HAProxy 範例
HAProxy 是在 Linux 中執行的免費負載平衡器。它的功能非常強大,且支援現成的監視功能。
如需有關其組態的資訊,請參閱 https://cbonte.github.io/haproxy-dconv/2.0/configuration.html
全域設定
全域設定會套用至前端與後端伺服器,且通常可以略過。
例如:
#--------------------------------------------------------------------- #
Global settings
#---------------------------------------------------------------------
global
# setup logging and force level to debug. Logs require rsyslog be setup.
chroot /var/lib/haproxy
log /dev/log local0 debug
# maximum number of connections allowed
maxconn 10000
# turn on stats unix socket
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
# user and group haproxy will run as
user haproxy
group haproxy
預設設定
這些設定適用於後端伺服器的預設組態。
log
使用在「全域設定」中配置的記錄。
mode
決定如何剖析請求。在此範例中,我們使用 http 處理。
option
例如:
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
default-server init-addr last,libc,none
log global
mode http
option httplog
option redispatch
option forwardfor
timeout connect 10s
timeout client 60s
timeout server 60s
timeout tunnel 1h
FrontEnd 設定
這是所有應用程式都會經過的前端。它包含決定使用哪個後端伺服器處理傳入請求的路由規則。
bind
指示將接收傳入請求的埠。
capture
將工作階段 ID cookie 包含在 HAProxy http 請求記錄中。
acl
根據檢查的條件建立變數。例如,-i -m beg <string> 會檢查以 <string> 開頭的 URI。
use_backend
根據變數的 true 或 false 值,路由至後端伺服器的特定群組。
default
在不符合其他規則的情況下使用的後端。
例如:
#---------------------------------------------------------------------
# FrontEnd Configuration
#---------------------------------------------------------------------
frontend ft_web
bind *:8080 name web
# log the session cookie if passed
capture cookie JSESSIONID= len 32
## path based routing to connection server
acl path_cxserver path -i -m beg /Thingworx/WS
acl path_tunnelserver path -i -m beg /Thingworx/WSTunnelServer
acl path_tunnelclient path -i -m beg /Thingworx/WSTunnelClient
use_backend cxserver if path_cxserver or path_tunnelserver or path_tunnelclient

# default traffic to platform
default_backend platform
ThingWorx Flow 的範例
#---------------------------------------------------------------------
# FrontEnd Configuration
#---------------------------------------------------------------------
frontend ft_web
bind *:8443 ssl crt /certs/haproxy.pem name sslweb
# log the session cookie if passed
capture cookie JSESSIONID= len 32
##path based routing to ThingWorx Flow
acl p_flow1 path -i -m beg /Thingworx/Composer/apps/flow
acl p_flow2 path -i -m beg /Thingworx/Flow
acl p_flow3 path -i -m beg /Thingworx/Triggers
acl p_flow4 path -i -m beg /Thingworx/Lookups
acl p_flow5 path -i -m beg /Thingworx/Oauths
acl p_flow6 path -i -m beg /Thingworx/Subsystems/EventProcessingSubsystem/Subscriptions
acl p_flow7 path -i -m beg /enterprise/v1/fetchconfig
use_backend flow if p_flow1 or p_flow2 or p_flow3 or p_flow4 or p_flow5 or p_flow6 or p_flow7
BackEnd 平台設定
後端是一組伺服器,可處理從前端傳遞的請求以及任何特定組態。
balance
負載平衡演算法。預設會循環配置資源,如此會遍歷可用伺服器,以取得下一個可用連線。
cookie
插入負載平衡器用來將未來請求路由至相同伺服器的 cookie。
例如:
#---------------------------------------------------------------------
# BackEnd Platform Configuration
#---------------------------------------------------------------------
backend platform
balance roundrobin
# sticky sessions
cookie SERVER insert indirect nocache
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
# health check
option httpchk GET /Thingworx/health
# configure platform instances
server platform1 10.0.10.10:8080 check inter 1000 fastinter 1000 cookie twx1
server platform2 10.0.10.11:8080 check inter 1000 fastinter 1000 cookie twx2
ThingWorx Flow 的範例
#---------------------------------------------------------------------
# BackEnd Flow Configuration
#---------------------------------------------------------------------
backend flow
balance source

option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }

# configure flow instances
server nginx {nginx_ip}:443 check ssl verify none
BackEnd Connection Server 設定
範例:
#---------------------------------------------------------------------
# BackEnd Connection Server Configuration
#---------------------------------------------------------------------
backend cxserver
balance source
#hash-type consistent
option httpchk GET /
# configure connection server instances
server cxserver1 10.0.10.20:8080 check port 9009
server cxserver2 10.0.10.21:8080 check port 9009
監視
HAProxy 有一個可用來檢視流量流程的監視 UI。您可以配置傳入埠與選用認證。
#---------------------------------------------------------------------
#HAProxy Monitoring Config
#---------------------------------------------------------------------
listen stats
bind *:1936
mode http
option forwardfor
option httpclose
stats enable
stats uri /
stats refresh 5s
stats show-legends
stats realm Haproxy\ Statistics
完整範例
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# setup logging and force level to debug. Logs require rsyslog be setup.
chroot /var/lib/haproxy
log /dev/log local0 debug
# maximum number of connections allowed
maxconn 10000
# turn on stats unix socket
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
# user and group haproxy will run as
user haproxy
group haproxy
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
default-server init-addr last,libc,none
log global
mode http
option httplog
option redispatch
option forwardfor
timeout connect 10s
timeout client 60s
timeout server 60s
timeout tunnel 1h
#---------------------------------------------------------------------
# FrontEnd Configuration
#---------------------------------------------------------------------
frontend ft_web
bind *:8080 name web
# log the session cookie if passed
capture cookie JSESSIONID= len 32
## path based routing to connection server
acl path_cxserver path -i -m beg /Thingworx/WS
acl path_tunnelserver path -i -m beg /Thingworx/WSTunnelServer
acl path_tunnelclient path -i -m beg /Thingworx/WSTunnelClient
use_backend cxserver if path_cxserver or path_tunnelserver or path_tunnelclient
# default traffic to platform
default_backend platform
#---------------------------------------------------------------------
# BackEnd Platform Configuration
#---------------------------------------------------------------------
backend platform
balance roundrobin
# sticky sessions
cookie SERVER insert indirect nocache
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
# health check
option httpchk GET /Thingworx/health
# configure platform instances
server platform1 10.0.10.10:8080 check inter 1000 fastinter 1000" cookie twx1
server platform2 10.0.10.11:8080 check inter 1000 fastinter 1000" cookie twx2
#---------------------------------------------------------------------
# BackEnd Connection Server Configuration
#---------------------------------------------------------------------
backend cxserver
balance source
#hash-type consistent
option httpchk GET /
# configure connection server instances
server cxserver1 10.0.10.20:8080 check port 9009
server cxserver2 10.0.10.21:8080 check port 9009
#---------------------------------------------------------------------
#HAProxy Monitoring Config
#---------------------------------------------------------------------
listen stats
bind *:1936
mode http
option forwardfor
option httpclose
stats enable
stats uri /
stats refresh 5s
stats show-legends
stats realm Haproxy\ Statistics
這是否有幫助?