Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HAProxy

Goran Jurić
September 18, 2015

 HAProxy

Introductory talk about HAProxy, given on September 17th 2015 at ZgPHP Meetup in net.culture club MaMa.

Goran Jurić

September 18, 2015
Tweet

More Decks by Goran Jurić

Other Decks in Technology

Transcript

  1. HAProxy  
    Goran Jurić
    ZgPHP Meetup
    17th September, 2015
     

    View Slide

  2. •  The  Reliable,  High  Performance  TCP/HTTP  
    Load  Balancer
    •  V1.5  current  stable  release  

    View Slide

  3. It allows you to  
    •  Distribute the load across several
    servers
    •  Failover to a backup server (HA)
    •  Take the server offline for maintenance
    •  Multiple load balancing algorithms
    •  Protect backend servers

    View Slide

  4. TCP  
    •  Layer 4 proxy
    •  Load balance any TCP/IP traffic

    View Slide

  5. HTTP proxy  
    •  Layer 7 proxy
    •  Redirect to a specific server based on
    different parameters (ACLs)
    •  Sticky sessions

    View Slide

  6. Configuration  
    •  global
    •  default
    •  frontends
    •  backends  

    View Slide

  7. Example  
    frontend www!
    bind *:80!
    bind *:443 ssl crt /etc/ssl/private/your-cert.pem!
    redirect scheme https if !{ ssl_fc }!
    mode http!
    default_backend app-servers!
    !
    backend app-servers!
    !mode http!
    !option forwardfor!
    !option httpchk GET /test-url!
    !cookie PHPSESSID prefix nocache!
    !server app1 :80 check inter 12000 rise 3 fall 3 cookie app1!
    !server app2 :80 check inter 12000 rise 3 fall 3 cookie app2!

    View Slide

  8. ACLs
     
    •  acl network_allowed src 20.30.40.50 20.30.40.40 !
    •  acl restricted_page path_beg /admin !
    •  acl restricted_page path_beg /helpdesk !
    •  block if restricted_page !network_allowed!
    •  acl  is_blog  url_beg  /blog
    •  use_backend  some-other-backend  if  is_blog

    View Slide

  9. Important  
    •  App servers sees haproxy IP
    – nginx:

    View Slide

  10. SSL config
     
    Mozilla  SSL  ConfiguraFon  Generator

    hHps://mozilla.github.io/server-­‐side-­‐tls/ssl-­‐config-­‐generator/

    View Slide

  11. HA in HAProxy  
    •  What if the server running HAProxy
    fails?
    •  Floating IP address
    •  keepalived/heartbeat/pacemaker  

    View Slide

  12. HA in HAProxy  

    View Slide

  13. HA in your application  
    •  Session storage
    – Use a clustered session storage
    – Do not use sessions
    •  Clustered database
    •  Rolling deployments  

    View Slide

  14. GUI  

    View Slide

  15. HATop  

    View Slide

  16. Why not nginx  
    •  General TCP load balancer
    •  Out of band health checks
    •  Admin interface to manage servers
    •  Powerful ACLs

    View Slide