HAProxy for Server Load balancer

HAProxy for Server Load balancer

HAProxy provides high availability, Server Load balancer, and TCP and HTTP application-based proxy. It supports Virtual Hosts and is a free, fast, and reliable solution. HAProxy is especially suitable for websites with extremely high loads, which usually require session persistence or layer-7 processing. HAProxy runs on the current hardware and supports tens of thousands of concurrent connections. In addition, its running mode enables it to be easily and securely integrated into your current architecture, while protecting your web servers from being exposed to the network.

HAProxy implements an event-driven, single-process model that supports a large number of concurrent connections. Multi-process or multi-thread models are limited by memory, system schedulers, and ubiquitous lock restrictions, and are rarely able to process thousands of concurrent connections. Because the event-driven model implements all these tasks in User Space with better resource and time management, there is no such problem. The disadvantage of this model is that in multi-core systems, these programs are generally less scalable. This is why they must be optimized to make every CPU time slice (Cycle) do more work. ---- Baidu encyclopedia

Installation:
[Root @ sherry ~] # Yum install haproxy-y

Configuration File description:
[Root @ sherry ~] # Vim/etc/haproxy. cfg
Global
Log 127.0.0.1 local2 # <address> <facility> [max level [min level]: defines a global syslog server. A maximum of two values can be defined;
Chroot/var/lib/haproxy # modifying the working directory of haproxy to the specified directory and performing the chroot () operation before giving up permissions can improve the security level of haproxy, however, make sure that the specified directory is empty and no user can write data;
Pidfile/var/run/haproxy. pid
Maxconn 4000 # set the maximum number of concurrent connections received by each haproxy process, which is equivalent to the command line option "-n "; the automatic calculation result of "ulimit-n" is set according to this parameter;
User haproxy
Group haproxy
Daemon # enables haproxy to work in the background as a daemon. It is equivalent to the "-D" option. Of course, you can also disable it with the "-db" option in the command line;
Stats socket/var/lib/haproxy/stats
Ults
Mode http
Working Mode:
Http performs In-depth analysis on the application layer data, so it supports layer-7 filtering, processing, conversion, and other mechanisms;
Tcp haproxy establishes a full-duplex connection between the client and upstream server;
The application layer protocol is not checked;
This mode should be used for SSL, MySQL, and SSL;
Log global uses the global configuration log
# Log <address> <facility> [<level> [<minlevel>] can be set to frontend.
Option httplog
Option dontlognull
Option httpclose # short connection
Option logasap # record logs first
Option dontlognull # Empty record
Option http-server-close # client timeout when a persistent connection occurs. The server automatically disconnects.
Option redispatch # automatic migration during backend server failure based on cookies
Option forwardfor partition t 127.0.0.0/8
# {Httpd. conf LogFormat "% {X-Forwarded-For} I % l % u % t \" % r \ "%> s % B" common}

Capture request header Host len 20 # record host
Capture request header Referer len 60 # record referer

Retries 3
Timeout http-request 10 s # three-way handshake waiting duration
Timeout queue 1 m # the backend is waiting for a long time in the queue
Timeout connect 10 s # timeout duration when sent to the backend
Timeout client 1 m # maximum duration of idle client Connection
Timeout server 1 m # Waiting for the duration of data sending from the backend server
Timeout http-keep-alive 10 s # maintain the connection duration
Timeout check 10 s # Health check timeout period
Maxconn 3000
Frontend main *: 5000 # define the frontend
Capture information
Capture request header Host len 15
Capture request header X-Forwarded-For len 15
Capture requset Referrer len 15
Capture request header <HEADER> len <LENGTH>
Capture response header <HEADER> len <LENGTH>
Errorfile 404/demo. php
Log 127.0.0.1 local3
Bind: 80,: 443 # The bound port can only be defined in frontend listen
Acl index path-I/index.html
Acl url_static path_beg-I/static/images/javascript/stylesheets # start part of the address
Acl url_static path_end-I. jpg. gif. png. css. js # End of the URL
Use_backend static if url_static # if the condition meets the preceding definition, the referenced backend

Use_backend app if <condition>
Use_backend app unless <condition>
Default_backend app # default backend
Backend static # define a backend
Check Method:
Option httpchk
Option httpchk <uri>
Option httpchk <method> <uri>
Option httpchk <method> <uri> <version>: cannot be used for frontend segments. For example:

Cookie <name> [rewrite | insert split | prefix multi-cookie before application] [indirect] [nocache] [postonly] [preserve] [httponly] [secure] [domain <domian>] * [maxidle <idle>] [maxlife <life>]
Add the cookie flag after each real-server.

