Date created: 04/08/13 14:21:31. Last modified: 01/22/18 09:01:27

HAProxy

Install:

wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.23.tar.gz
tar -xzf haproxy-1.4.23.tar.gz
cd haproxy-1.4.23/
# sudo apt-get install libpcre3-dev
make TARGET=linux26 USE_PCRE=1
sudo make install

Create /etc/rsyslog.d/haproxy.conf with the following contents to create a log in /var/log for haproxy;

# ..and in any case, put these two in /etc/rsyslog.d/haproxy.conf:
local1.* -/var/log/haproxy_1.log
& ~ 
# & ~ means not to put what matched in the above line anywhere else for the rest of the rules
# http://serverfault.com/questions/214312/how-to-keep-haproxy-log-messages-out-of-var-log-syslog

May also need to uncomment the following in /etc/rsyslog.conf

$ModLoad imudp.so
$UDPServerRun 514

sudo /etc/init.d/rsyslog restart

Config:

global
        log 127.0.0.1 local1 info info
        user haproxy
        group haproxy
        daemon
        #quiet
        #debug
        stats socket /var/run/haproxy/haproxy.sock mode 0600 level admin

defaults
        log     global

	# Expect HTTP layer 7, rather than load-balance at layer 4 
	mode	http

	# Enable http logging format to incldue more details logs
	option	httplog

	# A connection on which no data has been transferred will not be logged (such as monitor probes)
	option	dontlognull

	# Enable HTTP connection closing on the server side but support keep-alive with clients
        # (This provides the lowest latency on the client side (slow network) and the fastest session reuse on the server side)
	option  http-server-close
	# option 	httpclose
	# Don't use httpclose and http-server-close, httpclose will disable keepalive on the client side

	# Enable the sending of TCP keepalive packets on the client side
	option clitcpka

	# Add the X-Forwarded-For header unless the request came from 127.0.0.1 (which is Pound)
	# If it came from Pound, it will already be present
	option forwardfor except 127.0.0.1 

	# Rather than check backend servers are up with simple TCP connect, perform layer 7 HTTP GET
	option httpchk GET / 

	# If the backend health check returns 404 error, stop sending new requests to that server
	# but try to send persistent requests there
	http-check disable-on-404

	# The number of retries to perform on a server after a connection failure. There is a delay of 1 second
	# between each retry.
	retries	3

        maxconn 10000
        timeout connect     10000
        timeout client      30000
        timeout server      10000

# HTTPS terminated connections incoming from Pound listening on public-ip:443
listen  https-servers       127.0.0.1:80

        balance roundrobin
        stick store-request src
        stick-table type ip size 100k expire 30m

        cookie backends insert
        option persist # Keep retrying dead server in case it's just having a little flap
        option redispatch # Fail over to another server if it really is dead

        # Active back end servers
        server  backend1 192.168.0.1:80 cookie backends1 check inter 3000 rise 3 fall 3
        server  backend2 192.168.0.2:80 cookie backends2 check inter 3000 rise 3 fall 3

        # log the name of the virtual server
        capture request  header Host len 20

        # log the amount of data uploaded during a POST
        capture request  header Content-Length len 10

        # log the beginning of the referrer
        capture request  header Referer len 20

	# caputre the original source IP when terminted by Pound proxy
	capture request  header X-Forwarded-For len 60

        # server name (useful for outgoing proxies only)
        capture response header Server len 40

        # logging the content-length is useful with "option logasap"
        capture response header Content-Length len 10

        # log the expected cache behaviour on the response
        capture response header Cache-Control len 8

        # the Via header will report the next proxy's name
        capture response header Via len 20

        # log the URL location during a redirection
        capture response header Location len 20


# Example with frontend and backend
# Listening directly on public IP for incoming plain HTTP requests
frontend  listen-http-servers

        192.0.2.20:80

        acl backend_down nbsrv(http-iis-servers) lt 2 # HAProxy can see lee than 2 backend servers

        monitor-net 172.22.0.222/32 # Always get s HTTP 200 to verify HAproxy is runing
        monitor-uri /monitorpath 
        monitor fail if backend_down # Anyone else gets 200 or 503 based on ACL backend_down

        default_backend http-iis-servers

        # log the name of the virtual server
        capture request  header Host len 20

        # log the amount of data uploaded during a POST
        capture request  header Content-Length len 10

        # log the beginning of the referrer
        capture request  header Referer len 20

	# caputre the original source IP when terminted by Pound proxy
	capture request  header X-Forwarded-For len 60

        # server name (useful for outgoing proxies only)
        capture response header Server len 40

        # logging the content-length is useful with "option logasap"
        capture response header Content-Length len 10

        # log the expected cache behaviour on the response
        capture response header Cache-Control len 8

        # the Via header will report the next proxy's name
        capture response header Via len 20

        # log the URL location during a redirection
        capture response header Location len 20

backend http-servers

        #balance source
        balance roundrobin
        stick store-request src
        stick-table type ip size 100k expire 30m

        cookie backends insert
        option persist
        option redispatch

        # Active back end servers
        server  backend1 192.168.0.1:80 cookie backends1 check inter 3000 rise 3 fall 3
        server  backend2 192.168.0.2:80 cookie backends2 check inter 3000 rise 3 fall 3


listen stats :1936
    mode http
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats uri /
    stats auth hastats:supersecretpassword

Previous page: GNS3 Notes
Next page: Monitor URI with Backend ACL