author:JevonWei
版权声明:原创作品

  • haproxy配置文档 https://cbonte.github.io/haproxy-dconv/

环境

前端HAProxy 172.16.253.108
后端web1    172.16.253.105
后端web2    172.16.252.1
client      172.16.253.177
安装HAProxy

HAProxy

[root@HAProxy ~]# yum install haproxy -y
[root@HAProxy ~]# rpm -ql haproxy
[root@HAProxy ~]# iptables -F
[root@HAProxy ~]# setenforce 0
[root@HAProxy ~]# systemctl enable haproxy
[root@HAProxy ~]# cp /etc/haproxy/haproxy.cfg{,.bak}
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg

web1

[root@web1 ~]# yum -y install httpd
[root@web1 ~]# vim /var/www/html/index.html 
<h1> Backend Server 1 </h1>
[root@web1 ~]# cd /var/www/html/
[root@web1 html]# for i in {1..10}; do echo "Test Page $i @BES 1" > test$i.html;done
[root@web1 html]# ls
index.php    test1.html  test3.html  test5.html  test7.html  test9.html
index.html  test10.html  test2.html  test4.html  test6.html  test8.html
[root@web1 ~]# systemctl start httpd
[root@web1 ~]# setenforce 0
[root@web1 ~]# iptables -F

web 2

[root@web2 ~]# yum -y install httpd
[root@web2 ~]# vim /var/www/html/index.html 
<h1> Backend Server 2 </h1>
[root@web2 ~]# cd /var/www/html/
[root@web2 html]#  for i in {1..10}; do echo "Test Page $i @BES 1" > test$i.html;done
[root@web2 html]# ls
index.html   test1.html  test3.html  test5.html  test7.html  test9.html
test10.html  test2.html  test4.html  test6.html  test8.html
[root@web2 ~]# service httpd start 
[root@web2 ~]# setenforce 0
[root@web2 ~]# iptables -F
启用HAProxy的日志功能

HAProxy

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    log  127.0.0.1 local2  \\日志的设备管道为local2,需在rsyslog配置文件中定义local2的日志设备
[root@HAProxy ~]# vim /etc/rsyslog.conf     
    $ModLoad imudp  \\启用UDP协议接收日志
    $UDPServerRun 514 \\UDP端口为514
    
    local2.*    /var/log/haproxy.log  \\定义local2日志设备的文件为/var/log/haproxy.log 
[root@HAProxy ~]# systemctl restart rsyslog.service
  • 重新配置frontend和backend字段

配置HAProxy

roundrobin算法 
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb  \\定义HAProxy前段主机为myweb
        bind *:80  \\监听主机上所有IP的80端口
        default_backend websrvs \\默认后端主机为websrvs

    backend websrvs \\定义后端主机组
        balance roundrobin  \\调度算法为动态轮询
        server srv1 172.16.253.105:80 check maxconn 3 \\172.16.253.105:80端口为后端主机srv1,check为检查服务器健康状态,maxconn 3最大并发连接数为3
        server srv2 172.16.252.1:80 check \\定义172.16.252.1为websrv后端主机组中的srv2主机

uri算法
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb  \\定义HAProxy前段主机为myweb
        bind *:80  \\监听主机上所有IP的80端口
        default_backend websrvs \\默认后端主机为websrvs

    backend websrvs \\定义后端主机组
        balance uri \\调度算法为uri
        server srv1 172.16.253.105:80 check maxconn 3 \\172.16.253.105:80端口为后端主机srv1,check为检查服务器健康状态,maxconn 3最大并发连接数为3
        server srv2 172.16.252.1:80 check \\定义172.16.252.1为websrv后端主机组中的srv2主机
        hash-type consistent \\hash算法一致性
        
hdr算法(同一个浏览器访问相同的后端服务器)
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb 
    frontend myweb
        bind *:80
        default_backend websrvs

    backend websrvs
        balance hdr(User-Agent)
        server srv1 172.16.253.105:80 check
        server srv2 172.16.252.1:80 check
        hash-type consistent

[root@HAProxy ~]# systemctl start haproxy
[root@HAProxy ~]# systemctl enable haproxy
[root@HAProxy ~]# ss -tnl  \\80端口以打开

client

访问HAProxy代理服务端

roundrobin算法 
[root@client ~]# for i in {1..10};do curl http://172.16.253.108;done
<h1> Backend Server 1 </h1>
<h1> Backend Server 2 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 2 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 2 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 2 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 2 </h1>

uri算法,consistent hash类型
[root@client ~]# for i in {1..10};do curl 172.16.253.108/test1.html;done
Test Page 1 @BES 1
Test Page 1 @BES 1
Test Page 1 @BES 1
Test Page 1 @BES 1
Test Page 1 @BES 1
Test Page 1 @BES 1
Test Page 1 @BES 1
Test Page 1 @BES 1
Test Page 1 @BES 1
Test Page 1 @BES 1
[root@client ~]# for i in {1..10};do curl 172.16.253.108/test3.html;done
Test Page 2 @BES 1
Test Page 2 @BES 1
Test Page 2 @BES 1
Test Page 2 @BES 1
Test Page 1 @BES 1
启动压缩功能

HAProxy

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg    
    frontend myweb
        bind *:80
        default_backend websrvs
        compression algo gzip \\启动压缩功能,压缩类型为gzip
        compression type text/html text/plainhtml,  application/xml\\压缩文件的类型为文本文件,plainhtml纯文本文件

    backend websrvs
        balance roundrobin
        server srv1 172.16.253.105:80 check
        server srv2 172.16.252.1:80 check
定义check检查的时间间隔
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb
        bind *:80
        default_backend websrvs
    backend websrvs
        balance roundrobin
        # option httpchk \\启用七层代理向主页发送请求
        option httpchk GET /test1.html HTTP/1.0 \\启用七层代理,当使用GET命令,使用HTTP1.0协议向test1.txt页面发送请求时检查页面健康状态
        server srv1 172.16.253.105:80 check inter 3000ms rise 1 fall 2 \\inter定义为每3s检查一次,rise为检查成功一次即为成功,fall为检查失败两次即为故障
        server srv2 172.16.252.1:80 check backup \\backup为备用服务端,当其他主机故障时启用
        
[root@HAProxy ~]# systemctl restart haproxy

web1

后端主机的httpd访问日志中可以看到每隔2秒都有一次主页检查记录日志
[root@web2 ~]# tail -f /var/log/httpd/access_log
实现网页重定向

HAProxy

访问172.16.253.105后端主机srv1的网页将自动跳转到指定的网页,eg redir http://www.baidu.com 跳转到www.baidu.com
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb
        bind *:80
        default_backend websrvs
    backend websrvs
        balance roundrobin
        server srv1 172.16.253.105:80 check inter 3000ms rise 1 fall 2 redir http://www.baidu.com \\将访问172.16.253.105主页面重定向访问www.baidu.com 
        server srv2 172.16.252.1:80 check backup
weight权重选项

HAProxy

root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb
        bind *:80
        default_backend websrvs
    backend websrvs
        balance roundrobin
        server srv1 172.16.253.105:80 check weight 2 \\权重为2
        server srv2 172.16.252.1:80 check weight 1  \\权重为1

client

[root@client ~]# for i in {1..10};do curl 172.16.253.108;done           
<h1> Backend Server 1 </h1>
<h1> Backend Server 2 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 2 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 2 </h1>
<h1> Backend Server 1 </h1>
<h1> Backend Server 1 </h1>
stats 状态页面

HAProxy

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb
        stats enable
        bind *:80
        default_backend websrvs

    backend websrvs
        balance roundrobin
        server srv1 172.16.253.105:80 check weight 2
        server srv2 172.16.252.1:80 check weight 1
[root@HAProxy ~]# systemctl restart haproxy.service

