Using HAProxy as a reverse proxy » History » Version 4
Koen Deforche, 05/27/2011 03:28 PM
| 1 | 1 | Koen Deforche | h1. Using HAproxy as a reverse proxy |
|---|---|---|---|
| 2 | |||
| 3 | 3 | Koen Deforche | "HAproxy":http://haproxy.1wt.eu/ has a great feature set when used in conjunction with Wt: |
| 4 | 1 | Koen Deforche | * Uses async I/O and thus handles thousands of connections without any problem. Just like Wt! |
| 5 | * Supports reverse proxying of WebSocket connections (as per draft-76). |
||
| 6 | * Can be configured to use session affinity without needing cookies. |
||
| 7 | |||
| 8 | 4 | Koen Deforche | You need a fairly recent of haproxy for the options 'http-server-close' and 'http-pretend-keepalive' to work, which is needed for reliable load-balancing. |
| 9 | |||
| 10 | 1 | Koen Deforche | h2. Basic setup |
| 11 | |||
| 12 | <pre> |
||
| 13 | global |
||
| 14 | log 127.0.0.1 local0 |
||
| 15 | log 127.0.0.1 local1 notice |
||
| 16 | maxconn 4096 |
||
| 17 | user haproxy |
||
| 18 | group haproxy |
||
| 19 | daemon |
||
| 20 | |||
| 21 | defaults |
||
| 22 | log global |
||
| 23 | mode http |
||
| 24 | option httplog |
||
| 25 | option dontlognull |
||
| 26 | 4 | Koen Deforche | option http-server-close |
| 27 | option http-pretend-keepalive |
||
| 28 | option forwardfor |
||
| 29 | option originalto |
||
| 30 | 1 | Koen Deforche | retries 3 |
| 31 | option redispatch |
||
| 32 | maxconn 2000 |
||
| 33 | contimeout 5000 |
||
| 34 | clitimeout 50000 |
||
| 35 | srvtimeout 50000 |
||
| 36 | |||
| 37 | listen 0.0.0.0:8181 |
||
| 38 | server srv1 0.0.0.0:9090 check |
||
| 39 | </pre> |
||
| 40 | |||
| 41 | h2. Using session affinity |
||
| 42 | |||
| 43 | 2 | Koen Deforche | All of the built-in mechanisms in HAproxy for session affinity using the @appsession@ option rely on cookies, but cookies are not our preferred method since this does not give an intuitive user experience (e.g. a user cannot open multiple sessions), are not entirely reliable (a user can disable cookies) and a source of security risks (CSRF). |
| 44 | 1 | Koen Deforche | |
| 45 | Luckily there is a work-around: using Wt's ability to generate session-id's that have a prefix which identifies the back-end, we can have HAproxy match on this prefix in the request URL and send the requests to the correct server. |
||
| 46 | |||
| 47 | Below is an example configuration for two back-end servers. |
||
| 48 | |||
| 49 | <pre> |
||
| 50 | global |
||
| 51 | log 127.0.0.1 local0 |
||
| 52 | log 127.0.0.1 local1 notice |
||
| 53 | maxconn 4096 |
||
| 54 | user haproxy |
||
| 55 | group haproxy |
||
| 56 | daemon |
||
| 57 | |||
| 58 | defaults |
||
| 59 | log global |
||
| 60 | mode http |
||
| 61 | option httplog |
||
| 62 | option dontlognull |
||
| 63 | 4 | Koen Deforche | option http-server-close |
| 64 | option http-pretend-keepalive |
||
| 65 | option forwardfor |
||
| 66 | option originalto |
||
| 67 | 1 | Koen Deforche | retries 3 |
| 68 | option redispatch |
||
| 69 | maxconn 2000 |
||
| 70 | contimeout 5000 |
||
| 71 | clitimeout 50000 |
||
| 72 | srvtimeout 50000 |
||
| 73 | |||
| 74 | frontend wt |
||
| 75 | bind 0.0.0.0:80 |
||
| 76 | acl srv1 url_sub wtd=wt1 |
||
| 77 | acl srv2 url_sub wtd=wt2 |
||
| 78 | acl srv1_up nbsrv(bck1) gt 0 |
||
| 79 | acl srv2_up nbsrv(bck2) gt 0 |
||
| 80 | use_backend bck1 if srv1_up srv1 |
||
| 81 | use_backend bck2 if srv2_up srv2 |
||
| 82 | default_backend bck_lb |
||
| 83 | |||
| 84 | backend bck_lb |
||
| 85 | balance roundrobin |
||
| 86 | server srv1 0.0.0.0:9090 track bck1/srv1 |
||
| 87 | server srv2 0.0.0.0:9091 track bck2/srv2 |
||
| 88 | |||
| 89 | backend bck1 |
||
| 90 | balance roundrobin |
||
| 91 | server srv1 0.0.0.0:9090 check |
||
| 92 | |||
| 93 | backend bck2 |
||
| 94 | balance roundrobin |
||
| 95 | server srv2 0.0.0.0:9091 check |
||
| 96 | |||
| 97 | </pre> |
||
| 98 | |||
| 99 | And start the two Wt httpd servers using: |
||
| 100 | |||
| 101 | <pre> |
||
| 102 | $ app.wt --session-id-prefix=wt1 --http-port 9090 ... |
||
| 103 | $ app.wt --session-id-prefix=wt2 --http-port 9091 ... |
||
| 104 | </pre> |