{"id":78587,"date":"2026-02-27T22:30:34","date_gmt":"2026-02-27T14:30:34","guid":{"rendered":"https:\/\/www.wsisp.com\/helps\/78587.html"},"modified":"2026-02-27T22:30:34","modified_gmt":"2026-02-27T14:30:34","slug":"haproxy%e4%b8%83%e5%b1%82%e4%bb%a3%e7%90%86%ef%bc%9a%e9%ab%98%e6%80%a7%e8%83%bd%e8%b4%9f%e8%bd%bd%e5%9d%87%e8%a1%a1%e5%ae%9e%e6%88%98","status":"publish","type":"post","link":"https:\/\/www.wsisp.com\/helps\/78587.html","title":{"rendered":"HAProxy\u4e03\u5c42\u4ee3\u7406\uff1a\u9ad8\u6027\u80fd\u8d1f\u8f7d\u5747\u8861\u5b9e\u6218"},"content":{"rendered":"<h2>HAProxy\u4e03\u5c42\u4ee3\u7406\u5b66\u4e60\u7b14\u8bb0<\/h2>\n<h3>\u4e00\u3001\u8d1f\u8f7d\u5747\u8861\u57fa\u7840<\/h3>\n<h4>1.1 \u4ec0\u4e48\u662f\u8d1f\u8f7d\u5747\u8861<\/h4>\n<p>\u8d1f\u8f7d\u5747\u8861&#xff08;Load Balance&#xff0c;\u7b80\u79f0LB&#xff09;\u662f\u4e00\u79cd\u670d\u52a1\u6216\u57fa\u4e8e\u786c\u4ef6\u8bbe\u5907\u5b9e\u73b0\u7684\u9ad8\u53ef\u7528\u53cd\u5411\u4ee3\u7406\u6280\u672f\u3002\u5b83\u5c06\u7279\u5b9a\u7684\u4e1a\u52a1&#xff08;\u5982Web\u670d\u52a1\u3001\u7f51\u7edc\u6d41\u91cf&#xff09;\u5206\u62c5\u7ed9\u4e00\u4e2a\u6216\u591a\u4e2a\u540e\u7aef\u670d\u52a1\u5668&#xff0c;\u4ece\u800c\u63d0\u9ad8\u5e76\u53d1\u5904\u7406\u80fd\u529b\u3001\u4fdd\u8bc1\u4e1a\u52a1\u9ad8\u53ef\u7528\u6027&#xff0c;\u5e76\u65b9\u4fbf\u4e1a\u52a1\u540e\u671f\u7684\u6c34\u5e73\u6269\u5c55\u3002<\/p>\n<p>\u53c2\u8003&#xff1a;\u963f\u91cc\u4e91SLB\u4ecb\u7ecd https:\/\/yq.aliyun.com\/articles\/1803<\/p>\n<h4>1.2 \u4e3a\u4ec0\u4e48\u4f7f\u7528\u8d1f\u8f7d\u5747\u8861<\/h4>\n<ul>\n<li>\u52a8\u6001\u6c34\u5e73\u6269\u5c55&#xff1a;\u5bf9\u7528\u6237\u65e0\u611f\u77e5&#xff0c;\u53ef\u968f\u65f6\u589e\u52a0\u540e\u7aef\u670d\u52a1\u5668\u3002<\/li>\n<li>\u63d0\u5347\u5e76\u53d1\u5904\u7406\u80fd\u529b&#xff1a;\u7a81\u7834\u5355\u670d\u52a1\u5668\u6027\u80fd\u74f6\u9888\u3002<\/li>\n<li>\u8282\u7ea6\u516c\u7f51IP&#xff1a;\u591a\u4e2a\u540e\u7aef\u5171\u4eab\u4e00\u4e2a\u516c\u7f51IP&#xff0c;\u964d\u4f4e\u6210\u672c\u3002<\/li>\n<li>\u9690\u85cf\u5185\u90e8\u670d\u52a1\u5668IP&#xff1a;\u63d0\u9ad8\u5b89\u5168\u6027\u3002<\/li>\n<li>\u914d\u7f6e\u7b80\u5355&#xff1a;\u4f7f\u7528\u56fa\u5b9a\u683c\u5f0f\u7684\u914d\u7f6e\u6587\u4ef6\u3002<\/li>\n<li>\u529f\u80fd\u4e30\u5bcc&#xff1a;\u652f\u6301\u56db\u5c42\u548c\u4e03\u5c42\u4ee3\u7406&#xff0c;\u652f\u6301\u52a8\u6001\u4e0a\u4e0b\u7ebf\u4e3b\u673a\u3002<\/li>\n<li>\u6027\u80fd\u5f3a\u52b2&#xff1a;\u53ef\u652f\u6491\u6570\u4e07\u751a\u81f3\u6570\u5341\u4e07\u5e76\u53d1\u8fde\u63a5\u3002<\/li>\n<\/ul>\n<h4>1.3 \u8d1f\u8f7d\u5747\u8861\u7c7b\u578b<\/h4>\n<h5>1.3.1 \u786c\u4ef6\u8d1f\u8f7d\u5747\u8861<\/h5>\n<p>\u5e38\u89c1\u786c\u4ef6\u8bbe\u5907&#xff1a;<\/p>\n<ul>\n<li>F5&#xff08;\u7f8e\u56fdF5\u516c\u53f8&#xff09;<\/li>\n<li>Netscaler&#xff08;\u601d\u6770&#xff09;<\/li>\n<li>Array&#xff08;\u534e\u8000&#xff09;<\/li>\n<li>AD-1000&#xff08;\u6df1\u4fe1\u670d&#xff09;<\/li>\n<\/ul>\n<h5>1.3.2 \u56db\u5c42\u8d1f\u8f7d\u5747\u8861<\/h5>\n<ul>\n<li>\u57fa\u4e8eIP\u548c\u7aef\u53e3&#xff08;\u4f20\u8f93\u5c42&#xff09;\u8fdb\u884c\u6d41\u91cf\u5206\u53d1\u3002<\/li>\n<li>\u5bf9\u6d41\u91cf\u505aNAT\u8f6c\u53d1&#xff0c;\u8bb0\u5f55TCP\/UDP\u8fde\u63a5\u72b6\u6001&#xff0c;\u540e\u7eed\u6d41\u91cf\u4ecd\u53d1\u5f80\u540c\u4e00\u53f0\u540e\u7aef\u670d\u52a1\u5668\u3002<\/li>\n<li>\u4ee3\u8868\u8f6f\u4ef6&#xff1a;LVS&#xff08;\u91cd\u91cf\u7ea7&#xff09;\u3001Nginx&#xff08;\u56db\u5c42\u901a\u8fc7stream\u6a21\u5757&#xff09;\u3001HAProxy&#xff08;\u6a21\u62df\u56db\u5c42\u8f6c\u53d1&#xff09;\u3002<\/li>\n<\/ul>\n<h5>1.3.3 \u4e03\u5c42\u8d1f\u8f7d\u5747\u8861<\/h5>\n<ul>\n<li>\u57fa\u4e8e\u5e94\u7528\u5c42\u4fe1\u606f&#xff08;\u5982URL\u3001HTTP\u5934\u90e8\u3001Cookie\u7b49&#xff09;\u8fdb\u884c\u6d41\u91cf\u5206\u53d1\u3002<\/li>\n<li>\u4ee3\u7406\u670d\u52a1\u5668\u4e0e\u5ba2\u6237\u7aef\u548c\u540e\u7aef\u5206\u522b\u5efa\u7acb\u8fde\u63a5&#xff08;\u5982Nginx\u7684proxy_pass&#xff09;\u3002<\/li>\n<li>\u4ee3\u8868\u8f6f\u4ef6&#xff1a;Nginx&#xff08;\u4e03\u5c42&#xff09;\u3001HAProxy&#xff08;\u652f\u6301\u4f1a\u8bdd\u4fdd\u6301\u3001\u8def\u5f84\u5339\u914d\u7b49&#xff09;\u3002<\/li>\n<\/ul>\n<h5>1.3.4 \u56db\u5c42\u548c\u4e03\u5c42\u7684\u533a\u522b<\/h5>\n<table>\n<tr>\u5bf9\u6bd4\u9879\u56db\u5c42\u8d1f\u8f7d\u5747\u8861\u4e03\u5c42\u8d1f\u8f7d\u5747\u8861<\/tr>\n<tbody>\n<tr>\n<td>\u5206\u5c42\u4f4d\u7f6e<\/td>\n<td>\u4f20\u8f93\u5c42\u53ca\u4ee5\u4e0b<\/td>\n<td>\u5e94\u7528\u5c42\u53ca\u4ee5\u4e0b<\/td>\n<\/tr>\n<tr>\n<td>\u6027\u80fd<\/td>\n<td>\u9ad8&#xff0c;\u65e0\u9700\u89e3\u6790\u62a5\u6587\u5185\u5bb9<\/td>\n<td>\u8f83\u4f4e&#xff0c;\u9700\u89e3\u6790\u5e94\u7528\u5c42\u4fe1\u606f<\/td>\n<\/tr>\n<tr>\n<td>\u539f\u7406<\/td>\n<td>\u57fa\u4e8eIP&#043;\u7aef\u53e3<\/td>\n<td>\u57fa\u4e8e\u865a\u62dfURL\u3001\u4e3b\u673a\u540d\u7b49<\/td>\n<\/tr>\n<tr>\n<td>\u529f\u80fd\u7c7b\u6bd4<\/td>\n<td>\u7c7b\u4f3c\u8def\u7531\u5668<\/td>\n<td>\u7c7b\u4f3c\u4ee3\u7406\u670d\u52a1\u5668<\/td>\n<\/tr>\n<tr>\n<td>\u5b89\u5168\u6027<\/td>\n<td>\u65e0\u6cd5\u8bc6\u522bDDoS\u653b\u51fb<\/td>\n<td>\u53ef\u9632\u5fa1SYN Cookie\/Flood\u7b49\u653b\u51fb<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>\u4e8c\u3001HAProxy\u7b80\u4ecb<\/h3>\n<p>HAProxy\u662f\u7531\u6cd5\u56fd\u5f00\u53d1\u8005Willy Tarreau\u4e8e2000\u5e74\u4f7f\u7528C\u8bed\u8a00\u5f00\u53d1\u7684\u5f00\u6e90\u8f6f\u4ef6&#xff0c;\u662f\u4e00\u6b3e\u9ad8\u6027\u80fd&#xff08;\u4e07\u7ea7\u4ee5\u4e0a\u5e76\u53d1&#xff09;\u7684TCP\/HTTP\u8d1f\u8f7d\u5747\u8861\u5668\u3002\u652f\u6301\u57fa\u4e8eCookie\u7684\u6301\u4e45\u6027\u3001\u81ea\u52a8\u6545\u969c\u5207\u6362\u3001\u6b63\u5219\u8868\u8fbe\u5f0f\u53caWeb\u72b6\u6001\u7edf\u8ba1\u3002<\/p>\n<ul>\n<li>\u4f01\u4e1a\u7248\u7f51\u7ad9&#xff1a;https:\/\/www.haproxy.com<\/li>\n<li>\u793e\u533a\u7248\u7f51\u7ad9&#xff1a;http:\/\/www.haproxy.org<\/li>\n<li>GitHub&#xff1a;https:\/\/github.com\/haprox<\/li>\n<\/ul>\n<h3>\u4e09\u3001HAProxy\u7684\u5b89\u88c5\u4e0e\u670d\u52a1\u4fe1\u606f<\/h3>\n<h4>3.1 \u5b9e\u9a8c\u73af\u5883\u8bbe\u5b9a<\/h4>\n<ul>\n<li>HAProxy\u4e3b\u673a\u62e5\u6709\u53cc\u7f51\u5361&#xff0c;\u5206\u522b\u8fde\u63a5\u5916\u90e8\u7f51\u7edc&#xff08;172.25.254.0\/24&#xff09;\u548c\u5185\u90e8\u670d\u52a1\u5668\u7f51\u7edc&#xff08;192.168.0.0\/24&#xff09;\u3002<\/li>\n<li>\u540e\u7aefWeb\u670d\u52a1\u5668\u53ea\u6709\u5185\u7f51IP&#xff0c;\u901a\u8fc7HAProxy\u8f6c\u53d1\u8bf7\u6c42\u3002<\/li>\n<li>\u5f00\u542f\u5185\u6838IP\u8f6c\u53d1&#xff1a;echo net.ipv4.ip_forward&#061;1 &gt;&gt; \/etc\/sysctl.conf \u5e76\u6267\u884c sysctl -p\u3002<\/li>\n<\/ul>\n<p>1.haproxy\u4e3b\u673a<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># sysctl -a | grep ip_forward<\/span><br \/>\nnet.ipv4.ip_forward <span class=\"token operator\">&#061;<\/span> <span class=\"token number\">0<\/span><br \/>\nnet.ipv4.ip_forward_update_priority <span class=\"token operator\">&#061;<\/span> <span class=\"token number\">1<\/span><br \/>\nnet.ipv4.ip_forward_use_pmtu <span class=\"token operator\">&#061;<\/span> <span class=\"token number\">0<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo net.ipv4.ip_forward&#061;1 &gt; \/etc\/sysctl.conf<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># sysctl -p<\/span><br \/>\nnet.ipv4.ip_forward <span class=\"token operator\">&#061;<\/span> <span class=\"token number\">1<\/span><\/p>\n<p>2.weberver1<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vmset.sh eth0 192.168.0.10 webserver1 noroute<\/span><br \/>\n\u8fde\u63a5\u5df2\u6210\u529f\u6fc0\u6d3b&#xff08;D-Bus \u6d3b\u52a8\u8def\u5f84&#xff1a;\/org\/freedesktop\/NetworkManager\/ActiveConnection\/4&#xff09;<br \/>\n<span class=\"token number\">2<\/span>: eth0: <span class=\"token operator\">&lt;<\/span>BROADCAST,MULTICAST,UP,LOWER_UP<span class=\"token operator\">&gt;<\/span> mtu <span class=\"token number\">1500<\/span> qdisc mq state UP group default qlen <span class=\"token number\">1000<\/span><br \/>\n    link\/ether 00:0c:29:8c:96:72 brd ff:ff:ff:ff:ff:ff<br \/>\n    altname enp3s0<br \/>\n    altname ens160<br \/>\n    inet <span class=\"token number\">192.168<\/span>.0.10\/24 brd <span class=\"token number\">192.168<\/span>.0.255 scope global noprefixroute eth0<br \/>\n       valid_lft forever preferred_lft forever<br \/>\n    inet6 fe80::20c:29ff:fe8c:9672\/64 scope <span class=\"token function\">link<\/span> tentative noprefixroute<br \/>\n       valid_lft forever preferred_lft forever<br \/>\nwebserver1<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># dnf install httpd -y<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo yu &#8211; webserver1 &#8211; 192.168.0.10 &gt; \/var\/www\/html\/index.html<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl enable &#8211;now httpd<\/span><br \/>\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/httpd.service \u2192 \/usr\/lib\/systemd\/system\/httpd.service.<\/p>\n<p>webserver2\u914d\u7f6e\u7c7b\u4f3cwebserver1 3.\u9a8c\u8bc1\u914d\u7f6e <img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143028-69a1aa84077e7.png\" alt=\"\" \/><\/p>\n<h4>3.2 \u8f6f\u4ef6\u5b89\u88c5<\/h4>\n<h5>\u4e0b\u8f7d\u4e0e\u5b89\u88c5<\/h5>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># dnf install haproxy -y<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl enable &#8211;now haproxy<\/span><br \/>\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/haproxy.service \u2192 \/usr\/lib\/systemd\/system\/haproxy.service.<br \/>\n<span class=\"token comment\"># \u67e5\u770b\u7248\u672c<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># haproxy -v<\/span><br \/>\nHAProxy version <span class=\"token number\">2.4<\/span>.22-f8e3218 <span class=\"token number\">2023<\/span>\/02\/14 &#8211; https:\/\/haproxy.org\/<br \/>\nStatus: long-term supported branch &#8211; will stop receiving fixes around Q2 <span class=\"token number\">2026<\/span>.<br \/>\nKnown bugs: http:\/\/www.haproxy.org\/bugs\/bugs-2.4.22.html<br \/>\nRunning on: Linux <span class=\"token number\">5.14<\/span>.0-570.12.1.el9_6.x86_64 <span class=\"token comment\">#1 SMP PREEMPT_DYNAMIC Fri Apr 4 10:41:31 EDT 2025 x86_64<\/span><\/p>\n<h5>\u542f\u52a8\u670d\u52a1<\/h5>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl enable &#8211;now haproxy<\/span><\/p>\n<h4>3.3 Haproxy\u7684\u57fa\u672c\u914d\u7f6e<\/h4>\n<p>HAProxy\u914d\u7f6e\u6587\u4ef6 \/etc\/haproxy\/haproxy.cfg \u7531\u4e24\u5927\u90e8\u5206\u7ec4\u6210&#xff1a;global&#xff08;\u5168\u5c40\u914d\u7f6e&#xff09;\u548c proxies&#xff08;\u4ee3\u7406\u914d\u7f6e&#xff09;\u3002proxies\u6bb5\u53c8\u5206\u4e3adefaults\u3001frontend\u3001backend\u3001listen\u3002<\/p>\n<h5>3.3.1 global\u914d\u7f6e<\/h5>\n<p>\u5e38\u7528\u53c2\u6570&#xff1a;<\/p>\n<ul>\n<li>log 127.0.0.1 local2&#xff1a;\u5b9a\u4e49syslog\u670d\u52a1\u5668\u3002<\/li>\n<li>chroot \/var\/lib\/haproxy&#xff1a;\u9501\u5b9a\u8fd0\u884c\u76ee\u5f55\u3002<\/li>\n<li>pidfile \/var\/run\/haproxy.pid&#xff1a;PID\u6587\u4ef6\u8def\u5f84\u3002<\/li>\n<li>maxconn 100000&#xff1a;\u6700\u5927\u8fde\u63a5\u6570\u3002<\/li>\n<li>user haproxy \/ group haproxy&#xff1a;\u8fd0\u884c\u7528\u6237\u548c\u7ec4\u3002<\/li>\n<li>daemon&#xff1a;\u4ee5\u5b88\u62a4\u8fdb\u7a0b\u65b9\u5f0f\u8fd0\u884c\u3002<\/li>\n<li>stats socket \/var\/lib\/haproxy\/stats&#xff1a;Unix\u5957\u63a5\u5b57\u6587\u4ef6&#xff0c;\u7528\u4e8e\u8fd0\u884c\u65f6\u7ba1\u7406\u3002<\/li>\n<li>nbproc 2&#xff1a;\u542f\u52a82\u4e2a\u5de5\u4f5c\u8fdb\u7a0b&#xff08;\u591a\u8fdb\u7a0b&#xff09;\u3002<\/li>\n<li>cpu-map 1 0 \/ cpu-map 2 1&#xff1a;\u7ed1\u5b9a\u8fdb\u7a0b\u5230CPU\u6838\u5fc3\u3002<\/li>\n<li>nbthread 2&#xff1a;\u6bcf\u4e2a\u8fdb\u7a0b\u542f\u75282\u4e2a\u7ebf\u7a0b&#xff08;\u4e0enbproc\u4e92\u65a5&#xff09;\u3002<\/li>\n<\/ul>\n<h5>3.3.2 proxies\u914d\u7f6e<\/h5>\n<h6>1. defaults<\/h6>\n<p>\u4e3a\u540e\u7eed\u7684frontend\u3001backend\u3001listen\u63d0\u4f9b\u9ed8\u8ba4\u53c2\u6570&#xff0c;\u4f8b\u5982&#xff1a;<\/p>\n<p>defaults<br \/>\n    mode                    http<br \/>\n    log                     global<br \/>\n    option                  httplog<br \/>\n    option                  dontlognull<br \/>\n    option http-server-close<br \/>\n    option forwardfor       except <span class=\"token number\">127.0<\/span>.0.0\/8   <span class=\"token comment\"># \u5f00\u542fIP\u900f\u4f20<\/span><br \/>\n    option                  redispatch<br \/>\n    retries                 <span class=\"token number\">3<\/span><br \/>\n    <span class=\"token function\">timeout<\/span> http-request    10s<br \/>\n    <span class=\"token function\">timeout<\/span> queue           1m<br \/>\n    <span class=\"token function\">timeout<\/span> connect         10s<br \/>\n    <span class=\"token function\">timeout<\/span> client          1m<br \/>\n    <span class=\"token function\">timeout<\/span> server          1m<br \/>\n    <span class=\"token function\">timeout<\/span> http-keep-alive 10s<br \/>\n    <span class=\"token function\">timeout<\/span> check           10s<br \/>\n    maxconn                 <span class=\"token number\">3000<\/span><\/p>\n<h6>2. frontend<\/h6>\n<p>\u5b9a\u4e49\u524d\u7aef\u76d1\u542c\u7684\u5730\u5740\u548c\u7aef\u53e3&#xff0c;\u5e76\u5173\u8054\u540e\u7aef\u3002<\/p>\n<p>frontend webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> *:80<br \/>\n    mode http<br \/>\n    use_backend webserver-80<\/p>\n<h6>3. backend<\/h6>\n<p>\u5b9a\u4e49\u540e\u7aef\u670d\u52a1\u5668\u7ec4\u3002<\/p>\n<p>backend webserver-80<br \/>\n    mode http<br \/>\n    server web1 <span class=\"token number\">192.168<\/span>.0.10:80 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><br \/>\n    server web2 <span class=\"token number\">192.168<\/span>.0.20:80 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><\/p>\n<ul>\n<li>check&#xff1a;\u542f\u7528\u5065\u5eb7\u68c0\u67e5\u3002<\/li>\n<li>inter 3s&#xff1a;\u68c0\u67e5\u95f4\u96943\u79d2\u3002<\/li>\n<li>fall 3&#xff1a;\u8fde\u7eed3\u6b21\u5931\u8d25\u6807\u8bb0\u4e3adown\u3002<\/li>\n<li>rise 5&#xff1a;\u8fde\u7eed5\u6b21\u6210\u529f\u6807\u8bb0\u4e3aup\u3002<\/li>\n<li>weight&#xff1a;\u6743\u91cd&#xff0c;\u9ed8\u8ba4\u4e3a1\u3002<\/li>\n<\/ul>\n<h6>5. listen<\/h6>\n<p>\u5c06frontend\u548cbackend\u5408\u5e76&#xff0c;\u7b80\u5316\u914d\u7f6e\u3002<\/p>\n<p>listen webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> *:80<br \/>\n    mode http<br \/>\n    server web1 <span class=\"token number\">192.168<\/span>.0.10:80 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><br \/>\n    server web2 <span class=\"token number\">192.168<\/span>.0.20:80 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><\/p>\n<h4>3.4 