Using HAProxy as a reverse proxy » History » Revision 4
Revision 3 (Koen Deforche, 11/24/2010 04:32 PM) → Revision 4/8 (Koen Deforche, 05/27/2011 03:28 PM)
h1. Using HAproxy as a reverse proxy "HAproxy":http://haproxy.1wt.eu/ has a great feature set when used in conjunction with Wt: * Uses async I/O and thus handles thousands of connections without any problem. Just like Wt! * Supports reverse proxying of WebSocket connections (as per draft-76). * Can be configured to use session affinity without needing cookies. You need a fairly recent of haproxy for the options 'http-server-close' and 'http-pretend-keepalive' to work, which is needed for reliable load-balancing. h2. Basic setup <pre> global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 4096 user haproxy group haproxy daemon defaults log global mode http option httplog option dontlognull option http-server-close option http-pretend-keepalive option forwardfor option originalto retries 3 option redispatch maxconn 2000 contimeout 5000 clitimeout 50000 srvtimeout 50000 listen 0.0.0.0:8181 server srv1 0.0.0.0:9090 check </pre> h2. Using session affinity All of the built-in mechanisms in HAproxy for session affinity using the @appsession@ option rely on cookies, but cookies are not our preferred method since this does not give an intuitive user experience (e.g. a user cannot open multiple sessions), are not entirely reliable (a user can disable cookies) and a source of security risks (CSRF). Luckily there is a work-around: using Wt's ability to generate session-id's that have a prefix which identifies the back-end, we can have HAproxy match on this prefix in the request URL and send the requests to the correct server. Below is an example configuration for two back-end servers. <pre> global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 4096 user haproxy group haproxy daemon defaults log global mode http option httplog option dontlognull option http-server-close option http-pretend-keepalive option forwardfor option originalto retries 3 option redispatch maxconn 2000 contimeout 5000 clitimeout 50000 srvtimeout 50000 frontend wt bind 0.0.0.0:80 acl srv1 url_sub wtd=wt1 acl srv2 url_sub wtd=wt2 acl srv1_up nbsrv(bck1) gt 0 acl srv2_up nbsrv(bck2) gt 0 use_backend bck1 if srv1_up srv1 use_backend bck2 if srv2_up srv2 default_backend bck_lb backend bck_lb balance roundrobin server srv1 0.0.0.0:9090 track bck1/srv1 server srv2 0.0.0.0:9091 track bck2/srv2 backend bck1 balance roundrobin server srv1 0.0.0.0:9090 check backend bck2 balance roundrobin server srv2 0.0.0.0:9091 check </pre> And start the two Wt httpd servers using: <pre> $ app.wt --session-id-prefix=wt1 --http-port 9090 ... $ app.wt --session-id-prefix=wt2 --http-port 9091 ... </pre>