load-balancer

HAProxy、Nginx LB、健康检查配置等技能。

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "load-balancer" with this command: npx skills add chaterm/terminal-skills/chaterm-terminal-skills-load-balancer

负载均衡配置

概述

HAProxy、Nginx LB、健康检查配置等技能。

HAProxy

安装与管理

安装

apt install haproxy # Debian/Ubuntu yum install haproxy # CentOS/RHEL

服务管理

systemctl start haproxy systemctl enable haproxy systemctl reload haproxy

检查配置

haproxy -c -f /etc/haproxy/haproxy.cfg

基础配置

/etc/haproxy/haproxy.cfg

global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon maxconn 4096

defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http

HTTP 负载均衡

frontend http_front bind *:80 default_backend http_back

# ACL 规则
acl is_api path_beg /api
use_backend api_back if is_api

backend http_back balance roundrobin option httpchk GET /health http-check expect status 200

server web1 192.168.1.10:8080 check weight 3
server web2 192.168.1.11:8080 check weight 2
server web3 192.168.1.12:8080 check backup

backend api_back balance leastconn option httpchk GET /api/health

server api1 192.168.1.20:8080 check
server api2 192.168.1.21:8080 check

TCP 负载均衡

frontend mysql_front bind *:3306 mode tcp default_backend mysql_back

backend mysql_back mode tcp balance roundrobin option mysql-check user haproxy

server mysql1 192.168.1.30:3306 check
server mysql2 192.168.1.31:3306 check backup

HTTPS 终止

frontend https_front bind *:443 ssl crt /etc/haproxy/certs/example.pem mode http

# 重定向 HTTP 到 HTTPS
http-request redirect scheme https unless { ssl_fc }

default_backend http_back

frontend http_front bind *:80 mode http redirect scheme https code 301

统计页面

listen stats bind *:8404 stats enable stats uri /stats stats refresh 10s stats auth admin:password stats admin if TRUE

负载均衡算法

轮询(默认)

balance roundrobin

最少连接

balance leastconn

源 IP 哈希

balance source

URI 哈希

balance uri

首个可用

balance first

Nginx 负载均衡

基础配置

/etc/nginx/nginx.conf

upstream backend { server 192.168.1.10:8080 weight=3; server 192.168.1.11:8080 weight=2; server 192.168.1.12:8080 backup; }

server { listen 80; server_name example.com;

location / {
    proxy_pass http://backend;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

}

负载均衡方法

轮询(默认)

upstream backend { server 192.168.1.10:8080; server 192.168.1.11:8080; }

权重

upstream backend { server 192.168.1.10:8080 weight=3; server 192.168.1.11:8080 weight=1; }

IP 哈希

upstream backend { ip_hash; server 192.168.1.10:8080; server 192.168.1.11:8080; }

最少连接

upstream backend { least_conn; server 192.168.1.10:8080; server 192.168.1.11:8080; }

哈希

upstream backend { hash $request_uri consistent; server 192.168.1.10:8080; server 192.168.1.11:8080; }

健康检查

upstream backend { server 192.168.1.10:8080 max_fails=3 fail_timeout=30s; server 192.168.1.11:8080 max_fails=3 fail_timeout=30s; }

Nginx Plus 主动健康检查

upstream backend { zone backend 64k; server 192.168.1.10:8080; server 192.168.1.11:8080; }

server { location / { proxy_pass http://backend; health_check interval=5s fails=3 passes=2; } }

会话保持

IP 哈希

upstream backend { ip_hash; server 192.168.1.10:8080; server 192.168.1.11:8080; }

Cookie(Nginx Plus)

upstream backend { server 192.168.1.10:8080; server 192.168.1.11:8080; sticky cookie srv_id expires=1h; }

常见场景

场景 1:蓝绿部署

HAProxy

backend blue server blue1 192.168.1.10:8080 check server blue2 192.168.1.11:8080 check

backend green server green1 192.168.1.20:8080 check server green2 192.168.1.21:8080 check

frontend http_front bind *:80 # 切换后端 use_backend green

场景 2:金丝雀发布

HAProxy - 10% 流量到新版本

frontend http_front bind *:80 acl canary rand(100) lt 10 use_backend canary_back if canary default_backend stable_back

backend stable_back server stable1 192.168.1.10:8080 check

backend canary_back server canary1 192.168.1.20:8080 check

场景 3:基于路径的路由

upstream api { server 192.168.1.10:8080; }

upstream web { server 192.168.1.20:8080; }

server { listen 80;

location /api {
    proxy_pass http://api;
}

location / {
    proxy_pass http://web;
}

}

场景 4:限流

HAProxy

frontend http_front bind *:80 stick-table type ip size 100k expire 30s store http_req_rate(10s) http-request track-sc0 src http-request deny deny_status 429 if { sc_http_req_rate(0) gt 100 }

故障排查

问题 排查方法

后端不可用 检查健康检查、后端服务

连接超时 检查超时配置、网络

会话丢失 检查会话保持配置

负载不均 检查权重、算法配置

HAProxy 统计

echo "show stat" | socat stdio /run/haproxy/admin.sock echo "show servers state" | socat stdio /run/haproxy/admin.sock

查看后端状态

curl http://localhost:8404/stats

Nginx 状态

curl http://localhost/nginx_status

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

cron

No summary provided by upstream source.

Repository SourceNeeds Review
595-chaterm
General

system-admin

No summary provided by upstream source.

Repository SourceNeeds Review
153-chaterm
General

systemd

No summary provided by upstream source.

Repository SourceNeeds Review
59-chaterm
General

vpn

No summary provided by upstream source.

Repository SourceNeeds Review
49-chaterm