From 6b09c9b71498ce585faf7c2be78ac66a3ef73a1d Mon Sep 17 00:00:00 2001
From: cnphpbb <moqiruyi@gmail.com>
Date: Tue, 16 Dec 2025 13:13:48 +0800
Subject: [PATCH] =?UTF-8?q?feat(haproxy):=20=E6=B7=BB=E5=8A=A0haproxy?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6=E5=92=8C=E9=83=A8=E7=BD=B2?=
 =?UTF-8?q?=E6=96=87=E6=A1=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

添加haproxy相关配置文件包括：
1. 部署文档readme.md
2. 环境变量配置文件env.cfg
3. docker-compose部署文件stack.yml
4. MySQL和Redis代理配置haproxy_mysql_redis.cfg
5. 主配置文件haproxy.cfg
---
 config/haproxy/haproxy_mysql_redis.cfg | 100 +++++++++++++++++++++++
 haproxy/config/haproxy.cfg             | 105 +++++++++++++++++++++++++
 haproxy/env.cfg                        |   7 ++
 haproxy/readme.md                      |   4 +
 haproxy/stack.yml                      |  14 ++++
 5 files changed, 230 insertions(+)
 create mode 100644 config/haproxy/haproxy_mysql_redis.cfg
 create mode 100644 haproxy/config/haproxy.cfg
 create mode 100644 haproxy/env.cfg
 create mode 100644 haproxy/readme.md
 create mode 100644 haproxy/stack.yml

diff --git a/config/haproxy/haproxy_mysql_redis.cfg b/config/haproxy/haproxy_mysql_redis.cfg
new file mode 100644
index 0000000..012fc7b
--- /dev/null
+++ b/config/haproxy/haproxy_mysql_redis.cfg
@@ -0,0 +1,100 @@
+# haproxy-mysql-redis.cfg
+global
+    daemon
+    user haproxy
+    group haproxy
+    log 127.0.0.1 local0 info
+    maxconn 4096
+    tune.ssl.default-dh-param 2048
+    stats socket /var/run/haproxy/admin.sock mode 660 level admin
+    stats timeout 30s
+
+defaults
+    log     global
+    mode    tcp
+    option  tcplog
+    option  dontlognull
+    timeout connect 5000ms
+    timeout client  50000ms
+    timeout server  50000ms
+    retries 3
+    balance leastconn
+
+# MySQL 代理配置
+frontend mysql_frontend
+    bind *:3306
+    mode tcp
+    option tcplog
+    
+    # 访问控制（根据需要设置IP白名单）
+    # acl allowed_ips src 192.168.1.0/24 10.0.0.0/8
+    # tcp-request connection reject if !allowed_ips
+    
+    # 连接限制
+    maxconn 1000
+    
+    # 默认后端
+    default_backend mysql_servers
+
+backend mysql_servers
+    mode tcp
+    balance leastconn
+    
+    # 健康检查配置
+    option tcp-check
+    tcp-check connect
+    tcp-check send PING\r\n
+    tcp-check expect string mysql_native_password
+    
+    # 服务器配置
+    server mysql01 192.168.1.200:3306 check inter 2000 rise 2 fall 3
+    
+    # 连接池配置
+    timeout server 30s
+    timeout connect 5s
+
+# Redis 代理配置
+frontend redis_frontend
+    bind *:6379
+    mode tcp
+    option tcplog
+    
+    # 访问控制
+    # acl redis_allowed src 192.168.1.50 192.168.1.51
+    # tcp-request connection reject if !redis_allowed
+    
+    # 连接限制
+    maxconn 2000
+    
+    default_backend redis_servers
+
+backend redis_servers
+    mode tcp
+    balance first
+    
+    # Redis 健康检查
+    option tcp-check
+    tcp-check connect
+    tcp-check send PING\r\n
+    tcp-check expect string +PONG
+    tcp-check send QUIT\r\n
+    tcp-check expect string +OK
+    
+    # 服务器配置
+    server redis01 192.168.1.200:6379 check inter 1000 rise 1 fall 2
+    
+    # Redis 特定配置
+    timeout server 10s
+    timeout connect 2s
+
+# 监控统计页面
+listen stats
+    bind *:1936
+    mode http
+    stats enable
+    stats hide-version
+    stats realm HAProxy\ Statistics
+    stats uri /haproxy_stats
+    stats auth admin:YourSecurePassword123!