浏览器访问http://172.16.253.108/haproxy?stats
image

  • 自定义stats状态页面的uri路径
    HAProxy

    [root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb
    stats enable
    stats uri /myproxy?admin
    bind *:80
    default_backend websrvs

      backend websrvs
      balance roundrobin
      server srv1 172.16.253.105:80 check weight 2
      server srv2 172.16.252.1:80 check weight 1

    [root@HAProxy ~]# systemctl restart haproxy
    浏览器访问http://172.16.253.108/myproxy?admin

  • stats页面的用户访问控制

HAProxy

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb
        stats enable  \\启用stats
        stats uri /myproxy?admin \\自定义stats页面uri的路径为/myproxy?admin
        stats realm "HAProxy Stats Page" \\认证提示
        stats auth admin:admin \\stats页面用户访问控制,用户admin,密码admin
        bind *:80
        default_backend websrvs

    backend websrvs
        balance roundrobin
        server srv1 172.16.253.105:80 check weight 2
        server srv2 172.16.252.1:80 check weight 1
[root@HAProxy ~]# systemctl restart haproxy

浏览器输入http://172.16.253.108/myproxy?admin访问
image

  • 启用stats的管理功能

HAProxy

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb *:80
        stats enable  \\启用stats
        stats uri /myproxy?admin \\自定义stats页面uri的路径为/myproxy?admin
        stats realm "HAProxy Stats Page" \\认证提示
        stats auth admin:admin \\stats页面用户访问控制,用户admin,密码admin
        stats admin if TRUE \\总是允许访问stats的用户管理stats页面
        default_backend websrvs
    backend websrvs
        balance roundrobin
        server srv1 172.16.253.105:80 check weight 2
        server srv2 172.16.252.1:80 check weight 1
[root@HAProxy ~]# systemctl restart haproxy

浏览器访问http://172.16.253.108/myproxy?admin
image

  • 单独定义stats的管理页面

HAProxy

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb
        bind *:80
        default_backend websrvs
    
    backend websrvs
        balance roundrobin
        server srv1 172.16.253.105:80 check weight 2
        server srv2 172.16.252.1:80 check weight 1
    listen stats
        bind *:9000 \\定义stats页面的监听端口为9000
        stats enable \\开启stats状态界面
        stats uri /myproxy?admin \\自定义stats的uri路径
        stats realm "HAProxy Stats Page" \\stats页面的提示信息
        stats auth admin:admin \\ststs状态界面的admin用户认证
        stats admin if TRUE  \\允许所有登录stats的用户管理stats界面
        
[root@HAProxy ~]# systemctl restart haproxy

浏览器访问http://172.16.253.108/myproxy?admin
image
image
字段|含义
-- | --
Queue|队列
Session rate | 会话速率
Sessions | 所有会话
Bytes | 传输字节
Denled|拒绝的
Error|错误的
Warnings|警告
Server|后端服务器

server 字段含义
StatusServer的状态
LastCHK显示httd的是四层检查还是七层检查
Wght权重
Act活动主机数量
Bck备用主机数量
Chk失败检测次数
Dwn离线主机数量
Dwntme主机离线时间
定义haproxy的工作模式为tcp,实现layer4层代理

HAProxy

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    listen sshsrvs
        mode tcp
        bind *:2222
        balance leastconn
        server sshsrv1 172.16.253.105:22 check
        server sshsrv2 172.16.252.1:22 check
[root@HAProxy ~]# systemctl restart haproxy.service

client

[root@client ~]# ssh root@172.16.253.108 -p 2222
设置cookie

HAProxy

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb *:80
        default_backend websrvs
    backend websrvs
        cookie WEBSRV insert indirect nocache \\WEBSRV为自定义的cookie键名
        balance roundrobin
        server srv1 172.16.253.105:80 check weight 2 cookie srv1 \\srv1为自定义的srv1服务器的cookie信息
        server srv2 172.16.252.1:80 check weight 1 cookie srv2 \\srv2为自定义的srv2服务器的cookie信息

client

[root@client ~]# curl -I 172.16.253.108
HTTP/1.1 200 OK
Date: Fri, 26 May 2017 03:30:41 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 25 May 2017 11:26:46 GMT
ETag: "40801-1c-550577f03843e"
Accept-Ranges: bytes
Content-Length: 28
Content-Type: text/html; charset=UTF-8
Set-Cookie: WEBSRV=srv2; path=/  \\Cookie信息为WEBSRV=srv2
Cache-control: private

