128.3. Example 配置实例

128.3.1. HTTP 配置实例

 cd /etc/haproxy/
 cp haproxy.cfg haproxy.cfg.old

# cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     40000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 40000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend  main *:80
#    acl url_static       path_beg       -i /static /images /javascript /stylesheets
#    acl url_static       path_end       -i .jpg .gif .png .css .js

#    use_backend static          if url_static
    default_backend             app

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#backend static
#    balance     roundrobin
#    server      static 172.16.0.6:80 check

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
    balance     roundrobin
    server  app1 10.0.0.68:80 check
    server  app2 10.0.0.69:80 check
#    server  app3 127.0.0.1:5003 check
#    server  app4 127.0.0.1:5004 check

[root@r610 haproxy]# /etc/init.d/haproxy start
Starting haproxy:                                          [  OK  ]

128.3.1.1. 插入Cookie会话保持

lobal
        log 127.0.0.1   local0
        log 127.0.0.1   local1 notice
        #log loghost    local0 info
        maxconn 4096
        #debug
        #quiet
        user haproxy
        group haproxy

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        redispatch
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000

listen web 192.168.0.1:80
       mode http
       balance roundrobin
       cookie JSESSIONID prefix
       option httpclose
       option forwardfor
       option httpchk HEAD /index.html HTTP/1.0
       server web1 192.168.0.2:80 cookie A check
       server web2 192.168.0.3:80 cookie B check

128.3.1.2. HTTP URL 检查

listen tomcat *:8080
        maxconn 4096
        mode http
        balance leastconn
        option httpclose # disable keep-alive
        option forwardfor
        option httpchk GET /index.jsp
		server tomcat_A 172.19.35.33:8080 check port 8080 inter 2000 rise 2 fall 3
		server tomcat_B 172.19.35.44:8080 check port 8080 inter 2000 rise 2 fall 3

128.3.2. Squid

global
	log 127.0.0.1	local0
	log 127.0.0.1	local1 notice
	#log loghost	local0 info
	maxconn 4096
	#chroot /usr/share/haproxy
	user haproxy
	group haproxy
	daemon
	#debug
	#quiet

defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
	retries	3
	option redispatch
	maxconn	2000
	contimeout	5000
	clitimeout	50000
	srvtimeout	50000

listen proxy	0.0.0.0:3128
	server	proxy_node_1	203.185.193.198:3128
	server	proxy_node_2	219.190.126.147:3128

128.3.3. haproxy + mysql 配置实例

例 128.1. haproxy + mysql 配置实例

# cat /etc/haproxy/haproxy.cfg | grep -v '#'

global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    stats socket /var/lib/haproxy/stats

defaults
    mode                    tcp
    log                     global
    option                  tcplog
    option                  dontlognull
    option                  redispatch
    retries                 3
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout check           10s
    maxconn                 3000

listen slave *:3306
	mode tcp
	balance leastconn
	option tcpka
	server  mysql_22 202.123.6.166:3306 check
	server  mysql_26 202.123.6.177:3306 check

listen stats :8000
        mode http
        transparent
        stats uri /haproxy-stats
        stats realm Haproxy \ statistic
        stats auth www:lJ2mXTjgtGIvRUN2qEE
		stats hide-version

listen  admin_status
        mode  http
        bind 0.0.0.0:8899
        option httplog
        stats enable
        stats refresh 10s
        stats hide-version
        stats realm Haproxy\ Statistics
        stats uri  /admin-status
        stats auth  admin:Ol9t1pk1zoJk3HctZivbR
        stats admin if TRUE

例 128.2. Haproxy MySQL (Master + Master)

listen  MYSQL_Slave *:3308
        mode tcp
        maxconn 4096
        balance leastconn
        server  mysql_A  172.18.50.21:3306  check port 3306 inter 2s rise 2 fall 3
        server  mysql_B  100.101.5.21:3306  check port 3306 inter 2s rise 2 fall 3

listen  MYSQL_Master *:3306
        mode tcp
        maxconn 2048
        balance roundrobin
        server  mysql1  172.18.50.16:3306 check port 3306 inter 3s rise 2 fall 3
        server  mysql2  102.101.5.26:3306 check port 3306 inter 3s rise 2 fall 3 backup

