haproxy basic configuration
HAPrpxy haproxy.cfg profile consists of two parts, each part is global and proxies.
global: global configuration section
进程及安全配置相关的参数
性能调整相关参数
Debug参数
proxies: the proxy configuration section
defaults:为frontend, backend, listen提供默认配置
frontend:前端,相当于nginx中的server {}
backend:后端,相当于nginx中的upstream {}
listen:同时拥有前端和后端配置
A, global configuration parameters
Official documents https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#3
- Lock directory run chroot #
- deamon # run as a daemon
- stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin #socket文件
- user, group, uid, gid # run haproxy user identity
- The number of processes nbproc # haproxy open, consistent with the CPU
- nbthread # haproxy specify the number of threads per process has been started, the default is one thread per process
- cpu-map 1 0 # haproxy binding processes to specified CPU
- The maximum number of concurrent connections per haproxy process maxconn #
- Each haproxy process under maxsslconn # ssl maximum number of connections, configure the certificate for haproxy scene
- Maxconnrate # maximum number of connections per second for each process created
- spread-checks # backend server status check random percentage of time delay or advance, between 2-5 (20% -50%) recommendations
- pidfile # pid file path specified
- log 127.0.0.1 local3 info # define global syslog server; can define up to two
Two, proxy settings
Mainly divided into the following four parts
defaults [<name>] # default configuration items, for the following frontend, backend and lsiten effect, you can more name
frontend <name> # front-end servername, like Nginx is a web hosting server.
backend <name> # backend server group, equal to the nginx upstream
the listen <name> # the frontend and backend combined configuration
2.1: Proxies Configuration -defaults
- option redispatch # When the server Id corresponding server hang, forcing directed to other healthy server
- option abortonclose # when high server load time, automatically ends off the link to the current relatively long queue processing
- option http-keep-alive # hold-open session with a client
- option forwardfor # pass-through client real IP to backend web server
- mode http # default type of work
- timeout connect 120s # client requests to the backend server connected to the longest wait time (TCP before)
- Long timeout server 600s # client requests a timeout to timeout back-end server-side (after TCP)
- timeout client 600s # client longest period of inactivity
- timeout http-keep-alive 120s #session session remains timeout, it will be forwarded to the same backend server within range
- timeout check 5s # detect timeout on back-end servers
2.2: Proxies Configuration -frontend configuration parameters
bind: Specifies HAProxy listen address, or may be IPV4 IPV6, can monitor a plurality of IP ports or simultaneously, may be used for both field listen
bind [<address>]: < port_range> [, ...] [param *]
Http monitor multiple IP ports and sock multiple files
listen http_proxy #监听http的多个IP的多个端口和sock文件
bind :80,:443,:8801-8810
bind 10.0.0.1:10080,10.0.0.1:10443
bind /var/run/ssl-frontend.sock user root mode 600 accept-proxy
https monitor
listen http_https_proxy #https监听
bind :80
bind :443 ssl crt /etc/haproxy/site.pem
Monitor ipv6, ipv4 and unix sock file
listen http_https_proxy_explicit #监听ipv6、ipv4和unix sock文件
bind ipv6@:80
bind ipv4@public_ssl:443 ssl crt /etc/haproxy/site.pem
bind [email protected] user root mode 600 accept-proxy
Monitor file descriptor
listen external_bind_app1 #监听file descriptor
bind "fd@${FD_APP1}"
Production Example
frontend WEB_PORT
bind :80,:8080
bind 192.168.7.102:10080,:8801-8810,192.168.7.101:9001-9010
mode http/tcp #指定负载协议类型
use_backend backend_name #调用的后端服务器组名称
2.3: Proxies configuration -backend
Define a set of back-end server, backend server frontend will be invoked.
mode http/tcp #指定负载协议类型
option #配置选项
server #定义后端real server
Note: back option plus httpchk, smtpchk, mysql-check, pgsql-check, ssl-hello-chk methods, may be used to achieve more application layer detection.
server 格式: server <name>\ <address>[:port] [settings …]
Server setting of parameters
-
check # specified real health status check, the default is not open
addr IP #可指定的健康状态监测IP port num #指定的健康状态监测端口 inter num #健康状态检查间隔时间,默认2000 ms fall num #后端服务器失效检查次数,默认为3 rise num #后端服务器从下线恢复检查次数,默认为2
-
weight # The default is 1 and the maximum is 256,0 said they did not participate in load balancing
-
backup # back-end server marked for backup status
-
The back-end server is disabled # marked as unavailable state
-
redirect prefix http://www.mage.net/ # temporary redirects the request to another URL, applies only to http mode
-
maxconn <maxconn>: Maximum number of concurrent connections a current backend server
-
backlog <backlog>: When the number of connections reaches the upper limit of the backup server queue length
2.4: frontend + backend configuration example
#官网业务访问入口======================================
frontend WEB_PORT_80
bind 192.168.7.248:80
mode http
use_backend web_prot_http_nodes
backend web_prot_http_nodes
mode http
option forwardfor
server 192.168.7.101 192.168.7.101:8080 check inter 3000 fall 3 rise 5
server 192.168.7.102 192.168.7.102:8080 check inter 3000 fall 3 rise 5
2.5: listen alternative example of the configuration of frontend and backend
#官网业务访问入口=====================================
listen WEB_PORT_80
bind 192.168.7.102:80
mode http
option forwardfor
server web1 192.168.7.101:80 check inter 3000 fall 3 rise 5
server web2 192.168.7.101:80 check inter 3000 fall 3 rise 5