Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:load_balancing_haproxy_and_keepalived [2018/03/26 15:37] billdozor [Network Addressing Setup] |
linux_wiki:load_balancing_haproxy_and_keepalived [2018/04/10 10:09] billdozor |
||
---|---|---|---|
Line 89: | Line 89: | ||
Official Site: http:// | Official Site: http:// | ||
+ | |||
+ | ==== Main Config ==== | ||
* Configure HA-Proxy (/ | * Configure HA-Proxy (/ | ||
* Remove all example frontend and backend config sections (leave default section) | * Remove all example frontend and backend config sections (leave default section) | ||
- | * Add New frontend/ | + | * Add a section for the HAProxy Stats page<code bash># |
- | # http-in frontend which proxys to the backends | + | # HAProxy Stats |
# | # | ||
- | frontend | + | listen stats |
+ | # SSL Mode and Cert | ||
+ | bind *:9000 ssl crt / | ||
+ | mode http | ||
+ | |||
+ | # Enable Stats and Hide Version | ||
+ | stats enable | ||
+ | stats hide-version | ||
+ | |||
+ | # Authentication realm. This can be set to anything. Escape space characters with a backslash. | ||
+ | stats realm HAProxy\ Statistics | ||
+ | |||
+ | # The virtual URL to access the stats page | ||
+ | stats uri / | ||
+ | |||
+ | # The user/pass you want to use. Change this password! | ||
+ | stats auth admin: | ||
+ | * The pem certificate file is a concatenation of the SSL key, cert, and certificate authority. Example< | ||
+ | |||
+ | ==== Frontend/ | ||
+ | |||
+ | * Create new directory to hold frontend/ | ||
+ | * Create new frontend/ | ||
+ | * Add New frontend/ | ||
+ | # fe_http frontend which proxys to the backends | ||
+ | # | ||
+ | frontend | ||
# Log format | # Log format | ||
option httplog | option httplog | ||
+ | # Timeout Settings | ||
+ | #no option http-server-close | ||
+ | #timeout client 1m #default: 50s | ||
+ | | ||
#-- ACLs - Match HTTP Requests --# | #-- ACLs - Match HTTP Requests --# | ||
acl url_web | acl url_web | ||
#-- Backend Selection based on ACLs --# | #-- Backend Selection based on ACLs --# | ||
- | use_backend | + | use_backend |
+ | # If not using ACLs for backend selection or to have a fall back selection | ||
+ | # | ||
+ | | ||
# | # | ||
# Backend Configuration | # Backend Configuration | ||
# | # | ||
- | backend | + | backend |
- | balance | + | # Replace "/ |
- | server | + | reqirep ^([^\ ]*\ / |
- | server | + | |
+ | # Backend Protocol | ||
+ | mode http | ||
+ | |||
+ | #-- Timeout Settings --# | ||
+ | #timeout connect 1m #default: 5s | ||
+ | #timeout server 2m #default: 50s | ||
+ | |||
+ | #-- Health check options --# | ||
+ | # Use http layer 7 check instead of default layer 4 port check | ||
+ | option httpchk HEAD / | ||
+ | # inter: How often to execute a health check (default: 2s) | ||
+ | # rise: Number of consecutive checks before server is UP (default: 2) | ||
+ | # fall: Number of consecutive checks before server is DOWN (default: 3) | ||
+ | default-server inter 5s rise 2 fall 3 | ||
+ | # timeout check: Fail health check after x seconds of no response (default: 10s) | ||
+ | timeout check 12s | ||
+ | |||
+ | #-- Balancing --# | ||
+ | balance | ||
+ | # fullconn: does nothing since we are not using minconn (just makes the dashboard less confusing) | ||
+ | fullconn 1000 | ||
+ | server | ||
+ | server | ||
+ | * Ensure each additional config file in config.d/ is setup in haproxy' | ||
+ | OPTIONS=" | ||
+ | * Multiple config files example:< | ||
+ | |||
+ | ==== Additional Config Examples ==== | ||
+ | |||
+ | **Session Persistence** | ||
+ | * Cookies: Application layer persistence (app needs to support cookies)< | ||
+ | balance | ||
+ | # Use Cookie for Session Persistence | ||
+ | cookie SERVERID insert indirect nocache | ||
+ | # fullconn: does nothing since we are not using minconn (just makes the dashboard less confusing) | ||
+ | fullconn 1000 | ||
+ | server | ||
+ | server | ||
+ | * Source IP: Affinity based on source IP hash (app doesn' | ||
+ | balance | ||
+ | # fullconn: does nothing since we are not using minconn (just makes the dashboard less confusing) | ||
+ | fullconn 1000 | ||
+ | server | ||
+ | server | ||
---- | ---- | ||
Line 164: | Line 243: | ||
* Stop keepalived on the active system in order to force a fail over< | * Stop keepalived on the active system in order to force a fail over< | ||
* Verify connections to the frontend listeners go away< | * Verify connections to the frontend listeners go away< | ||
- | * Reboot the system with keepalived stopped< | + | * Reboot the system with keepalived stopped |
---- | ---- | ||