haproxy\u57fa\u672c\u914d\u7f6e\u5b9e\u6218<\/h4>\n<h6>1. \u5b9e\u9a8c\u6700\u57fa\u672c\u7684\u8d1f\u8f7d<\/h6>\n<li>\u524d\u540e\u7aef\u5206\u5f00\u8bbe\u5b9a<\/li>\n<p><span class=\"token comment\">#\u53ef\u5c06\u539f\u6587\u4ef6\u5185\u5bb9\u6ce8\u91ca\u6389<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><\/p>\n<p>frontend webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span>            *:80<br \/>\n    mode            http<br \/>\n    use_backend     webserver-80<\/p>\n<p>backend webserver-80<br \/>\n    server web1 <span class=\"token number\">192.168<\/span>.0.10:80 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><br \/>\n    server web2 <span class=\"token number\">192.168<\/span>.0.20:80 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy.service<\/span><\/p>\n<p>\u6d4b\u8bd5 <img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143028-69a1aa842a141.png\" alt=\"\" \/>2. \u4f7f\u7528listen\u65b9\u5f0f\u5b9e\u73b0\u6700\u7b80\u5355\u7684HTTP\u8d1f\u8f7d\u5747\u8861&#xff1a;<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nlisten webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span>        *:80<br \/>\n    mode        http<br \/>\n    server web1 <span class=\"token number\">192.168<\/span>.0.10:80 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><br \/>\n    server web2 <span class=\"token number\">192.168<\/span>.0.20:80 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy.service<\/span><\/p>\n<p>\u6d4b\u8bd5 \u53ef\u4ee5\u770b\u5230\u8bf7\u6c42\u8f6e\u6d41\u5206\u53d1\u5230\u4e24\u53f0\u540e\u7aef\u670d\u52a1\u5668\u3002 <img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143028-69a1aa844a494.png\" alt=\"\" \/><\/p>\n<h6>2. \u65e5\u5fd7\u914d\u7f6e\u5b9e\u9a8c<\/h6>\n<p>HAProxy\u7684\u65e5\u5fd7\u901a\u8fc7log\u6307\u4ee4\u53d1\u9001\u5230\u6307\u5b9a\u7684syslog\u670d\u52a1\u5668\u3002\u5b9e\u9a8c\u4e2d\u5c06\u65e5\u5fd7\u53d1\u9001\u5230\u540e\u7aef\u670d\u52a1\u5668192.168.0.10\u3002<\/p>\n<p>\u5728192.168.0.10webserver1\u4e0a\u542f\u7528rsyslog\u7684UDP\u63a5\u6536&#xff1a;<\/p>\n<p><span class=\"token comment\"># \u628a\u4e0b\u9762\u4e24\u884c\u53d6\u6d88\u6ce8\u91ca<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/rsyslog.conf<\/span><br \/>\n <span class=\"token number\">32<\/span> module<span class=\"token punctuation\">(<\/span>load<span class=\"token operator\">&#061;<\/span><span class=\"token string\">&#034;imudp&#034;<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token comment\"># needs to be done just once<\/span><br \/>\n <span class=\"token number\">33<\/span> input<span class=\"token punctuation\">(<\/span>type<span class=\"token operator\">&#061;<\/span><span class=\"token string\">&#034;imudp&#034;<\/span> <span class=\"token assign-left variable\">port<\/span><span class=\"token operator\">&#061;<\/span><span class=\"token string\">&#034;514&#034;<\/span><span class=\"token punctuation\">)<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart rsyslog.service<\/span><\/p>\n<p><span class=\"token comment\">#\u6d4b\u8bd5\u63a5\u53d7\u65e5\u5fd7\u7aef\u53e3\u662f\u5426\u5f00\u542f<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># netstat -lntupae | grep rsyslog<\/span><br \/>\nudp        <span class=\"token number\">0<\/span>      <span class=\"token number\">0<\/span> <span class=\"token number\">0.0<\/span>.0.0:514             <span class=\"token number\">0.0<\/span>.0.0:*                           <span class=\"token number\">0<\/span>          <span class=\"token number\">74140<\/span>      <span class=\"token number\">30965<\/span>\/rsyslogd<br \/>\nudp6       <span class=\"token number\">0<\/span>      <span class=\"token number\">0<\/span> :::514                  :::*                                <span class=\"token number\">0<\/span>          <span class=\"token number\">74141<\/span>      <span class=\"token number\">30965<\/span>\/rsyslogd<\/p>\n<p>\u5728haproxy\u4e3b\u673a\u4e2d\u8bbe\u5b9a\u65e5\u5fd7\u53d1\u9001\u4fe1\u606f<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy haproxy<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim haproxy.cfg<\/span><\/p>\n<p>log         <span class=\"token number\">192.168<\/span>.0.10 local2<br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy haproxy<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy.service<\/span><\/p>\n<p>\u6d4b\u8bd5 <img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143028-69a1aa8469158.png\" alt=\"\" \/> \u5728webserever1\u4e0a\u67e5\u770b\u65e5\u5fd7 <img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143028-69a1aa84970e3.png\" alt=\"\" \/><\/p>\n<h6>3. haproxy\u5b9e\u73b0\u591a\u8fdb\u7a0b<\/h6>\n<p>haproxy\u9ed8\u8ba4\u662f\u5355\u8fdb\u7a0b<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># pstree -p | grep haproxy<\/span><br \/>\n           <span class=\"token operator\">|<\/span>-haproxy<span class=\"token punctuation\">(<\/span><span class=\"token number\">1922<\/span><span class=\"token punctuation\">)<\/span>&#8212;haproxy<span class=\"token punctuation\">(<\/span><span class=\"token number\">1924<\/span><span class=\"token punctuation\">)<\/span>&#8212;<span class=\"token punctuation\">{<\/span>haproxy<span class=\"token punctuation\">}<\/span><span class=\"token punctuation\">(<\/span><span class=\"token number\">1925<\/span><span class=\"token punctuation\">)<\/span><\/p>\n<p><span class=\"token comment\">#\u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u4f7f\u5176\u6210\u4e3a2\u4e2a\u8fdb\u7a0b<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nnbproc      <span class=\"token number\">2<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy.service<\/span><\/p>\n<p>\u6d4b\u8bd5 <img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143028-69a1aa84cd873.png\" alt=\"\" \/><\/p>\n<h6>4. \u591a\u8fdb\u7a0bcpu\u7ed1\u5b9a<\/h6>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\n    nbproc      <span class=\"token number\">2<\/span><br \/>\n    cpu-map     <span class=\"token number\">1<\/span> <span class=\"token number\">0<\/span><br \/>\n    cpu-map     <span class=\"token number\">2<\/span> <span class=\"token number\">1<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy.service<\/span><\/p>\n<h6>5. \u4e3a\u4e0d\u540c\u8fdb\u7a0b\u51c6\u5907\u4e0d\u540c\u5957\u63a5\u5b57<\/h6>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl stop haproxy.service<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># rm -rf \/var\/lib\/haproxy\/stats<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\n    stats socket \/var\/lib\/haproxy\/haproxy1  mode <span class=\"token number\">600<\/span> level admin process <span class=\"token number\">1<\/span><br \/>\n    stats socket \/var\/lib\/haproxy\/haporxy2  mode <span class=\"token number\">660<\/span> level admin process <span class=\"token number\">1<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy.service<\/span><\/p>\n<p>\u6d4b\u8bd5 <img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143028-69a1aa84e52a1.png\" alt=\"\" \/><\/p>\n<h6>6. haproxy\u5b9e\u73b0\u591a\u7ebf\u7a0b<\/h6>\n<p>\u6ce8\u610f\u591a\u7ebf\u7a0b\u4e0d\u80fd\u548c\u591a\u8fdb\u7a0b\u540c\u65f6\u542f\u7528&#xff0c;\u9700\u8981\u5c06\u4e0a\u9762\u5b9e\u9a8c\u52a0\u5165\u914d\u7f6e\u7684\u6ce8\u91ca\u6389<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># pstree -p | grep haproxy<\/span><br \/>\n           <span class=\"token operator\">|<\/span>-haproxy<span class=\"token punctuation\">(<\/span><span class=\"token number\">2180<\/span><span class=\"token punctuation\">)<\/span>-&#043;-haproxy<span class=\"token punctuation\">(<\/span><span class=\"token number\">2182<\/span><span class=\"token punctuation\">)<\/span><br \/>\n           <span class=\"token operator\">|<\/span>               &#096;-haproxy<span class=\"token punctuation\">(<\/span><span class=\"token number\">2183<\/span><span class=\"token punctuation\">)<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># cat \/proc\/2182\/status  | grep Threads<\/span><br \/>\nThreads:        <span class=\"token number\">1<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\n<span class=\"token comment\">#nbproc     2<\/span><br \/>\n    <span class=\"token comment\">#cpu-map    1 0<\/span><br \/>\n    <span class=\"token comment\">#cpu-map    2 1<\/span><br \/>\n    nbthread    <span class=\"token number\">2<\/span><br \/>\n    <span class=\"token comment\"># turn on stats unix socket<\/span><br \/>\n    stats socket \/var\/lib\/haproxy\/stats<br \/>\n    <span class=\"token comment\">#stats socket \/var\/lib\/haproxy\/haproxy1  mode 600 level admin process 1<\/span><br \/>\n    <span class=\"token comment\">#stats socket \/var\/lib\/haproxy\/haporxy2  mode 660 level admin process 1<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy.service<\/span><\/p>\n<p>\u6d4b\u8bd5 <img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143029-69a1aa8509916.png\" alt=\"\" \/><\/p>\n<h6>7. \u900f\u4f20\u5ba2\u6237\u7aef\u771f\u5b9eIP\u81f3\u540e\u7aefweb\u670d\u52a1\u5668<\/h6>\n<p><span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/httpd\/conf\/httpd.conf<\/span><br \/>\n<span class=\"token number\">201<\/span>     LogFormat <span class=\"token string\">&#034;%h %l %u %t <span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span>%r<span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span> %&gt;s %b <span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span>%{Referer}i<span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span> <span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span>%{User-Agent}i<span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span> <span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span>%{X-Forwarded-For}i<span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span> &#034;<\/span> combined<br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart httpd.service<\/span><\/p>\n<p>\u6d4b\u8bd5 <img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143029-69a1aa852ba25.png\" alt=\"\" \/>\u5728webserver1\u4e2d\u53ef\u4ee5\u89c2\u5bdf\u5230&#xff0c;\u4e4b\u524d\u6ca1\u6709\u5f00\u542f\u900f\u4f20\u4e4b\u524d&#xff0c;\u4e0d\u4f1a\u663e\u793a\u771f\u5b9e\u7684\u5ba2\u6237\u7aefIP&#xff1b;\u5728\u521a\u521a\u6211\u4eec\u6d4b\u8bd5\u4e2d\u5f00\u542f\u4e86\u900f\u4f20\u540e&#xff0c;\u6700\u540e\u4e00\u884c\u663e\u793a\u771f\u5b9e\u6d4b\u8bd5\u7aef\u7684IP <img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143029-69a1aa854fd7b.png\" alt=\"\" \/><\/p>\n<p><span class=\"token comment\"># \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6\u542f\u7528\u591a\u8fdb\u7a0b<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nglobal<br \/>\n    nbproc <span class=\"token number\">2<\/span><br \/>\n    cpu-map <span class=\"token number\">1<\/span> <span class=\"token number\">0<\/span><br \/>\n    cpu-map <span class=\"token number\">2<\/span> <span class=\"token number\">1<\/span><br \/>\n    stats socket \/var\/lib\/haproxy\/haproxy1 mode <span class=\"token number\">600<\/span> level admin process <span class=\"token number\">1<\/span><br \/>\n    stats socket \/var\/lib\/haproxy\/haproxy2 mode <span class=\"token number\">600<\/span> level admin process <span class=\"token number\">2<\/span><\/p>\n<p><span class=\"token comment\"># \u91cd\u542f\u540e\u67e5\u770b\u8fdb\u7a0b<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># pstree -p | grep haproxy<\/span><br \/>\n           <span class=\"token operator\">|<\/span>-haproxy<span class=\"token punctuation\">(<\/span><span class=\"token number\">31549<\/span><span class=\"token punctuation\">)<\/span>-&#043;-haproxy<span class=\"token punctuation\">(<\/span><span class=\"token number\">31551<\/span><span class=\"token punctuation\">)<\/span><br \/>\n           <span class=\"token operator\">|<\/span>                &#096;-haproxy<span class=\"token punctuation\">(<\/span><span class=\"token number\">31552<\/span><span class=\"token punctuation\">)<\/span><\/p>\n<h4>3.5 socat\u5de5\u5177\u2014\u2014\u52a8\u6001\u7ba1\u7406HAProxy<\/h4>\n<p>socat\u662fLinux\u4e0b\u7684\u591a\u529f\u80fd\u7f51\u7edc\u5de5\u5177&#xff0c;\u53ef\u7528\u4e8e\u4e0eHAProxy\u7684Unix\u5957\u63a5\u5b57\u901a\u4fe1&#xff0c;\u5b9e\u73b0\u52a8\u6001\u8c03\u6574\u6743\u91cd\u3001\u4e0a\u4e0b\u7ebf\u670d\u52a1\u5668\u7b49\u64cd\u4f5c\u3002\u5373\u5728\u670d\u52a1\u6216\u8f6f\u4ef6\u4e0d\u505c\u6b62\u7684\u60c5\u51b5\u4e0b\u66f4\u65b0\u8f6f\u4ef6\u6216\u670d\u52a1\u7684\u5de5\u4f5c\u65b9\u5f0f&#xff0c;\u5b8c\u6210\u5bf9\u8f6f\u4ef6\u4e0d\u505c\u5de5\u66f4\u65b0&#xff0c;\u5178\u578b\u7684\u70ed\u66f4\u65b0\u8bbe\u5907&#xff0c;usb&#xff0c;\u5728\u4f7f\u7528usb\u8fdb\u884c\u63d2\u62d4\u65f6&#xff0c;\u7535\u8111\u7cfb\u7edf\u65f6\u4e0d\u9700\u8981\u505c\u6b62\u5de5\u4f5c\u7684&#xff0c;\u8fd9\u4e2d\u8bbe\u5907\u53eb\u70ed\u63d2\u62d4\u8bbe\u5907\u3002<\/p>\n<h5>1. \u5b89\u88c5socat<\/h5>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># dnf install socat -y<\/span><\/p>\n<h5>2. \u5e38\u7528\u547d\u4ee4<\/h5>\n<ul>\n<li>\u67e5\u770b\u5e2e\u52a9&#xff1a;echo &#034;help&#034; | socat stdio \/var\/lib\/haproxy\/stats<\/li>\n<li>\u67e5\u770b\u670d\u52a1\u5668\u72b6\u6001&#xff1a;echo &#034;show servers state&#034; | socat stdio \/var\/lib\/haproxy\/stats<\/li>\n<\/ul>\n<p>\u4f8b\u5982<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo &#034;show servers state&#034;  | socat stdio \/var\/lib\/haproxy\/stats<\/span><br \/>\n<span class=\"token number\">1<\/span><br \/>\n<span class=\"token comment\"># be_id be_name srv_id srv_name srv_addr srv_op_state srv_admin_state srv_uweight srv_iweight srv_time_since_last_change srv_check_status srv_check_result srv_check_health srv_check_state srv_agent_state bk_f_forced_id srv_f_forced_id srv_fqdn srv_port srvrecord srv_use_ssl srv_check_port srv_check_addr srv_agent_addr srv_agent_port<\/span><br \/>\n<span class=\"token number\">2<\/span> webcluster <span class=\"token number\">1<\/span> yu1 <span class=\"token number\">192.168<\/span>.0.10 <span class=\"token number\">2<\/span> <span class=\"token number\">0<\/span> <span class=\"token number\">1<\/span> <span class=\"token number\">1<\/span> <span class=\"token number\">1939<\/span> <span class=\"token number\">6<\/span> <span class=\"token number\">3<\/span> <span class=\"token number\">7<\/span> <span class=\"token number\">6<\/span> <span class=\"token number\">0<\/span> <span class=\"token number\">0<\/span> <span class=\"token number\">0<\/span> &#8211; <span class=\"token number\">80<\/span> &#8211; <span class=\"token number\">0<\/span> <span class=\"token