HAProxy

From wiki.mikejung.biz
Revision as of 16:21, 28 June 2016 by Admin (talk | contribs) (HAProxy Configuration)
Jump to navigation Jump to search

HAProxy Overview

HAProxy Configuration

The HAProxy Configuration File has 4 Main Sections

  • Global - This is where you specify global settings for HAProxy, these settings include things like max connections, pid file, log file locations and the user and group that HAProxy runs as
  • Defaults - This is where you specify default options that can be used for all front ends and back ends
  • Frontend - This is where you configure frontend settings such as port and IP that HAProxy listens on. You can create multiple front ends to handle different protocols such as http and https
  • Backend - This is where you specify the backend systems that HAProxy talks to. This could be web servers, database servers or whatever else you want to load balance


Resources

Sysctl / Kernel Tweaks

Please do not blindly copypasta these settings! Make sure the values here are sane for your environment and test them out one at a time instead of applying them at once. These should be fairly safe settings, but you never know!

vim /etc/sysctl.conf
net.ipv4.ip_local_port_range = “1025 65534”
net.ipv4.tcp_max_syn_backlog = 100000
net.core.netdev_max_backlog = 100000
net.core.somaxconn = 65534
ipv4.tcp_rmem = “4096 16060 64060”
ipv4.tcp_wmem = “4096 16384 262144”

If your workload allows for this:

tcp_slow_start_after_idle = 0

If using IPtables with HAProxy

net.netfilter.nf_conntrack_max = 131072

To apply changes:

sysctl -p

Timeouts

  • timeout client - client side inactivity
  • timeout connect - time to establish the TCP connection to the server
  • timeout server - TCP: server side inactivity, HTTP: time for server to process the response (504 returned)
  • timeout client-fin - max time to wait in FIN_WAIT state on client side
  • timeout server-fin - max time to wait in FIN_WAIT state on server side
  • timeout http-request - Used in HTTP mode. The timeout for the client to send a whole request, this can help protect against DoS like attacks.
  • timeout http-keep-alive - Used in HTTP mode. The max time to wait for the next request when doing HTTP keep alive
  • timeout queue - How long a request can remain in HAProxy queue
  • timeout tarpit - How long the tarpitted connection is maintained for.

Config EXAMPLE for HTTP Service (timeouts). This is an EXAMPLE only, please do not copypasta!

defaults HTTP
  mode http
  timeout http-request 10s
  timeout client 20s
  timeout connect 4s
  timeout server 30s
  timeout http-keep-alive 4s

HAProxy Stats Page

HAProxy Stats Page can be enabled by adding this to the config file.

listen stats
 bind-process 1
 bind :9010
 stats enable
 stats uri /
 stats auth $user:$pass
 stats realm Demo
 stats admin if TRUE

If you have set nbproc to a value greater than 1, it's suggested to set one TCP port and a unique path for each process