在此前的几篇文章在中,简单的记录了haproxy在1.9之后的一些变化(部分来自谷歌翻译),这其中包括多线程,Runtime API, ACL,配置文件,以及日志和统计页面和map。
在这篇文章中,我将简单叙述haproxy的docker配置,我重构了haproxy的docker配置,作为简单的使用中,可以重载配置文件。这借用了supervisor与inotifywait的配置。一旦配置文件发生改变,就会自动进行reload
Dockerfile
我们在原本的dockerfile中安装inotify-tools supervisor socat。并且创建用户和编译halog,如果你阅读过此前的文章,相信你已经知道这些的作用了
FROM alpine:3.9
ENV HAPROXY_VERSION 1.9.8
ENV HAPROXY_URL https://www.haproxy.org/download/1.9/src/haproxy-1.9.8.tar.gz
ENV HAPROXY_SHA256 2d9a3300dbd871bc35b743a83caaf50fecfbf06290610231ca2d334fd04c2aee
ENV USER=haproxy
ENV USID=401
# entrypoint.sh start scripts And supervisord.conf file
ADD entrypoint.sh /bin/entrypoint.sh
ADD supervisord.conf /etc/supervisord.conf
# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments
RUN set -x
&& apk add --no-cache --virtual .build-deps
ca-certificates
gcc
libc-dev
linux-headers
lua5.3-dev
make
openssl
openssl-dev
pcre-dev
readline-dev
tar
zlib-dev
py-pip
&& addgroup -g ${USID} -S ${USER}
&& adduser -HDu ${USID} -s /sbin/nologin -g 'haproxy server' -G ${USER} ${USER}
&& wget -O haproxy.tar.gz "$HAPROXY_URL"
&& echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c
&& mkdir -p /usr/src/haproxy /usr/local/haproxy /var/run
&& tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1
&& rm haproxy.tar.gz
&& makeOpts='
TARGET=linux2628
USE_LUA=1 LUA_INC=/usr/include/lua5.3 LUA_LIB=/usr/lib/lua5.3
USE_GETADDRINFO=1
USE_OPENSSL=1
USE_PCRE=1 PCREDIR=
USE_ZLIB=1
PREFIX=/usr/local/haproxy
'
&& make -C /usr/src/haproxy -j "$(getconf _NPROCESSORS_ONLN)" all $makeOpts
&& make -C /usr/src/haproxy install-bin $makeOpts
&& make -C /usr/src/haproxy/contrib/halog halog
&& mkdir -p /usr/local/etc/haproxy
&& cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors
&& cp /usr/src/haproxy/contrib/halog/halog /bin/halog
&& rm -rf /usr/src/haproxy
&& ln -s /usr/local/haproxy/sbin/haproxy /bin/haproxy
&& runDeps="$(
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local
| tr ',' 'n'
| sort -u
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }'
)"
&& apk add --virtual .haproxy-rundeps $runDeps inotify-tools supervisor socat bash
&& pip install supervisor-stdout
&& apk del .build-deps
&& rm -rf /var/cache/apk/*
&& chmod +x /bin/entrypoint.sh
ENTRYPOINT ["entrypoint.sh"]Supervisord
在Supervisord守护进程中,使用-w -s启动
command=/bin/sh -c "exec haproxy -W -S /var/run/haproxy.sock -f /etc/haproxy/haproxy.cfg -db"并且监控配置文件变化,如果变化则进行reload
command=sh -c 'while inotifywait -q -r -e create,delete,modify,move,attrib --exclude "/." /etc/haproxy/haproxy.cfg; do echo "reload" |socat /var/run/haproxy.sock -; done'- haproxy.cfg
global
log /dev/log local0
chroot /usr/local/haproxy
stats socket /var/run/haproxy.sock mode 600 level admin
stats timeout 2m
maxconn 4096 ###每个进程的最大连接数,默认4000
user haproxy #用户组
group haproxy
daemon ###创建1个进程进入deamon模式运行。此参数要求将运行模式设置为"daemon"
nbproc 1 #设置启动进程数,默认是1
nbthread 4 #4个线程
cpu-map auto:1/1-4 0-3 # 绑定cpu
profiling.tasks on
defaults
mode http ###默认的模式mode { tcp|http|health },tcp是4层,http是7层,health只会返回OK
log global ###采用全局定义的日志
option dontlognull ###不记录健康检查的日志信息,日志不会记录空连接
option httpclose ###每次请求完毕后主动关闭http通道
option httplog ###访问日志类别http日志格式
