Difference between revisions of "HAProxy"

From wiki.mikejung.biz
Jump to navigation Jump to search
(Timeouts)
Line 62: Line 62:
 
   timeout http-keep-alive 4s
 
   timeout http-keep-alive 4s
 
</pre>
 
</pre>
 +
 +
===HAProxy Stats Page===
 +
 +
HAProxy Stats Page can be enabled by adding this to the config file.
 +
<pre>
 +
listen stats
 +
bind-process 1
 +
bind :9010
 +
stats enable
 +
stats uri /
 +
stats auth $user:$pass
 +
stats realm Demo
 +
stats admin if TRUE
 +
</pre>
 +
If you have set nbproc to a value greater than 1, it's suggested to set one TCP port and a unique path for each process

Revision as of 15:40, 28 June 2016

HAProxy Overview

HAProxy Configuration

Resources

Sysctl / Kernel Tweaks

Please do not blindly copypasta these settings! Make sure the values here are sane for your environment and test them out one at a time instead of applying them at once. These should be fairly safe settings, but you never know!

vim /etc/sysctl.conf
net.ipv4.ip_local_port_range = “1025 65534”
net.ipv4.tcp_max_syn_backlog = 100000
net.core.netdev_max_backlog = 100000
net.core.somaxconn = 65534
ipv4.tcp_rmem = “4096 16060 64060”
ipv4.tcp_wmem = “4096 16384 262144”

If your workload allows for this:

tcp_slow_start_after_idle = 0

If using IPtables with HAProxy

net.netfilter.nf_conntrack_max = 131072

To apply changes:

sysctl -p

Timeouts

  • timeout client - client side inactivity
  • timeout connect - time to establish the TCP connection to the server
  • timeout server - TCP: server side inactivity, HTTP: time for server to process the response (504 returned)
  • timeout client-fin - max time to wait in FIN_WAIT state on client side
  • timeout server-fin - max time to wait in FIN_WAIT state on server side
  • timeout http-request - Used in HTTP mode. The timeout for the client to send a whole request, this can help protect against DoS like attacks.
  • timeout http-keep-alive - Used in HTTP mode. The max time to wait for the next request when doing HTTP keep alive
  • timeout queue - How long a request can remain in HAProxy queue
  • timeout tarpit - How long the tarpitted connection is maintained for.

Config EXAMPLE for HTTP Service (timeouts). This is an EXAMPLE only, please do not copypasta!

defaults HTTP
  mode http
  timeout http-request 10s
  timeout client 20s
  timeout connect 4s
  timeout server 30s
  timeout http-keep-alive 4s

HAProxy Stats Page

HAProxy Stats Page can be enabled by adding this to the config file.

listen stats
 bind-process 1
 bind :9010
 stats enable
 stats uri /
 stats auth $user:$pass
 stats realm Demo
 stats admin if TRUE

If you have set nbproc to a value greater than 1, it's suggested to set one TCP port and a unique path for each process