[root@client ~]# curl -I 172.16.253.108/test3.html
HTTP/1.1 200 OK
Date: Tue, 29 Aug 2017 04:41:00 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Mon, 28 Aug 2017 14:02:09 GMT
ETag: "13-557d0bda20453"
Accept-Ranges: bytes
Content-Length: 19
Content-Type: text/html; charset=UTF-8
Set-Cookie: WEBSRV=srv1; path=/  \\Cookie信息为WEBSRV=srv1
Cache-control: private
forwardfor请求报文首部信息

HAProxy

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    defaults
        option forwardfor       except 127.0.0.0/8 if-none  
            除了本机127.0.0.0/8发出去的请求报文不予添加X-Forwarded-For信息,其他报文都要判断是否含有X-Forwarded-For信息,若没有,则添加X-Forwarded-For信息

web1

[root@web1 ~]# vim /etc/httpd/conf/httpd.conf  \\修改日志记录格式如下
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
[root@web1 ~]# systemctl restart rsyslog
errorfile错误本地文件路径

HAProxy

[root@HAProxy ~]# mkdir /etc/haproxy/errorfile
[root@HAProxy ~]# vim /etc/haproxy/errorfile/403.html
    Forbidden,No way;

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb *:80
        default_backend websrvs

    backend websrvs
        errorfile 403 /etc/haproxy/errorfile/403.html
        balance roundrobin
        server srv1 172.16.253.105:80 check weight 2 cookie srv1
        server srv2 172.16.252.1:80 check weight 1 cookie srv2
errorloc错误网页url重定向到本地的web

HAProxy服务端安装nginx服务

[root@HAProxy ~]# yum -y install nginx
[root@HAProxy ~]# vim /etc/nginx/conf.d/errserver.conf
    server {
        listen 10080;
        server_name error.danran.com;
        root /data/nginx/errorhtml;
    }
[[root@HAProxy ~]# mkdir -pv /data/nginx/errorhtml
[root@HAProxy ~]# vim /data/nginx/errorhtml/403.html
    403 from nginx

[root@HAProxy ~]# vim /etc/nginx/nginx.conf  
    server {
        listen       8089 default_server;
    } \\默认80端口与HAYproxy冲突,故修改nginx的默认端口
[root@HAProxy ~]# systemctl start nginx

配置error错误网页重定向到本地web服务

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb *:80
        default_backend websrvs

    backend websrvs
        errorloc 403 http://172.16.253.108:10080/403.html
        balance roundrobin
        server srv1 172.16.253.105:80 check weight 2 cookie srv1
        server srv2 172.16.252.1:80 check weight 1 cookie srv2
[root@HAProxy ~]# systemctl restart haproxy
reqadd添加请求报文首部信息

HAYproxy

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb *:80
        default_backend websrvs
    backend websrvs
        reqadd X-Proxy-By:\ HAProxy
        balance roundrobin
        server srv1 172.16.253.105:80 check weight 2 
        server srv2 172.16.252.1:80 check weight 1
[root@HAProxy ~]# systemctl restart haproxy

web1

[root@web1 ~]# vim /etc/httpd/conf/httpd.conf
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{X-Proxy-By}i" combined
[root@web1 ~]# systemctl restart rsyslog 

通过访问HAYproxy代理服务器查看web1的访问日志信息
rspadd添加响应报文首部信息

HAYproxy

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb *:80
        default_backend websrvs
    backend websrvs
        rsqadd X-Proxy-By:\ HAProxy-1.5
        balance roundrobin
        server srv1 172.16.253.105:80 check weight 2 
        server srv2 172.16.252.1:80 check weight 1
[root@HAProxy ~]# systemctl restart haproxy
rspidel删除响应报文的指定信息

