1 基础知识
本章节需要你先掌握Linux系统的Haproxy编译部署,如你尚未具备此知识,烦请参阅如下章节熟悉,
2 最佳实践
2.1 部署前的准备
本章使用如下Docker环境部署,参阅本章建议你先搭建以下Docker集群环境并熟悉,
2.2 创建新镜像
2.2.1 创建镜像项目文件夹
mkdir ~/imageProject-haproxy-2.1.4
2.2.2 创建Dockerfile
vim ~/imageProject-haproxy-2.1.4/Dockerfile
加入如下配置,
FROM centos:centos7 MAINTAINER will@cmdschool.org # Update OS RUN rm -rf /etc/yum.repos.d/* RUN curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo RUN yum update -y # Deploy tools RUN yum install -y wget net-tools vim bzip2 RUN yum -y install gcc make # Download fiels WORKDIR /root/ RUN wget https://www.haproxy.org/download/2.1/src/haproxy-2.1.4.tar.gz # Deploy Haproxy WORKDIR /root/ RUN tar -xf haproxy-2.1.4.tar.gz WORKDIR /root/haproxy-2.1.4 RUN sed -i "s/PREFIX = \/usr\/local/PREFIX = \/usr/g" Makefile RUN sed -i "s/TARGET =/TARGET = linux3100/g" Makefile RUN sed -i "s/ARCH =/ARCH = x86_64/g" Makefile RUN make RUN make install RUN haproxy -v RUN mkdir -p /etc/haproxy COPY haproxy.cfg /etc/haproxy/haproxy.cfg RUN groupadd -g 200 haproxy RUN useradd -u 200 -g 200 -d /var/spool/haproxy -s /sbin/nologin haproxy # Clean cache WORKDIR /root RUN yum clean all RUN rm -rf /root/haproxy-2.1.4* # Config Start Scripts RUN echo '#!/bin/bash' > /root/start.sh RUN echo 'echo "Starting Haproxy Server...";' >> /root/start.sh RUN echo '/usr/sbin/haproxy -d -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid' >> /root/start.sh RUN chmod +x /root/start.sh EXPOSE 8080 WORKDIR /root CMD ["/bin/bash","./start.sh"]
注:
“FROM”指令声明基于“centos7”镜像打包
“COPY”指令声明复制当前目录的具体文件到打包的镜像
“RUN”指令声明容器环境执行的命令
“EXPOSE ”指令声明容器使用的端口
“WORKDIR”指令声明切换容器内部的某个目录
“CMD”指令声明启动容器执行的启动服务命令
根据以上命令的要求,我们需要准备程序所需的配置文件,
vim ~/imageProject-haproxy-2.1.4/haproxy.cfg
加入如下配置,
# # demo config for Proxy mode # global maxconn 20000 ulimit-n 40025 log 127.0.0.1 local0 uid 200 gid 200 chroot /var/empty nbproc 1 daemon frontend test-proxy bind 0.0.0.0:8080 mode http log global option httplog option dontlognull option nolinger option http_proxy maxconn 8000 timeout client 30s # layer3: Valid users acl allow_host src 192.168.200.0/32 http-request deny if !allow_host # layer7: prevent private network relaying acl forbidden_dst url_ip 192.168.0.0/24 acl forbidden_dst url_ip 172.16.0.0/12 acl forbidden_dst url_ip 10.0.0.0/8 http-request deny if forbidden_dst default_backend test-proxy-srv backend test-proxy-srv mode http timeout connect 5s timeout server 5s retries 2 option nolinger option http_proxy # layer7: Only GET method is valid acl valid_method method GET http-request deny if !valid_method # layer7: protect bad reply http-response deny if { res.hdr(content-type) audio/mp3 }
然后,可使用如下命令确认文件,
ls ~/imageProject-haproxy-2.1.4
可见如下显示,
Dockerfile haproxy.cfg
2.2.3 执行打包操作
cd ~/imageProject-haproxy-2.1.4 docker build -t build/haproxy:2.1.4 .
以上“.”指当前目录为编译目录,编译程序会自动加载“Dockerfile”文件定义,可见如下显示,
Sending build context to Docker daemon 3.072kB Step 1/28 : FROM centos:centos7 ---> 8652b9f0cb4c [...] Successfully built 5c1da1512065 Successfully tagged build/haproxy:2.1.4
完成后,可使用如下命令查看镜像,
docker images
可见如下显示,
REPOSITORY TAG IMAGE ID CREATED SIZE build/haproxy 2.1.4 5c1da1512065 3 minutes ago 743MB [...]
2.2.4 测试软件运行
docker run -d --name haproxy -p 8080:8080 build/haproxy:2.1.4
以上运行容器环境后,我们使用以下命令登录容器虚拟机,
docker exec -it `docker container ls | grep 'haproxy' | cut -d" " -f1` /bin/bash
测试apache-php运行
netstat -antp
可见如下显示,
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN -
测试完成后可使用如下命令退出容器虚拟机,
exit
另外,你可以使用如下命令查询当前运行的container,
docker ps -a
可见如下显示,
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ec38b112eda4 build/haproxy:2.1.4 "/bin/bash ./start.sh" 51 minutes ago Up 51 minutes 0.0.0.0:8080->8080/tcp haproxy [...]
然后可以使用如下命令停止并删除,
docker container stop ec38b112eda4 docker container rm ec38b112eda4
参阅文档
====================
haproxy
———–
https://www.haproxy.org/
docker hub
————
https://hub.docker.com/_/85c386ff-85a7-4d61-b309-5901f625c36f?tab=description
docker builder
————–
https://docs.docker.com/engine/reference/builder/
没有评论