+    stats refresh 10s
+
diff --git a/haproxy/config/haproxy.cfg b/haproxy/config/haproxy.cfg
new file mode 100644
index 0000000..1973a25
--- /dev/null
+++ b/haproxy/config/haproxy.cfg
@@ -0,0 +1,105 @@
+# haproxy-mysql-redis.cfg
+global
+    daemon
+    user haproxy
+    group haproxy
+    log 127.0.0.1 local0 info
+    maxconn 4096
+    tune.ssl.default-dh-param 2048
+    stats socket /var/run/haproxy/admin.sock mode 660 level admin
+    stats timeout 30s
+
+defaults
+    log     global
+    mode    tcp
+    option  tcplog
+    option  dontlognull
+    timeout connect 5000ms
+    timeout client  50000ms
+    timeout server  50000ms
+    retries 3
+    balance leastconn
+
+# MySQL 代理配置
+frontend mysql_frontend
+    bind *:3306
+    mode tcp
+    option tcplog
+    
+    # 访问控制（根据需要设置IP白名单）
+    # acl allowed_ips src 192.168.1.0/24 10.0.0.0/8
+    # tcp-request connection reject if !allowed_ips
+    
+    # 连接速率限制
+    #stick-table type ip size 100k expire 1h store conn_rate(10s)
+    #tcp-request connection track-sc0 src
+    #tcp-request connection reject if { sc0_conn_rate gt 10 }
+    
+    # 连接限制
+    maxconn 1000
+    
+    # 默认后端
+    default_backend mysql_servers
+
+backend mysql_servers
+    mode tcp
+    balance leastconn
+    
+    # 健康检查配置
+    option tcp-check
+    tcp-check connect
+    tcp-check send PING\r\n
+    tcp-check expect string mysql_native_password
+    
+    # 服务器配置
+    server mysql01 192.168.1.200:3306 check inter 2000 rise 2 fall 3
+    
+    # 连接池配置
+    timeout server 30s
+    timeout connect 5s
+
+# Redis 代理配置
+frontend redis_frontend
+    bind *:6379
+    mode tcp
+    option tcplog
+    
+    # 访问控制
+    # acl redis_allowed src 192.168.1.50 192.168.1.51
+    # tcp-request connection reject if !redis_allowed
+    
+    # 连接限制
+    maxconn 2000
+    
+    default_backend redis_servers
+
+backend redis_servers
+    mode tcp
+    balance first
+    
+    # Redis 健康检查
+    option tcp-check
+    tcp-check connect
+    tcp-check send PING\r\n
+    tcp-check expect string +PONG
+    tcp-check send QUIT\r\n
+    tcp-check expect string +OK
+    
+    # 服务器配置
+    server redis01 192.168.1.200:6379 check inter 1000 rise 1 fall 2
+    
+    # Redis 特定配置
+    timeout server 10s
+    timeout connect 2s
+
+# 监控统计页面
+listen stats
+    bind *:1936
+    mode http
+    stats enable
+    stats hide-version
+    stats realm HAProxy\ Statistics
+    stats uri /haproxy_stats
+    stats auth admin:YourSecurePassword123!
+    stats refresh 10s
+
diff --git a/haproxy/env.cfg b/haproxy/env.cfg
new file mode 100644
index 0000000..1fa3a74
--- /dev/null
+++ b/haproxy/env.cfg
@@ -0,0 +1,7 @@
+IMAGE_TAG_VER=3.3.0
+IMAGE_TAG_DEV=3.4-dev
+IMAGE_TAG=haproxy:${IMAGE_TAG_VER}
+Volumes_Path=/data/configs/haproxy
+REDIS_PORT=6379
+MYSQL_TEST_PORT=3306
+MYSQL_DEV_PORT=3308
diff --git a/haproxy/readme.md b/haproxy/readme.md
new file mode 100644
index 0000000..6c419b2
--- /dev/null
+++ b/haproxy/readme.md
@@ -0,0 +1,4 @@
+
+### 监控
+
+通过浏览器访问 http://<your-haproxy-host>:1936/haproxy_stats 查看实时统计信息。
\ No newline at end of file
diff --git a/haproxy/stack.yml b/haproxy/stack.yml
new file mode 100644
index 0000000..0764e0b
--- /dev/null
+++ b/haproxy/stack.yml
@@ -0,0 +1,14 @@
+## RUN:: docker compose -p haproxy --env-file ./haproxy/env.cfg -f ./haproxy/stack.yml up -d
+
+services:
+  haproxy:
+    image: ${IMAGE_TAG}
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ${Volumes_Path}/haproxy/:/usr/local/etc/haproxy
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      - TZ=Asia/Shanghai
\ No newline at end of file