What is HAProxy?
It is a multi functional proxy server. It is also a type of software loadbalancer. It has been under development for a long time and seems to be selling very fast, robust and reliable.
What HAProxy is and what it is not is itemized in the documentation .
Roughly summarized, something like this is written.
- Can act as a proxy for TCP connections and set access routes
- It functions as an HTTP reverse proxy and can pass requests to another server according to the rules.
- At this time, you can also rewrite the URL and header.
- Can take over SSL and HTTP compression
- Becomes a TCP / HTTP normalizer
- Providing protection from unauthorized traffic
- Providing load distribution function
- Since it has a logging function, it can function as an observation point on the network.
- You can control traffic
- For example, limiting the number of simultaneous connections
- For example, IP-based filtering
On the other hand, it does not have the function such as the following, have been the
- Not an HTTP proxy. In other words, it is not something that a browser that accesses the Internet accesses.
- Do not cache
- Do not rewrite the body
- Not a web server
- Don’t look at packet-level layers like IP or UDP
Installation
For CentOS, you can enter with yum. However, even with CentOS7, the latest stable version is 1.5 , so if you want the latest version, you may need to build from source.
[root@centos7 vagrant]# sudo yum install -y haproxy
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 18 kB 00:00:00
* base: ftp.icm.edu.pl
* epel: ftp.fau.de
* extras: ftp.icm.edu.pl
* updates: ftp.icm.edu.pl
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package haproxy.x86_64 0:1.5.18-9.el7 will be installed
--> Finished Dependency ResolutionDependencies Resolved=============================================================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================================================
Installing:
haproxy x86_64 1.5.18-9.el7 base 834 kTransaction Summary
=============================================================================================================================================================================================
Install 1 PackageTotal download size: 834 k
Installed size: 2.6 M
Downloading packages:
haproxy-1.5.18-9.el7.x86_64.rpm | 834 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : haproxy-1.5.18-9.el7.x86_64 1/1
Verifying : haproxy-1.5.18-9.el7.x86_64 1/1Installed:
haproxy.x86_64 0:1.5.18-9.el7Complete!
How to set ?
The settings are haproxy.cfgdescribed in. For CentOS installed from yum /etc/haproxy.
As an example, the configuration file has the following structure. This example is reprinted from the configuration documentation .
The configuration file is divided into several sections. It is roughly divided into a globalsection for setting the operation of HAProxy as a process and various tuning parameters, and a proxy section for setting the operation as a proxy.
Proxy section further defaults, frontend, backend, listenin I think it can be seen that have been subdivided. There are the following differences in roles, so write them according to them.
Explanation
frontendIs set for the side that receives access as a proxybackendIs set for the server to which access is distributed as a proxy.listenIn, you can write the front end and back end together in one proxy setting.defaultsThe settings written in are valid in all subsequent sections. In other words, common settings candefaultsbe summarized indefaultsResets the default parameters that were valid so far
Let’s setup a log for the time being…
Immediately after installing with yum, it can be started but no log is output. I made the log visible for the time being.
There are multiple logging methods provided, but the simplest is to pass in syslog. Set the logparameter as a setting item on the HAProxy side .
global
log 127.0.0.1 local2Now you can use UDP port 514 on your local host to send logs. The facility, which is the second parameter, follows the template at the time of installation local2and uses as it is.
Also change the rsyslog settings to enable UDP so that logs can be accepted.
/etc/rsyslog.conf#Providing UDP syslog reception
$ ModLoad imudp
$ UDPServerRun 514
Facility local2the log output of the /var/log/haproxy.log
[root@centos7 haproxy]# sudo touch /etc/rsyslog.d/haproxy.conf/etc/rsyslog.d/haproxy.conflocal2.info /var/log/haproxy.log
local2.* ~
Restart rsyslog and haproxy for the settings to take effect.
[root@centos7 haproxy]# systemctl restart rsyslog
[root@centos7 haproxy]# systemctl restart haproxyFile /var/log/haproxy.logis created and the log starts to appear, it is successful.
Confirmation of basic load balancing function
Check the operation by setting the load balancing function. In this example we will have prepared a simple server using Sinatra. The process ID is output to make it easier to understand the load balancing status.
Step by step how to install Ruby and Sinatra development environment
The following settings have been prepared on the HAProxy side. A minor modification of the default template.
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
defaults
mode http
log global
option httplog
timeout connect 10s
timeout client 1m
timeout server 1m
frontend main *:9000
default_backend app
backend app
balance roundrobin
server app1 127.0.0.1:5051check
server app2 127.0.0.1:5052checkWith this configuration, the front end listens on port 9000 and allocates access to localhost ports 5051 and 5052 based on round robin.
[root@centos7 vagrant]# ruby test_server.rb -p 5051 2>/dev/null &
[1] 18461
[root@centos7 vagrant]# ruby test_server.rb -p 5052 2>/dev/null &
[2] 11461
[root@centos7 vagrant]# curl localhost:9000/
Hello HAProxy Server !! pid=18461
[root@centos7 vagrant]# curl localhost:9000/
Hello HAProxy Server !! pid=11461
[root@centos7 vagrant]# curl localhost:9000/
Hello HAProxy Server !! pid=18461
[root@centos7 vagrant]# curl localhost:9000/
Hello HAProxy Server !! pid=11461You can see that it is round robin. Drop one side and hit it with curl.
[root@centos7 vagrant]# kill 18461
[root@centos7 vagrant]# curl localhost:9000/
Hello HAProxy Server !! pid=18461
[1] - 18461 done ruby test_server.rb -p 5001 2> /dev/null
[root@centos7 vagrant]# curl localhost:9000/
Hello HAProxy Server !! pid=11461
[root@centos7 vagrant]# curl localhost:9000/
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>
[root@centos7 vagrant]# curl localhost:9000/
Hello HAProxy Server !! pid=11461
[root@centos7 vagrant]# curl localhost:9000/
Hello HAProxy Server !! pid=11461Summary
I have investigated and summarized the outline of HAProxy, how to write settings, basic settings and how to check the operation.
HAProxy is extremely versatile. The features summarized in this article are just a few. For example, ACL, HTTP header rewrite, stick-tables, etc. are something I would like to touch on from time to time.
