HA Proxy
HA Proxy is High Availability Proxy. Say, you have a rails server and you run 3 VM instances of the same. Each with their own DB. HA Proxy allows this rails server to spread incoming requests across multiple endpoints. This is useful in cases where too many concurrent connections over-saturate the capability of a single server.
You can configure it and see the statistics (A lot more when compared with NGINX).
Configurations
- Type
vim /etc/haproxy/haproxy.cfg
There are 4 major blocks
- global
- defaults
- listen
- frontend
- backend
Global
Settings under global define process-wide security and performance tunings that affect HAProxy at a low level.
Major things in global
- maxconn, log, user, group, nbproc (how many processes — for 4 core vm, use value as 4: Eg cpu-map 1–4 0–3), nbthread (same as process but threads), ssl default ciphers,
Default
As your configuration grows, using a defaults section will help reduce duplication. Its settings apply to all of the frontend and backend sections that come after it
defaults
timeout connect 10s
timeout client 30s
timeout server 30s
log global
mode http
option httplog
maxconn 3000
option dontlognull
option dontlog-normal
option http-keep-alive
The timeout connect setting configures the time that HAProxy will wait for a TCP connection to a backend server to be established. The “s” suffix denotes seconds. Without any suffix, the time is assumed to be in milliseconds. The timeout client setting measures inactivity during periods that we would expect the client to be speaking, or in other words sending TCP segments. The timeout server setting measures inactivity when we’d expect the backend server to be speaking. When a timeout expires, the connection is closed. Having sensible timeouts reduces the risk of deadlocked processes tying up a connections that could otherwise be reused.
Listen
A “listen” section defines a complete proxy with its frontend and backend parts combined in one section.
listen health
bind :8000
monitor-uri /ping
errorfile 200 /etc/haproxy/errors/200.http
listen hproxy-status #This is to see the stats
bind http://localhost:1936
stats enable
stats uri /stats
stats refresh 15s
stats show-node
Frontend
When you place HAProxy as a reverse proxy in front of your backend servers, a frontend section defines the IP addresses and ports that clients can connect to. You may add as many frontend sections as needed for exposing various websites to the Internet.
frontend incoming-http # To redirect for http
bind *:80
redirect scheme https code 301 if !{ ssl_fc }
frontend connection_service-frontend
bind *:443 ssl crt /etc/ssl/abhinavrai.com/private_key.pem
maxconn 500000
mode http
capture request header Referrer len 64
capture request header Content-Length len 10
capture request header User-Agent len 64
capture request header Authorization len 128
capture request header X-Forwarded-For len 128
capture request header CF-IPCountry len 2
option httplog
option http-server-close
acl host_1 hdr_beg(host) -i server1-integration.abhinavrai.com
acl host_2 hdr_beg(host) -i server2-integration.abhinavrai.com
acl only_base_path path /
use_backend abhinav_service_1 if host_1 only_base_path
use_backend abhinav_service_2 if host_2 only_base_path
default_backend bad_backend
Backend
A backend section defines a group of servers that will be load balanced and assigned to handle requests. You’ll add a label of your choice to each backend, such as abhinav_service_1.
backend abhinav_service_1
mode http
option httplog
option httpchk GET /ping HTTP/1.1\r\nHost:\ localhost
compression algo gzip
compression offload
compression type application/json
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option forwardfor
option forceclose
balance roundrobin
server localhost:3000 check
Have a good read here. You may contact the author at abhinav.rai.1996@gmail.com