Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HAProxy

Goran Jurić
September 18, 2015

 HAProxy

Introductory talk about HAProxy, given on September 17th 2015 at ZgPHP Meetup in net.culture club MaMa.

Goran Jurić

September 18, 2015
Tweet

More Decks by Goran Jurić

Other Decks in Technology

Transcript

  1. HAProxy   Goran Jurić ZgPHP Meetup 17th September, 2015  

  2. •  The  Reliable,  High  Performance  TCP/HTTP   Load  Balancer • 

    V1.5  current  stable  release  
  3. It allows you to   •  Distribute the load across

    several servers •  Failover to a backup server (HA) •  Take the server offline for maintenance •  Multiple load balancing algorithms •  Protect backend servers
  4. TCP   •  Layer 4 proxy •  Load balance any

    TCP/IP traffic
  5. HTTP proxy   •  Layer 7 proxy •  Redirect to

    a specific server based on different parameters (ACLs) •  Sticky sessions
  6. Configuration   •  global •  default •  frontends •  backends

     
  7. Example   frontend www! bind *:80! bind *:443 ssl crt

    /etc/ssl/private/your-cert.pem! redirect scheme https if !{ ssl_fc }! mode http! default_backend app-servers! ! backend app-servers! !mode http! !option forwardfor! !option httpchk GET /test-url! !cookie PHPSESSID prefix nocache! !server app1 <app1-server-ip>:80 check inter 12000 rise 3 fall 3 cookie app1! !server app2 <app2-server-ip>:80 check inter 12000 rise 3 fall 3 cookie app2!
  8. ACLs   •  acl network_allowed src 20.30.40.50 20.30.40.40 ! • 

    acl restricted_page path_beg /admin ! •  acl restricted_page path_beg /helpdesk ! •  block if restricted_page !network_allowed! •  acl  is_blog  url_beg  /blog •  use_backend  some-other-backend  if  is_blog
  9. Important   •  App servers sees haproxy IP – nginx:

  10. SSL config   Mozilla  SSL  ConfiguraFon  Generator hHps://mozilla.github.io/server-­‐side-­‐tls/ssl-­‐config-­‐generator/

  11. HA in HAProxy   •  What if the server running

    HAProxy fails? •  Floating IP address •  keepalived/heartbeat/pacemaker  
  12. HA in HAProxy  

  13. HA in your application   •  Session storage – Use a

    clustered session storage – Do not use sessions •  Clustered database •  Rolling deployments  
  14. GUI  

  15. HATop  

  16. Why not nginx   •  General TCP load balancer • 

    Out of band health checks •  Admin interface to manage servers •  Powerful ACLs