option forwardfor ###如果后端服务器需要获得客户端真实ip需要配置的参数,可以从Http Header中获得客户端ip
option abortonclose #当服务器负载很高的时候,自动结束掉当前队列处理比较久的链接
option redispatch ###当使用了cookie时,haproxy将会将请求的后端服务器的server id插入到cookie中,以保证会话的session持久性,而此时,如果后端服务器宕机,但是客户端的cookie是不会刷新的,如果设置此参数,将会将客户的请求强制定向到另外一个后端的server上继续会话。
timeout connect 5000ms #default 10 second timeout if a backend is not found
timeout client 500000 ###客户端连接超时
timeout server 500000 ###服务器返回的响应时间
maxconn 100000 ###最大连接数
retries 3 ###。重试时间。3次连接失败就认为服务不可用,也可以通过后面设置
listen stats
mode http
bind *:1080 #监听端口
stats refresh 30s #统计页面自动刷新时间
stats uri /stats #统计页面url
stats realm Haproxy Manager #统计页面密码框上提示文本
stats auth admin:admin #统计页面用户名和密码设置
stats hide-version #隐藏统计页面上HAProxy的版本信息
#---------------------------------------------------------------------
frontend frontend-web.com
bind *:2379
mode http
option httplog
acl in_network src 10.0.0.0/8
acl is_map_add path_beg /map/add
http-request set-map(/etc/haproxy/maps/hosts.map) %[url_param(domain)] %[url_param(backend)] if is_map_add in_network
http-request deny deny_status 200 if { path_beg /map/ }
stick-table type binary len 8 size 1m expire 10s store http_req_rate(10s)
http-request track-sc0 base32+src
http-request set-var(req.rate_limit) path,map_beg(/etc/haproxy/maps/rates.map)
http-request set-var(req.request_rate) base32+src,table_http_req_rate(frontend-web.com)
acl rate_abuse var(req.rate_limit),sub(req.request_rate) lt 0
http-request deny deny_status 429 if rate_abuse
acl is_static path -i -m beg /static
use_backend %[str(active),map(/etc/haproxy/maps/hosts.map)]
log global
default_backend A-backend-linuxea.com
log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
#---------------------------------------------------------------------
frontend tcp_app
default_backend C-backend-linuxea.com
mode http
bind *:2380
backend A-backend-linuxea.com
option forwardfor header X-REALL-IP #获取后端ip
option httpchk HEAD / HTTP/1.0
http-check expect rstatus (2|3)[0-9][0-9]
http-check disable-on-404
default-server inter 3s fall 3 rise 2
balance roundrobin #负载均衡算法:roundrobin:轮询 source:源ip hash leastconn:最小连接数
server etcd1 172.25.6.37:81 check
server etcd2 172.25.10.245:81 check
server etcd3 172.25.50.250:81 check
backend B-backend-linuxea.com
option forwardfor header X-REALL-IP
option httpchk HEAD / HTTP/1.0
balance roundrobin
server etcd2 172.25.10.35:83 check inter 2000 rise 30 fall 15
backend C-backend-linuxea.com
option tcp-check
balance roundrobin
server redis 172.25.8.23:6379 check port 6379
server mysql 172.25.8.23:3306 check port 3306docker-compose.yml
而后编辑haproxy的compose文件即可
version: '3.7'
services:
haproxy:
image: marksugar/haproxy:1.9.8
container_name: haproxy
#privileged: true
restart: always
network_mode: "host"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/haproxy:/etc/haproxy
ports:
- "2379:2379"
- "1080:1080"
logging:
driver: "json-file"
options:
max-size: "1G"快速部署
curl -Lks https://raw.githubusercontent.com/marksugar/dockerMops/master/docker-haproxy/haproxy-1.9.8/deploy-1.9.8.sh |bash延伸阅读
linuxea:haproxy 1.9中的多线程linuxea:haproxy1.9 了解四个基础部分linuxea:haproxy1.9日志简介linuxea: 使用HAproxy 1.9 Runtime API进行动态配置linuxea: 探索 HAproxy 1.9 统计页面linuxea: HAproxy 1.9 ACL简介
