官方網站:
以下為自行編譯版:
1. install haproxy
wget http://www.haproxy.org/download/2.0/src/haproxy-2.0.12.tar.gz
tar -xvpf haproxy-2.0.12.tar.gz
cd haproxy-2.0.12
# make TARGET=linux-glibc ARCH=x86_64 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1 \ PREFIX=/usr/local/haproxy
# make install PREFIX=/usr/local/haproxy
# cp -vR examples/errorfiles /usr/local/haproxy/
2. 系統log
# vim /etc/rsyslog.conf
remove #
$ModLoad imudp
$UDPServerRun 514
add:
$AllowedSender UDP, 127.0.0.1
local2.* /var/log/haproxy.log
systemctl restart rsyslog
== UPDATE: ==
以上方法若不行,可嘗試以下方式:
範例: log 存放在 /haproxy_log
vim /etc/rsyslog.d/haproxy.conf
# .. otherwise consider putting these two in /etc/rsyslog.conf instead: $ModLoad imudp $UDPServerAddress 127.0.0.1 $UDPServerRun 514 # ..and in any case, put these two in /etc/rsyslog.d/49-haproxy.conf: local2.* -/haproxy_log/haproxy.log & ~ # & ~ means not to put what matched in the above line anywhere else for the rest of the rules # https://serverfault.com/questions/21
vim /etc/logrotate.d/haproxy
/haproxy_log/haproxy*.log {
daily
rotate 200
missingok
notifempty
compress
sharedscripts
postrotate
/usr/bin/systemctl restart rsyslog
endscript
}3. 調整cfg檔:
# mkdir /usr/local/haproxy/conf
# vim /usr/local/haproxy/conf/haproxy.cfg
內容整個貼上:
global
log 127.0.0.1 local2 info
chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid
maxconn 4096
#user haproxy
#group haproxy
daemon
stats timeout 2m
nbproc 1
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 51200
backend m2k
balance roundrobin
# mode tcp
mode http
# server m2k1 172.16.233.122 source ${frontend_ip} check
server m2k1 172.16.233.122:80 check
server m2k2 172.16.233.123:80 check
# source 0.0.0.0 usesrc client
timeout connect 10s
timeout server 1m
option httpchk #每兩秒檢查一次
#option forwardfor
frontend m2k
# bind *:25 name SMTP
# bind *:465 name SMTPs
bind *:80
bind *:443
# mode tcp
mode http
# option tcplog
option httplog
default_backend m2k
timeout client 1m
# option forwardfor
# stats UI
listen stats
mode http
bind 0.0.0.0:9000
maxconn 10
stats enable
stats refresh 10s
stats uri /haproxystats
stats hide-version
stats realm Haproxy\ Statistics
stats auth admin:openfind
bind-process 1
stats admin if TRUE
errorfile 400 /usr/local/haproxy/errorfiles/400.http
errorfile 403 /usr/local/haproxy/errorfiles/403.http
errorfile 408 /usr/local/haproxy/errorfiles/408.http
errorfile 500 /usr/local/haproxy/errorfiles/500.http
errorfile 502 /usr/local/haproxy/errorfiles/502.http
errorfile 503 /usr/local/haproxy/errorfiles/503.http
errorfile 504 /usr/local/haproxy/errorfiles/504.http
4.
# mkdir /etc/haproxy/
# ln -s /usr/local/haproxy/conf/haproxy.cfg /etc/haproxy/haproxy.cfg
# ln -s /usr/local/haproxy/sbin/haproxy /usr/sbin/haproxy
# /usr/local/haproxy/sbin/haproxy -c -V -f /etc/haproxy/haproxy.cfg
Configuration file is valid
# cp /home/webmail/haproxy-2.0.12/examples/haproxy.init /etc/rc.d/init.d/haproxy
# chmod +x /etc/rc.d/init.d/haproxy
# chkconfig --add haproxy
# chkconfig haproxy on
# systemctl start haproxy
# systemctl status haproxy
5. UI info:
2020.01.21 補充:
see client real IP:
Mail2000:
1.確認有無該module:
ls -al /webmail/httpd/modules/*remo*
2. /webmail/httpd/conf/httpd.conf
2.1. add
LoadModule remoteip_module modules/mod_remoteip.so
2.2.
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
改成
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
PS:
http://httpd.apache.org/docs/current/mod/mod_log_config.html#formats
2.3. add
<IfModule remoteip_module>
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 172.16.233.0/24
</IfModule>
PS.
RemoteIPInternalProxy 為 Linode Node Balancer 用的區網IP位址
2.4. then restart httpd
==================================================
以下為舊版YUM版(版本較舊):
# yum istall haproxy
# /etc/init.d/haproxy status
# cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main *:5000
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
server app1 127.0.0.1:5001 check
server app2 127.0.0.1:5002 check
server app3 127.0.0.1:5003 check
server app4 127.0.0.1:5004 checkmode tcp no option http-server-close balance roundrobin option smtpchk HELO mail.terlisten-consulting.de server mail1 192.168.200.107:25 send-proxy check server mail2 192.168.200.108:25 send-proxy check
The “send-proxy” parameter ensures, that the incoming IP address is forwarded to the servers behind the load balancer. This is important if you use Greylisting or real-time blacklists on your MTA or mail server.
參考:
https://www.haproxy.com/blog/efficient-smtp-relay-infrastructure-with-postfix-and-load-balancers/
https://blog.toright.com/posts/3967/%E5%AF%8C%E4%BA%BA%E7%94%A8-l4-switch%EF%BC%8C%E7%AA%AE%E4%BA%BA%E7%94%A8-linux-haproxy%EF%BC%81.html
http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#option spop-check
https://blog.longwin.com.tw/2009/03/haproxy-ha-load-balance-2009/
https://dotblogs.com.tw/ricochen/2018/04/14/155828 <---蠻有用!