LinuxEye - Linux系统教程

LinuxEye - Linux系统教程

当前位置: 主页 > Linux配置 >

haproxy代理流程的数据进行抓包分析

时间:2012-07-06 22:48来源:itnihao 编辑:admin 点击:
haproxy代理流程的数据进行抓包分析 各模块名称以及作用 haproxy.cfg文件配置如下 global maxconn 20480 log 127.0.0.1 local3 chroot /var/haproxy uid 99 gid 99 daemon nbproc 1 pidfile /var/run/haproxy.pid ulimit-n 65535
haproxy代理流程的数据进行抓包分析
itniaho

各模块名称以及作用

 
haproxy.cfg文件配置如下
global 
           maxconn 20480                 
           log 127.0.0.1 local3          
           chroot /var/haproxy           
           uid 99                        
           gid 99                        
           daemon                        
           nbproc 1                      
           pidfile /var/run/haproxy.pid  
           ulimit-n 65535                
    defaults 
            log global 
            mode http           
            maxconn 20480       
            option httplog      
            option httpclose    
            option dontlognull  
            option forwardfor   
            option redispatch   
            option abortonclose 
            stats refresh 30    
            retries 3           
            balance roundrobin  
            contimeout 5000     
            clitimeout 50000    
            srvtimeout 50000    
            timeout check 2000  
     
    listen  admin_status                  
            bind 0.0.0.0:65532           
            mode http                    
            log 127.0.0.1 local3 err     
            stats refresh 5s             
            stats uri /admin?stats       
            stats realm itnihao\ itnihao 
            stats auth admin:admin       
            stats auth admin1:admin1     
            stats hide-version           
            stats admin if TRUE          
            errorfile 403 /etc/haproxy/errorfiles/403.http 
            errorfile 500 /etc/haproxy/errorfiles/500.http 
            errorfile 502 /etc/haproxy/errorfiles/502.http 
            errorfile 503 /etc/haproxy/errorfiles/503.http 
            errorfile 504 /etc/haproxy/errorfiles/504.http 
     
            capture request  header Host           len 40 
            capture request  header Content-Length len 10 
            capture request  header Referer        len 200 
            capture response header Server         len 40 
            capture response header Content-Length len 10 
            capture response header Cache-Control  len 8 
    listen  site_status 
            bind 0.0.0.0:1081                     
            mode http                             
            log 127.0.0.1 local3 err              
            monitor-uri /site_status              
            acl site_dead nbsrv(server_web) lt 2  
            monitor fail if site_dead 
     
    frontend  http_80_in 
            bind 0.0.0.0:80   
            mode http         
            log global        
            option httplog   
            option httpclose  
            option forwardfor 
            acl itnihao_web hdr_reg(host) -i ^(www.itnihao.cn|ww1.itnihao.cn)$ 
            acl itnihao_blog hdr_dom(host) -i blog.itnihao.cn 
            use_backend  server_web  if itnihao_web 
            use_backend  server_blog if itnihao_blog 
            default_backend server_bbs 
     
    backend server_web 
            mode http           
            balance roundrobin  
            cookie SERVERID     
            option httpchk GET /index.html 
            server web1 192.168.16.2:80 cookie web1 check inter 1500 rise 3 fall 3 weight 1 
            server web2 192.168.16.3:80 cookie web2 check inter 1500 rise 3 fall 3 weight 2 
     
    backend server_bbs 
            mode http          
            balance roundrobin 
            cookie SERVERID    
            option httpchk GET /index.html 
            server bbs1 192.168.16.2:80 cookie bbs1 check inter 1500 rise 3 fall 3 weight 1 
            server bbs2 192.168.16.3:80 cookie bbs2 check inter 1500 rise 3 fall 3 weight 2 

