Abhinav Rai

HA Proxy

HA Proxy is High Availability Proxy. Say, you have a rails server and you run 3 VM instances of the same. Each with their own DB. HA Proxy allows this rails server to spread incoming requests across multiple endpoints. This is useful in cases where too many concurrent connections over-saturate the capability of a single server.

You can configure it and see the statistics (A lot more when compared with NGINX).

Configurations

  1. Type vim /etc/haproxy/haproxy.cfg

There are 4 major blocks

  1. global
  2. defaults
  3. listen
  4. frontend
  5. backend

Global

Settings under global define process-wide security and performance tunings that affect HAProxy at a low level.

Major things in global

  1. maxconn, log, user, group, nbproc (how many processes — for 4 core vm, use value as 4: Eg cpu-map 1–4 0–3), nbthread (same as process but threads), ssl default ciphers,

Default

As your configuration grows, using a defaults section will help reduce duplication. Its settings apply to all of the frontend and backend sections that come after it

defaults    
  timeout connect 10s    
  timeout client 30s    
  timeout server 30s    
  log global    
  mode http    
  option httplog    
  maxconn 3000
  option dontlognull
  option dontlog-normal
  option http-keep-alive

The timeout connect setting configures the time that HAProxy will wait for a TCP connection to a backend server to be established. The “s” suffix denotes seconds. Without any suffix, the time is assumed to be in milliseconds. The timeout client setting measures inactivity during periods that we would expect the client to be speaking, or in other words sending TCP segments. The timeout server setting measures inactivity when we’d expect the backend server to be speaking. When a timeout expires, the connection is closed. Having sensible timeouts reduces the risk of deadlocked processes tying up a connections that could otherwise be reused.

Listen

A “listen” section defines a complete proxy with its frontend and backend parts combined in one section.

listen health
    bind :8000
    monitor-uri /ping
    errorfile 200 /etc/haproxy/errors/200.http
listen hproxy-status #This is to see the stats
  bind http://localhost:1936
  stats enable
  stats uri /stats
  stats refresh 15s
  stats show-node

Frontend

When you place HAProxy as a reverse proxy in front of your backend servers, a frontend section defines the IP addresses and ports that clients can connect to. You may add as many frontend sections as needed for exposing various websites to the Internet.

frontend incoming-http # To redirect for http
  bind *:80
  redirect scheme https code 301 if !{ ssl_fc }
frontend connection_service-frontend
  bind *:443 ssl crt /etc/ssl/abhinavrai.com/private_key.pem
  maxconn 500000
  mode http
  capture request header Referrer len 64
  capture request header Content-Length len 10
  capture request header User-Agent len 64
  capture request header Authorization len 128
  capture request header X-Forwarded-For len 128
  capture request header CF-IPCountry len 2
option httplog
  option http-server-close
acl host_1 hdr_beg(host) -i server1-integration.abhinavrai.com
acl host_2 hdr_beg(host) -i server2-integration.abhinavrai.com
acl only_base_path path /
use_backend abhinav_service_1 if host_1 only_base_path
use_backend abhinav_service_2 if host_2 only_base_path
default_backend bad_backend

Backend

A backend section defines a group of servers that will be load balanced and assigned to handle requests. You’ll add a label of your choice to each backend, such as abhinav_service_1.

backend abhinav_service_1
  mode http
  option httplog
  option httpchk GET /ping HTTP/1.1\r\nHost:\ localhost
  compression algo gzip
  compression offload
  compression type application/json
  http-request set-header X-Forwarded-Port %[dst_port]
  http-request add-header X-Forwarded-Proto https if { ssl_fc }
  option forwardfor
  option forceclose
  balance roundrobin
  server localhost:3000 check

Have a good read here. You may contact the author at abhinav.rai.1996@gmail.com