歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux管理 >> Linux配置

haproxy代理流程的數據進行抓包分析

haproxy代理流程的數據進行抓包分析 itniaho
各模塊名稱以及作用
 
haproxy.cfg文件配置如下
global 
           maxconn 20480                 
           log 127.0.0.1 local3          
           chroot /var/haproxy           
           uid 99                        
           gid 99                        
           daemon                        
           nbproc 1                      
           pidfile /var/run/haproxy.pid  
           ulimit-n 65535                
    defaults 
            log global 
            mode http           
            maxconn 20480       
            option httplog      
            option httpclose    
            option dontlognull  
            option forwardfor   
            option redispatch   
            option abortonclose 
            stats refresh 30    
            retries 3           
            balance roundrobin  
            contimeout 5000     
            clitimeout 50000    
            srvtimeout 50000    
            timeout check 2000  
     
    listen  admin_status                  
            bind 0.0.0.0:65532           
            mode http                    
            log 127.0.0.1 local3 err     
            stats refresh 5s             
            stats uri /admin?stats       
            stats realm itnihao\ itnihao 
            stats auth admin:admin       
            stats auth admin1:admin1     
            stats hide-version           
            stats admin if TRUE          
            errorfile 403 /etc/haproxy/errorfiles/403.http 
            errorfile 500 /etc/haproxy/errorfiles/500.http 
            errorfile 502 /etc/haproxy/errorfiles/502.http 
            errorfile 503 /etc/haproxy/errorfiles/503.http 
            errorfile 504 /etc/haproxy/errorfiles/504.http 
     
            capture request  header Host           len 40 
            capture request  header Content-Length len 10 
            capture request  header Referer        len 200 
            capture response header Server         len 40 
            capture response header Content-Length len 10 
            capture response header Cache-Control  len 8 
    listen  site_status 
            bind 0.0.0.0:1081                     
            mode http                             
            log 127.0.0.1 local3 err              
            monitor-uri /site_status              
            acl site_dead nbsrv(server_web) lt 2  
            monitor fail if site_dead 
     
    frontend  http_80_in 
            bind 0.0.0.0:80   
            mode http         
            log global        
            option httplog   
            option httpclose  
            option forwardfor 
            acl itnihao_web hdr_reg(host) -i ^(www.itnihao.cn|ww1.itnihao.cn)$ 
            acl itnihao_blog hdr_dom(host) -i blog.itnihao.cn 
            use_backend  server_web  if itnihao_web 
            use_backend  server_blog if itnihao_blog 
            default_backend server_bbs 
     
    backend server_web 
            mode http           
            balance roundrobin  
            cookie SERVERID     
            option httpchk GET /index.html 
            server web1 192.168.16.2:80 cookie web1 check inter 1500 rise 3 fall 3 weight 1 
            server web2 192.168.16.3:80 cookie web2 check inter 1500 rise 3 fall 3 weight 2 
     
    backend server_bbs 
            mode http          
            balance roundrobin 
            cookie SERVERID    
            option httpchk GET /index.html 
            server bbs1 192.168.16.2:80 cookie bbs1 check inter 1500 rise 3 fall 3 weight 1 
            server bbs2 192.168.16.3:80 cookie bbs2 check inter 1500 rise 3 fall 3 weight 2 

客戶端192.168.16.90訪問http://ww1.itnihao.cn

Haproxy的日志如下,可以看到,負載均衡到web2和web1上面去了


詳細日志如下所示
Jul  2 04:09:19 localhost haproxy[30015]: 192.168.16.90:4329 [02/Jul/2012:04:09:19.876] http_80_in server_web/web2 31/0/10/0/44 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:19 localhost haproxy[30015]: 192.168.16.90:4329 [02/Jul/2012:04:09:19.876] http_80_in server_web/web2 31/0/10/0/44 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:19 localhost haproxy[30015]: 192.168.16.90:4329 [02/Jul/2012:04:09:19.876] http_80_in server_web/web2 31/0/10/0/44 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:19 localhost haproxy[30015]: 192.168.16.90:4329 [02/Jul/2012:04:09:19.876] http_80_in server_web/web2 31/0/10/0/44 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:19 localhost haproxy[30015]: 192.168.16.90:4329 [02/Jul/2012:04:09:19.876] http_80_in server_web/web2 31/0/10/0/44 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:19 localhost haproxy[30015]: 192.168.16.90:4329 [02/Jul/2012:04:09:19.876] http_80_in server_web/web2 31/0/10/0/44 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:22 localhost haproxy[30015]: 192.168.16.90:4330 [02/Jul/2012:04:09:21.985] http_80_in server_web/web1 6/0/35/27/70 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:22 localhost haproxy[30015]: 192.168.16.90:4330 [02/Jul/2012:04:09:21.985] http_80_in server_web/web1 6/0/35/27/70 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:22 localhost haproxy[30015]: 192.168.16.90:4330 [02/Jul/2012:04:09:21.985] http_80_in server_web/web1 6/0/35/27/70 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:22 localhost haproxy[30015]: 192.168.16.90:4330 [02/Jul/2012:04:09:21.985] http_80_in server_web/web1 6/0/35/27/70 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:22 localhost haproxy[30015]: 192.168.16.90:4330 [02/Jul/2012:04:09:21.985] http_80_in server_web/web1 6/0/35/27/70 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

Jul  2 04:09:22 localhost haproxy[30015]: 192.168.16.90:4330 [02/Jul/2012:04:09:21.985] http_80_in server_web/web1 6/0/35/27/70 200 271 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

在web2上面抓包


查看抓包數據如下

 客戶端192.168.16.90首先向ww1.itnihao.cn(192.168.16.22)發送請求,haproxy代理服務器192.168.16.22收到請求,根據以下的配置文件的則,將請求用調度算法roundrobin轉發給後端web2,即192.168.16.3
frontend  http_80_in

       bind 0.0.0.0:80   

       mode http         

       log global        

       option httplog    

       option httpclose  

       option forwardfor 

       acl  itnihao_web  hdr_reg(host)  -i  ^(www.itnihao.cn|ww1.itnihao.cn)$

       use_backend  server_web  if  itnihao_web   

backend server_web

       mode http

       balance roundrobin

       cookie SERVERID

       option httpchk GET /index.html 

       server  web1  192.168.16.2:80  cookie  web1 check inter 1500 rise 3 fall 3 weight 1

       server  web2  192.168.16.3:80  cookie  web2 check inter 1500 rise 3 fall 3 weight 2


可以看到,haproxy會將請求的www.itnihao.cn轉發給192.168.16.3,且標記客戶端的ip,如192.168.16.3有多個基於域名的虛擬主機,可以通過請求的域名來正確的識別到虛擬主機,這點無需擔心。
ip轉發的選項是option forwardfor 轉發過來的ip,如此,則端服務器可以獲取到真實的客戶端ip

 192.168.16.3響應haproxy的請求,將數據index.html提供給haproxy192.168.16.22

 代理過程完成,192.168.16.
22將index.html數據發送給用戶端,用戶端192.168.16.90完成此次的服務器請求,對用戶來說是完全透明的。

同理,代理將請求轉發給192.168.16.2,敘述過程不再重復,從抓包數據的結果可以看到



Copyright © Linux教程網 All Rights Reserved