HAYproxy

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb *:80
        default_backend websrvs
    backend websrvs
        rspidel ^Server:.* \\删除响应报文中Server开头的信息
        balance roundrobin
        server srv1 172.16.253.105:80 check weight 2 
        server srv2 172.16.252.1:80 check weight 1
[root@HAProxy ~]# systemctl restart haproxy

基于ACL做访问控制(四层代理)

网络拓扑
image
环境

前端HAProxy 172.16.253.108
后端web1    172.16.253.105
后端web2    172.16.252.1
client      172.16.253.177
安装HAProxy

HAProxy

[root@HAProxy ~]# yum install haproxy -y
[root@HAProxy ~]# rpm -ql haproxy
[root@HAProxy ~]# iptables -F
[root@HAProxy ~]# setenforce 0
[root@HAProxy ~]# systemctl enable haproxy
[root@HAProxy ~]# cp /etc/haproxy/haproxy.cfg{,.bak}
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg

web1

[root@web1 ~]# yum -y install httpd
[root@web1 ~]# vim /var/www/html/index.html 
<h1> Backend Server 1 </h1>
[root@web1 ~]# systemctl start httpd
[root@web1 ~]# setenforce 0
[root@web1 ~]# iptables -F

web 2

[root@web2 ~]# yum -y install httpd
[root@web2 ~]# vim /var/www/html/index.html 
<h1> Backend Server 2 </h1>
[root@web2 ~]# service httpd start 
[root@web2 ~]# setenforce 0
[root@web2 ~]# iptables -F
  • block阻塞主机访问

172.16.251.196用户访问stats状态界面,并显示错误网页http://172.16.253.108:10080/403.html

HAProxy

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb *:80
        default_backend websrvs

    backend websrvs
        balance roundrobin
        server srv1 172.16.253.105:80 check weight 2
        server srv2 172.16.252.1:80 check weight 1
    listen stats
        bind *:9000
        acl allowstats src 172.16.251.196
        block if allowstats  \\阻塞allowstats中的IP访问stats界面
        errorloc 403 http://172.16.253.108:10080/403.html
        stats enable
        stats uri /myproxy?admin
        stats realm "HAProxy Stats Page"
        stats auth admin:admin
        stats admin if TRUE
[root@HAProxy ~]# systemctl restart haproxy

访问测试

172.16.251.196使用浏览器访问测试http://172.16.253.108:10080/403.html
  • http-request允许某主机访问stats状态界面

允许172.16.251.196用户访问http://172.16.253.108服务器的HAProxy的状态界面

HAProxy

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb *:80
        default_backend websrvs

    backend websrvs
        balance roundrobin
        server srv1 172.16.253.105:80 check weight 2
        server srv2 172.16.252.1:80 check weight 1
    listen stats
        bind *:9000
        acl allowstats src 172.16.251.196
        # http-request allow if allowstats  \\允许allowstats中的IP访问stats状态界面
        http-request deny  unless allowstats \\除了allowstats之外全部拒绝访问,即仅允许allowstats访问
        # http-request deny if allowstats \\拒绝allowstats访问
        errorloc 403 http://172.16.253.108:10080/403.html \\错误网页文件
        stats enable
        stats uri /myproxy?admin
        stats realm "HAProxy Stats Page"
        stats auth admin:admin
        stats admin if TRUE
[root@HAProxy ~]# systemctl restart haproxy

访问测试

图形化浏览器
    172.16.251.196使用浏览器访问测试http://172.16.253.108:10080/403.html    
字符界面 
    [root@client ~]# curl --basic --user admin:admin http://172.16.253.108:9000/myproxy?admin

基于ACL做访问控制(七层代理)