128.3.4. HTTPS SSL证书卸载配置实例

生成自签名证书的步骤, 如果你有购买的证书,此处略过

$ sudo mkdir /etc/ssl/example.com
$ sudo openssl genrsa -out /etc/ssl/example.com/example.com.key 1024
$ sudo openssl req -new -key /etc/ssl/example.com/example.com.key -out /etc/ssl/example.com/example.com.csr
> Country Name (2 letter code) [AU]:CN
> State or Province Name (full name) [Some-State]:Guangdong
> Locality Name (eg, city) []:Shenzhen
> Organization Name (eg, company) [Internet Widgits Pty Ltd]:example
> Organizational Unit Name (eg, section) []:
> Common Name (e.g. server FQDN or YOUR name) []:*.example.com
> Email Address []:
> Please enter the following 'extra' attributes to be sent with your certificate request
> A challenge password []:
> An optional company name []:
$ sudo openssl x509 -req -days 365 -in /etc/ssl/example.com/example.com.csr -signkey /etc/ssl/example.com/example.com.key -out /etc/ssl/example.com/example.com.crt

$ sudo cat /etc/ssl/example.com/example.com.crt /etc/ssl/example.com/example.com.key | sudo tee /etc/ssl/example.com/example.com.pem

/etc/haproxy/haproxy.cfg

frontend localhost
    bind *:80
    bind *:443 ssl crt /etc/ssl/example.com/example.com.pem
    mode http
    default_backend nodes

backend nodes
    mode http
    balance roundrobin
    option forwardfor
    option httpchk HEAD / HTTP/1.1\r\nHost:www.example.com
    server web01 172.16.0.1:80 check
    server web02 172.16.0.2:80 check
    server web03 172.16.0.3:80 check
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }

HTTP强行跳转倒HTTP的配置方法

frontend localhost
    bind *:80
    bind *:443 ssl crt /etc/ssl/example.com/example.com.pem
    redirect scheme https if !{ ssl_fc }
    mode http
    default_backend nodes

128.3.5. 使用TCP模式实现SSL穿透

frontend localhost
    bind *:80
    bind *:443
    option tcplog
    mode tcp
    default_backend nodes

backend nodes
    mode tcp
    balance roundrobin
    option ssl-hello-chk
    server web01 172.16.0.3:443 check
    server web02 172.16.0.4:443 check

128.3.6. SMTP

listen smtp
	bind *:25
	mode tcp
	balance leastconn
	option smtpchk
	server smtp1 173.254.223.53:25 check
	server smtp2 45.33.242.42:25 check

原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。

时间: 2024-10-26 05:27:20

128.3. Example 配置实例的相关文章

Cisco防火墙pix515配置实例

一.引言 硬件防火墙的应用,现在是越来越多,产品也很丰富.一般国产的防火墙多带有中文的说明和一些相应的配置实例,但国外的产品几乎都没有中文的说明书. 二.物理连接 Pix515的外观:是一种标准的机架式设备,高度为2U,电源开关和接线在背后.正面有一些指示灯,如电源.工作是否正常的表示等:背面板 有一些接口和扩展口,我们这次要用到的接口有三个:两个以太(RJ-45网卡)和一个配置口,其英文分别是:ETHERNET0.ETHERNET1和CONSOLE. 先将防火墙固定在机架上,接好电源:用随机带

H3C交换机的配置实例

本实例包括设置安全策略版,通过源IP地址对WEB登录用户进行控制. 托管在IDC机房的网络设备,用于组建服务器集群,构建电子商务系统架构. 网络硬件设备少不了的一种就是交换机.目前用于运行级别的都是网管型交换机.至于牌子方面,主流目前流行的为思科.华为.H3C这几款.相对价格而言,H3C的中型设备性价比普遍高. IDC机房二层交换机常见的有: 思科2960 系列. 思科2950 系列. H3C 3100系列. 常规IDC服务器托管的接入拓扑图: 网络服务商->IDC托管服务商路由设备.三层交换机

