HAProxy

34ac8ea75c650746c8eaf03246b8d6a7?s=47 Goran Jurić
September 18, 2015

 HAProxy

Introductory talk about HAProxy, given on September 17th 2015 at ZgPHP Meetup in net.culture club MaMa.

34ac8ea75c650746c8eaf03246b8d6a7?s=128

Goran Jurić

September 18, 2015
Tweet

Transcript

  1. HAProxy   Goran Jurić ZgPHP Meetup 17th September, 2015  

  2. •  The  Reliable,  High  Performance  TCP/HTTP   Load  Balancer • 

    V1.5  current  stable  release  
  3. It allows you to   •  Distribute the load across

    several servers •  Failover to a backup server (HA) •  Take the server offline for maintenance •  Multiple load balancing algorithms •  Protect backend servers
  4. TCP   •  Layer 4 proxy •  Load balance any

    TCP/IP traffic
  5. HTTP proxy   •  Layer 7 proxy •  Redirect to

    a specific server based on different parameters (ACLs) •  Sticky sessions
  6. Configuration   •  global •  default •  frontends •  backends

     
  7. Example   frontend www! bind *:80! bind *:443 ssl crt

    /etc/ssl/private/your-cert.pem! redirect scheme https if !{ ssl_fc }! mode http! default_backend app-servers! ! backend app-servers! !mode http! !option forwardfor! !option httpchk GET /test-url! !cookie PHPSESSID prefix nocache! !server app1 <app1-server-ip>:80 check inter 12000 rise 3 fall 3 cookie app1! !server app2 <app2-server-ip>:80 check inter 12000 rise 3 fall 3 cookie app2!
  8. ACLs   •  acl network_allowed src 20.30.40.50 20.30.40.40 ! • 

    acl restricted_page path_beg /admin ! •  acl restricted_page path_beg /helpdesk ! •  block if restricted_page !network_allowed! •  acl  is_blog  url_beg  /blog •  use_backend  some-other-backend  if  is_blog
  9. Important   •  App servers sees haproxy IP – nginx:

  10. SSL config   Mozilla  SSL  ConfiguraFon  Generator hHps://mozilla.github.io/server-­‐side-­‐tls/ssl-­‐config-­‐generator/

  11. HA in HAProxy   •  What if the server running

    HAProxy fails? •  Floating IP address •  keepalived/heartbeat/pacemaker  
  12. HA in HAProxy  

  13. HA in your application   •  Session storage – Use a

    clustered session storage – Do not use sessions •  Clustered database •  Rolling deployments  
  14. GUI  

  15. HATop  

  16. Why not nginx   •  General TCP load balancer • 

    Out of band health checks •  Admin interface to manage servers •  Powerful ACLs