Using HAProxy as a reverse proxy » History » Version 2
Koen Deforche, 11/24/2010 04:24 PM
1 | 1 | Koen Deforche | h1. Using HAproxy as a reverse proxy |
---|---|---|---|
2 | |||
3 | HAproxy has a great feature set when used in conjunction with Wt: |
||
4 | * Uses async I/O and thus handles thousands of connections without any problem. Just like Wt! |
||
5 | * Supports reverse proxying of WebSocket connections (as per draft-76). |
||
6 | * Can be configured to use session affinity without needing cookies. |
||
7 | |||
8 | h2. Basic setup |
||
9 | |||
10 | <pre> |
||
11 | global |
||
12 | log 127.0.0.1 local0 |
||
13 | log 127.0.0.1 local1 notice |
||
14 | maxconn 4096 |
||
15 | user haproxy |
||
16 | group haproxy |
||
17 | daemon |
||
18 | |||
19 | defaults |
||
20 | log global |
||
21 | mode http |
||
22 | option httplog |
||
23 | option dontlognull |
||
24 | retries 3 |
||
25 | option redispatch |
||
26 | maxconn 2000 |
||
27 | contimeout 5000 |
||
28 | clitimeout 50000 |
||
29 | srvtimeout 50000 |
||
30 | |||
31 | listen 0.0.0.0:8181 |
||
32 | server srv1 0.0.0.0:9090 check |
||
33 | </pre> |
||
34 | |||
35 | h2. Using session affinity |
||
36 | |||
37 | 2 | Koen Deforche | All of the built-in mechanisms in HAproxy for session affinity using the @appsession@ option rely on cookies, but cookies are not our preferred method since this does not give an intuitive user experience (e.g. a user cannot open multiple sessions), are not entirely reliable (a user can disable cookies) and a source of security risks (CSRF). |
38 | 1 | Koen Deforche | |
39 | Luckily there is a work-around: using Wt's ability to generate session-id's that have a prefix which identifies the back-end, we can have HAproxy match on this prefix in the request URL and send the requests to the correct server. |
||
40 | |||
41 | Below is an example configuration for two back-end servers. |
||
42 | |||
43 | <pre> |
||
44 | global |
||
45 | log 127.0.0.1 local0 |
||
46 | log 127.0.0.1 local1 notice |
||
47 | maxconn 4096 |
||
48 | user haproxy |
||
49 | group haproxy |
||
50 | daemon |
||
51 | |||
52 | defaults |
||
53 | log global |
||
54 | mode http |
||
55 | option httplog |
||
56 | option dontlognull |
||
57 | retries 3 |
||
58 | option redispatch |
||
59 | maxconn 2000 |
||
60 | contimeout 5000 |
||
61 | clitimeout 50000 |
||
62 | srvtimeout 50000 |
||
63 | |||
64 | frontend wt |
||
65 | bind 0.0.0.0:80 |
||
66 | acl srv1 url_sub wtd=wt1 |
||
67 | acl srv2 url_sub wtd=wt2 |
||
68 | acl srv1_up nbsrv(bck1) gt 0 |
||
69 | acl srv2_up nbsrv(bck2) gt 0 |
||
70 | use_backend bck1 if srv1_up srv1 |
||
71 | use_backend bck2 if srv2_up srv2 |
||
72 | default_backend bck_lb |
||
73 | |||
74 | backend bck_lb |
||
75 | balance roundrobin |
||
76 | server srv1 0.0.0.0:9090 track bck1/srv1 |
||
77 | server srv2 0.0.0.0:9091 track bck2/srv2 |
||
78 | |||
79 | backend bck1 |
||
80 | balance roundrobin |
||
81 | server srv1 0.0.0.0:9090 check |
||
82 | |||
83 | backend bck2 |
||
84 | balance roundrobin |
||
85 | server srv2 0.0.0.0:9091 check |
||
86 | |||
87 | </pre> |
||
88 | |||
89 | And start the two Wt httpd servers using: |
||
90 | |||
91 | <pre> |
||
92 | $ app.wt --session-id-prefix=wt1 --http-port 9090 ... |
||
93 | $ app.wt --session-id-prefix=wt2 --http-port 9091 ... |
||
94 | </pre> |