HaProxy is a very flexible tool for balancing traffic. It has a whole bunch of options and customization options. Also it has its quirks.
It would be very hard to describe the contents of all of my drafts on this subject in this article, because it might get big and heavy to digest.
I will try to give an overview of the basic principles of the settings.
At the time of this writing, the stable release 1.5.3 was released. It supports balancing of the SSL connections.
In those days, when I had to work with Haproxy, the delivery of the SSL traffic to the destination server was carried forwarding connections on port 443.
Unfortunately the latest version is not yet available repositories CentOS and Ubuntu. Therefore, it will not be considered. I’ll create a separate article in a while with information how to install and configure HaProxy from source package.
It can be installed using the package manager. I will continue to work with CentOS:
yum install haproxy
The configuration is located in
By default, you can describe all the settings in this file. There file consist of the general haproxy settings and so-called back-ends configuration.
Usually no changes should be applied to the “global” section of the configuration file.
I’ll discuss the back-ends configuration in more detail. Back-end is a server behind load balancer. Some people call them ‘web-heads’.
There are two approaches to the description of the cluster servers behind the load balancer:
1. A simple method “listen-> servers”
is used if you have several web servers (say 3), their parameters are the same (CPU / RAM) and all traffic is evenly distributed between them. There is no difference in servers’ functions. Each of them are equally able to handle all incoming requests.
listen listener_mane bind ip_address:80 option <option1> option <option2> .................... option <optionN< server server1 192.168.1.10:80 <option1> <option2> ...
2. A more subtle method “frontend-> backend-> servers”
. In this case, the servers are being groped in the so-called ‘backend’, which are essentially a semblance section “listen”, described in the preceding paragraph. Backends in turn unite in frontends.
frontend <instance_name> bind <ip_address:port> mode <layer mode> option <option1> option <option2> … option <optionN> acl <acl_name1> <acl_type> <acl_definition> use_backend <backend_name> if <acl_name1> default_backend <backend_name> backend static <backend_name> balance <ballance method> option <option1> option <option2> … option <optionN> server <server_name1> <nod_ip_address>:<port> <option1> <option2> … <option N> server <server_name2> <nod_ip_address>:<port> <option1> <option2> … <option N> backend web<backend_name> server <server_name2> <nod_ip_address>:<port> <option1> <option2> … <option N> backend backoffice <backend_name> server <server_name2> <nod_ip_address>:<port> <option1> <option2> … <option N>
bind – determines the ip address and port where the ip socket for incoming connections will be created.
Ss for balancing modes (mode <layer mode>), there are only two of them:
- tcp – Is used for layer 3 balancing. A full-duplex connection will be established between clients and servers, and no layer 7 examination will be performed. This is the default mode. It should be used for SSL, SSH, SMTP.
- Http – Is used for layer 7 balancing. The client request will be analyzed in depth before connecting to any server. Any request which is not RFC-compliant will be rejected. Layer 7 filtering, processing and switching will be possible. This is the mode which brings HAProxy most of its value.
A description of all the options section seerver can be found at http://haproxy.tech-notes.net/5-2-server-and-default-server-options/