number\">0<\/span> &#8211; &#8211; <span class=\"token number\">0<\/span><br \/>\n<span class=\"token number\">2<\/span> webcluster <span class=\"token number\">2<\/span> yu2 <span class=\"token number\">192.168<\/span>.0.20 <span class=\"token number\">2<\/span> <span class=\"token number\">0<\/span> <span class=\"token number\">1<\/span> <span class=\"token number\">1<\/span> <span class=\"token number\">1939<\/span> <span class=\"token number\">6<\/span> <span class=\"token number\">3<\/span> <span class=\"token number\">7<\/span> <span class=\"token number\">6<\/span> <span class=\"token number\">0<\/span> <span class=\"token number\">0<\/span> <span class=\"token number\">0<\/span> &#8211; <span class=\"token number\">80<\/span> &#8211; <span class=\"token number\">0<\/span> <span class=\"token number\">0<\/span> &#8211; &#8211; <span class=\"token number\">0<\/span><\/p>\n<ul>\n<li>\u83b7\u53d6\u6743\u91cd&#xff1a;echo &#034;get weight webcluster\/haha&#034; | socat stdio \/var\/lib\/haproxy\/stats<\/li>\n<li>\u8bbe\u7f6e\u6743\u91cd&#xff1a;echo &#034;set weight webcluster\/haha 2&#034; | socat stdio \/var\/lib\/haproxy\/stats<\/li>\n<li>\u4e0b\u7ebf\u670d\u52a1\u5668&#xff1a;echo &#034;disable server webcluster\/haha&#034; | socat stdio \/var\/lib\/haproxy\/stats<\/li>\n<li>\u4e0a\u7ebf\u670d\u52a1\u5668&#xff1a;echo &#034;enable server webcluster\/haha&#034; | socat stdio \/var\/lib\/haproxy\/stats<\/li>\n<\/ul>\n<h5>3. \u6ce8\u610f\u6743\u9650<\/h5>\n<p>\u9ed8\u8ba4socket\u6587\u4ef6\u6743\u9650\u4e3a600&#xff0c;\u4ec5root\u53ef\u8bfb\u5199\u3002\u5982\u9700\u666e\u901a\u7528\u6237\u7ba1\u7406&#xff0c;\u53ef\u5728\u914d\u7f6e\u4e2d\u6307\u5b9alevel admin&#xff1a;<\/p>\n<p>stats socket \/var\/lib\/haproxy\/stats mode <span class=\"token number\">600<\/span> level admin<\/p>\n<h5>4. haproxy\u5b9e\u6218\u4e4b\u52a8\u6001\u8c03\u6574\u6743\u91cd<\/h5>\n<p>\u5229\u7528socat\u66f4\u6539haproxy\u4fe1\u606f<\/p>\n<p>\u67e5\u770b\u5f53\u524d\u6743\u91cd<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo &#034;get weight webcluster\/yu1&#034; | socat stdio \/var\/lib\/haproxy\/stats<\/span><br \/>\n<span class=\"token number\">1<\/span> <span class=\"token punctuation\">(<\/span>initial <span class=\"token number\">1<\/span><span class=\"token punctuation\">)<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo &#034;get weight webcluster\/yu2&#034; | socat stdio \/var\/lib\/haproxy\/stats<\/span><br \/>\n<span class=\"token number\">1<\/span> <span class=\"token punctuation\">(<\/span>initial <span class=\"token number\">1<\/span><span class=\"token punctuation\">)<\/span><\/p>\n<p>\u4fee\u6539\u6743\u91cd\u4e3a4<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo &#034;set weight webcluster\/yu1 4&#034; | socat stdio \/var\/lib\/haproxy\/stats<\/span><br \/>\nPermission denied<\/p>\n<p>\u50cf\u4e0a\u9762\u8fd9\u6837&#xff0c;\u5982\u679c\u76f4\u63a5\u4fee\u6539&#xff0c;\u4f1a\u4ea7\u751f\u62a5\u9519&#xff0c;\u6240\u4ee5\u6211\u4eec\u9700\u8981\u5bf9socket\u8fdb\u884c\u6388\u6743<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nstats socket \/var\/lib\/haproxy\/stats mode <span class=\"token number\">600<\/span> level admin<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># rm -rf \/var\/lib\/haproxy\/*<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy.service<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># ll \/var\/lib\/haproxy\/<\/span><br \/>\n\u603b\u7528\u91cf <span class=\"token number\">0<\/span><br \/>\nsrw&#8212;&#8212;- <span class=\"token number\">1<\/span> root root <span class=\"token number\">0<\/span>  <span class=\"token number\">2<\/span>\u6708 <span class=\"token number\">24<\/span> <span class=\"token number\">19<\/span>:28 stats<\/p>\n<p>\u6388\u6743\u6210\u529f&#xff0c;\u7136\u540e\u6267\u884c\u6743\u91cd\u66f4\u6539<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo &#034;set weight webcluster\/yu1 4&#034; | socat stdio \/var\/lib\/haproxy\/stats<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo &#034;get weight webcluster\/yu1&#034; | socat stdio \/var\/lib\/haproxy\/stats<\/span><br \/>\n<span class=\"token number\">4<\/span> <span class=\"token punctuation\">(<\/span>initial <span class=\"token number\">1<\/span><span class=\"token punctuation\">)<\/span><\/p>\n<p>\u6d4b\u8bd5\u8f6e\u8be2\u6548\u679c&#xff08;\u6743\u91cd\u9ad8\u8005\u83b7\u5f97\u66f4\u591a\u8bf7\u6c42&#xff09; <img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143029-69a1aa858ff02.png\" alt=\"\" \/><\/p>\n<h3>\u56db\u3001HAProxy\u8c03\u5ea6\u7b97\u6cd5<\/h3>\n<p>HAProxy\u901a\u8fc7balance\u5173\u952e\u5b57\u6307\u5b9a\u540e\u7aef\u670d\u52a1\u5668\u7684\u8c03\u5ea6\u7b97\u6cd5&#xff0c;\u53ef\u914d\u7f6e\u5728listen\u6216backend\u4e2d\u3002\u7b97\u6cd5\u5206\u4e3a\u9759\u6001\u7b97\u6cd5\u3001\u52a8\u6001\u7b97\u6cd5\u548c\u6df7\u5408\u7b97\u6cd5&#xff08;\u53ef\u6839\u636ehash-type\u6539\u53d8\u6027\u8d28&#xff09;\u3002<\/p>\n<h4>4.1 \u9759\u6001\u7b97\u6cd5<\/h4>\n<p>\u9759\u6001\u7b97\u6cd5\u6309\u7167\u56fa\u5b9a\u89c4\u5219\u8f6e\u8be2&#xff0c;\u4e0d\u5173\u5fc3\u540e\u7aef\u5b9e\u65f6\u8d1f\u8f7d&#xff0c;\u6743\u91cd\u53ea\u80fd\u5728\u914d\u7f6e\u4e2d\u8bbe\u7f6e&#xff0c;\u8fd0\u884c\u65f6\u65e0\u6cd5\u52a8\u6001\u8c03\u6574&#xff08;\u53ea\u80fd\u8bbe\u4e3a0\u6216100%&#xff09;\u3002<\/p>\n<h5>4.1.1 static-rr&#xff1a;\u57fa\u4e8e\u6743\u91cd\u7684\u8f6e\u8be2<\/h5>\n<ul>\n<li>\u7c7b\u4f3c\u4e8eLVS\u7684wrr&#xff0c;\u6309\u6743\u91cd\u8f6e\u6d41\u5206\u914d\u3002<\/li>\n<li>\u4e0d\u652f\u6301\u8fd0\u884c\u65f6\u52a8\u6001\u8c03\u6574\u6743\u91cd\u3002<\/li>\n<li>\u5b9e\u9a8c\u9a8c\u8bc1&#xff1a;<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nlisten webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> *:80<br \/>\n    balance static-rr<br \/>\n    server yu1 <span class=\"token number\">192.168<\/span>.0.10:80 weight <span class=\"token number\">2<\/span> check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><br \/>\n    server yu2 <span class=\"token number\">192.168<\/span>.0.20:80 weight <span class=\"token number\">1<\/span> check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy<\/span>\n <\/li>\n<\/ul>\n<p>\u6d4b\u8bd5\u8bf7\u6c42\u5206\u5e03 <img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143029-69a1aa85d3cbb.png\" alt=\"\" \/> \u68c0\u6d4b\u662f\u5426\u652f\u6301\u70ed\u66f4\u65b0&#xff08;\u4e0d\u652f\u6301&#xff09;<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo &#034;set weight webcluster\/yu1 1&#034; | socat stdio \/var\/lib\/haproxy\/stats<\/span><br \/>\nBackend is using a static LB algorithm and only accepts weights <span class=\"token string\">&#039;0%&#039;<\/span> and <span class=\"token string\">&#039;100%&#039;<\/span><span class=\"token builtin class-name\">.<\/span><\/p>\n<h5>4.1.2 first&#xff1a;\u4f18\u5148\u8c03\u5ea6\u7b2c\u4e00\u4e2a\u53ef\u7528\u670d\u52a1\u5668<\/h5>\n<ul>\n<li>\u6309\u670d\u52a1\u5668\u5728\u914d\u7f6e\u4e2d\u7684\u987a\u5e8f&#xff0c;\u53ea\u6709\u5f53\u7b2c\u4e00\u53f0\u7684\u8fde\u63a5\u6570\u8fbe\u5230maxconn\u4e0a\u9650\u540e&#xff0c;\u65b0\u8bf7\u6c42\u624d\u4f1a\u5206\u914d\u7ed9\u4e0b\u4e00\u53f0\u3002<\/li>\n<li>\u5ffd\u7565\u6743\u91cd&#xff0c;\u4e0d\u652f\u6301\u52a8\u6001\u8c03\u6574\u3002<\/li>\n<li>\u5b9e\u9a8c\u9a8c\u8bc1&#xff1a;<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nlisten webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> *:80<br \/>\n    balance first<br \/>\n    server yu1 <span class=\"token number\">192.168<\/span>.0.10:80 maxconn <span class=\"token number\">1<\/span> check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><br \/>\n    server yu2 <span class=\"token number\">192.168<\/span>.0.20:80 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy<\/span><\/p>\n<p><span class=\"token comment\"># \u5728\u4e00\u4e2a\u7ec8\u7aef\u6301\u7eed\u8bbf\u95ee&#xff0c;\u53e6\u4e00\u4e2a\u7ec8\u7aef\u4e5f\u53d1\u8d77\u8bf7\u6c42&#xff0c;\u89c2\u5bdf\u4f55\u65f6\u51fa\u73b0\u7b2c\u4e8c\u53f0\u670d\u52a1\u5668<\/span><br \/>\n<span class=\"token comment\"># \u5f53\u7b2c\u4e00\u4e2a\u8fde\u63a5\u672a\u91ca\u653e\u65f6&#xff08;maxconn&#061;1&#xff09;&#xff0c;\u7b2c\u4e8c\u4e2a\u8bf7\u6c42\u4f1a\u8f6c\u53d1\u5230\u7b2c\u4e8c\u53f0<\/span>\n <\/li>\n<\/ul>\n<p>\u6d4b\u8bd5\u6548\u679c&#xff1a; \u5728\u4e00\u4e2ashell\u4e2d\u6267\u884c\u6301\u7eed\u8bbf\u95ee <img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143030-69a1aa86272dd.png\" alt=\"\" \/> \u5728\u7b2c\u4e8c\u4e2ashell\u4e2d\u5efa\u7acb\u6301\u7eed\u8bbf\u95ee\u5e76\u89c2\u5bdf <img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143030-69a1aa865ca11.png\" alt=\"\" \/><\/p>\n<h4>4.2 \u52a8\u6001\u7b97\u6cd5<\/h4>\n<p>\u52a8\u6001\u7b97\u6cd5\u6839\u636e\u540e\u7aef\u5b9e\u65f6\u8d1f\u8f7d&#xff08;\u5982\u8fde\u63a5\u6570&#xff09;\u8fdb\u884c\u8c03\u5ea6&#xff0c;\u652f\u6301\u8fd0\u884c\u65f6\u8c03\u6574\u6743\u91cd\u548c\u6162\u542f\u52a8\u3002<\/p>\n<h5>4.2.1 roundrobin&#xff08;\u9ed8\u8ba4&#xff09;<\/h5>\n<ul>\n<li>\u57fa\u4e8e\u6743\u91cd\u7684\u8f6e\u8be2&#xff0c;\u652f\u6301\u6743\u91cd\u52a8\u6001\u8c03\u6574&#xff0c;\u6700\u591a\u652f\u63014095\u53f0\u540e\u7aef\u670d\u52a1\u5668\u3002<\/li>\n<li>\u652f\u6301\u6162\u542f\u52a8&#xff08;\u65b0\u52a0\u5165\u670d\u52a1\u5668\u9010\u6e10\u589e\u52a0\u8f6c\u53d1\u6570&#xff09;\u3002<\/li>\n<li>\u5b9e\u9a8c\u9a8c\u8bc1&#xff1a;<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nlisten webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> *:80<br \/>\n    balance roundrobin<br \/>\n    server yu1 <span class=\"token number\">192.168<\/span>.0.10:80 weight <span class=\"token number\">2<\/span> check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><br \/>\n    server yu2 <span class=\"token number\">192.168<\/span>.0.20:80 weight <span class=\"token number\">1<\/span> check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy<\/span>\n <\/li>\n<\/ul>\n<p><img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143030-69a1aa8693d34.png\" alt=\"\" \/> \u52a8\u6001\u8c03\u6574\u6743\u91cd<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo &#034;set weight webcluster\/yu1 1&#034; | socat stdio \/var\/lib\/haproxy\/stats<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo &#034;get weight webcluster\/yu1&#034; | socat stdio \/var\/lib\/haproxy\/stats<\/span><br \/>\n<span class=\"token number\">1<\/span> <span class=\"token punctuation\">(<\/span>initial <span class=\"token number\">2<\/span><span class=\"token punctuation\">)<\/span><\/p>\n<p>\u6d4b\u8bd5\u8f6e\u8be2\u6548\u679c&#xff08;\u6b64\u65f6\u6743\u91cd1:1&#xff0c;\u8f6e\u6d41&#xff09; <img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143030-69a1aa86f1e0c.png\" alt=\"\" \/><\/p>\n<h5>4.2.2 leastconn<\/h5>\n<ul>\n<li>\u52a0\u6743\u6700\u5c11\u8fde\u63a5&#xff0c;\u4f18\u5148\u5c06\u65b0\u8bf7\u6c42\u5206\u914d\u7ed9\u5f53\u524d\u6d3b\u52a8\u8fde\u63a5\u6570\u6700\u5c11\u7684\u540e\u7aef\u670d\u52a1\u5668\u3002<\/li>\n<li>\u9002\u5408\u957f\u8fde\u63a5\u573a\u666f&#xff08;\u5982MySQL\u3001Redis&#xff09;\u3002<\/li>\n<li>\u5b9e\u9a8c\u9a8c\u8bc1&#xff1a;<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nlisten webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> *:80<br \/>\n    balance leastconn<br \/>\n    server yu1 <span class=\"token number\">192.168<\/span>.0.10:80 weight <span class=\"token number\">1<\/span> check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><br \/>\n    server yu2 <span class=\"token number\">192.168<\/span>.0.20:80 weight <span class=\"token number\">1<\/span> check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy<\/span>\n <\/li>\n<\/ul>\n<p>\u6d4b\u8bd5\u7ed3\u679c\u4e0eroundrobin\u7c7b\u4f3c&#xff0c;\u4f46\u5728\u957f\u8fde\u63a5\u573a\u666f\u4e0b\u66f4\u5747\u8861<img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143031-69a1aa875379f.png\" alt=\"\" \/><\/p>\n<h4>4.3 \u6df7\u5408\u7b97\u6cd5&#xff08;\u53ef\u9759\u6001\u53ef\u52a8\u6001&#xff09;<\/h4>\n<p>\u901a\u8fc7hash-type\u53ef\u6539\u53d8\u7b97\u6cd5\u6027\u8d28&#xff1a;map-based&#xff08;\u9759\u6001\u53d6\u6a21&#xff09;\u6216consistent&#xff08;\u52a8\u6001\u4e00\u81f4\u6027\u54c8\u5e0c&#xff09;\u3002<\/p>\n<h5>4.3.1 source<\/h5>\n<ul>\n<li>\u57fa\u4e8e\u6e90IP\u5730\u5740\u7684\u54c8\u5e0c&#xff0c;\u786e\u4fdd\u540c\u4e00\u6e90IP\u7684\u8bf7\u6c42\u59cb\u7ec8\u53d1\u5f80\u540c\u4e00\u540e\u7aef\u670d\u52a1\u5668&#xff08;\u4f1a\u8bdd\u4fdd\u6301&#xff09;\u3002<\/li>\n<li>\u9ed8\u8ba4\u9759\u6001&#xff08;map-based&#xff09;&#xff0c;\u53ef\u901a\u8fc7hash-type consistent\u53d8\u4e3a\u52a8\u6001\u4e00\u81f4\u6027\u54c8\u5e0c\u3002<\/li>\n<li>\u5b9e\u9a8c&#xff1a;<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nlisten webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> *:80<br \/>\n    balance <span class=\"token builtin class-name\">source<\/span><br \/>\n    hash-type consistent   <span class=\"token comment\"># \u542f\u7528\u52a8\u6001\u4e00\u81f4\u6027\u54c8\u5e0c;\u5982\u679c\u662f\u9ed8\u8ba4\u9759\u6001\u7b97\u6cd5&#xff0c;\u8fd9\u4e2a\u884c\u4e0d\u7528\u5199<\/span><br \/>\n    server yu1 <span class=\"token number\">192.168<\/span>.0.10:80 weight <span class=\"token number\">1<\/span> check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><br \/>\n    server yu2 <span class=\"token number\">192.168<\/span>.0.20:80 weight <span class=\"token number\">1<\/span> check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy<\/span>\n <\/li>\n<\/ul>\n<p>\u540c\u4e00\u5ba2\u6237\u7aef\u591a\u6b21\u8bf7\u6c42\u59cb\u7ec8\u6307\u5411\u540c\u4e00\u540e\u7aef <img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143031-69a1aa87abb15.png\" alt=\"\" \/><\/p>\n<h5>4.3.2 uri<\/h5>\n<ul>\n<li>\u5bf9\u8bf7\u6c42\u7684URI&#xff08;\u6574\u4e2a\u6216\u5de6\u534a\u90e8\u5206&#xff09;\u505a\u54c8\u5e0c&#xff0c;\u9002\u7528\u4e8e\u7f13\u5b58\u670d\u52a1\u5668\u573a\u666f&#xff0c;\u786e\u4fdd\u76f8\u540cURI\u8bf7\u6c42\u5230\u540c\u4e00\u540e\u7aef\u3002<\/li>\n<li>\u652f\u6301map-based&#xff08;\u9759\u6001&#xff09;\u548cconsistent&#xff08;\u52a8\u6001&#xff09;\u3002<\/li>\n<li>\u5b9e\u9a8c&#xff1a;<\/li>\n<\/ul>\n<p> <span class=\"token comment\"># \u5728\u540e\u7aef\u51c6\u5907\u4e0d\u540cURI\u7684\u5185\u5bb9<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo yu &#8211; RS1 &#8211; 192.168.0.10 &gt; \/var\/www\/html\/index1.html<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo yu &#8211; RS1 &#8211; 192.168.0.10 &gt; \/var\/www\/html\/index2.html<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver2 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo yu &#8211; RS2 &#8211; 192.168.0.20 &gt; \/var\/www\/html\/index1.html<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver2 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo yu &#8211; RS2 &#8211; 192.168.0.20 &gt; \/var\/www\/html\/index2.html<\/span><\/p>\n<p> <span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\n listen webcluster<br \/>\n     <span class=\"token builtin class-name\">bind<\/span> *:80<br \/>\n     balance uri<br \/>\n     hash-type consistent<br \/>\n     server yu1 <span class=\"token number\">192.168<\/span>.0.10:80 weight <span class=\"token number\">1<\/span> check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><br \/>\n     server yu2 <span class=\"token number\">192.168<\/span>.0.20:80 weight <span class=\"token number\">1<\/span> check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><\/p>\n<p> <span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy<\/span><\/p>\n<p>\u6d4b\u8bd5\u76f8\u540cURI\u6307\u5411\u76f8\u540c\u540e\u7aef <img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143032-69a1aa881a1c3.png\" alt=\"\" \/><\/p>\n<h5>4.3.3 url_param<\/h5>\n<ul>\n<li>\u5bf9URL\u4e2d\u6307\u5b9a\u53c2\u6570\u7684\u503c\u505a\u54c8\u5e0c&#xff0c;\u4f8b\u5982 ?name&#061;lee&#xff0c;\u5e38\u7528\u4e8e\u8ffd\u8e2a\u7528\u6237\u5b9e\u73b0\u4f1a\u8bdd\u4fdd\u6301\u3002<\/li>\n<li>\u82e5\u53c2\u6570\u4e0d\u5b58\u5728&#xff0c;\u5219\u4f7f\u7528roundrobin\u3002<\/li>\n<li>\u5b9e\u9a8c&#xff1a;<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nlisten webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> *:80<br \/>\n    balance url_param name<br \/>\n    hash-type consistent<br \/>\n    server yu1 <span class=\"token number\">192.168<\/span>.0.10:80 weight <span class=\"token number\">1<\/span> check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><br \/>\n    server yu2 <span class=\"token number\">192.168<\/span>.0.20:80 weight <span class=\"token number\">1<\/span> check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy<\/span>\n <\/li>\n<\/ul>\n<p>\u6d4b\u8bd5\u76f8\u540c\u53c2\u6570\u503c\u6307\u5411\u540c\u4e00\u540e\u7aef<img decoding=\"async\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143032-69a1aa8883f2c.