动态网页存放在动态服务器组中,静态网页存放在静态服务器组中

拓扑环境
image
环境

前端HAProxy 172.16.253.108
后端web1    172.16.253.105
后端web2    172.16.253.191
client      172.16.253.177
  • web1使用虚拟主机技术搭建两个web server,用来存放动态网页内荣容
  • web2使用虚拟主机搭建两个web server用来替代静态网页内容

web1创建虚拟主机

[root@web1 ~]# yum -y install php httpd
[root@web1 ~]# mkdir /data/web/vhost{1,2} -pv
[root@web1 ~]# vim /data/web/vhost1/index.php
<h1> Application Server 1</h1>
<?php
    phpinfo();
?>
[root@web1 ~]# vim /data/web/vhost2/index.php
<h1> Application Server 2</h1>
<?php
    phpinfo();
?>

虚拟主机1的配置文件
[root@web1 ~]# vim /etc/httpd/conf.d/vhost1.conf \\编辑vhost1虚拟主机的配置文件
<VirtualHost *:80>
    ServerName www1.danran.com
    DocumentRoot "/data/web/vhost1"
    <Directory "/data/web/vhost1">
            Options FollowSymLinks \\允许使用连接文件目录
            AllowOverride None \\不允许其他配置文件覆盖此文件中的设置
            Require all granted
    </Directory>
</VirtualHost>

虚拟主机2的配置文件
[root@web1 ~]# vim /etc/httpd/conf.d/vhost2.conf
[root@web1 ~]# vim /etc/httpd/conf.d/vhost2.conf
Listen 8080
<VirtualHost *:8080>
    ServerName www2.danran.com
    DocumentRoot "/data/web/vhost2"
    <Directory "/data/web/vhost2">
            Options FollowSymLinks
            AllowOverride None
            Require all granted
    </Directory>
</VirtualHost>

[root@web1 ~]# systemctl restart httpd.service 
[root@web1 ~]# ss -ntl

web2创建虚拟主机

[root@web2 ~]# yum -y install httpd
[root@web2 ~]# mkdir -pv /data/web/vhost{1,2}
[root@web2 ~]# find /usr/share/ -iname "*.jpg" -exec cp {} /data/web/vhost1/ \;
[root@web2 ~]# find /usr/share/ -iname "*.jpg" -exec cp {} /data/web/vhost2/ \;
[root@web2 ~]# vim /data/web/vhost1/index.html
<h1> Image Server 1 </h1>
[root@web2 ~]# vim /data/web/vhost2/index.html
<h1> Image Server 2 </h1>

编辑虚拟主机1的配置文件
[root@web2 ~]# vim  /etc/httpd/conf.d/vhost1.conf 
<VirtualHost *:80>
    ServerName www1.danran.com
    DocumentRoot "/data/web/vhost1"
    <Directory "/data/web/vhost1">
            Options FollowSymLinks
            AllowOverride None
            Require all granted
    </Directory>
</VirtualHost>

编辑虚拟主机2的配置文件
[root@web2 ~]# vim  /etc/httpd/conf.d/vhost2.conf 
Listen 8080
<VirtualHost *:8080>
    ServerName www2.danran.com
    DocumentRoot "/data/web/vhost1"
    <Directory "/data/web/vhost1">
            Options FollowSymLinks
            AllowOverride None
            Require all granted
    </Directory>
</VirtualHost>

[root@web2 ~]# systemctl start httpd.service

HAProxy

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb *:80
        cookie WEBSRV indirect nocache
        acl static path_end .jpg .jpeg .png .gif .txt .html \\定义ACL的组static以.jpg .jpeg .png .gif .txt .html结尾的文件
        use_backend staticsrvs  if static  \\当符合条件时使用static主机组
        default_backend dynsrvs  \\当不符合use_bckend条件时使用默认default_backend主机组

        backend dynsrvs \\定义动态主机组
            balance roundrobin
            server dynsrv1 172.16.253.105:80 check cookie dynsrv1
            server dynsrv2 172.16.253.105:8080 check cookie dynsrv2
        backend staticsrvs  \\定义静态主机组
            balance roundrobin
            server staticsrv1 172.16.253.191:80 check
            server staticsrv2 172.16.253.191:8080 check
[root@HAProxy ~]# systemctl restart haproxy

client

[root@client ~]# curl http://172.16.253.108/index.html
<h1> Image Server 1 </h1>
[root@client ~]# curl http://172.16.253.108/index.html
<h1> image Server 2 </h1>
[root@client ~]# curl http://172.16.253.108/index.php
<h1> Application Server 2</h1>
[root@client ~]# curl http://172.16.253.108/index.php
<h1> Application Server 2</h1>
拒绝curl访问web

