Date created: Monday, April 8, 2013 2:21:31 PM. Last modified: Wednesday, January 4, 2023 9:57:31 PM
HAProxy
Install:
wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.23.tar.gz
tar -xzf haproxy-1.4.23.tar.gz
cd haproxy-1.4.23/
# sudo apt-get install libpcre3-dev
make TARGET=linux26 USE_PCRE=1
sudo make install
Create /etc/rsyslog.d/haproxy.conf with the following contents to create a log in /var/log for haproxy;
# ..and in any case, put these two in /etc/rsyslog.d/haproxy.conf: local1.* -/var/log/haproxy_1.log & ~ # & ~ means not to put what matched in the above line anywhere else for the rest of the rules # http://serverfault.com/questions/214312/how-to-keep-haproxy-log-messages-out-of-var-log-syslog
May also need to uncomment the following in /etc/rsyslog.conf
$ModLoad imudp.so $UDPServerRun 514
sudo /etc/init.d/rsyslog restart
Config:
global
log 127.0.0.1 local1 info info
user haproxy
group haproxy
daemon
#quiet
#debug
stats socket /var/run/haproxy/haproxy.sock mode 0600 level admin
defaults
log global
# Expect HTTP layer 7, rather than load-balance at layer 4
mode http
# Enable http logging format to incldue more details logs
option httplog
# A connection on which no data has been transferred will not be logged (such as monitor probes)
option dontlognull
# Enable HTTP connection closing on the server side but support keep-alive with clients
# (This provides the lowest latency on the client side (slow network) and the fastest session reuse on the server side)
option http-server-close
# option httpclose
# Don't use httpclose and http-server-close, httpclose will disable keepalive on the client side
# Enable the sending of TCP keepalive packets on the client side
option clitcpka
# Add the X-Forwarded-For header unless the request came from 127.0.0.1 (which is Pound)
# If it came from Pound, it will already be present
option forwardfor except 127.0.0.1
# Rather than check backend servers are up with simple TCP connect, perform layer 7 HTTP GET
option httpchk GET /
# If the backend health check returns 404 error, stop sending new requests to that server
# but try to send persistent requests there
http-check disable-on-404
# The number of retries to perform on a server after a connection failure. There is a delay of 1 second
# between each retry.
retries 3
maxconn 10000
timeout connect 10000
timeout client 30000
timeout server 10000
# HTTPS terminated connections incoming from Pound listening on public-ip:443
listen https-servers 127.0.0.1:80
balance roundrobin
stick store-request src
stick-table type ip size 100k expire 30m
cookie backends insert
option persist # Keep retrying dead server in case it's just having a little flap
option redispatch # Fail over to another server if it really is dead
# Active back end servers
server backend1 192.168.0.1:80 cookie backends1 check inter 3000 rise 3 fall 3
server backend2 192.168.0.2:80 cookie backends2 check inter 3000 rise 3 fall 3
# log the name of the virtual server
capture request header Host len 20
# log the amount of data uploaded during a POST
capture request header Content-Length len 10
# log the beginning of the referrer
capture request header Referer len 20
# caputre the original source IP when terminted by Pound proxy
capture request header X-Forwarded-For len 60
# server name (useful for outgoing proxies only)
capture response header Server len 40
# logging the content-length is useful with "option logasap"
capture response header Content-Length len 10
# log the expected cache behaviour on the response
capture response header Cache-Control len 8
# the Via header will report the next proxy's name
capture response header Via len 20
# log the URL location during a redirection
capture response header Location len 20
# Example with frontend and backend
# Listening directly on public IP for incoming plain HTTP requests
frontend listen-http-servers
192.0.2.20:80
acl backend_down nbsrv(http-iis-servers) lt 2 # HAProxy can see lee than 2 backend servers
monitor-net 172.22.0.222/32 # Always get s HTTP 200 to verify HAproxy is runing
monitor-uri /monitorpath
monitor fail if backend_down # Anyone else gets 200 or 503 based on ACL backend_down
default_backend http-iis-servers
# log the name of the virtual server
capture request header Host len 20
# log the amount of data uploaded during a POST
capture request header Content-Length len 10
# log the beginning of the referrer
capture request header Referer len 20
# caputre the original source IP when terminted by Pound proxy
capture request header X-Forwarded-For len 60
# server name (useful for outgoing proxies only)
capture response header Server len 40
# logging the content-length is useful with "option logasap"
capture response header Content-Length len 10
# log the expected cache behaviour on the response
capture response header Cache-Control len 8
# the Via header will report the next proxy's name
capture response header Via len 20
# log the URL location during a redirection
capture response header Location len 20
backend http-servers
#balance source
balance roundrobin
stick store-request src
stick-table type ip size 100k expire 30m
cookie backends insert
option persist
option redispatch
# Active back end servers
server backend1 192.168.0.1:80 cookie backends1 check inter 3000 rise 3 fall 3
server backend2 192.168.0.2:80 cookie backends2 check inter 3000 rise 3 fall 3
listen stats :1936
mode http
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats auth hastats:supersecretpassword
Previous page: GNS3 Notes
Next page: Monitor URI with Backend ACL