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<h5>4.3.4 hdr<\/h5>\n<p>balance hdr()\u7b97\u6cd5\u62ec\u53f7\u5185\u53ef\u4ee5\u586b\u5199\u7684\u662fHTTP\u8bf7\u6c42\u5934\u7684\u5b57\u6bb5\u540d\u79f0\u3002\u8fd9\u4e2a\u5b57\u6bb5\u5c06\u4f5c\u4e3a\u54c8\u5e0c\u8ba1\u7b97\u7684\u4f9d\u636e&#xff0c;\u51b3\u5b9a\u8bf7\u6c42\u88ab\u5206\u914d\u5230\u54ea\u4e2a\u540e\u7aef\u670d\u52a1\u5668\u3002 \u53ef\u4ee5\u901a\u8fc7\u4e0b\u9762\u65b9\u5f0f\u8fdb\u884c\u67e5\u8be2&#xff1a;<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># curl -v 172.25.254.100<\/span><br \/>\n*   Trying <span class=\"token number\">172.25<\/span>.254.100:80<span class=\"token punctuation\">..<\/span>.<br \/>\n* Connected to <span class=\"token number\">172.25<\/span>.254.100 <span class=\"token punctuation\">(<\/span><span class=\"token number\">172.25<\/span>.254.100<span class=\"token punctuation\">)<\/span> port <span class=\"token number\">80<\/span> <span class=\"token punctuation\">(<\/span><span class=\"token comment\">#0)<\/span><br \/>\n<span class=\"token operator\">&gt;<\/span> GET \/ HTTP\/1.1<br \/>\n<span class=\"token operator\">&gt;<\/span> Host: <span class=\"token number\">172.25<\/span>.254.100<br \/>\n<span class=\"token operator\">&gt;<\/span> User-Agent: curl\/7.76.1<br \/>\n<span class=\"token operator\">&gt;<\/span> Accept: *\/*<br \/>\n<span class=\"token operator\">&gt;<\/span><br \/>\n* Mark bundle as not supporting multiuse<br \/>\n<span class=\"token operator\">&lt;<\/span> HTTP\/1.1 <span class=\"token number\">200<\/span> OK<br \/>\n<span class=\"token operator\">&lt;<\/span> date: Tue, <span class=\"token number\">24<\/span> Feb <span class=\"token number\">2026<\/span> <span class=\"token number\">12<\/span>:08:45 GMT<br \/>\n<span class=\"token operator\">&lt;<\/span> server: Apache\/2.4.62 <span class=\"token punctuation\">(<\/span>Red Hat Enterprise Linux<span class=\"token punctuation\">)<\/span><br \/>\n<span class=\"token operator\">&lt;<\/span> last-modified: Mon, <span class=\"token number\">23<\/span> Feb <span class=\"token number\">2026<\/span> <span class=\"token number\">13<\/span>:55:24 GMT<br \/>\n<span class=\"token operator\">&lt;<\/span> etag: <span class=\"token string\">&#034;1f-64b7e1f5c6f05&#034;<\/span><br \/>\n<span class=\"token operator\">&lt;<\/span> accept-ranges: bytes<br \/>\n<span class=\"token operator\">&lt;<\/span> content-length: <span class=\"token number\">31<\/span><br \/>\n<span class=\"token operator\">&lt;<\/span> content-type: text\/html<span class=\"token punctuation\">;<\/span> <span class=\"token assign-left variable\">charset<\/span><span class=\"token operator\">&#061;<\/span>UTF-8<br \/>\n<span class=\"token operator\">&lt;<\/span><br \/>\nyu &#8211; webserver1 &#8211; <span class=\"token number\">192.168<\/span>.0.10<br \/>\n* Connection <span class=\"token comment\">#0 to host 172.25.254.100 left intact<\/span><\/p>\n<ul>\n<li>\u5bf9HTTP\u8bf7\u6c42\u5934\u4e2d\u6307\u5b9a\u5b57\u6bb5\u7684\u503c\u505a\u54c8\u5e0c&#xff0c;\u4f8b\u5982 User-Agent\u3002<\/li>\n<li>\u5b9e\u9a8c&#xff1a;<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nlisten webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> *:80<br \/>\n    balance hdr<span class=\"token punctuation\">(<\/span>User-Agent<span class=\"token punctuation\">)<\/span><br \/>\n    hash-type consistent<br \/>\n    server yu1 <span class=\"token number\">192.168<\/span>.0.10:80 weight <span class=\"token number\">1<\/span> check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><br \/>\n    server yu2 <span class=\"token number\">192.168<\/span>.0.20:80 weight <span class=\"token number\">1<\/span> check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy<\/span>\n <\/li>\n<\/ul>\n<p>\u6d4b\u8bd5\u76f8\u540cUser-Agent\u6307\u5411\u540c\u4e00\u540e\u7aef <img decoding=\"async\" src=\"2026-02-27era22b4br3c.png\" alt=\"\" \/><\/p>\n<h4>4.4 \u7b97\u6cd5\u603b\u7ed3<\/h4>\n<table>\n<tr>\u7b97\u6cd5\u7c7b\u578b\u9002\u7528\u573a\u666f\u52a8\u6001\u8c03\u6574\u6743\u91cd<\/tr>\n<tbody>\n<tr>\n<td>static-rr<\/td>\n<td>\u9759\u6001<\/td>\n<td>\u7b80\u5355\u8f6e\u8be2&#xff0c;\u4e0d\u9700\u52a8\u6001\u8c03\u6574<\/td>\n<td>\u4e0d\u652f\u6301<\/td>\n<\/tr>\n<tr>\n<td>first<\/td>\n<td>\u9759\u6001<\/td>\n<td>\u6309\u4f18\u5148\u7ea7\u4f7f\u7528\u670d\u52a1\u5668<\/td>\n<td>\u4e0d\u652f\u6301<\/td>\n<\/tr>\n<tr>\n<td>roundrobin<\/td>\n<td>\u52a8\u6001<\/td>\n<td>\u901a\u7528HTTP\u8d1f\u8f7d\u5747\u8861<\/td>\n<td>\u652f\u6301<\/td>\n<\/tr>\n<tr>\n<td>leastconn<\/td>\n<td>\u52a8\u6001<\/td>\n<td>\u957f\u8fde\u63a5&#xff08;MySQL\u3001Redis&#xff09;<\/td>\n<td>\u652f\u6301<\/td>\n<\/tr>\n<tr>\n<td>source<\/td>\n<td>\u6df7\u5408<\/td>\n<td>\u57fa\u4e8e\u6e90IP\u7684\u4f1a\u8bdd\u4fdd\u6301<\/td>\n<td>\u53d6\u51b3\u4e8ehash-type<\/td>\n<\/tr>\n<tr>\n<td>uri<\/td>\n<td>\u6df7\u5408<\/td>\n<td>\u7f13\u5b58\u670d\u52a1\u5668&#xff08;\u76f8\u540cURI\u7f13\u5b58&#xff09;<\/td>\n<td>\u53d6\u51b3\u4e8ehash-type<\/td>\n<\/tr>\n<tr>\n<td>url_param<\/td>\n<td>\u6df7\u5408<\/td>\n<td>\u57fa\u4e8eURL\u53c2\u6570\u7684\u4f1a\u8bdd\u4fdd\u6301<\/td>\n<td>\u53d6\u51b3\u4e8ehash-type<\/td>\n<\/tr>\n<tr>\n<td>hdr<\/td>\n<td>\u6df7\u5408<\/td>\n<td>\u57fa\u4e8eHTTP\u5934\u90e8\u7684\u4f1a\u8bdd\u4fdd\u6301<\/td>\n<td>\u53d6\u51b3\u4e8ehash-type<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>\u4e94\u3001\u9ad8\u7ea7\u529f\u80fd\u53ca\u914d\u7f6e<\/h3>\n<h4>5.1 \u57fa\u4e8eCookie\u7684\u4f1a\u8bdd\u4fdd\u6301<\/h4>\n<p>\u901a\u8fc7\u63d2\u5165Cookie\u5b9e\u73b0\u66f4\u7cbe\u7ec6\u7684\u4f1a\u8bdd\u4fdd\u6301&#xff08;\u540c\u4e00\u6d4f\u89c8\u5668\u8bbf\u95ee\u540c\u4e00\u540e\u7aef&#xff09;&#xff0c;\u6bd4\u6e90\u5730\u5740\u54c8\u5e0c\u66f4\u7cbe\u51c6&#xff0c;\u4f46\u4f1a\u589e\u52a0Haproxy\u8d1f\u8f7d\u3002<\/p>\n<h5>\u914d\u7f6e\u53c2\u6570<\/h5>\n<ul>\n<li>cookie &lt;name&gt; [ rewrite | insert | prefix ] [ indirect ] [ nocache ]\n<ul>\n<li>insert&#xff1a;\u63d2\u5165\u65b0\u7684Cookie\u3002<\/li>\n<li>indirect&#xff1a;\u5982\u679c\u5ba2\u6237\u7aef\u5df2\u6709Cookie&#xff0c;\u5219\u4e0d\u518d\u53d1\u9001\u3002<\/li>\n<li>nocache&#xff1a;\u7981\u6b62\u4e2d\u95f4\u7f13\u5b58\u7f13\u5b58Cookie\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h5>\u5b9e\u9a8c\u914d\u7f6e<\/h5>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nlisten webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> *:80<br \/>\n    balance     roundrobin<br \/>\n    hash-type   consistent<br \/>\n    cookie WEBCOOKIE insert nocache indirect<br \/>\n    server yu1 <span class=\"token number\">192.168<\/span>.0.10:80 cookie web1 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span> weight <span class=\"token number\">1<\/span><br \/>\n    server yu2 <span class=\"token number\">192.168<\/span>.0.20:80 cookie web2 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span> weight <span class=\"token number\">1<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy<\/span><\/p>\n<h5>\u9a8c\u8bc1<\/h5>\n<ul>\n<li>\u9996\u6b21\u8bbf\u95ee\u65f6&#xff0c;\u54cd\u5e94\u5934\u4e2d\u5305\u542bSet-Cookie: WEBCOOKIE&#061;web1&#xff0c;\u540e\u7eed\u8bf7\u6c42\u643a\u5e26\u6b64Cookie\u4f1a\u88ab\u5b9a\u5411\u5230\u76f8\u540c\u540e\u7aef\u3002<\/li>\n<li>\u4f7f\u7528\u4e0d\u540c\u6d4f\u89c8\u5668\u6d4b\u8bd5&#xff0c;\u5404\u81ea\u4fdd\u6301\u4f1a\u8bdd\u3002 <img decoding=\"async\" src=\"2026-02-27cbchb2emh1q.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/li>\n<\/ul>\n<h4>5.2 HAProxy\u72b6\u6001\u9875<\/h4>\n<p>\u63d0\u4f9bWeb\u754c\u9762\u67e5\u770bHAProxy\u7684\u8fd0\u884c\u72b6\u6001\u548c\u540e\u7aef\u670d\u52a1\u5668\u5065\u5eb7\u60c5\u51b5\u3002<\/p>\n<h5>\u914d\u7f6e\u53c2\u6570<\/h5>\n<ul>\n<li>stats enable&#xff1a;\u542f\u7528\u72b6\u6001\u9875\u3002<\/li>\n<li>stats uri &lt;prefix&gt;&#xff1a;\u81ea\u5b9a\u4e49URI&#xff0c;\u9ed8\u8ba4\u4e3a\/haproxy?stats\u3002<\/li>\n<li>stats auth &lt;user&gt;:&lt;passwd&gt;&#xff1a;\u8ba4\u8bc1\u4fe1\u606f\u3002<\/li>\n<li>stats refresh &lt;delay&gt;&#xff1a;\u81ea\u52a8\u5237\u65b0\u95f4\u9694\u3002<\/li>\n<li>stats admin { if | unless } &lt;cond&gt;&#xff1a;\u542f\u7528\u7ba1\u7406\u529f\u80fd&#xff08;\u53ef\u5728\u7ebf\u4e0a\u4e0b\u7ebf\u670d\u52a1\u5668&#xff09;\u3002<\/li>\n<\/ul>\n<h5>\u5b9e\u9a8c\u914d\u7f6e<\/h5>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nlisten stats<br \/>\n    mode        http<br \/>\n    <span class=\"token builtin class-name\">bind<\/span>        <span class=\"token number\">0.0<\/span>.0.0:4321<br \/>\n    stats       <span class=\"token builtin class-name\">enable<\/span><br \/>\n    log         global<br \/>\n<span class=\"token comment\">#   stats       refresh<\/span><br \/>\n    stats uri   \/stats<br \/>\n    stats auth  yu:yu<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy.service<\/span><\/p>\n<p>\u8bbf\u95ee http:\/\/172.25.254.100:4321\/stats&#xff0c;\u8f93\u5165\u7528\u6237\u540d\u5bc6\u7801\u5373\u53ef\u67e5\u770b\u3002 <img decoding=\"async\" src=\"2026-02-27lz2a2s2ooy0.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/> \u5f00\u542f\u81ea\u52a8\u5237\u65b0<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nlisten stats<br \/>\n    mode        http<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> <span class=\"token number\">0.0<\/span>.0.0:4321<br \/>\n    stats       <span class=\"token builtin class-name\">enable<\/span><br \/>\n    log         global<br \/>\n    stats       refresh   <span class=\"token number\">1<\/span><br \/>\n    stats uri   \/status<br \/>\n    stats auth  yu:yu<br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy.service<\/span><\/p>\n<p><img decoding=\"async\" src=\"2026-02-27poff0kd1acx.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/> \u6a21\u62df\u8bbe\u5907\u4e0b\u7ebf<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl stop httpd<\/span><\/p>\n<p><img decoding=\"async\" src=\"2026-02-27zkigv4oorlm.png\" alt=\"\" \/><\/p>\n<h5>\u72b6\u6001\u9875\u4fe1\u606f\u89e3\u8bfb<\/h5>\n<ul>\n<li>pid\/uptime&#xff1a;\u8fdb\u7a0bID\u548c\u8fd0\u884c\u65f6\u95f4\u3002<\/li>\n<li>active UP\/backup UP&#xff1a;\u5728\u7ebf\u670d\u52a1\u5668\u72b6\u6001\u3002<\/li>\n<li>session rate\/sessions&#xff1a;\u8fde\u63a5\u901f\u7387\u548c\u603b\u8fde\u63a5\u6570\u3002<\/li>\n<li>\u53ef\u5728\u6b64\u9875\u9762\u624b\u52a8\u7981\u7528\/\u542f\u7528\u540e\u7aef\u670d\u52a1\u5668&#xff08;\u82e5\u542f\u7528stats admin&#xff09;\u3002<\/li>\n<\/ul>\n<h4>5.3 IP\u900f\u4f20<\/h4>\n<p>\u4f7f\u540e\u7aef\u670d\u52a1\u5668\u80fd\u8bb0\u5f55\u5ba2\u6237\u7aef\u7684\u771f\u5b9eIP&#xff0c;\u800c\u975eHAProxy\u7684IP\u3002<\/p>\n<h5>5.3.1 \u4e03\u5c42IP\u900f\u4f20<\/h5>\n<p>HAProxy\u5728\u8f6c\u53d1HTTP\u8bf7\u6c42\u65f6\u6dfb\u52a0X-Forwarded-For\u5934\u90e8\u3002<\/p>\n<ul>\n<li>\u5b9e\u9a8c\u73af\u5883<\/li>\n<\/ul>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nlisten webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span>            *:80<br \/>\n<span class=\"token comment\">#   mode            http<\/span><br \/>\n    balance         roundrobin<br \/>\n    server yu1 <span class=\"token number\">192.168<\/span>.0.10:80 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span> weight <span class=\"token number\">1<\/span><br \/>\n    server yu2 <span class=\"token number\">192.168<\/span>.0.20:80 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span> weight <span class=\"token number\">1<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy.service<\/span><\/p>\n<p>\u6d4b\u8bd5\u73af\u5883 <img decoding=\"async\" src=\"2026-02-27easuntiexee.png\" alt=\"\" \/><\/p>\n<ul>\n<li>\u914d\u7f6e&#xff1a;<\/li>\n<\/ul>\n<p><span class=\"token comment\"># RS\u4e3b\u673a\u4e2d\u9ed8\u8ba4\u662f\u4e0d\u5f00\u542f\u900f\u4f20\u529f\u80fd<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver2 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># cat \/etc\/httpd\/logs\/access_log<\/span><br \/>\n<span class=\"token number\">192.168<\/span>.0.100 &#8211; &#8211; <span class=\"token punctuation\">[<\/span><span class=\"token number\">24<\/span>\/Feb\/2026:21:51:51 &#043;0800<span class=\"token punctuation\">]<\/span> <span class=\"token string\">&#034;GET \/ HTTP\/1.1&#034;<\/span> <span class=\"token number\">200<\/span> <span class=\"token number\">31<\/span> <span class=\"token string\">&#034;-&#034;<\/span> <span class=\"token string\">&#034;curl\/8.4.0&#034;<\/span><\/p>\n<p><span class=\"token comment\"># \u5f00\u542fIP\u900f\u4f20\u65b9\u5f0f<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver2 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\">#  vim \/etc\/httpd\/conf\/httpd.conf<\/span><br \/>\n<span class=\"token number\">201<\/span>    LogFormat <span class=\"token string\">&#034;%h %l %u %t <span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span>%r<span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span> %&gt;s %b <span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span>%{X-Forwarded-For}i<span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span> <span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span>%{Referer}i<span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span> <span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span>%{User-Agent}i    <span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span>&#034;<\/span> combined<\/p>\n<ul>\n<li>\u6d4b\u8bd5&#xff1a; \u8bbf\u95eeHAProxy\u540e&#xff0c;\u67e5\u770b\u540e\u7aefApache\u65e5\u5fd7&#xff0c;\u53ef\u4ee5\u770b\u5230X-Forwarded-For\u8bb0\u5f55\u4e86\u5ba2\u6237\u7aef\u771f\u5b9eIP&#xff08;\u8fd9\u91cc\u662f172.25.254.1&#xff09;\u3002 <img decoding=\"async\" src=\"2026-02-2703dge1y2jju.png\" alt=\"\" \/><\/li>\n<\/ul>\n<h5>5.3.2 \u56db\u5c42IP\u900f\u4f20&#xff08;PROXY protocol&#xff09;<\/h5>\n<p>\u56db\u5c42\u6a21\u5f0f\u4e0b&#xff0c;\u901a\u8fc7PROXY protocol\u4f20\u9012\u5ba2\u6237\u7aefIP\u3002<\/p>\n<ul>\n<li>\u73af\u5883\u8bbe\u7f6e<\/li>\n<\/ul>\n<p><span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl disable &#8211;now httpd.service<\/span><br \/>\nRemoved <span class=\"token string\">&#034;\/etc\/systemd\/system\/multi-user.target.wants\/httpd.service&#034;<\/span><span class=\"token builtin class-name\">.