TCP、HTTP负载均衡设置同时可防DDOS等恶意攻击,要做超大规模并发平台的看过来
配置如下:
global # 全局参数的设置
log 127.0.0.1 local2
# log语法:log <address_1>[max_level_1]
# 全局的日志配置,使用log关键字,
# 指定使用127.0.0.1
# 上的syslog服务中的local0日志设备,记录日志等级为info的日志
chroot /tcpserver/haproxy #改变当前工作目录
pidfile /tcpserver/haproxy/haproxy.pid #当前进程id文件
maxconn 40000 #最大连接数
user root # haproxy #所属用户
group root #haproxy #所属组
daemon #以守护进程方式运行haproxy
#stats socket /usr/local/haproxy/stats
defaults
#mode tcp
#默认的模式mode { tcp|http|health },tcp是4层,http是7层,health只会返回OK
log global #应用全局的日志配置
option tcplog
option dontlognull
option redispatch
retries 3
timeout connect 10000s #连接超时
#timeout client 10000m #客户端超时
#timeout server 10000m #服务器端超时
maxconn 30000 #每个进程可用的最大连接数
#listen listenserver_6502
#bind 0.0.0.0:6502
#mode tcp
#balance leastconn #负载均衡算法
#backend tcpserver
# server tcp01 134.98.1.205:6501 check inter 5000 rise 2 fall 2 weight 30
# server tcp02 134.98.1.206:6501 check inter 5000 rise 2 fall 2 weight 30
# server tcp03 134.98.1.207:6501 check inter 5000 rise 2 fall 2 weight 30
#frontend tcpserver_6502
#bind 0.0.0.0:6502
backend tcpserver_6501
listen listenserver_6501
bind 0.0.0.0:6501
#bind 0.0.0.0:6502
mode tcp
balance leastconn
server 203_6501 134.98.1.203:6501 check inter 2000 fall 3
server 204_6501 134.98.1.204:6501 check inter 2000 fall 3
server 205_6501 134.98.1.205:6501 check inter 2000 fall 3
server 206_6501 134.98.1.206:6501 check inter 2000 fall 3
server 207_6501 134.98.1.207:6501 check inter 2000 fall 3
#server 210_6501 134.98.1.210:6501 check inter 2000 fall 3
backend tcpserver_6502
listen listenserver_6502
bind 0.0.0.0:6502
#bind 0.0.0.0:6502
mode tcp
balance leastconn
server 202_6502 134.98.1.202:6503
server 203_6502 134.98.1.203:6503
server 204_6502 134.98.1.204:6503
server 205_6502 134.98.1.205:6503
server 206_6502 134.98.1.206:6503
server 207_6502 134.98.1.207:6503
server 210_6502 134.98.1.210:6503
backend tcpserver_3310
listen listenserver_3310
bind 0.0.0.0:3310
mode tcp
balance leastconn
server 203_3306 134.98.1.203:3306
server 204_3306 134.98.1.204:3306
backend tcpserver_61614
listen listenserver_61614
bind 0.0.0.0:61614
mode tcp
balance leastconn
server 203_61614 134.98.1.203:61614
server 204_61614 134.98.1.204:61614
backend tcpserver_1883
listen listenserver_1883
bind 0.0.0.0:1883
mode tcp
balance leastconn
server 203_1883 134.98.1.203:1883
server 204_1883 134.98.1.204:1883
#backend httpserver_8080
#listen listenserver_8080
#bind 0.0.0.0:8080
# mode http
# #balance source
# balance leastconn
# #JSESSIONID len 64 timeout 5h request-learn
# cookie JSESSIONID prefix nocache
# server 41_8080 134.98.1.41:8080
# server 27_8080 134.98.1.27:8080
frontend ft_web
bind 0.0.0.0:8080
#防止DDOS攻击 begin
stick-table type ip size 100k expire 30s store conn_cur,conn_rate(3s) # 3秒内的连接次数限制到20次
#tcp-request connection accept if {src -f /tcpserver/haproxy/whitelist.lst}
tcp-request connection reject if { src_conn_cur ge 10 } || { src_conn_cur ge 20 }
tcp-request connection track-sc1 src
#防止DDOS攻击 end
default_backend bk_web
backend bk_web
mode http
balance leastconn
cookie JSESSIONID prefix nocache
server s1 134.98.1.41:8080 check cookie s1
server s2 134.98.1.27:8080 check cookie s2
frontend nb_web
bind 0.0.0.0:6504
#mode http
#防止DDOS攻击 begin
stick-table type ip size 100k expire 30s store conn_cur,conn_rate(3s) # 3秒内的连接次数限制到20次
#tcp-request connection accept if {src -f /tcpserver/haproxy/whitelist.lst}
tcp-request connection reject if { src_conn_cur ge 10 } || { src_conn_cur ge 20 }
tcp-request connection track-sc1 src
#防止DDOS攻击 end
default_backend nb_bk_web
backend nb_bk_web
mode http
balance leastconn
cookie JSESSIONID prefix nocache
server nb1 134.98.1.202:6504 check cookie nb1
server nb2 134.98.1.203:6504 check cookie nb2
server nb3 134.98.1.204:6504 check cookie nb3
server nb4 134.98.1.205:6504 check cookie nb4
server nb5 134.98.1.206:6504 check cookie nb5
server nb6 134.98.1.207:6504 check cookie nb6
本人原创未经许可可随意转载!
服务器安装可参考下一篇!