haproxy basic configuration

haproxy basic configuration

HAPrpxy haproxy.cfg profile consists of two parts, each part is global and proxies.

global: global configuration section

进程及安全配置相关的参数
性能调整相关参数
Debug参数

proxies: the proxy configuration section

defaults：为frontend, backend, listen提供默认配置
frontend：前端，相当于nginx中的server {}
backend：后端，相当于nginx中的upstream {}
listen：同时拥有前端和后端配置

A, global configuration parameters

Official documents https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#3

• Lock directory run chroot #
• deamon # run as a daemon
• stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin #socket文件
• user, group, uid, gid # run haproxy user identity
• The number of processes nbproc # haproxy open, consistent with the CPU
• nbthread # haproxy specify the number of threads per process has been started, the default is one thread per process
• cpu-map 1 0 # haproxy binding processes to specified CPU
• The maximum number of concurrent connections per haproxy process maxconn #
• Each haproxy process under maxsslconn # ssl maximum number of connections, configure the certificate for haproxy scene
• Maxconnrate # maximum number of connections per second for each process created
• spread-checks # backend server status check random percentage of time delay or advance, between 2-5 (20% -50%) recommendations
• pidfile # pid file path specified
• log 127.0.0.1 local3 info # define global syslog server; can define up to two

Two, proxy settings

Official Documents

Mainly divided into the following four parts

defaults [<name>] # default configuration items, for the following frontend, backend and lsiten effect, you can more name
frontend <name> # front-end servername, like Nginx is a web hosting server.
backend <name> # backend server group, equal to the nginx upstream
the listen <name> # the frontend and backend combined configuration

2.1: Proxies Configuration -defaults

• option redispatch # When the server Id corresponding server hang, forcing directed to other healthy server
• option abortonclose # when high server load time, automatically ends off the link to the current relatively long queue processing
• option http-keep-alive # hold-open session with a client
• option forwardfor # pass-through client real IP to backend web server
• mode http # default type of work
• timeout connect 120s # client requests to the backend server connected to the longest wait time (TCP before)
• Long timeout server 600s # client requests a timeout to timeout back-end server-side (after TCP)
• timeout client 600s # client longest period of inactivity
• timeout http-keep-alive 120s #session session remains timeout, it will be forwarded to the same backend server within range
• timeout check 5s # detect timeout on back-end servers

2.2: Proxies Configuration -frontend configuration parameters

bind: Specifies HAProxy listen address, or may be IPV4 IPV6, can monitor a plurality of IP ports or simultaneously, may be used for both field listen
bind [<address>]: < port_range> [, ...] [param *]

Http monitor multiple IP ports and sock multiple files

listen http_proxy #监听http的多个IP的多个端口和sock文件
   bind :80,:443,:8801-8810
   bind 10.0.0.1:10080,10.0.0.1:10443
   bind /var/run/ssl-frontend.sock user root mode 600 accept-proxy

https monitor

listen http_https_proxy #https监听
   bind :80
   bind :443 ssl crt /etc/haproxy/site.pem

Monitor ipv6, ipv4 and unix sock file

listen http_https_proxy_explicit #监听ipv6、ipv4和unix sock文件
   bind ipv6@:80
   bind ipv4@public_ssl:443 ssl crt /etc/haproxy/site.pem
   bind [email protected] user root mode 600 accept-proxy

Monitor file descriptor

listen external_bind_app1 #监听file descriptor
   bind "fd@${FD_APP1}"

Production Example

frontend WEB_PORT
   bind :80,:8080
   bind 192.168.7.102:10080,:8801-8810,192.168.7.101:9001-9010
   mode http/tcp     #指定负载协议类型
   use_backend backend_name #调用的后端服务器组名称

2.3: Proxies configuration -backend

Define a set of back-end server, backend server frontend will be invoked.

mode http/tcp     #指定负载协议类型
option 	#配置选项
server   #定义后端real server

Note: back option plus httpchk, smtpchk, mysql-check, pgsql-check, ssl-hello-chk methods, may be used to achieve more application layer detection.

server 格式： server <name>\ <address>[:port] [settings …]

Server setting of parameters

• check # specified real health status check, the default is not open

    addr IP   #可指定的健康状态监测IP
  
     port num #指定的健康状态监测端口
  
     inter num #健康状态检查间隔时间，默认2000 ms
  
    fall num   #后端服务器失效检查次数，默认为3
  
    rise num   #后端服务器从下线恢复检查次数，默认为2
  

• weight # The default is 1 and the maximum is 256,0 said they did not participate in load balancing

• backup # back-end server marked for backup status

• The back-end server is disabled # marked as unavailable state

• redirect prefix http://www.mage.net/ # temporary redirects the request to another URL, applies only to http mode

• maxconn <maxconn>: Maximum number of concurrent connections a current backend server

• backlog <backlog>: When the number of connections reaches the upper limit of the backup server queue length

2.4: frontend + backend configuration example

#官网业务访问入口======================================
frontend WEB_PORT_80
   bind 192.168.7.248:80
   mode http
   use_backend web_prot_http_nodes

backend web_prot_http_nodes
   mode http
   option forwardfor
   server 192.168.7.101 192.168.7.101:8080   check inter 3000 fall 3 rise 5
   server 192.168.7.102 192.168.7.102:8080   check inter 3000 fall 3 rise 5

2.5: listen alternative example of the configuration of frontend and backend

#官网业务访问入口=====================================
listen WEB_PORT_80
   bind 192.168.7.102:80
   mode http
   option forwardfor
   server web1   192.168.7.101:80   check inter 3000 fall 3 rise 5
   server web2   192.168.7.101:80   check inter 3000 fall 3 rise 5