Project

General

Profile

Using HAProxy as a reverse proxy » History » Version 1

Koen Deforche, 11/24/2010 04:24 PM

1 1 Koen Deforche
h1. Using HAproxy as a reverse proxy
2
3
HAproxy has a great feature set when used in conjunction with Wt:
4
* Uses async I/O and thus handles thousands of connections without any problem. Just like Wt!
5
* Supports reverse proxying of WebSocket connections (as per draft-76).
6
* Can be configured to use session affinity without needing cookies.
7
8
h2. Basic setup
9
10
<pre>
11
global
12
        log 127.0.0.1 local0
13
        log 127.0.0.1 local1 notice
14
        maxconn 4096
15
        user haproxy
16
        group haproxy
17
        daemon
18
19
defaults
20
        log     global
21
        mode    http
22
        option  httplog
23
        option  dontlognull
24
        retries 3
25
        option redispatch
26
        maxconn 2000
27
        contimeout      5000
28
        clitimeout      50000
29
        srvtimeout      50000
30
31
listen 0.0.0.0:8181
32
        server srv1 0.0.0.0:9090 check
33
</pre>
34
35
h2. Using session affinity
36
37
All of the built-in mechanisms in HAProxy for session affinity using the @appsession@ option rely on cookies, but cookies are not our preferred method since this does not give an intuitive user experience (e.g. a user cannot open multiple sessions), are not entirely reliable (a user can disable cookies) and a source of security risks (CSRF).
38
39
Luckily there is a work-around: using Wt's ability to generate session-id's that have a prefix which identifies the back-end, we can have HAproxy match on this prefix in the request URL and send the requests to the correct server.
40
41
Below is an example configuration for two back-end servers.
42
43
<pre>
44
global
45
	log 127.0.0.1 local0 
46
	log 127.0.0.1 local1 notice
47
	maxconn 4096
48
	user haproxy
49
	group haproxy
50
	daemon
51
52
defaults
53
	log	global
54
	mode	http
55
	option	httplog
56
	option	dontlognull
57
	retries	3
58
	option redispatch
59
	maxconn	2000
60
	contimeout	5000
61
	clitimeout	50000
62
	srvtimeout	50000
63
64
frontend wt
65
        bind 0.0.0.0:80
66
        acl srv1 url_sub wtd=wt1
67
        acl srv2 url_sub wtd=wt2
68
        acl srv1_up nbsrv(bck1) gt 0
69
        acl srv2_up nbsrv(bck2) gt 0
70
        use_backend bck1 if srv1_up srv1
71
        use_backend bck2 if srv2_up srv2
72
        default_backend bck_lb
73
74
backend bck_lb
75
        balance roundrobin
76
        server srv1 0.0.0.0:9090 track bck1/srv1
77
        server srv2 0.0.0.0:9091 track bck2/srv2
78
79
backend bck1
80
        balance roundrobin
81
        server srv1 0.0.0.0:9090 check
82
83
backend bck2
84
        balance roundrobin
85
        server srv2 0.0.0.0:9091 check
86
87
</pre>
88
89
And start the two Wt httpd servers using:
90
91
<pre>
92
$ app.wt --session-id-prefix=wt1 --http-port 9090 ...
93
$ app.wt --session-id-prefix=wt2 --http-port 9091 ...
94
</pre>