Wednesday 20 July 2016

HAProxy Example Configurations

See: HAProxy Secure / Hardened Configuration Example

The below are some common configurations (or skeleton configurations if you like) that can be used to build upon.

Two node cluster backend running two websites in a active / passive configuration:

global
    daemon
    maxconn 4000
    stats socket /var/run/haproxy.sock mode 600 level admin
    stats timeout 2m
    user haproxy
    group haproxy
    daemon

defaults
    log     global
    mode    http
    # Useful when long-lived sessions (e.g. mixed HTTP and WebSocket conneciton)
    timeout tunnel 1h
    # Amount of time before connection request is dropped
    timeout connect 5000ms
    # Amount of time before the connection is dropped while ewaiting for half-closed connection to finish
    timeout client-fin      50000ms
    # Amount of time before connection is dropped when waiting for client data response
    timeout client 50000ms
    timeout server 50000ms
    # Enable HTTP logging
    option  httplog
    # Ensure we do not log null / empty requests
    option  dontlognull
    # Insert forward-for header into request to preserve origin ip
    option forwardfor

frontend www
    bind 0.0.0.0:80
    default_backend webserver_pool

backend webserver_pool
    balance roundrobin
    mode http
    option httplog
    option  httpchk    GET /someService/isAlive
    server  serverA 10.11.12.13:8080 check inter 5000 downinter 500    # active node
    server  serverB 10.12.13.14:8080 check inter 5000 backup           # passive node

Two node cluster backend running TCP application where maintaining session affinity is needed (usually in an HTTP application we can simply add a cookie into the request - since this is a TCP application we have to use the 'source' balance method instead):

global
    daemon
    maxconn 4000
    stats socket /var/run/haproxy.sock mode 600 level admin
    stats timeout 2m
    user haproxy
    group haproxy
    daemon

defaults
    log     global
    mode    http
    # Useful when long-lived sessions (e.g. mixed HTTP and WebSocket conneciton)
    timeout tunnel 1h
    # Amount of time before connection request is dropped
    timeout connect 5000ms
    # Amount of time before the connection is dropped while ewaiting for half-closed connection to finish
    timeout client-fin      50000ms
    # Amount of time before connection is dropped when waiting for client data response
    timeout client 50000ms
    timeout server 50000ms
    # Enable HTTP logging
    option  httplog
    # Ensure we do not log null / empty requests
    option  dontlognull
    # Insert forward-for header into request to preserve origin ip
    option forwardfor

frontend app
    bind 0.0.0.0:10000
    default_backend app_pool

backend app_pool
    balance source
    mode tcp
    option tcplog
    server  serverA 10.11.12.13:1234 check inter 5000 downinter 500
    server  serverB 10.12.13.14:1234 check inter 5000

Two node cluster backend running HTTP application where maintaining session affinity:


global
    daemon
    maxconn 4000
    stats socket /var/run/haproxy.sock mode 600 level admin
    stats timeout 2m
    user haproxy
    group haproxy
    daemon

defaults
    log     global
    mode    http
    # Useful when long-lived sessions (e.g. mixed HTTP and WebSocket conneciton)
    timeout tunnel 1h
    # Amount of time before connection request is dropped
    timeout connect 5000ms
    # Amount of time before the connection is dropped while ewaiting for half-closed connection to finish
    timeout client-fin      50000ms
    # Amount of time before connection is dropped when waiting for client data response
    timeout client 50000ms
    timeout server 50000ms
    # Enable HTTP logging
    option  httplog
    # Ensure we do not log null / empty requests
    option  dontlognull
    # Insert forward-for header into request to preserve origin ip
    option forwardfor

frontend app
    bind 0.0.0.0:10000
    default_backend app_pool

backend app_pool
    balance source
    cookie SERVERID insert indirect nocache
    server serverA 192.168.10.11:80 check cookie serverA inter 5000 downinter 500
    server serverB 192.168.10.21:80 check cookie serverB inter 5000 

0 comments:

Post a Comment