Load Balancer HAProxy

From wiki.techunit.org
Jump to: navigation, search


HAProxy is free, open source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications that spreads requests across multiple servers. It is written in C and has a reputation for being fast and efficient (in terms of processor and memory usage).
  • Realized on debian 8
  • HAProxy version : 1.5.8



aptitude install haproxy -y

Enable service

  • Edit /etc/default/haproxy

Default config file

        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        ssl-default-bind-options no-sslv3

        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

Minimal config file

  • Now backup default config
mv /etc/haproxy/haproxy.cfg{,.original}
  • and create a new one : /etc/haproxy/haproxy.cfg
    log local0 notice        # Set your syslog server, default localhost
    maxconn 2000                       # The Number of concurrent connections on the frontend
    user haproxy
    group haproxy
    ssl-default-bind-options no-sslv2 no-sslv3

defaults                               # Default values
    log global
    option  dontlognull
    retries 3                          # the number of retries to perform on a server after a connection failure
    option redispatch                  # enables session redistribution in case of connection failure
    timeout connect  5000
    timeout client  10000
    timeout server  10000

Add a monitore web page

  • Add this block to /etc/haproxy/haproxy.cfg
listen  stats
    mode http
    stats uri /haproxy
    stats enable
    stats refresh 30
    stats auth admin:password
    maxconn 5
  • Restart service
  • You can now monitore on this page all your load balanced services

Configure a TCP load balancer

  • Add following blocks to /etc/haproxy/haproxy.cfg

Example SQL

listen SQL
    mode tcp
    balance source
    server sql01 maxconn 5000 check

Example FTP

listen FTP
    mode tcp
    option tcplog
    balance source
    timeout client 86400000
    timeout server 86400000
    server ftp01 maxconn 5000 check
    server ftp02 maxconn 5000 check

Example SMTP

listen SMTP
    mode tcp
    option smtpchk
    balance roundrobin 
    server mail01 maxconn 5000 check
    server mail02 maxconn 5000 check

Configure a HTTP load balancer

Backend configuration

backend www.example.com
    mode    http
    balance roundrobin
    cookie SERVERID insert indirect
    option forwardfor
    option httpclose
    server web1 cookie A check
    server web2 cookie B check

Frontend configuration

HTTP Frontend

frontend http-example
    mode    http
    option  httplog
    option  dontlognull

    reqadd X-Forwarded-Proto:\ http

HTTPS Frontend

frontend https-example
    mode    http
    option  httplog
    option  dontlognull

    bind ssl crt /path/to/your/cert.pem
    reqadd X-Forwarded-Proto:\ https

ACLs to define backend

  • Under frontend block
    #Declare your ACLs
    acl www.example.com hdr_end(host) -i www.example.com
    acl mail.example.com hdr_end(host) -i mail.example.com
    acl cloud.example.com hdr_end(host) -i cloud.example.com

    #use_backend <backend_name> if <acl_name>
    use_backend www.example.com if www.example.com
    use_backend mail.example.com if mail.example.com
    use_backend cloud.example.com if cloud.example.com

    #Define a default backend
    default_backend www.example.com

techUnit's cofounder