<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver2 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl disable &#8211;now httpd.service<\/span><br \/>\nRemoved <span class=\"token string\">&#034;\/etc\/systemd\/system\/multi-user.target.wants\/httpd.service&#034;<\/span><span class=\"token builtin class-name\">.<\/span><\/p>\n<ul>\n<li>\u90e8\u7f72nginx<\/li>\n<\/ul>\n<p><span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># dnf install nginx -y<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo yu &#8211; RS1 &#8211; 192.168.0.10 &gt; \/usr\/share\/nginx\/html\/index.html<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl enable &#8211;now nginx<\/span><br \/>\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/nginx.service \u2192 \/usr\/lib\/systemd\/system\/nginx.service.<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;webserver2 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># dnf install nginx -y<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver2 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo yu &#8211; RS2 &#8211; 192.168.0.20 &gt; \/usr\/share\/nginx\/html\/index.html<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver2 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl enable &#8211;now nginx<\/span><br \/>\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/nginx.service \u2192 \/usr\/lib\/systemd\/system\/nginx.service.<\/p>\n<ul>\n<li>\u6d4b\u73af\u5883 <img decoding=\"async\" src=\"2026-02-27hngzfkvao1l.png\" alt=\"\" \/><\/li>\n<li>\u540e\u7aefNginx\u914d\u7f6e&#xff1a;<\/li>\n<\/ul>\n<p><span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/nginx\/nginx.conf<\/span><br \/>\n    server <span class=\"token punctuation\">{<\/span><br \/>\n        listen       <span class=\"token number\">80<\/span> proxy_protocol<span class=\"token punctuation\">;<\/span><span class=\"token comment\">#\u542f\u7528\u56db\u5c42\u8bbf\u95ee\u63a7\u5236<\/span><br \/>\n        listen       <span class=\"token punctuation\">[<\/span>::<span class=\"token punctuation\">]<\/span>:80<span class=\"token punctuation\">;<\/span><br \/>\n        server_name  _<span class=\"token punctuation\">;<\/span><br \/>\n        root         \/usr\/share\/nginx\/html<span class=\"token punctuation\">;<\/span><\/p>\n<p>        <span class=\"token comment\"># Load configuration files for the default server block.<\/span><br \/>\n        include \/etc\/nginx\/default.d\/*.conf<span class=\"token punctuation\">;<\/span><\/p>\n<p>        error_page <span class=\"token number\">404<\/span> \/404.html<span class=\"token punctuation\">;<\/span><br \/>\n        location <span class=\"token operator\">&#061;<\/span> \/404.html <span class=\"token punctuation\">{<\/span><br \/>\n        <span class=\"token punctuation\">}<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;webserver2 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/nginx\/nginx.conf<\/span><br \/>\n    server <span class=\"token punctuation\">{<\/span><br \/>\n        listen       <span class=\"token number\">80<\/span> proxy_protocol<span class=\"token punctuation\">;<\/span><span class=\"token comment\">#\u542f\u7528\u56db\u5c42\u8bbf\u95ee\u63a7\u5236<\/span><br \/>\n        listen       <span class=\"token punctuation\">[<\/span>::<span class=\"token punctuation\">]<\/span>:80<span class=\"token punctuation\">;<\/span><br \/>\n        server_name  _<span class=\"token punctuation\">;<\/span><br \/>\n        root         \/usr\/share\/nginx\/html<span class=\"token punctuation\">;<\/span><\/p>\n<p>        <span class=\"token comment\"># Load configuration files for the default server block.<\/span><br \/>\n        include \/etc\/nginx\/default.d\/*.conf<span class=\"token punctuation\">;<\/span><\/p>\n<p>        error_page <span class=\"token number\">404<\/span> \/404.html<span class=\"token punctuation\">;<\/span><br \/>\n        location <span class=\"token operator\">&#061;<\/span> \/404.html <span class=\"token punctuation\">{<\/span><br \/>\n        <span class=\"token punctuation\">}<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart nginx.service<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver2 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart nginx.service<\/span><\/p>\n<ul>\n<li>\n<p>\u6d4b\u8bd5 <img decoding=\"async\" src=\"2026-02-27ilmxvxgefo4.png\" alt=\"\" \/> \u51fa\u73b0\u4e0a\u8ff0\u62a5\u9519\u6807\u8bc6nginx\u53ea\u652f\u6301\u56db\u5c42\u8bbf\u95ee<\/p>\n<\/li>\n<li>\n<p>HAProxy\u914d\u7f6e&#xff1a;<\/p>\n<\/li>\n<\/ul>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nlisten webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span>            *:80<br \/>\n    mode            tcp<br \/>\n    balance         roundrobin<br \/>\n    server yu1 <span class=\"token number\">192.168<\/span>.0.10:80 send-proxy check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span> weight <span class=\"token number\">1<\/span><br \/>\n    server yu2 <span class=\"token number\">192.168<\/span>.0.20:80 send-proxy check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span> weight <span class=\"token number\">1<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy.service<\/span><\/p>\n<ul>\n<li>\u6d4b\u8bd5 <img decoding=\"async\" src=\"2026-02-27n4cprkcxfl0.png\" alt=\"\" \/><\/li>\n<li>\u8bbe\u7f6e\u56db\u5c42IP\u900f\u4f20\n<ul>\n<li>\u5b9e\u9a8c\u6b65\u9aa4&#xff1a;<\/li>\n<\/ul>\n<li>\u5728\u540e\u7aef\u5b89\u88c5Nginx\u5e76\u914d\u7f6eproxy_protocol\u3002<\/li>\n<li>\u4fee\u6539HAProxy\u4e3amode tcp\u5e76\u6dfb\u52a0send-proxy\u3002<\/li>\n<li>\u8bbf\u95ee\u6d4b\u8bd5&#xff0c;\u540e\u7aefNginx\u65e5\u5fd7\u4e2d\u901a\u8fc7$proxy_protocol_addr\u53d8\u91cf\u8bb0\u5f55\u771f\u5b9eIP\u3002<\/li>\n<\/li>\n<\/ul>\n<p><span class=\"token comment\"># webserver1\u4e0ewebserver2\u4e00\u81f4<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/nginx\/nginx.conf<\/span><br \/>\nhttp <span class=\"token punctuation\">{<\/span><br \/>\n    log_format  main  <span class=\"token string\">&#039;$remote_addr &#8211; $remote_user [$time_local] &#034;$request&#034; &#039;<\/span><br \/>\n                      <span class=\"token string\">&#039;&#034;$proxy_protocol_addr&#034;&#039;<\/span><br \/>\n                      <span class=\"token string\">&#039;$status $body_bytes_sent &#034;$http_referer&#034; &#039;<\/span><br \/>\n                      <span class=\"token string\">&#039;&#034;$http_user_agent&#034; &#034;$http_x_forwarded_for&#034;&#039;<\/span><span class=\"token punctuation\">;<\/span><\/p>\n<p><img decoding=\"async\" src=\"2026-02-275r1ue2tghk5.png\" alt=\"\" \/><\/p>\n<ul>\n<li>\u6ce8\u610f&#xff1a;\u542f\u7528\u56db\u5c42\u900f\u4f20\u540e&#xff0c;\u540e\u7aef\u53ea\u80fd\u63a5\u53d7PROXY protocol\u8fde\u63a5&#xff0c;\u65e0\u6cd5\u76f4\u63a5\u901a\u8fc7\u666e\u901aHTTP\u8bbf\u95ee\u3002<\/li>\n<\/ul>\n<h3>\u516d\u3001Haproxy\u7684\u56db\u5c42\u8d1f\u8f7d\u5747\u8861<\/h3>\n<h4>6.1 \u73af\u5883\u8bbe\u5b9a<\/h4>\n<p>webserver2\u8bbe\u5b9a\u4e0ewebserver1\u7c7b\u4f3c&#xff0c;\u8fd9\u91cc\u4ee5webserver1\u4e3a\u4f8b<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># dnf install mariadb-server mariadb -y<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/my.cnf.d\/mariadb-server.cnf<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>mysqld<span class=\"token punctuation\">]<\/span><br \/>\n<span class=\"token assign-left variable\">server_id<\/span><span class=\"token operator\">&#061;<\/span><span class=\"token number\">10<\/span> <span class=\"token comment\">#webserver2\u8bbe\u7f6eserver_id&#061;20<\/span><br \/>\n<span class=\"token assign-left variable\">datadir<\/span><span class=\"token operator\">&#061;<\/span>\/var\/lib\/mysql<br \/>\n<span class=\"token assign-left variable\">socket<\/span><span class=\"token operator\">&#061;<\/span>\/var\/lib\/mysql\/mysql.sock<br \/>\nlog-error<span class=\"token operator\">&#061;<\/span>\/var\/log\/mariadb\/mariadb.log<br \/>\npid-file<span class=\"token operator\">&#061;<\/span>\/run\/mariadb\/mariadb.pid<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart mariadb.service<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># mysql<\/span><br \/>\nWelcome to the MariaDB monitor.  Commands end with <span class=\"token punctuation\">;<\/span> or <span class=\"token punctuation\">\\\\<\/span>g.<br \/>\nYour MariaDB connection <span class=\"token function\">id<\/span> is <span class=\"token number\">3<\/span><br \/>\nServer version: <span class=\"token number\">10.5<\/span>.27-MariaDB MariaDB Server<\/p>\n<p>Copyright <span class=\"token punctuation\">(<\/span>c<span class=\"token punctuation\">)<\/span> <span class=\"token number\">2000<\/span>, <span class=\"token number\">2018<\/span>, Oracle, MariaDB Corporation Ab and others.<\/p>\n<p>Type <span class=\"token string\">&#039;help;&#039;<\/span> or <span class=\"token string\">&#039;\\\\h&#039;<\/span> <span class=\"token keyword\">for<\/span> help. Type <span class=\"token string\">&#039;\\\\c&#039;<\/span> to <span class=\"token function\">clear<\/span> the current input statement.<\/p>\n<p>MariaDB <span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">(<\/span>none<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">]<\/span><span class=\"token operator\">&gt;<\/span> create user <span class=\"token string\">&#039;yu&#039;<\/span>&#064;<span class=\"token string\">&#039;%&#039;<\/span> identified by <span class=\"token string\">&#039;yu&#039;<\/span><span class=\"token punctuation\">;<\/span><br \/>\nQuery OK, <span class=\"token number\">0<\/span> rows affected <span class=\"token punctuation\">(<\/span><span class=\"token number\">0.001<\/span> sec<span class=\"token punctuation\">)<\/span><\/p>\n<p>MariaDB <span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">(<\/span>none<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">]<\/span><span class=\"token operator\">&gt;<\/span> grant all on *.* to <span class=\"token string\">&#039;yu&#039;<\/span>&#064;<span class=\"token string\">&#039;%&#039;<\/span><span class=\"token punctuation\">;<\/span><br \/>\nQuery OK, <span class=\"token number\">0<\/span> rows affected <span class=\"token punctuation\">(<\/span><span class=\"token number\">0.001<\/span> sec<span class=\"token punctuation\">)<\/span><\/p>\n<p>\u57fa\u7840\u6d4b\u8bd5 <img decoding=\"async\" src=\"2026-02-27ua5xdt53ab4.png\" alt=\"\" \/><\/p>\n<ul>\n<li>\u56db\u5c42\u8d1f\u8f7d\u64cd\u4f5c<\/li>\n<\/ul>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nlisten mariadbcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span>            *:6663<br \/>\n    mode            tcp<br \/>\n    balance         roundrobin<br \/>\n    server yu1 <span class=\"token number\">192.168<\/span>.0.10:3306 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span> weight <span class=\"token number\">1<\/span><br \/>\n    server yu2 <span class=\"token number\">192.168<\/span>.0.20:3306 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span> weight <span class=\"token number\">1<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy.service<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># netstat -lntupae | grep haproxy<\/span><br \/>\ntcp        <span class=\"token number\">0<\/span>      <span class=\"token number\">0<\/span> <span class=\"token number\">0.0<\/span>.0.0:6663            <span class=\"token number\">0.0<\/span>.0.0:*               LISTEN      <span class=\"token number\">0<\/span>          <span class=\"token number\">65741<\/span>      <span class=\"token number\">3073<\/span>\/haproxy<br \/>\ntcp        <span class=\"token number\">0<\/span>      <span class=\"token number\">0<\/span> <span class=\"token number\">0.0<\/span>.0.0:4321            <span class=\"token number\">0.0<\/span>.0.0:*               LISTEN      <span class=\"token number\">0<\/span>          <span class=\"token number\">65742<\/span>      <span class=\"token number\">3073<\/span>\/haproxy<br \/>\ntcp        <span class=\"token number\">0<\/span>      <span class=\"token number\">0<\/span> <span class=\"token number\">0.0<\/span>.0.0:80              <span class=\"token number\">0.0<\/span>.0.0:*               LISTEN      <span class=\"token number\">0<\/span>          <span class=\"token number\">65740<\/span>      <span class=\"token number\">3073<\/span>\/haproxy<\/p>\n<ul>\n<li>\u6d4b\u8bd5 \u5728\u6d4b\u8bd5\u673a\u4e0a\u5b89\u88c5mysql\u5305 <img decoding=\"async\" src=\"2026-02-27u3nqfkmjrqf.png\" alt=\"\" \/><\/li>\n<\/ul>\n<h4>6.2 \u8bbe\u7f6ebackup\u53c2\u6570<\/h4>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nlisten mariadbcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span>            *:6663<br \/>\n    mode            tcp<br \/>\n    balance         roundrobin<br \/>\n    server yu1 <span class=\"token number\">192.168<\/span>.0.10:3306 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span> weight <span class=\"token number\">1<\/span><br \/>\n    server yu2 <span class=\"token number\">192.168<\/span>.0.20:3306 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span> weight <span class=\"token number\">1<\/span> backup<br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy.service<\/span><\/p>\n<ul>\n<li>\u6d4b\u8bd5 <img decoding=\"async\" src=\"2026-02-272dbwxknozuo.