Cookie web insert nocache cache server does not save cookie
Cookie SESSION_COOKIE insert indirect nocache Application Server
Hash-type: map-based weight; default value: Mo
This is used by the consistent hash consistency backend server
Balance roundrobin # Call method polling can only be defined in defaults listen backend
Roundrobin: Weighted Round Robin can be added. Later, servers support slow start of image servers.
Static-rr weighted static round robin does not take effect for the added servers, unless you restart the Service server to go online again and understand the allocation of high connections.
Leastconn least connections support weight change support slow start mysql slave server
Source ip address hash and saved in hash table support weighted call at ip layer
Uri increases the hit cache hit rate based on the user-requested uri
Url_param
Hdr (<name>) # Calculate only a.com based on a specified header use_domain_only www.a.com
Rdp-cookie in application call
Rdp-cookie (name)
Server static 127.0.0.1: 4331 check # backend server definition name server address health check
Backend app # define backend
Balance roundrobin # Scheduling Method Training
Server app1 127.0.0.1: 5001 check
# Backup is set as a backup server. Other servers in the server Load balancer scenario cannot be used to enable this server;
# Check: Start the health check for this server. You can use other parameters to perform more precise settings, such:
Check inter 3000 rise 2 fall 5
Inter <delay>: sets the interval for health check, in milliseconds. The default value is 2000. You can also use fastinter and downinter to optimize the delay Based on the server status;
Rise <count>: Generally, during two health checks, the number of times an offline server needs to be successfully checked from offline to normal;
Fall <count>: the number of times the server needs to be checked five times to switch from normal to unavailable;
# Cookie <value>: Set the cookie value for the specified server. The value specified here will be checked when the request is sent to the site, the server selected for this value for the first time will be selected in subsequent requests. The purpose is to implement the persistent connection function;
# Maxconn <maxconn>: specifies the maximum number of concurrent connections accepted by this server. If the number of connections on this server is higher than the value specified here, it will be placed in the Request queue, wait until other connections are released. The number of frontend connections is less than or equal to the number of backend (maxconn + maxqueue) * server-number
# Maxqueue <maxqueue>: set the maximum length of the Request queue;
# Observe <mode>: checks whether the server is healthy by observing the communication status of the server. The default value is disabled. The supported types include "layer4" and "layer7 ", "layer7" can only be used in http Proxy scenarios;
# Redir <prefix>: Enable the redirection function to send GET and HEAD requests sent to this server to respond with a 302 status code. Note that/cannot be used after prefix /, the relative address cannot be used to avoid loops. For example:
Server srv1 172.16.100.6: 80 redir http://imageserver.bkjia.com check
# Weight <weight>: weight. The default value is 1. The maximum value is. 0 indicates that the Server Load balancer instance is not involved;
Server app2 127.0.0.1: 5002 check
Server app3 127.0.0.1: 5003 check
Server app4 127.0.0.1: 5004 check
Listen stats
Bind *: 8009
Stats enable
Stats uri/haproxy? Stats
Stats auth admin: admin
Stats hide-version
Stats admin if TRUE authentication is permitted. It is generally dangerous to use stats admin if LOCALHOST on the local machine.
Acl allow src 192.168.1.0/24 # define allowed access segments
Acl deny src 192.168.1.111 # define a network for which access is denied
Tcp-request content reject if deny # Layer-7 Control of http-requset can also be rejected by the tcp layer.
Tcp-request content accept if allow # tep layer no accept
Tcp-request content reject

Session-Based Configuration:
Global
Log 127.0.0.1 local2
Chroot/var/lib/haproxy
Pidfile/var/run/haproxy. pid
Maxconn 4000
User haproxy
Group haproxy
Daemon
Stats socket/var/lib/haproxy/stats

Ults
Mode http
Log global
Option httplog
Option dontlognull
Option http-server-close
Option forwardfor partition t 127.0.0.0/8
Option redispatch
Retries 3
Timeout http-request 10 s
Timeout queue 1 m
Timeout connect 10 s
Timeout client 1 m
Timeout server 1 m
Timeout http-keep-alive 10 s
Timeout check 10 s
Maxconn 3000

Frontend web
Log 127.0.0.1 local3
Bind: 80,: 443
Default_backend webservers
Backend webservers
Option httpchk
Cookie webcookie insert nocache
Balance roundrobin
Server s1 martin: 80 check inter 3000 rise 2 fall 5 cookie s1
Server s2 lucia: 80 check inter 30000 rise 2 fall 5 cookie s2
Listen stats
Bind *: 8009
Stats enable
Stats uri/haproxy? Stats
Stats auth admin: admin
Stats hide-version
Stats admin if TRUE
Acl allow src 192.168.1.0/24
Acl deny src 192.168.1.111
Tcp-request content reject if deny
Tcp-request content accept if allow
Tcp-request content reject

Enable Logging:
[Root @ sherry ~] # Vim/etc/rsyslog. conf
# Provides UDP syslog resume tion
$ ModLoad imudp
$ UDPServerRun 514

# Provides TCP syslog restart tion
$ ModLoad imtcp
$ Inputtcpserverexecute 514
Local2. */var/log/haproxy. log


[Root @ sherry ~] #/Etc/init. d/rsyslog restart

Test results:

Haproxy + Keepalived build Weblogic high-availability server Load balancer Cluster

Keepalived + HAProxy configure high-availability Load Balancing

Haproxy + Keepalived + Apache configuration notes in CentOS 6.3

Haproxy + KeepAlived WEB Cluster on CentOS 6

Haproxy + Keepalived build high-availability Load Balancing

Configure an HTTP Load balancer using HAProxy

For details about HAproxy, click here
HAproxy: click here

This article permanently updates the link address: