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/config
下载haproxy
[root@lb1 ~]# dnf install haproxy -y
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.
BaseOS 2.7 MB/s | 2.7 kB 00:00
AppStream 3.1 MB/s | 3.2 kB 00:00
Dependencies resolved.
============================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================
Installing:
haproxy x86_64 2.4.22-4.el9 AppStream 2.2 M
Transaction Summary
============================================================================================================================
Install 1 Package
Total size: 2.2 M
Installed size: 6.6 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: haproxy-2.4.22-4.el9.x86_64 1/1
Installing : haproxy-2.4.22-4.el9.x86_64 1/1
Running scriptlet: haproxy-2.4.22-4.el9.x86_64 1/1
Verifying : haproxy-2.4.22-4.el9.x86_64 1/1
Installed products updated.
Installed:
haproxy-2.4.22-4.el9.x86_64
Complete!
验证haproxy
[root@lb1 ~]# haproxy -v
HAProxy version 2.4.22-f8e3218 2023/02/14 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2026.
Known bugs: http://www.haproxy.org/bugs/bugs-2.4.22.html
Running on: Linux 5.14.0-570.12.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Apr 4 10:41:31 EDT 2025 x86_64
查看配置文件路径
[root@lb1 ~]# rpm -qc haproxy
/etc/haproxy/haproxy.cfg # 核心配置文件路径
/etc/logrotate.d/haproxy
/etc/sysconfig/haproxy # 启动选项所在文件
修改配置文件
[root@lb1 ~]# cp /etc/haproxy/haproxy.cfg{,.bak}
[root@lb1 ~]# vim /etc/haproxy/haproxy.cfg
[root@lb1 ~]# cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend main
bind *:80
default_backend webcluster
backend webcluster
balance roundrobin
option httpchk GET /test.html
server web1 192.168.72.10:80 check inter 2000 rise 2 fall 2 weight 2
server web2 192.168.72.20:80 check inter 2000 rise 2 fall 2 weight 2
listen admin_status
bind *:9129
stats refresh 30s
stats uri /admin
stats auth admin:admin123
stats hide-version
stats admin if TRUE
启动haproxy
[root@lb1 ~]# systemctl start haproxy
[root@lb1 ~]# systemctl stop firewalld
打开浏览器访问
http://192.168.72.100:9129/admin
输出后,会弹出输入用户名和密码的窗口,我们输入在配置文件中配置的用户名(admin)和密码(admin123)后就可以登录成功。登录成功后就可以看到如下的界面了。