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/li>\n<\/ul>\n<p>\u5173\u95ed10\u7684mariadb\u5e76\u7b49\u5f851\u5206\u949f<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl stop mariadb.service<\/span><\/p>\n<p>\u6d4b\u8bd5 <img decoding=\"async\" src=\"2026-02-27g3imvx44dag.png\" alt=\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \/><\/p>\n<p>HAProxy\u652f\u6301\u5bf9TCP\u534f\u8bae\u7684\u5e94\u7528\u505a\u8d1f\u8f7d\u5747\u8861&#xff0c;\u5982MySQL\u3001Redis\u3001Memcached\u7b49\u3002 &#xff08;\u8865\u5145&#xff09; \u8fde\u63a5\u5230\u516d\u3001\u8d1f\u8f7d\u5747\u8861\u914d\u7f6e \u4e0e\u4e03\u5c42\u7c7b\u4f3c&#xff0c;\u53ea\u9700\u5c06mode\u8bbe\u4e3atcp\u3002<\/p>\n<p>MySQL\u8d1f\u8f7d\u5747\u8861<\/p>\n<li>\u540e\u7aefMySQL\u914d\u7f6e&#xff08;\u4e24\u53f0\u670d\u52a1\u5668&#xff09;&#xff1a;<span class=\"token comment\"># \u5b89\u88c5mariadb-server&#xff0c;\u8bbe\u7f6eserver-id<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/my.cnf.d\/mariadb-server.cnf<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>mysqld<span class=\"token punctuation\">]<\/span><br \/>\n<span class=\"token assign-left variable\">server_id<\/span><span class=\"token operator\">&#061;<\/span><span class=\"token number\">10<\/span><br \/>\n<span class=\"token comment\"># webserver2\u8bbe\u4e3a20<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;webserver1 ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl start mariadb<\/span><br \/>\n<span class=\"token comment\"># \u521b\u5efa\u8fdc\u7a0b\u7528\u6237<\/span><br \/>\nMariaDB <span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">(<\/span>none<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">]<\/span><span class=\"token operator\">&gt;<\/span> CREATE <span class=\"token environment constant\">USER<\/span> <span class=\"token string\">&#039;lee&#039;<\/span>&#064;<span class=\"token string\">&#039;%&#039;<\/span> IDENTIFIED BY <span class=\"token string\">&#039;lee&#039;<\/span><span class=\"token punctuation\">;<\/span><br \/>\nMariaDB <span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">(<\/span>none<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">]<\/span><span class=\"token operator\">&gt;<\/span> GRANT ALL ON *.* TO <span class=\"token string\">&#039;lee&#039;<\/span>&#064;<span class=\"token string\">&#039;%&#039;<\/span><span class=\"token punctuation\">;<\/span>\n <\/li>\n<li>HAProxy\u914d\u7f6e&#xff1a;listen mysql-cluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> *:3306<br \/>\n    mode tcp<br \/>\n    balance leastconn<br \/>\n    server mysql1 <span class=\"token number\">192.168<\/span>.0.10:3306 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span><br \/>\n    server mysql2 <span class=\"token number\">192.168<\/span>.0.20:3306 check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span>\n <\/li>\n<li>\u6d4b\u8bd5&#xff1a;<span class=\"token punctuation\">[<\/span>root&#064;client ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># mysql -ulee -plee -h172.25.254.100 -P3306 -e &#034;select &#064;&#064;server_id&#034;<\/span><br \/>\n&#043;&#8212;&#8212;&#8212;&#8212;-&#043;<br \/>\n<span class=\"token operator\">|<\/span> &#064;&#064;server_id <span class=\"token operator\">|<\/span><br \/>\n&#043;&#8212;&#8212;&#8212;&#8212;-&#043;<br \/>\n<span class=\"token operator\">|<\/span>          <span class=\"token number\">10<\/span> <span class=\"token operator\">|<\/span><br \/>\n&#043;&#8212;&#8212;&#8212;&#8212;-&#043;<br \/>\n \u591a\u6b21\u6267\u884c&#xff0c;\u4f1a\u8f6e\u6d41\u663e\u793a10\u548c20\u3002<\/li>\n<h3>\u4e03\u3001\u81ea\u5b9a\u4e49Haproxy\u9519\u8bef\u754c\u9762<\/h3>\n<ul>\n<li>\u5c06\u9519\u8bef\u9875\u9762\u4fdd\u5b58\u4e3aHTTP\u683c\u5f0f\u6587\u4ef6&#xff0c;\u901a\u8fc7errorfile\u6307\u5b9a\u3002<\/li>\n<li>\u652f\u6301\u9519\u8bef\u7801&#xff1a;200,400,403,405,408,425,429,500,502,503,504\u3002<\/li>\n<\/ul>\n<h4>7.1 sorryserver\u7684\u8bbe\u5b9a<\/h4>\n<p>Sorry Server&#xff08;\u5907\u7528\u670d\u52a1\u5668&#xff09; \u5f53\u6240\u6709\u4e1a\u52a1\u670d\u52a1\u5668\u90fd\u5b95\u673a\u65f6&#xff0c;\u63d0\u4f9b\u4e00\u4e2a\u53cb\u597d\u7684\u4e34\u65f6\u9875\u9762\u3002 \u6b63\u5e38\u7684\u6240\u6709\u670d\u52a1\u5668\u5982\u679c\u51fa\u73b0\u5b95\u673a&#xff0c;\u90a3\u4e48\u5ba2\u6237\u5c06\u88ab\u5b9a\u5411\u5230\u6307\u5b9a\u7684\u4e3b\u673a\u4e2d&#xff0c;\u8fd9\u4e2a\u5f53\u4e1a\u52a1\u4e3b\u673a\u51fa\u95ee\u9898\u65f6\u88ab\u4e34\u65f6\u8bbf\u95ee\u7684\u4e3b\u673a\u53eb\u505asorryserver<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/httpd\/conf\/httpd.conf<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl enable &#8211;now httpd<\/span><br \/>\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/httpd.service \u2192 \/usr\/lib\/systemd\/system\/httpd.service.<br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># echo &#034;This is a page for sorryserver!&#034; &gt; \/var\/www\/html\/index.html<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\nlisten webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span>            *:80<br \/>\n    mode            tcp<br \/>\n    balance         roundrobin<br \/>\n    server yu1 <span class=\"token number\">192.168<\/span>.0.10:80 send-proxy check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span> weight <span class=\"token number\">1<\/span><br \/>\n    server yu2 <span class=\"token number\">192.168<\/span>.0.20:80 send-proxy check inter 3s fall <span class=\"token number\">3<\/span> rise <span class=\"token number\">5<\/span> weight <span class=\"token number\">1<\/span><br \/>\n    server sorrypage <span class=\"token number\">192.168<\/span>.0.100:8080 backup<br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy.service<\/span><\/p>\n<p>\u6d4b\u8bd5&#xff0c;\u7b2c\u4e00\u6b21\u663e\u793a1\u548c2\u8f6e\u8be2&#xff1b;\u505c\u6b62webserver1\u4e0a\u7684nginx\u670d\u52a1&#xff0c;\u7b2c\u4e8c\u6b21\u6d4b\u8bd5\u53ea\u67092&#xff1b;\u6700\u540e\u5173\u95edwebserver2\u4e0a\u7684nginx\u670d\u52a1&#xff0c;\u663e\u793asorrypage\u9875\u9762\u3002 <img decoding=\"async\" src=\"2026-02-27ghdymjod2v4.png\" alt=\"\" \/><\/p>\n<h4>7.2 \u81ea\u5b9a\u4e49\u9519\u8bef\u9875\u9762<\/h4>\n<p>\u5f53\u6240\u6709\u4e3b\u673a\u5305\u62ecsorryserver\u90fd\u5b95\u673a\u4e86&#xff0c;\u90a3\u4e48haproxy\u4f1a\u63d0\u4f9b\u4e00\u4e2a\u9ed8\u8ba4\u8bbf\u95ee\u7684\u9519\u8bef\u9875\u9762&#xff0c;\u8fd9\u4e2a\u9519\u8bef\u9875\u9762\u8ddf\u62a5\u9519\u4ee3\u7801\u6709\u5173&#xff0c;\u8fd9\u4e2a\u9875\u9762\u53ef\u4ee5\u901a\u8fc7\u5b9a\u4e49\u6765\u8fdb\u884c\u8bbe\u7f6e<\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># mkdir -p \/errorpage\/html\/<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/errorpage\/html\/503.http<\/span><br \/>\nHTTP\/1.0 <span class=\"token number\">503<\/span> Service Unavailable<br \/>\nCache-Control: no-cache<br \/>\nConnection: close<br \/>\nContent-Type: text\/html<\/p>\n<p><span class=\"token operator\">&lt;<\/span>html<span class=\"token operator\">&gt;<\/span><br \/>\n    <span class=\"token operator\">&lt;<\/span>body<span class=\"token operator\">&gt;<\/span><br \/>\n        <span class=\"token operator\">&lt;<\/span>h<span class=\"token operator\"><span class=\"token file-descriptor important\">1<\/span>&gt;<\/span>\u670d\u52a1\u6682\u65f6\u4e0d\u53ef\u7528 <span class=\"token punctuation\">(<\/span><span class=\"token number\">503<\/span><span class=\"token punctuation\">)<\/span><span class=\"token operator\">&lt;<\/span>\/h<span class=\"token operator\"><span class=\"token file-descriptor important\">1<\/span>&gt;<\/span><br \/>\n        <span class=\"token operator\">&lt;<\/span>p<span class=\"token operator\">&gt;<\/span>\u6240\u6709\u540e\u7aef\u670d\u52a1\u5668\u90fd\u6302\u4e86&#xff0c;\u8bf7\u7a0d\u540e\u518d\u8bd5\u3002<span class=\"token operator\">&lt;<\/span>\/p<span class=\"token operator\">&gt;<\/span><br \/>\n    <span class=\"token operator\">&lt;<\/span>\/body<span class=\"token operator\">&gt;<\/span><br \/>\n<span class=\"token operator\">&lt;<\/span>\/html<span class=\"token operator\">&gt;<\/span><\/p>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\ndefaults<br \/>\n    mode                    http<br \/>\n    log                     global<br \/>\n    option                  httplog<br \/>\n    option                  dontlognull<br \/>\n    option http-server-close<br \/>\n    option forwardfor       except <span class=\"token number\">127.0<\/span>.0.0\/8<br \/>\n    option                  redispatch<br \/>\n    retries                 <span class=\"token number\">3<\/span><br \/>\n    <span class=\"token function\">timeout<\/span> http-request    10s<br \/>\n    <span class=\"token function\">timeout<\/span> queue           1m<br \/>\n    <span class=\"token function\">timeout<\/span> connect         10s<br \/>\n    <span class=\"token function\">timeout<\/span> client          1m<br \/>\n    <span class=\"token function\">timeout<\/span> server          1m<br \/>\n    <span class=\"token function\">timeout<\/span> http-keep-alive 10s<br \/>\n    <span class=\"token function\">timeout<\/span> check           10s<br \/>\n    maxconn                 <span class=\"token number\">3000<\/span><br \/>\n    errorfile <span class=\"token number\">503<\/span>           \/errorpage\/html\/503.http<span class=\"token comment\">#error \u9875\u9762<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy.service<\/span><\/p>\n<p><span class=\"token comment\">#\u6d4b\u8bd5<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>Administrator.DESKTOP-VJ307M3<span class=\"token punctuation\">]<\/span> \u27a4 <span class=\"token function\">curl<\/span> <span class=\"token number\">172.25<\/span>.254.100<br \/>\n<span class=\"token operator\">&lt;<\/span>html<span class=\"token operator\">&gt;<\/span><br \/>\n    <span class=\"token operator\">&lt;<\/span>body<span class=\"token operator\">&gt;<\/span><br \/>\n        <span class=\"token operator\">&lt;<\/span>h<span class=\"token operator\"><span class=\"token file-descriptor important\">1<\/span>&gt;<\/span>\u670d\u52a1\u6682\u65f6\u4e0d\u53ef\u7528 <span class=\"token punctuation\">(<\/span><span class=\"token number\">503<\/span><span class=\"token punctuation\">)<\/span><span class=\"token operator\">&lt;<\/span>\/h<span class=\"token operator\"><span class=\"token file-descriptor important\">1<\/span>&gt;<\/span><br \/>\n        <span class=\"token operator\">&lt;<\/span>p<span class=\"token operator\">&gt;<\/span>\u6240\u6709\u540e\u7aef\u670d\u52a1\u5668\u90fd\u6302\u4e86&#xff0c;\u8bf7\u7a0d\u540e\u518d\u8bd5\u3002<span class=\"token operator\">&lt;<\/span>\/p<span class=\"token operator\">&gt;<\/span><br \/>\n    <span class=\"token operator\">&lt;<\/span>\/body<span class=\"token operator\">&gt;<\/span><br \/>\n<span class=\"token operator\">&lt;<\/span>\/html<span class=\"token operator\">&gt;<\/span><\/p>\n<h4>7.3 3.\u4ece\u5b9a\u5411\u9519\u8bef\u5230\u6307\u5b9a\u7f51\u7ad9<\/h4>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># vim \/etc\/haproxy\/haproxy.cfg<\/span><br \/>\ndefaults<br \/>\n    mode                    http<br \/>\n    log                     global<br \/>\n    option                  httplog<br \/>\n    option                  dontlognull<br \/>\n    option http-server-close<br \/>\n    option forwardfor       except <span class=\"token number\">127.0<\/span>.0.0\/8<br \/>\n    option                  redispatch<br \/>\n    retries                 <span class=\"token number\">3<\/span><br \/>\n    <span class=\"token function\">timeout<\/span> http-request    10s<br \/>\n    <span class=\"token function\">timeout<\/span> queue           1m<br \/>\n    <span class=\"token function\">timeout<\/span> connect         10s<br \/>\n    <span class=\"token function\">timeout<\/span> client          1m<br \/>\n    <span class=\"token function\">timeout<\/span> server          1m<br \/>\n    <span class=\"token function\">timeout<\/span> http-keep-alive 10s<br \/>\n    <span class=\"token function\">timeout<\/span> check           10s<br \/>\n    maxconn                 <span class=\"token number\">3000<\/span><br \/>\n    errorloc <span class=\"token number\">503<\/span>            http:\/\/www.baidu.com<span class=\"token comment\">#error \u9875\u9762<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># systemctl restart haproxy.service<\/span><\/p>\n<p><img decoding=\"async\" src=\"2026-02-27ocih2acw4ol.gif\" alt=\"\u5f55\u5236_2026_01_26_14_51_06_492\" \/><\/p>\n<h3>\u516b\u3001ACL\u8bbf\u95ee\u63a7\u5236<\/h3>\n<p>ACL&#xff08;Access Control List&#xff09;\u7528\u4e8e\u6839\u636e\u8bf7\u6c42\u5185\u5bb9\u8fdb\u884c\u6761\u4ef6\u5339\u914d&#xff0c;\u7136\u540e\u6267\u884c\u76f8\u5e94\u64cd\u4f5c&#xff08;\u5982\u9009\u62e9\u540e\u7aef\u3001\u62d2\u7edd\u8bf7\u6c42\u3001\u91cd\u5b9a\u5411\u7b49&#xff09;\u3002<\/p>\n<h4>8.1 ACL\u8bed\u6cd5<\/h4>\n<p>acl <span class=\"token operator\">&lt;<\/span>aclname<span class=\"token operator\">&gt;<\/span> <span class=\"token operator\">&lt;<\/span>criterion<span class=\"token operator\">&gt;<\/span> <span class=\"token punctuation\">[<\/span>flags<span class=\"token punctuation\">]<\/span> <span class=\"token punctuation\">[<\/span>operator<span class=\"token punctuation\">]<\/span> <span class=\"token operator\">&lt;<\/span>value<span class=\"token operator\">&gt;<\/span><\/p>\n<ul>\n<li>aclname&#xff1a;\u81ea\u5b9a\u4e49\u540d\u79f0&#xff0c;\u533a\u5206\u5927\u5c0f\u5199\u3002<\/li>\n<li>criterion&#xff1a;\u5339\u914d\u6761\u4ef6&#xff0c;\u5982hdr_dom(host)\u3001path_beg\u3001src\u7b49\u3002<\/li>\n<li>flags&#xff1a;-i\u5ffd\u7565\u5927\u5c0f\u5199&#xff0c;-m\u6307\u5b9a\u5339\u914d\u65b9\u6cd5\u3002<\/li>\n<li>operator&#xff1a;\u6574\u6570\u6bd4\u8f83&#xff08;eq\u3001ge\u7b49&#xff09;\u6216\u5b57\u7b26\u4e32\u5339\u914d\u3002<\/li>\n<li>value&#xff1a;\u5339\u914d\u7684\u503c\u3002<\/li>\n<\/ul>\n<h4>8.2 \u5e38\u7528\u5339\u914d\u6761\u4ef6<\/h4>\n<table>\n<tr>\u6761\u4ef6\u8bf4\u660e\u793a\u4f8b<\/tr>\n<tbody>\n<tr>\n<td>hdr_dom(host)<\/td>\n<td>\u5339\u914dHost\u7684\u57df\u540d<\/td>\n<td>hdr_dom(host) -i .com<\/td>\n<\/tr>\n<tr>\n<td>hdr_beg(host)<\/td>\n<td>Host\u5f00\u5934\u5339\u914d<\/td>\n<td>hdr_beg(host) -i www.