HAProxy

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb *:80
        cookie WEBSRV indirect nocache
        acl static path_end .jpg .jpeg .png .gif .txt .html \\定义ACL的组static以.jpg .jpeg .png .gif .txt .html结尾的文件
        use_backend staticsrvs  if static  \\当符合条件时使用static主机组
        default_backend dynsrvs  \\当不符合use_bckend条件时使用默认default_backend主机组
        acl bad_browsers hdr_reg(User-Agent) .*curl.* \\定义请求报文中包含curl的ACL组为bad_browsers
        block if bad_browsers \\阻塞bad_browsers组的访问

        backend dynsrvs \\定义动态主机组
            balance roundrobin
            server dynsrv1 172.16.253.105:80 check cookie dynsrv1
            server dynsrv2 172.16.253.105:8080 check cookie dynsrv2
        backend staticsrvs  \\定义静态主机组
            balance roundrobin
            server staticsrv1 172.16.253.191:80 check
            server staticsrv2 172.16.253.191:8080 check
[root@HAProxy ~]# systemctl restart haproxy

client

[root@client ~]# curl http://172.16.253.108/index.html
<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>

定义仅允许danran.com域内的的主机访问

HAProxy

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend myweb *:80
        cookie WEBSRV indirect nocache
        acl static path_end .jpg .jpeg .png .gif .txt .html \\定义ACL的组static以.jpg .jpeg .png .gif .txt .html结尾的文件
        use_backend staticsrvs  if static  \\当符合条件时使用static主机组
        default_backend dynsrvs  \\当不符合use_bckend条件时使用默认default_backend主机组
        acl valid_referers hdr_reg(Referer) \.danran\.com
        block unless valid_referers \\阻塞除了valid_referers组之外的所有人的访问

        backend dynsrvs \\定义动态主机组
            balance roundrobin
            server dynsrv1 172.16.253.105:80 check cookie dynsrv1
            server dynsrv2 172.16.253.105:8080 check cookie dynsrv2
        backend staticsrvs  \\定义静态主机组
            balance roundrobin
            server staticsrv1 172.16.253.191:80 check
            server staticsrv2 172.16.253.191:8080 check
[root@HAProxy ~]# systemctl restart haproxy

client

模拟www.danran.com主机访问
[root@client ~]# curl -e "http://www.danran.com/index.php" http://172.16.253.108/index.php 
<h1> Application Server 2</h1>

转载于:https://www.cnblogs.com/JevonWei/p/7468476.html

# 开发工具 # 后端 # php
Logo
AtomGit 开源协作平台测评赛

瓜分20万奖金 获得内推名额 丰厚实物奖励 易参与易上手

更多推荐

ADS1292R 使用 过程 心电图 高精度ADC模块

文章目录1 Fundamentals ofPrecision ADC Noise Analysis 精密模数转换器噪声分析基础1 Fundamentals ofPrecision ADC Noise Analysis 精密模数转换器噪声分析基础https://www.ti.com.cn/cn/lit/wp/slyy192/slyy192.pdf?ts=1600659610730&ref_u

avatar 开放原子开发者工作坊
cover

实现一个家庭安防与环境监测系统(一)

avatar 开放原子开发者工作坊

【cf】Codeforces Round #774 (Div. 2) 前4题

题目A. Square Counting 简单数学题目大意题解代码B. Quality vs Quantity 排序题目大意题解代码C. Factorials and Powers of Two 状态压缩dp+位运算题目大意题解代码D. Weight the Tree 树形dp+dfs题目大意题解代码E. Power Board 看起来像是数论?许多年没打cf了,偶尔打了一盘,恢复紫名了。A. S

avatar 开放原子开发者工作坊