Cisco基于策略路由的配置实例

问题描述 您可以定义自己的规则来进行数据包的路由而不仅仅由目的地地址所决定.在这里 您可以学到怎么使用基于策略路由的办法来解决这一问题. 在具体的应用中,基于策略的路由有: ☆ 基于源IP地址的策略路由 ☆ 基于数据包大小的策略路由 ☆ 基于应用的策略路由 ☆ 通过缺省路由平衡负载 这里,讲述了第一种情况的路由策略. 举例 在这个例子中,防火墙的作用是:把10.0.0.0/8内部网地址翻译成可路由的172.16 .255.0/24子网地址. 下面的防火墙配置是为了完整性而加进去的,它不是策略路由

Nginx的常用配置实例

Nginx作为一个HTTP服务器,在功能实现方面和性能方面都表现得非常卓越,完全可以与Apache相媲美,几乎可以实现Apache的所有功能,下面就介绍一些Nginx常用的配置实例,具体包含虚拟主机配置.负载均衡配置.防盗链配置以及日志管理等. 一. 虚拟主机配置实例 下面在Nginx中创建三个虚拟主机,需要说明的是,这里仅仅列出了虚拟主机配置部分. http { server { listen 80; server_name www.domain1.com; access_log logs/d

springmvc与mybatis集成配置实例详解_java

简单之美,springmvc,mybatis就是一个很好的简单集成方案,能够满足一般的项目需求.闲暇时间把项目配置文件共享出来,供大家参看: 1.首先我们来看下依赖的pom: <!-- spring --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <version>${spring.ve

Linux服务器安全配置实例(二)用户账户权限配置

没有绝对的安全 在上一篇文章<linux服务器安全配置实例(一)>中介绍了我对ssh服务的一些常用的安全配置和性能优化. 其实ssh服务是我们进入服务器的一扇大门,这扇大门是提供正常人使用钥匙打开后进屋的.而对于一些恶意的小伙伴,他们会使用一些非法的方式,比如走窗户.暴力开锁等去不经过我们的同意就进屋大肆破坏. 走窗户:通过一些系统的0day漏洞或者第三方服务以及软件的漏洞溢出或者注入,在服务器中运行恶意的代码来得到登陆权限. 暴力开锁:通过一些暴力破解软件,暴力破解我们的ssh服务.网站管理

策略路由之双出口配置实例(1)

策略路由是一种比基于目标网络进行路由更加灵活的数据包路由转发机制.应用了策略路由,路由器将通过路由图决定如何对需要路由的数据包进行处理,路由图决定了一个数据包的下一跳转发路由器. 下面让我们通过一个实验 来看一下双出口配置是怎样的过程.策略路由实验拓朴:498)this.w idth=498;' onmousewheel = 'javascript:return big(this)' class=blogimg alt="" src="http://images.51cto.

《构建高可用VMware vSphere 5.X虚拟化架构》——1.6 ESXi主机配置实例

1.6 ESXi主机配置实例 1.6.1 配置实例一:某中学ESXi主机配置实例 某中学VMware vSphere 5.0虚拟化项目,此项目一共部署了15台ESXi主机,选择的物理服务器是Dell PowerEdge R720(服务器配置见表1-6-1).1.6.2 配置实例二:某软件外包公司ESXi主机的配置实例 某软件外包公司VMware vSphere 5.0虚拟化项目,此项目一共部署了8台ESXi主机,选择的物理服务器是组装服务器(服务器配置见表1-6-2).

Ubuntu系统conky配置实例二则

Ubuntu系统conky配置实例一:&http://www.aliyun.com/zixun/aggregation/37954.html">nbsp; # Conky sample configuration## the list of variables has been removed from this file in favour# of keeping the documentation more maintainable.# Check http://conky.s