<\/td>\n<\/tr>\n<tr>\n<td>hdr_end(host)<\/td>\n<td>Host\u7ed3\u5c3e\u5339\u914d<\/td>\n<td>hdr_end(host) -i .org<\/td>\n<\/tr>\n<tr>\n<td>path_beg<\/td>\n<td>URL\u8def\u5f84\u5f00\u5934\u5339\u914d<\/td>\n<td>path_beg -i \/static\/<\/td>\n<\/tr>\n<tr>\n<td>path_end<\/td>\n<td>URL\u8def\u5f84\u7ed3\u5c3e\u5339\u914d<\/td>\n<td>path_end -i .jpg .png<\/td>\n<\/tr>\n<tr>\n<td>path_sub<\/td>\n<td>URL\u8def\u5f84\u5305\u542b\u5b50\u4e32<\/td>\n<td>path_sub -i images<\/td>\n<\/tr>\n<tr>\n<td>src<\/td>\n<td>\u6e90IP\u5730\u5740<\/td>\n<td>src 192.168.1.0\/24<\/td>\n<\/tr>\n<tr>\n<td>src_port<\/td>\n<td>\u6e90\u7aef\u53e3<\/td>\n<td>src_port 1024-65535<\/td>\n<\/tr>\n<tr>\n<td>method<\/td>\n<td>HTTP\u65b9\u6cd5<\/td>\n<td>method GET POST<\/td>\n<\/tr>\n<tr>\n<td>url_param<\/td>\n<td>URL\u53c2\u6570<\/td>\n<td>url_param(name) -m sub lee<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h4>8.3 ACL\u5b9e\u9a8c\u793a\u4f8b<\/h4>\n<h5>8.3.1 \u57fa\u4e8e\u57df\u540d\u5339\u914d<\/h5>\n<p>frontend webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> *:80<br \/>\n    mode http<\/p>\n<p>    acl domain_com hdr_end<span class=\"token punctuation\">(<\/span>host<span class=\"token punctuation\">)<\/span> <span class=\"token parameter variable\">-i<\/span> .com<br \/>\n    use_backend webserver-80-web1 <span class=\"token keyword\">if<\/span> domain_com<br \/>\n    default_backend webserver-80-web2<\/p>\n<p>backend webserver-80-web1<br \/>\n    server web1 <span class=\"token number\">192.168<\/span>.0.10:80 check<\/p>\n<p>backend webserver-80-web2<br \/>\n    server web2 <span class=\"token number\">192.168<\/span>.0.20:80 check<\/p>\n<ul>\n<li>\u6d4b\u8bd5&#xff1a;\u8bbf\u95eewww.yu.com \u2192 10&#xff0c;\u8bbf\u95eewww.yu.org \u2192 20\u3002<\/li>\n<\/ul>\n<h5>8.3.2 \u57fa\u4e8e\u8def\u5f84\u5339\u914d<\/h5>\n<p>acl path_static path_end <span class=\"token parameter variable\">-i<\/span> .jpg .png .css .js<br \/>\nacl path_php path_end <span class=\"token parameter variable\">-i<\/span> .php<br \/>\nuse_backend static_host <span class=\"token keyword\">if<\/span> path_static<br \/>\nuse_backend php_host <span class=\"token keyword\">if<\/span> path_php<\/p>\n<h5>8.3.3 \u57fa\u4e8e\u6e90IP\u7684\u9ed1\u767d\u540d\u5355<\/h5>\n<p>acl blacklist src <span class=\"token number\">172.25<\/span>.254.1<br \/>\nhttp-request deny <span class=\"token keyword\">if<\/span> blacklist<\/p>\n<p><span class=\"token comment\"># \u767d\u540d\u5355<\/span><br \/>\nacl whitelist src <span class=\"token number\">172.25<\/span>.254.10<br \/>\nhttp-request allow <span class=\"token keyword\">if<\/span> whitelist<br \/>\nhttp-request deny<\/p>\n<h5>8.3.4 \u57fa\u4e8e\u6d4f\u89c8\u5668\u7c7b\u578b<\/h5>\n<p>acl bad_browser hdr_sub<span class=\"token punctuation\">(<\/span>User-Agent<span class=\"token punctuation\">)<\/span> <span class=\"token parameter variable\">-i<\/span> <span class=\"token function\">curl<\/span> <span class=\"token function\">wget<\/span><br \/>\nhttp-request deny <span class=\"token keyword\">if<\/span> bad_browser<\/p>\n<h4>8.4 \u591a\u4e2aACL\u7684\u7ec4\u5408<\/h4>\n<ul>\n<li>\u4e0e&#xff1a;\u9ed8\u8ba4&#xff0c;if acl1 acl2 \u9700\u540c\u65f6\u6ee1\u8db3\u3002<\/li>\n<li>\u6216&#xff1a;\u4f7f\u7528or\u6216||&#xff0c;\u5982if acl1 or acl2\u3002<\/li>\n<li>\u975e&#xff1a;\u4f7f\u7528!&#xff0c;\u5982if ! acl1\u3002<\/li>\n<\/ul>\n<h3>\u4e5d\u3001ACL\u8bbf\u95ee\u63a7\u5236\u8fdb\u9636\u5b9e\u9a8c<\/h3>\n<h4>9.1 \u57df\u540d\u5339\u914d\u4e0e\u9ed8\u8ba4\u540e\u7aef<\/h4>\n<p>\u7ed3\u5408\u591a\u4e2aACL\u5b9e\u73b0\u57fa\u4e8e\u57df\u540d\u7684\u5206\u6d41&#xff0c;\u5e76\u8bbe\u7f6e\u9ed8\u8ba4\u540e\u7aef\u3002<\/p>\n<ul>\n<li>\u914d\u7f6e<\/li>\n<\/ul>\n<p>frontend webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> *:80<br \/>\n    mode http<\/p>\n<p>    acl is_com hdr_end<span class=\"token punctuation\">(<\/span>host<span class=\"token punctuation\">)<\/span> <span class=\"token parameter variable\">-i<\/span> .com<br \/>\n    acl is_bbs hdr_beg<span class=\"token punctuation\">(<\/span>host<span class=\"token punctuation\">)<\/span> <span class=\"token parameter variable\">-i<\/span> bbs.<\/p>\n<p>    use_backend bbs_servers <span class=\"token keyword\">if<\/span> is_bbs<br \/>\n    use_backend com_servers <span class=\"token keyword\">if<\/span> is_com<br \/>\n    default_backend default_servers<\/p>\n<p>backend bbs_servers<br \/>\n    server bbs1 <span class=\"token number\">192.168<\/span>.0.10:80 check<\/p>\n<p>backend com_servers<br \/>\n    server com1 <span class=\"token number\">192.168<\/span>.0.20:80 check<\/p>\n<p>backend default_servers<br \/>\n    server default1 <span class=\"token number\">192.168<\/span>.0.10:80 check<\/p>\n<h4>9.2 \u8def\u5f84\u5339\u914d\u5b9e\u73b0\u52a8\u9759\u5206\u79bb<\/h4>\n<p>frontend webcluster<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> *:80<br \/>\n    mode http<\/p>\n<p>    acl static_path path_end <span class=\"token parameter variable\">-i<\/span> .jpg .png .css .js<br \/>\n    acl static_path path_beg <span class=\"token parameter variable\">-i<\/span> \/static\/ \/images\/<br \/>\n    acl api_path path_beg <span class=\"token parameter variable\">-i<\/span> \/api\/<\/p>\n<p>    use_backend static_servers <span class=\"token keyword\">if<\/span> static_path<br \/>\n    use_backend api_servers <span class=\"token keyword\">if<\/span> api_path<br \/>\n    default_backend dynamic_servers<\/p>\n<h4>9.3 \u57fa\u4e8e\u6d4f\u89c8\u5668\u7c7b\u578b\u7684\u8bbf\u95ee\u63a7\u5236<\/h4>\n<p>acl bad_browser hdr_sub<span class=\"token punctuation\">(<\/span>User-Agent<span class=\"token punctuation\">)<\/span> <span class=\"token parameter variable\">-i<\/span> <span class=\"token function\">curl<\/span> <span class=\"token function\">wget<\/span><br \/>\nhttp-request deny <span class=\"token keyword\">if<\/span> bad_browser<\/p>\n<h4>9.4 \u57fa\u4e8e\u6e90IP\u7684\u8bbf\u95ee\u63a7\u5236<\/h4>\n<p>acl internal src <span class=\"token number\">192.168<\/span>.0.0\/24<br \/>\nhttp-request allow <span class=\"token keyword\">if<\/span> internal<br \/>\nhttp-request deny<\/p>\n<h4>9.5 \u590d\u6742\u7ec4\u5408<\/h4>\n<p>acl valid_method method GET HEAD<br \/>\nacl valid_ua hdr_sub<span class=\"token punctuation\">(<\/span>User-Agent<span class=\"token punctuation\">)<\/span> <span class=\"token parameter variable\">-i<\/span> Mozilla<br \/>\nacl valid_ip src <span class=\"token number\">172.25<\/span>.254.0\/24<br \/>\nhttp-request deny <span class=\"token keyword\">if<\/span> <span class=\"token operator\">!<\/span> valid_method or <span class=\"token operator\">!<\/span> valid_ua or <span class=\"token operator\">!<\/span> valid_ip<\/p>\n<h3>\u5341\u3001HAProxy HTTPS\u5b9e\u73b0&#xff08;\u5168\u7ad9\u52a0\u5bc6&#xff09;<\/h3>\n<p>HAProxy\u53ef\u4ee5\u4f5c\u4e3aSSL\u7ec8\u7aef&#xff0c;\u5904\u7406\u6765\u81ea\u5ba2\u6237\u7aef\u7684HTTPS\u8bf7\u6c42&#xff0c;\u7136\u540e\u4ee5HTTP\u8f6c\u53d1\u7ed9\u540e\u7aef&#xff0c;\u51cf\u8f7b\u540e\u7aefSSL\u538b\u529b\u3002<\/p>\n<h4>10.1 \u5236\u4f5c\u81ea\u7b7e\u540d\u8bc1\u4e66<\/h4>\n<p><span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># mkdir \/etc\/haproxy\/certs<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># openssl req -newkey rsa:2048 -nodes -sha256 \\\\<\/span><br \/>\n    <span class=\"token parameter variable\">-keyout<\/span> \/etc\/haproxy\/certs\/timinglee.org.key <span class=\"token punctuation\">\\\\<\/span><br \/>\n    <span class=\"token parameter variable\">-x509<\/span> <span class=\"token parameter variable\">-days<\/span> <span class=\"token number\">365<\/span> <span class=\"token punctuation\">\\\\<\/span><br \/>\n    <span class=\"token parameter variable\">-out<\/span> \/etc\/haproxy\/certs\/timinglee.org.crt<br \/>\n<span class=\"token comment\"># \u586b\u5199\u8bc1\u4e66\u4fe1\u606f&#xff08;CN\u53ef\u8bbe\u4e3a\u57df\u540d&#xff09;<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>root&#064;haproxy ~<span class=\"token punctuation\">]<\/span><span class=\"token comment\"># cat \/etc\/haproxy\/certs\/timinglee.org.{key,crt} &gt; \/etc\/haproxy\/certs\/timinglee.pem<\/span><\/p>\n<h4>10.2 \u914d\u7f6eHTTPS\u524d\u7aef<\/h4>\n<p>frontend http-in<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> *:80<br \/>\n    redirect scheme https <span class=\"token keyword\">if<\/span> <span class=\"token operator\">!<\/span><span class=\"token punctuation\">{<\/span> ssl_fc <span class=\"token punctuation\">}<\/span>   <span class=\"token comment\"># \u5c06HTTP\u91cd\u5b9a\u5411\u5230HTTPS<\/span><\/p>\n<p>frontend https-in<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> *:443 ssl crt \/etc\/haproxy\/certs\/timinglee.pem<br \/>\n    mode http<br \/>\n    default_backend webcluster<\/p>\n<p>backend webcluster<br \/>\n    mode http<br \/>\n    balance roundrobin<br \/>\n    server web1 <span class=\"token number\">192.168<\/span>.0.10:80 check<br \/>\n    server web2 <span class=\"token number\">192.168<\/span>.0.20:80 check<\/p>\n<h4>10.3 \u6d4b\u8bd5<\/h4>\n<p><span class=\"token comment\"># \u8bbf\u95eeHTTP\u81ea\u52a8\u8df3\u8f6c\u5230HTTPS<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>Administrator.DESKTOP-VJ307M3<span class=\"token punctuation\">]<\/span> \u27a4 <span class=\"token function\">curl<\/span> <span class=\"token parameter variable\">-k<\/span> <span class=\"token parameter variable\">-L<\/span> http:\/\/172.25.254.100<br \/>\n<span class=\"token comment\"># \u76f4\u63a5HTTPS\u8bbf\u95ee<\/span><br \/>\n<span class=\"token punctuation\">[<\/span>Administrator.DESKTOP-VJ307M3<span class=\"token punctuation\">]<\/span> \u27a4 <span class=\"token function\">curl<\/span> <span class=\"token parameter variable\">-k<\/span> https:\/\/172.25.254.100<\/p>\n<ul>\n<li>-k\u9009\u9879\u5ffd\u7565\u81ea\u7b7e\u540d\u8bc1\u4e66\u9a8c\u8bc1\u3002<\/li>\n<\/ul>\n<h3>\u5341\u4e00\u3001\u603b\u7ed3<\/h3>\n<h4>11.1\u5b66\u4e60\u603b\u7ed3<\/h4>\n<p>\u901a\u8fc7\u4ee5\u4e0a\u7406\u8bba\u4e0e\u5b9e\u8df5\u7ed3\u5408\u7684\u5b66\u4e60&#xff0c;\u6211\u4eec\u638c\u63e1\u4e86&#xff1a;<\/p>\n<li>HAProxy\u7684\u5b89\u88c5\u3001\u57fa\u672c\u914d\u7f6e&#xff08;global\u3001frontend\u3001backend\u3001listen&#xff09;\u3002<\/li>\n<li>\u591a\u8fdb\u7a0b\/\u591a\u7ebf\u7a0b\u914d\u7f6e\u53casocat\u52a8\u6001\u7ba1\u7406\u3002<\/li>\n<li>\u5404\u79cd\u8c03\u5ea6\u7b97\u6cd5\u7684\u539f\u7406\u4e0e\u5b9e\u9a8c\u9a8c\u8bc1\u3002<\/li>\n<li>\u9ad8\u7ea7\u529f\u80fd&#xff1a;Cookie\u4f1a\u8bdd\u4fdd\u6301\u3001\u72b6\u6001\u9875\u3001IP\u900f\u4f20&#xff08;\u4e03\u5c42\u4e0e\u56db\u5c42&#xff09;\u3002<\/li>\n<li>ACL\u8bbf\u95ee\u63a7\u5236\u7684\u591a\u573a\u666f\u5e94\u7528\u3002<\/li>\n<li>\u56db\u5c42\u8d1f\u8f7d\u5747\u8861&#xff08;MySQL\u793a\u4f8b&#xff09;\u53cabackup\u670d\u52a1\u5668\u3002<\/li>\n<li>\u81ea\u5b9a\u4e49\u9519\u8bef\u9875\u9762\u548cSorry Server\u3002<\/li>\n<li>HTTPS\u5168\u7ad9\u52a0\u5bc6\u914d\u7f6e\u3002<\/li>\n<h4>11.2 \u5b9e\u9a8c\u8fc7\u7a0b\u4e2d\u9047\u5230\u7684\u95ee\u9898\u4e0e\u89e3\u51b3\u65b9\u6cd5<\/h4>\n<h5>1. \u73af\u5883\u914d\u7f6e\u9636\u6bb5<\/h5>\n<p>\u53cc\u7f51\u5361\u914d\u7f6e\u540e\u7f51\u7edc\u4e0d\u901a&#xff1f;<\/p>\n<ul>\n<li>\u73b0\u8c61&#xff1a;\u914d\u7f6e\u5b8c eth0 \u548c eth1 \u540e&#xff0c;\u65e0\u6cd5\u4ece\u5916\u7f51\u8bbf\u95ee haproxy\u3002<\/li>\n<li>\u539f\u56e0&#xff1a;\u672a\u5f00\u542f\u5185\u6838\u8def\u7531\u8f6c\u53d1\u3002<\/li>\n<li>\u89e3\u51b3&#xff1a;<span class=\"token builtin class-name\">echo<\/span> <span class=\"token assign-left variable\">net.ipv4.ip_forward<\/span><span class=\"token operator\">&#061;<\/span><span class=\"token number\">1<\/span> <span class=\"token operator\">&gt;<\/span> \/etc\/sysctl.conf<br \/>\n<span class=\"token function\">sysctl<\/span> <span class=\"token parameter variable\">-p<\/span>\n <\/li>\n<\/ul>\n<hr \/>\n<h5>2. Haproxy \u5b89\u88c5\u4e0e\u57fa\u7840\u914d\u7f6e<\/h5>\n<p>\u914d\u7f6e\u6587\u4ef6\u8bed\u6cd5\u9519\u8bef\u5bfc\u81f4\u670d\u52a1\u542f\u52a8\u5931\u8d25<\/p>\n<ul>\n<li>\u73b0\u8c61&#xff1a;systemctl restart haproxy.service \u5931\u8d25<br \/>\njournalctl -xe \u63d0\u793a unknown keyword\n <\/li>\n<li>\u539f\u56e0&#xff1a;\u624b\u8bef\u5c06 fall \u5199\u6210 dall&#xff0c;\u6216\u53c2\u6570\u5199\u9519\u4f4d\u7f6e&#xff08;\u5982\u5728 defaults \u4e2d\u5199 nbproc&#xff09;\u3002<\/li>\n<li>\u89e3\u51b3&#xff1a;\n<ul>\n<li>\u4f7f\u7528 systemctl status haproxy.service \u67e5\u770b\u5177\u4f53\u9519\u8bef\u884c\u3002<\/li>\n<li>\u4fee\u6b63\u62fc\u5199\u9519\u8bef&#xff0c;\u786e\u4fdd\u53c2\u6570\u5199\u5728\u6b63\u786e\u7684\u4f5c\u7528\u57df&#xff08;\u5168\u5c40 \/ defaults \/ listen \/ backend&#xff09;\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<hr \/>\n<h5>3. \u65e5\u5fd7\u914d\u7f6e\u95ee\u9898<\/h5>\n<p>haproxy \u65e5\u5fd7\u672a\u53d1\u9001\u5230\u8fdc\u7a0b\u4e3b\u673a<\/p>\n<ul>\n<li>\u73b0\u8c61&#xff1a;\/var\/log\/messages \u4e2d\u65e0 haproxy \u65e5\u5fd7\u3002<\/li>\n<li>\u539f\u56e0&#xff1a;\u8fdc\u7a0b\u4e3b\u673a\u672a\u5f00\u542f UDP 514 \u7aef\u53e3\u63a5\u6536\u65e5\u5fd7\u3002<\/li>\n<li>\u89e3\u51b3&#xff1a;<span class=\"token comment\"># \u5728 webserver1 \u4e0a\u542f\u7528 rsyslog UDP \u6a21\u5757<\/span><br \/>\n<span class=\"token function\">vim<\/span> \/etc\/rsyslog.conf<br \/>\n\u53d6\u6d88\u6ce8\u91ca&#xff1a;<br \/>\nmodule<span class=\"token punctuation\">(<\/span>load<span class=\"token operator\">&#061;<\/span><span class=\"token string\">&#034;imudp&#034;<\/span><span class=\"token punctuation\">)<\/span><br \/>\ninput<span class=\"token punctuation\">(<\/span>type<span class=\"token operator\">&#061;<\/span><span class=\"token string\">&#034;imudp&#034;<\/span> <span class=\"token assign-left variable\">port<\/span><span class=\"token operator\">&#061;<\/span><span class=\"token string\">&#034;514&#034;<\/span><span class=\"token punctuation\">)<\/span><br \/>\nsystemctl restart rsyslog\n <\/li>\n<\/ul>\n<hr \/>\n<h5>4.