CentOS 7 : Install HAProxy Load Balancer by Apache and MariaDB

流程參考網誌

yum install haproxy wget gcc pcre-static pcre-devel mariadb-client -y

#新增相關的電腦名稱及對應IP
vi /etc/hosts

#在目標DB建立使用者_應用於balance source
CREATE USER 'haAccount'@'10.1.0.X';
flush privileges;

vi /etc/haproxy/haproxy.cfg 參考網誌

defaults
    mode                    tcp
    log                     global
    timeout http-request    5s
    timeout queue           1m
    timeout connect         5s
    timeout client          30s
    timeout server          30s
    timeout http-keep-alive 10s
    timeout check           10s

#WebServer
frontend ft_web
  bind 0.0.0.0:80

  # Use General Purpose Couter (gpc) 0 in SC1 as a global abuse counter
  # Monitors the number of request sent by an IP over a period of 10 seconds
  stick-table type ip size 1m expire 10s store gpc0,http_req_rate(10s)
  tcp-request connection track-sc1 src
  tcp-request connection reject if { src_get_gpc0 gt 0 }

  # Split static and dynamic traffic since these requests have different impacts on the servers
  use_backend bk_web_static if { path_end .jpg .png .gif .css .js }

  default_backend bk_web

# Dynamic part of the application

backend bk_web

  balance roundrobin

  cookie MYSRV insert indirect nocache

  # If the source IP sent 10 or more http request over the defined period,

  # flag the IP as abuser on the frontend

  acl abuse src_http_req_rate(ft_web) ge 10

  acl flag_abuser src_inc_gpc0(ft_web)

  tcp-request content reject if abuse flag_abuser

  server WWW1 10.1.0.1:80 check cookie TibSrv maxconn 100

  server WWW2 10.1.0.2:80 check cookie SNS maxconn 100

# Static objects

backend bk_web_static

  balance roundrobin

  server WWW1 10.1.0.1:80 check maxconn 1000

  server WWW2 10.1.0.2:80 check maxconn 1000

#DB Server
listen garlera 0.0.0.0:3306
     balance leastconn
     mode tcp
     option tcpka
     option mysql-check user haAccount
     server DB1 10.1.0.3:3306 check weight 1
     server DB2 10.1.0.4:3306 check weight 1

## HAProxy stats web gui running on port 9000 - username and password: howtoforge.
## url http://X.X.X.X:9000/stats
listen stats 0.0.0.0:9000
        mode http
        stats enable
        stats uri /stats
        stats realm HAProxy\ Statistics
        stats auth howtoforge:howtoforge
        stats admin if TRUE

設定開機啟動
systemctl enable haproxy

啟動服務
systemctl start haproxy

檢查服務狀態
systemctl status haproxy

#備忘...

1. 防火牆記得開
systemctl start firewalld
firewall-cmd --permanent --add-port=9000/tcp
firewall-cmd --permanent --add-port=3306/tcp
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --reload

2. 檢查Selinux設定
特徵~CI連線時只有localhost可連其餘的都被擋掉就是它的關係了...
暫時關閉指令 setenforce 0
永久關閉就去改成disable即可

3. 目標電腦連線檢查
ssh account@IPAddr

4. 服務是否運作
netstat -ant

5. 時區...將資料匯入後發現都差8小時，要記得改timezone
指令 timedatectl set-timezone Asia/Taipei