客户端192.168.16.90访问http://ww1.itnihao.cn

Haproxy的日志如下,可以看到,负载均衡到web2和web1上面去了


详细日志如下所示
Jul  2 04:09:19 localhost haproxy[30015]: 192.168.16.90:4329 [02/Jul/2012:04:09:19.876] http_80_in server_web/web2 31/0/10/0/44 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:19 localhost haproxy[30015]: 192.168.16.90:4329 [02/Jul/2012:04:09:19.876] http_80_in server_web/web2 31/0/10/0/44 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:19 localhost haproxy[30015]: 192.168.16.90:4329 [02/Jul/2012:04:09:19.876] http_80_in server_web/web2 31/0/10/0/44 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:19 localhost haproxy[30015]: 192.168.16.90:4329 [02/Jul/2012:04:09:19.876] http_80_in server_web/web2 31/0/10/0/44 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:19 localhost haproxy[30015]: 192.168.16.90:4329 [02/Jul/2012:04:09:19.876] http_80_in server_web/web2 31/0/10/0/44 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:19 localhost haproxy[30015]: 192.168.16.90:4329 [02/Jul/2012:04:09:19.876] http_80_in server_web/web2 31/0/10/0/44 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:22 localhost haproxy[30015]: 192.168.16.90:4330 [02/Jul/2012:04:09:21.985] http_80_in server_web/web1 6/0/35/27/70 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:22 localhost haproxy[30015]: 192.168.16.90:4330 [02/Jul/2012:04:09:21.985] http_80_in server_web/web1 6/0/35/27/70 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:22 localhost haproxy[30015]: 192.168.16.90:4330 [02/Jul/2012:04:09:21.985] http_80_in server_web/web1 6/0/35/27/70 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:22 localhost haproxy[30015]: 192.168.16.90:4330 [02/Jul/2012:04:09:21.985] http_80_in server_web/web1 6/0/35/27/70 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:22 localhost haproxy[30015]: 192.168.16.90:4330 [02/Jul/2012:04:09:21.985] http_80_in server_web/web1 6/0/35/27/70 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:22 localhost haproxy[30015]: 192.168.16.90:4330 [02/Jul/2012:04:09:21.985] http_80_in server_web/web1 6/0/35/27/70 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

在web2上面抓包


查看抓包数据如下

 客户端192.168.16.90首先向ww1.itnihao.cn(192.168.16.22)发送请求,haproxy代理服务器192.168.16.22收到请求,根据以下的配置文件的则,将请求用调度算法roundrobin转发给后端web2,即192.168.16.3
frontend  http_80_in

       bind 0.0.0.0:80   

       mode http         

       log global        

       option httplog    

       option httpclose  

       option forwardfor 

       acl  itnihao_web  hdr_reg(host)  -i  ^(www.itnihao.cn|ww1.itnihao.cn)$

       use_backend  server_web  if  itnihao_web   

backend server_web

       mode http

       balance roundrobin

       cookie SERVERID

       option httpchk GET /index.html 

       server  web1  192.168.16.2:80  cookie  web1 check inter 1500 rise 3 fall 3 weight 1

       server  web2  192.168.16.3:80  cookie  web2 check inter 1500 rise 3 fall 3 weight 2


可以看到,haproxy会将请求的www.itnihao.cn转发给192.168.16.3,且标记客户端的ip,如192.168.16.3有多个基于域名的虚拟主机,可以通过请求的域名来正确的识别到虚拟主机,这点无需担心。
ip转发的选项是option forwardfor 转发过来的ip,如此,则端服务器可以获取到真实的客户端ip

 192.168.16.3响应haproxy的请求,将数据index.html提供给haproxy192.168.16.22

 代理过程完成,192.168.16.
22将index.html数据发送给用户端,用户端192.168.16.90完成此次的服务器请求,对用户来说是完全透明的。

同理,代理将请求转发给192.168.16.2,叙述过程不再重复,从抓包数据的结果可以看到



转载请保留固定链接: http://www.linuxeye.com/configuration/686.html

------分隔线----------------------------
标签:HAproxy负载均衡
栏目列表
推荐内容