\u591a\u8fdb\u7a0b\u4e0e\u591a\u7ebf\u7a0b\u914d\u7f6e\u51b2\u7a81<\/h5>\n<p>\u540c\u65f6\u542f\u7528 nbproc \u548c nbthread \u5bfc\u81f4\u51b2\u7a81<\/p>\n<ul>\n<li>\u73b0\u8c61&#xff1a;haproxy \u542f\u52a8\u5931\u8d25&#xff0c;\u63d0\u793a\u914d\u7f6e\u4e0d\u5408\u6cd5\u3002<\/li>\n<li>\u539f\u56e0&#xff1a;\u591a\u8fdb\u7a0b\u4e0e\u591a\u7ebf\u7a0b\u4e0d\u80fd\u540c\u65f6\u542f\u7528\u3002<\/li>\n<li>\u89e3\u51b3&#xff1a;\u6ce8\u91ca\u6389 nbproc&#xff0c;\u53ea\u4fdd\u7559 nbthread\u3002<\/li>\n<\/ul>\n<hr \/>\n<h5>5. socat \u70ed\u66f4\u65b0\u6743\u9650\u95ee\u9898<\/h5>\n<p>\u4f7f\u7528 socat \u4fee\u6539\u6743\u91cd\u65f6\u63d0\u793a Permission denied<\/p>\n<ul>\n<li>\u73b0\u8c61&#xff1a;echo &#034;set weight webcluster\/haha 2&#034; | socat stdio \/var\/lib\/haproxy\/stats<br \/>\nPermission denied\n <\/li>\n<li>\u539f\u56e0&#xff1a;socket \u6587\u4ef6\u6743\u9650\u4e0d\u8db3&#xff0c;\u672a\u6388\u6743 admin \u7ea7\u522b\u3002<\/li>\n<li>\u89e3\u51b3&#xff1a;<span class=\"token function\">vim<\/span> \/etc\/haproxy\/haproxy.cfg<br \/>\nstats socket \/var\/lib\/haproxy\/stats mode <span class=\"token number\">600<\/span> level admin<br \/>\n<span class=\"token function\">rm<\/span> <span class=\"token parameter variable\">-rf<\/span> \/var\/lib\/haproxy\/*<br \/>\nsystemctl restart haproxy\n <\/li>\n<\/ul>\n<hr \/>\n<h5>6. \u7b97\u6cd5\u5b9e\u9a8c\u4e2d\u7684\u95ee\u9898<\/h5>\n<h6>&#xff08;1&#xff09; static-rr \u4e0d\u652f\u6301\u52a8\u6001\u6743\u91cd\u4fee\u6539<\/h6>\n<ul>\n<li>\u73b0\u8c61&#xff1a;\u4f7f\u7528 set weight \u4fee\u6539\u6743\u91cd\u5931\u8d25\u3002<\/li>\n<li>\u539f\u56e0&#xff1a;static-rr \u662f\u9759\u6001\u7b97\u6cd5&#xff0c;\u4e0d\u652f\u6301\u52a8\u6001\u8c03\u6574\u3002<\/li>\n<li>\u89e3\u51b3&#xff1a;\u6539\u7528\u52a8\u6001\u7b97\u6cd5\u5982 roundrobin\u3002<\/li>\n<\/ul>\n<h6>&#xff08;2&#xff09; first \u7b97\u6cd5\u4e0b\u9ad8\u5e76\u53d1\u6d4b\u8bd5\u672a\u89e6\u53d1\u5907\u7528\u670d\u52a1\u5668<\/h6>\n<ul>\n<li>\u73b0\u8c61&#xff1a;\u5373\u4f7f maxconn&#061;1&#xff0c;\u4ecd\u4e00\u76f4\u8bbf\u95ee\u540c\u4e00\u53f0\u3002<\/li>\n<li>\u539f\u56e0&#xff1a;first \u4f1a\u4f18\u5148\u4f7f\u7528\u7b2c\u4e00\u4e2a\u670d\u52a1\u5668\u76f4\u5230\u6ee1\u8f7d&#xff0c;\u6d4b\u8bd5\u5e76\u53d1\u6570\u4e0d\u8db3\u3002<\/li>\n<li>\u89e3\u51b3&#xff1a;\u5f00\u542f\u591a\u4e2a\u7ec8\u7aef\u540c\u65f6\u538b\u6d4b&#xff0c;\u89e6\u53d1\u5907\u7528\u670d\u52a1\u5668\u3002<\/li>\n<\/ul>\n<hr \/>\n<h5>7. IP \u900f\u4f20\u914d\u7f6e\u95ee\u9898<\/h5>\n<p>\u4e03\u5c42\u900f\u4f20\u540e\u65e5\u5fd7\u4ecd\u663e\u793a haproxy IP<\/p>\n<ul>\n<li>\u73b0\u8c61&#xff1a;\u540e\u7aef\u65e5\u5fd7\u4e2d %h \u4ecd\u4e3a 192.168.0.100\u3002<\/li>\n<li>\u539f\u56e0&#xff1a;\u672a\u4fee\u6539 httpd \u7684 LogFormat&#xff0c;\u672a\u5f00\u542f option forwardfor\u3002<\/li>\n<li>\u89e3\u51b3&#xff1a;<span class=\"token comment\"># haproxy \u914d\u7f6e<\/span><br \/>\noption forwardfor except <span class=\"token number\">127.0<\/span>.0.0\/8<\/p>\n<p><span class=\"token comment\"># httpd \u914d\u7f6e<\/span><br \/>\nLogFormat <span class=\"token string\">&#034;%h %l %u %t <span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span>%r<span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span> %&gt;s %b <span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span>%{X-Forwarded-For}i<span class=\"token entity\" title=\"\\\\&#034;\">\\\\&#034;<\/span> &#8230;&#034;<\/span> combined\n <\/li>\n<\/ul>\n<p>\u56db\u5c42\u900f\u4f20\u540e nginx \u62a5 502<\/p>\n<ul>\n<li>\u73b0\u8c61&#xff1a;\u542f\u7528 send-proxy \u540e nginx \u8fd4\u56de 502\u3002<\/li>\n<li>\u539f\u56e0&#xff1a;nginx \u672a\u5f00\u542f proxy_protocol \u652f\u6301\u3002<\/li>\n<li>\u89e3\u51b3&#xff1a;listen <span class=\"token number\">80<\/span> proxy_protocol<span class=\"token punctuation\">;<\/span><br \/>\nlog_format main <span class=\"token string\">&#039;$proxy_protocol_addr &#8211; &#8230;&#039;<\/span><span class=\"token punctuation\">;<\/span>\n <\/li>\n<\/ul>\n<hr \/>\n<h5>8. ACL \u8bbf\u95ee\u63a7\u5236\u95ee\u9898<\/h5>\n<p>\u9ed1\u540d\u5355\u672a\u751f\u6548<\/p>\n<ul>\n<li>\u73b0\u8c61&#xff1a;\u5373\u4f7f\u5199\u4e86 http-request deny if invalid_src&#xff0c;\u4ecd\u53ef\u8bbf\u95ee\u3002<\/li>\n<li>\u539f\u56e0&#xff1a;ACL \u5b9a\u4e49\u5199\u5728\u4e86 use_backend \u4e4b\u540e&#xff0c;\u672a\u63d0\u524d\u5339\u914d\u3002<\/li>\n<li>\u89e3\u51b3&#xff1a;\u5c06 ACL \u548c http-request deny \u653e\u5728 use_backend \u4e4b\u524d\u3002<\/li>\n<\/ul>\n<hr \/>\n<h5>9. \u5168\u7ad9\u52a0\u5bc6\u95ee\u9898<\/h5>\n<p>\u8bc1\u4e66\u751f\u6210\u540e haproxy \u65e0\u6cd5\u542f\u52a8<\/p>\n<ul>\n<li>\u73b0\u8c61&#xff1a;\u542f\u52a8\u5931\u8d25&#xff0c;\u63d0\u793a no certificate found\u3002<\/li>\n<li>\u539f\u56e0&#xff1a;\u672a\u5c06 .key \u548c .crt \u5408\u5e76\u4e3a .pem \u6587\u4ef6\u3002<\/li>\n<li>\u89e3\u51b3&#xff1a;<span class=\"token function\">cat<\/span> timinglee.org.key timinglee.org.crt <span class=\"token operator\">&gt;<\/span> timinglee.pem\n <\/li>\n<\/ul>\n<p>HTTP \u8df3\u8f6c HTTPS \u672a\u751f\u6548<\/p>\n<ul>\n<li>\u73b0\u8c61&#xff1a;\u8bbf\u95ee http:\/\/ \u4ecd\u8fd4\u56de 200&#xff0c;\u672a\u8df3\u8f6c\u3002<\/li>\n<li>\u539f\u56e0&#xff1a;\u672a\u5728 frontend \u4e2d\u914d\u7f6e redirect scheme https\u3002<\/li>\n<li>\u89e3\u51b3&#xff1a;frontend webcluster-http<br \/>\n    <span class=\"token builtin class-name\">bind<\/span> *:80<br \/>\n    redirect scheme https <span class=\"token keyword\">if<\/span> <span class=\"token operator\">!<\/span><span class=\"token punctuation\">{<\/span> ssl_fc <span class=\"token punctuation\">}<\/span>\n <\/li>\n<\/ul>\n<hr \/>\n<h4>11.3 \u6392\u9519\u6280\u5de7\u603b\u7ed3<\/h4>\n<ul>\n<li>\u4f7f\u7528 systemctl status haproxy.service \u67e5\u770b\u9519\u8bef\u884c\u3002<\/li>\n<li>\u4f7f\u7528 journalctl -xeu haproxy.service \u67e5\u770b\u8be6\u7ec6\u65e5\u5fd7\u3002<\/li>\n<li>\u914d\u7f6e\u6587\u4ef6\u4fee\u6539\u540e\u52a1\u5fc5\u7528 haproxy -f \/etc\/haproxy\/haproxy.cfg -c \u68c0\u67e5\u8bed\u6cd5\u3002<\/li>\n<li>\u591a\u8fdb\u7a0b\/\u591a\u7ebf\u7a0b\u3001socket \u6743\u9650\u3001\u65e5\u5fd7\u683c\u5f0f\u7b49\u95ee\u9898\u662f\u5e38\u89c1\u9677\u9631&#xff0c;\u9700\u91cd\u70b9\u5173\u6ce8\u3002<\/li>\n<\/ul>\n<p>\u901a\u8fc7\u4ee5\u4e0a\u6392\u67e5\u601d\u8def&#xff0c;\u7edd\u5927\u90e8\u5206\u5b9e\u9a8c\u95ee\u9898\u90fd\u80fd\u5f97\u5230\u89e3\u51b3\u3002\u5efa\u8bae\u5927\u5bb6\u5728\u5b9e\u9a8c\u8fc7\u7a0b\u4e2d\u8bb0\u5f55\u6bcf\u4e00\u6b65\u7684\u8f93\u51fa&#xff0c;\u4fbf\u4e8e\u56de\u6eaf\u5b9a\u4f4d\u3002\u5982\u679c\u5728\u5b9e\u9a8c\u8fc7\u7a0b\u4e2d\u9047\u5230\u4efb\u4f55\u6280\u672f\u95ee\u9898\u6216\u64cd\u4f5c\u56f0\u60d1&#xff0c;\u6b22\u8fce\u5728\u6587\u7ae0\u4e0b\u65b9\u7684\u8bc4\u8bba\u533a\u7559\u8a00\u4ea4\u6d41~ \u5927\u5bb6\u4e00\u8d77\u8ba8\u8bba~ \u5bf9\u4e8e\u6587\u7ae0\u4e2d\u53ef\u80fd\u5b58\u5728\u7684\u6280\u672f\u6027\u9519\u8bef\u3001\u8868\u8ff0\u4e0d\u6e05\u7684\u5185\u5bb9\u6216\u9700\u8981\u6539\u8fdb\u7684\u90e8\u5206&#xff0c;\u6b22\u8fce\u5927\u5bb6\u6279\u8bc4\u6307\u6b63~ \u671f\u5f85\u4e0e\u5927\u5bb6\u5171\u540c\u8fdb\u6b65&#xff01;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>HAProxy\u4e03\u5c42\u4ee3\u7406\u5b66\u4e60\u7b14\u8bb0<br \/>\n\u4e00\u3001\u8d1f\u8f7d\u5747\u8861\u57fa\u7840<br \/>\n1.1 \u4ec0\u4e48\u662f\u8d1f\u8f7d\u5747\u8861<br \/>\n\u8d1f\u8f7d\u5747\u8861&#xff08;Load Balance&#xff0c;\u7b80\u79f0LB&#xff09;\u662f\u4e00\u79cd\u670d\u52a1\u6216\u57fa\u4e8e\u786c\u4ef6\u8bbe\u5907\u5b9e\u73b0\u7684\u9ad8\u53ef\u7528\u53cd\u5411\u4ee3\u7406\u6280\u672f\u3002\u5b83\u5c06\u7279\u5b9a\u7684\u4e1a\u52a1&#xff08;\u5982Web\u670d\u52a1\u3001\u7f51\u7edc\u6d41\u91cf&#xff09;\u5206\u62c5\u7ed9\u4e00\u4e2a\u6216\u591a\u4e2a\u540e\u7aef\u670d\u52a1\u5668&#xff0c;\u4ece\u800c\u63d0\u9ad8\u5e76\u53d1\u5904\u7406\u80fd\u529b\u3001\u4fdd\u8bc1\u4e1a\u52a1\u9ad8\u53ef\u7528\u6027&#xff0c;\u5e76\u65b9\u4fbf\u4e1a\u52a1\u540e\u671f\u7684\u6c34\u5e73\u6269\u5c55\u3002 \u53c2\u8003&#xff1a;\u963f\u91cc\u4e91SLB\u4ecb\u7ecd https:\/\/yq.aliyu<\/p>\n","protected":false},"author":2,"featured_media":78567,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[258,44],"topic":[],"class_list":["post-78587","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server","tag-258","tag-44"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>HAProxy\u4e03\u5c42\u4ee3\u7406\uff1a\u9ad8\u6027\u80fd\u8d1f\u8f7d\u5747\u8861\u5b9e\u6218 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.wsisp.com\/helps\/78587.html\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HAProxy\u4e03\u5c42\u4ee3\u7406\uff1a\u9ad8\u6027\u80fd\u8d1f\u8f7d\u5747\u8861\u5b9e\u6218 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"og:description\" content=\"HAProxy\u4e03\u5c42\u4ee3\u7406\u5b66\u4e60\u7b14\u8bb0 \u4e00\u3001\u8d1f\u8f7d\u5747\u8861\u57fa\u7840 1.1 \u4ec0\u4e48\u662f\u8d1f\u8f7d\u5747\u8861 \u8d1f\u8f7d\u5747\u8861&#xff08;Load Balance&#xff0c;\u7b80\u79f0LB&#xff09;\u662f\u4e00\u79cd\u670d\u52a1\u6216\u57fa\u4e8e\u786c\u4ef6\u8bbe\u5907\u5b9e\u73b0\u7684\u9ad8\u53ef\u7528\u53cd\u5411\u4ee3\u7406\u6280\u672f\u3002\u5b83\u5c06\u7279\u5b9a\u7684\u4e1a\u52a1&#xff08;\u5982Web\u670d\u52a1\u3001\u7f51\u7edc\u6d41\u91cf&#xff09;\u5206\u62c5\u7ed9\u4e00\u4e2a\u6216\u591a\u4e2a\u540e\u7aef\u670d\u52a1\u5668&#xff0c;\u4ece\u800c\u63d0\u9ad8\u5e76\u53d1\u5904\u7406\u80fd\u529b\u3001\u4fdd\u8bc1\u4e1a\u52a1\u9ad8\u53ef\u7528\u6027&#xff0c;\u5e76\u65b9\u4fbf\u4e1a\u52a1\u540e\u671f\u7684\u6c34\u5e73\u6269\u5c55\u3002 \u53c2\u8003&#xff1a;\u963f\u91cc\u4e91SLB\u4ecb\u7ecd https:\/\/yq.aliyu\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.wsisp.com\/helps\/78587.html\" \/>\n<meta property=\"og:site_name\" content=\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-27T14:30:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143028-69a1aa84077e7.png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"21 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/78587.html\",\"url\":\"https:\/\/www.wsisp.com\/helps\/78587.html\",\"name\":\"HAProxy\u4e03\u5c42\u4ee3\u7406\uff1a\u9ad8\u6027\u80fd\u8d1f\u8f7d\u5747\u8861\u5b9e\u6218 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"isPartOf\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\"},\"datePublished\":\"2026-02-27T14:30:34+00:00\",\"dateModified\":\"2026-02-27T14:30:34+00:00\",\"author\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/78587.html#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.wsisp.com\/helps\/78587.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/78587.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.wsisp.com\/helps\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HAProxy\u4e03\u5c42\u4ee3\u7406\uff1a\u9ad8\u6027\u80fd\u8d1f\u8f7d\u5747\u8861\u5b9e\u6218\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\",\"url\":\"https:\/\/www.wsisp.com\/helps\/\",\"name\":\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"description\":\"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"contentUrl\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"caption\":\"admin\"},\"sameAs\":[\"http:\/\/wp.wsisp.com\"],\"url\":\"https:\/\/www.wsisp.com\/helps\/author\/admin\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HAProxy\u4e03\u5c42\u4ee3\u7406\uff1a\u9ad8\u6027\u80fd\u8d1f\u8f7d\u5747\u8861\u5b9e\u6218 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.wsisp.com\/helps\/78587.html","og_locale":"zh_CN","og_type":"article","og_title":"HAProxy\u4e03\u5c42\u4ee3\u7406\uff1a\u9ad8\u6027\u80fd\u8d1f\u8f7d\u5747\u8861\u5b9e\u6218 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","og_description":"HAProxy\u4e03\u5c42\u4ee3\u7406\u5b66\u4e60\u7b14\u8bb0 \u4e00\u3001\u8d1f\u8f7d\u5747\u8861\u57fa\u7840 1.1 \u4ec0\u4e48\u662f\u8d1f\u8f7d\u5747\u8861 \u8d1f\u8f7d\u5747\u8861&#xff08;Load Balance&#xff0c;\u7b80\u79f0LB&#xff09;\u662f\u4e00\u79cd\u670d\u52a1\u6216\u57fa\u4e8e\u786c\u4ef6\u8bbe\u5907\u5b9e\u73b0\u7684\u9ad8\u53ef\u7528\u53cd\u5411\u4ee3\u7406\u6280\u672f\u3002\u5b83\u5c06\u7279\u5b9a\u7684\u4e1a\u52a1&#xff08;\u5982Web\u670d\u52a1\u3001\u7f51\u7edc\u6d41\u91cf&#xff09;\u5206\u62c5\u7ed9\u4e00\u4e2a\u6216\u591a\u4e2a\u540e\u7aef\u670d\u52a1\u5668&#xff0c;\u4ece\u800c\u63d0\u9ad8\u5e76\u53d1\u5904\u7406\u80fd\u529b\u3001\u4fdd\u8bc1\u4e1a\u52a1\u9ad8\u53ef\u7528\u6027&#xff0c;\u5e76\u65b9\u4fbf\u4e1a\u52a1\u540e\u671f\u7684\u6c34\u5e73\u6269\u5c55\u3002 \u53c2\u8003&#xff1a;\u963f\u91cc\u4e91SLB\u4ecb\u7ecd https:\/\/yq.aliyu","og_url":"https:\/\/www.wsisp.com\/helps\/78587.html","og_site_name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","article_published_time":"2026-02-27T14:30:34+00:00","og_image":[{"url":"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260227143028-69a1aa84077e7.png"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"admin","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"21 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.wsisp.com\/helps\/78587.html","url":"https:\/\/www.wsisp.com\/helps\/78587.html","name":"HAProxy\u4e03\u5c42\u4ee3\u7406\uff1a\u9ad8\u6027\u80fd\u8d1f\u8f7d\u5747\u8861\u5b9e\u6218 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","isPartOf":{"@id":"https:\/\/www.wsisp.com\/helps\/#website"},"datePublished":"2026-02-27T14:30:34+00:00","dateModified":"2026-02-27T14:30:34+00:00","author":{"@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41"},"breadcrumb":{"@id":"https:\/\/www.wsisp.com\/helps\/78587.html#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.wsisp.com\/helps\/78587.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.wsisp.com\/helps\/78587.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.wsisp.com\/helps"},{"@type":"ListItem","position":2,"name":"HAProxy\u4e03\u5c42\u4ee3\u7406\uff1a\u9ad8\u6027\u80fd\u8d1f\u8f7d\u5747\u8861\u5b9e\u6218"}]},{"@type":"WebSite","@id":"https:\/\/www.wsisp.com\/helps\/#website","url":"https:\/\/www.wsisp.com\/helps\/","name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","description":"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41","name":"admin","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/","url":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","contentUrl":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","caption":"admin"},"sameAs":["http:\/\/wp.wsisp.com"],"url":"https:\/\/www.wsisp.com\/helps\/author\/admin"}]}},"_links":{"self":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/78587","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/comments?post=78587"}],"version-history":[{"count":0,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/78587\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/media\/78567"}],"wp:attachment":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/media?parent=78587"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/categories?post=78587"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/tags?post=78587"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/topic?post=78587"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}